Our Blog

Warning on Scams Claiming to Support Ukraine

by Cathy Rowe, DrPH, Executive Director, NJAAW

Unfortunately, we have seen this over and over: Well-meaning older adults who want to support a good cause become the targets or victims of a scam

Why Are There Scams About Ukraine?

Let’s be clear – the people of Ukraine need our support and help. Lives are disrupted, infrastructure is destroyed and peoples’ health, welfare and lives are at risk.

Scam artists are despicable when they take the focus on a crisis and use it to try and rob well-meaning people. 

NJ has a high number of Ukrainian immigrants – the 4th largest community in the United States.  Many came over in the 1980s to work and raise their families, and are now retired. The headquarters of the Ukrainian Orthodox Church of the USA is based here in South Bound Brook, at St. Andrew Memorial Church.

We know the compassion and concern are real. We just want to make sure the support that people want to give gets to the right place – and not in some scammer’s pocket.

We know the compassion and concern are real. We just want to make sure the support that people want to give gets to the right place – and not in some scammer’s pocket.

Why Do Scammers Target Older Adults?

We have this struggle – while we want to help older adults with technology and close the digital divide, we also do not want to expose them to fraud. We want people to be safe and be cautious online.

If you get emails asking for donations, check the address it came from. Do not open an email or click on a link unless you really know where it is from. If you go to a website to get information or to donate, make sure you are going to the site you want and have not been redirected to another site with a similar name. 

Also, the problems aren’t only online. There has been no slowdown in telemarketing scams.

Telemarketing has become an easy way for fraudsters to scams seniors. Many seniors will always pick up the phone – and have been doing so all of their lives. Since we are in our homes more because of COVID or the cold weather, we hear that phone ringing. As our partners at Senior Medicare Patrol advise: If you receive a call and you do not recognize the caller’s telephone number, do not pick up the call. Let your answering machine screen all of your calls.

How to Help Ukraine

Our advice is to donate through an organization you know and trust, such as the International Committee of the Red Cross or Doctors Without Borders. Locally, if your house of worship is organizing something to help the people of Ukraine, or if there is a Ukrainian church or synagogue you know that is doing something, that might be the best way to ensure that your help will really get there. Also, large church-based charities, usually covering a diocese or synod, are trustworthy places to donate to if they have set up a fund for Ukraine.

We also see that some news stations have screened organizations that are helping Ukraine and are posting this information on their broadcasts as well as on their websites. 

Fighting Scams on Any Topic

Be sure that you never feel intimidated or pressured to give money or any personal information to someone you don’t know. If you feel pressure, hang up the phone. If someone, by phone or email, is trying to make you feel flustered or dumb, know that you are not. Scammers are smart, persistent and only need to trick one person to make money.

Also, while it may be hard, share your experience with others. Tell people about the calls or emails you’ve received that seem suspicious so that they can learn. You will be providing a service by sharing our experience with others.

If you suspect that you have been the victim of a scam, report it to cyber.nj.gov or AARP’s toll-free fraud helpline at 1-877-908-3360.

Finally, always keep up your vigilance:

  • Do not respond to emails if you do not know the source
  • Initiate calls or conversations yourself
  • Double-check the website address if you want to donate online – make sure you weren’t redirected
  • Trust your instincts, not your emotions

Cathy Rowe, DrPH, was interviewed on PIX 11 TV on this topic. Click here to see the video clip and read the news report.

Avoiding COVID-19 Vaccination Scams

Guest blog by Charles Clarkson, Esq., Project Director, Senior Medicare Patrol of New Jersey

On March 13, 2020, a national health emergency was declared due to the coronavirus pandemic. After many years of running the Senior Medicare Patrol of New Jersey (SMP), I knew it was only a matter of time before we starting seeing SCAMS related to the health emergency. Fraudsters are always looking for ways to scam people, and the COVID-19 public health emergency has been no exception. Initially, fraudsters promoted false cures, sold phony personal protective equipment, given people illegitimate COVID tests and billed Medicare for sham tests and treatments. Now, they are targeting vaccines.

The goals of the fraudsters are very simple: to obtain your information, which they can use to steal your personal and/or medical identity, or to outright steal your money. The SMP has seen a number of vaccine scams. The more you know about these scams the more likely it is you will not fall victim to them.

Head-of-the-line Vaccine Scams

Scammers call and say you can get your vaccine early by providing your Medicare number or other personal information. They may ask for payment upfront and/or insurance information in order to be placed on a priority waiting list for a vaccine you may never receive.

Don’t fall for it. You cannot pay to get in line for a vaccine.

Survey Vaccine Scams

You have gotten your vaccine. You then get an email asking you to complete a health survey. It looks legitimate and has logos and telephone numbers that appear to be genuine. You want to be helpful because you are grateful you were able to get the vaccine. Some of these surveys are also offering money or other incentives to entice you to participate in the survey. The messages may also claim to be urgent, giving a timeframe of expiration to get you to click on their deceptive link to gain personal information.

Don’t fall for it. A vaccine survey offering you an incentive or stating a sense of urgency to complete is a red flag. You should double-check logos and phone numbers and hover over links to see if they are long and suspicious. Don’t click on them.

Vaccine Trial Scams

There are numerous clinical research trials in the race to develop additional COVID-19 vaccines, treatments and cures. Legitimate clinical trials may offer payments to participants under well-defined legal guidelines. However, career criminals know the offer of a paid clinical trial is also an opportunity for financial identity theft.

Don’t fall for it. Be wary of unsolicited emails, calls, or personal contacts requesting personal information. The Federal Trade Commission issued a warning in October 2020 with helpful hints to determine whether a trial is legitimate.

