Tag: personal information

How scammers use the holiday season to steal your money, information

Scammers particularly use the holiday season to steal your money and information.Hoping consumers will let down their guard, or just trying to spoof legitimate businesses, scammers will do everything they can to take advantage of your vulnerability or generosity.Chase and the Baltimore Police Department recently hosted a scam education event to show consumers how to protect themselves. Some of their tips are listed below.Holiday shopping: What to knowShop with trusted retailers: Stick to reputable websites when shopping online. If you’re unfamiliar with a store, search for its name along with terms like “scam,” “complaints” or “reviews” to uncover any red flags.Verify website URLs: Scammers can create fake websites that look like legitimate retailers. Ensure the URL starts with “https://” as the “s” stands for secure. Avoid clicking links from unsolicited emails or texts.Beware of unrealistic deals: Scammers lure buyers by offering massive discounts on popular or sold-out items. If a deal seems too good to be true, it’s likely a scam.How you pay matters: Credit cards and debit cards offer different protections than cash or payment transfer apps, like Zelle and Venmo. Remember, only use apps like Zelle to pay others you know and trust.Shopping on public Wi-Fi: Avoid connecting to public Wi-Fi when making an online purchase. Scammers can intercept your personal information on unsecured networks.Use digital tools: Trusted financial institutions offer credit and identity monitoring, including alerts to inform you when your data is exposed in a data breach or on the dark web.Online deals that are too good to be trueWhen shopping online or on social media, buy only from trusted websites and vendors. If purchasing on a marketplace, stay on the platform to complete transactions and communicate with sellers, as protections often only apply when you use the platform.Use payment methods that offer buyer protection. Never send money to strangers, particularly via payment-transfer apps like Zelle or Venmo, for purchases, especially when you can’t confirm the goods exist. Missed packages or problems with deliveryExpecting a package? Be cautious of phishing messages through email or text message that impersonate delivery services, like the U.S. Postal Service, UPS or FedEx, with links to view “missed deliveries.” These links may lead to fake sign-in pages to capture your actual password or to malware-infected sites.Do not respond to messages requesting personal or financial information, including money or cryptocurrency. Be wary of unexpected packages and avoid scanning QR codes, as they may be attempts to steal your information.Scams: Fake refunds, quishing, phishing/smishing, whalingRefund scams: Another scam doesn’t demand payment. Instead, it dangles a refund, sometimes via text messages posing as official messages from “Department of Taxation,” urging recipients to “click here to claim your refund.” The texts look legitimate at a glance, but they are designed to lure you into tapping a fraudulent link and handing over personal information. Cybersecurity experts are warning about scammers using QR codes to take advantage of unsuspecting victims. The practice called “quishing” uses a QR code that sends you to a dummy website to get your information — and money.When it comes to phishing, the term is more widely known, but people are still falling for it. Phishing emails or texts (known as “smishing”) attempt to trick a recipient into clicking a suspicious link, filling out information or downloading a malware file.Whaling attacks generally target leaders or other executives with access to large amounts of information at an organization or business. Whaling attacks can target people in payroll offices, human resources and financial offices as well as leadership. Video below: An expert’s tips to avoid falling for QR code scamsGift card scamsBe cautious about buying gift cards from third-party sites. Scammers will pre-save card details or sell expired cards.Don’t respond to an unsolicited email or text message offering you a gift card because it’s often a way to track your online activity.Don’t fall for scammers asking you to pay for services or goods using gift cards.Video below: Guide to selling gift cards securely onlinePhony charitiesThe holidays are also a season of giving, but before you donate money, double-check the contact and payment information for a charity.Beware of text, email or phone call solicitations. Like any other unsolicited message, don’t click on links or open attachments because they may contain malware or try to steal your information.Travel scamsScammers try to mimic or impersonate popular travel websites by recreating familiar branding, logos or company verbiage.As part of your travel research, do scam checks by looking up unfamiliar retail, travel and services websites by searching online for their names along with terms like “scam,” “complaints” or “reviews.”Chase advises using a credit card to book travel so that if an issue arises, you can dispute it.What to do if you fall victim to a scamVideo below: Steps to take immediately after falling for a scamStop communication: Discontinue all contact with the scammer immediately to prevent further damage.Document everything: Take note of all relevant information, including the scammer’s contact details and any information that may be useful when reporting the incident.Contact your bank: Report the incident and verify recent transactions to ensure there is no fraudulent activity on your account.Report the incident: File a police report or an inquiry to the Federal Trade Commission for official documentation.Monitor for identity theft: Sign up for credit and identity monitoring to receive alerts when your personal information has been leaked in a data breach or shows up on the dark web.Change your passwords: Update your online accounts by creating strong passwords, particularly if the scam involved accessing your personal information.Share your experience: Let friends and family know what happened to raise awareness about the signs of scams and help others avoid falling victim. Remember that financial scams can, and do, happen to anyone, so don’t feel embarrassed.Remain on high alert for follow-up scams: Scammers might attempt to target you again, especially if they know you’ve fallen victim before. Be cautious of unsolicited communications.

