Beware of Scams in Wake of Equifax Data Breach


Staff Reports



Columbus, OH (September 28, 2017) – Earlier this month, credit reporting agency Equifax announced that a data breach compromised the personal information of 143 million people. Now, consumers are reporting to BBB that scammers are capitalizing on the breach with phone phishing cons.

How the Scam Works:

You answer the phone, and it’s a robo call claiming to be from Equifax. The credit reporting agency is allegedly “calling to verify your account information.” If you stay on the line to speak to a representative, the scammer will try to trick you into sharing personal information.

If you get such a call, be sure to hang up. These calls are scams. Even if your information was compromised in the breach, Equifax will not call you to confirm it. Sharing your personal information with these scammers can lead to identity theft.

How to Avoid a Phone Scam:

Just hang up: If you receive a scam robo call, don’t press anything. Pressing a button or speaking with a representative may lead to more robocalls.

Don’t trust Caller ID. Scammers spoof their numbers so they appear to be calling from a trusted company or government organization.

Guard your personal information. Do not give your social security, payment information or other personal information over the phone.

Screen your calls. BBB advises that consumers only answer calls for numbers that they know. If the call is important, they will leave a voicemail.

For More Information:

For more information about the Equifax breach, visit Equifax’s website, www.equifaxsecurity2017.com or see the Federal Trade Commission’s alert. For advice about credit freezes and fraud alerts, see this BBB Tip.

If you or someone you know have experienced a scam, you can report it at BBB Scam Tracker to help warn and protect others.

For more information, follow your BBB on Facebook, Twitter, and at bbb.org.

About BBB

For more than 100 years, Better Business Bureau has been helping people find businesses, brands and charities they can trust. In 2016, people turned to BBB more than 167 million times for BBB Business Profiles on more than 5.2 million businesses and Charity Reports on 11,000 charities, all available for free at bbb.org. There are local, independent BBBs across the United States, Canada and Mexico, including BBB Serving Central Ohio, which was founded in 1921 and serves 21 counties in Central Ohio.

Social Security to Expand Fraud Prosecution Project with Department of Justice

The Social Security Administration announced that through a collaboration with the Social Security Office of Inspector General (OIG) and the United States Department of Justice (DOJ), it is planning to expand its successful Fraud Prosecution Project to 33 United States Attorneys’ Offices nationally. This project has led to the prosecution of multiple instances of Social Security fraud. Given the past success of the program, Social Security aims to support both OIG’s and DOJ’s fraud-fighting efforts through this expansion.

Through its Fraud Prosecution Project, DOJ and Social Security pool legal resources to prosecute individuals who defraud Social Security programs. The Office of the General Counsel (OGC) at Social Security employs agency attorneys to serve as Special Assistant United States Attorneys (SAUSAs) in United States Attorney Offices (USAOs) across the country to lead these prosecution efforts. The project is among several anti-fraud initiatives to combat and prevent all forms of Social Security fraud, but is unique in its collaboration between OIG, OGC and DOJ.

“The Social Security Administration is committed to the prosecution of fraud to the full extent of the law,” said Asheesh Agarwal, Social Security General Counsel. “Criminals who have defrauded taxpayers and received trust fund dollars intended for those who are truly in need will be found and punished.”

SAUSAs across the country in September secured a number of indictments and convictions in various Social Security fraud cases. For instance:

· In Ohio, charges were brought in eight deceased beneficiary fraud cases, including charges against a subject who allegedly illegally collected more than $270,000 in Social Security benefits after his mother died in 1993. In another case, a man pled guilty to stealing a 65-year-old man’s identity to file for and improperly receive about $15,000 in benefits.

The Fraud Prosecution Project has been an extremely effective collaboration with Social Security, the OIG and the Department of Justice. From early 2016 to date, SAUSAs nationwide have secured over 300 federal convictions, leading to judicial orders for more than $34 million in restitution to Social Security and other agencies. For example:

· In Ohio, a judge sentenced a woman to six months in prison for stealing $35,000 in Social Security benefits by falsely reporting that she served as the representative payee for her disabled son and that her son lived with her, when he actually was in state custody.

To support this successful anti-fraud initiative, this year, Social Security has committed to expand the project by employing 35 SAUSAs in USAOs across the country.

