Social Media Articles

ATM Jackpotting Scam

Hitting the jackpot in an arcade game is enormous fun. You stand there grinning as the tickets keep pouring out. And then you get to choose a cool prize to take home.

Recently, though, scammers have given this awesome kind of win a sinister twist by bringing the jackpotting mechanism to Automatic Teller Machines (ATM). This doesn’t mean you can ask for a $20 and the machine will start spitting out hundreds instead. But it does spell trouble for ATMs and their owners throughout the country.

Jackpotting attacks on ATMs have been spreading through Europe and Asia for quite some time.
Recently, though, the Secret Service sent out an alert warning that jackpotting has reached the United States.

The alert was reported by Brian Krebs, who quotes several sources for this warning and cautions the public to be aware and careful of these attacks.

Here’s what to know about the ATM jackpotting attacks.

How does it work?

First, an attacker performs some basic scouting to figure out a way into the ATM. They usually target models with front-facing panels because they’re easier to access. To avoid detection and gain easy access to the machines, thieves have been posing as ATM technicians. They’ve also been using medical endoscopes to reach the insides of the ATMs.


Once the vulnerable area within the ATM is determined, the scammers attach their own computers to mirror the ATM’s software. The thieves will now install malware, which conveniently places the ATM under their control. At this point, the ATM will appear to be out of service for users and so scammers can force the machine to do their bidding from a remote location.


The criminals’ final step in this hack is to program the ATMs to spit out piles of cash and to send “money mules” to go and collect the cash for them.


Alternately, scammers may quietly bide their time and only take action a few days, or even a week, later. They will then return to the compromised ATM and program it to dispense all of its cash at once – which they will promptly pocket, of course.


What malware is at play?

Krebs’ report suggests that the malware being used in these attacks is Ploutus D, a malware that has been widely used in ATM hacks since 2013. However, this claim has not been verified.

Just this past spring, researchers working in Kaspersky Lab wrote about three relatively simple ways fraudsters can hack and remotely control ATMs. The scammers can use any of these methods, or they may be using Ploutus D, as Krebs believes.

Which ATMs are Vulnerable?

While every ATM in the country is at risk of being attacked, the fraudsters appear to be particularly targeting Diebold Nixdorf-made ATMs.


The Secret Service alert also warns that ATMs running Windows XP are “particularly vulnerable” and should be updated as soon as possible. Unfortunately, though the Windows XP Embedded support ended more than two years ago, many ATM owners neglect to install updates as advised, therefore placing their machines at greater risk for hacks.


What you can do?

ATM jackpotting targets the machine’s owners and generally does not affect the common citizen. However, you can do your part to stop these crooks by reporting any suspicious activity you see near an ATM.


Did you spot a technician who looks out of place? Is an ATM that worked just fine yesterday suddenly out of service? If so, alert the local authorities so they can take appropriate action.


ATM Safety

While jackpotting might be relatively new to the U.S. and it’s not yet clear how widespread these attacks are, it’s always a good idea to exercise caution when using an ATM in a public setting. Here are some tips to remember the next time you use an ATM:


  1. Always cover the keypad with your free hand when inputting your PIN.
  2. If someone is lurking near the ATM for no apparent reason, do not use it.
  3. Be wary of signs that the ATM may have been tampered with, such as a new-looking keypad, a card reader that looks different than the rest of the machine, or an out-of-place security camera.
  4. Don’t use ATMs that are in unfamiliar neighborhoods or in stores you never frequent.
  5. If you’re withdrawing cash, be sure to secure your money in a wallet immediately after it’s dispensed. Don’t dawdle near the machine.


While the full impact of these jackpotting attacks is not yet evident, they are definitely not something the Secret Service is taking lightly. Do your due diligence to help stop the attacks, and always use caution when using an ATM in a public area.

6 Common Tax Mistakes To Avoid

It’s that time of year again! Get ready to break out the calculator and pencils; dig out the enormous pile of receipts, tax forms and pay stubs, and get to work. Drowning in paper and getting numb from all those numbers? Take heart! As soon as you’ve got it all organized and filed, you don’t need to think about your taxes again until next year.

Don’t be too hasty, though. You don’t want to wind up making a mistake that’ll delay your refund, make you accountable for a fee or, even worse, force you to do that dreaded paperwork and math all over again!

Whether you choose to go it alone, use a tax-prep computer program or hand it all over to an accountant, begin by checking out our handy list of common mistakes people make on their taxes.

1.) Faulty math

Believe it or not, one of the most common errors on filed taxes is simple math mistakes. A small miscalculation can throw off all your numbers and get you into trouble with the IRS. Using an online program or a number-loving accountant may mitigate this problem, but it won’t assure you of anything. However you choose to prepare your taxes, be sure to triple-check all the math before filing.


2.) Name changes and misspellings

When preparing your taxes, you’re thinking numbers. It’s true that most of the information you’re submitting is in numerical form, but don’t forget to pay attention to everything else on your form! Details matter, and if you use a name that’s different than the one the IRS has on file for your Social Security number, your refund may be delayed or not processed at all. Similarly, if you spell your name wrong, it won’t match the one the IRS has in its system and it could mean trouble for you and your taxes.


If you’ve recently changed your legal name because of a marriage or divorce, be sure to let the Social Security Administration know. Otherwise, remember to use the correct spelling of your legal name on all your tax forms. Review every form carefully before filing to avoid frustration later.


3.) Omitting extra income

Detailing your earnings from your day job is a given when preparing your taxes. Most of us even remember to include bonuses and extra commission earnings. But many people neglect to include other sources of income, such as freelance work, moonlighting as a consultant and any other side work they may have done throughout the year. If you’ve taken any side jobs in 2017, be sure to fill out a 1099-MISC and to file it along with your taxes.


4.) Deducting funds donated to charity

Everyone knows you can write off charitable donations as a deduction, but many people aren’t sure how to go about taking this step. Charity laws are complicated! First, only donations given to an organization with a tax-exempt status can be deducted from your taxes. Second, if you’ve donated food items or used clothing, they had to have been in decent shape to be eligible as a write-off. Finally, calculate the value of your non-monetary donations according to what they would be worth if you’d sell them now. Don’t forget to include those charity tax receipts when you file!


5.) Using the most recent tax laws

Unless you’ve been hiding in a cave for all of 2017, you know that the current administration has made some major changes to the tax code. While most of these changes won’t take effect until April 2018, when you file your first taxes for the new year, and even later if you don’t file quarterly.


There are some changes that are effective for this year, though, including the following:


  • The standard deduction increased to $6,350 for single, $9,350 for head of household, and $12,700 for married filing jointly.
  • The maximum earned income tax credit increased to $6,318.
  • The maximum income limit for the EITC increased to $53,930.
  • The foreign earned income deduction increased to $102,100.
  • Annual deductible amounts for Health Savings Accounts increased for individuals only, to $3,400.


When preparing your taxes, be sure to file according to the most recent laws.


6.) Signing your forms

Last, but definitely not least, don’t forget the most basic step of signing your name! If you’re filing through USPS mail, be sure to put your John Hancock wherever necessary (and get a receipt for it.) If filing online, you can use a PIN instead. Most signature lines will need to be dated as well.


Read through all of your forms before submitting to be sure you haven’t neglected anything or made mistakes. Being super-careful now will help you avoid any future aggravation. And best of all, this way, when you’re done filing, you can finally kiss that paper mountain goodbye!

Energy Saving Tips – What To Look For When Buying New Appliances

There’s no getting away from the fact that our dependence on energy increases daily. With energy-dependent technology driving our lives, ecologists continue to search for ways to save our environment. Focusing on energy-efficient appliances is one way to do that.

Your monthly electric bill may not itemize the specific usage of each appliance in your home. If you are interested in a breakdown, though, you can ask your local electric company for a listing. But about 30% of the charges on your statement stem from your electrical appliances. That’s why the government, as well as the majority of appliance manufacturers, encourage consumers to replace standard devices with new energy-saving ones.


So, if your dishes aren’t coming out clean after a run in the dishwasher, or if the ring around your shirt collar has not disappeared after a hot laundry wash, you may be in the market for a new appliance.


There could be some good years left in that 10-year-old refrigerator or oven. But, generally speaking, prices for electrical appliances have come down across the board over the years. And once you consider the cost of a new part for your old apparatus, plus the charge for the visit, it just might be worthwhile to chuck the old and buy new.


It’s also worth keeping in mind that the new energy-efficient appliances save you money on a monthly basis because they use far less electricity. They also help the environment by cutting down on greenhouse gases emitted into the air.


What is Energy-Efficient?


So what does it really mean if an appliance is energy-efficient? In simple terms, it means the process used to make the appliance function – spin, clean, cool, heat, etc. is using less energy. This can be achieved in a number of ways, and manufacturers are always adapting new techniques, such as using renewable sources of energy like water or sunlight.


Now that you have decided that a modern and energy-efficient refrigerator is what you need, how can you be sure you’re choosing the best product at the most reasonable price?


Here are some tips to guide you in your search:


1. Determine the total cost. Since the purpose of your new purchase is to save on monthly energy costs, the first thing to consider is the operating costs. That, along with the actual purchase price, should give you the real cost of the appliance.


2. Look for the energy rating. There are several reliable rating services that provide information about appliance energy consumption. The federal government uses the yellow and black Energy Star Standard sticker to inform consumers about operating costs and annual energy consumption. This helps buyers compare one clothes dryer to another. Energy Star tests each item independently.


3. Select the right size appliance. Running a large machine – even the most energy-efficient one – uses more electricity than a compact one, so don’t buy something bigger than what you need.


4. Look for economy choices. Many dishwashers and washing machines offer a variety of different cycles. If you find one with an economy cycle, that will save you money when you need to wash only a small load of clothes or dishes.


5. Stay Simple. When it comes to choosing a refrigerator, go easy on the add-ons. According to one independent rating service, a water dispenser or ice maker uses a lot of extra electricity. Also, top-to-bottom fridge/freezer models are more energy-efficient than side by sides. The auto-defrost feature uses heat to speed up defrosting and makes running the refrigerator less efficient.


This holds true for self-cleaning ovens as well, so consider the value in this upgrade.


6. Contact your utility supplier for the latest ways to save on utility charges. With today’s smart devices, appliances can be programed to use less energy at certain times of the day.


7. Check out your home. If you have the time and the extra cash, it may be worthwhile to call in a home assessor to help identify ways you can save on your overall energy and water costs. He or she may be able to tell you how to use your appliances at the most energy-efficient times of day.


8. Comparison shop. Never buy the first model you see. Household appliances are not cheap, and to find the most energy efficient one at the best price, shop around. Well-known name brands are always more expensive than lesser-known companies. However, they don’t always offer a better product. If you check carefully, you may find that heating element in the name-brand laundry dryer is exactly the same as the one in a model selling for hundreds of dollars less. Compare the details. You might be surprised.

What The Data Breaches At Uber And PayPal Tell Us

I’ve been hearing about security or data breaches at some large companies I do business with. I’m worried that something like this might result in harm to my credit. What exactly is a data breach and what can I do to protect myself?

As our digital world expands, so does cyber crime. Two companies that recently experienced major data breaches are Uber and PayPal. Chances are, you’ve done business with one or both of these companies. To protect yourself against these and future breaches, arm yourself with knowledge and good habits.

Just what is a data breach?

When a criminal gains access to data sources and sensitive information such as credit card numbers, passwords and license numbers, this constitutes a data breach. Such access can be physical, like when someone has access to your phone or computer. The information in your device can be copied (or ported) to another device. More often, and more nefarious, is virtual thievery accomplished by a number of means, such as bypassing the security measures put in place by you or a company that stores your info in some way. Cyber criminals at Uber and PayPal used this method to steal data.

What happened?

As more people are connected to the Internet and use online services, data breaches are increasingly more common. Uber’s breach exposed the personal information of 57 million customers and Uber workers in 2016. It included names, phone numbers, email addresses, and license numbers. While sensitive information like birth dates and credit card numbers were not exposed, many of these can be attained and paired to the exposed information. PayPal also had a large data breach that potentially impacted 1.6 million customers.

This stolen information can be then used in many ways, including setting up accounts to establish a new identity. It can also be used to use to steal a person’s identity.

How can you protect yourself?

No one who uses the Internet to transact business is completely secure from threats of breaches like these. However, experts in cyber security have some suggestions to lessen your vulnerability.

