Posted in be prepared for emergencies, Disaster Preparedness

How to Avoid Disaster-Related Fraud

Fotolia_114103052_XSWhen disasters such as earthquakes or floods strike the United States, an outpouring of financial and emotional support pours in for the victims. Unfortunately, some people prey upon this type of generosity by defrauding disaster victims, donors, and the government. Disaster-related fraud takes several forms, from bogus websites luring people to make donations to fake construction contractors who extract money from vulnerable homeowners. I was once taken in by a bacon-of-the-month scam artist. I should have known that it was too good to be true!

Another example occurs when merchants hike the prices of supplies that are in high demand by disaster victims. For example, during the recent West Virginia flooding, some merchants, such as local hotels and restaurants, were raising rates for bottled water and toiletries in order to cruelly capitalize on short-term demand. I’ll admit that I once stockpiled pig ears. But I didn’t do it to defraud anyone. I just figured I should have an ample supply.

Avoid Fraudulent Donation Workers and Sites

Some unscrupulous individuals pose as workers for charitable organizations, saying that they  are “collecting donations” after a disaster. They will push people to give cash donations which are untraceable and cannot be rescinded. Always ask for identification from volunteers seeking donations, and to be 100% sure of their affiliation,  donate directly through the charity’s main website. After Hurricane Katrina, several people were convicted of impersonating Red Cross workers and dozens of fraudulent donation websites were shut down by authorities.

Online scammer reaching to steal money out of a pocket of a naive internet user, vector illustration, EPS 8Red Flags to help you spot fake donation sites:

  • 100% to victims promise! Genuine charities have overhead, so they can’t possibly give 100% of the donations they collect directly to victims.
  • Site and email misspellings and grammar errors. Compare each website with the official website for the charity. And before inquiring on the satellite site, do a search for the email address on the main charity’s website. After Katrina, unscrupulous scammers purchased the domain name @redcross.org and set up an email account support2@redcross.org, a spoofed Red Cross email address which took people to a fraudulent website for “donations.”
  • Check the site’s “contact us” information. Legitimate charities will provide phone, email and chat support to connect with potential donors.
  • Google to identify fake charities. If an organization’s name sounds unfamiliar, search for it along with the word “scam” to find out if anyone has written news stories or filed complaints with the Better Business Bureau.

Spotting Contractor and Vendor Fraud

Contractor fraud involves someone posing as a qualified contractor. This person will, for example, contact homeowners after a flood and tell them they can repair wood floors or install carpeting on the cheap. Then, they collect deposits from multiple homeowners under the guise of doing work, but simply take the money and run. I have to say that this is abhorrent behavior. And I thought cats were bad!

During Hurricane Sandy, which devastated areas of New Jersey, millions of dollars in taxpayer-funded relief money was fraudulently secured. Some homeowners even pulled from savings or retirement accounts in order to pay contractors, thinking their expenses would be reimbursed. Unscrupulous contractors took advantage of these homeowners and were later indicted on federal charges. The problem prompted the Department of Community Affairs for New Jersey to create a website that educates residents about identifying and preventing contractor-related fraud.

Red Flags for spotting and preventing contractor fraud following disaster:Fotolia_32734369_XS

  • The contractor wants a large upfront payment. Contractors can ask for a portion of the funds upfront, but be very wary of anyone who asks for more than 30%.
  • Poor Reviews or lack of listing on the Better Business Bureau website. Also, check sites Yelp and Angie’s List.
  • Request payment by cash or check. Use a credit card when putting down a deposit, since most credit card companies offer fraud protection. I prefer using Bitcoins for my Amazon dog treat purchases.
  • Rushing you into an agreement. If a contractor is pushy or demanding and/or fails to offer a detailed work plan, then they could running a scam.
  • Address is out of the area. If the contractor claims to be well-known in the area, make a few hours to follow up on his or her referrals. Many scam artists come into an area from out-of-state to prey on homeowners affected by disasters and then flee the scene.
  • Exceptionally low bids. An overeager contractors with a “too good to be true” quote is a warning sign. Even if a low-bid is legitimate, if the contractor is willing to work at such a deeply discounted rate, he or she could have intentionally or carelessly made mistakes when providing the estimate. Many times, these contractors go back to the homeowner to ask for more money when they run out of funds.

