Phishing scam grabs attention claiming your credit score has changed on all three major US companies suddenly

I wanted to warn others about still another phishing scam.  This one purports to tell you that your credit score has changed on Experian, Equifax and Trans Union.

The sender is your logon name for your email provider, and Amazon’s URL is spoofed as the sender.

This seems like a particularly deceptive and dangerous phish.

  

Imagine if this was done in China with a social credit score!  Or if a social credit score were hacked?

Could a recent phishing scam about package missed deliveries involved identity theft? Watch and see

Yesterday I got a bizarre email claiming a package sent by me had been returned to a UPS store, turning out to be in South Carolina, that I had never been to.

This appears to be a variation of the better known Fed-Ex phony delivery notice phishing attack.  I covered the details on my Internet Safety blog Monday.  Nevertheless, the possibility of an identity theft scenario could exist.  Someone could create a fake duplicate identity and send illegal materials to frame someone.  But it sounds improbable it could work.

   

I’ll check my credit reports soon again, but this much more likely a variation of a wellknown scam already.

Can automated bill payments improve your credit score?

Experian, in a corporate article by Stefan Lembo Stolba, posted an important article on its consumer site “Can automatic bill payments help my credit score?” 

   

Generally, yes.  One problem I have is that many credit card company sites (Target and Chase) are hard to log on to – passwords expire quickly.  The tendency is for them to be forgotten then if logon is difficult.

   

The Bank of America Bill Pay page has some issues, of not refreshing information between pages, and keeping expired cards. The end result is that sometimes payments go to wrong accounts and aren’t properly credited.

Arlington Public Schools (VA) offers adult class in identity theft self-protection

I don’t think I’ve shared an announcement of a class before, but Arlington Public Schools (VA) offers a course for adults in how to prevent identity theft and other scams, Wed. May 15 at 10 AM, with an announcement here.

There will be particular attention to scams targeting seniors and to smartphone security.

The event takes place in an office complex near the intersection of Washington Blvd and Route 50.

Can Dodd-Frank endanger ordinary bank depositors and investors? It's a risk a little bit parallel to ID theft?

I’m not sure which blog to post this on.  It’s not really about identity theft, but it concerns a risk to consumers that is fundamentally parallel to identity theft.

That is, the “bail-in” process of the Dodd-Frank Reform Act of 2010, which Trump has said little about, well, except according to The Atlantic.  

    

Assets, other than savings and deposits insured under the FDIC up to $250000, can be “confiscated” by creditors in some circumstances with a failing bank, even by derivative creditors.  Ivestopedia explains here. 

The irony is that this risk seems to comport with moral criticisms of “predatory capitalism” from the far Left, as placing the blame on “the system” rather than individuals – except individuals with unearned capital.

Kitco has a similar explanation. 

A few companies have been sending emails (possible spam) trying to sell protection to consumers.

Via:NerdWallet

 

Nerdwallet has a tamer discussion (shown).

"Suprise medical bills" not covered by insurance can lead to granishments, liens

Tonight, NBC News reported the problem of “surprise medical bills”, resulting in liens and even garnishments in New Hampshire, Vermont, Colorado, Oklahoma, Nevada and Ohio.

Lindsey Bomnin and Stephanie Gosk provided the story.

In one case, a woman had a normal appendectomy, only to get an extra bill for over $4000 from a surgeon, who might have been out-of-network, even though she repeatedly checked in her insurance during the hospitalization.



With my acetabular hip fracture in Minnesota in 1998, I ran into problems with some of the after care, in the rehab, but eventually “won” the argument.  Ironically the surgical device at the University of Minnesota was “free” because it was brand new and experimental (it worked perfectly).

I worked for a debt collection agency, RMA, in St. Paul in the summer of 2003 and might have wound up working in medical collections had I stayed, because I knew a lot about health care.

The arguments posed by debt collectors were “you used to service ….” – personal responsibility carrued to an extreme degree.