  • Do not log into accounts using Facebook. When you log in this way, you are allowing Facebook to access more information about you and you don’t have control over how this data is used.
  • Don’t give out too much information. The University of Western Australia’s Centre for Software Practices suggests not giving your age and birth date when filling out profiles. You can make up a birth date and even choose your opposite gender. When using social networks, limit the information you make available. Identity thieves can make quick use of your birth date and hometown. Don’t post these in your profile.
  • Use more than one email account. For social media, using more than one email account can help to keep your data from being accumulated in one place. If you have a large amount of data in one place, losing it all at one time can potentially do greater damage.
  • Be password smart. A surprising number of people use the same password for many sites. This is a problem because if one of your sites is compromised, hackers can try that password on other sites. While it may not be convenient, it is smart to use a different password for each site you use. Every password should be strong with a unique combination of letters, numbers, and symbols.

    Another option is to use a password manager to generate passwords and store them in an encrypted database locally or remotely. An uncrackable password goes a long way to protect your data.
  • Limit your use of credit cards online. Ironically, given the subject of this article, using PayPal is safer than using credit cards when online. PayPal limits the information you are providing. In fact, no customers were harmed in the PayPal data breach.
  • Change identifying information. Pick a new birth year or change your gender on social media profiles. This helps to keep information about you from being linked with information from other sites.
  • Practice good data management. Ceck all of your account statements regularly. Look for suspicious items and set alerts to notify you when a large purchase is made.
  • Check to see if the apps you use are storing information. Some apps actually collect and sell information. Install updates for your apps because the updates typically include more advanced security, or close existing gaps that were recently discovered and exploited.

Mistakes First-Time Homeowners Make

Q: My husband and I have been renting an apartment since we got married. We recently decided to buy our first home. Some friends of ours had lots of trouble with the process, and wound up buying a house they can’t really afford. We don’t want to go through what they did. What can we do to buy our dream home without all that grief?

A: Buying a house is one of the biggest decisions you will ever make. It’s great that you and your husband are planning ahead for this important milestone. These are common mistakes that first-time homeowners make–and how to avoid them.


1.) Not Knowing Your Housing Budget

The term “house poor” is an apt one for the many people who buy a house that is costing them more than their income allows. It’s uncomfortable to be in this situation, so you’ll want to avoid buying out of your financial comfort zone.

You sound like planners, so you probably already have a budget and some idea of your expenses for running your current household. Now is the time to review that budget. Some of your expenses are going to increase in a new home – utilities, for instance. If you’re moving from an apartment to a larger home, that can cost much more.

Some of the other budget items may change, too. Renter’s insurance and laundromat costs may drop off the list. Add up all your expenses, but leave out rent or mortgage payments. When you subtract the total of this list from your take-home pay, you will have a pretty good idea of how much you have left for mortgage payments. Find a mortgage calculator online and use it to calculate mortgage payments based on various interest rates. Generally, housing costs should be 30 percent or less of your before-tax income.


2.) Looking Outside Your Housing Budget

There is nothing worse than finding your dream home only to realize that it’s way out of your reach. It’s a common mistake to look at properties that are too expensive for your budget. This tends to set you up for disappointment. Even if you manage to purchase the home, you may find yourself in the same situation as the friends you mentioned in your question: too much house and too little money.

After doing your research, you’ll know how much you can afford to spend on a new home. You can then pinpoint properties in your price range.

Most home purchases require compromise. Maybe you’ll decide on a smaller house in a neighborhood with the best schools in the city. If space is your highest priority, you might decide on a large house in a less-exclusive neighborhood. Every house has some advantages and disadvantages, but keep your search within your financial comfort zone.


3.) Purchasing Based on Future Changes

If you are having trouble finding a house in your price range, consider ways to reduce your current expenses. This will mean having more money available to make a larger monthly mortgage payment. The mistake some people make is assuming they can make these changes once they own a house. However, these budget changes should be in place before you buy a house, even if it means delaying the purchase. Give yourself at least six months to see if you can stick to your new budget.


4.) Treating Your Home as an Investment

First-time buyers often expect that they will be able to sell their house in five or 10 years for a large profit. The last decade has brought major changes to every housing market. While a house in certain areas was almost guaranteed to appreciate in value, this is no longer a sure thing.

Economics professor Art Carden, from the Brock School of Business, has this advice, “Buy a house to live in and be prepared for lots of unseen upkeep costs that range from mowing the lawn to emergency repairs.”

Phone Cloning and Digital Self Defense

Most of us realize a clone is a genetic copy of something else. But, did you know it is possible to clone a phone? Cloning a phone means that the identity of one phone is copied to another phone, making a nearly exact replica of the original. This frightening practice happens more than you might imagine.

Cyber forensic expert Ali Dehghantanha says, “On average, we check our mobile phones about 110 times a day. We use them for just about everything from summoning an Uber car, paying for our latest Amazon purchases, receiving prescriptions and even tracking shares and trading on the stock market.”


Mobile phones, though, are also a major source of security breaches, and your phone number is the only thing a hacker needs to launch a major attack.


Why Clone a Phone?

Hackers clone phones so they can use them or sell them to people who use them to make calls and to get access to data on the phone. When a phone is cloned, the calls made by the hackers are seamlessly billed to your account. But that’s just the beginning.


Think of all of the information on your phone: financial accounts, credit cards, apps of all kinds. Once the hacker has access to the phone, there is no end to the financial damage that can be done.


The hacker or criminal can listen to you from their own phone and even use the camera on your phone to watch you. He can look at your pictures, read your messages, access your passwords and view your contacts.


Additionally, these cloned phones are convenient devices for criminals to use because they are harder to trace. Cloning is particularly prevalent in drug-related crime, since drug dealers must maintain constant contact with their sources and clients. To avoid their calls being traced, the dealer may use a cloned phone for a few days and then throw it away and use another one.


It may even appear to authorities that you are engaged in criminal activity if the phone number is used this way. The police may target you because of a cyberattack where your phone number was used.


There are a number of ways a hacker can clone a phone. Generally, every phone has a unique serial number and phone number. When a cellphone is cloned, it is reprogrammed to transfer these settings from a legitimate phone. The easiest way to clone a phone is to use readily available software. There are hundreds of sites that offer phone hacking software, so this is not a rare occurrence and requires little technical expertise.


How do you know your phone has been cloned?

Often, you will be unaware that your phone has been cloned until you notice some unusual occurrence, such as credit card bills that include charges you didn’t make, financial account withdrawals and unusual items on accounts, such as Uber or Airbnb. You may be contacted by your financial institution about a loan you did not actually apply for.


However, you can sometimes detect hints that the phone has been cloned. You may receive a lot of wrong number calls or hang-ups when you answer the phone. You might have difficulty making outgoing calls or retrieving messages. Your phone bill may contain unknown numbers.


How Can You Protect Yourself?

While cellular companies have many methods in place to identify cloned phones, there are some things you can do.


First, always review your phone bill. If there are numbers you don’t recognize and charges that are much greater than usual, you may suspect trouble. Have your provider run a diagnostic test to check for viruses that may have resulted from cloning.


Another way to possibly detect cloning is to put your phone number into a search engine, such as Google, to see if any links include your number. You can also use someone else’s phone to call your number and see if someone picks up. Contact your financial institution to see if anyone has tried to open credit cards or loans in your name. Make sure your phone is password protected. Create new passwords and PINs for all the accounts that may be available on your phone. Finally, you may have to resort to restoring your phone to its factory settings.


If you determine your phone was cloned, contact your phone provider and the FBI. You can use the FBI website and select “Tips and Public Leads in the Reporting Crime” section. It is important that you do this, so the authorities can follow up on the information you provide.

Combating The Financial Mistakes Of Our 20s And 30s

People starting out in their careers often focus on the here and now while ignoring the future when it comes to finances. As you climb the ladder of success, you tend to think that the raises and promotions will endlessly continue. It can seem like you have forever to plan for the future.

People starting out in their careers often focus on the here and now while ignoring the future when it comes to finances. As you climb the ladder of success, you tend to think that the raises and promotions will endlessly continue. It can seem like you have forever to plan for the future.

As millions of Baby Boomers will tell you, the future comes faster than you can imagine.

While there are lots of financial mistakes we can make, here are six that are common and avoidable. If you’re starting out, know the pitfalls, and maximize your chances of avoiding them.


Mistake #1: Not Planning for Retirement

Retirement seems like a lifetime away, but the only way to make sure that you have what you need to retire is to start planning early. This is probably the most common mistake we make in our 20s and 30s. It is also the easiest one to avoid. If you start saving for retirement when you get your first job, even if it’s a very small amount, you will establish the habit as well as start to build savings.

Short-term goals, like a new car, can overshadow what seems like the very long-term goal of retirement. However, it’s wise to get your priorities straight early on so you’ll reap huge benefits. As Suba Iyer, a financial writer, said, “When I started my first job. I thought retirement was too far away and I should be saving for some immediate needs like getting a car. The end result-I didn’t save for retirement or a car or anything else. I just spent my entire salary.”


Mistake #2: Spending Too Much on a Car

Speaking of cars … that’s something that trips us up when we’re young. While it may make financial sense to buy a new car, be careful not to buy more car than you need. A flashy and expensive car may be tempting, but keep your long-term goals in mind and choose a car that serves your current needs without sabotaging your savings.


Mistake #3: Not Using a Budget

Unless you are fortunate enough to have parents who explained what a budget is and how to use one, you may have no idea where to start.

You may look at a budget as something you don’t need because you are not making enough money, Or you may see it as something that will restrict your spending or is just too much trouble. However, a budget can help you at any level of income and can even give you financial freedom because you can see where you are spending. And they’re less trouble than you think. It can be as simple as tracking money in and money out. As you make more money and your expenses get more complex, you can customize your budget from there.


Mistake #4: Overusing Credit

While most people know that credit cards can get us into trouble, it is very easy to fall into the debt trap. You start carrying a little balance on your credit cards and it builds up. You may then have to dip into savings to pay your credit card bills.

Avoid this situation by using credit sparingly and only for identified and planned purchases. Implement a plan to save for major purchases and pay for most, if not all, of them in advance. “Start shifting your mindset so that debt no longer seems normal and stop creating new debts,” says Andrew Josuweit in a recent Forbes article.


Mistake #5: Having No Emergency Fund

For the same reasons we tend to skip proper retirement planning, we also skip saving for emergency situations. In our 20s and 30s, we tend to think we’re invincible, but illness or job loss can happen at any time. An emergency fund should cover your expenses for at least three months.


Mistake #6: Not Having Adequate Health Insurance

While health insurance is expensive, it is short-sighted to skip this vital component of your financial portfolio. Just one hospitalization can get you off course and cause real financial hardship. Health insurance is not optional, and young people are the first to ignore this rule. The cost may seem prohibitive, but it comes back to priorities and future planning.

Financial Preparation For 2018

2018 is almost here. Are you ready?

Remember the Boy Scout motto: Be prepared! A brand-new year, always ripe with resolutions, is the perfect time to reassess your financial attitude, improve, and vow to do more.

“It’s a time of planning for going forward,” shares Sallie Krawcheck, co-founder of Ellevest. “We see a lot of people, often over the Christmas holiday, but certainly in the new year, taking stock of where they are on their personal finances and investments.”

Have you taken any steps to prepare for the financial realities of the coming year?

Here are some tips to get you started.

Tune your budget

It’s a great idea to begin the new year with a plan. A budget is just that-a plan that starts with the income you expect, along with your fixed expenses, such as rent or mortgage costs, homeowners association fees, insurance, utilities and transportation costs. The plan also incorporates your savings goals.

Then, the money remaining is designated for your other expenses. A realistic budget will help you set your financial goals and remind you to stick to them. These last few days in December, as the year draws to a close, is the perfect time to assess last year’s budget or to create a new one if you don’t yet have one in place.

Reviewing where you spent last year’s money will help you make better choices in 2018. If you did not save money for retirement, for example, this can be a new budget item.

While planning for the coming year, make sure to include a method for tracking your spending. You can do this on a spreadsheet or you can simply tag items in your financial account.

Even with a solid strategy in place, there will always be surprises along the way. Losing a job, a leaking roof or an illness can throw off your entire plan. Be sure to build an emergency fund into your budget.


Plan ahead to meet your goals

Next, consider how you will accomplish your goals. You’ll have short-term goals, such as purchasing a new car or home, as well as long-term goals, such as saving for retirement. Each set of goals requires a different kind of planning and saving.

Financial planner, Rachel Rabinovich, recommends setting up a separate savings account for each goal. This way, you can easily track your progress.

Experts suggest working backwards to determine how much you need to save for a specific goal. For instance, if you dream of taking an expensive vacation two years from now, determine the total cost of the vacation and then establish a reasonable time-frame and the amount you’ll need to save each month to reach that goal. Make sure the amount you plan on setting aside each month is doable, or you may just have to move your goal over by six months or more.


