MyCRA Specialist Credit Repair Lawyers

Tag: ACCC’s Scamwatch

  • VISA says ‘pens down’ to prevent credit card fraud

    Plastic fantastic transactions will no longer be signed off on as a proof of identity, but will require a PIN number to authorise. In the news today, VISA has announced it will phase out signature payments by April 1, 2013. We look at this decision, and address credit card fraud, and the ways in which your credit rating can be compromised because of it.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repairs and www.fixmybadcredit.com.au.

    It was reported by the Sydney Morning Herald today ‘Signing off: credit card giant ditches pens for PINS’, the movement to PIN and card-chip only transactions has been prompted by the need for increased security on credit cards.

    The move is expected to reduce signature-based credit card fraud which has been on the rise over the last two years – from 38 out of 100,000 transactions in 2010 to 52 out of 100,000 transactions in 2011.

    Visa spokeswoman Judy Shaw said the change was part of a comprehensive security plan to phase out the use of signatures in favour of PIN and card chips, which are already widely used by customers in stores and ATMs.

    “At the moment we’re working with financial institutions and other card schemes to discuss a uniform approach to chip and PIN use across the industry,” she told the Sydney Morning Herald.

    “It will include a communication program so that cardholders are aware of their PINs and know how to use them,” she said.

    But rival American Express will still allow customers to confirm purchases with signatures although cards are issued with chips.

    Garry Duursma, Vice President at eftpos services company Tyro, told SMH abandoning signatures will reduce the incidence of card-based fraud, but warned it could potentially open a new risk if the restaurant’s eftpos system isn’t properly integrated with the restaurant’s bank account system.

    This demonstrates that credit cards are not always the safest way to pay.

    In instances of credit card fraud, it is not always as simple as reimbursing the victim for unauthorised transactions.

    Whenever a criminal is able to access a person’s credit card details, or any of their personal information – there is a chance the victim can have not only unauthorised transactions issued in their name, but possibly new credit taken out as well.

    Credit card fraud can take on a myriad of forms – but it can be quite sophisticated, and in those instances criminals may gain access to additional forms of credit – new cards, loans even mortgages.

    If the victim is unaware of the fraud right away and their credit file ends up with defaults – they can be blacklisted from obtaining credit for 5 years. That one instance of credit card fraud can end up financially crippling the victim. They can’t borrow for anything – they can’t even take out a mobile phone plan.

    Here is one way someone may be a victim of identity theft through their credit card:

    In October last year, New York Police made major arrests of 111 people involved in five separate identity theft rings involving counterparts in China, Europe and the Middle East.

    The victims had credit cards skimmed at many New York shops, restaurants and even banks dating back to 2010.

    Then details on the credit cards where on-sold and duplicate cards were made that were then used to purchase and re-sell high-end goods such as electrical items.

    The Herald Sun reported at the time that authorities had calculated more than $US13 million ($13.4 million) was spent by the fraudsters on iPads, iPhones, computers, watches and fancy handbags from Gucci and Louis Vuitton.

    The ACCC’s SCAMWatch says a credit card scam can come in many forms. For example, scammers may use spyware or some other scam to obtain their victim’s credit card details. A scammer might steal or trick someone into telling them their security code (the three or four digit code on the card) and then make purchases over the internet or the telephone. If they know their PIN, they could also get cash advances from an ATM using a ‘cloned’ credit card (where the victim’s details have been copied onto the magnetic strip of another card).

    Of course, there is also a danger of someone using a credit card if it has been physically lost or stolen.

    Many types of fraud can also directly threaten the victim’s credit rating – such as account takeovers by fraudsters, and instances where criminals take out new credit in the victim’s name. It doesn’t even have to be for a large sum in some cases to be a massive blow to the victim’s ability to obtain credit. I have seen people get refused a home loan due to a default for as little as $100.

