Recent reporting from multiple sources indicates an increase in financial fraud schemes, as scammers have seized upon the ever-growing demand for Personal Protective Equipment (PPE)a to target healthcare providers and the general public. Many of the schemes attempt to capitalize on high demand, low supply PPE such as N95 (NIOSH)-approved respirator masks, which are among the required PPE for healthcare personnel responding to COVID-19.
When ordering PPE from online retailers, always verify the Uniform Resource Locator (URL) and confirm “https” in the web address, as a lack of a security certification (“https”) may be an indicator that the site is insecure or compromised
Consult the U.S. Centers for Disease Control and Prevention (CDC) NIOSH website to view a list of all NIOSH approved manufacturers of N95 respirator masks and validate approval and certification numbers.
Confirm N95 respirator mask approval status and certification numbers using the NIOSH flyer (Figure 1), the NIOSH website, or the CDC website, which includes examples of identified counterfeit or unapproved N95 respirator masks.
As of 11 March 2020, many large U.S. retailers and suppliers have sold out of their N95 respirator mask inventories and are now warning consumers against the rise of counterfeit versions. A survey of safety masks and respirators on one U.S. e-commerce platform found at least one hundred product listings that were counterfeit or unapproved.
If you believe your organization has purchased counterfeit PPE or COVID-19 testing kits, or were the victim of a fraud or scam, please contact your local FBI Field Office and report details regarding this incident to the Internet Crimes Complaints Center at IC3.gov and/or the National Intellectual Property Rights Coordination Center at IPRCenter.gov.
Identity theft isn’t just someone stealing your credit card. Criminals are coming up with plenty of innovative ways to rip us off. New account fraud, a tactic in which someone opens an account in your name, is on the rise. So are cases of hackers using clever social engineering tactics to fool victims into giving up sensitive information.
Think it can’t happen to you?
One recent example is a new type of identity fraud that tricks victims into thinking they’ve received a two-factor authentication text from their bank. This is especially shocking as it looks so real.
More than 14 million Americans fell victim to identity theft in 2018, according to a 2019 study by Javelin Strategy & Research. Fraud is still rampant and can cause serious financial damage — not to mention all the time and effort it can take to undo it.
That’s why knowing the tactics thieves to steal your identity is essential. Avoid these pitfalls and stay protected.
1. Think before you share
We live in a generation of oversharing. People have been oversharing the details of their personal lives on reality TV shows for years.
Unfortunately, it’s easy to overshare with hackers, too. How often do you mindlessly click through buttons that say “Allow Access?” If you’re playing an online game or entering a contest, it’s understandable because you want a chance to win.
But stop and think about what you’re doing before you give away your information. Take a second to read terms and conditions before you agree online, and be smart about what you post on the web.
You should never post your address, phone number or other personal information on social media sites. Platforms like Facebook are too careless with our privacy as it is, and you don’t want your sensitive information in the wrong hands.
2. Blast from the past
Remember MySpace accounts? From about 2005 to 2008 it was the most popular social media site in the world. Not so much anymore. Most MySpace users have moved on. Unfortunately, many forgot to delete their accounts.
Leaving old accounts active can be a security nightmare. Think about all the personal information you have just sitting there, waiting to be scavenged by cybercriminals. Let’s face it, Tom from MySpace probably isn’t keeping up with security protocols.
It’s critical to be proactive and delete all of your old accounts you no longer use.
Go through your browser, your email and wrack your brain for all the accounts and services you’ve signed up for. If you find some you’re not using, don’t just let them linger. Take the time to shut down your old accounts the right way.
3. Some things are supposed to stay between you and your doctor
According to a survey by security company Carbon Black, a frightening 84% of health care organizations say they have seen an increase in cyberattacks over the past year. Cybercriminals have been targeting hospitals and clinics due to the sheer amount of data these places store.
It’s not all just patient information, either. There’s also data on doctors and insurance companies. Stolen information is sold on the Dark Web and ranges mostly from forgeries to health insurance credentials.
If someone steals your identity, you could be subject to medical identity theft. This act means you might be denied coverage because someone has already used your medical insurance benefits.
How can you protect yourself? Only share your insurance card when it’s absolutely necessary, and report a missing card to your insurance company right away. Avoid posting about health issues online; the less info potential scammers know about you, the better. Check any statements or bills you receive thoroughly, and contact your insurance company or doctor if you see a charge or service you don’t recognize.
When criminals first started sending phishing emails, they were pretty easy to spot. Tons of grammatical and spelling errors tipped us off to the fact that no, our banks couldn’t possibly have sent that message.
However, today’s crooks have learned that lesson and are now sending professional looking messages. They spoof logos that look so real they can be difficult for even experts to spot. The most important rule to outsmarting phishing scams is to avoid clicking malicious links. That means you shouldn’t click on web links or open PDF attachments found in unsolicited email messages — ever.
