, Author at Data Destruction St Louis | Secure Document Destruction of St. Louis

Guarding Against IRS and Social Security Scams

Revised – February 12, 2024

Note to readers: We first authored an article on this subject in 2019. Unfortunately, the problems have only gotten worse, in part because the criminals and scammers have learned how to use more powerful new technology to their advantage. It’s sad to say, but this is a similar story with some new chapters.

If you’re the type of person who takes calls from unknown numbers, there’s a good chance you’ve answered a call that starts with some version of this:

“Hello, Mr. Smith, this is the Internal Revenue Service. I’m calling today because you have back taxes that have not been paid. You are in danger of facing fines if this is not taken care of quickly. We need to verify some of your information to get this taken care of.”

Even if you don’t answer these kinds of calls, the voice on the other end will probably leave an urgent message to call them back, or you could also suffer “dreadful” consequences.

The caller might claim to represent the IRS, Social Security, Medicare, or other government agencies you rely on for benefits.

The calls are often alarming and upsetting. But here’s the good news.

They are all fake.

A fraudster is attempting to scam you by getting you to divulge personal information. They want to wreak havoc on your life, finances, and long-term credit by stealing your Social Security number, bank accounts, pin numbers, and other sensitive details.

Emails and letters are also common and can be just as devastating if you do the wrong things when you get one.

Government agency scams crimes are on the rise

The Office of the inspector General reports it receives 7,000-10,000 complaints a month about a wide range of scam calls related to Social Security. That’s a sobering number, but it is a good warning for consumers.

Add this to a troubling pattern of data breaches in the private sector, and you’ve got a recipe for massive ongoing fraud and financial losses.

(New Information) What new tricks are IRS and Social Security scammers using on consumers today?

Scamming the IRS and Social Security system are year-round businesses. Don’t believe that IRS scams happen only during the rush of tax season.

Scammers evolve like everyone else. They learn new technologies and turn it against us. Here are some of the newer types of scams:

Text Message Scams. These are popping up daily and they all look so legitimate. They are using many of the tricks that have been played on us all via email. They claim to be from reputable organizations like the IRS (the IRS will NEVER text you with a request for personal information). Scammers will text regarding issues with your bank accounts, credit cards or loans with links to respond to the supposed problem. Don’t fall for these tricks. If the text says it is from a reputable source, check it out first.
Social Media Scams. Tricksters are using social media platforms like Facebook and others to impersonate individuals, companies, or government agencies. They may create fake profiles to solicit personal information or money. Be extra cautious about accepting friend/follow requests from people you don’t know. If it’s from an official-sounding account, verify before giving them access.
Cryptocurrency Scams. If you’re an investor of any type you’re aware of the popularity of cryptocurrency. Scammers are exploiting the lack of regulation anonymity of transactions to trick people into fake investments and phishing schemes. Only deal with reputable cryptocurrency platforms.
Vishing (Voice Phishing). Scammers are still finding new ways to use the phone as weapon. These calls impersonate legitimate organizations, including the IRS, to trick people into providing their personal data. By contrast, some scammers also lie to taxpayers and say they are due a refund. That’s so they can trick victims into giving their bank account information over the phone. Do not give your personal information to anyone you don’t know unless you have initiated the call. If you believe a call might be legitimate, hang up and call the organization to verify.
Deepfake Scams. This is just coming into the mainstream. Scammers create audio and video impersonations of, well, anyone. There is no limit. They can impersonate a celebrity asking for money for a non-profit or they can impersonate an employee of the IRS or Social Security Administration calling to “verify” your personal information.

Your first line of defense for anything that feels or looks suspicious is to be skeptical. When in doubt, hang up or back out of the text or message. And don’t click links that you are not 100% sure of where they are going. Top of Form

Rather than leap into a big mistake, if a taxpayer isn’t sure whether they owe any tax, they can view their tax account information on IRS.gov to check their status.

Many groups are vulnerable to common scams

Recent immigrants who are not as well versed in IRS and Social Security rules and regulations can be especially vulnerable. Scammers will prey upon their fears and ignorance of U.S. laws. Victims are sometimes threatened with arrest, deportation, or suspension of a business or driver’s license. Often, the caller becomes hostile and insulting. Another troubling aspect is that victims are often approached in their native language, adding to the perceived validity of the call.

Disabled people are not immune from scams, either. Some scammers use video relay services (VRS) to try and scam deaf and hard of hearing people into divulging information. Taxpayers should not trust calls just because they’re made through VRS, because interpreters don’t screen calls for validity.

Some taxpayers receive tax refund emails that appear to be from the Taxpayer Advocacy Panel (TAP). These emails are phishing scams. Perpetrators are trying to trick victims into providing personal and financial information. TAP is a volunteer board that advises the IRS on large scale issues affecting taxpayers. It never requests any taxpayer’s personal and financial information.

Because many taxpayers know the IRS will never call to demand immediate payment over the phone, some scammers send letters instead, hoping folks will take the bait. The letters use realistic looking letterhead and related materials as a way to further deceive people. Phony IRS letters can include facts about real tax debts. That can rattle a taxpayer, but be aware that some tax-related information, such as liens that have been filed against taxpayers, are available to the public.