“The SAUSAs work closely with OIG criminal investigators across the country to prosecute our Social Security fraud cases, so we’re very pleased to see Social Security dedicate additional resources to the Fraud Prosecution Project,” said Social Security Acting Inspector General Gale Stallworth Stone. “Social Security fraud is a serious offense. Increased prosecutions of fraud cases demonstrates that Social Security is committed to holding individuals accountable for obtaining benefits illegally.”

For more information on the Fraud Prosecution Project and the agency’s other anti-fraud efforts, please visit https://www.ssa.gov/antifraudfacts/.

Members of the public can report suspected Social Security fraud to the Social Security Fraud Hotline at https://oig.ssa.gov/report; send U.S. Mail to PO Box 17768, Baltimore, MD, 21235; fax (410) 597-0118; or call (800) 269-0271 from 10 a.m. to 4 p.m. Eastern Time, Monday through Friday.

Note: An indictment [or information or complaint] is only a charge and is not evidence of guilt. A defendant is entitled to a fair trial in which it will be the government’s burden to prove guilt beyond a reasonable doubt.

Warning: Scammers Have Moved to Facebook Messenger

Columbus, OH – Consumers receive many warnings to watch for scams in their email inbox, on the phone or by text message. However, BBB is starting to now see an increase in reports of scammers reaching victims through Facebook Messenger.

A Central Ohio senior citizen reported to BBB that she lost $6,000 after receiving a Facebook message from a scammer who had hacked her neighbor’s account. The message said she had won a sweepstakes prize, but had to wire $1,000 in fees six different times to receive it. After wiring money from Walmart on six different days, she was then told that the FedEx truck with her winnings got into a wreck, and they would not be able to get into the box with her winnings unless she paid more money for a key.

She became suspicious that she was being scammed, but then received a text from someone named Nakia Jannette Sicard who claimed to be a grant writer for Facebook. Sicard said the consumer would get the prize money, 100% guaranteed, but later asked for $500. The consumer did not send any more money, and also never received the prize money.

How the Scam Works:

You get a Facebook Messenger chat that looks like it comes from a friend or relative. In some cases, scammers have hacked into your friend’s Facebook account. In other versions, the scammer creates a separate look-alike account by stealing your friend’s photos. Either way, scammers are banking that you will trust a message that appears to come from someone you know.

Currently, the most commonly reported Facebook Messenger con in BBB Scam Tracker is the government grant scam. In this con, the scammer – posing as a friend or family member – will send you a message claiming you qualify for money from the government. To receive the grant, the scammer requires you to pay a “processing fee” or an “application fee” first. The scammer keeps this money and disappears.

But just because government grant scams are currently the top cons on Facebook Messenger, doesn’t mean they are the only ones. Be on the lookout for sales scams, sweepstakes scams, investment scams and romance scams.

How to spot this scam:

Be wary of your friends’ tastes online: Your friend or family member may have impeccable judgment in real-life. But online, email messages, social posts and Facebook Messenger chats could be from a hacked or impersonated account.

Trust your gut. If a close friend or family member sends you a message that seems suspicious, give them a call or ask them in person to confirm that it really came from them before responding or clicking on any links.

Report scam accounts and messages to Facebook: Alert Facebook to fake profiles, compromised accounts and spam messages by reporting them.

Ignore and block unsolicited messages concerning government grants. The United States Government will not contact you directly for loans, or require that you pay any sort of fee.

For More Information:

Facebook is a BBB Accredited Business. Learn more about avoiding scams on Facebook. For advice on keeping your Facebook account secure, check out this article in Facebook’s help Center.

If you or someone you know has been scammed, you can report the scam at BBB Scam Tracker to help alert and protect others.

For more information, follow your BBB on Facebook, Twitter, and at bbb.org.

About BBB

For more than 100 years, Better Business Bureau has been helping people find businesses, brands and charities they can trust. In 2016, people turned to BBB more than 167 million times for BBB Business Profiles on more than 5.2 million businesses and Charity Reports on 11,000 charities, all available for free at bbb.org. There are local, independent BBBs across the United States, Canada and Mexico, including BBB Serving Central Ohio, which was founded in 1921 and serves 21 counties in Central Ohio.

