Protecting Seniors from Identity Theft and Scams

What are Today’s Most Common Elder Fraud, Identity Theft, and Scams?

In 2018, the Justice Department did an extensive, coordinated sweep of elder fraud cases in history involving more than 250 defendants around the globe that victimized more than a million Americans, most of whom were elderly. The total amount of fraud was more than half $1 billion, and there were a variety of schemes that we were able to look see. We saw telemarketing, investment, and identity theft. Many of these involved transnational criminal organizations that defrauded hundreds of thousands of elderly victims.

One of the biggest for seniors is lottery scams. In particular, you hear about the Jamaican Lottery Scam. It is difficult to win a lottery and almost impossible to win one you have not even entered. Seniors would get a phone call, particularly from the Jamaican Lottery. Jamaican gangs purchase phone lists of American and Canadian seniors, call them up and tell them that they have won the lottery and need money for processing fees. Or maybe it is for income tax.

No legitimate lottery collects taxes for the IRS. They either will deduct the taxes from what they give you, or they give you the money, and you pay the taxes. The scammers tell a senior they

need to pay the lottery winning’s taxes, and then they keep telling them until they do what they want. Seniors keep falling for this.

The Grandparent Scam. Seniors are called late at night and are told there is a problem with their grandchild. They have been arrested; there is a medical problem; they are out of the country and need money wired; they need a gift card to fix the problem. Gift cards are a big thing for scammers. They love to get paid in gift cards because they are quick, easy money, money they can launder, and impossible to trace.

Seniors get convinced that this is their grandchild, and boom, they act in the emergency and wire the money. The Grandparent Scam often is triggered by all of us putting too much information on social media. At some point, they mention what they call their grandparent on social media, such as “Here is a picture of Meemaw and me.” Suddenly, that grandparent gets a call in the middle of the night. “Meemaw, it is me, Sheldon, and I am in trouble. I need some money.”  There is something called “deepfake technology.” Through voice cloning technology, scammers can make videos or phone calls that sound the same as the grandchild. One way to protect themselves is to have a keyword. Unless this keyword is answered, you know it is not a grandchild.

Scammers often look at obituaries and get the names of grandchildren there. They also focus on a widow or widower who is particularly vulnerable.

Romance scams often prey on older women. They are primary victims and are lulled into believing their online paramour needs funds for various purposes. You might see the initial contact on a legitimate dating site because no matter how much these sites try to police, they cannot prevent it a hundred percent.

These scammers have knowledge of psychology that Freud would have envied. What happens is they will lure their victims into believing that someone is in love with them, but then, there is an emergency where they need money. They use online profiles and photos from other websites. One way you can often find out if someone is a scammer is by going into one of the online services, whereby you can see if a picture turns up someplace else.

Romance scammers often use military and fake military names or real military people. Romance scams have quadrupled in just the last few years, and the thing is, again, the victims, elderly people, particularly those over 70, lose the most money. Now, there is even a new development in this. Instead of asking for money, they will tell the victim, “I am going to wire you some money, and I need you to wire it somewhere else.” What are they doing? They are turning their romance scam victim into a money mule.

Imposter scams are huge. Huge. They will call, email, or text message posing as the IRS or some other federal agency, Social Security, your bank, or the police. How do you know when you get a call that it is from the IRS? Let us look at your phone. Your caller ID may say “IRS.” However, here is a very easy-to-use technique called spoofing whereby a scammer can make that phone call look like it comes from the IRS. So, how can you tell if it is really the IRS calling you, texting, or emailing you? The IRS does not initiate contact by phone, text, or email.

There are also guardianship scams where people act as guardians, but they then loot the senior’s assets.

Social Security is a big part of seniors’ income and assets, so they also are a big target of scammers. Contact the Social Security Administration directly if you think something could be legitimate. Sometimes scams will look good.

Another thing with Social Security is there is a great tool called My Social Security account online. I urge everyone to set this up. You can view your earnings history, estimates and benefits, and manage your benefits online, including changing your address and starting or changing direct electronic deposits of your checks into your bank account. Great service. Once it is set up, it will prevent a scammer from being able to set one up using your information.

Your password will be compromised, not may be compromised. It will be compromised in many ways. You must protect yourself whenever possible with dual-factor authentication, particularly with a sensitive account like Social Security or your bank account. You always want to have dual-factor authentication.

