Scams are a natural next step to data leaks

The recent compromise of the Office of Personnel Management (OPM) has lead to the inevitable scams that follow. The latest are direct phone calls to individuals at home. In these calls, the caller states that - as a result of the leak of personal data from the OPM hack - OPM owes that person money. If they will provide their banking information, the caller will ensure that the funds are placed into their account.

C'mon, people. Think for a second. When was the last time the U.S. government called you to tell you they were giving you money? Say it with me now...NEVER. The government doesn't do that. They are a bureaucracy. If they truly do owe you money, and they admit to it, they will send you a physical check - typically without warning. They will never, ever call you directly to offer you funds, nor will they ever direct deposit them without you having to accomplish tons of paperwork first - such as when you choose to get an electronic refund on your taxes.

Thirty seconds of pause will keep you from being the latest victim of the latest stupid scam.

The other scam we have seen recently at Maverick is the result of the Transportation Safety Administration (TSA) hacks a while back. Flight attendants and other flight-related personnel are receiving emails that appear to come from TSA stating that there are important safety downloads and other information the recipient has to take action on. Yet a careful review of the sender's information shows that the email address comes from Indonesia - not the U.S. government.

TSA does not send emails for critical updates on security of your devices because TSA does not secure any of your devices! If there are physical safety tips or information, they will be distributed from TSA through your airline or flight-related employer, not directly to individuals. TSA does not provide security updates for software or hardware on individuals' devices. Ever.

Anthem, JP Morgan, OPM, TSA, IRS, the Census Bureau, the White House - the list of hacked Federal and commercial entities who hold your data goes on and on. But the vigilance and steps necessary for safety to keep from becoming a victim (again) does not change. With thirty seconds of thought, you can avoid falling victim to these scams. Maverick recommends that individuals take the following actions:

  1. NEVER click on an email, the links in it, or the files attached to it, that appears to come from a government entity without knowing it is a response to something you initiated. You know whether or not you have an issue pending with the government (like an IRS tax issue).
  2. IF you are unsure as to the legitimacy of the email, contact the sender directly. By "sender", we mean NOT clicking on the links or email header information. If the email says Anthem, go to the web, find Anthem's customer service number, and call them. Ask them about the email or information you are looking at. Thirty seconds can save you thousands of dollars and many headaches recovering your identity.
  3. THE FEDERAL GOVERNMENT WILL NEVER CALL YOU TO GIVE YOU A REFUND, REBATE, OR OFFER OF SOME REMITTANCE. EVER.
  4. IF an email or link looks legitimate, mouseover the link without clicking on it. A little bit of data appears in the bottom of your browser window telling you where that link really goes. It may say "login to Anthem here", but the link may actually go to "hackedyou.anth3m.pl". Since the country code ".pl" is Poland, as an example, you can probably be safe in thinking this is NOT legitimate correspondence.
  5. When in doubt, KILL IT. If the Federal government or a vendor really wants to get ahold of you (often when you owe them money, not vise versa), they know where to find you.

A little common sense and vigilance will keep you from being revictimized. You already lost your information once, don't fall victim to a scam that exploits it again. Take a few seconds to put a skeptical eye on your email, texts, and when the callers contact you and you will be safe online.