Spend mindfully

You can also make your financial future more secure by identifying the difference between your needs and wants. Needs are necessary for your survival, and include items like food and shelter. Wants are things that are not necessary but you would like-such as a luxury car or European vacation.

First, tend to your needs. Then, based on what’s left to work with, consider your wants. This might sound obvious, but for many of us, the line between wants and needs is often blurred. This can lead to awfully tight financial situations, even prompting us to “borrow from Peter to pay Paul.” By clearly differentiating between what you want and what you need, you can avoid this outcome in 2018.


Maximize retirement contributions

Retirement plan contributions can be a valuable source of savings, especially if you have the option of employer-matched funds. If you do, be sure to take advantage of them!

Also, check with your HR contact and your accountant to make sure you are contributing the optimal amount to your 401K and IRA. For the coming year, you can contribute $5,500 to a Roth or traditional IRA, or $6,500 if you are making “catch-up” contributions.


Check your flexible savings account (FSA)

If you have unspent money in your FSA, now is the time to use it. These pre-tax dollars often have to be spent before the end of the year. Do you need a new pair of eyeglasses? Are your teeth in desperate need of a cleaning or repair? This might be a good time to spend that money on self-care and other needs you’ve been pushing off. You don’t want to lose this money, so be sure to use it if you can.


Put the brakes on holiday spending

Avoid going overboard on your holiday spending. Think three times before you pull out your credit card. Going over budget now can mean spending the first few months of 2018 playing catch-up with your credit card bills. Spend less, and start the year off with a clean slate!

Surviving the Holidays With Your Sanity Intact

The holiday season is a special time. With Charlie Brown on TV and carols on the radio, and an ever-growing list of people to shop for, it’s easy to get carried away.  The pressure to over-shop and overspend when you’re rushing to buy everything on your list can be overwhelming. No worries, though; we’ve got you covered! Read on for fantastic pre-and post-holiday tips to ensure you’ll have a holly, jolly December without breaking the bank.

6 Pre-Holidays Tips


1. Revise your gift list

Gift giving is a treasured tradition, but chances are, lots of the people you exchange gifts with would be as relieved as you’d be to be taken off your list. Narrow down your gift list. Talk to coworkers and acquaintances about just exchanging cards this year, or make a deal to only exchange homemade or inexpensive gifts.

This way, you can focus on buying special gifts for those closest to you instead of generic gifts for everyone you’ve ever met and their cousins, too.


2. Organize a Yankee Swap or Secret Santa

Still got a list that’s a mile long? Try one of these creative solutions! A Yankee Swap or a Secret Santa activity not only saves money and stress, it adds a bit of intrigue and playfulness to the holiday. These swaps are great for family gatherings, office parties and neighborhood get-togethers.  Everyone involved only needs to bring a single gift – and it’s always fun.

Set a reasonable price cap on gifts so no one ends up leaving with a candy cane while the person next to them hauls off a flat-screen TV.  You can check out online tips for organizing a fun and affordable Yankee Swap or Secret Santa.


3. Bake holiday treats

Another great way to reduce the financial weight of your gift list is to break out the baking supplies and start whipping up your own holiday treats instead of buying gifts.

It’s hard to know exactly what your friend will like as a gift, but no one turns down a tin of homemade holiday cookies! Use your favorite traditional recipes, or try something new and different.


4. Make a budget and stick to it

This tip sounds a bit obvious.  After all, we all plan to stick to a budget, right?  But make this the year it really happens!

Don’t set yourself a ballpark budget.  Set an absolute limit to how much you will spend on the holidays this season.  This will encourage you to plan your spending rather than grabbing impulse items as you move through a store.  It will also encourage you to look for great deals, which brings us to our next tip.


5. Make use of holiday deals….but don’t get distracted

It’s easy to become hypnotized by deals. Prices drop and we go wild, spending more than we originally intended because we don’t want to miss out on those “crazy, low holiday prices.”

Take a deep breath.  Make use of these deals wisely by buying items on your list at a discounted price.  But don’t be tantalized by the deals to the point that you buy things you don’t really need….or even want.


6. Rethink giving

We know that the holidays are all about giving – but giving doesn’t need to mean spending money.  Instead of running to the mall again, think of other ways you can give that will help improve your community, make the world a better place, and truly brighten someone’s holiday.

It’s the perfect time of year to volunteer at local soup kitchens, homeless shelters and charity organizations. This kind of giving doesn’t cost a dime, but can be a memorable and significant experience for all involved.

To find local volunteer opportunities, click here.


2 Post-Holiday Tips


1. Use those gift cards

Gift cards are a typical holiday gift, but many people forget they have them, and they go unused.

Put all of your gift cards in your wallet and spend them creatively.  Maybe you don’t care for coffee on the go, but you can buy a package of ground coffee beans at Starbucks and use it at home.  Use that iTunes gift card to rent a movie instead of taking the family out.  Whatever it might be, use these gift cards and appreciate them for what they are – money in your wallet.


2. Invest in next year’s regifting effort

In addition to gift cards, you’ll probably find yourself with a bunch of gifts you don’t really want.  Some of these can be saved and re-gifted next year or used as birthday gifts throughout the year – scented candles, bottles of wine, bath products, etc.  Even if you don’t actually want it, you can find someone else who does!

NerdWallet: The World Of Finance, Explored

What kind of hurricane insurance do I need if I own a home in Miami?

A credit card is promising me a free hotel stay in Vegas – what’s the catch?

Does it ever make sense to apply for an online business loan?

Is my auto insurance provider really giving me the best rate available or am I being taken for a ride?

If you’ve got specific questions like these about your finances, check out NerdWallet.

The small startup that quickly blossomed into a company pulling in more than $100 million in annual revenue is focused on giving the public an inside look into the world of finance – with no strings attached. There are no credit card companies or big banks backing the website.  NerdWallet isn’t sponsored by an insurance company or an investment house. It’s just a bunch of self-professed nerds researching and studying the latest in financial news, investing, credit card offers and more, just to offer the public a view on money from the inside out.

On NerdWallet, you’ll find unbiased comparisons between insurances, credit card offers, student loans, investment options and more.

As a company that’s barely reached adolescence, NerdWallet thrives on new age-style management. The several hundred employees enjoy a friendly, open office, a fully-stocked kitchen, quarterly hackathons, and an innovative “Fail Wall” where they share their personal and professional shortcomings on brightly-colored Post Its. The relaxed atmosphere and sense of teamwork fosters creativity and commitment to the company’s goals, which you’ll find filtered down in NerdWallet’s spot-on financial articles, analyses and advice.

NerdWallet is more than just write-ups on the latest financial news. It’s a virtual goldmine of everything related to money. On the site, you’ll find quotes for auto insurance searchable by ZIP code, feedback on some of the biggest names in investments and other helpful information. If you can’t find the information you’re looking for on the site, you can also submit your question and await an answer from NerdWallet’s network of financial advisers.

The website is still growing, and its long-term goals include building a financial advice app, anticipating every question that is asked – and already having the answers – on NerdWallet, and broadening the scope of topics explored so nothing in the world of finance is overlooked.

As the company states: “We’re on a mission to provide clarity for all of life’s financial decisions.”

Got a specific money question? You might just find the answer on

If an online forum is not for you and you’re looking for live answers and personalized advice, call, email, or stop by MIT FCU today. We’re always here to help guide you!

Beware Of Banking Scams

Scammers never take a break. They’re always dreaming up ways to con you out of your money. Recently, there’s been a significant uptick in scams involving checking accounts at many financial institutions.

In these scams, criminals will utilize social media to connect with the victim.

They usually pose as representatives of a bank or credit union and milk the victim for sensitive information, like account numbers and passwords. Since the scammers are using the credit union’s social media accounts, the victims often won’t hesitate to share this information. When the scammers have what they need, they will proceed to empty the victim’s accounts and then disappear.

Often, when the scammers receive a response from the victim on social media, they will redirect the victim to what appears to be the financial institution’s website. The victim, thinking they are on the site they frequently use, will quickly input their username and ID, which the scammers will then use to empty their accounts or open credit cards in the victim’s name.

Sometimes, the scammers will impersonate helpful member representatives who are seemingly looking to answer your questions. You’re used to our representatives being helpful and always on call to assist you, so you won’t see anything strange with the scenario.

Other times, the scammer may claim your account has been compromised and you need to immediately update your information. They’ll be oh-so-helpful with this step. Until you share your information with them, that is.

Still other times, scammers will pose as representatives of a sweepstakes or some other contest that you’ve “won.” All you need to do is share your account information and your passwords to be made into an instant millionaire! Except that, of course, you won’t.

Don’t be the next victim! Be aware and be alert. Here’s what you need to know about this scam:


1.) Check URLs

Scammers are becoming increasingly more suave at posing as companies their victims are familiar with. You can check a site’s authenticity by double-checking the URL on the web address. Make sure it matches [credit union’s]site exactly. You can also check a site’s security by looking for the “S” after the “http” on the web address.


2.) Be suspicious

Awareness can be your best protection. It’s easy for a scammer to pose as a member representative on social media, but if you’re on guard, you’ll spot these fakers. Is a representative claiming there are problems with your account when everything seems to be in order? Are they asking you to share sensitive information through insecure channels? Is someone promising you’ve won a contest you’ve never entered? If things don’t add up, it’s best to opt out.


3.) Reach out to your credit union

It may be difficult to determine whether the people you’re talking to are the real thing. If you think you’re dealing with MIT FCU but things suddenly start looking fishy, there’s a simple solution. Hang up or log out of whatever medium you’re engaged in and call us yourself. You can always reach out to us at 617-253-2845. This way, you’ll know you’ve really reached us and you’re not being scammed. Be sure to call this number and never use another number suggested by a suspicious-acting “member representative.”


4.) In case of fraud, take action

If you suspect you’ve been taken for a ride, let us know as soon as possible. The sooner you catch a scam, the better off you’ll be. We’ll also be able to alert our other members and work on catching the crooks who’ve conned you.

It’s also a good idea to let the Federal Trade Commission (FTC) know about the scam. The more information you share, the easier it will be for the feds to nail those scumbags. Contact the FTC at


5.) Protect yourself

It’s a good idea to practice basic safety and protective measures with your accounts.

Here’s how:

A. Safeguard account details: Never share account information without being certain about who you are talking to.

B. Use good password hygiene: Use complex passwords and change them often. Be sure to use different passwords for each of your accounts.

C. Choose extra protection: Opt in for two-factor identification when logging into your accounts. That’s an extra level of protection for you and another hurdle for scammers to scale.

D. Set up alerts: Choose to receive an email or a text message when transactions on your account exceed your typical level of spending.

E. Monitor your accounts: It’s a good idea to check your accounts on a regular basis, [and with our app, this is now easier than ever.] In most cases, you will be responsible for fraudulent charges on your account if you report them more than 60 days after your monthly statement is delivered.

Updates On The Equifax Breach

It’s been several weeks since the massive data breach at Equifax became public knowledge. The panic that followed the astounding news has given way to anger, bafflement and an overwhelming sense of helplessness.

This isn’t the first data breach our country has seen, nor is it the biggest. Sadly, it’s almost become a routine thing: We read the headlines screaming about a major company that’s been hacked, a public outcry ensues and then it all fizzles out. There may be a lawsuit brought against the company a few months down the line, and some of us might take some extra precautions, but then it all becomes yesterday’s news – forgotten and irrelevant.

But this time, it’s different.

First, Equifax is at the core of our personal information and cybersecurity ecosystem. When our trust in one cog in this system wavers, who’s to say we can trust the system at all?

Second, Equifax is an independent company that regularly receives information about almost every American without consent. Most of us have never knowingly volunteered to give our information to the credit reporting agency; it’s simply part of the system. When viewed through the lens of this tremendous data breach, it seems like we have almost no control over this sensitive information.

The Equifax breach won’t disappear quietly, and the ripple effect of the hack will be felt for months, and possibly for years to come.

While there are still many more questions than answers, lots of factors have been clarified, and here at MIT FCU, we want to pass that crucial information on to you.

Here are some of the most common questions answered:

Is Equifax being held accountable for the breach?

It most certainly is! While any company with the best security can be hacked, Equifax is being critiqued for having a weak security system and an unprofessional and ineffectual reaction to the breach.

To date, the credit bureau has been marked in more than 50 class-action lawsuits. It is also under investigation by the Federal Trade Commission, the Department of Justice and at least 33 state attorneys general. Both houses of Congress are requesting information, and Equifax’s CEO is expected to testify within the next few weeks.

While angry victims are demanding justice, it is likely that Equifax will argue that it bore no responsibility or obligations to the affected individuals, as it had no direct relationship with them.

What is Equifax doing about the breach?