The IRS has also seen a rise in recent years of scammers calling victims trying to take advantage of their generosity when it comes to disaster relief efforts. They may also offer up the tax-deductible benefit as a way of inducing a victim to turn over private information.

Some scammers will use data on W-2 forms to file fraudulent tax returns in a victim’s name. However, the IRS has established a process that will allow businesses and payroll service providers to report any data losses related to this W-2 scam quickly.

Scammers also target Social Security numbers. In one version, scammers call and claim to be able to suspend or cancel the victim’s SSN. They will leave a message if they don’t talk to you in yet another attempt by con artists to frighten people into returning ‘robocall’ voicemails.

You may also get a phone call saying that you will be charged for services that Social Security provides for free.

What can you do to protect yourself?

If screening all your calls is not an option where you only answer calls from numbers you recognize, there are other ways to protect yourself:

If you get a phone call from someone purporting to be from the IRS, Social Security, or other government agencies, and they ask you for personal information, hang up immediately.
Don’t give in to any pressure tactics, whether it’s for a charity donation, an apparent great deal, or other similar offers.
For suspicious emails, don’t open any attachments or click on any links. These links could have malicious code that will infect your computer.
Don’t provide your credit card information, bank account information, or other sensitive personal information… ever!
Don’t trust caller ID. Scammers can change the number you see in a tactic known as spoofing.

You can reduce the number of calls you get proactively by registering your phone number with the National Do Not Call Registry. Register online or call 1-888-382-1222.

Know under what circumstances the IRS, Social Security, and other agencies will contact you and how they will do it. For example, the IRS will NEVER call to demand immediate payment using a specific payment method such as a prepaid debit card or wire transfer. You have rights as a taxpayer, and it’s critical you understand them.

However, at times, an IRS collections employee may call you or show up at your home or employer unannounced to collect a tax debt. Sometimes, the IRS will assign certain cases to private debt collectors but only after giving the taxpayer written notice. IRS criminal investigators may also appear in your life, but it will be only to conduct an investigation and not to collect any money from you.

Reporting possible illegal scam activities

It’s crucial to report phone scams to federal agencies. They can’t investigate individual cases, but your information can be used to build a more significant case against scammers.

Here’s who to contact:

For attempted IRS phone scams, contact the Treasury Inspector General for Tax Administration. Use the “IRS Impersonation Scam Reporting” web page. You can also call 800-366-4484. Report unsolicited emails claiming to be from the IRS, or an IRS-related function like the Electronic Federal Tax Payment System, to the IRS at this link: phishing@irs.gov.
Report telephone scams online to the Federal Trade Commission or call 1-877-382-4357.
Report all robocalls and unwanted telemarketing calls to the Do Not Call Registry.
If you think an SSA scammer has contacted you, call the Social Security Fraud Hotline at 1-800-269-0271.

Steps to take if you’re a victim

There are several things you should do if you’ve been scammed, either by telephone, email, or other means.

Place a fraud alert with a Credit Reporting Agency. You reduce the risk of accounts opened in your name without your authorization. If you place an alert with one of the following agencies, they will notify the other two on your behalf.

Equifax — (888) 378-4329
Experian — (888) 397-3742
TransUnion — (800) 680-7289

Monitor your financial accounts for suspicious or unauthorized activities. Close any accounts that weren’t opened with your permission and either freeze or close any account that has unauthorized activity.

Check your computer to see if you have any downloaded malware or viruses. A hacker or scammer may be stealing your personal information straight from your computer.

Secure your Proof of Identity. You’ll probably be required to submit an affidavit and provide proof of your identity. The Federal Trade Commission’s ID Theft Affidavit is widely accepted and can be downloaded here.

File a police report. Law enforcement may or may not take action, but you may need the report as proof that you have taken appropriate steps.

File a complaint with the appropriate state and federal agencies. See the resources listed above.

Order copies of your credit reports and review them thoroughly. If you have placed a fraud alert, you can order a copy of your report for free. If your ID theft happened recently, wait a bit. That is because some creditors only report to agencies once a month, so it may take a while for the activity to show up in your files.

Fraud and scams in multiple forms continue to follow older adults.

In an era defined by technological advancements for both good and bad behavior, personal financial security and data privacy have become significant concerns for individuals of all ages.

However, older adults face unique challenges and vulnerabilities in safeguarding their financial well-being and sensitive personal information if they want to avoid being victims of fraud.

Under the umbrella of Elder Fraud, people in older age groups find themselves navigating a rapidly changing landscape that is unlike anything they have seen in their long lives. This article sheds light on the critical importance of personal financial security and data privacy, highlighting the risks posed by the increasing reliance on technology and the internet, and delving into the new tactics employed by criminals targeting this vulnerable demographic.

Phone scams targeting the elderly.

Phone and telemarketing scams have been around a lot longer than the internet. Two of the most common types of scams that disproportionately affect this demographic are IRS impersonation and lottery scams.

In IRS impersonation scams, fraudsters pose as representatives of the Internal Revenue Service, exploiting the fear of legal consequences to extort money from victims. Lottery scams, on the other hand, promise significant winnings but require an upfront fee or personal information, preying on the hopes and dreams of unsuspecting seniors.

Scammers have many creative ways to fool and steal from seniors.