Scammers particularly use the holiday season to steal your money and information.

Hoping consumers will let down their guard, or just trying to spoof legitimate businesses, scammers will do everything they can to take advantage of your vulnerability or generosity.

Chase and the Baltimore Police Department recently hosted a scam education event to show consumers how to protect themselves. Some of their tips are listed below.

Holiday shopping: What to know

Shop with trusted retailers: Stick to reputable websites when shopping online. If you’re unfamiliar with a store, search for its name along with terms like “scam,” “complaints” or “reviews” to uncover any red flags.

Verify website URLs: Scammers can create fake websites that look like legitimate retailers. Ensure the URL starts with “https://” as the “s” stands for secure. Avoid clicking links from unsolicited emails or texts.

Beware of unrealistic deals: Scammers lure buyers by offering massive discounts on popular or sold-out items. If a deal seems too good to be true, it’s likely a scam.

How you pay matters: Credit cards and debit cards offer different protections than cash or payment transfer apps, like Zelle and Venmo. Remember, only use apps like Zelle to pay others you know and trust.

Shopping on public Wi-Fi: Avoid connecting to public Wi-Fi when making an online purchase. Scammers can intercept your personal information on unsecured networks.

Use digital tools: Trusted financial institutions offer credit and identity monitoring, including alerts to inform you when your data is exposed in a data breach or on the dark web.

Online deals that are too good to be true

When shopping online or on social media, buy only from trusted websites and vendors. If purchasing on a marketplace, stay on the platform to complete transactions and communicate with sellers, as protections often only apply when you use the platform.

Use payment methods that offer buyer protection. Never send money to strangers, particularly via payment-transfer apps like Zelle or Venmo, for purchases, especially when you can’t confirm the goods exist.

Missed packages or problems with delivery

Expecting a package? Be cautious of phishing messages through email or text message that impersonate delivery services, like the U.S. Postal Service, UPS or FedEx, with links to view “missed deliveries.”

These links may lead to fake sign-in pages to capture your actual password or to malware-infected sites.

Do not respond to messages requesting personal or financial information, including money or cryptocurrency. Be wary of unexpected packages and avoid scanning QR codes, as they may be attempts to steal your information.

Scams: Fake refunds, quishing, phishing/smishing, whaling

Refund scams: Another scam doesn’t demand payment. Instead, it dangles a refund, sometimes via text messages posing as official messages from “Department of Taxation,” urging recipients to “click here to claim your refund.” The texts look legitimate at a glance, but they are designed to lure you into tapping a fraudulent link and handing over personal information.

Cybersecurity experts are warning about scammers using QR codes to take advantage of unsuspecting victims. The practice called “quishing” uses a QR code that sends you to a dummy website to get your information — and money.

When it comes to phishing, the term is more widely known, but people are still falling for it. Phishing emails or texts (known as “smishing”) attempt to trick a recipient into clicking a suspicious link, filling out information or downloading a malware file.

Whaling attacks generally target leaders or other executives with access to large amounts of information at an organization or business. Whaling attacks can target people in payroll offices, human resources and financial offices as well as leadership.

Video below: An expert’s tips to avoid falling for QR code scams

Gift card scams

Be cautious about buying gift cards from third-party sites. Scammers will pre-save card details or sell expired cards.