The credit bureau’s reaction to the breach has been highly criticized from every angle. During the first few days after the breach, the company charged people for freezing their credit. Though the fee has since been waived, the public was enraged at this near-extortion.

Also, the company set up an insecure website to help people determine if they were affected. The official site is However, on several occasions over weeks following the breach, the company’s Twitter account directed people to a fake phishing site: Though all fraudulent sites have since been taken down, Equifax has been condemned for using a domain that is so easy to impersonate by phishing sites and for actually directing people to the fake site.

In all fairness, though, the company did take positive action to limit the potential damage caused by the breach. Equifax has waived the fee on credit freezes and is also offering free credit monitoring for one year.

What should I do now?

If you haven’t already done so, it’s best to take steps toward protecting your credit. Visit to determine if you’ve been targeted. If you have, consider placing a credit freeze on your accounts. This will prevent a new creditor from accessing your credit report and will stop a criminal from taking out a loan in your name.

Request and review a credit report from the three credit bureaus every few months. Look for suspicious activity and unfamiliar charges and always dispute fraudulent transactions immediately.

You can also sign up for Equifax’s credit monitoring service, but remember that if you’ve been targeted, this move will only delay identity theft and other credit crimes for one year. After that, it’s your responsibility to frequently monitor your credit reports for suspicious activity.

Currently, only 11% of the victims have taken action toward protecting their credit. Too many people are assuming they have not been affected – and will need to pay the price later. Don’t delay; if you haven’t taken the above steps yet, take them today!

Are my Social Security benefits at risk?

Unfortunately, when a criminal gets their hands on your personal information, one of the most heinous crimes they can commit is stealing your Social Security benefits.

If you’re already receiving your monthly benefits and you’ve been targeted, a criminal can redirect your payments toward a new checking account and keep the money for themselves. If you have not yet filed for Social Security, they may access your information, file for benefits on your account and then direct those benefits to their own address.

If that happens, when you’re ready to file and collect your benefits, you’ll find that you may have actually been receiving them for years! You will then need to prove that your identity was stolen and you haven’t yet received one dollar from the Social Security Administration.

Don’t let this happen to you!

If you’re already receiving benefits, monitor your payments carefully. If you miss even one payment, report it immediately. It’s also smart to keep all your documents from the Social Security Administration so that you can easily prove your identity, should the need arise.

If you haven’t yet filed for benefits, it’s equally important to preserve all related documents. That way, if you are victimized, you’ll have an easier time proving you haven’t actually been receiving your benefits during that time.

The effects of the Equifax data breach are staggering. With the proper precautionary steps, though, you can minimize its impact and keep yourself and your money safe.

Mutual Funds for the Beginner Investor

Are you ready to dip your big toe into the deep sea of investing?

Mutual funds might be a great place for you to start. With as little as $1,000 to invest and a broad exposure to different stocks, mutual funds are a safe choice for the beginner investor. When you invest in a mutual fund, you’re buying a collection of stocks, bonds, other securities or any combination of such assets. You purchase shares in this fund, and for a fee, a manager makes all the buying and selling decisions in the portfolio.

Not quite autopilot, but pretty simple, right?

Before jumping in, though, it’s important to note that 80% of mutual funds don’t beat the market. However, if you do the appropriate research and select the right kinds of funds, it can provide you with instant diversification and expose your portfolio to a range of sectors, industries and companies. Risk is also lower with a mutual fund, since you’re not solely dependant on the success of a single company.

Mutual funds are also fairly inexpensive, since you don’t need to pay a commission every time you purchase more shares in your fund. Once you’ve determined that you’d like to invest in a mutual fund, here’s what you can do to get started:


1.) Save for your first mutual fund purchase

You can invest in a mutual fund with as little as $1,000. Some companies have slightly higher initial purchase amounts, so if you’ve already chosen a mutual fund to invest in, make sure you are clear on how much money you’ll need to get started. After that initial purchase, subsequent purchases of the same fund can be as low as $100.

Bear in mind, though, that investing always means risking a loss – only invest if you can really afford to lose the money. If you’re ready to take that first step, start putting money away toward your first investment.


2.) Choose your mutual fund

This is the most important part of your investment. It’s more than just finding the best performers; you’ll also want to clarify your investment goals and long-term strategy. For example, if you’re saving for retirement, your time horizon is likely a decade long or more. This means you can afford to take more risk and can allocate more of your investment assets to stock funds over bonds.

Here are some types of funds you might want to consider:

  • S&P 500 index funds – Index funds hold the same securities that are found in an index. They have very low expense ratios while providing the investor with exposure to tens or hundreds of stocks representing a variety of industries. S&P 500 Index funds invest in approximately 500 of the largest companies in the U.S. They are managed passively and have low operating costs because their primary goal is to mirror the holding and performance of an index.
  • Balanced funds – Also called hybrid funds or asset allocation funds, these mutual funds invest in a balanced asset allocation of stocks, bonds and cash. The asset distribution is fixed and it invests according to an acknowledged investment goal or style.
  • Target date mutual funds – These funds invest in a mix of stocks, bonds and cash that is appropriate for a person investing until a predetermined year, which is usually the individual’s anticipated date of retirement. The target year is part of the investment name. As the target year approaches, the fund manager gradually decreases market risk by shifting fund assets out of stocks and into bonds and cash.

Once you’ve chosen a category for your mutual fund, you’ll have to choose a company. Doing the proper research on any company you are considering is crucial. Find company annual reports and more through sources like Bloomberg, Financial Sense, Forbes, MarketWatch, Nasdaq and The U.S. Securities and Exchange Commission.

Look for companies that offer no-load funds. These are ideal for the beginner investor since they are free of “loads,” or broker commissions and sales charges. Some of the best no-load mutual fund companies include Vanguard, Fidelity and T.Rowe Price.


3.) Open an investment account

Once you’ve chosen a company for your investment, you’ll need to open an investment account at a brokerage firm or your mutual fund company to purchase your fund. This won’t cost you anything (at least, it shouldn’t); you’ll simply need to follow the procedures of your chosen company. You can do this easily online.

At this point, you’ll need to know which type of account will work best for your investing needs. Here are the basic account types and a brief explanation of how each one works:

  • Individual brokerage account – A regular brokerage account established for an individual. Contributions are not tax deductible; investors pay taxes on capital gains and dividends.
  • Joint brokerage account – Similar to an individual brokerage account with the distinction of having two account holders, typically spouses.
  • Individual retirement account (IRA) – Qualifying individuals can make non-taxable contributions. Growth is tax-deferred; account holders don’t pay taxes until withdrawals are made.
  • Roth IRA – An individual retirement account funded with after-tax dollars. Contributions are not tax-deductible, but growth is tax-deferred and qualified withdrawals are tax-free.


4.) Invest

Congratulations! You are now ready to purchase your first mutual fund. Once you’ve completed this final step, you’ll have laid the foundation for your investments. You can now build upon that foundation by purchasing more shares of this fund and even adding more funds for greater diversity.

Then sit back, and watch your money work for you!

Everything You Need to Know About the Equifax Breach

In a recently revealed breach, the scope of which the country has never before seen, 143 million Americans may have had their personal information exposed.

Equifax, one the nation's three major credit reporting agencies, reported a massive data breach that lasted from mid-May through the end of July. Hackers were able to access people's names, Social Security numbers, birth dates, addresses and even some driver's license numbers. They also stole credit card numbers of approximately 209,000 people and dispute documents containing personally identifying information of 182,000 people. It wasn't just Americans who were targeted - the hackers also got their hands on personal information of some UK and Canadian consumers.

Right now, the situation is still developing and there are many more questions than answers. Researchers are seeking explanations for the site's outdated security system, an accurate number of those affected and the impact this will have on the future of credit reporting.

Meanwhile, though, people are wondering if they've been affected and what they can do about it. If you have any type of credit product such as a credit card, mortgage or auto loan, there's a chance your personal information may have been compromised. Instead of panicking, though, it's best to learn all you can about this data breach and then take the proper and practical steps toward protecting yourself against future damage.

If this sounds daunting, take heart - MIT Federal Credit Union is here to help! We'll walk you through some suggested steps and clear instructions for what you can do now.


1.) Find out if your information was exposed

You can do this by visiting an Equifax created website for sharing information about this issue, Click on the "Potential Impact" tab and enter your last name along with the last six digits of your Social Security number. The site will tell you if you've been affected by the Equifax breach.

Since your SSN is sensitive information, be sure to complete this step only on a secure computer that uses an encrypted network connection. Once you're visiting the Equifax informational site, you'll also find easy access to frequently asked questions about the breach. In addition, Equifax has set up a call center to assist consumers. The call center's hours of operation are 7 a.m. to 1 a.m. daily (weekends included), Eastern Time. That number is (866) 447-7559.  


2.) Sign up for free protective services

Whether your information was exposed or not, U.S. consumers are being offered a full year of complimentary credit monitoring and other services through Equifax's TrustedID product. The site will provide you with a date to return and sign up for these services. Be sure to follow up on the designated date because the last day for enrollment is Nov. 21, 2017.
The protective program includes the following features: Equifax credit report copies; three-bureau credit file monitoring, providing automated alerts of any major changes in your credit reports; Equifax credit report lock, preventing third parties from accessing your Equifax report; Social Security number monitoring, which performs online searches of suspicious websites that may list your Social Security number; and $1 million identity theft insurance, which covers some expenses in the event of a stolen identity.

Be warned, though, that the fine print of this service contains a catch. The terms of service agreement for TrustedID states that enrollees must employ arbitration over civil courts in order to settle any disputes. Critics of the company argue that Equifax is taking advantage of victims by forcing them to sign over their rights. You may, however, decide that the benefits offered by this service far outweigh its negative fallout.

3.) Place a credit freeze or a fraud alert on your files

If your information has been exposed, consider placing a credit freeze on your credit bureaus. This will make it more difficult for someone to open a new account in your name, though it won't stop a thief from making charges to your existing accounts.

Instead of a credit freeze, you can choose to place a fraud alert on your files. This will warn creditors that you may have been victimized by identity theft, alerting them to verify that anyone seeking credit in your name is really you.

Even if the Equifax site did not tell you you've been exposed, it's always a good idea to closely monitor your credit card and financial accounts for charges you don't recognize.

4.) File your taxes early

Tax identity theft is more common than you think. If your SSN was accessed in this breach, it's best to file your taxes as soon as you have all the necessary tax information. Don't let a scammer use your SSN to get their hands on your tax refund. Also, be sure to respond immediately to any letters you receive from the IRS, though be suspicious of any emails or phone calls claiming to be from the IRS, as the IRS will not initially notify you using such means.

The Equifax breach may be one of the worst the US has ever seen, but by taking the proper steps toward protecting yourself, you can minimize any potential damage.

Time your Purchases

Do you have a friend who is always gloating about the amazing bargains she found throughout the year? Do you wish you could be that person who somehow knows exactly when to buy everything? With this money hack, you can! Everything has a season for markdowns, either because its real season has just passed, stores need to move merchandise to make room for updated versions, or because it’s just slow season for retailers. Below is a helpful calendar that takes you through the best buying times for everything you could possibly want throughout the year.

January: computers, holiday goods, gift cards, wrapping paper, holiday cards, Christmas decorations, bed linens, towels

February: furniture, washing machines and dryers, wedding items, air conditioners

March: luggage, digital cameras, golf clubs, frozen foods, boats, winter coats

April: vacuum cleaners, cruise tickets, winter clothing

May: appliances, gym memberships, spring clothing, cookware and dishes, refrigerators

June: laptops, vacation tickets, tools

July: jewelry, ice cream, summer apparel, picnic and party supplies

August: office supplies, grills, swimming apparel

September: cars, airline tickets, mattresses, bikes, patio furniture

October: toys, jeans, outdoor goods

November: candy, gadgets, televisions, small appliances

December: champagne, athletic gear, wedding dresses

All You Need to Know About Ransomware

This past year has seen some of the worst cyberattacks in history. From the WannaCry attack in May to the Petya attack in June, thousands of people have lost thousands of dollars and valuable data to criminals using ransomware.

Ransomware has been tagged as an “epidemic” by major security companies. Like a virus that keeps evolving, new strains of ransomware are constantly emerging, many of them using new and original techniques that haven’t been tried before.

You probably already know the intended goal of ransomware is to kidnap a victim’s data and demand payment for safe return. Educating yourself about the workings of ransomware will help you remain alert, aware, and keep your money and data safe.

Here’s all you need to know about ransomware:

What is ransomware?

Ransomware is a subset of malware. However, instead of trying to steal user credentials and interrupt key processes like most forms of malware, it tries isolating a victim’s data and then demanding payment for the data’s release.