SIM swapping. SIM is the Subscriber Identity Module, your SIM card. It is the integrated circuit in your phone and the guts of your phone, and it has your number and is used to authenticate subscribers on multiple devices. When you get a new phone, your mobile service will switch the SIM card to your new phone.

Scammers have been calling mobile service providers. They pose as you, answer a security question where they generally get the information off the internet, and switch your SIM card to theirs so that that dual-factor authentication number comes to them. Whoa! So, how do you protect yourself? There are easy ways to do so, such as setting up a PIN or a unique password for your mobile service provider. That way, no one can swap your SIM card without providing that.

Even paranoids have enemies, and I am particularly paranoid. It comes from working in this for 10 to 15 years. I have an arrangement with my mobile service carrier may not switch my SIM card unless I do it in person.

Medicare scams used to be even worse back when your Social Security number was your Medicare number, but between 2018 and 2020, finally, Medicare phased that out. So, all cards have now changed. What you do find is that scammers will try and get the Medicare number, lure people into providing it, and they will be able to use that for medical identity theft, which can even be deadly. This form of identity theft can threaten your life because the scammers will sell your Medicare coverage to someone else, and their medical records will get mixed in with your medical records.

In a weird provision of the HIPAA privacy laws, you cannot have that information of the identity thief taken out of your folder that is corrupting medical records because it is considered a violation of the identity thief’s privacy rights. You can indicate in your records that there is disputed information, but frankly, there can be instances where someone glances at the information and gives you the wrong blood type.

Charity scams. We have seen many charity scams since the Ukraine invasion, in particular. Many people wanted to donate to Ukraine, and scammers are everywhere. They always take advantage of what is in the public’s interest and minds. Go to a terrific site called https://www.charitynavigator.org/. Sometimes there will be charities with names that are suspiciously close to that of a legitimate charity. Instead of the American Cancer Society, it is the National Cancer Society, which is a scam, and people may not recognize that right off.

Investment scams. Ponzi scams, popularized by Charles Ponzi and which Bernie Madoff turned into an art, should not be called “Ponzi scams.” They should be called a “Howe” because, in blatant sexism, the first Ponzi scam can be traced back to 1879 in Boston, where a woman named Sarah Howe started the Ladies’ Deposit Company. She said, “A woman needs to take care of the financial needs of other women.” She promised, and this is 1879, 8 percent per month. What she, of course, was doing was taking in money from women who trusted her. Trust me, you cannot trust anybody. Then, when she made a payment, she would use the money from newer investors’ depositors.

Eventually, like most Ponzi schemes, she was caught, went to jail, came out, and did the whole thing over again. She is also a good example, and Bernie Madoff is a good example of affinity fraud. We tend to trust people who are like us. Well, who is “like us?” It can be anyone with whom you identify. People trust other veterans and people from the same religion; they trust people from military backgrounds. It’s called affinity fraud. You cannot trust anyone just because they are “like you.”

Computer scams and robocalls. Robocalls are automated calls placed through computers, and they lure people into buying things and providing personal information. There are two good ways of preventing that. First, do not pick up the call unless you recognize the number. If it is legitimate, they will leave a message. Another is a service called Nomorobo. It is free, and it will block many robocalls.

Be sure you have good security software and keep it up to date. When Equifax had that major security breach and data breach, the criminals took advantage of a software vulnerability in a type of software called Apache. They used that vulnerability to get at the records of hundreds of millions of people in the Equifax files. The thing is, Apache had put out a patch months before that would have prevented this attack, but Equifax did not get around to downloading it in a timely fashion. No matter how good your security software is, it will always be about a month behind for the latest zero-day defects or vulnerabilities that have not yet been discovered. You always want to download updates as soon as possible, but recognize that they will never be perfect.

Another thing with your computer is your security question. What happens if you cannot remember your password? Well, you answer a simple security question. Security questions that you may have are things that people can find. Often, one is, “What is my mother’s maiden name?” Scammers can quickly obtain this information. However, you do not have to use a valid answer. So, “What is your mother’s maiden name?” Answer “fire truck” or “grapefruit.” It is so ridiculous to pick something like that, you will remember, and yet, this security question is one that no hacker will ever be able to find online.

There are tech-support scams, and these are a huge problem. Many seniors fall for these. Suddenly, a pop-up on your screen says there is a problem with your computer, and it provides you with a phone number to call to get to Apple or Microsoft. They may want two things. One, they are going to scan, and they want you to give them remote access, and then, of course, you will have to pay for it. Never give anyone remote access to your computer. They are going to be able to take over your computer. As far as tech support goes, Apple and Microsoft will not give you a phone number and notify you if there is a tech problem.