Don’t respond to an unsolicited email or text message offering you a gift card because it’s often a way to track your online activity.

Don’t fall for scammers asking you to pay for services or goods using gift cards.

Video below: Guide to selling gift cards securely online

Phony charities

The holidays are also a season of giving, but before you donate money, double-check the contact and payment information for a charity.

Beware of text, email or phone call solicitations. Like any other unsolicited message, don’t click on links or open attachments because they may contain malware or try to steal your information.

Travel scams

Scammers try to mimic or impersonate popular travel websites by recreating familiar branding, logos or company verbiage.

As part of your travel research, do scam checks by looking up unfamiliar retail, travel and services websites by searching online for their names along with terms like “scam,” “complaints” or “reviews.”

Chase advises using a credit card to book travel so that if an issue arises, you can dispute it.

What to do if you fall victim to a scam

Video below: Steps to take immediately after falling for a scam

Stop communication: Discontinue all contact with the scammer immediately to prevent further damage.

Document everything: Take note of all relevant information, including the scammer’s contact details and any information that may be useful when reporting the incident.

Contact your bank: Report the incident and verify recent transactions to ensure there is no fraudulent activity on your account.

Report the incident: File a police report or an inquiry to the Federal Trade Commission for official documentation.

Monitor for identity theft: Sign up for credit and identity monitoring to receive alerts when your personal information has been leaked in a data breach or shows up on the dark web.

Change your passwords: Update your online accounts by creating strong passwords, particularly if the scam involved accessing your personal information.

Share your experience: Let friends and family know what happened to raise awareness about the signs of scams and help others avoid falling victim. Remember that financial scams can, and do, happen to anyone, so don’t feel embarrassed.

Remain on high alert for follow-up scams: Scammers might attempt to target you again, especially if they know you’ve fallen victim before. Be cautious of unsolicited communications.

Source link

November 25, 2025
Feds indict three women for alleged ‘doxing’ of ICE agent in Los Angeles

Three women opposed to President Trump’s intense immigration raids in Los Angeles were indicted Friday on charges of illegally “doxing” a U.S. Customs and Immigration agent, authorities said.

Ashleigh Brown, Cynthia Raygoza and Sandra Carmona Samane face charges of disclosing the personal information of a federal agent and conspiracy, according to an indictment unsealed late Friday.

Brown, who is from Colorado and goes by the nickname “AK,” has been described as one of the founders of “ice_out_ofla” an Instagram page with more than 28,000 followers that plays a role in organizing demonstrations against immigration enforcement, according to the social media page and an email reviewed by The Times.

According to the indictment, the three women followed an ICE agent from the federal building on 300 North Los Angeles Street in downtown L.A. to the agent’s residence in Baldwin Park.

They live-streamed the entire event, according to the indictment. Once they arrived at the agent’s home, prosecutors allege the women got out and shouted “la migra lives here,” and “ICE lives on your street and you should know,” according to the indictment.

“Our brave federal agents put their lives on the line every day to keep our nation safe,” Acting U.S. Atty. Bill Essayli said in a statement. “The conduct of these defendants are deeply offensive to law enforcement officers and their families. If you threaten, dox, or harm in any manner one of our agents or employees, you will face prosecution and prison time.”

An attorney for Samane, 25, of Los Angeles, said she intends to plead not guilty at an arraignment next month and declined further comment.

The Federal Public Defender’s Office, which is representing Brown, 38, of Aurora, Colo., did not immediately respond to a request for comment. Court records did not list an attorney for Raygoza, 37, of Riverside.

Footage published to the ice_out_ofla Instagram page seemed to capture Brown’s arrest earlier this week. The video shows a man in green fatigues and body armor saying he has a warrant for her arrest, while reaching through what appears to be the shattered driver’s side window of her car. Brown asks what the warrant is for while the man can be seen holding a collapsible baton. Then the video cuts out.

Posts on the Instagram page describe Brown as a “political prisoner.”

