Retailers ask Congress for data breach notification law

From Retailers ask Congress for data breach notification law,

PDF: Retailers ask for data breach law

Hardly a week goes by without some major data breach hitting the news. By now, we’ve become accustomed to hearing about these incursions in which hackers gain access to sensitive consumer records. And each time, the number of affected consumers gets bigger and bigger, and often we learn about the event weeks or even months after the damage has been done.

In the case of the Equifax breach last summer, it took several weeks for the news to break that hackers had been raiding the credit-reporting giant’s files, compromising the data of nearly 150 million consumers. Since that breach, business groups and consumer watchdogs have been turning up the heat on Congress to do something about the time it takes to notify those affected by breaches.

The financial and retail industries have long sparred over proposed laws regulating when and how a company should notify the government and the public about when a data breach has occurred. At the heart of the matter is a growing need — recognized by both industry groups and both parties in Congress — that better federal laws are needed to replace a varied patchwork of different state laws governing breaches across the nation.

On Valentine’s Day, 11 major retail groups petitioned Congress to pass uniform national legislation that “leaves no holes” and makes all types of businesses responsible for notifying consumers in a timely manner.

In a letter sent to the Financial Services Committee, the National Retail Federation and other trade associations representing “convenience stores, restaurants, truck stops, gasoline stations, grocers, real estate agents, franchises, hotels and the travel industry” said they support a uniform federal law governing what business must do when credit card or other data is breached, but said it should apply to all businesses that handle sensitive consumer data. The NRF announced the action in a news release.

NRF was part of a group comprising the retail sector that was protesting a repeat of failed legislation in 2015 that would have made notification “mandatory for retailers but voluntary for financial institutions.” The group argued that the financial sector, including banks, credit-card companies and others comprised nearly a quarter of all data breaches, while the retail sector accounted for less than 5 percent.

“Every industry sector — whether consumer-facing or business-to-business — suffers data security breaches that may put consumer data at risk,” the letter said. “To protect consumers comprehensively wherever breaches occur, Congress should ensure that any federal breach notification law applies to all affected industry sectors and leave no holes.”

In early January, a broad coalition representing the financial services industry urged Congress to pass “flexible, scalable standards” for data protection that is “tailored to the size and complexity of the organization as well as the sensitivity of the data the organization holds.”

While large-scale breaches happen to retailers, financial-services companies find themselves increasingly targeted by thieves who are often funded and equipped by organized crime. An October report by Thales Security noted that 42 percent of financial institutions had experienced at least one breach in the past, with many reporting multiple events. For its part, the financial industry has been aggressively working to target fraud attempts. In January, the American Bankers Association announced that banks had stopped $17 billion worth of fraud attempts during 2016.

The sheer size and scale of the Equifax breach is likely to lead to changes in when and how companies of all types must notify the public when a breach occurs, and the pressure is now on Congress to act. But ultimately, what’s at stake is the sensitive information from millions of customers. The protection of that information should be the highest priority for all concerned.


Amazon Prime monthly, not full-year, subscribers will pay more

via Amazon Prime monthly, not full-year, subscribers will pay more,

PDF: Amazon prime users face price hike

Amazon Prime has become a must-have for millions of subscribers in the past couple of years, but the announcement that the company is raising its monthly fees by 18 percent may make some rethink their strategy of paying monthly fees.

On Jan. 19, Amazon sent out a message to its millions of subscribers to announce that the price of a monthly Amazon Prime subscription will rise to $12.99 from its previous $10.99 price on Feb. 18. Now, that two dollars may not seem like a lot, but it’s substantially more than you’d pay if you just opted to pay for a full year in advance. That price is remaining at $99, where it has been for some time.

The hike means monthly subscribers will pay $155.88 a year. Amazon Prime’s student rates will also be increasing from $5.49 to $6.49 a month. The announcement follows on the heels of fall subscription price increases from NetflixPlayStation Vue and others.

 Since Amazon rolled out Prime in 2005, demand has been growing, along with what you can get for a subscription. First it was just free two-day shipping, then other features have been added, such as Amazon Prime’s streaming video service. The annual fee has remained at $99 since Amazon hiked it from $79 in 2014.


While Amazon is notorious for keeping its subscription numbers secret, some pundits believe it could be in the range of 90 million.