    Here are the ACCC’s signs to be aware of in relation to credit card fraud:

    Warning signs

    There are transactions listed in your credit card statement that you don’t understand.
    You have given your credit card details to someone you now suspect may not be trustworthy (perhaps over the internet).
    You have lost your card.
    You have kept your security information (eg your PIN or the access code on your card) written down somewhere near your card and you find that it is missing

    Some preventative steps against credit card fraud

    – Always check the ATM or EFTPOS terminal before using it. Look out for any suspicious boxes that could be skimming devices. If in doubt – don’t use it.
    – Always cover your PIN when making transactions.
    – Never let anyone walk out of sight with your credit card.
    – Consider paying cash on nights out and leave the cards where they are safe.
    – Always check your card statements and report any unauthorised transactions – however small – to the bank immediately. Sometimes ‘test’ withdrawals are made by criminals to see if the unauthorised transaction goes undetected, before more significant amounts are stolen.
    – Regularly keep up to date with what is on your credit file – which would reveal if defaults have been issued without your knowledge. People can check their credit file by obtaining a written report for free every 12 months, from each of Australia’s credit reporting agencies. But if they are suspicious of or vulnerable to fraud they can also for a fee obtain a credit report more often.
    – If there are any discrepancies of credit or adverse listings that should not be there they should act immediately to notify Police. This crime is not very widely reported. But it is only through people reporting it that any real statistics get collated. Likewise, if people want to try and repair their credit rating, the first thing I tell them is to make sure they have a Police report.

    For more information on restoring a credit rating following credit card fraud or any form of identity theft, contact MyCRA Credit Repairs on 1300 667 218 www.mycra.com.au.

    Image: adamr/ www.FreeDigitalPhotos.net

  • Carbon price scam warning for Australians. Advice to protect your good credit history

    The ACCC’s SCAMwatch has released a warning for Australian consumers and businesses about carbon price scams. Fraudsters are out there trying to pilfer personal information and banking and credit card details from unsuspecting recipients under the guise of pretending to be helping them recover carbon credits and compensation. We explain what this scam is in detail, and how your credit file could be compromised.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repairs and www.fixmybadcredit.com.au.

    Carbon price scammers are out in force again. The scam may come in a number of forms, targeting consumers and businesses across the country.

    Here are some examples for you to look out for provided by SCAMwatch:

    • People are telephoned and asked to provide their bank account details to a caller claiming to be from the Department of Families, Housing, Community Services and Indigenous Affairs (FaHCSIA). They are offering a grant for mortgage assistance under the Federal Government’s Household Assistance Package of up to $100,000. These offers are false.
    • People have had phone calls seeking their personal banking details to pay carbon ‘tax’ compensation into their bank account – these are likely to be a scam.
    • Scammers may also know people’s names, addresses and phone numbers and may try to make an appointment to visit them in their home.
    • Scammers may set up fake websites which look very similar to official Australian Government websites. The sites may ask people to enter personal or financial details, or offer to sell people fake carbon credits.

    Here is how SCAMwatch recommends consumers and businesses protect themselves from these scams:

    Protect yourself

    The Australian Government will never call you to ask for your bank account details or to receive the Household Assistance Package. Government services are never paid via money transfer services, nor will they ever ask you to send money this way. The Australian Government website www.australia.gov.au is a safe portal for finding government services.

    If you receive a phone call or letter asking for personal information such as your Tax File Number, Veteran’s Affairs client number or banking details, do not answer straight away. Contact the Australian Taxation Office on 13 28 61 or your nearest DVA office on 133 254 (or 1800 555 254 if in regional Australia) to confirm that the source is legitimate.

    Never provide or confirm your personal or business details over the phone (including banking details or identification numbers) unless you made the call using contact details you found yourself and you trust the information.

    If you think that a call might be a scam hang up and check by using official contact details which you have found independently such as through a phone book or online search. Never use phone numbers, email addresses or websites provided by the caller.

    Never enter your credit card or banking details on a website unless you have checked it is authentic and secure. Legitimate websites which ask you to enter sensitive personal or business details are commonly encrypted to protect your details. A secure site is usually identifiable by the use of “https:” rather than “http:” at the start of the internet address, or by a closed or unbroken key or padlock icon at the bottom right corner of your browser window.

    If you are a business, make sure you only deal with people you know and trust. Avoid having a large number of staff authorised to make orders or pay invoices. This will reduce the risk of your business paying for something that it is not required or is not legitimate.

