Christopher Elliott, author of “Scammed” and airlines passenger advocate, tells Pay Dirt how he fell for some of the oldest tricks in the book before becoming a consumer advocate. Known primarily for his work as a journalist and campaigner for travelers, Elliott himself used to work for a travel trade publication 20 years ago. He said seeing the travel business from the inside was very “eye-opening.” He also tells Pay Dirt about a valuable lesson he learned from a parrot named Scarlett.
Pay Dirt: What are the most naked scams that we don’t even see as scams?
Elliott: You’re being scammed right now.
Pay Dirt: I am? But you are promoting your book.
Elliott: Consumers are always being scammed. Usually, if you have to ask if it’s a scam, the answer is yes. The common definition of a scam is pretty narrow: A fraudulent deal that some shady guy offers you on the street or an email from someone in Nigeria telling you you’ve inherited $1 million. I talk a lot in the book about contracts. Some of the most onerous are mortgage contracts where the fine print is so dense that – at the end of the first six months – your interest rate suddenly goes up. And shrink-wrap contracts: By opening the box you are agreeing to the terms of purchase. Also, beware of contracts that self-renew.
As consumers use their smartphones for a wider range of activities — including shopping and banking — it’s natural to wonder if such activities are really safe. The scary answer: maybe not.
Experts say hackers are increasingly targeting cellphones, in a variety of ways, to get at the often-vital information stored there. The latest versions of security programs from NQ Mobile claim to protect against a variety of problems. It automatically scans for malicious apps when users are accessing a financial institution via their phone, and also checks for spyware from third-parties that could be eavesdropping on conversations.
When hackers break into social networking sites, medical records databases or entertainment companies, experts say it’s consumers who often end up paying the price.
Systems such as Sony’s gaming network, which was breached this year, have become increasingly attractive for cyber criminals, especially now that video gaming accounts contain such valuable personal details, says Adam Levin, chairman and founder of Identity Theft 911, an identity and data risk management company. “The Sony breach last April merely underscores something obvious: Gaming networks and similar sites are delicious targets.”
Breaches cost organizations millions of dollars, which tends to trickle down to consumers, says Evan Brown, an associate in law firm Hinshaw & Culbertson. “It is inevitable that the costs will be passed on,” he says. Apart from investigative costs, he says, many companies that are the target or victim of a data breach offer credit monitoring services to affected individuals.
The number of personal files being compromised is also on the rise, though the amount of actual cyber crimes this year is lower than last year. Some 30.4 million records were compromised in 2011 in 535 separate breaches, according to the Privacy Rights Clearinghouse. That’s up from 12.3 million in 2010.
Not all breaches involved sophisticated hackers. Those at Sutter Physicians Services in October and military healthcare program Tricare Management Activity in September were the result of the theft of hardware and software, respectively. They underscore the importance of not forgetting the low-tech protections like encrypting files and not leaving back-up disks unattended, Brown says.
Others didn’t involve social security numbers, but did have implications for password security. “Capturing a customer list containing thousands of email/password combinations represents a potential threat to online bank accounts and other web-based services,” says Steve Fox, senior security auditor at IT security business Coalfire.
Pay Dirt asked a range of security experts for the worst breaches of the year. Here they are in no particular order:
Thieves are using Twitter, Facebook, and Foursquare as tip sheets.
Thanks to careless postings on social-networking sites, burglars can find out when homeowners are out of town and whether or not they own a menacing dog, experts say. According to a new report, nearly 80% of former burglars said they believed thieves use these resources to target homes. That could be a polite way of saying they are speaking from personal experience.
Social networking also allows burglars to “case the joint” without leaving home. What’s more, 74% of ex-burglars say they believe location services like Google Street View is helpful to burglars planning raids. (Twitter and Facebook did not respond to requests for comment.)
It means burglars can hang up their black cat suits and stop prowling in neighborhoods in the dark. The average value of goods stolen during the day is $2,158 versus $1,868 at night, according to the survey by CreditSesame.com, a website with credit scoring and personal finance tools.
Job seekers, beware. The Better Business Bureau says there’s been a rise in the number of fake job advertisements on social networking sites and job websites like Monster.com and Craigslist. Security experts say that with many unemployed people desperate for work, many scammers are finding it easier to take advantage of them. Unemployment was 9.1% in July, just down from 9.2% in June, according to the latest data.
“Job seekers need to be on the look-out for potential scams,” says Stephen A. Cox, president and CEO of the Council of Better Business Bureaus. “Many job scammers are having candidates set up direct deposit accounts as part of the application process and making it seem as though it’s naturally part of the process to get an interview — when it’s absolutely not.”
What do they want? Your personal contact details, your social security number and any other information that will help them access your money. Most people’s resumes have an enormous amount of personal information, including date of birth, education and employment history, address, phone number and email. It’s a lot of information to hand over to a stranger, especially over the Internet.
