Hackers Might be Using Your Facebook Data

Nobody wants their personal data to be exposed on the internet. Yet that is the reality for 533 million Facebook users around the world. In an unfolding data breach, their names, phone numbers, locations and other personal data were made available to hackers. Facebook IDs and bios, potentially including email addresses, birthdays and relationship status, have also been exposed. The breach affects 32 million users in the United States, as well as millions more in 105 other countries.

The personal information was first exposed in 2019 but the fallout continues, as the data were recently added to an online forum used by hackers and scam artists. Criminals seek out such details for various kinds of fraud, such as scams that lure targets onto malicious websites or trick people into transferring money. They also may use the data to break into personal accounts or steal an identity.

Fortunately, there are steps you can take to find out if you have been affected by this breach and even more broadly to protect your identity on social media. Facebook advises users to go to the independent website Have I Been Pwned  to see if your data has been made vulnerable to hackers in this or other attacks. It’s also a good idea to periodically change your Facebook password.

To learn about an array of online security issues – and how to protect yourself – go to the Federal Trade Commission’s (FTC) online security page.

Risk Factor: Don’t Post Your Vaccine Card Online

ScamWatch recently reported on a fraud wave involving fake vaccine cards and phony COVID-19 test results. Now, with more than 3 million Americans getting their shots every day, authorities are cautioning people not to post their vaccine cards online.

We understand the sense of relief that many people feel when they finally get their COVID-19 vaccine. But you still need to guard against fraud. Don’t celebrate online by sharing your personal information with the world. Just think about the details that go into a typical vaccine card. It makes no sense to highlight them on Facebook, Instagram or other social media platforms.

“Identity theft works like a puzzle, made up of pieces of personal information,” notes the Federal Trade Commission. “You don’t want to give identity thieves the pieces they need to finish the picture.”

If you have already posted your vaccine card, AARP recommends that you take certain steps to protect yourself. Options include:

• Taking down the post as soon as possible. (Strongly recommended.) You can always replace the picture of your card with a safer photo of an anonymous vaccine sticker.
• Modifying your profile picture to declare that you’ve been vaccinated.
• Editing the photo of your vaccine card to delete your personal data.

Post-Pandemic Scams Emerging

While grifters have had a field day with the pandemic, they are always hunting for new opportunities. Now, with signs that hiring is picking up, criminals are looking to take advantage of people who are entering the job market.   

As a prime example, the FTC recently warned of frauds that target job applicants online and in newspapers. If you are looking for a job, officials advise:

Beware of phony promises. If an ad promises that you’ll get the job, don’t even respond. Similarly, don’t fall for guarantees that you will reap a windfall of cash.

Don’t fall for the fake check scam. Con artists who pretend to be employers may send you a “check” and ask that you send back part of the money. The check they send will never clear, and you will lose all your money. No honest employer will try to con you in this manner.

Avoid the lure of “previously undisclosed” federal jobs. Don’t be fooled. Real federal jobs are generally posted on usajobs.gov. There are many other legitimate job sites, including your state’s Career OneStop.

Safety Tip: Remote Work Creates Fraud Risks

The pandemic has shown employers that a great deal of work can be accomplished from home. Many of us appreciate the convenience, even if we miss the social connection with colleagues. But be careful when you apply for work-at-home jobs.

The employment website Indeed.com offers seven telltale signs that a work-from-home job offer is phony:

1—The job sounds too good to be true.

When a job offer seems hard to believe, pay attention to your gut instinct. Are the salary and perks way above market rates? Do you truly qualify for this job? Congratulations if you do, but proceed with care.

2—You cannot find information on the company.

Employment scammers often use vague job descriptions to reel in more victims. In 2021, most legitimate companies have websites and a presence on social media. If the company is invisible online or the website is extremely vague, it may be crooked.

3—A second contact cannot confirm that the job is real.

Try to confirm independently that a company is authentic. You can attempt this by reaching out to an employee other than your initial online contact. If you succeed in reaching someone, ask questions. But remember that scammers may work together, so this tactic may not guarantee that a job offer can be trusted.

4—There are warnings online.

Use a search engine to check out the prospective employer. The results may show you that others have experienced a scam or have other concerns about the enterprise. Or maybe your search will provide evidence that the company is for real and you can rest easy.

5—The employer is overly eager to hire you.

Indeed says that if an employer is urgently trying to hire you, that it could be a “major warning sign” of a work-from-home scam. Legitimate employers do not typically pressure an applicant to accept a job. They are busy with other work and treat prospective employees with respect. An employer who is pressuring you to accept a job may very well be engaging in a fraud, and you should stop dealing with them.

6—You have to pay to work.

We’ve already mentioned the FTC’s warning about the fake check scam. Whatever the tactic, if an employer is trying to get you to invest money to get started, something sounds wrong. Scammers may ask you to pay fees for certification, training or supplies. If they do, watch out. Aren’t they supposed to be paying you?

7—The employer communicates poorly. 

Established companies should be able to speak and write in a professional manner. If emails include obvious misspellings and other mistakes, this can be a red flag. When you receive an email from a potential employer, scrutinize its content and the email address in your effort to ensure it’s legitimate.