Vaccines-for-Sale Scams

Scammers are setting up fake websites offering to sell vaccines or vaccine kits. Some are imitating legitimate pharmaceutical manufacturers. In some cases, scammers were asking for payment for vaccines and/or kits via a credit card and sending payment to a specific credit union.

Don’t fall for it. You can’t buy a vaccine.

For More Information About Vaccine Scams Affecting Older Adults

If you think you have been a victim of Medicare fraud, errors, or abuse, contact the Senior Medicare Patrol of New Jersey at 1-732-777-1940 or call our hotline at 1-877-SMP-4359 [1-877-767-4395]. You can also visit our website.

Find Help in Your State

If you live in a state other than NJ, you can find help by visiting the SMP Resource Center.

If you have questions related to Medicare billing for COVID-19 vaccines, call 1-800-Medicare [1-800-633-4227] or visit Medicare.

Charles Clarkson, Esq., has been the Project Director of the Senior Medicare Patrol of New Jersey, under the auspices of the Jewish Family Services of Middlesex County, since 2005. The Senior Medicare Patrol of New Jersey is a federally funded program of the U.S. Administration for Community Living and part of the national Senior Medicare Patrol project. There is a Senior Medicare Patrol in every state, including the District of Columbia, Puerto Rico, Guam and the U.S. Virgins Islands. The SMP of New Jersey is responsible for teaching Medicare recipients in the state to become better healthcare consumers. As part of this effort, seniors are provided with information to prevent them from becoming victims of fraud, waste and abuse in the Medicare program. The SMP program also assists beneficiaries in reviewing suspected Medicare fraud and can act as an advocate to assist beneficiaries in fighting Medicare fraud, waste and abuse.

Clarkson is a New York attorney who for many years was Vice President, Deputy Counsel and Corporate Secretary of TLC Beatrice International Holdings, Inc., a multi-billion, international food company.

Medicare Fraud. How We Can Fight it.

Today we bring you a blog post from guest blogger and NJFA friend Charles Clarkson, Project Director of the Senior Medicare Patrol of New Jersey.


By Charles Clarkson, Project Director, Senior Medicare Patrol of NJ

 

Medicare fraud is estimated to cost American taxpayers $60 billion a year, monies that are siphoned off and are not available for legitimate Medicare services. At the Senior Medicare Patrol of NJ (SMP), which is a federally funded program, we want to educate Medicare beneficiaries so they do not become victims of Medicare fraud. There are steps Medicare beneficiaries can take to fight this fraud. The most important step is to protect your Medicare number. Even though Medicare issued new Medicare cards to all beneficiaries with randomly generated numbers and letters and removed the social security number from the cards, the Medicare number (now known as the Medicare Beneficiary Identifier) is still very valuable to fraudsters who can use it to bill Medicare. Beneficiaries should not give out their Medicare numbers to anyone they don’t trust. This is especially true for the many beneficiaries who receive robo calls on a constant basis. The rule of thumb is to never pick up the phone if you do not recognize the telephone number on your message machine. Let the message machine screen all of your calls and then you can decide to return the call or not. Most beneficiaries will find that no message is left and they can then ignore the call.

The next step is to always read your Medicare Summary Notice (MSN), the document a beneficiary receives from Medicare usually 3 months after seeing a Medicare provider. It is important for beneficiaries to review their MSN, not just because of fraud but because mistakes can also happen.

Step three is to keep a personal health care journal or calendar. Record every time you see a medical provider, take a test or have other services provided. When you get your MSN compare it with your journal or calendar. Make sure you are not being scammed. If you are not sure something is fraud or you have a question about the billing, call your provider and ask for an explanation.

Step four is to report any suspected fraud or error. This step is vitally important. Failure to report will translate into the provider getting away with any fraud or errors. Remember, this is your money. You pay Medicare premiums, co-pays, co-insurance, deductibles and other charges. If you need assistance in fighting Medicare fraud, as you were unable to resolve it yourself, call the SMP. Our telephone number is 732-777-1940 and our hot-line number if 877-SMP-4359. A beneficiary can also use our web-site to report a fraud on the form provided. Visit seniormedicarepatrolnj.org

Even if you are not sure if it is fraud but need questions answered, call us. We are a free service and we are here to help. Every beneficiary should feel empowered to help fight Medicare fraud. At the SMP we want to keep Medicare as a viable program that is there for every beneficiary.


Charles Clarkson is Project Director of the Senior Medicare Patrol of NJ

Scams and Tech, Part 3: Kicking Scammers to the Curb

By Mason Crane-Bolton

Make yourself a to-do list for completing these tips | photo via stock photos

We’ve already given you some tips to protect yourself against the scammers we’ve listed in this series, but what else can you do? How can you best ensure you’re safe from scams and scammers?

Sadly, there is no silver bullet, no perfect solution that will guarantee you’ll never be in contact with scammers or never fall victim to a scam. But there are many steps you can take to help protect yourself. These steps can be easily divided into two categories: proactive and reactive. Proactive steps are ones you can take to help ward off scammers—these are the best steps to take because they help prevent financial and/or identity loss. Although reactive steps aren’t as ideal, they’re a good way to handle scams after you believe you’ve been contacted by a scammer or have been scammed.