Remember that safety is a daily priority. And one of the items you should be careful to safeguard is your money! A convenient and affordable way to make sure you are prepared for disasters and emergencies of virtually every kind is to subscribe to the RJWestmore Training System by Universal Fire/Life Safety Services, which has been designed to help improve and save lives. For more information about the best system out there, or to subscribe, click here.

Posted in Cyber Security, Disaster Preparedness, Terrorism, Workplace Safety

Cyber Attacks. Would you be prepared?  

Cyber Security concept on keyboard button

While we usually cover safety issues relative to incidents such as falls, earthquakes, or fire, the damages of failing to observe cybersecurity safety protocols, which — though life-threatening, can be equally devastating. Cybersecurity Awareness Month is observed in October, and is designed to raise awareness about the risks of electronic data and information breaches that can happen to individuals, companies and organizations. I guess I should consider myself lucky that my lack of opposable thumbs limits my ability to tweet. So it keeps my electronic risk at a minimum.

Last week, the focus of National Cyber Security Awareness Month 2015 was on the “smart world,” meaning all of the internet-connected devices that exist — from phones to thermostats. And here, I’ve always thought of “smart world” as contestants on the TV show, Jeopardy. This week, we focus on building the next generation of cybersecurity professionals, with an emphasis on promoting education and awareness to spark interest in the field. Education is essential for companies that want to protect their critical data from hackings and/or breaches.

Tips for Business Owners

Up to 95% of breaches are caused by human error. Notice that canines are not even mentioned. Whew! So, it is vitally important to train employees, first by giving them context, so they understand the consequences of data breaches and hacking incidents. Then, employers can guide them about best practices such as protecting passwords, carefully guarding data relative to outside agents, avoiding phishing scams, and adhering to data storage policies. Empower employees to alert management when something seems suspicious or odd or such as when someone from graphic design requests company financial data for something other than an infographic. Also, make sure staff members are careful not to post sticky notes with passwords on their monitors. I don’t use sticky notes, myself. They get stuck to my fur.

Additional best practices include:

  • Set automatic updates. Instruct IT to program automatic operating system and software updates, so the latest virus definitions and security protocols are always in place. Asking staff to perform these tasks manually opens you up to risks.
  • Establish login tracking. Login monitoring should be in place to spot external access attempts and identify employees who are accessing sensitive information or data outside their purview.
  • Set a security “fence” around sensitive data. I’m not usually a major fan of fences. But, in this case, they seem like a good idea. A company’s most important data (for example, personal customer information) should be protected behind a company firewall at all times. Restrict access to this data to a select few staff members. Also, make sure it is protected from potential download to personal devices or hard drives.

Tips for individuals to protect data and avoid cybersecurity issues:

  • Follow password procedures. Using “12345” or “password” for computer passwords is not recommended. Staff members should be trained about methods for selecting strong passwords and protecting sensitive documents.
  • Avoid storing data locally. News stories often recount employee losing laptops or thumb drives, with the device contents being used for illegal purposes. Discourage individuals from storing sensitive data directly on their devices. For greater security, instruct them, instead, to access data online. I guess that’s the mysterious “cloud” I keep hearing about? How safe can a cloud be for storing sensitive data?
  • Protect mobile devices. Employers increasingly allow employees to use their own devices to check email and access work data. Before approving this practice, instruct employees about methods for wiping their devices if they are lost or stolen. For maximum protection, establish and follow written “bring-your-own-device” procedures.
  • Don’t download unapproved software. Malware and other nasty computer bugs often reside in seemingly innocuous software. Beware of employees downloading free PDF-maker tools from the web. This software could be a launching pad for an attack. Staff should only download IT-approved software or apps to either their computer or mobile devices.
  • Don’t click on unknown links. Many businesses are targeted with official looking emails that provide an “important link.” Clicking on the link could infect the user’s computer, which can then travel throughout the employer’s network. Encourage employees to run suspicious emails by the IT department for a thorough review and safe deletion. Makes sense to me!

Remember that safety is a daily priority, so be sure to think about disaster planning all of the time. A convenient and affordable way to make sure you are prepared for disasters and emergencies of virtually every kind is to subscribe to the RJWestmore Training System by Universal Fire/Life Safety Services, which has been designed to help improve and save lives. For more information about our system, or to subscribe, click here.