While Amazon didn’t give a reason for its price hike in its online statement announcing the change, many tech experts suggest Amazon is trying to push consumers into the annual plans. Amazon Prime monthly subscriptions debuted about two years ago as an alternative for people who didn’t want an annual commitment or just couldn’t afford to pay $99 all at once. Some experts believe the monthly subscriptions program is losing money for the tech giant, which famously started in Jeff Bezos’ garage 24 years ago.

Amazon argues that its list of “benefits” for Amazon Prime users is growing, and growing fast, justifying the uptick in price.

“Prime provides an unparalleled combination of shipping, shopping and entertainment benefits, and we continue to invest in making Prime even more valuable for our members,” the company said in a statement to the tech website Recode. “The number of items eligible for unlimited Free Two-Day Shipping increased in recent years from 20 million to more than 100 million items. We have expanded Prime Free Same-Day and Prime Free One-Day delivery to more than 8,000 cities and towns. We also continue to introduce new, popular and award-winning Prime Originals … Members also enjoy a growing list of unique benefits like Prime Music, Prime Reading, exclusive products and much more.”

So, if you are interested in spending less of your hard-earned money, plan to keep getting the benefits of Amazon Prime for more than seven months and can afford a single $99 payment, the annual subscription is a no-brainer.

Trying to ‘unsubscribe’ email can be a spam scam



SEO Pressor Connect

From: Email opt-out may be scam,


Today, I got a couple of emails from a textbook company. These messages had been coming with regularity every few days, and although I know the company, these particular messages are outside my area of interest. Tired of getting irrelevant messages, I scrolled to the bottom of the page and found the “unsubscribe” link. Upon clicking the link, my browser immediately sprang into action. But instead of getting the expected “We’re sorry to see you go” text on the page, I instead got a message saying, “This site can’t be reached” and cited a DNS error.

I tried several times, each time getting the same response (none). After my initial irritation, I just changed my email settings to mark future messages from the company as spam. Since I’m familiar with this particular company, I chalked it up to somebody not doing their job with checking to make sure the links actually work, as opposed to an intentional act of deception.

If you’re one of the world’s 3.7 billion email users (according to the Radicati Group), you probably get messages every day you don’t want. That’s part of doing everyday business, and most users just delete unwanted messages, send them to the “spam” folder or report them to the service provider. But companies can get into serious trouble if they don’t provide a (working) way to honor recipients’ requests for removal.

 The CAN-SPAM Act of 2003 governs how companies handle commercial email solicitations. The Federal Trade Commission holds the primary responsibility of enforcing the act, as well as administering fines for violations (which can penalize businesses thousands of dollars for each separate violation of the act). Specifically, CAN-SPAM requires that businesses avoid using false or misleading headers or subject lines, failing to disclose a message is trying to sell something and avoiding telling people where to find your company. But the most well-known portions of CAN-SPAM have to do with handling requests to be removed from mailing lists.

The FTC provides some guidance in its Compliance Guide for Business. Specifically, the document advises companies, “You can’t charge a fee, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request.”

 In addition, requests have to be clear and conspicuous, and although you may direct users to a page where they can select their preferences, it must include an option to opt out of receiving any more messages from you. Requests must be handled promptly, and be honored within 10 business days. And once you’re notified, you can’t “sell or transfer” their email addresses to another entity (unless you can show you’re hiring the other company to help with compliance with the law.

Computer security experts often get asked whether it really does any good (or whether it’s risky) to click “unsubscribe” links. Most experts agree that law-abiding companies who care about their reputations are going to comply. However, it’s also clear that much email traffic is unsolicited (spam) email that tries to hook you with scams and ripoffs, or those who want you to click a web link so they can steal your identity or install malware on your computer. Such entities aren’t likely to honor your requests to be removed, and clicking their links may actually make you get more spam.

Bottom line: exercise caution in clicking on any links in an unsolicited email, or opening it at all. If in doubt, just delete it, especially if it comes with an attachment. If they send you messages frequently, report it as spam to your Internet Service Provider, and use your email client’s rules feature to snare them before they even reach your inbox. After all, the best unwanted message is the one you never see.

Penny auction sites: The house always wins

Source: Penny auction sites: The house always wins,

PDF: The_Clarion-Ledger_State_20170424_A003_0 (1)

If you were in the market for a ring that would ordinarily cost $1,000, but only had to pay $50 for it, you might consider that a good deal. Owners of some websites are betting you would and have made millions doing it.