Roger H. Schmedlen, Fenton, Mich., warns consumers about company websites that look legitimate. He advises Googling “Whois” to find out when the website was created. “Anyone can put together a professional-looking website,” he says. “There are a lot of people who really want to work and might respond to an ad that they would have thought twice about a year ago.”
Apple and Google came under fire earlier this year for tracking cellphone users’ locations via their mobile operating systems. But as consumers use their phones for banking, shopping and more, there are even more malicious forces interested in that data and other information on your handset.
Threats to your mobile phone’s security are becoming more prevalent, according to a report released Wednesday by mobile security company Lookout. In January, there were 80 Android apps infected with malicious software, according to their data. By June, there were more than 400. As many as 1 million Android owners were affected, they say.
Here is a list of problems the group says you should look out for:
Malware: Software that’s designed to be harmful. It can be configured to steal information from your phone, or give an attacker some control over the handset to, say, send spam text messages to everyone on your contact list. It’s often hidden in games and other apps, so download only from well-reviewed, trusted developers.
If you’ve recently gotten stuck with an automobile lemon, encountered a shifty telemarketer or fought with your credit card issuer over a fee, you’re far from alone.
Those three problems fall into the categories consumers complained the most about in 2010, according to a new study of state complaint data from the Consumer Federation of America, the National Association of Consumer Agency Administrators and the North American Consumer Protection Investigators. (See the full list below.)
The tough economy has continued to color complaints. State consumer agencies continue to hear from more people already in desperate financial straits that have been drawn in by unscrupulous businesses, says Anna Huddleston-Aycock, president of the NACPI. “Fraud is an especially challenging problem because scammers often target U.S. consumers from foreign countries, making law enforcement difficult,” she says.
Brokerage Morgan Stanley Smith Barney has warned 34,000 accountholders of a data breach that exposed Social Security numbers, account information and addresses, among other data.
The information, stored on two password-protected CDs, was lost en route to the New York State Department of Taxation and Finance in early June, says Jim Wiggins, a spokesman for Morgan Stanley. The package arrived but the CDs did not, and subsequent searches by the department, brokerage and U.S. Postal Service failed to locate them. “We’ve seen no evidence of criminal intent or actual misuse of this information,” Wiggins says. The breach affected less than 1% of the brokerage’s accounts. Account holders whose Social Security numbers were exposed in the breach will receive a year of credit monitoring from credit bureau Experian.
Like plenty of other Americans, Rachel Shteir watched with curiosity the 2001 Saks Fifth Avenue surveillance footage of Winona Ryder lifting $5,500 worth of socks, hairbands and clothing “I became fascinated with the idea of someone who didn’t need to shoplift, shoplifting,” she says. Her new book, “The Steal,” tackles the question of why people take five-finger discounts and what stores’ $11.6 billion in annual shoplifting losses means to law-abiding shoppers.
Pay Dirt: Who is the typical shoplifter these days?
Shteir: That’s the interesting thing — there is no profile. There’s no particular type of person we can look at and say, that person shoplifts.
Pay Dirt: We’ve heard a lot about the celebrity shoplifter, a la Winona Ryder or Lindsay Lohan. Where do they fall in?
Shteir: Celebrities are like us, so they shoplift when they get anxious, or when they feel like they deserve something they don’t have. The reasons aren’t that different from your average middle-class shoplifter.
So much for a blasé data breach. Last month’s breach of Citigroup credit card numbers didn’t include the cards’ expiration dates and securities codes, which should have prevented the hackers from using the cards. Even so, this week Citi announced that some 3,400 of those credit cards (about 1% of the total compromised) were fraudulently used to the tune of $2.7 million.
None of the cardholders are held responsible for those charges, says a Citi spokesman. But how did it happen? Citi could not confirm but suggested that some of the customers may have been involved in breaches at other companies that gave the hackers the full suite of information they needed. “I suspect what you’re going to find is this was a very sophisticated hack by a group that’s done more than this,” says Jay Foley executive director at the Identity Theft Resource Center.
Citi’s is among the latest in a series of breaches so far this year. There have been 216 year-to-date, according to the Identity Theft Resource Center, down from 333 in the same period last year. In many cases, fraudsters have grown more sophisticated and are better able to access customer information and remain undetected than in the past, says Phil Blank, managing director of security, risk and fraud for Javelin Strategy and Research. A report out today by Javelin shows that among roughly two dozen of Visa and MasterCard’s largest credit card issuers, the bigger institutions including Bank of America and U.S. Bank are among the best equipped to prevent, detect and resolve fraud. The relatively smaller banks on the list came in at the bottom, including State Farm, Associated Bank and SunTrust. The annual study, which was conducted before reports of Citi’s breach surfaced, ranked Citi in ninth place.
Pay Dirt examines the millions of consumer decisions Americans make every day: What to buy, how much to pay, whether to rave or complain. Lead written by Quentin Fottrell, the blog examines these interactions, providing readers with news, insight and tips on shopping, spending, customer service, and companies that do right – and wrong – by their customers. Send items, questions and comments to firstname.lastname@example.org or tweet @SMPayDirt.