Proactive

  • Consider opening an account for your Social Security number (SSN) at https://www.ssa.gov/myaccount/ to monitor your Social Security account.
  • Consider freezing your credit—this option may help prevent identity theft, but don’t freeze your credit if you plan on making a major purchase in the near future, such as a car, boat or home. Credit checks run while your credit score is frozen will hurt your credit score.
  • Monitor your credit throughout the year. You’re entitled to free credit reports from Experian, TransUnion, and Equifax once per company per year. Rather than get all three at once, spread these reports out every four months to stay vigilant. You can learn more at https://www.annualcreditreport.com/index.action.
  • Never email or text your Social Security number or banking information, such as credit card, account, or routing numbers.
  • Never give your SSN or credit/banking information to someone who reaches out to you.
  • Educate yourself on the latest scams—scams tend to come in droves, so it’s helpful to learn what scammers might approach you with.
  • Install virus and malware protection on any device connected to the internet, including (but not limited to) computers, tablets, and smart phones.
  • Consider adding a trusted contact to your bank accounts—if unusual spending is noticed, your bank can alert you and your trusted contact (this may be particularly useful if you’re the victim of a romance scam).
  • Read reviews for organizations and businesses that send solicitations before engaging with them.
  • Look for the fine print on solicitations you receive. If a solicitation references a relationship with another business you know (say, your mortgage company or landlord/apartment management), contact that business directly to investigate the mail/email/text/phone call you’ve received.
  • Double-check any potential romantic/friend dates before pursuing a meeting or relationship. Let people you’re close to know about anyone involved in your life (even if the relationship is online-only).
  • Don’t open any emails or click on links or attachments you’re not expecting. This goes not just for emails from strangers but emails from loved ones—Scammers can hack into accounts or disguise their email address as coming from someone in your list of contacts.
  • Use your caller ID on your phone and let calls from unknown numbers go to your answering machine or voicemail. If you’re worried about missing an important call, you can always use the general principle, “If it’s important, they’ll leave a message.”

 

But maybe you’ve already gotten a suspect phone call, or a strange voicemail. Maybe you’ve realized, too late, that the person you gave your credit card number or sent money to wasn’t who they said they were. If these things have already happened, then it’s time to take reactive steps.

Reactive

  • If you receive a call you believe is a scam, hang up the phone immediately. If caller claims to be a from a legitimate business or organization, hang up the phone—reverse search and contact the actual organization. Ask if the organization has contacted you.
  • If you’ve opened an email that seems fishy, delete it immediately. DO NOT click on any links in the email!
  • If you’ve given your credit or banking information to someone you later suspect is a scammer, report this to your financial institutions and request new card and account numbers.
  • Report any attempted scams.
  • If you’ve been a victim of a scam, report it—your report will help you AND might prevent someone from being scammed in the future.
  • You can report fraud to the Federal Trade Commission at ftc.gov/complaint.
  • To report Social Security scams, call the Office of the Inspector General at ?1-800-269-0271 or report online at https://oig.ssa.gov/report.
  • If you or someone you know has been the victim of an online scam, register a complaint with the Internet Crime Complaint Center (IC3) at https://www.ic3.gov/default.aspx or with the New Jersey Division of Consumer Affairs at http://www.njconsumeraffairs.gov/ or by calling 800-242-5846 (toll-free in NJ) or 973-504-6200.
  • Don’t be embarrassed or ashamed to report it if you’ve been the victim of a scam—scams can happen to anyone.

 

While this is not a comprehensive list, these suggestions can help guard you against tech-based scams or help you even after you’ve found yourself to be victim of a scam. Remember, scams can pop up anytime, from anywhere, and are especially prevalent through all of our tech-devices. Remaining vigilant and working to minimize your exposures to scams is the best way to prevent being scammed. But if you are the victim of a scam, report your scam to the proper authorities—your report could help you and could prevent someone else from being scammed!

We hope you’ve enjoyed this series on tech-based scams! Come back in April for our newest blog!


Mason Crane-Bolton is Communications Manager for the New Jersey Foundation for Aging. His writing has appeared in EpiphanyUU WorldTo Wake/To Rise, and others. 

Scams and Tech, Part 2: Sweetheart Scams

By Mason Crane-Bolton

Are they interested in you, or your money? | photo via unsplash.com

In part one of our tech-scams series, we talked about the all-pervasive en-masse scams, the kinds of scams that flood your inbox and phone. Today we talk about a scam more sinister and possibly more dangerous, the romance scam.

Romance scams, also known as “sweetheart” scams, are one of the most prevalent tech-based scams. These scams may start off all “<3”s and “XOXO”s, but they end with heartbreak, $0.00 in your bank account, and maybe your stolen identity.

Romance/sweetheart scams are longer, more intense scams than the scams in the first installment of our tech-scams series. Sweetheart scams typically start online on dating websites or internet forums, but can quickly migrate to messaging services, emails, phone calls, or text messages. Many people fall victim to romance scams because of their long, drawn-out nature. It’s important to note that these kinds of scams aren’t new, but they’ve become easier for scammers to instigate with the advent of the internet, dating websites, and social media apps. It’s also important to know that although sweetheart scams are most common through internet-based channels, they can and do still occur offline through newspaper personal ads, etc.

Sweetheart scams target adults across all ages, but they’re more prevalent among older adults. And they’re successful. What does this mean and why? How can you protect yourself? How do romance scams work?

Some victims believe they’ll be quick to pick up on the lies, others may be blinded by an attraction or feeling of affection for the person they believe the scammer to be. Although it’s easy to think we can always tell if someone is interested in us or just our wallets, the truth is, it isn’t that simple. In romance scams the scammer is interested in a bigger payout, so they’re willing to invest more time and energy into the scam. This means they put a lot more effort into gaining your trust and access to your money and information. Long before they’ve talked to you, they’ll already have their stories straight. They’ll already have pictures they can send to you, phones they can use to call you, and plausible reasons why they can’t meet you or why they might run into financial troubles.

And, despite their name, sweetheart scams aren’t always overtly romantic in nature. Although the relationship between the scammer and victim is often under the pretext of dating or romance, the relationship may be seen as a friendship or companionship by one or both parties. Some people fall victim to these scammers because they believe sweetheart scams always involve overt romance or dating. The sad reality is that plenty of people have been scammed out of their money or identity believing they’re helping a dear “friend” they’ve met online.