North Korea seems to be creating fake identity accounts on LinkedIn and other social media, and running phishing campaigns with them

North Korea still continues hacking, which persisted during the summit his past week.

Most if the targets seem to be infrastructure, oil companies, and banks.  There seem to have been some attempts at airgaps at electric utilities.

A common technique is to pose as a recruiter (essentially impostering a real person) on Linked in.

This is the first time I’ve heard of Linked-In as a target for identity theft connected to spam.

Nicole Perlroth has a story in the New York Times and MSN.

Social media impersonation may be a technique particularly coming into use now.  But there have been numerous cases of fake accounts for real people in the past on Facebook and Twitter.  It happened to me once, and a friend caught it and the fake account was deleted before I knew about it.

Loose personal information might enable the creation of fake social media accounts.  It’s conceivable a foreign enemy could write posts that resemble what the real person would write, but that would take a lot of effort.  Still, a proof-of-concept attack like that would be very disturbing.

Google's interest in "replacing" the URL system recalls the DNS crisis of 2008, any connection?

There are recent reports that Google is working on other ways of identifying website addresses as well as conventional domain-oriented URL’s.

Since domains are mapped to IP addresses, often on hosted servers, and propagated worldwide, it isn’t clear if this refers to that concept, or the tendency of many sites to add unnecessary qualifiers when offering popup links to sites, as from emails.  This practice facilitates phishing.

Ars technical has a typical story by Peter Bright on Sept. 5.  

The story reminds me of the controversy in the summer of 2008, when a Finnish researcher found a security flaw in the DNS mapping system, resulting in a big emergency conference at Microsoft near Seattle.

Microsoft offers enterprises a service called Azure, cloud-hosted, that also seems to break away from URL dependency.

  

And more and more sites encourage smart phone users to load their apps rather than use URL’s in browsers.

Experian notes an id-theft risk in a popular game; Can credit-scoring companies develop a way to allow for the federal shutdown?

Experian has a detailed article by Matt Tatham on some consumer gamer vulnerabilities with Fortnite, apparently leading to some compromises of PII and even identity theft.
  

This reminds me of the idea of identity theft on a platform like Second Life.

Experian, by the way, is the successor to Chilton (through TRW) which I worked for in the 1980s.  Maybe somebody there remembers me (in Dallas).

  

I wanted to note also that for several months I got emails claiming to be from Apple about numerous (perhaps dozens) games I had supposedly purchased in Indonesia and Belarus (a particularly vulnerable country).  No, obvious spam, I think (although it simulated an Apple address, but no statement ever showed up on my cards).  It sounds possible that there is a digital copy of me overseas, maybe created by the Russians.  Could this be a problem if I travel overseas?   They’ve never shown up on my credit reports. 
  

I also want to note that, although I didn't work on the Fair Isaacs credit scoring (then called "Risk Predictor") interface, some coworkers did and I am somewhat familiar with it.  It strikes me that credit reporting companies should develop a way to account for missed payments from federal workers "taken hostage" by the president and Congress.  Technically, I know it can be done.  So do it.

Picture: where I lived in 1979, near Dallas North Tollway at Cedar Springs; new apartment complex replaced the old Embarcadero on Lucas St. 

Darkening of FTC during shutdown increases risk of identity theft

Apparently the Federal Trade Commission is dark during the shutdown, increasing the risk of identity theft from hackers or even pickpockets.  NBC News reports.

Major incidents are already reported.

  

Furthermore, a complaint to the FTC about possible payment processor collusion against some content creators using patronage systems online won’t get started right now.

Experian analyzes the risk to average consumers from data breaches

For the New Year, Experian (aka TRW aka Chilton) has some embeddable charts on “where your personal information is most at risk” from 2018. From data breaches.

Or this one, data records lost by industry

  

Most of these breaches are so massive that the practical risk for any person is very low.  And more of them seem to come from foreign states.