If you need to conduct business with a company, it’s always best to type its web address directly into your browser. Never trust a link inside a message, and be wary of downloading anything you didn’t specifically ask for.
5. Before you hit ‘buy’
Shopping online is convenient and takes out all the hassles associated with heading to the mall. But have you ever heard of e-skimming? It’s when your credit card information is skimmed by a criminal while you’re buying stuff online. You don’t even know it’s happening until it’s too late.
This epidemic is getting worse as hackers have figured out how to skim credit cards from ordinary online retailers without being detected. They do this by using tricky bits of code while they lie in wait and capture your data as you’re typing it in.
Does that mean you need to stop shopping online all together? No, but you should take steps to shop smarter. For starters, check the connection to the site you’re on. Look for a lock or a URL that begins with HTTPS instead of just HTTP. If it’s not secure, find what you’re shopping for elsewhere.
Be wary of any deals that seem too good to be true. Coupons for crazy discounts or free products could be a trap to get your payment info.
One of the biggest mistakes people make is connecting to unsecured Wi-Fi networks. Sure, everyone wants to save on data, but joining a public Wi-Fi network at the coffee shop or airport is a terrible idea.
Crooks are always trolling these public networks, watching and waiting for new victims to rip off. If you must use a public network, always use a VPN when you connect. The free ones are slow. You’re better off paying a small monthly fee for a robust VPN.
7. Stay up to date
Shelling out over a grand for the latest and greatest smartphone isn’t very economical. But if you are using a super old device that can’t support updates, you could be putting your personal data at risk.
That’s because many operating system updates come with critical security patches that keep crooks from stealing your information. Without these patches, you’re a serious contender for identity theft, which could wind up costing you more than what you’d pay for a new phone.
Keep all your devices updated to the latest software you can, and seriously consider a new smartphone if yours is several versions behind.
Though criminals have sophisticated hacking tools at their disposal, there are old-fashioned spying tricks that still work to this day.
We’re talking about the common thief rummaging through your trash, hoping to find personal information you may have written down and thrown away. Take the time to shred any sensitive documents before carelessly throwing them in the trash. This includes bank statements, financial documents, medical bills and anything else with identifying information.
Also, be careful of what you say out loud. Eavesdroppers might be listening in if you’re in public making a payment over the phone and reading your credit card information out loud.
When in doubt, assume someone is watching or listening and guard your info accordingly.
9. Threats at home, too
It’s sad I have to mention this, but it’s not just hackers who can steal your identity. It could be a family member or friend.
That’s why it’s essential to keep passwords and important documents in a safe place. Don’t just leave things with information like Social Security numbers and banking information sitting around the house.
Keep sensitive documents locked in a drawer, cabinet or safe deposit box. Stop writing down passwords and login info, and store or shred financial statements as soon they arrive in the mail.
There was a time when our house phones would ring off the hook with annoying, unknown and unwanted calls. The immediate reaction would be to use *69 to trace where the call originated from.
Today, these annoying messages are coming in the form of emails. Each of these messages leads down the same road, which ends with a phishing scam or some sketchy request to reveal your personal data.
If you really want to check the credibility or authenticity of an email, you’ll need to dig deeper and establish where the email originated from — a virtual *69 if you will.
A new study shows how much time is wasted by employees at work using their mobile devices on personal tasks.
Answering that friend request while at work may not seem troublesome, but add up all the on-the-job smartphone screen time across the country and you’re talking $15 billion in lost productivity, a new study reveals.
The average office employee is spending about five hours a week on his or her cellphone on things that have nothing to do with the job, such as answering personal e-mail, according to the study, which was conducted for the staffing firm OfficeTeam.
Some workers are doing online shopping. Others are watching the highlights of last night’s Yankees or Mets game.
“If these numbers were true for every full-time worker in the US, that would add up to $15.5 billion in lost productivity every week due to professionals using their mobile devices for nonwork activities,” the study’s authors posit, using Department of Labor figures.
Some 600 workers and senior office managers were questioned at US companies with 20 or more employees. Besides using the cellphone to answer e-mails and sometimes visit social media sites, the employees also said they spent about 42 minutes a day on
“All in all, the average employee could be wasting more than eight hours per work week on activities unrelated to the job,” according to the study.
Besides visiting social media sites, employees use their phones to visit sports sites, play mobile games, shop or go to entertainment sites.
Although both male and female workers were using a cellphone for personal tasks, the study found males (32 percent) more commonly check their non-work e-mail, while females (33 percent) more commonly check social media networks.
The survey also found that workers are increasingly using their cellphones to go to sites blocked at work.
“More than half of the professionals — 58 percent — often use their personal devices at work to visit pages that are banned by their company, a 36 percent jump from the 2012 survey,” according to the study.
The eight hours a week of lost productivity can have a dramatic effect on a business, an OfficeTeam executive said.