Brands such as DealDash and Qbids are called “penny auctions” and are part of a fast-growing online industry. They work quite differently from traditional auction sites such as eBay. With traditional sites, a seller places an item for bid, and potential buyers place their bids. As time runs out, whoever bid the highest amount is the winner and then must purchase the item.

But on penny auction sites, bidders pay regardless of whether they win. Participants pay for every bid and often buy bids in “packs,” sometimes costing hundreds of dollars. With each bid, the cost rises by a penny or more. With many auction sites, you’re not necessarily buying the item; you’re buying the right to buy it at the final price. If you win, you must claim the item within a specified amount of time or lose not only the item, but your bid money as well.

Consumer watchdogs and government regulators have warned the public for years about penny auctions. Last week in a Minnesota district court, a man filed a class-action suit against DealDash, one of the larger online penny auction sites, complaining that the company was advertising top-name brands, but was actually selling generic items sold by companies with a connection to DealDash’s founder. In addition (among a host of other allegations), the plaintiff alleges the deals advertised don’t really reflect the true cost paid by winners — or losers.

The plaintiff called DealDash auctions “perverse lotteries in which U.S. consumers have lost tens of millions of dollars in their fraud-induced pursuit of sham merchandise.” One concern, the suit contends, is that participants must register up front, and enter a credit or debit card number. The customer then is required to purchase a certain number of bids in a bid package (between 60 and 2,400), with costs varying. (The lawsuit contends the bids cost between 12 and 15 cents per bid). Thus, the consumer ends up paying a lot, sometimes exceeding the amount it would have taken to purchase the item at full price.

 There’s much more in the lawsuit; Consumerist (a blog run by Consumer Reports) has it available at

If you’re considering entering a penny auction, you should be aware of a few things. In a blog post about penny auctions, the Federal Trade Commission notes there are several potential problems with penny auction sites, including:

  • Time lags. Many auction sites are slow to deliver merchandise, and sometimes the quality of merchandise isn’t as advertised.
  • Misleading terms. Terms like “bonus bids” might trick you into thinking the bid is free, when it isn’t.
  • Hidden cost. Some sites make you pay membership or subscription fees, or have other costs hidden in the fine print.
  • Complaint problems. Many dissatisfied customers have tried to complain to the company hosting the auction, only to find that they get no response or are told they have no recourse.

And finally, you’re betting against the house. These sites would not be in business if they didn’t make money. To ensure that, some operators are using automated software to push bidding higher, and the sites are designed to build excitement around a bidding process with flashy graphics and countdown clocks. If you participate, it’s a good idea to remember the old gambling adage: The house always wins.

Phishing scams targeting PayPal and Amazon users, Hood says

Source: When hackers phish, cut bait,

PDF: when-hackers-fish-cut-bait

The 18th-century British writer and lexicographer Samuel Johnson famously described fishing as “a stick with a hook at one end and a fool at the other.” Whether you’d agree with that particular snarky assessment, you’d have to admit it’s pretty clever. Personally, I love to fish, although the fish apparently laugh when they see me coming because my fishing skills are not much of a threat. But regardless of whether I catch anything, the trip is nearly always time well spent.

The ancient concept of putting out bait and waiting for a bite has been adopted very successfully in the digital world. Back in 1996, according to Computerworld writer Russell Kay, hackers began noticing that a lot of scammers were posting emails with links that appeared to be legitimate but took the user to nefarious sites designed to dupe them into divulging passwords and other critical information. Because the term “phone phreaking” had been adopted years earlier to describe technology used to hack telephone systems, hackers similarly began using the “ph” to replace the “f” in fishing.

In the two decades since, scammers have gotten a lot more sophisticated at luring unwary consumers with links that appear to be from well-known merchants and companies. And it’s hitting near home. Last week, Attorney General Jim Hood warned Mississippians that users of PayPal, Amazon and others are at risk from phishing scams.

“These online services and businesses make it easy for consumers to shop and pay for items online, but there are people out there who want to use this convenience as a way to steal your money, or even worse, your identity,” Hood said in a news release.