    If you think you have provided your account details to a scammer contact your bank or financial institution immediately.

    Further to this, if people think they may have provided personal information to scammers then they may be vulnerable to identity theft.

    Apart from contacting their bank, here are three more things which are imperative for people to do if they think they might be vulnerable to identity theft:

    1. Contact Police. They can take some information about what happened and file a report – which you may need later if you do find your accounts and or your credit history compromised.

    2. Request a copy of your credit file. Check that everything is up to date, addresses are correct for you, and that there are no suspicious entries – like strange credit enquiries, or loans you have no knowledge of.

    3. Contact the Credit Reporting Agencies. Contact Veda Advantage, Dun & Bradstreet and Tasmanian Collection Services (if in Tassie). Let them know that you may be vulnerable to identity theft. They should be able to alert you to any new entries if they arose that could point to someone attempting misuse your good credit history.

    You may also wish to contact the ACCC to report the scam.

    If you are having trouble recovering your ability to obtain credit following identity theft, we might be able to help. Contact a Credit Repair Advisor on 1300 667 218 to discuss your circumstances.

    Image: Stuart Miles/ www.FreeDigitalPhotos.net

    Image 2: David Castillo Dominici/ www.FreeDigitalPhotos.net

  • Facebook finally asks users to report phishing scams

    Most people have (or know someone who has) come across some type of scam via Facebook. They’re those dodgy posts that you shouldn’t click on that get sent from your friend’s accounts without them knowing; or those strange emails in your inbox; odd friend requests; or on rare occasions complete hacking of your account. Most savvy Facebook users take it as a given that this is going to occur and that no one can do a thing to stop it. They just count themselves lucky that they are not one of the users that falls for them. Well now Facebook has finally taken the bull by the horns and decided to get active in stamping out phishing scams. FB has set up an email address to report these attempts. We look at what this means for Facebook users, the potential identity theft risks from falling for a phishing scam which could endanger your credit file and how to spot one before you get caught out.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repairs and www.fixmybadcredit.com.au.

    Facebook’s security page requests that if its users spot phishing scams they should report them to Facebook and its eCrime team. The intention is to help hold scammers accountable and prevent identity theft and account hacking. Here’s an excerpt from their Security page:

    New Protections for Phishing.

    by Facebook Security on Thursday, August 9, 2012 at 7:31am •

    Today, Facebook is proud to announce the launch of phish@fb.com, an email address available to the public to report phishing attempts against Facebook. Phishing is any attempt to acquire personal information, such as username, password, or financial information via impersonation or spoofing.

    By providing Facebook with reports, we can investigate and request for browser blacklisting and site takedowns where appropriate. We will then work with our eCrime team to ensure we hold bad actors accountable. Additionally, in some cases, we’ll be able to identify victims, and secure their accounts.

    You might ask yourself how to spot suspected phishing emails. Our partners at the Anti-Phishing Working Group have put together some helpful tips to avoid being deceived by these messages:

    1.Be suspicious of any email with urgent requests for login or financial information, and remember, unless the email is digitally signed, you can’t be sure it wasn’t forged or ‘spoofed’

    2.Don’t use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don’t trust the sender, instead navigate to the website directly

    This new reporting channel will compliment internal systems we have in place to detect phishing sites attempting to steal Facebook user login information.  The internal systems notify our team, so we can gather information on the attack, take the phishing sites offline, and notify users.  Affected users will be prompted to change their password and provided education to better protect themselves in the future.

    While rare, we hope that you forward us any phishing attempts you encounter. Together we can help keep these sites off the web and hold the bad guys responsible. As a reminder, you can visit www.facebook.com/hacked if you think your account may be compromised.

    You can find out more about phishing in our Help Center. You can also forward phishing emails to any of the following: APWG (reportphishing@antiphishing.org), the FTC (spam@uce.gov), and the Internet Crime Compliant Center (www.ic3.gov).

    This is great news for FB Users, and as it may be just the impetus needed to both deter and attack these predators.