One of the most prevalent tactics of elder financial abuse is creating a sense of urgency. Scammers convey imminent threats, such as arrest or legal action, to pressure victims into immediate compliance. This urgency leaves little time for rational thinking or fact-checking, increasing the likelihood of victimization.

Intimidation is another frequently employed tactic, where scammers resort to aggressive and intimidating language to instill fear in their targets. This psychological manipulation can cause older adults to make hasty decisions without considering the consequences, making them more susceptible to financial exploitation.

A recent article on CNBC.com highlighted a relatively new type of scam called a tech support scam. The scam was conducted over the phone by a person the victim thought was a trusted advisor from her bank. The person convinced her to wire her entire life savings into cryptocurrency.

You are not defenseless when it comes to phone scams. Read more about how to guard against phone scams in an article SDD wrote recently.

Online scams facing the elderly.

Elderly individuals face a multitude of online risks, including phishing emails, social engineering and as mentioned earlier, tech support scams.

Phishing emails are deceptive messages that appear legitimate but are designed to trick recipients into revealing personal information or clicking on malicious links. A good example of phishing are Medicare scams:

Scammers send emails that appear to be from a Medicare or healthcare provider, often with official-looking logos and graphics. The email typically claims that the recipient’s Medicare information needs to be updated, verified, or renewed.
It urges the recipient to click on a link to a fake website that mimics the official Medicare website. The fake website prompts the victim to enter sensitive information such as their Social Security number, Medicare ID, credit card number and banking details.
Once the information is entered, scammers use it for identity theft, fraudulent Medicare claims or financial fraud.

Social engineering involves manipulation tactics where scammers exploit trust and emotions to obtain sensitive data. These common online risks prey on the unfamiliarity of older adults with digital technology, making them particularly susceptible to fraudulent schemes. Grandparent scams are particularly dangerous for older adults:

Scammers typically initiate this scam with a phone call, but they may follow up with phishing emails. In the phone call, the scammer poses as the victim’s grandchild or a law enforcement officer. The scammer claims that the grandchild is in trouble, such as being arrested, involved in an accident or stranded in a foreign country.
They use emotional manipulation to make the victim feel urgent concern for their grandchild’s safety. The victim is then asked to send money quickly to help their grandchild, usually via wire transfer or gift cards.
Subsequent phishing emails may be sent to request additional funds or personal information.

Tech support scams often combine email and phone to steal money or information:

Victims may receive an email that appears to be from a well-known technology company, such as Microsoft or Apple. The email may claim that there is a security issue with the recipient’s computer or software that requires immediate attention.
The email instructs the recipient to click on a link or call a provided phone number for tech support assistance.
When victims follow the instructions, they are directed to a fake tech support website or call center. Scammers then gain remote access to the victim’s computer, often demanding payment for unnecessary services or selling fake antivirus software.

It’s essential for older individuals and their caregivers to be aware of these scams, verify the authenticity of communications, and never provide sensitive information or send money without confirming the legitimacy of the request.

In-person scams remain one of the most common forms of fraud for older adults.

In an age dominated by digital threats, in-person scams, such as door-to-door schemes and fake contractors, continue to pose significant risks to the elderly population. These scams can lead to severe financial losses and emotional distress. Therefore, it is crucial for seniors and their families to be vigilant and proactive in safeguarding their interests.

Face-to-Face Scams: A Closer Look

Two of the most common types of face-to-face scams involve door-to-door scams and fake contractors.

Door-to-door scams typically involve individuals posing as salespeople or service providers, offering products or services that seem appealing. These scammers often use high-pressure tactics to convince elderly homeowners to make quick decisions.

Fake contractors, on the other hand, offer home improvement or repair services that are either subpar or entirely nonexistent. They approach seniors and promise to fix roofs, driveways or perform other home improvements at a seemingly attractive price. Once the payment is made, these individuals either disappear without completing the work or do a substandard job, leaving seniors with both a financial loss and unfinished projects.

The Importance of Verifying Service Providers

Verifying the identity and legitimacy of service providers is paramount for elderly individuals and their families. Here are some essential steps to take:

Ask for Identification: Always ask for identification and credentials from anyone claiming to be a salesperson, contractor or service provider. Legitimate professionals should be willing and able to provide this information.
Check References: When hiring contractors for home improvement projects, seek references and reviews from past customers. Reputable professionals should have a history of satisfied clients.
Get Multiple Quotes: Don’t rush into decisions. Obtain multiple quotes for any significant services or repairs and compare them to ensure you’re getting a fair deal.
Consult Trusted Sources: Consult trusted sources, such as the Better Business Bureau or local consumer protection agencies, to verify the credibility of the company or individual you’re dealing with.
Take Your Time: Avoid making hasty decisions. Scammers often use high-pressure tactics to push for immediate action. Take your time to evaluate the situation and gather information before committing.
Involve a Trusted Advisor: If you have doubts or concerns, involve a trusted friend or family member in the decision-making process. A second opinion can help prevent impulsive actions.

By taking these precautions, older adults can significantly reduce the risk of falling victim to in-person scams. Additionally, family members and caregivers should also play a proactive role in educating their loved ones about these risks.

Low digital literacy makes older adults vulnerable to fraud and scams.