The Internet of Things. This is a popular name for the technology of devices connected and controlled over the internet. There are about 10 billion devices connected to the internet of things: your cars, refrigerators, coffee makers, televisions, microwave ovens, thermostats, smartwatches, webcams, copy machines, medical devices, and your good friend Alexa. So, how do you protect yourself? First of all, the bad guys will hack through your internet of things device, get to your phone and computer, and get information that will make you a victim of identity theft. So, you do not want to store personally identifying information on your internet of things device, and you want to use a unique and complex password for each of your devices.

Read the fine print. Find out what information is gathered and stored by the device. Your cell phone is the entranceway to your car’s connectivity. Make sure you have a strong password and antivirus and anti-malware security device. Change the default username and password on all of your home network devices, which is something that not enough people do. According to the FBI, the most significant vulnerability is the little thought we give our routers. The router is a networking device that transfers data between your computer, your internet of things devices, and the internet.

Unfortunately, many people do not change the default password so bad guys can hack into your router and computers. Several types of routers will automatically do security updates (this is really something you should set up), but others do not, and you have to do this on your own. So, you want to setup up a unique password for your router and keep the software updated.

Alexa. Siri. Google Home. These things will do all kinds of goodies for you, including, “Alexa, get me the tech support for so-and-so. Get me the customer service for so-and-so.” Many companies do not have tech-support phone numbers, and they do not have customer service numbers. The bad guys will get websites that will be high in the search engines, either by buying their way through advertising or by being smart enough to manipulate the algorithms used together with high search. So when you ask Alexa or Siri, she will give you the scammer’s number. You really must be careful.

Phishing, spear phishing, vishing, and smishing. The biggest security problem for individuals and companies are phishing and spear phishing. These are emails with phishing and spear phishing when they are specifically tailored to you with the information they have gathered, sometimes from too much that we put on social media, luring you into clicking on links and downloading malware or providing personal information. Please do not click on any links unless you have confirmed them and you do not provide personal information.

Social media. Seniors put too much information out there. One of the things you have probably seen is online quizzes. “What is your pet’s name?” or “The first concert that you attended?” This is information scammers gather as part of their social engineering; they gather information to make you a victim.

Identity Theft is By Far the Number One Consumer Fraud

Identity theft costs $10 billion more than all other property crimes combined. Identity theft can result in you being hunted by debt collectors for debts you did not incur. It can make you unable to access your credit cards, bank accounts, or brokerage accounts. It can result in having your assets stolen, being arrested for crimes committed by people who have stolen your identity, or, as we talked about, medical identity theft, where you get improper medical care. It can ruin your credit rating, affecting your chances of getting a loan, a job, insurance, or renting a home.

So, income tax identity theft is a $6 billion-a-year problem. Bad guys can file a tax return using your Social Security number before you do, they create a dummied-up or counterfeit W-2, and they get a refund. Because of this, the IRS now allows anyone to obtain a PIN to file with their income tax return. If a scammer manages to get your Social Security number from the wide variety of data breaches, they will not be able to submit an income tax return in your name.

With criminal identity theft, people will commit a crime, use your name and identity, and jump bail. Eventually, you get stopped for a minor traffic infraction, and suddenly, you have difficulty trying to prove that it is really you.

Identity theft after death is when identity thieves will steal the identities of those who have died because family members are not monitoring it. One of the things that we want to do when a client dies is to notify the credit reporting agencies immediately.

What are the Dangers of Data Breaches?

We recently had a data breach with a company called Professional Finance Company, a collection and billing company for thousands of healthcare companies, hacked. Two million people were affected through their Social Security numbers and other important information.

There is a great website called https://haveibeenpwned.com/. Just enter your email address (it will scare the heck out of you), and it will show which breaches included leaking your information.

The best thing that you can do to protect yourself from data breaches is to have unique passwords for all of your accounts. You can use a password manager or, if you want to do it yourself, find a base password like “Idon’tlikepasswords.” Capital letters, small letters, and apostrophes. Add three exclamation points after it, and then you have a good base password. Then, you can adapt that to individual accounts. For example, your Amazon password can be “idon’tlikepasswords!!!ama.” This way, you can have a unique password for everything that you are going to recommend.