A spokesman for the U.S. Attorney’s office in Los Angeles did not immediately respond to questions about whether the women specifically shouted out the agent’s address online or what the defendants specifically did to “incite the commission of a crime of violence against a federal agent,” as the indictment alleges.

Federal law enforcement leaders have repeatedly expressed concern about the “doxing” of agents with ICE and U.S. Customs and Border Patrol as residents of Los Angeles, Chicago and other cities continue to protest the Trump administration’s sprawling deportation efforts.

Homeland Security Secretary Kristi Noem threatened to prosecute people for publishing agents’ personal information last month in response to fliers in Portland that called for people to collect intel on ICE.

But the indictment returned Friday appeared to be the first prosecution related to such tactics.

Critics of the Trump administration’s operations have expressed outrage over ICE and CBP agents wearing masks and refusing to identify themselves in public while hunting undocumented immigrants throughout Southern California.

Last week, Gov. Gavin Newsom signed into law a bill that forbids federal law enforcement from wearing masks while operating in California. The supremacy clause of the U.S. Constitution dictates that federal law takes precedence over state law, leading some legal experts to question whether state officials can actually enforce the legislation.

James Queally

Source link

September 26, 2025
Stellantis confirms data breach involving customers’ contact information

— the parent of several auto brands including Dodge, Ram and Chrysler — said customers’ personal information was included in a data breach. The automaker said that “contact information” was procured, but not “financial or sensitive personal” data, as that is not stored on the third-party platform that was breached.

“We recently detected unauthorized access to a third-party service provider’s platform that supports our North American customer service operations,” Stellantis said. “Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation and took prompt action to contain and mitigate the situation. We are also notifying the appropriate authorities and directly informing affected customers.” The company encouraged customers to be on guard against phishing and social engineering attacks, and to be careful about sharing personal information with anyone who contacts them unexpectedly.

Stellantis has not disclosed what types of contact information were involved in the breach, how many customers were affected or whether it’s offering them privacy or credit protection services. A spokesperson told Engadget the automaker is “not providing any additional information beyond our statement.”

says a group called ShinyHunters claimed credit for the breach. The group told the publication it obtained more than 18 million records, containing contact details and names, from Stellantis’ Salesforce instance. ShinyHunters has stolen data from other Salesforce clients over the last several months, including , Qantas, Adidas and LVMH.

Kris Holt

Source link

September 22, 2025
State’s top election official balks at DOJ request for sensitive voter information

The Maryland State Board of Elections office in Annapolis. (File photo Danielle E. Gaines/Maryland Matters.)

Maryland’s top election official said he is concerned about a Justice Department demand for state elections data including sensitive information for more than 4 million state voters.

State Elections Administrator Jared DeMarinis said his agency has been working with Justice Department investigators under the state’s Public Information Act after they demanded voter information last month. But he said the office balked at a recent demand for an unredacted database that contains protected personal information that could not otherwise be released.

“Handing over a list of 4.3 million people to find something seems to be an overreach,” DeMarinis said Thursday. “It casts aspersions on all Maryland voters, and tries to sow doubt, or some sort of fear that the lists are inaccurate, and that’s just not the case.”

The discussion during Thursday’s meeting of the Maryland State Board of Elections highlighted some deep partisan divides.

Diane Butler, one of two Republican members of the Maryland State Board of Elections. (File photo Bryan P. Sears/Maryland Matters.)

Diane Butler, one of two Republicans on the five-member board, said she “absolutely shocked” by DeMarinis’ response to the Justice Department.

“The response was incomplete, it was unprofessional, and it was actually quite rude,” Butler said. “And I think the Justice Department agreed by the tone of their second letter, and I think that’s where they jumped up and wanted even more.

“I think fighting the Justice Department instead of working with them was not the way that we need to be behaving,” she said.

Maryland was one of a number of states that received letters this summer from the Department of Justice seeking voter registration information.

The July 14 letter requested voter registration data from November 2022 to November 2024. The state was asked to provide “the number of voters identified as ineligible to vote” during that period because they were a “non-citizen … adjudicated incompetent” or had a felony conviction.

The letter referenced a 2023 state audit that had raised questions about the accuracy of the state’s voter rolls.

DeMarinis responded to the request by providing investigators with the process and application that could be used to obtain some of the information.