So it can be easier for people to fall prey to sweetheart scams. But why is it so hard to get out of them? Won’t somebody in that person’s life notice? Won’t the victims eventually realize what’s going on?

 

While this isn’t an exhaustive list, suffice it to say there are many reasons it can be more difficult to get someone out of a romance scam, or even to notice one is occurring. Some of these reasons include:

  • The victim may be secretive about the relationship or may not divulge certain details (Even in the best, non-abusive, of circumstances, many of us are unlikely to tell friends and family how much money we’ve loaned or given to our significant other)
  • If the victim or the victim’s closest contacts aren’t scam-savvy (or if cognitive issues play a role) it may be harder for the victim to recognize red flags, such as common scamming techniques
  • Affection and attention are crucial to our happiness and health—If the victim is, or feels, isolated they may be more susceptible to sweetheart scams
  • Scammers may use “gaslighting” to make victims doubt themselves—“Gaslighting” refers to a technique common in abusive relationships where the abuser manipulates their victim into questioning their own perception of reality or sanity
  • Even if the victim has concerns, they may be too embarrassed to ask for help

 

Romance scams can be extremely difficult for not just the people directly involved, but for the people around the victim as well. Sweetheart scams prey on our need for love, affection, and companionship, and it can be incredibly painful to admit there’s a problem. It can be even harder to give those things up—even if the scammer’s “affection” isn’t genuine. The victim’s loved ones may also find themselves between a rock and a hard place: they don’t want to see their loved ones continue to be financially abused, but they also may come against a defensive victim who is unwilling to believe their boyfriend/girlfriend or friend is really taking advantage of them.

Across the country (and globe), there are countless stories of sweetheart scams and their victims. People who have been left bankrupt, had their identity stolen, or, at the very least, had their sense of safety and stability disrupted. Sadly, there are still many more victims out there who will never come forward out of feelings of embarrassment or shame. Some victims can recoup some of their losses through the legal system, but, unfortunately, most won’t see any of their money returned. The best way to avoid the losses caused by a romance scam is to steer clear of them through education and vigilance.

 

Here are some common tricks look out for:

  • The person claims to be in the military and unable to access funds (impersonating soldiers deployed overseas is a common tactic used by scammers. The U.S. military and U.S. government warn that you should not send money to anyone overseas or with these claims)
  • The person claims they have a large amount of money they’re currently unable to access (but promise to share this wealth with you in the future)
  • The person can never meet in person—or they make plans to meet but need to cancel after an emergency or tragedy (or they never show up at all)
  • The person consistently asks to borrow money
  • They ask for personal information that could be linked to your financial information
  • They ask for access to your financial information or accounts (they may use this for future identify theft or monetary theft)
  • It’s a “whirlwind” relationship
  • They ask you to send wire transfers, gift cards, or electronics
  • Reverse check the picture of your date—if the picture is attached to more than one profile, this is a major red flag
  • It seems “too good to be true”—whether it’s their profession, their photos, their financial situation, a combination of these factors or something else entirely, follow the old adage “If it’s too good to be true, it probably is.”

 

Dating websites, apps, and online forums can still be wonderful places to meet people for romance or friendship. The prevalence of romance scams doesn’t mean you need to throw out your computer or delete your apps, but it does mean you need be consistently vigilant and careful.

Just as you would with a blind date, let trusted people in your life know who you’re talking to online. They can help be a barometer for “normal” or “suspect” behavior and can alert you when something seems fishy—listen to their concerns and take them seriously, they are looking out for you.

If you or someone you know has been the victim of an online scam, register a complaint with the Internet Crime Complaint Center (IC3) at https://www.ic3.gov/default.aspx or with the New Jersey Division of Consumer Affairs at http://www.njconsumeraffairs.gov/ or by calling 800-242-5846 (toll-free in NJ) or 973-504-6200.


Mason Crane-Bolton is Communications Manager for the New Jersey Foundation for Aging. His writing has appeared in EpiphanyUU WorldTo Wake/To Rise, and others. 

Scams and Tech, Part 1: The En Masse Scams

By Mason Crane-Bolton

 Are you safe from scams? | photo via pexels.com

We know about tech. We know about scams—scams where older adults are often the target. But what do we know about how tech and scams overlap?

Wherever you live and however tech-savvy you consider yourself, it’s more than likely you encounter scams on an almost daily basis. Many of these scams may sound familiar: barely-legal businesses send flyers to your home insinuating to be affiliated with state or local agencies, or that urgent repairs need to be done to your residence; door-to-door or supermarket “magazine subscription sellers” try to get cash for magazines that will never come; a stranger who haunts a local business and always needs money for gas, etc. This isn’t a reason to give up on people or to believe that everyone you meet is out to do you wrong, but it is a reason to educate yourself and become “scam-savvy.” And where being scam-savvy may be more important than ever is in the use of those pervasive, everyday tools: our tech.

Why are there so many tech-based scams? Technology provides a quick and simple way for scammers to attempt scams on, literally, millions of people simultaneously at little to no cost. Scammers can send you emails, phone calls, and texts from anywhere in the world at any time. They can attach malware or spyware, infect your computer, get your information and your money. While there are some basic tools you can use to protect yourself from the uninvited scammers (antivirus programs for anything that connects to the internet—this includes not just computers, but smart phones, tablets, etc.) the most basic tools are free and always available: arming yourself with information, vigilance, and skepticism.

The tactics of most scammers are basic and easy to see through—so why do we fall for them? It’s not because we’re stupid or naïve—it’s because scammers also prey on our basic emotions: fear and love. The tactics of most scammers are to threaten either ourselves or someone we love.