Hood reported that computer users were getting emails warning them their PayPal accounts had been compromised and limited for security reasons. They were encouraged to click a link (unsecured) to a spoof site where they were asked to enter their PayPal username and password. Once they provided the information (of course), the scammers could “log in to the consumer’s legitimate PayPal account to spend any remaining funds, bill credit cards or steal personal information.”

One red flag that was apparently missed by many was that the PayPal was misspelled on the spoof site (spelling ability is apparently not part of these guys’ job descriptions).

Hood went on to describe a scam appearing to be from online giant that takes various forms, including emails that ask for information to confirm bogus Amazon orders, requests to update usernames and passwords, links to sites that will install malware and others.

Hood recommends consumers who have PayPal or Amazon accounts and receive similar emails not click on any links or submit any usernames, passwords or personal information via email. Instead, go to the companies’ actual websites and use the sites’ secure login to verify any account activity. “Although these scams have been around for quite some time, they continue to try to lure victims,” Hood said. “I encourage consumers to protect themselves from fraud and identity theft on the internet through education and awareness.”

Hood added these suggestions:

  • Don’t respond to any unsolicited e-mails.
  • Do not click on any attachments associated with such emails, as they may contain viruses or malware.
  • Don’t reply to emails or pop-up messages that ask for personal or financial information.
  • If you’re concerned about your account, contact the organization in the email using a telephone number you know to be genuine, or open a new internet browser session and type in the company’s correct web address. In any case, don’t cut and paste the link in the message.

More tips can be found in the news release at

If you suspect you’ve fallen victim to such a scam, call Hood’s Consumer Protection Division Hotline at  1-800-281-4418.

Time to change those passwords


via Data breaches becoming all too common,


A decade or so ago, the term “data breach” was unfamiliar to most of us. That’s changed dramatically in the past couple of years. We have gotten used to hearing about bigger-and-bigger thefts of consumer information, each more audacious and troubling than the last. And because there are so many incidents reported every day, it takes something really, really big to get the attention of the media.

Last week, we passed a milestone in this regard as Yahoo, one of the biggest players in the e-commerce world, announced that more than a billion of its e-mail accounts had been compromised more than three years ago. That announcement was on the heels of a September revelation that data thieves had made off with information from 500 million accounts in late 2014 in a different data breach.

Consumers with Yahoo addresses have been warned that passwords were likely compromised in the attacks (but no direct financial information). Still, the amount of information that was lost could be used for identity theft and other nefarious purposes. Many experts have concluded that consumers are increasingly vulnerable. PC World Magazine issued this stark advice for consumers: “If you’re a Yahoo user,” wrote blogger Lucian Constantin, “you should consider your password compromised and should take all the necessary steps to secure your account.”

As the announcement was being made, Mississippi Attorney General Jim Hood sent out a news release, warning Mississippians to remain vigilant. “Our personal information is becoming increasingly vulnerable to hackers, so we must stay vigilant about our online habits,” Hood said. “We can no longer have the expectation that sensitive data will be secure on the internet, so it’s up to us as consumers to be cautious, stay informed and take action to protect ourselves when incidents like this occur.”

In past columns, I’ve written about various topics surrounding internet security. In most cases, a secure password remains key in helping thwart identity theft. We may not like to go through the hassle of changing our passwords frequently, but it’s crucial. And since the approaching new year is a good time to think about changes, it’s also a good time to adopt this habit. Unless and until we have some better ways to ensure our security, we’re going to have to live with passwords.

Hood noted that Yahoo users should use extra caution. Here are a few of his suggestions:

  • Consider “two-factor” authentication when using email or financial services online. This simply means that getting into your account requires at least two steps, such as a password and security code via a linked phone or other device.
  • Avoid unsolicited emails that seek even more personal information or financial data. “Following a large-scale data breach, scammers may attempt to steal a consumer’s identity or access bank accounts by sending out fake notices,” Hood warned.
  • Monitor financial accounts for any unusual charges or activity. Report unauthorized charges immediately.