Ransomware is often embedded inside harmless-looking software and applications. It activates as soon as the user launches the program. Devices can also be infected through email links or malicious websites. Victims may not know they’re under attack until they find that their files are locked and a ransom demand is asking for money for the return of those files.

How does a ransomware attack work?

There are two primary types of ransomware: locker and crypto.

Locker ransomware locks victims from using important device functions like accessing a desktop or browsing the internet.

Crypto is the more common form of ransomware. It encrypts files and demands a ransom payment for their return.

In a crypto ransomware attack, a user’s device is infected with a malicious code which will select certain files and encrypt them using a unique algorithm. Victims will then receive a warning screen accusing them of breaking the law or simply informing them that they’re under attack. The cybercrooks will demand a ransom payment, usually in bitcoins. Then, a countdown timer begins, forecasting the files’ deletion if no payment is made.

What is bitcoin?

Bitcoin is a form of digital currency that allows you to pay for goods or services easily, remotely and anonymously. You can send bitcoins digitally using a mobile app or a computer.

This currency is stored in a digital wallet, which resides in the cloud or on your computer. It’s almost like a checking account, only it’s not insured by the FDIC nor is it subject to any regulations. Also, bitcoins aren’t tied to any country and have no credit card fees.

Each bitcoin transaction is available on a public log. However, only wallet IDs are revealed – the names of buyers and sellers are anonymous. This assured anonymity is the reason bitcoin payments have become the payment method of choice for cybercriminals.

To make a bitcoin payment, victims are usually instructed to download anonymous browsers for visiting a URL hosted on anonymous servers.

To pay or not to pay?

Should the victim of an attack pay the ransom for their files’ return? That is the million-dollar question!

While many are quick to give a blanket “no,” other experts say it may be worthwhile to pay the ransom.

Joseph Bonavolonta, the assistant special agent in charge of the FBI’s Cyber and Counterintelligence Program, claims that the FBI often advises people to pay the ransom.

He explains that when more people pay the ransom, it keeps the ransoms low. He also believes that most scammers will keep their word and decrypt the victim’s files.

However, other FBI officials disagree with Mr. Bonavolonta’s remarks and urge victims not to pay ransoms. They say there is never a guarantee of the files’ return, and that agreeing to the cybercrooks’ demands encourages more attacks.

One thing everyone agrees on, though, is that victims should seek assistance from law enforcement agencies. When victims share the names of their attackers or the details of their attack, the law enforcement agents will be able to tell them whether they’ve seen this group attack before and whether the group tends to return encrypted files.

If your computer’s been infected and you decide to pay the ransom, you may be looking at a payment that falls anywhere between $200 and $10,000.

Before you pay, though, find out if there’s a decryption tool online. You may be able to find the keys to decrypt your files on your own.

If you decide not to pay the ransom, shut down your computer and disconnect from your network. Scan your computer with an anti-virus or anti-malware program and let it remove everything on your device.


It’s always best to be proactive. Ward off strangers by strengthening your email’s spam filter. Also, don’t ever click on suspicious links or download mobile apps from unfamiliar application stores.

Make sure your operating system (OS) is protected with a strong firewall, spyware and sufficient, updated anti-virus software.

It’s equally important to back up your files on an external hard drive or on a USB every few weeks.

Despite your best efforts, you may be the victim of a ransomware attack. If the unthinkable happens, keep your cool, contact a law enforcement agency to get info about your attacker, and check for a decryption tool online. If you do decide to pay, make sure to take preventive measures against future attacks.

Beware The Make-A-Wish Charity Scam

Did you know that Americans donate a collective $373 billion to charity every year?

Generosity makes the world go round. Whether it’s helping out an established organization like the Red Cross or donating to a smaller charity through crowdfunding sites like GoFundMe, charity is wonderful.

Except when it’s not. Because, sad as it may be, there are hundreds of crooks who hide behind the security of a charitable organization to rob victims of their money. These scammers impersonate well-known charities or create a bogus one, then solicit funds and pocket the cash.

Most recently, scammers have used the Make-A-Wish Foundation as cover for luring victims into losing huge sums of money. This incredible organization is dedicated to granting the most longed-forwish of each terminally ill child. They can make anything happen, from a Disney trip to a baseball that’s autographed and personally delivered by Kris Bryant.

Sadly, scammers are now abusing the Make-A-Wish Foundation and our desire to do good to con people out of their money.

Here’s how it works.

The scammer calls the victim and announces that they’ve won hundreds of thousands of dollars in an alleged sweepstakes conducted by Make-A-Wish. The caller claims to be a government representative of the FTC or another federal institution. The “government official” then explains that the “winner” must pay thousands of dollars for taxes and insurance before they can lay hands on their winnings. To make the call seem authentic, it often bears a 202 area code – that of Washington, D.C., which is the headquarters for the FTC and most federal agencies.

Of course, there is no sweepstakes and the caller is no government official.

In fact, on the Make-A-Wish website, the organization clearly asserts that it does not conduct sweepstakes, ever. If you fall for the scam and wire your money over or share your personal financial information, you’ll never hear from the caller or your money again.

There are several blinking red lights here that should alert you to the fraudulence of this call.

First, the FTC has more important things to do than hand out sweepstakes prizes. Second, you should never have to pay money to claim a prize. And third, no legitimate organization will ask for such large amounts of money to be paid over the phone.

If you’ve been contacted, do your due diligence to stop those crooks from preying on other victims. Report the scam immediately at Next, let Make-A-Wish know. You can notify them through their website, at Do your part to prevent these scams from succeeding.

Unfortunately, this latest scam is not the first to use a charity for cover, and it certainly won’t be the last.
If you love giving to charity and helping those who are less fortunate, you may be feeling doubtful now. Going forward, how can you possibly know when a charity that’s soliciting funds is a genuine appeal and when it’s a scam?

As always, [credit union] is here to keep you and your money safe. Here’s how to verify that you’re donating to legitimate charities:

1.) Don’t donate over the phone

In general, it’s best not to donate over the phone. It’s difficult to determine authenticity, and up to 95 cents of every donated dollar can go to the telemarketer who just interupted your dinner.

2.) Be wary of sob stories

Tear-jerker tales may get us to part with our money, but a legitimate group will not rely on sob stories to solicit funds. When an organization is preying on your heart strings to the point of discomfort, you may be falling for a scam.

3.) Donate with caution after catastrophe

Natural disasters bring out the kindness and generosity in people. They also bring out the crooks. Well before Hurricane Katrina even struck land, the FBI uncovered 4,000 websites with the storm’s name in their titles, most of which were run by criminals who lived overseas.

When disaster strikes, though, you do want to help – and you still can. Just make sure your money is going to larger organizations and names you recognize. Don’t wait for them to reach out to you. Donate through the charity’s website or by calling them yourself. This way, you’ll know you’ve reached the right party.

4.) Know the charity 

When choosing a charity, do some research. Find out what the charity stands for and about the programs and fund-raising campaigns they run. This way, when someone calls impersonating this organization while collecting for a cause you know they don’t support, you’ll recognize the scam. If all the victims of the Make-A-Wish scam knew that the foundation does not conduct sweepstakes, the scam would never get off the ground.

5.) Read the reviews

Aside from checking out the charity’s official website, you’ll want to read some third-party reviews. You can check for a charity’s legitimacy on objective review sites like CharityNavigator and CharityWatch.

6.) Ask for info

You’ll sometimes be asked for donations over the phone, and the caller will sound genuine and sincere. You’ll be tempted to give money, but first, verify that the solicitor is indeed representing a charity. Ask for details. What is the organization’s mission? How will this money be used? Will you receive a receipt for tax purposes? If the caller isn’t forthcoming or confident with their answers, hang up!

7.) Give safely

As always, never wire money to an unverified recipient. It’s like paying with cash – there’s no way to get it back. Similarly, only provide sensitive information if you’re absolutely certain the caller is genuine. As mentioned, if you’re in doubt, contact the organization on your own to donate funds.

Donating to charity is a beautiful thing. Don’t let a bunch of fraudsters ruin it for you or the beneficiaries of your compassion. Learn how to recognize charity scams so you can continue giving with a full heart.

Save Money While Vacationing Abroad

Winging your way across the ocean, whimsical browsing in quaint shops and dining on exotic fare in an outdoor Paris cafe are the things that make up dream vacations.

But when you’re wondering whether the money changer has taken you for a ride or you’ve busted your budget after only two days, that dream can quickly turn into a nightmare. Here’s how to get the most for your money and be a savvy traveler while vacationing overseas:

1.) Use credit cards

Traveling abroad is one of the times when credit card use is highly recommended. Swiping your plastic will greatly simplify your money matters while you’re on vacation. You won’t be left wondering if you’ve been given a good exchange rate for your dollars or if the souvenir you’re fingering is outrageously overpriced when you’re paying with your own currency. Credit cards are also harder to pickpocket than wads of cash. Even if they are swiped, one quick phone call can put a stop to the fallout, whereas stolen cash is gone forever.


Before you board your flight, though, you’ll want to ensure your card is ready for swiping while abroad. First, determine whether your card has a foreign transaction fee. If it does, you might want to apply for a new one without a fee. Also, make sure your credit card company knows about your travels and won’t flag your purchases as fraud activity. Lastly, if you do not yet have a chip-enabled card, be sure to carry your passport with you, as many European countries don’t accept magnetic-strip credit cards without proper identification.


2.) Know the local currency exchange rate

While primarily using credit cards will minimize the hassle of exchanging currency, it won’t eliminate it. There will be the occasional vendor who will only accept cash, making that exchange necessary.

Make sure you know what the current exchange rate is before you set foot on foreign soil. You can easily access this information by downloading an exchange app that tells you how your dollar stacks up against the world’s currencies. XE Currency and My Currency Converter are two great options.

Also, when given a receipt or a bill, ask for the price in the local currency. Foreign merchants know you can’t make heads or tails of the exchange rate, and that by quoting a price in American dollars you’ll think you’re getting a great deal. In truth, though, they could be taking advantage of your naivety by hiking up the price just for you. When you ask for the price in local currency, you can determine the equivalent in American dollars on your own, and whether you are indeed getting a good deal or not.

3.) Dining on a budget

You haven’t fully experienced a city without trying the local eats, but that doesn’t mean you need to blow your budget on pricey restaurants. Instead, dine out in a high-end restaurant during one evening of your stay, and get creative for the rest of your vacation.  You can pick up some supplies at a local grocery, delighting in the foreign packaging and strange food items displayed on the shelves. Enjoy a light lunch at a street cafe for half the price of a dimly-lit restaurant. Or, make the rounds of the sidewalk vendors for a meal that will satisfy your craving for exotic cuisine while still being easy on the wallet.

4.) Screen your car rental

Before you book that car, review your itinerary to be sure it’s absolutely necessary. If a set of wheels is a must, search through discount booking sites like and to help you snag the best possible deal. Next, check whether your auto insurance provider will cover accidents while overseas or if you need to purchase insurance. Also, be sure to scan the traveler reviews of any rental companies you’re considering to see if they have inflated their rental rates in the past. Lastly, review local traffic laws to ensure that you drive safely and that you don’t drive on the wrong side of the road!

5.) Use cheap transportation

If you feel like you can get away without booking a car, you’ll save even more by using the cheapest transportation available. Don’t call a cab! Get the real feel of the city by walking to your destination. Hop on a bus or board a train to rub shoulders with the locals and imbibe their culture and mentality. Be sure to check for any traveler’s discounts before purchasing tickets, as many hot spots for tourists offer great deals for vacationers.

6.) Steer clear of the ‘only here’ mindset

When you’ve finally made that long-awaited trip abroad, you want to do, well, just about everything. After all, when will you get another chance like this? You don’t want to go home regretting missed opportunities. But make sure you don’t overdo it and wind up broke! It’s best to create a detailed itinerary and a reasonable budget before setting out on your trip. Include all the things you want to do, and narrow it down as much as possible to just the attractions that are truly unique to your destination. This way, you’ll get your dream vacation without breaking your budget.

Having trouble scraping together the funds for your dream getaway? Call, click or stop by today to ask about joining a vacation club or taking out a vacation loan. We’re here to help make that dream a reality!

6 Ways To Save On Your Summer Vaca

The ocean is calling – and so is the open road. Your dream vacation awaits! But first, you need to work out the financial details. How are you going to pay for your getaway? How much can you realistically spend? Where is the money for your vacation going to come from?

The ocean is calling – and so is the open road. Your dream vacation awaits! But first, you need to work out the financial details. How are you going to pay for your getaway? How much can you realistically spend? Where is the money for your vacation going to come from?

Ideally, a plump vacation fund that’s fed throughout the year is the way to go. Unfortunately, though, we often don’t think about how to pay for vacation until it’s a few weeks away. To make things even worse, according to LearnVest, an alarming 74% of Americans go into debt to pay for a vacation.