As technology continues to advance at an unprecedented pace, many seniors find themselves grappling with a lack of technological knowledge, which can make them susceptible to exploitation and scams.

Enhancing Digital Literacy Among Older Adults

There are various resources available to help older individuals improve their digital skills and become more comfortable with technology. Here are some resources to consider:

1. Local Community Centers and Libraries:

Many community centers and libraries offer older adults digital literacy classes and workshops to cover fundamental topics such as using computers, smartphones, email, social media and internet safety.
Libraries may also provide access to computers and the internet, allowing older adults to practice their skills.

2. Online Tutorials and Courses:

Several online platforms offer free or affordable courses on digital literacy and technology use.
Websites like Coursera, edX, and Khan Academy provide a wide range of technology-related courses.
YouTube hosts numerous tutorial videos created by tech enthusiasts and educators.

3. SeniorNet:

SeniorNet is a nonprofit organization dedicated to helping older adults enhance their digital literacy.
It offers classes, workshops and resources specifically designed for seniors.
SeniorNet centers can be found in various locations, providing in-person and online training.

4. AARP’s Technology Education:

AARP (American Association of Retired Persons) offers online resources, articles and guides to help older adults navigate the digital world.
It provides information on smartphones, tablets, online safety and social media.

5. Local Senior Organizations and Clubs:

Local senior organizations, clubs and senior living communities often organize tech-related events and classes.
These organizations may provide a supportive and social environment for older adults to learn and practice digital skills.

6. Tech-Savvy Family Members and Friends:

Family members or friends who are tech-savvy can provide one-on-one guidance and support.
They can help older adults set up devices, use apps and troubleshoot common issues.

7. Manufacturer and Retailer Support:

Companies that manufacture devices often provide customer support resources, including online guides, FAQs (frequently asked questions) and user manuals.
Some retailers, such as Apple Stores, offer free workshops and assistance for customers using their products.

8. Smartphone Apps:

There are smartphone apps designed to help older people learn digital skills. For example, apps like “AARP Now” offer news, information and resources on technology topics.
Educational apps like Duolingo and Lumosity can also help with cognitive skills and language learning.

9. Tech-Savvy Volunteer Organizations:

Some volunteer organizations, like “Cyber-Seniors,” connect tech-savvy young volunteers with older adults who want to improve their digital literacy.
These volunteers can offer personalized assistance and answer questions.

10. Online Safety Resources:

It’s crucial to educate older Americans about elder financial exploitation. Resources like the Federal Trade Commission’s (FTC) “Pass It On” campaign provide tips and information about avoiding scams and protecting personal information online.

Remember that learning digital skills is a gradual process and patience is key. Older adults should start with basic concepts and gradually build their knowledge and confidence over time. Having access to supportive resources and individuals who can provide guidance and encouragement can greatly enhance their digital literacy.

There are many practical ways to support and educate seniors about fraud.

The risks from phone scams, online threats, in-person scams and limited digital literacy can have immediate and devastating consequences for seniors.

Here’s the bottom line: taking action is non-negotiable. Consider these actions if you have elderly family members, friends and neighbors who will welcome your help:

Stay Informed: Keep yourself informed about the latest scams and threats that target older adults. Knowledge is your first line of defense.
Open Communication: Have open, honest conversations with your older loved ones about these risks. Encourage them to share any suspicious encounters or solicitations they receive.
Support Digital Literacy: If you’re tech-savvy, offer to provide patient, one-on-one guidance to the older adults in your life. Help them learn essential digital skills and navigate the online world.
Verify and Educate: Teach older individuals to verify the legitimacy of any unsolicited phone calls, emails or doorstep solicitations. Remind them never to share sensitive information with unknown parties.
Community Resources: Look into local resources, such as senior centers, libraries, and workshops that offer practical assistance and education.
Monitor Bank Accounts: Regularly review the financial institutions’ statements and accounts of elderly family members and friends to check for irregularities or suspicious transactions.
Power of Attorney: Consider establishing a power of attorney or legal guardianship if cognitive decline is a concern. This provides a legal framework for managing their financial decision-making.
Family Involvement: Encourage family involvement in the financial affairs of elderly loved ones. Collective efforts often yield the best results.
Be Patient and Supportive: Understand that adapting to the digital age can be challenging for older individuals. Be patient, supportive and available to help them.
Stay Vigilant: Finally, stay vigilant and remain proactive. Scammers are persistent and creative, so ongoing awareness and action are essential.

In the end, practicality and vigilance are the key to safeguarding older adults.

Improve mobile security for your business with six tips to protect your data.

U.S. businesses take a lot of risk when it comes to how mobile devices are used in their day-to-day operations.

In 2022, only 15 percent of small and medium businesses provided smartphones to employees according to research by Maximizing Mobiles Value. Another 40 percent expected employees to use their personal phones for business.

For that 40 percent, we suggest that is penny wise and pound foolish without the proper cybersecurity safeguards in place.

In this article we will focus on the risks to companies associated with mobile devices and steps you can take to protect your company and your information.

Make smartphones really smart to protect your company’s sensitive data.

The challenge for small and medium businesses is significant. On the one hand, most companies can’t do without smartphones, tablets and laptops. On the other hand, sophisticated cybercriminals are finding more and more ways to breach digital firewalls and steal valuable information about the company, its customers and vendors.