Here are some other of Constantin’s suggestions from his great article in PC World:

  • Don’t save emails you don’t need. Thieves could easily comb through archived emails and get clues to help steal your identity. While most of us don’t regularly clean out our email accounts since storage space is not an issue, it’s a good idea to go through past emails and delete them (and empty the “deleted items” folder).
  • Check your forwarding settings. Once hackers get access to your email, they can go in and create rules that automatically forward certain emails. It may take a few minutes to locate the controls for these features, but turning off auto-forwarding can keep this from happening.
  • Never reuse passwords. I know, I know … it’s hard to remember all those passwords, and having to enter a new password is a pain. But having unique and hard-to-crack passwords is necessary. Good passwords should be long, contain a mixture of letters, numbers, cases and symbols, and difficult to guess. One good habit is to intersperse symbols with similar letters. For example, instead of making your password “Mustang1”, instead you might want to use “Mu$tAnG1”. And unless you have an eidetic memory, you’ll probably need to use an app (or some other secure method) to remember them all.

Feds: Blood pressure app unreliable


via Blood pressure app unreliable,

PDF: the_clarion-ledger_state_20161219_a003_1the_clarion-ledger_state_20161219_a005_3

Remember the old “medical tricorders” which became a fixture in the various “Star Trek” shows? Dr. McCoy and his fellow starship physicians were constantly waving these small devices over their patients, doing everything from scanning blood for toxins to mending broken bones. While some of us may have believed these devices actually existed, they were no more than Hollywood props, the technology behind them still in the realm of science fiction.

Many futurists believe the notion of the medical tricorder is not only possible, but in some ways, exists now. Already, wearable devices can track your heart rate, respiration and estimate your calorie count. And in the next few years, medical science promises even more wonders. A lot of those developments will be coming through today’s smartphones and their descendants.

But one thing that’s apparently not within the ability of a mobile device — at least yet — is accurately recording your blood pressure without using traditional methods. Such claims have landed at least one company in hot water with federal regulators.

The Federal Trade Commission has reached a settlement with a company called Aura Labs Inc., doing business as AuraLife and AuraWare, after charging it with deceiving customers into thinking their “Instant Blood Pressure” or “IBP” app could provide blood pressure readings that were as accurate as a traditional blood pressure cuff. In a $595,000 settlement with the FTC, Aura Labs settled allegations the company’s owner provided positive customer reviews for the product without disclosing his conflict of interest.

 “For someone with high blood pressure who relies on accurate readings, this deception can actually be hazardous,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection. “While the commission encourages the development of new technologies, health-related claims should not go beyond the scientific evidence available to support them.”

According to the FTC’s complaint, Aura sold the IBP app through Google Play and Apple’s App Store for between $3.99 and $4.99, garnering more than $600,000 in 2014 and 2015. Marketing messages included claims the app “could be used to replace around-the-arm cuffs and would be just as accurate as the traditional device,” the FTC charged. Users were instructed to place their index finger on the phone’s camera lens and hold the base of the phone over their heart.

But — at least according to the FTC — that wasn’t enough to get a good measurement. The agency reported that the readings from this activity were “significantly less accurate” than readings obtained the traditional way. “Although defendants represent that the Instant Blood Pressure App measures blood pressure as accurately as a traditional blood pressure cuff and serves as a replacement for a traditional cuff,” the FTC charged, “in fact, studies demonstrate clinically and statistically significant deviations between the app’s measurements and those from a traditional blood pressure cuff.”

Of course, a visit to the Apple or Android app stores will reveal thousands of apps that make similar promises. Shutting down one is not likely to stop the sale of apps with questionable medical value. Many medical experts have become increasingly concerned about the proliferation of these apps, which — even though they may include disclaimers that the app is “for entertainment purposes only” — could give people false information about their health with possible disastrous consequences. If you’re considering buying one of these apps, most experts advise you to be careful, and not rely on them for something as important as your health.

But there is good news on the horizon; if the meteoric rise of technology over the past few decades is any indication, science fiction will eventually become science fact. In the not-too-distant future, a descendant of the smartphone you live with every day will really help you live longer, healthier lives, eclipsing the wildest dreams of “Star Trek.” Dr. McCoy will be jealous.

2.7m AT&T customers getting refunds


via 2.7M AT&T Customers getting refunds,


It seems few people bother to actually read the details of their telephone bills these days. And there are some folks who would like to keep it that way; they can make a lot of money if you don’t notice charges appearing on your bill for services for which you didn’t know you had signed up — or for which you never signed up in the first place.