    Technology magazine ZD Net’s Eileen Brown is likewise pleased with this new response, but at the same time, questions the appropriateness of where Facebook has decided to report this information:

    The challenge is that Facebook has hidden this information in its Security notes. This is not an area where the average user is likely to visit. Facebook should place an alert at the top of the home page drawing user’s attention to the importance being vigilant and careful.

    Hiding this page away does not show the duty of care that Facebook should show to its users — especially if it wants to avoid the potential consequences of a password or account breach.

    It is only a matter of time before someone tries it… She says in the article Facebook creates new email address to fight phishing.

    Phishing scams should be a topic that every online user is familiar with, but as we reported recently in our post Identity theft risks high for pre-retirees, some sections of the community can be more vulnerable to phishing scams, and they aren’t necessarily screaming out “identity theft” – they can be well thought out scams that look like legitimate requests for information etc.

    On Facebook, both young and old can be at risk of phishing scams. One prevalent scam reported by the ACCC’s Scamwatch recently is the Facebook password scam email.

    “…the scam email enters inboxes looking as though it is an auto-generated email from the Facebook Team. It announces to subscribers that as a security measure their password has been changed and that this needs to be confirmed. Attached to the scam email are two documents with file names beginning with ‘facebook_password’  that are supposed to include the new password.

    SCAMwatch warns you not to open these attachments. If you do, you will activate a very nasty Trojan or malicious software called the Bredolab Trojan and your computer will be taken over for use by the scammers at their will.”

    If via these scams, criminals are able to gain access to information like names, dates of birth and addresses then identity theft may occur. Fraudsters can build a profile with enough information to request duplicate identity documents – enabling them to have access to their victim’s good name through their credit rating meaning they could take out loans, credit cards, even mortgage properties in their victim’s name.

    Fraudsters are never so kind as to pay the credit back -meaning the identity theft victim is hit twice – financially ruined and then locked out of credit and with no ability to borrow for 5 to 7 years.

    How to spot a phishing scam

    Scamwatch has a great article on their website titled Phishing scams on social networking sites—don’t be tricked into giving your information away! Here’s what they suggest to look out for:

    Protect yourself

    Never send your online account details through an email and think carefully before you give away any personal or financial information.

    Never enter your personal information on a website if you are not certain it is genuine. Don’t click on the link provided in an email or call the phone number provided; instead, find the business’s contact details through a general internet search.

    Keep your computer updated with the latest anti-virus and anti-spy ware software, and use a good firewall.

    When using social networking websites:

    • Check the privacy settings and think about who you really want to have access to your personal information.
    • Be careful about what personal information you put on the internet, because scammers can use these details to guess your passwords or to commit fraud.
    • Check how much information about you is available on the internet—type your name into a search engine and see how many hits you get.
    • Don’t be lulled into a false sense of security—online ‘friends’ may not be who they say they are.
    • If you receive an email that appears to be from a family member or friend, look at the way the email is written and ask yourself whether the email sounds like it was written by that person.
    • If you receive an unexpected request for money from what appears to be a friend, try to contact that friend or their family or friends to verify the request. Do not use any of the contact details in the message.

    Great advice to take on board for any FB user – but it you or someone you know has fallen victim to one of these phishing scams – there are three things you may need to do immediately (among others):

    1. Change your passwords on your computer, bank, Facebook or any other relevant sites via a different computer. If you can’t because you have been ‘locked out’ of your accounts, you may need to contact your Creditors and Police immediately.

    2. Report the scam to the ACCC, and if you think you may be vulnerable to identity theft, it may be better to give them a call on ACCC Infocentre 1300 795 995 and they can direct you for further advice and possibly advise you to contact Police.

    3. Check your credit report. This is often the first way you might spot identity theft which has led to credit being taken out in your name. It is free to check every year from Australia’s credit reporting agencies and it will be peace of mind if it turns up clear. If there is anything on there you are not sure of, investigate and contact Police. If you confirm you have been a victim of identity theft, you can contact MyCRA Credit Rating Repairs to help with removing any bad credit which is darkening your name.

    Image 1: Pixomar/ www.FreeDigitalPhotos.net

    Image 2: Ambro/ www.FreeDigitalPhotos.net