Now, does this mean you can expect to get action movie-style emails in your inbox or texts to your phone? “Give me the last four digits of your Social Security Number or Fido gets it”? No, I don’t think that’s something you need to worry about. But what may happen is something like a call from the “IRS”—“We have recently opened a claim against you. Your bank accounts and benefits will be frozen unless we can confirm your Social Security Number,”—or from a “friend” of a loved one—“Hi, I’m a friend of your grandson and he just got arrested. He can’t make the call, but asked me to call you. Can you send a wire transfer for bail money?” Or you could get a seemingly legitimate email that appear to be from a well-known business, like Apple or Amazon.com, that claims your account has been locked, you’ve won a gift card, or someone has racked up huge charges to your account. (There are several other scams out there; the scams listed above are only a few examples of some of the currently common scam scenarios.) So, if and when you get these messages, what can you do?

First, don’t immediately react to your impulse of fear for yourself or a loved one. Don’t click on any links in an email, don’t rush off to send a wire transfer, and don’t give away any personal information, including your Social Security Number. Instead, stop, think, and confirm. Immediately hang up on any suspicious calls. If you have a concern about any claims against you or a freeze of your Social Security benefits, hang up and call the IRS (1-800-829-1040) or Social Security Administration (1-800-772-1213 or TTY  1-800-325-0778) directly. Even if the number that called you appears to be coming from a legitimate government agency, don’t trust it (scammers can disguise their phone numbers easily) and call the agency directly. If you receive a call that a friend or relative has been arrested or is in the hospital and needs money call that person first to check out the story (some individuals have reported tricking the would-be scammer by giving a false name for the loved one, birthday, etc. to verify the scam is a scam, but we recommend hanging up immediately to spend as little time talking to the scammer as possible). And if you receive an email from a business, go directly to that business’s website and verify whether there is any problem with your account (or call customer service). Never give any financial information or personal information in any of these scenarios where you did not initiate contact.

You can report fraud to the Federal Trade Commission at ftc.gov/complaint. To report Social Security scams, call the Office of the Inspector General at ?1-800-269-0271 or report online at  https://oig.ssa.gov/report.

Scams like these are usually quick and dirty and easier to see through. The scammers aren’t too likely to hound you constantly—when you don’t fall for the scam, they’ll just move onto the next person so they can make a buck. And usually (but now always) this means they’re a little easier to spot and avoid. The IRS and SSA won’t send you robo-calls or leave automatic voicemails, your grandchild or friend isn’t likely to have a third party call you while they’re in jail, and you’re probably not the winner (but we can dream) of a $1,000.00 Amazon gift card. But what other common scams are out there?

Check back on March 7th for part 2 of our tech-scam series: One of the other most common scams aimed at older adults? “Sweetheart” scams.


Mason Crane-Bolton is Communications Manager for the New Jersey Foundation for Aging. His writing has appeared in EpiphanyUU WorldTo Wake/To Rise, and others. 

Cybersecurity: Where does it begin? Where does it end?

Mitchell Feather, Vice-President, Creative Associates

 

It seems like every day brings news of more cyber threats and breaches, which seems to leave you with more questions than answers. Has my information been stolen? How should I respond? What can I do to protect myself? What can I do to detect and avoid threats?

Companies may take measures to protect – or share – your information. Regardless of new technologies, tools, patches, laws, and regulations, there is one unwavering fact: Cybersecurity begins with you – and ends with you. What you do or don’t do is critical and that cannot be overemphasized. When it comes down to it, you control what you do or don’t do to protect yourself, your money, and your information. And you cannot delegate that responsibility.

Protect Your Tools and Toys: The first thing you should do, if you haven’t already, is to ensure that you have installed the appropriate software and that the appropriate settings have been enabled (or disabled) to protect your computers, smartphones, tablets, etc.

You should have antivirus/antimalware software/apps installed on all of your devices. There are a number of very good products to choose from such as Sophos, McAfee, and Malwarebytes. Even though it might be tempting to install just free versions of some of these, you should look at the paid versions. They generally offer more features that can enhance your security and peace of mind.  

One thing that you must NOT do is respond to pop-up alerts that warn you that your device has been infected and recommending that you click on a link or button to install software to protect your computer or device. If you click on that link or button, you will probably achieve just the opposite and infect your device. More about this later.

Sometimes, while browsing websites, you may end up on a malicious web page that that results in your computer or device becoming infected. This is why a utility like McAfee’s WebAdvisor can be very helpful, and it is a free download which offers a number of protections. If you are looking for similar utilities, be careful with what you find in your search results. Some malicious threat actors have paid ads for product names that sound very legitimate but, in reality, are carefully thought-out schemes that are designed to trick you into installing malicious software.

Plan For the Worst: Sometimes, no matter how hard you try, bad things still seem to happen such as lost or stolen smart phones or computers or ransomware infections. This is one of the reasons you should always make backups of your devices – and keep the backups current. Procedures vary depending on the type of device. For Windows and Apple computers, you can backup hard drives you have physically connected to your computer or you can back up to a number of cloud services. For Android and Apple devices, there are settings on the devices to allow for automatic backups to Google or iCloud, respectively. Whether you are backing up to a USB-connected hard drive or to a cloud storage service, you want to make a practice of disconnecting it from the computer after you make the backup. Some variants of ransomware are “smart” enough to not only access all of your computer’s files, but they will also seek out any backups you may have and gain access to those as well.

Now, Assume the Worst: It is not unrealistic to assume that your personal and/or financial information has already been compromised by one or more of the many breaches that have occurred last year or prior. This means that you should be monitoring your financial assets.

You are entitled to a free copy of your credit report from Equifax, Experian, and TransUnion every 12 months. Nobody says that you have to take them all at once. Spread them out so you are getting a copy of your credit report every 4 months and review them carefully for signs of unusual activity or identity theft. You can order the free reports from annualcreditreport.com. That same website can also help explain what you should be looking for when you review your credit report. And do not think somebody is too young or too old to bother with this task. If somebody has a social security number, then their credit reports should be monitored.