BBB Announces New App

BBB Launches Free App to Easily Research Businesses

Columbus, OH (October 5, 2017) – For more than 100 years, Better Business Bureau has been helping millions of people research businesses they can trust. Now BBB has made that search for a trusted business easier with the release of the new BBB App.

With more than 30 million businesses in North America, it’s hard to find verified, unbiased information. Need a quick way to find a doctor? Car repair? A bite to eat? The BBB App makes finding a trustworthy business or service easy based on the user’s location. Whether at home, on the go or on vacation, this new tool will help the estimated 245.6 million smartphone users in the U.S and Canada make smarter decisions and keep them safe from scams.

Every four seconds, someone researches a business with BBB. Rather than going to a web browser, users now have the ability to go straight to the source. The BBB App is optimized for mobile devices which means it has features not readily available on the website. It is available in both iTunes and Google Play stores.

After downloading the free BBB App, users will experience features such as:

Easy category search. Users can choose between multiple categories to find the type of business they are looking for in their area. The locations can be viewed in map form or a list version.

View a business’ reputation. This includes the business’s rating and Accreditation status.

Launch the business directory. Get directions to the business, visit the business’s website or call the business right from the app.

Share with others. Click the share button to send a recommended business to a friend through phone text, Facebook message or any other platform.

List favorites. Users can “favorite” a company for future reference.

Receive scam alerts. BBB will periodically send alerts through the app to inform users about scams and consumer protection news happening in their area. Have a family member in California? Or taking a trip to Florida? The BBB app also lets users choose up to three zip codes from which to receive scam alerts.

BBB’s goal is to advance marketplace trust and this app makes that mission easily accessible for smartphone users everywhere in the U.S. and Canada. The BBB App was built in partnership with BBB Accredited Business Matraex. For more details, visit bbb.org/northwest/bbb-app. To learn about the app creators, visit www.matraex.com.

New light bulbs at the Statehouse save tax-payers’ dollars

(Columbus, OH) –The Capitol Square Review and Advisory Board (CSRAB) has recently completed a lighting upgrade project that will save tax-payer dollars.

As lighting technology has improved and added dimming capabilities that allow for historically appropriate lighting levels inside the Ohio Statehouse, over 900 new LED bulbs have been installed in the House Chamber, Senate Chamber and several Hearing Rooms resulting in significant cost savings. The Capitol Square Complex (CSC) will see a 90% reduction in energy consumption.

“As stewards of this magnificent building, CSRAB will continue to incorporate efficient technology at the Ohio Statehouse to save tax-payer dollars and to enhance the visitor experience on Capitol Square,” said CSRAB Chair, Senator Bob Peterson.

Senator Calls on Treasury Department to Bar Equifax from Eligibility for Government Contracts

WASHINGTON, D.C. – U.S. Sen. Sherrod Brown (D-OH) called on the federal government to initiate a review to bar Equifax from consideration for new or renewed government contracts, citing Equifax’s failure to protect the personal information of 145 million Americans and more than 5 million Ohioans.

The Department of Treasury has the responsibility of protecting consumers and taxpayers from negligent behavior – like that exhibited by Equifax – by making sure federal agencies only contract with companies that act responsibly and in the best interest of consumers. Brown is calling on the agency to begin debarment procedures, which would prevent Equifax from soliciting, obtaining or renewing federal contracts. By debarring Equifax from doing business with any one agency, Equifax would be broadly banned from doing business with any agency in the government.

“This simply is not a company that deserves to be trusted with Americans’ personal data or taxpayer dollars,” said Brown of Equifax.

Shortly after news of Equifax’s data breach became public, it came to light that the Social Security Administration (SSA) contracted with Equifax for the online portal, known as mySocialSecurity. Equifax’s own system was hacked in July, exposing 145 million Americans to identify theft. Brown and his colleague U.S. Sen. Bill Cassidy (R-LA) – leaders of the Senate’s Subcommittee on Social Security – called on the agency to provide answers as to whether it could confirm that its users’ information was secure.

Now, Brown wants to make sure the company cannot put more consumers and the government at risk by preventing it from getting any government contracts.

Full text of Brown’s letter to Treasury is below.

Iris B. Cooper

Debarment Official

Department of the Treasury

1500 Pennsylvania Avenue, NW

Washington, D.C. 20220

Dear Ms. Cooper:

I write you today to urge you in the strongest possible terms to act in your capacity as debarment official for the Department of the Treasury to immediately take the steps necessary to review whether Equifax’s failure to protect the personal information of 145 million warrants debarment.