The practice of placing unauthorized charges on phone bills — known as “cramming” — goes back decades. It’s widely considered an unscrupulous practice, although it has stubbornly refused to go away. Cellphone users have found their bills can contain charges for everything from ringtones and horoscope services to credit monitoring and seedy 900-number calls. Of course, you can have a lot of things charged to your phone bill; things like in-app purchases and texting donations are convenient and commonplace. But sifting through your bill might result in some surprises.

Last week, the Federal Trade Commission announced that more than 2.7 million customers of AT&T Mobile services will be getting checks in the mail, as part of a 2014 settlement with AT&T and two companies called Tatto and Acquinity over various types of unauthorized charges that appeared on AT&T customers’ phone bills. The $88 million in refunds will be issued in the form of bill credits and, in some cases, checks. Refunds will be sent out over the next 75 days and will average about $31, according to an FTC news release.

The refunds represent the most money ever returned to consumers in a mobile cramming case, the agency noted. “AT&T received a high volume of complaints related to mobile cramming prior to the FTC and other federal and state agencies stepping in on consumers’ behalf,” said FTC Chairwoman Edith Ramirez. “I am pleased that consumers are now being refunded their money and that AT&T has changed its mobile billing practices.”

The FTC charged that AT&T had kept at least 35 percent of the money gained from the unauthorized charges on customers’ phone bills, which averaged $9.99 per month. Under the settlement, which involved all 50 states and the District of Columbia as well as the Federal Communications Commission, AT&T will notify current customers who were billed for unauthorized third-party charges of the refund program and has agreed to “significantly change” its process for third-party billing.

If you’re due a refund, you should have been notified by Epiq Systems, the refund administrator for the refund program. The FTC reports that checks and bill credits began Dec. 8.

Most experts agree the best way to stop unauthorized charges is to read your phone bill thoroughly. Cell service providers — as well as land-line providers — are required to provide you with a clear and understandable phone bill that details all the charges. It’s a good idea to take a good look through the bill to make sure you know exactly what you’re being charged, and for what. If you see anything you didn’t authorize, call your provider immediately to dispute it or seek further information.

One caveat: Don’t assume just because you don’t recognize the name of the company, that it’s not legitimate. Many companies use the name of a corporate parent company or doing-business-as (DBA) name to charge you for things you actually did order. For example, if you text a donation code to your favorite charity, the charge might not say the name of the charity to which you donated because they’re using a third-party service to collect the funds. So you might want to get into the habit of jotting down the date, time and amount of things you ordered, so you can verify it when the bill comes.

If you do file a dispute, be sure to write down the person you spoke with, the date and time, any promised actions and confirmation numbers. That way, you can go back later to make sure the company followed up on its promises. If you have any questions about the refund process, you can call the FTC consumer redress hotline at 1-877-819-9692.

Be wary of payday loans online

via Be wary of payday loans online,


PDF: online-payday-loans

The online loan industry is booming, and with it, the potential for fraud. Every day, cash-strapped Americans fill out loan applications from ads they see on websites, social media and emails. While some of these companies are really offering loan services or connecting borrowers with real loans, many others are just a way for scammers to make a quick buck.

Some consumers who thought they were applying for payday loans online got a nasty surprise a couple of years ago when their information was allegedly sold to scammers who cleaned out their bank accounts and maxed out their credit cards without their consent. The Federal Trade Commission announced last week that they’d closed down one such operation.

The FTC reports that it has charged one defendant, Jason A. Kotzker, and co-defendants with taking the information from consumers (which was supposed to have been sent to payday lenders) and instead passing it to companies like Ideal Financial Solutions, which then “raided consumers’ accounts for at least $7.1 million.” Then, the agency alleges, Kotzker and fellow defendants helped Ideal Financial hide the fraud from banks.

This isn’t the first time the feds have shut down such “data broker” operations, which target consumers seeking online payday loans. Instead of offering them the loans they sought, these operations have often signed consumers up for “membership programs” which are nearly impossible to stop. Such scams are plentiful and lucrative for their operators and won’t stop anytime soon.