Also, many banks now offer free credit score monitoring for their credit card customers. Depending on the bank, the information they offer will vary. But, generally, they will tell you if your credit score has moved up or down and provide some insight as to why it changed.

Talking About Credit Cards and Banks, most banks offer notification options, so you can be kept informed regarding any activity. Some banks will allow you to set an alert so that you can be notified if there is any credit card charge activity, even as small as a few cents. This may seem a little extreme but some fraudsters will run extremely small charges to test if credit card numbers are still valid while maintaining a low profile.

If you have not already, you should take other steps to secure your credit card and online banking accounts. Specifically, you should seek out if your online banking websites offer two factor authentication. If they offer two factor authentication, also known as 2FA, I strongly recommend you implement it. This advice extends beyond just online banking. You should implement 2FA for any of your online services that offer it: banks, brokerage accounts, telephone company, gas/water/electric utilities, email, Google, Facebook, etc. What if your bank does not offer two factor authentication? You may want to consider changing banks. You can find a list of banks, as well as other business and services, which support 2FA at https://twofactorauth.org.

Two factor authentication is based on two pieces of information rather than just a password. These factors can be various combinations of things like something you know (e.g., passwords or PINs), something you have (e.g., ATM card, smartphone), or something you are (e.g., fingerprint, voice print, or facial recognition). For greater security, we sometimes use more than 2 factors. This is referred to as Multi-factor authentication, or MFA. This is an area that is always changing in an effort to try to create more secure but also easier for you to use. Currently, the most common 2FA implementations you will find include sending you a security code by text message (SMS), by telephone call, or by email. Be careful if you are access any of your online sites from a smartphone and you have the security code sent to the same smartphone. If your smartphone gets lost or stolen, you may find yourself or your accounts a little vulnerable.

Many online websites also take advantage of security questions (e.g., In what town was your elementary school?, where did you meet your spouse?, etc.). I strongly advise you to lie when you answer these questions. Use answers that are totally irrelevant (e.g., What is your favorite color? Answer: “Outer Mongolia”) and meaningless to you or somebody else. Nobody says you have to tell the truth. All you have to do is remember your answers. And do not use the same questions or answers among different websites.

Let’s Pass on Passwords: Probably as far back as you can remember, you’ve been saddled with the task of creating and remembering passwords to access all sorts of information. Some of you used easily-remembered personal details like your anniversary date, your spouse’s name, your pet’s name, your mother’s maiden name, etc. Some of you may have just used easily remembered words such as your favorite food or flower. Some of you still use “password12345” or “qwerty” as your password. Even worse, many of you use the same password for many of your online login passwords.

There are serious security risks associated with these practices: If you use personal information as a password, a threat actor can figure out that password just by researching your personally identifiable information. Common words as passwords are also easily determined by threat actors by use of tools called password crackers, which use large dictionaries.

You are better protected by using complicated collections of letters, numbers and symbols, such as “P^MP2F7~HRnZ)LU”. You can also better protect yourself by using passphrases instead of passwords, complete with spaces when allowed. Additionally, replace some letters with numbers and symbols. You can go with lyrics to a song, poetry lines, etc. As an example, consider the lyrics of Over the Rainbow: Start with “Somewhere over the rainbow Way up high.” Replacing letters with numbers and/or symbols, this can become “50meWh3r3ov3rther@!nb0w#wAyupHi!”. Or you can take just the initial characters of each word and put those together and similarly swap out some letters. This can become: “50TrWuH!” Just use your imagination: the more complicated it is, the safer you are.

Remember not to use the same password or passphrase with more than one account. And change your passwords regularly. Also, if you get notified or read that any service that you use has been breached or compromised in any way, immediately change that password/passphrase.

Also, it is very important to remember to change the default passwords on any software service to which you subscribe or any hardware that you purchase. This is especially true for any internet routers, switches, wireless cameras, televisions, appliances, etc. The FBI and other agencies have released alerts warning about the threat actors from foreign countries that are trying to penetrate these devices.

You Expect Me To Remember This?: You have no decided to follow all of my advice about passwords. Remembering all of these passwords may prove to be more than challenging. Fortunately, there are some very good password managers available to you. Some are available for free, some you have to pay for. Two of the better password managers are Dashlane and LastPass.

Reign In Your Privacy: Now that we’ve covered the basics, let’s turn attention to keeping your information more private and less at risk. You should review and adjust some of your web browser settings. Additionally, you should review and adjust your privacy settings on your social media sites and other online accounts.

Check your web browser settings for privacy and security settings. There, you will find a number of options that would be useful to you. With Chrome, for example, you will find settings like “Protect you and your device from dangerous sites” and “Send a ‘Do Not Track’ request…”. I recommend enabling both of them. You will also find settings like “Automatically send usage statistics…” I recommend that you seriously consider whether or not you want to share this private information with Google.

You will also find a section to enable or disable the capability to Autofill information when you need to fill out online forms. I strongly recommend that you disable this functionality. Among the many reasons is the possibility that a threat actor can setup a web page to secretly retrieve all the fields of information that you have stored in the autofill feature. You should also NEVER store credit card information in a web browser’s autofill feature.

With your online accounts like Google and Facebook, you will see features like privacy checkup and security checkup. You should perform these checkups and appropriately limit which features are enabled and what information you are allowing to be tracked. In the case of Google, as an example, this may include actual recording of your voice. You can – and should – purge any of this tracking information that you do not wish to be shared and/or stored. Also check your social media settings such that you only share information and files as you desire.