“It’s understandable that employees may occasionally use their mobile devices or attend to personal tasks during business hours. But these activities can easily become big distractions,” said Brandi Britton, a district president for OfficeTeam.
Britton added, “To best manage their time, staff can take advantage of breaks during lunch and throughout the day to catch up on non-work e-mails or errands.”
Another OfficeTeam official noted that the use of cellphones and other mobile devices has become an integral part of the personal and professional lives of most people.
He argued that employers should understand that banning cellphones and other mobile devices is not a reasonable option, but that they should establish limits on their use.
“Employers,” said Daryl Pigat, a division director for OfficeTeam, “need to establish rules about where and when cellphones are permitted and when they are not.”
Indictments for Ponzi schemes and investor fraud have been increasing every day. While pundits, congress and financialexperts pinpoint problems with regulatory agencies such as the SEC, the real problem centers on what I call the “Due Diligence Mess,” the way in which this process is handled within the legal and financial community.
While I agree that the SEC and the SIPC failed to uncover the crimes of Madoff and his affiliates, the initial decision to invest with Madoff was made by the investors and it was their responsibility to make an informed decision. That decision must not be based solely on government information.
Anyone who seeks to invest in a business or financial product knows that there is risk, and that risk is primarily based on the ethics and competency of the people running the operation. While the U.S. economy nose-dived, some geographic areas did not have the same economic problems as the rest of the country. Most notable was South Dakota and Indiana.
When banking and financial executives were asked the reason for this in a recent NPR interview their answer was simple: “We did not get involved in the sub-prime phenomenon and we stayed with the conservative financial model that we have always used.” Ethical, cautious, professional people and organizations provide safe havens for investment. Those qualities are best discovered through forensicpsychology and criminal investigation models.
Just as forensic accounting is a powerful tool in vetting the numbers of an organization, forensic criminal investigation models are just as powerful in vetting the quality and ethics of people leading an organization. The following is a list of three reasons why I believe the financial crimes of the past year will continue to occur unless radical changes are made in the due diligence process.
The Problem with Databases
With the aggressive rise of the Internet in the mid 1990’s the use of online databases has become a mainstay in the daily processes of many law firms and accounting firms.
The problem with these databases is their dependence on local, state and federal agencies to provide accurate and updated information. Our legalservices division investigators have found that 40 to 45% of the information that comes through these databases is inaccurate or outdated even information from the “premier’ providers.
Our investigators also discovered that much of the remaining information cannot be verified, which begs the question: “Why are legal and accounting professionals still depending on these inadequate systems?” The answer is simple they are inexpensive and convenient.
There is nothing inexpensive or convenient about due diligence. In my experience it requires time and professional manpower to collect accurate data, confirm those data and assess the information. “Easy” does not enter into the process of accurate due diligence.
The other problem with databases is that the information must be assessed using criminal forensics. What may seem unimportant to the untrained eye can be a critical element to an investigation. Knowing what to look for and knowing how that information plays into a psychological assessment of a fund manager, business executive or broker comes only from forensic psychology which has the distinct ability to look behind the professional facade of people.
Bottom line: due diligence is as much a criminal investigation as it is a financial and legal process.
Forensic Accountants but not Forensic Investigators?
Over the past 10 years, the use of forensics accountants has become increasingly commonplace in civil and divorce legal cases. Their value as a tool for uncovering financial crimes has become a legal necessity.
However, the use of forensic investigators in due diligence is a legal rarity. This contradiction is troubling. In most cases cost is the primary factor – “my client doesn’t want to spend the money!” How ironic this is since the client will be investing a significant amount of money in a business enterprise or handing over the significant amount of money to an investment firm.
Rather than explain the value of a proper investigation some professionals will attempt to do the work “in house.” This is done through their favorite private investigator.
Contrary to popular belief most private investigators do not have criminal forensics training. Their training consists of “experience” which can be inconsistent and unreliable. Even many federal agents are not trained in this process. Inexperienced investigators without proper forensics training set the stage for a legal and financial disaster.
Data Without Context
Data without context are useless. Because many professionals lack criminal forensics training, they do not understand how to accurately assess human data. Because of this limitation, many professionals miss key information that would have saved their clients great pain.
A perfect example is the correlation between trespassing, breaking and entering, and sex crimes. I have seen this fact missed many times in background checks and criminal investigations.
What seems like unimportant data can be an indicator of narcissistic activities, embezzlement or other negative behaviors on the part of the people running an organization. Bottom line: either data are accurately assessed or people will suffer.
The current state of due diligence is woefully inadequate in determining risk. The current focus of such efforts is mistakenly solely placed on the company being purchased or the organization that will handle the client’s money and not on the people operating these entities.
Professionals and investors alike must understand the need for forensics within this process. Due diligence is about assessing the people and people assessment has and always will be the domain of forensic psychology.