Under state law, some voter information is available for electoral purposes only. Democratic and Republican central committees routinely request such information.

DeMarinis said he offered to work with the department if they had concerns about specific voters.

What Jstice Department officials wanted went beyond that which DeMarinis said was available under Maryland law.

Maryland Elections Administrator Jared DeMarinis said a Justice Department request for voter records including sensitive information “seems to be an overreach.” (File photo Bryan P. Sears/Maryland Matters.)

“They filled out the application. I then wanted to inquire as to … how it was related to electoral purpose, electoral process in the state of Maryland,” DeMarinis said. “They’ve responded back by saying, ‘We demand the voter registration list and all fields in it,’ including” personally identifiable information.

DeMarinis said the agency demanded the information by Aug. 25.

Yaakov “Jake” Weissmann, one of three Democrats on the board, said it was important to work with law enforcement officials, but to do so within the confines of state and federal election laws. The request made by the federal government this summer “is far outside the scope” of what the agency has requested in the past, he said.

“This is a new era for the DOJ, it seems,” Weissmann said, adding that the state elections board should not turnover “Marylanders’ personal information, the last four digits of Social Security, their date of birth, their home address, without any sort of rational explanation.”

Jim Shalleck, a Republican and vice chair of the board, praised DeMarinis for the state’s board’s efforts to maintain accurate voter registration lists.

“I see you doing everything you can to maintain our lists, which is a very difficult task,” he said to DeMarinis.

Butler disagreed.

“I tend to disagree with Jim. We’ve had problems with the list maintenance,” she said. “We failed some of the audit concerning some of these issues, and when I read our response to that, our response was a bunch of excuses as to why we didn’t get it done. We know we’ve had this problem, and then, like I said, we’ve had complaints about it, so I’d like to see solutions instead of excuses.”

SUBSCRIBE: GET THE MORNING HEADLINES DELIVERED TO YOUR INBOX

Source link

August 28, 2025
Workday says hackers used social engineering to access personal data during a breach

Human resources technology company Workday has confirmed that a data breach has affected its third-party CRM platform. In a announcing the breach, the company said that a social engineering campaign had targeted its employees, with threat actors posing as IT or HR in order to trick employees into sharing account access or personal information.

The company says that while the threat actors were able to access some information from the CRM, there is no indication of any access to customer accounts or the data within them. “We acted quickly to cut the access and have added extra safeguards to protect against similar incidents in the future,” the post reads. Workday says that the information gathered from the CRM consists of “commonly available” business contact information such as names, email addresses and phone numbers. From the sound of its blog post, the information of Workday end users was not revealed, only information from the companies it has contracts with.

What is known with some certainty at this point is that Workday’s CRM was breached. The company’s statement that “no indication” of a deeper customer data breach was found is — often, the full scope of hacks like this aren’t known until later.

Earlier this year, Workday around 1,750 employees, or around 8.5 percent of its workforce. The company said it was “prioritizing innovation investments like AI and platform development, and rigorously evaluating the ROI of others across the board.”

The precise third-party CRM Workday is referring to was not disclosed. Earlier this year to a hack via the Salesforce app, and last year it would stop using Slack, the Salesforce-owned messaging platform, after a hack exposed company data.

Andre Revilla

Source link

August 18, 2025
At least 73% of U.S. adults have fallen for online scams. How you can avoid the latest con
Online scammers continue to dupe a majority of American adults as they infiltrate virtual calendars and security systems meant to defend users against the poaching of personal information.

A recent survey of more than 9,000 U.S. adults by the Pew Research Center found that approximately 73% experienced at least one or more online scams or attacks.

The most common virtual cons were credit card fraud, online shopping scams and ransomware attacks — a type of malicious software that prevents you from accessing your computer files or system until a ransom is paid.

About 24% of those surveyed said they had received a scam email, text message or call that tricked them into giving away personal information.

An estimated 32% of respondents said they were victims of a scam within the last year.

It’s often said that older adults are more vulnerable to online fraudsters. However, in 2021, the Federal Trade Commission reported that Gen Z adults, millennials and Gen Xers, collectively between the ages of 18 and 59, were 34% more likely than adults who are 60 and older to report losing money to fraud.