Freeze your credit and freeze your kids’ credit because minor children are significant targets of identity theft. They often do not learn about it until they apply for a college or car loan after they are 18. It is the best thing you can do.

New Laws and Regulations to Protect Against Elder Fraud, Identity Theft, and Scams

A recent law is the Senior Safe Act, which allows a financial institution to report when they think there is financial abuse going on without the risk of being sued.

The Financial Industry Regulatory Authority (FINRA) is a regulator of securities firms. They allow brokers to place a hold on withdrawals from the client’s account when they believe there is financial exploitation, and the hold can last up to 15 days. Another recent FINRA rule allows a trusted contact, such as a family member or friend, to whom the broker advisor can reach out if they think there is a problem. This past March, the federal government passed the Fraud and Scam Reduction Act, which will primarily gather information to create educational programs.

Steps to Take to Protect Against Elder Financial Abuse

What should you do if you have an elderly family member or client you want to monitor? It is essential to recognize that family members or caregivers do much financial exploitation.

You want to keep personal financial information and account information safe and secure. Monitor the accounts. You may want to place limits on access to funds, such as through a particular credit card. Some of the things you look for are unusual bank activity, large or frequent unexplained withdrawals, sudden insufficient funds in accounts, checks written as loans or gifts, changing the address of bank statements, and sudden changes in estate planning.

One of the things you can do is limit access to funds. You can set spending limits. You can get things like the True Link debit card. It is a prepaid Visa card that you register in the older adult’s name and have it customized to allow certain kinds of payments and block others. For example, you can block the Home Shopping Channel. You can pick out limits on ATM cash withdrawals or even prevent ATM cash withdrawals.

EverSafe will monitor your bank and investment accounts, credit cards, and credit data for the senior. You set up the trusted advocate, someone who is to be notified as well. EverSafe looks for anomalies, unusual withdrawals, missing deposits, and irregular investment activity, and they will immediately contact the person you have on file.

Your Elder Abuse, Identity Theft, and Scams To Do List:

1. Tell all seniors not to click on links.

2. Do not provide personal information over the phone in response to an email or text message. Be skeptical all the time.

3. Freeze your credit. It is free to freeze. It is free to unfreeze.

4. Use dual-factor authentication whenever you can.

5. Use a complex and unique password. Maybe you want to use a password manager. Here again, the paranoia in me is that I do not use a password manager because I know they are a target for identity thieves. So far, their history has been good, but I prefer to use the adaptive passwords mentioned earlier.

6. Use a nonsensical security question. Your mother’s maiden name can be “Grapefruit.”

7. Shredded documents with personal information will be a problem if it falls in the wrong hands. There are dumpster diver identity thieves out there gathering this information. Believe it or not, when you shred it, get a cross shredder. In Arizona, in particular, there have been identity thieves who will hire methamphetamine addicts who stay up all night piecing together vertically shredded material. So, cross-shred.

8. Do not use your debit card for anything other than an ATM card. Use your credit card. The reason is that the debit card is tied to your bank account, no matter how much it looks like a credit card. You do not get the same protection that you do with a credit card from fraud.

9. If you do not correctly report a fraud on a debit card, you are in danger of losing your entire bank account. Federal law protects you from no more than $50 of fraudulent activity with a credit card.

10. Be wary of putting too much information up on social media. Do not be your own worst enemy.

11. Secure all of your devices. Make sure you have good security software on your phone and your computer.

12. Set up the My Social Security account.

13. Sign up for informed delivery from the U.S. Postal Service. This is a great service. You can go online and see the mail that will be delivered to you the next day. Maybe there is something in there you want to make sure you will get because there are identity thieves who will cruise neighborhoods and steal mail. If it is your credit card or if it is a check coming in, these are things that can hurt you. Worse are people who write a check, put it in an envelope, put it in their mailbox, and flip up the red flag to notify the postal carrier. They are also notifying the identity thieves to come and get it. So, use that informed delivery and do not put outgoing mail in your box.

14. You may want to use a virtual private network (VPN). With public Wi-Fi, you can never be sure who is using the real Wi-Fi and how secure it is. So, if you are using public Wi-Fi or even at home, a virtual private network encrypts all your communications and is easy to set up and use.

Ultimately, we want to do our best to protect ourselves from scams and identity theft. You can do many things to protect yourself from becoming the low-hanging fruit.