Don’t become part of that statistic! Be proactive in planning your vacation by saving up for it in advance. Forgo some luxuries in the months or weeks leading up to your vacation and save the extra cash for your getaway. Consider running a yard sale featuring all of your forgotten treasures and use the profits to fund your trip. Skip your weekly dinner out for a while and put the money in your vacation budget.

Now it’s time to plan your vacation! When you’ve got the money saved up, create a realistic vacation budget. These six vacation saving tips will help you plan the perfect getaway while staying well within your budget.


1.) Timing is everything

Be a savvy shopper. There is an ideal window for buying everything, and booking airline flights is no exception. Flight prices generally fluctuate until departure day, but experts say the sweet spot is 54 days before your travel date. If you don’t want to be busy checking prices all day, sign up for emails from a savings alert site. Let them know which dates and locations you’re interested in, and they’ll let you know when a flight goes on sale so you can book your discounted tickets before they’re sold out.


2.) Clear your cache

Hotel and airline sites use cookies to determine what you’re shopping for. They’ll see which days you’re searching and raise their prices accordingly. Beat the system by clearing your cache before every new search so they can’t read into your browser history. You might see as much as a 50% drop in prices when searching with an empty cache!


3.) Sweet-talk your way to savings

Just because your hotel room is pre-booked, it doesn’t mean you can’t save. Don’t be shy about asking for an upgrade at check-in. About 78% of hotel guests who request an upgrade at the front desk actually receive one. Some face-to-face schmoozing can go a long way!

Also, by 6 p.m., most hotels know which rooms will be filled for the night. If you check in later in the day, you’ll have a better chance at getting the keys to the room with the incredible view – even with your economy-class price tag.


4.) Never pay full price

You can score a deluxe vacation without the deluxe price tag – all it takes is a little research. Check sites like, and for amazing deals and deep discounts for local eateries and entertainment centers. You can also find cheaper tickets to nearby amusement parks by looking for sellers on Craigslist. Also, if you’re traveling with kids, don’t forget to look up restaurants with “Kids Eat Free” promotions.


5.) Freebie fun

Challenge yourself to enjoy one day of your vacation without spending any money at all. Search local sites and blogs for write-ups about fantastic free things to do nearby. You might find a charming family farm, a gorgeous waterway, a fun splash pad for the kids or a scenic hiking trail. Or, just spend the day at the closest beach!

Don’t eat out on this day either. Many hotels include a continental breakfast – take full advantage. For lunch, you can picnic on sandwiches. Dinner can be something effortless and delicious that you brought from home or pick up at a local supermarket. Consider packing a travel grill or panini maker for easy meals. You can heat up some hot dogs or burger patties, or bring some baguettes and an assortment of sliced cheeses for fresh paninis. Round off the meal with some pre-sliced veggies.

You’ll be surprised at how much fun you can have without spending a penny!

6.) Save your mega event for the last day

The taste of dessert is what lingers after the meal is through. End your vacation on a sweet note by saving your most exciting event for your last day away.

If you’re unsure of how you’re going to fund your getaway, call, click or stop by to ask about taking out a personal loan or joining a vacation club. We want to help you make your dream vacation come true!

Summertime in Scam City

Scammers don’t take summers off. In fact, some scams ramp up during the summer, particularly those geared toward vacations or travel.

An increasingly common one involves hotels. You’re awakened at night by a phone call from the front desk saying there’s been a problem with your credit card. Then, you are asked to read the number one more time, presumably to run it again. The scammers hope you’ll do something while half-asleep that you’d never do when wide awake: give out credit card info to a stranger on the phone.

Other hotel guests find pizza delivery menus slipped under their doors, and when they place an order using a debit or credit card, they get no extra cheese … just a stolen identity.

Another scam involves a cabbie who unloads your bags at the hotel or airport in a rush, then speeds away with at least one of your bags in the trunk. Sgt. Jerry MacDonald of the Las Vegas Police Department has seen plenty of this one: “Trust me when I tell you, they’ll snatch your luggage up faster than you can blink an eye.”

Scams can happen anytime, though. And they can happen anywhere. Scammers often take advantage of the very technologies we’ve grown to depend on. For instance, a recent version involves cellphones and the number 72. You might receive an awful call telling you of a death in the family followed with instructions to call another number beginning with *72 for details (a hospital, perhaps, or a doctor). But there’s no death and no doctor; this just transfers your number to the scammer, who can give it to anyone in the world, with you picking up the tab. Don’t use *72 or any other number to forward calls to someone you don’t know.

Phones are also the medium for juror scams, in which individuals get calls saying they’ve failed to turn up for jury duty and asking for personal details so the court can cancel an arrest warrant. They may also suggest they confirm those details for possible future jury duty. Be aware: Courts never seek details like a credit card or Social Security number over the phone. If in doubt, contact the court directly. And report the incident to the police.

Speaking of police, there are reports of scammers telephoning as bogus cops, saying the marks have been photographed breaking the speed limit. They are demanding a hefty fine (payable by credit card, naturally). Don’t be cowed; legitimate police officers don’t do this. Ever.

Everyone uses text messaging today, so text phishing has become as common as email phishing used to be. Scammers will send a text message, supposedly from your bank or credit union, asking you to visit a website that, once again, asks for personal details to “unlock” or “verify” your account. As a general rule, never follow a link you’re not sure about.

A new twist on the scam phone call has been reported by the US Citizenship and Immigration Services (USCIS): scammers are calling immigrants in the US pretending to be from Immigration, Refugees, and Citizenship Canada (IRCC). They threaten people with investigation or a lawsuit, throwing around terms like “affidavit” and “allegations,” and of course they tell you to pay by money transfer or gift card. The IRCC, like the USCIS, doesn’t collect payments this way, and they have no reason to ask for basic personal info they would already possess (date of birth, for example, or passport number). And they don’t threaten to arrest or deport people.

David Dewey, director of research at Pindrop Security, says scammers thwarted by the added protection of chip-embedded credit cards have now turned to mobile wallets, tapping into accounts through Apple Pay, Google Wallet, Samsung Pay, Android Pay, PayPal and others.

Dewey put the security of mobile wallets to a little test: He secretly copied credit card numbers and expiration dates from a few colleagues, then a little Google investigating revealed the answers to “secure” identification questions (such as a colleague’s mother’s maiden name). Within minutes, Dewey had strolled over to Whole Foods and bought lunch for the office. (The colleague was reimbursed.)

“It’s amazing how easy it was to add somebody else’s credit card info to my Apple Pay account,” Dewey says. There will always be new scams to take advantage of new technologies. Check your credit card statements carefully for unexpected charges.

Finally, with new Medicare cards on the way (no longer showing your Social Security number), scammers are taking advantage by calling, claiming to be from Medicare. They are asking for your Social Security number or demanding you pay for your new card. Hang up, and report scams to the FTC. Medicare will never call you, and your new card is free.

No matter your circumstances, if you get a call or email asking for your money or personal information – stop. Don’t wire money. Just hang up. You’ll remember your summer much more fondly.

Newlyweds: Don't Let Financial Stress Take the Cake

There are so many things to think about when you’re just married, or about to be, and no one would rate finances as the most exciting of them. In fact, studies show that money (not relatives) is the number one reason couples argue. Those financial arguments (again, not relatives) are one of the top predictors of divorce.

So, how can you avoid becoming a statistic? Here are some tips.

Talk To Each Other

A poll by the National Foundation for Credit Counseling found that 68% of engaged couples held a negative attitude about discussing money. 45% considered it “necessary but awkward,” while 7% said it was “likely to lead to a fight.” Five percent said they thought it would cause them to call off the wedding.

The result? Couples just don’t talk about finances. A Fidelity survey said more than one-third don’t even know their partner’s salary. The irony is that 72% of those same couples said they communicate “very well” about financial matters.

It’s not surprising, when you think about it. What’s romantic or sexy about debt, budgets, taxes, wills, and the like? But, while there isn’t a plan to keep every newly married couple happy, experts agree: Don’t wait to talk about money.

Taxes, for example, are boring (and scary), but they may be important right now. If you and your spouse are employed, the “marriage penalty” may force you to pay more taxes when married than while you were single. So, think about marrying in January rather than December. But if one spouse earns most of the money, you’ll enjoy a “marriage bonus” and pay less than two singles; a December wedding might be wise in that scenario.

Speaking about money now is definitely important, but so is how. A 2004 study by SmartMoney found that more than 70% of couples talk about money at least weekly. So what’s the problem? “Most of us don’t know how to talk about money,” says Mary Claire Allvine, a certified financial planner. “People tend to be emotional and reactive, not strategic.”

Whether you talk about money weekly, monthly or on some other schedule, what matters is that you agree on a system and stay open to changing it.

Get Started

Taking the first step can be difficult, so start off easy, with questions like “What’s your first money memory?” or “How did you spend your allowance?” Then move on to some of these:

  • “Are you a spender or a saver?” – If one of you is a saver and the other a spender, create a budget that considers both styles. Studies show that men and women spend differently. Women often take care of daily expenses (groceries, utilities, clothes) while men make larger purchases, such as TVs, cars or computers. The amounts might be the same, but the perceptions are very different. About 36% of partners don’t talk to each other about big purchases, and that’s a recipe for disaster.
  • “Are you in debt?” – A TD Ameritrade survey found that 38% of couples were “only somewhat” or “not at all” aware   of their partner’s debts. When you get married, your spouse’s debt doesn’t automatically becomes yours, but what he or she owes will affect both your choices. For instance, heavy credit card debt could make it more difficult to buy a home. Make reducing debt a priority.
  • “What are your financial goals?” or “Where do you want to be five or twenty years from now?” – People who identify specific goals make faster progress toward savings and investing targets. But first, you need to agree on what those targets are: buying a home, starting a family, being debt-free? List your individual goals, then share them with each other and make a joint plan.

Know what’s important to each of you. What do you value more, things you can keep or experiences to remember?       Maybe one of you wants to buy a house while the other thinks saving for retirement is essential. Get these things out in the open early.


Trust Each Other

A recent Money survey revealed that couples who trust their partner with finances feel more secure, argue less, and have more fulfilling sex lives. That level of trust, though, isn’t common among newlyweds. “We’re intimate with our partners in so many ways before marriage, and yet money remains off the table,” says Paula Levy, a marriage and family therapist.

Be honest. If you made a purchase you shouldn’t have, own up to it. Some 40% of men and women confess they’ve lied to their spouse about the price of something they bought, and lying about money can have huge repercussions.

Support each other. Retreating doesn’t help, and neither does finger-pointing. Work together to come up with a game plan.


You’re Still Individuals

Celebrate the differences. If your partner is a bargain-hunter, put him in charge of the spending while you invest the savings. And decide on a monthly amount each of you can spend, no questions asked. The average amount couples say this should be, according to Money, is $150.

There are pros and cons to opening a joint bank account. SmartMoney found that 64% of couples put all of their money in joint accounts, while 14% kept everything in separate accounts. For many newlyweds, the ideal choice may be both: yours, mine, and our accounts. Once you’ve determined shared living expenses, both of you can contribute your portion of those costs to the joint account based on your share of household income.


Ask For Help

If you and your spouse find money conversations tough, you might want to bring in a financial planner or other professional. We can help – that’s why they’re there. Take steps now to ensure that money won’t put rocks on your path to wedded bliss.

Beware of WannaCry Ransomware

On Friday, May 12, an unprecedented virus spread through the internet, creating enormous damage and loss. The WannaCry ransomware, as it is called, attacked 57,000 computers in less than a day.

Ransomware works by holding a victim’s data under “ransom.” The virus encrypts the data and holds it hostage unless the victim pays a ransom, and the files are promised to be decrypted for the user.

The WannaCry virus demands a payment of $300 in exchange for decrypting infected files. If the victim does not pay within three days, the ransom doubles to $600. When seven days go by without payment, WannaCry deletes all the files.

By the following Monday morning, more than 200,000 systems worldwide were infected by the virus, with European countries being hit the hardest.

If your computer is infected, it’s best not to pay the ransom. Instead, restore backup files to your computer or seek help from a professional. Paying up doesn’t guarantee your files’ return and it encourages attackers to infect your computer again.

Here are 5 steps you can take to keep your computer safe:

1.) Create a backup of your files

Invest in an external hard drive and make regular backups of your data. This will protect your files in case anything happens to your computer. You can also subscribe to a cloud backup service and regularly store your most important data. There are multiple free (to a limit) cloud services you can use, such as Google Drive, Apple iCloud or Dropbox.