If you’re looking for a loan online, you need to be careful. Many legitimate-looking sites are just fronts, designed to reassure you that you’re dealing with a legitimate company. The FTC has some good advice to avoid becoming a victim. Here are a few suggestions, from the FTC and other sources:

  • Keep a close watch on your information. Merely filling out the fields on an online application — whether or not you hit the “submit” button — can be dangerous. Many scam sites use keylogging, software that tracks and records your keystrokes.
  • Read the fine print. If any part of the application or fine print is hard to read or decipher, don’t follow through.
  • Review your bank accounts for unauthorized charges. Scammers can hit their victims pretty quickly online, so it’s important to review your bank statements thoroughly, or (better yet) track your bank accounts daily through the bank’s website or app. This will let you know if anything’s fishy so you can report it.
  • Beware of “no-credit-check” loans. Most lenders are going to perform a credit check to determine your creditworthiness before offering you a loan, even if it’s just an employment verification. If there is no evidence the lender has checked into your credit or background, it could be a red flag.
  • Beware of unsolicited offers. Often, tracking software can help flag web users who look online for loans. This can lead to pop-up ads and unsolicited loan offers. Disreputable companies often use these tactics to find victims.

Online reviews too grrrreat?




via Online reviews too grrrreat?,

PDF: the_clarion-ledger_state_20161203_a005_2the_clarion-ledger_state_20161203_a006_0

Previously, we have written about how companies sometimes hire people to write favorable reviews about their products, with endorsements often appearing on social media and advertising. This sort of self-dealing is what has gotten a lot of companies in hot water with regulators and consumer groups, largely because it tends to muddy the waters when consumers rely heavily on what they see and read on the internet. Many people who rely on online reviews about a product before purchasing would be less likely to consider the review reputable if it were known the reviewer was paid to say positive things (especially if they didn’t clearly disclose that fact).

It’s all reminiscent of the Payola scandals of the 1960s, when the music industry was shaken by revelations that some disc jockeys were regularly being paid to play certain songs, boosting the records’ perceived popularity and in turn making them much more lucrative. The scandal helped destroy the careers of “Father of Rock” Alan Freed and others.

The most recent example of “pay for play” review practices is the venerable Kellogg Co., which has become known to generations of cereal-eating consumers as a brand associated with quality products. But last week, The Associated Press reported that its reporters had obtained a copy of a contract between the company and a group of “independent experts” called the “Breakfast Council.”

The group included nutritionists and other experts who allegedly received an average of $13,000 a year to review Kellogg’s products, post favorable reviews on social media and use “talking points” provided by the company in their reviews. According to the AP’s story, participants were prohibited from offering media services “competitive or negative to cereal” and required to conduct “nutrition influencer outreach” on social media or with colleagues.

“I’m still feeling great from my bowl of cereal & milk this morning! Mini-Wheats are my fave,” a council member posted during a Twitter chat with Kellogg about the benefits of cereal. Kellogg introduced the dietitian as a “Breakfast Council Member.”

For its part, Kellogg defended its practices in the AP’s story, but noted it understood such blurred lines could cause confusion. The Breakfast Council has since been abolished.

Still, the issue has also helped erode trust in all types of media at a time when the media’s reputation as reliable and unbiased is already a shambles. In September, the Gallup Organization reported that Americans’ trust in the mass media had reached a historic low, with an average of 32 percent of people saying they don’t trust the media. That’s the lowest number since 1976.

It should be noted that, if you think navigating the online-reputation world is easy, you’d be wrong. Companies spend millions to develop their reputations, and being on the wrong end of negative news can destroy everything practically overnight. And, while there’s nothing wrong with encouraging online reviews, optimizing your company’s search engine profile and making sure your company puts its best foot forward online, it can be tempting to go further.

In recent months, scandals have erupted after it was discovered that companies paid people to post fake reviews on sites like or Yelp; paid popular bloggers to write positive reviews or failed to (clearly and conspicuously) disclose that payments were made.

Since the internet has become the “watering hole” where people share news, information and reviews about products, consumers are looking for valuable and accurate information to help them make choices. Of course, everybody understands advertising and marketing are there to help sell a product, and they understand what they see, hear and read in advertisements is bought and paid for. But when it’s discovered the line between fact and claim isn’t clear, reputations can be irreparably harmed.

Many companies already belong to organizations that have a code of ethics; every company that sells products should adopt one (and adhere to it). If it’s not sufficient or broad enough, write your own, or adapt one such as this one, by blogger Morten Rand-Hendriksen: Of course, just signing on the dotted line is easy, but having enforceable and robust company policies can help protect your company’s most valuable asset: its reputation.