Time To Be Diligent: Now that you have addressed many of your hardware, software, and account settings tasks, you now come to the never-ending task: Be Diligent! The greatest risk to you is social engineering. Threat actors are always trying to take advantage of you by getting you to lower your guard, cause you to panic, take advantage of your trusting nature, etc. All it takes is one click on a link or opening one attachment to cause all kinds of problems for yourself and possibly others. These social engineering attempts, also known as phishing, can appear as very legitimate-looking emails or websites. It might appear as a PDF attachment in an email, or a Docusign email, a link to a dropbox document, an alleged invoice, or a multitude of others.

The rule is a simple one: if you are sent an attachment or an email telling you to click on a link and you do not recognize the source, do NOT open it nor click on the link. If you recognize the sender of the email but you are not expecting the attachment, call the sender by telephone and ask him/her if he/she really sent you the attachment or link. Do NOT just reply to the email and ask if it is legitimate because you may not be sending the email to the individual that you think you are sending it to.

There are a many websites that you can visit to learn more about phishing or where you can take phishing quizzes. A good starting point is www.phishing.org.

Don’t Be Proud or Shy: Some phishing attacks are so realistic and so well done that trained professionals can sometimes be fooled. So do not be embarrassed if you are not sure what to do or you are afraid your device or your information may have been compromised. As someone you trust for help. Or file complaint with agencies like The Internet Crime Complaint Center (www.ic3.gov) or the Federal Trade Commission (www.ftc.gov). If you really don’t know where to turn, you can always reach out to your local police department for assistance. If they cannot help you, they can help steer you to appropriate individuals for help.

 

©2018 by The LBC Group, Inc. All rights reserved

Recent Developments in D.C. To Combat Financial Abuse of the Elderly

Recent Developments in D.C. To Combat Financial Abuse of the Elderly

by Robert M. Jaworski, Esq.

Financial abuse of the elderly is getting some attention in Washington these days, and, some say, it’s about time.  On February 22, 2018, Attorney General Jeff Sessions and law enforcement partners announced[1] the largest coordinated sweep of elder fraud cases in history.  In addition, it was reported[2] on March 13, 2018, that an elder fraud bill sponsored by Senate Aging Committee Chairwoman Susan Collins (R-Maine) was recently folded into the banking regulation bill (S. 2155) that is expected to be approved by the Senate in the near future.  Details concerning both of these developments are set forth below.

Nationwide Elder Fraud Sweep Coordinated by the Department of Justice

The cases, which include criminal, civil and forfeiture actions, involve more than 250 defendants from around the globe. They are charged with victimizing more than a million Americans, most of whom are elderly.  Of the defendants, more than 200 have been charged criminally.

The actions charged a variety of fraud schemes, including large scale mass mailing, telemarketing and investment frauds, as well as individual instances of identity theft and theft by guardians.  One case alone concerned a scheme that operated from 14 foreign countries and resulted in losses to American victims totaling more than $30 million.

Mass mailing schemes.  In each of the mass mailing schemes, fraudsters sent direct-mail letters to individuals falsely promising them that they had won cash or other valuable prizes.  All they had to do to claim their prizes was to send back a payment for what was represented as processing fees or taxes. The letters appeared to come from legitimate sources, typically on official-looking letterhead, and to have been personally addressed to each recipient. When an individual took the bait and sent the requested fee, the fraudsters simply kept the money.  No victim ever received a promised prize.  Worse yet, when people showed a susceptibility to these scams, the fraudsters repeatedly targeted and victimized them with other scams.

Other Schemes.  Other examples of elder financial exploitation schemes prosecuted by the Department of Justice include:

  • ‚ÄúLottery phone scams,‚Äù in which callers convince seniors that a large fee or taxes must be paid before one can receive lottery winnings;
  • ‚ÄúGrandparent scams,‚Äù which convince seniors that their grandchildren have been arrested and need bail money;
  • ‚ÄúRomance scams,‚Äù which lull victims to believe that their online paramour needs funds for a U.S. visit or some other purpose;
  • ‚ÄúIRS imposter schemes,‚Äù which defraud victims by posing as IRS agents and claiming that victims owe back taxes; and
  • ‚ÄúGuardianship schemes,‚Äù which siphon seniors‚Äô financial resources into the bank accounts of deceitful relatives or guardians;

The Department of Justice indicates that it has partnered with Senior Corps to educate seniors about these types of scams and prevent further victimization.  Senior Corps is a national service program administered by an independent federal agency, the Corporation for National and Community Service (CNCS).  You can access information on Senior Corps’ efforts to reduce elder fraud by clicking here.  If you suspect that you are a victim of a scam, you can file a report with the Federal Trade Commission by clicking here.  Finally, remember that the best way to avoid becoming a victim of a scam is to be skeptical of anything that sounds too good to be true.  It probably is too good to be true!  Check it out first.

Senator Collins Elder Fraud Bill

This bill, Senate Bill S-223[3], which is called the “Senior$afe Act of 2017,” strives to prevent elder financial abuse by encouraging financial institutions (including credit unions, insurance agencies, banks, investment advisers, and broker-dealers) and their employees to sound an alarm bell whenever they suspect that an elderly person is being financially exploited.  The bill seeks to accomplish this objective by immunizing these institutions and employees from potential liability in any civil or administrative proceeding for disclosing such suspicions.

This immunity, however, is subject to the following conditions:

  • The disclosure is made only to a State or Federal banking or securities regulator, a State insurance regulator, a law enforcement agency, and/or a State or local adult protective services agency.
  • The disclosing employee must be a supervisor or compliance officer employed by the financial institution at the time of the disclosure and have made the disclosure in good faith and with reasonable care.
  • The disclosing employee must have previously received training from the financial institution, appropriate to the employee‚Äôs job responsibilities, concerning (1) how to identify and report suspected exploitation of a senior citizen internally and, as appropriate, to government officials or law enforcement authorities, including common signs that indicate the financial exploitation of a senior citizen, and (2) the need to protect the privacy and respect the integrity of each individual customer of the financial institution.