While there is no one silver bullet when it comes to data security, we know that better managing access and authentication of users can have a significant impact in securing mobile devices.

There are five areas of access and authentication that can be improved.

1. Weak password policies impact mobile device security

We all do it. We all use passwords that are easy for a hacker to guess. Or worse, we use the same password, easy or otherwise, across multiple accounts.

There are many risks with weak passwords. At the top of the list is unauthorized access to mobile devices and all the scrumptious data thieves seek. It would be interesting to know how many people who read this article use their birthday or, worse, “123456” as a password. They might as well put a sticker on their phone that says, “steal me.”

When employees reuse passwords across multiple accounts, a breach in one platform can lead to a cascade of security breaches. It’s not uncommon that an employee will use the same password for their corporate email account as they do for a personal social media profile.

The severity of these cyberattacks becomes glaringly evident when you examine real-world breaches. In one of the largest breaches ever, more than 142 million individuals in the Equifax system had their personal information stolen due to a vulnerability that exploited weak password practices. Equifax failed to update a security certificate, which could have been a minor issue except for a single, easily guessable password that went unchanged for months.

2. Lack of Multi-Factor Authentication (MFA)

Companies serious about data security have implemented multi-factor authentication, sometimes called two-factor authentication. In short, MFA is a second step in the authentication process after a password that creates a more robust and secure process to get access to important personal or company information.

MFA can take many forms, from a system-generated PIN to a fingerprint or face recognition. MFA’s requirement for a second layer of information has several key benefits:

Additional Protection Beyond a Password. Even if a cyber thief gets your password they will have to go through another layer of work to access your information.
Protects Stolen Devices. It helps prevent unauthorized access because the thief would need the device and second authentication factor to get access.
Enhanced Compliance. MFA is often a requirement for compliance with data regulations such as HIPAA.

While some companies resist MFA because of the perceived complexity, user pushback or cost considerations, there are some significant security risks if it is not implemented. Some of the most common security threats are increased vulnerability to cyber theft, loss of personal data, financial loss, productivity loss and, not the least important, a hit on your company’s reputation if your data is stolen.

3. Use of Biometric Authentication

Biometric authentication methods such as fingerprint and facial recognition address many of the limitations of PINs and passwords.

Biometric data is unique to each individual, which makes it exceedingly difficult for attackers to replicate or impersonate. This approach is also much more user-friendly and convenient. Users can unlock their devices or access sensitive information with a simple touch or glance, eliminating the need to remember passwords and PINs.

Biometric authentication has had quite a few high profile successes. Various financial institutions and payment platforms have integrated it as a part of online transactions. In healthcare, biometric authentication ensures only authorized personnel can access patients’ medical records.

4. Neglecting Physical Security

The significance of physical security measures for mobile phones and other mobile devices cannot be overstated. Physical security measures play a pivotal role in preventing unauthorized access in the event of loss or theft.

Device locks and passcodes are a fundamental practice for most businesses. Adoption of biometric authentication is expanding as most modern mobile devices feature methods like fingerprint scanners or facial recognition. And many businesses have the capability to wipe mobile devices remotely to protect data.

There are a variety of effective tools to help companies physically secure mobile devices:

Device Locks
Biometric Authentication
Secure Storage
Anti-Theft Cables
GPS Tracking
Remote Wipe

It is in your company’s best interest to closely monitor where and how devices devoted to the business are being used.

5. Downloads from Unverified Sources

Unverified sources for mobile apps typically refer to places other than official app stores, where users can download apps without undergoing the strict vetting and review processes that official stores, like the Apple Store or Google Play Store, employ.

Some common examples of unverified sources for apps are websites, third-party app stores, file-sharing platforms, phishing attacks via email attachments and links, social media and forums and unofficial app markets.

The risks are significant because so many businesses depend on the personal cell phone and other mobile devices of their employees. Here are several:

Malware and Spyware. Unverified sources often host malicious apps which can infect devices and compromise data security.
Data Theft. Malicious apps can access sensitive data, such as contacts, messages and passwords, and transfer this information to cyber criminals.
Privacy Invasion. Some apps collect excessive user data without consent, violating privacy rights and potentially exposing sensitive personal information.
Device Vulnerabilities. These apps may contain vulnerabilities that can be exploited by attackers to gain unauthorized access to devices.
Financial Fraud. Fake or rogue apps can deceive users into making fraudulent purchases or disclosing financial information.

Restricting app installations to trusted sources like official app stores offers numerous benefits:

Verified Apps. Official app stores vet and verify apps before listing them, reducing the risk of malware and malicious mobile applications invading your business information.
Regular Updates. Apps from official stores will receive regular security updates and patches to address known vulnerabilities.
Privacy Protections. Trusted sources enforce privacy policies, reducing the likelihood of apps collecting excessive private information from users.
Use Reviews and Ratings. Users can rely on reviews and ratings in official app stores to gauge an app’s trustworthiness and quality.
Legal Protections. Using trusted sources ensures compliance with app store policies and legal regulations.
Customer Support. Trust app stores offer support in the event of app-related issues.