2.) Use Microsoft’s fix

Upon discovering that WannaCry spread through a weakness in Microsoft Windows, the software giant released a fix for the vulnerability. Protect your computer by using the fix to strengthen its code.

3.) Update your operating system

No one knows if there are any other weaknesses in Windows that can be exploited for another virus. It’s important to update your OS to the most recent version, preferably to Windows 10, as soon as possible. The more updated your software, the less likely it is that it contains such vulnerabilities.

4.) Use a firewall

A strong firewall will prevent ransomware from accessing your computer. Since malware is always evolving, it’s important to update your firewall on a regular basis to ensure protection from the most recent malware.

5.) Avoid suspicious websites and emails

It’s easy for hackers to infect your computer. All they need is for you to click on a banner ad and – oops! Malware is installed and it can access you computer and all your files.

Following a link in an email can also infect your computer. When online, be on guard. Never visit suspicious-looking sites or click on ads that look shady. Don’t download anything you can’t explain or click on links found in emails from companies you’re not familiar with.

No one knows when WannaCry will stop circulating, but it always pays to be careful. Take the necessary measures to protect yourself today.

What you Need to Know About EMVs

Are you a swiper or a dipper? Chances are, you have at least one EMV chip-enabled card in your wallet.

EMV, which stands for Europay, Mastercard and Visa, and has been used for years throughout the world, was introduced in the U.S. about 18 months ago. The cards are also called smart cards, chip cards, smart-chip cards and chip-enabled smart cards.

Here’s what you need to know about the new generation of cards.

1.) Increased protection against fraud

The number one reason the U.S. is making the switch to chip cards is to curb rampant credit card fraud. Things have gotten really bad – before the switch, the U.S. was home to nearly half of the world’s credit card fraud!

Experts pin the high rate of fraud on the outdated system the U.S. had been using. The magnetic strips on your old credit and debit cards store static, unchanging data. That means anyone who gets their hands on that data can do whatever they want with it, like racking up huge bills, emptying accounts and taking out loans in your name.

In contrast, EMV cards create a unique transaction code for each purchase you make. That code cannot be used again, so even if a fraudster steals the chip information from a point of sale, they won’t be able to use that transaction number for another purchase. The data transmitted during each transaction is also encrypted, adding more to the security measures it offers.

EMV technology will not prevent data breaches from occurring, but it will make it much harder for criminals to profit from what they steal. Experts are hopeful this shift will significantly reduce credit card fraud in the U.S., and studies show that U.S. counterfeit fraud rates have already decreased. According to Visa, chip-enabled merchants saw a 52% drop in counterfeit fraud from 2015 to 2016.


2.) How it works

Like their counterparts, chip cards are processed through the two steps of card-reading and verification. However, there’s no quick swipe involved. Instead, you’ll be asked to insert, or dip, your card into a terminal slot, and then leave it there as you wait for the transaction to process.

When your card is dipped, data is transmitted from the card chip and the issuing financial institution to verify the card’s legitimacy and to create the unique transaction code. This process will take a bit longer than a swipe.

Aside for dipping, EMV cards can also support contactless card reading, also known as near field communication, or NFC. NFC-equipped cards are tapped against a terminal scanner, which reads the data from the card’s embedded computer chip.

Contactless transactions are faster and more consumer-friendly than dipping; all you need to do is tap! Unfortunately, though, the equipment needed to scan them is expensive, so this option is not yet widely available.

After you’ve inserted your card into the payment terminal, the card acts just like your ordinary magnetic-stripe card. You may be asked for a PIN or a signature, which will be transmitted to the payment terminal for verification and approval. If your merchant is not equipped with a chip-card reader, your EMV card can also be read with an ordinary swipe.

You may find yourself at a point-of-sale terminal, unsure of whether to dip or swipe. No worries – the terminal will guide you. If you enter a card into a chip-reader slot that hasn’t been activated, it’ll prompt you to swipe your card. Likewise, if you try swiping instead of inserting into an activated chip-reader, you’ll be prompted to dip your card instead.


3.) Fraud liability changes

The shift to EMV presents several changes for merchants and financial institutions. Issuing new cards and purchasing new processing technology is an expensive undertaking.

But there’s more than just cost involved. The switch to EMV represents new liability rules.

Though fraud is harder to pull off with chip cards, it’s still possible. In the event that an EMV card is frauded, who is held responsible?

The rule with transactions conducted using counterfeit or stolen magnetic-strip cards is pretty straightforward: consumer losses fall back on the payment processor or issuing financial institution, depending on the card’s terms and conditions.

Card chip-fraud works somewhat differently. Since the Oct. 1, 2015 deadline created by the four major U.S. credit card companies, the liability for card fraud has shifted to whichever party is the least EMV-compliant in the transaction. This means if the merchant is not equipped with chip-card reading equipment, they will be held responsible. If the consumer’s financial institution has not provided them with an EMV card, they’re footing the bill.

So, while replacing payment processors and issuing new cards is an initially expensive venture, it will save businesses and financial institutions the huge cost of being held responsible for fraud payouts in the long run.


4.) Increase in online fraud

The EMV transition is not all good news on the fraud front. Though it helped cut in-store fraud in 2016, it also gave consumers a false sense of security, spiking online fraud. Chip card or magnetic strip, for an online purchase, makes no difference at all. When buying something on the internet, it’s up to you to be extra vigilant and ensure you aren’t being frauded.

Fortunately, protecting yourself against online fraud is easy. First, always shop with a reputable retailer and read reviews before sharing your card information. Never give personal information over email, or authorize a wireless money transfer for a website or merchant if you are not familiar with them. Also, consider using tokenized systems like ApplePay, where your personal information is transformed into a numerical token instead of an actual card number.

Beware Of Fake Checks! Protect Yourself From The Latest Scam

Despite a rapidly changing economy and a constantly evolving banking system, personal checks don’t look all that different from the way they looked 50 years ago. They represent a system of trust and goodwill. Recently, though, they’ve been used as the means for pulling off some nasty scams.

The National Credit Union Administration (NCUA) has recently cautioned consumers to be extra wary of an uptick in the circulation of fake check scams. The Federal Trade Commission (FTC) also recently issued an alert regarding a fake check scam.

There are several variations of the fake check scam, but they all end with the victim losing thousands of dollars.

The scam may be done under the pretext of a work-at-home job, an online sale or a sweepstakes that you’ve miraculously “won.” You’ll be asked to deposit a check or money order worth several thousands of dollars more than the amount you’re supposedly owed and then wire the difference to your contact. They’ll always have a story to explain why that process is necessary – such as they’re avoiding complicated overseas tax laws, an error on their part or they need you to cover fees. If they’ve “employed” you, they may claim that these checks are from their “clients” and need to be processed after you’ve deducted your portion.

Of course, these checks are completely phony. Unfortunately, it can take several weeks for a financial institution to recognize a fake check. By that time, you may have already sent the requested amount to the scammer, and by the time you realize the check was fraudulent, it’s too late to reclaim your money. Worse yet, you’ll be responsible to pay the fee for the bounced check. If you didn’t have sufficient funds to pay the amount you sent to the scammers and you were relying on their check to cover the amount, you’ll also need to reimburse the financial institution for that money.

If you think you’re too smart to fall for this scam, think again. Fake checks can be extremely hard to recognize, as they often bear the name and logo of legitimate financial institutions. In fact, the Council of Better Business Bureaus recently released list of the most risky scams, fake check scams rated number two.

Keep yourself safe by following these tips:

1.) Wait for clearance

It’s hard to tell if an online job is bogus until your first paycheck clears. Wait several weeks until you can verify that the funds from a deposited check are completely available before making any wire transfers with that money. Never use the funds from a deposited check from an unknown source until you are absolutely certain it has cleared.


2.) Ask questions

If an online sale or job sounds suspicious, don’t be afraid to be curious. Ask about the overpayment and the inflated checks. When you’re told a long, rambling tale about overseas charges and company errors, ask more questions. Demand a new check and some sound answers. If you don’t receive what you ask for, rip up the check and shut down any communication you might have had with them.


3.) Play hard to get

Scammers find your information by buying lists of potential victims from other scammers, randomly calling thousands of numbers and reviewing your online activity to see if you’re a good target. They’ll check if you click on enticing but unbelievable offers, and determine whether you’re looking for a job. They’ll check whether you open every email you receive and answer every phone call.

Stay one step ahead of their game by being as anonymous as possible. Make sure your number is on the FTC’s Do Not Call List. You can add your number to the list at Strengthen your spam filter and never answer emails that sound too incredible to be true. Be wary of answering calls from unknown numbers – just picking up the phone makes you a credible target.

Lastly, if you or someone you know has been victimized by a fake check scam, be sure to report the scam to your local law enforcement agency and to contact your state’s attorney general. It’s also important to file a complaint with the FTC, where it will be filed in a secure online database used to help international law enforcement agencies track down the criminals responsible for these reprehensible scams.

Remember: the best protection against scams is to be informed and to be aware. Always be on the alert for those low-down scammers who are trying to take advantage of your trust and goodwill.

Stay in the know, and stay safe!

Nest: Save On Utility Bills Right From Your Pocket

Nest is a smart thermostat. It allows you to control the temperature of your home right from your smartphone. Within about a week, Nest learns your habits and adjusts to your preferred temperatures.

Who’s it for? Anyone who wants to save money on their heating and cooling bills. Nest automatically lowers the temperature when you go to bed and shuts off when no one is home. The average user saves 10-12% on their heating bills and 15% on cooling bills.

Nest is also great for people who own vacation homes. If you see a big temperature drop coming, but you’re at your full-time residence, you can turn the heat on at your second home so your pipes don’t freeze.

What platforms? iOS and Android

Cost? The app is free. The device itself costs about $250, depending on the retailer. If you need professional installation, it costs between $99-250.

We seem to run our lives from our smartphones, and now we can run our thermostats that way, too. Nest is connected to your Wi-Fi, which allows you to control it from your smartphone.

But the best thing about the Nest thermostat is its intuitiveness. You don’t have to use the app to turn the heat on before you get home from work. You can skip have that moment of panic while on vacation when you realize you left your air conditioner running. Nest knows the rhythms of your life and adjusts accordingly. It knows what time you come home from work and knows if nobody’s home so it makes appropriate changes for you. Plus, you can make adjustments using the app if you need to do that.

Nest comes with some great additional features. You can look at your energy history to see how much you are using. Daily reports show how much energy you’re saving and give tips on how to use less to save even more on your bill. When you’re choosing temperature settings, you’ll see a leaf symbol when you’ve chosen one that saves energy.

You got a great rate on your mortgage with MIT Federal Credit Union. Save even more money by installing Nest!

Plus, now through May 31st, you can enter our raffle to win money towards a Nest or any other home automation product. Stop by any of our three branches to enter and learn more!

Teach Your Little Owls to Fly With Money Talks

The first step to teaching your kids about money is talking about money.

“The most effective way to teach is by having frequent discussions and don’t ever lecture,” said Ted Beck, president and chief executive of the National Endowment for Financial Education, in a recent Wall Street Journal article. “Look for teachable moments and always be willing to answer questions.”

Unfortunately, this can also be the hardest.

A 2015 T. Rowe Price survey found that 72% of parents experienced at least some reluctance to talk to their kids about financial matters, and 18% were either very or extremely reluctant. The most common reasons given were that the parents didn’t want them to worry about financial matters or thought they were too young to understand.

But on his blog, the personal-finance guru and radio host Dave Ramsey encourages parents to be more open with their kids about money, even their failures. Parents’ biggest regrets are often not saving enough or going into too much debt, wrote Ramsey. Being honest about that in an age-appropriate way, he stated, can be a powerful lesson.

So how to start the talk?

  • Ask questions. If you’re going out to eat, talk about the price difference between the options, and ask them which they would choose. If they select the more expensive, talk through what you might have to give up later in the week.
  • Make them part of your budgeting. If you’re doing any kind of financial planning for the year, solicit input from your kids. Enlist them in your saving goals—no one watches you more closely than your kids, so they’re natural accountability partners! If you’re uncomfortable revealing too much of your financial picture, you can keep the discussions high level, but involving them makes money less abstract.
  • Open a savings account at MIT Federal Credit Union. This is the best way to help them to learn to save for what they find meaningful in life. A lifetime of good savings habits can start now!

Don’t Panic: Filing Taxes As A College Student

Imagine skipping a day of class, then coming into the next session and seeing a test. You open the packet and see what appears to be gibberish staring back at you. Everyone else around you seems to have a perfect grasp of what’s going on, but you’re just stumbling in the dark.

That can be what the process of preparing your taxes can feel like the first time you do them. You’re given a big pile of paper and expected to sort it out yourself. It’s easy to get overwhelmed.