Interestingly, New Jersey already has a similar law on the books, which dates back to 1998.  The New Jersey Foundation for Aging helped to educate concerned individuals and agencies about that law following its enactment.

 

Mr. Jaworski is a member of the NJFA Board of Trustees and an attorney with the law firm Reed Smith, LLP.  He specializes in providing banks and other financial institutions with advice and assistance concerning their responsibilities to comply with applicable federal and state laws and regulations, including, in particular, consumer protection laws and regulations.

 

 

 

Scammer Lingo

Scammer Lingo

Here on NJFA’s blog we have featured a few posts about scams, we’ve also done articles in Renaissance and posted scam warnings on Social Media. It seems there is always a new scam or the resurgence of an old scam to be on the lookout for.

But that got us thinking… do we really know what all the terms associated with scams mean? The tactics that scammers use come with their own little lingo. In order to be more prepared and aware- we thought, why not share some of the terms most commonly associated with scams? That way you know what we are talking about when you read about a new scam or a warning of a scam to look out for.

Here is a sampling of terms and their definitions.

Pharming:¬†When hackers use malicious programs to route you to their own websites (often convincing look-alikes of well-known sites), even if you’ve correctly typed in the address of the site you want to visit.

Phishing: The act of trying to trick you (often by email) into providing your personal data or credit card numbers, usually a scammer will pose as a trusted business or other entity.

Ransomware:¬†A malicious program that restricts or disables your computer, hijacks and encrypts files, and then demands a fee to restore your computer’s functionality.

Scareware: A program that displays on-screen warnings of nonexistent infections on your computer to trick you into installing malware or buying fake antivirus protection.

Skimming:¬†The capture of information from the magnetic strip on credit and debit cards by using a¬†“skimmer” devices. These skimmers are secretly installed on card-reading systems at gas pumps, ATMs and store checkout counters.

Spoofing:¬†Scammers can use technology to pose as a specific person, business or agency, this technology allows them to manipulate a telephone’s caller ID to display a false name or number, so that it appears they are calling from a legitimate business or from a local number.

Spyware: A type of malware installed on your computer or cellphone to track your actions and collect information without your knowledge.

As a reminder, if you have been the victim of a scam, contact your local Police Department and/or the Federal Trade Commission  https://www.ftccomplaintassistant.gov/#crnt&panel1-1  or the NJ Division of Consumer Affairs 1-800-242-5846 or www.njconsumeraffairs.gov  

 

The New Medicare Cards

The New Medicare Cards

By Charles Clarkson, Project Director, Senior Medicare Patrol of New Jersey

In 2015, Congress passed the Medicare Access and CHIP Reauthorization Act. This law requires the removal of the social security numbers from all Medicare cards by April 2019. This new initiative is referred to as the Social Security Number Removal Initiative (SSNRI.) A new randomly generated Medicare Beneficiary Identifier (MBI) will replace the social security number. When the initiative gets underway all Medicare beneficiaries will be assigned a new MBI and be sent a new Medicare card.

The primary goal of the initiative is to decrease Medicare beneficiaries’ vulnerability to identity theft by removing the social security number from their Medicare cards and replacing it with a new Medicare MBI which does not contain any other personal information.

The new MBI will have the following characteristics:

i. The same number of characters as the current Medicare number, but will be visibly distinguishable from the Medicare number

ii. Contain uppercase alphabetic and numeric characters throughout the new MBI

iii. For providers, the new MBI will occupy the same field as the Medicare number on transactions

iv. Be unique to each beneficiary (e.g. husband and wife will have their own MBI)

v. Be easy to read and limit the possibility of letters being interpreted as numbers (e.g. alphabetic characters are upper case only and will exclude S, L, O, I, B, Z)

vi. Not contain any embedded intelligence or special characters

vii. Not contain inappropriate combinations of numbers or strings that may be offensive

The Centers for Medicare and Medicaid Services (CMS), the agency that oversees Medicare, has established a transition period during which the Medicare number or MBI will be accepted from providers, beneficiaries, plans, and others. CMS expects the transition period to run from April 2018 through December 31, 2019. After the transition period only the MBI will be used.

Starting around April 2018, CMS will start mailing new Medicare cards. There are approximately 60 million beneficiaries in Medicare. So, CMS will probably mail the cards in phases over a period of time. Remember, as a beneficiary you can still use your current Medicare number during the transition period if it takes awhile to receive your new Medicare card. If a beneficiary is new to Medicare after April 2018 and Medicare has started issuing the new cards, the beneficiary will receive the new MBI. Therefore, healthcare providers must be able accept the new MBIs by April 2018.

Fraud and the new Medicare cards.

The Senior Medicare Patrol of New Jersey (SMP) wants all Medicare beneficiaries to be aware of possible fraud and scams relating to the new Medicare cards. Remember, CMS and Medicare will never contact you by phone or email to ask for personal information relating to the issuance of the new Medicare cards. Any such contact is a scam. Don’t be taken in. Also, there will be no charge for the issuance of the new Medicare cards. Anyone seeking to have a beneficiary pay money for the new card is a scammer. Be especially careful of anyone seeking to have access to your checking account to pay any fee for the new card. Beneficiaries are especially vulnerable if they are isolated, frail or may have cognitive loss. Caregivers should be on the alert for these kinds of scams. The SMP is currently educating beneficiaries at its outreach events of the issuance of the new Medicare cards. CMS will also be conducting intensive education and outreach to beneficiaries to help them prepare for this change.

The issuance of the new Medicare card is a significant change. If a beneficiary or caregiver has any questions about the SSNRI, please don’t hesitate to call the SMP at 1-877-SMP-4359 (1-877-767-4359) or 732-777-1940. A beneficiary or caregiver can also email me at charlesc@jfsmiddlesex.org.