By restricting app installations to trusted sources, organizations can significantly mitigate the risks associated with malicious apps and enhance mobile device security and data privacy.

6. Wi-Fi Hacking of Data is a Growing Problem

Data security issues related to access and authentication problems in public Wi-Fi networks can significantly impact the confidentiality and integrity of your company’s data. Here are several concerns:

Weak or Default Passwords. Many Wi-Fi hotspots and networks still use default usernames and passwords, which are often easy to guess or publicly available. Weak or unchanged credentials provide an open invitation to attackers, allowing them to easily gain unauthorized access to your network and sensitive data.
Unauthorized Access. Inadequate access control measures can lead to unauthorized users gaining entry to your Wi-Fi network. This can result from weak or shared passwords, improper authentication methods or the absence of access restrictions.
Insufficient Encryption. Weak encryption can expose data to eavesdropping and interception, allowing attackers to easily capture and decipher data transmitted over the Wi-Fi network.
Rogue Access Points. Unauthorized access points or rogue hotspots set up by attackers masquerading as service providers can lure unsuspecting users, leading to data being intercepted.
Shared Credentials. In some cases, multiple users share a single set of credentials for Wi-Fi access. This lack of individual authentication can make it challenging to trace actions to specific users and can lead to unauthorized access if credentials are shared or compromised.
Failure to Rotate Credentials. Regularly changing Wi-Fi passwords and access credentials is essential for security.

It is critical for your company to implement strong measures such as encryption, enforcing complex and unique passwords, regularly changing passwords, implementing MFA and keeping firmware up to date.

Utilize best practices for access control and authentication on mobile devices.

Mobile device management is crucial for today’s businesses, whether your company uses Apple iPhone/IOS or Android phones and devices. Many of the tips and security solutions in this article are relatively easy for a company to require of its employees who are using mobile devices for business purposes.

As this article has underscored, access control and authentication stand as the first line of defense for mobile data security against unauthorized access and data breaches of sensitive company information. Weak passwords, inadequate authentication measures or neglecting physical security can leave mobile devices and their data vulnerable to a host of threats.

To combat these mobile security threats, companies must step up to this growing threat with security features such as robust password security policies, multi-factor authentication, biometric safeguards and physical security measures. The importance of these measures cannot be overstated.

The Growing Threat of ChatGPT Data Security Issues for Businesses and Consumers

If you keep up with technology even in the slightest, no doubt you’ve heard about the wonders of ChatGPT. Developed by the artificial intelligence (AI) research laboratory OpenAI, Chat Generative Pre-Trained Transformer, ChatGPT for short, is an artificial intelligence-powered language model designed for conversational systems such as chatbots and virtual assistants.

But is has become much more than that, and that’s why a lot of red flags are being raised for consumers to understand both its pros and cons when it comes to privacy and security with the potential of significant data breaches.

ChatGPT doesn’t have any knowledge of its own. It generates responses and information based only on the data it was trained on such as information from the internet, books and much, much more.

Many hail it as a life-changing development in technology that is already starting to transform how we live. ChatGPT is already writing and debugging code, translating text, creating summaries of long documents, writing music, creating art and automating many other challenging tasks. And it is easy to use.

Let’s look at some of the things both businesses and consumers should be wary of.

What are the Security Risks of ChatGPT?

The first thing that new users take from their first experience with ChatGPT is its ability to almost instantly generate realistic responses to questions on just about any subject.

Like any new technology, criminals using cyberattacks are turning those AI capabilities upside down to develop a growing set of threats. Here are a few examples.

Phishing Attacks

These have become an almost daily occurrence in personal and business email inboxes. An email comes from a trusted source asking you to do something that surprises you. It could be from your bank or any other website you have visited. The purpose of these attacks is to get you to reveal sensitive information like credit card numbers, Social Security number or even your login credentials.

Business email compromise has become more sophisticated with ChatGPT as well. This attack uses email to trick someone in an organization into sharing confidential company data or sending money. Security software usually detects these types of attacks by identifying patterns, but an attack like this powered with ChatGPT can get past sophisticated security filters.

Social Engineering and Impersonation: Text and Voice

AI tools like ChatGPT are so advanced they can write text in a real person’s voice and style. This is especially troubling for people in the public’s eye or business leaders who want to convey important and timely information to a mass audience. Imagine the chaos if Elon Musk or Bill Gates fell victim to this type of activity.

AI can also fake voices to scam people and businesses. AI-driven voice cloning technology can replicate an individual’s voice with only a small sample from sources like interviews, podcasts or social media videos. Scammers use these voices to impersonate someone the victim knows and trusts, like a family member, friend or colleague. The voice may claim to be in a crisis situation and/or request financial assistance.

When in doubt, verify the caller’s identity by asking them something only the real person would know, or hang up and contact the real person for verification. And, it probably goes without saying, don’t give them any important information about you or your company.

Automated Customer Service Scams

Many companies are moving to automated customer support technology using AI chatbots that allow you to “chat” with an AI-driven program to solve many of the more simple issues customers typically call customer service for. Cyber criminals can replicate these capabilities and convince individuals to reveal sensitive personal or business information as part of the chat history and make payments to the criminals, not the company.