These generational groups are getting tricked by online schemes that originate from a social media ad, an investment scam or fake job opportunities.

The latest phishing attacks, or attempts to acquire sensitive data, are happening through your online calendar, (Google or Outlook calendar), multi-factor authentication app and HTML attachments.

Evading online scams is proving to be a challenge, but cybersecurity experts say there are steps you can take to protect yourself.

Unsolicited calendar invites

Scammers are constantly finding new ways to lure you into unknowingly giving up your personal information and the calendar connected to your email account is one of them, said Iskander Sanchez-Rola, director of artificial intelligence and innovation for Norton.

Unlike traditional phishing scams such as an unwanted text or call that requires your engagement, this invitation automatically appears on your calendar without you approving or denying it.

Anyone can easily be fooled by this because it can confuse you into thinking you accepted the invitation at some point, Sanchez-Rola said.

The scam happens when you click on the invite to get more information.

A link in the invitation can lead you to a phishing webpage that is masquerading as a Zoom link, or it can prompt you to download malware that is disguised as a software update.

This con often targets work-related email accounts and corresponding calendar apps.

The warning signs of this scam include:
- The calendar invite is unsolicited.
- There are misspellings in the link or sender address associated with the calendar appointment.
- The invite is associated with work, but you’re the only person to receive it.
What you can do: Change the settings in your online calendar to prohibit automatic updates. Microsoft Outlook users can follow these online instructions to change their calendar settings; Google users can limit which invitations appear on their schedule by following these online instructions.

If you have any suspicions, don’t reply directly to the invite, said Derek Manky, chief security strategist and global vice president of threat intelligence at Fortinet.

“Instead, send an email to your trusted contact from that organization asking if they have confirmed the meeting and request further details,” Manky said.

Multi-factor authentication scam

A multi-factor authentication app, also known as a “two-step verification,” is an application on your phone that provides you with a code or a “yes or no” prompt to verify that you’re accessing an account that’s linked to the authenticator.

“Multi-factor authentication attacks have been happening for well over a decade,” Manky said. “They just frequently take on new forms, or target new platforms such as the authenticator app.”

A scam occurs when you’re receiving multiple notifications from the authentication app even though you didn’t request verification.

“This scam is all about wearing you down to the point of clicking an unknown notification and accidentally providing your personal information,” Sanchez-Rola said.

The warning signs of this scam include:
- The authentication app is requesting verification or providing you with a verification code you did not request.
- The authentication app is sending you several notifications in a row even though you did not prompt the app.
What you can do: If you’re getting a string of authentication app notifications, pause before you click.

“Approving a login you didn’t request is like handing your keys to a stranger,” Sanchez-Rola said. “You just don’t do it.”

A safer way to use an authentication app — such as 2FAS, Aegis Authenticator, Microsoft Authenticator, Stratum or Google Authenticator — is to use one that provides you with a verification code. Don’t use an app that sends a notification because that’s how a scammer can pressure you into providing your login information.

Another step in protecting yourself is changing your passwords frequently, as it reduces the shelf-life for the ones that are stolen and sold, Manky said.

Emails with unknown HTML attachments

An email with an unknown HTML attachment can redirect you to a phishing webpage or prompt you to download malware.

It’s the oldest technique in the book but it’s still commonly used today, Manky said.

“HTM/HTML files contain code that can be used in a variety of ways, including executing malicious scripts, for example Javascript, that could drop an information stealer on the system,” he said. “Likewise, they could be used to launch a phishing page to harvest credentials.”

Fraudsters will try to use trusted names or services that are of daily use to you.

“If an email is unsolicited, the end user should always question the identity of the emails being sent,” Manky said.

The warning signs of this scam include:
- The sender of the email is an unknown contact.
- The attachment within the email is unsolicited and looks suspicious.
What can you do: Always exercise caution before opening any attachments in an email, Manky said.

Look for typosquatting in the URL of the attachment. Typosquatting is when domain names on the URL have a small variation from the legitimate one, Manky said.
Karen Garcia

Source link
August 11, 2025