Due to negligent security practices, Equifax allowed the personally identifiable information of 145 million Americans and more than 5 million Ohioans to be accessed illegally. By failing to install a security update available in March 2017, Equifax allowed intruders to maintain a presence on its technology from at least May 13th through July 29th of this year. While executives knew that this information had been accessed as early as mid-August, they neglected to inform banking and consumer regulators, as well as the general public, for weeks.

Equifax’s mismanagement puts taxpayers and the Federal Government at risk of a similar data breach.

Debarment is the remedy the Federal Government has to protect consumers and taxpayers from the reckless and negligent behavior of bad actors, such as Equifax, and ensure that Federal agencies only solicit offers from, award contracts to, and consent to subcontracts with responsible contractors. Debarment prevents a company from soliciting offers for, obtaining additional, and renewing federal contracts for a period of three years and debarment by one agency has government-wide, reciprocal effect.

Debarment grounds and procedures are described in the Federal Acquisition Regulations Subpart 9.4 in accordance with Public Law 102-355, Section 2455 (31 U.S.C. 6101) and Executive Order 12689. Federal Acquisition Regulation 9.406-2 lists the causes for debarment that include, “Commission of any other offense indicating a lack of business integrity or business honesty that seriously and directly affects the present responsibility of a Government Contractor or Subcontractor.” The regulations go on to clarify this behavior as, “a history of failure to perform, or of unsatisfactory performance of, one or more contracts.”

Before arriving at any debarment decision the Federal Acquisition Regulation Section 9.406-1 states that “[i]t is the debarring official’s responsibility to determine whether debarment is in the Government’s interest. The debarring official may, in the public interest, debar a contractor for any of the causes in 9.406-2. Section 9.406-2(c) provides that the debarring official may debar “[a] contractor or subcontractor based on any other cause of so serious or compelling a nature that it affects the present responsibility of the contractor or subcontractor.”

Yet before any decision is made, the debarring official, per Section 9.406-1, should consider a number factors including: (1) Whether the contractor had effective standards of conduct and internal control systems in place at the time of the activity; (2) Whether the contractor brought the activity cited as a cause for debarment to the attention of the appropriate Government agency in a timely manner; (3) Whether the contractor has fully investigated the circumstances surrounding the cause for debarment; and (4) Whether the contractor’s management recognizes and understands the seriousness of the misconduct giving rise to the cause for debarment and has implemented programs to prevent recurrence.

Given the importance of cybersecurity practices to Equifax’s core business and the ease with which a breach could have been avoided, it is clear Equifax did not have effective standards of conduct or internal control systems. US-CERT notified Equifax of the vulnerability of the Apache Struts Web Application in March, but internal controls failed identify that the patch had not been applied across their software environment, or even to identify all vulnerable systems.

After finding the intrusion, Equifax failed to timely notify government agencies about this breach. According to his congressional testimony, the Chief Executive Officer knew the scope and severity of the breach by August 17th, but did not inform government agencies or the public until September 7th.

Equifax has not fully investigated the circumstances surrounding the causes of the intrusion. In what may be an effort to avoid transparency in that investigation, Equifax hired an independent contractor through a law firm. Findings from the investigation may be protected by attorney client privilege and only selectively disclosed to debarring officials.

Equifax’s response to consumers after the incident, including underinvestment in customer complaint intake, directing customers to phishing websites, and proffering a credit protection product for only one year and on the condition that consumers sign over basic rights to court, demonstrate a lack of recognition and understanding of the seriousness of this incident. And while its consumer response was wholly inadequate, it is unclear whether the company has even contemplated changes to their network and information security architecture and data protection standards.

The American people are looking to the Administration for leadership, clarity, and peace of mind. I believe that Equifax’s actions are “of so serious or compelling a nature that it affects” their responsibility to taxpayers. The Department of the Treasury has the cause and imperative to act. I urge you to promptly initiate a debarment review. Please provide my office with an update on the actions you have taken and intend to take as well as the rationale for those actions within five business days.

http://www.sunburynews.com/wp-content/uploads/sites/48/2017/10/web1_scamalert.jpg

Staff Reports