Malware and Spam

One of the major security concerns is how AI can be used to generate text that appears legitimate in emails and can evade even the most sophisticated website spam filters. Criminals use these emails to get individuals to click on links that distribute malware or ransomware to their devices.

Spam. While many people have become more competent at spotting spam, there remains a large percentage of society that will be fooled into a dialog with simple offers. The bad thing about ChatGPT is that spam output can be generated exponentially in seconds, often with embedded malware that can lead users to malicious websites. The ability to generate professional-looking phishing emails that mimic outreach from legitimate sources such as banks or retailers is closely aligned with this. Users who click links to respond put themselves at significant risk of a bad experience and the potential exposure of personal data.

Ransomware. One of the darker ways that ChatGPT is being used is to embed ransomware that hijacks computer systems. To unlock systems, victims must pay extortionists large sums of money to regain control. Attackers usually don’t write their code. Instead, they buy it from ransomware creators on dark web marketplaces, but that could change as ChatGPT becomes more adept at generating malicious ransomware code.

Fake Reviews and Ratings

Some criminals use AL-generated content to flood e-commerce platforms with fake product reviews, ratings and comments. These fake reviews can influence consumer decisions, leading them to purchase low-quality or counterfeit products.

User Data Protection and Data Privacy from ChatGPT Incursions

To protect yourself from these scams never share confidential information such as name, address, login credentials and credit card information. Here are some other steps to protect yourself.

Password Protection Strategies. This seems basic, but so many of us are guilty of choosing ease over effectiveness when assigning passwords. A strong password is one of the most effective defenses against data incursions. Mix it up and use biometric security and multi-factor authentication when possible.

Monitor Accounts. Make it a habit to monitor your banking, credit card, emails and other sensitive data pages and accounts so you can quickly spot abnormal activities. Turn on page alerts for all accounts. The use of ChatGPT by hackers can generate compelling phishing attacks.

Keep Software Current. Always install the latest updates, which may patch security breaches and vulnerabilities crooks could use to steal your data.

Antivirus Protection. Advanced cybersecurity software has morphed into a fully comprehensive protection package to guard against ransomware and other potentially invasive ways to steal your data.

Enable Operating System’s Firewall. This will create a barrier that monitors traffic and blocks potentially malicious attempts to harm your cyber presence. For added protection, you can also activate your router’s firewall or invest in a virtual private network (VPN) to encrypt your data.

Multi-Factor Authentication. MFA can secure your accounts with an added layer of protection. When MFA is activated, you are sent a code to your phone or email address to authenticate a login attempt.

Network Detection and Response (NDR) Technology. Effective NDR solutions can detect threatening patterns and prevent unauthorized access, even if a hacker has stolen login credentials.

ChatGPT is still in its infancy, and while it will continue to improve lives in countless ways, thieves will do everything they can to make your life miserable through all the ways we’ve documented above.

You don’t need ChatGPT to tell you why an ounce of prevention is worth a pound of cure. The best thing you can do is take proactive steps before you become a victim. Be smart and understand the potential threats, then take steps to ensure ChatGPT works for you instead of against you.

Data Security Employee Training on a Budget for Small and Medium Businesses (SMB)

Data security is not just a problem for large companies. Medium businesses are targeted more and more as data thieves expand their reach and small businesses are often an easy target for these sophisticated tricks.

The excuse many SMBs give is they don’t have the resources for the technology to protect their companies. While technology is an important piece, an equally critical component is ensuring your employees understand the things they must do to keep your company outside of a hacker’s sights.

What many companies overlook are simple and affordable ways to train employees to recognize trouble and to protect the critical company information they work with on a daily basis. Employees are your first line of defense and they need to be equipped with the basics of data security to protect your business.

A data breach is something we hear about every day, but it doesn’t have to be something that attacks your company.

Make employees your first line of defense against cyber thieves.

While we often give data thieves credit for targeting large company business data, the problems many SMBs face is often due to human error. Your employees interact with sensitive data daily, making them both your greatest asset and your biggest vulnerability.

As you consider how to attack this opportunity with your employees, here are three ways you can start the process without breaking the bank:

Simple and Easy Training. Focus on simple and easy-to-implement techniques that will raise awareness and teach them how to identify the situations that data thieves thrive on.
Time-Friendly Approaches. Rather than creating large and complex programs, build training methods that can be included in their normal workflow, such as online modules they can complete as they have time.
Build Awareness of Employees’ Roles in the Solution. It’s sad but true: Many employees at small and medium-sized businesses are simply not aware of the potential cybersecurity risks your company faces. This will be the place to start your new training program.

Where should data security training for SMBs focus to reduce cyberattacks?

Employee training in data security shouldn’t be a one-time event. To truly embed a culture based on information security, regular training sessions and updates are required (because we know for sure the cyber criminals are honing their craft on a daily basis).

These sessions can take various forms, including workshops, online modules and simulated phishing exercises. Here are six areas where SMBs should focus their training efforts:

1. Recognizing Sensitive Information

This is any data that, if exposed, could lead to financial loss, legal repercussions or damage to an individual’s or organization’s reputation.

Employees should be able to identify personal client data (e.g., names, addresses, and financial information), proprietary business plans and data subject to legal regulations. Provide examples of what constitutes sensitive information in your industry, making it clear what information should be handled with extra care. Malware and ransomware can target sensitive information, aiming to steal or encrypt it for extortion.
Training Approach. Host brief team meetings to discuss specific examples of sensitive information in your business. Encourage employees to share their thoughts and to ask questions (remember, there are no dumb questions).

2. Secure Data Handling

This involves using methods and tools to ensure that data is kept confidential, its integrity is maintained, and it’s accessible only to authorized individuals.

Provide high quality antivirus software and train employees on creating strong, unique passwords. Encourage them to use password management tools to prevent hackers from breaching your company’s firewall. Many tools have options for businesses. Multi-factor authentication is another tool that reduces cybersecurity threats. Explain the importance of data protection encryption when sharing sensitive files so that even if intercepted, the data remains unreadable.
For example, when sending confidential financial documents to a client, use a secure file-sharing platform that encrypts the data during transmission and requires the recipient to enter a password to access the file. Two of the most popular platforms are Dropbox and Google Workspace.
Training Approach. Share easy-to-follow guides through emails or on your company’s intranet. These guides can cover topics like password creation and the use of secure file-sharing tools.

3. Phishing Awareness

Phishing attacks are a fraudulent attempt to obtain sensitive information, often through deceptive emails, websites, social media such as LinkedIn or messages.

Teach employees how to recognize suspicious emails that often contain malware or ransomware, such as unexpected requests for sensitive data or urgent requests for money. Advise them not to click on links or download attachments from unknown sources.
For example, if an employee receives an email claiming to be from a bank requesting them to click a link to verify their account details, they should be very cautious and verify the request through official channels before taking action.
Training Approach. Send regular emails with tips on identifying phishing attempts. Share real-life examples to make the content relatable.

4. Physical Document Security.

This involves safeguarding physical copies of sensitive information from unauthorized access, loss or theft.

Instruct employees on proper document handling, storage and disposal. Explain the significance of shredding documents containing client names and addresses.
Employees should use a designated paper shredding device to render the information unreadable or utilize a bin provided by a document destruction company. Be sure to find a company that shreds your documents on site rather than taking it to a processing location off-site.
Training Approach. Organize a short workshop during a lunch break (and the company provides the lunch) that shows employees how to properly handle and dispose of important documents.

5. Mobile Device Management.

This refers to strategies and practices to secure mobile devices such as smartphones, tablets and laptops used for work purposes.

Educate employees on setting up device passcodes or biometric authentication, such as a fingerprint. Encourage them to enable remote tracking and data wiping features in case their device is lost or stolen.
For example, if an employee’s work laptop is stolen, they should be able to remotely erase all data on the device before a thief can steal the data.
Training Approach. Create a one-page guide with step-by-step instructions for setting up security features on mobile devices.

6. Social Engineering.

This involves manipulating individuals into divulging confidential information or performing actions that compromise network security.

Provide examples of common social engineering tactics, like impersonation, pretexting or baiting. Teach employees to verify requests for sensitive information by contacting the requester through official channels.
For example, an employee should be cautious if they receive a phone call from someone claiming to be from IT support and asking for their password. The employee should call the IT department to verify the legitimacy of the request.
Training Approach. Share brief anecdotes about social engineering incidents and how they can happen to anyone.

Artificial Intelligence (AI) is a two-way player in the world of cybercriminal activities.

AI is playing an increasing role in data security by both enhancing defense mechanisms against cyber threats and being utilized by bad actors trying to carry out attacks. Here is how AI impacts data security and what companies should be vigilant about:

AI as an enhancement for data security

Threat Detection. AI-powered tools can analyze vast amounts of data quickly that can help companies identify patterns indicative of cyber threats. AI can detect anomalies in user behavior, network traffic and system activities to help companies better identify malicious activities.
Fraud Prevention. AI algorithms can detect unusual transaction patterns to head off fraudulent activities. This is especially meaningful in financial services and e-commerce industries.
Phishing Detection. AL-driven email security solutions can analyze email content, sender behavior and metadata to head off phishing attempts.
Predictive Analysis. AI can predict potential vulnerabilities and weaknesses in a company’s systems to help IT teams prioritize security efforts.

AI as an enhancement to cyber threats

Advanced Attacks. Bad guys use AI to drive broad-based phishing attacks such as phishing emails that mimic human communication and behavior.
Automated Attacks. AI can automate many stages of malicious attacks allowing cybercriminals to scale their illegal operations very quickly.
Evasion Techniques. AI can develop malware that adapts its behavior to evade detection by traditional security systems.

In short, AI presents both opportunities and challenges for data security. SDD recently published an article titled “Data Security Threats to SMB from Artificial Intelligence.” The article goes into much more detail about the issues above.

Any size company can create a culture that protects its important data.

You don’t need a big budget or large training organization to drastically improve your company’s data security. Midsize businesses can conduct simple and specific training throughout the year to help maintain overall awareness of the issues critical to avoiding security breaches that lead to your critical in-house data being stolen. And starting the process to develop cyber security best practices and cyber security policies is critical to ensuring consistency in your cybersecurity solutions throughout your company.

Medium and small business owners remember this: The goal is to implement security measures that safeguard your sensitive information and that of your clients. Successful companies make data security an important part of their culture and it doesn’t require great amounts of investment.