Before you start to panic, though, take a deep breath. There are a few questions that might make your life much easier. Grab that big stack of paper and ask yourself…

1.) Do I even have to file?
There’s an easy way to short circuit this whole process. If you didn’t make much money last year, you don’t have to file taxes. If your earned income (wages and tips) is less than $6,300 and your unearned income (interest and dividends) is less than $1,050, you probably don’t have to file taxes.

Of course, you might still want to do so. If you had a summer job, your employer took taxes out of your paycheck as though you’d been working all year. You might be able to get a little bit of a refund for your effort.

2.) How hard does this have to be?
If your tax situation is relatively simple, you may be eligible to use a form called the 1040-EZ (as in easy). It’s a much more straightforward document. You just enter your wages, your filing status (married or single) and the taxes you’ve already paid. It’s all laid out on your W-2, the form you got in the mail or online from your employer.

The 1040-EZ lives up to its name. It’s one page long. Once you put your name, address and Social Security number on it, you’re about halfway done. You don’t get to claim any tax credits, but there aren’t a lot of tax credits available for college students in any case.

3.) Where can I get help?
You don’t have to go it alone. If you’re feeling antisocial, you can (and should) use an e-filing service. The IRS has a tool to help you pick the best one. It’s available here:

There may also be tax help available. A program called the Volunteer Income Tax Assistance (VITA) is available on many college campuses. Business students looking to bolster their resumes will frequently volunteer to help with taxes for free. This is especially important if your tax situation is more complicated, like if you’re paying for college on your own or have self-employment income from a side hustle.

Charging Your Phone In Public? Watch That Port!

Smartphones have become an ubiquitous part of our lives. Even if it’s just there in case of emergencies, having a charged cellphone can provide a serious sense of security. That’s why, when the battery meter starts to tick down, a cold sense of panic rises in your stomach.

Many public places have begun to adapt to this change, and provide USB ports in addition to electrical outlets. Rather than jockeying with laptop users and carrying bulky outlet converters, smartphone owners can plug directly into the wall.

Sadly, this wonderful public good has become a playground for thieves. Scammers have hooked tiny computers into some of those ports. When you plug your phone in, they can install malicious programs on your phone. These programs report back personally identifiable information that thieves use to commit identity theft. Alternately, thieves can use the connection to your phone to look through your phone’s contents, stealing browser history data — including passwords. It’s called “Juice Jacking,” and it can take as little as three minutes for them to break your phone wide open.

It’s a phenomenon so new, even security experts are getting suckered. At a recent digital security conference, one security firm ran an experiment by offering public charging cables that anyone could use. Surprisingly, 80% of security experts at the conference used these cables without once inquiring about security!

Obviously, these scammers aren’t everywhere. They choose places where they can do the most damage — airports, coffee shops, shopping malls and other places where people hang out. If you’re at a place you trust, feel free to use the power. However, if you’re in a public place, watch out! Use these tips to stay safe and avoid Juice Jackers.

1.) Carry (or borrow) a power plug
The easiest way to thwart the scam is to only plug your phone into electrical outlets. There’s no computer on the other side there. The only problem with this option is you have to carry around your own power brick.

It’s a hassle to carry one more thing, but it’s worth it to avoid compromising your personal information. Consider shopping around to find a compact, square converter and keep it in your bag. If a power plug is a real hassle, only carry it on days when your phone is low on juice.

You can also use this as an opportunity to strike up a conversation with a stranger. Ask someone using a laptop if they have a plug you can borrow to connect your phone to a wall outlet. While not quite universal, chargers are pretty interchangeable. You don’t need one specific to your brand of phone.

2.) Pick up a battery
You can also carry your power solutions with you. Advancements in battery technology have made them smaller and more efficient than ever. You can find a battery pack the size of a pen that will refill your smartphone on a full charge. Slightly larger packs can provide several days’ worth of charge if you’ve got a little more space.

If it’s too much of a hassle to carry around, try keeping one in your glove compartment for emergencies. That way, you can grab it when you need it and charge it on the road. You’re not carrying around an extra piece of hardware all the time, but you get the security of knowing you’ve got a charge if you need one.

3.) Conserve your power
The easiest way to avoid using a public charging station is not to need one in the first place. There are several things you can do to save your phone’s charge if it looks like you’re running low. Even doing something like changing your wallpaper to all black will help add precious seconds to your run time.

For slightly more savings, keep your apps updated. The reason developers constantly release new versions is because they found ways to make things run more smoothly. Running outdated software could be chewing up your battery life.

Similarly, don’t enable auto-update. This can drain data in a hurry while also burning through battery life. Update apps manually when you’re connected to WiFi, or just disable automatic updates if your battery situation is looking dicey.

Women’s History Month: Women In Finance

Because March is Women’s History Month, we’re taking a moment to reflect on many of the important contributions women have made to society. At MIT Federal Credit Union, we’re proud to be a part of the nationwide celebration of women.

As part of this effort, we’d like to take time to recognize a few important women in the history of finance and entrepreneurship. Here are five lesser-known and underappreciated women who are sometimes left out of the popular economics conversation. That, of course, does not diminish the importance of their trailblazing efforts and work.

1.) Maggie Lena Walker, first female bank president

Maggie Lena Walker was the first woman to charter a bank. The St. Luke’s Penny Savings Bank was a community lending institution designed to promote savings and homeownership, especially among women and racial minorities. Founded in 1902, the bank served the Richmond, Virginia area for several years before it merged with two other banks. Walker went on to serve as chair of the board for the consolidated bank.

By 1920, St. Luke’s had helped more than 600 people buy homes. Walker’s vision and leadership set the standard for community lending institutions. Her bravery and trailblazing business spirit, at a time when women didn’t yet have the right to vote, is truly commendable.

2.) Marie Van Brittan Brown, inventor of the home security system

While few museums will showcase her work, nearly all of them have some modern iteration of the device Marie Van Brittan Brown pioneered. She was the original architect of the home security system. Her system was devised in response to the dangers she perceived in her own neighborhood.

Concerned about the length of time it would take police to respond to a call for help, Brown put a camera on a mobile swivel to enable it to view the front door through each of four peepholes. A motion sensor triggered a recording device, and the system also enabled the homeowner to view and listen to the cameras by using a television set. Brown’s original home security system soon caught on in businesses around the country. She was given an award from the National Science Committee for her work.

3.) Victoria Woodhall and Tennessee Clafin, first female stock brokers

These two pioneering sisters broke the gender barrier on Wall Street. They ran the first female-owned brokerage. Despite the blatant sexism they faced in their struggle, the two sisters made millions advising clients like Cornelius Vanderbilt. While enduring headlines like “Wall Street Aroused,” the two sisters quietly made enough money to put their male counterparts to shame.

Woodhall would go on to be a polarizing figure in the suffrage movement. She made the first recorded run for president as a woman, doing so a full 50 years before women were legally allowed to vote! While her suffrage-based platform didn’t carry the election, her intellect and force of persuasion were instrumental to the passage of the 19th Amendment.

4.) Rosemary McFadden, first female exchange president

Rosemary McFadden broke another gender barrier in finance. She was the first woman to serve as president of any American exchange. Starting her career as a staff attorney for the New York Mercantile Exchange, she climbed the career ladder to become the first female president of that organization or any other trading exchange in American history in 1984.

Despite the steep resistance she encountered as the first woman in a traditionally male position, McFadden was a strong and effective leader. When her term was up, she continued to climb towards greatness. She now serves as deputy mayor of Jersey City, New Jersey.

5.) Abigail Adams, first female investor

The wife of President John Adams is mostly noted for her documentation of the home front of the Revolutionary War and for her strident advocacy for women’s rights in the early years of the country’s founding. A little-known tidbit, though, is that she’s also America’s first documented female investor.

Adams managed the financial affairs for the household while her husband served in war and, later, in the White House. She was quite a shrewd woman, making a great deal of money investing in government bonds. In one exchange in 1783, her husband advised her to invest some money in farmland. She ignored the advice, buying bonds instead. The move made her family quite a bit more money in the long run!

Shop Smart

We've all heard about the consumer psychology at play in the setup of grocery stores. The basics, like eggs and milk, are in the back of the store, forcing you to pass by aisles packed with things you don't need. The checkouts are lined with impulse purchases aimed at catching your attention - and that of your kids. It's no wonder a quick run to the grocery store finds you spending way more than planned. But you can outsmart the store by following these easy tips.

Keep your kids home. If you can swing a supermarket run when the kids are sleeping or when everyone’s at school, go for it. Impulse purchases skyrocket when your cart is loaded with a child begging for “just one more treat” or a toddler who needs to be bribed out of a tantrum.

Stick to your list. This is an old piece of wisdom, but one worth following.

Beware of specials. Store owners are counting on you being too hurried to work out the math and realize that you’re not saving much, especially if it isn’t something you need.

Don’t grab a cart when you only came in for a few items. You’ll feel the need to fill it and won’t realize how much you’re buying.

Follow these easy tips and share with us: How much did you save on your grocery bill this month?

Cloudbleed: What You Need To Know About The Latest Data Breach

For as easy as it makes most aspects of our lives, the internet is far from simple. Services you’ve never heard of can make a huge impact on your life. That’s what we learned from last week’s data leak from Cloudflare, a distributed computing technology service. The leak has been dominating headlines, where it’s earned the name “Cloudbleed,” an homage to 2014’s “Heartbleed” leak.

For as easy as it makes most aspects of our lives, the internet is far from simple. Services you’ve never heard of can make a huge impact on your life. That’s what we learned from last week’s data leak from Cloudflare, a distributed computing technology service. The leak has been dominating headlines, where it’s earned the name “Cloudbleed,” an homage to 2014’s “Heartbleed” leak.

While Cloudbleed is nowhere near as serious, it still represents a threat to the security of millions of people. Cloudflare was used by many popular websites. Here’s what you need to know to keep yourself safe.


What happened?

Cloudflare is what’s called a content management service. It serves as a middleman in a lot of internet information exchanges. For example, your browser sends a request to a webpage, which is routed through one of Cloudflare’s servers. Cloudflare verifies that it’s a legitimate request as opposed to a bot or malicious attack, then passes the request on to the website. The website sends data back to you through Cloudflare. Cloudflare provides security against various kinds of attacks, so websites are safer and faster.

The problem is that Cloudflare didn’t always clean up one request before moving on to the next. Bits of data were being sent along with web pages that contained information from previous requests. Some of these bits of data included sensitive information, like usernames and passwords.

No one attacked Cloudflare. This was just a bug in their code that resulted in the accidental release of sensitive data. This means it’s less likely that compromised information will be used maliciously, but it doesn’t mean Cloudbleed can be ignored.


Who’s affected?

Cloudflare was a very popular service for websites. Over seven million sites used Cloudflare at the time of the leak. Some of the biggest names on the list are fitness site Fitbit, dating site OkCupid, and review service Yelp. Perhaps the biggest danger was from password manager 1password, which may have revealed password information to other sites. 1password was quick to point out that only encrypted data had been released, so the danger to its users is very small.

The timeframe of the leak goes as far back as September 2016, so if you’ve used one of these sites in the past five months, your personal information may have been released. Since it becomes part of a website, it can then be stored by search engines. Yahoo, Google and Bing have worked together to eliminate the storage of personal information, and Cloudflare has fixed the bug in its code.

While a lot of data could have been affected, not much of it actually was. About one in every 3.3 million web requests turned up unwanted data. Some of that was just information, like messages from dating sites or hotel bookings. Very little of the compromised data was password information. Still, since it’s hard to prove your data wasn’t affected, it’s best to act as though your login information is compromised.


What do I need to do?

There are three steps every internet user needs to take right now. First, change your passwords. It’s very unlikely that anyone has not used a Cloudflare site, and that use could mean risk in a data breach. Create new, strong, unique passwords for each site. One good strategy is to put together four words that you think about when you look at the service. This creates a password that’s easy for you to remember, but difficult for a machine to guess.

Second, keep an eye on your account statements. Most often, identity thieves will use information to try to make illegal purchases or cash advances. If you notice any suspicious activity, report it immediately.

Third, where you can, enable two-factor authentication. Two-factor authentication adds another layer of security between would-be thieves and your accounts. In order to log in to your service, you’ll need both a password and a one-time code, usually sent to email or a cellphone. Using two-factor authentication not only stops thieves in their tracks, but it also notifies you that someone is trying to gain access to your accounts.

While Cloudbleed isn’t the biggest danger on the internet, it’s still a good reminder that we need to keep our guards up while surfing the web. Just because a page uses a password doesn’t mean it’s always secure. Of course, Cloudbleed also reminds us of one of the ironclad rules of internet security: When in doubt, change your passwords!

Beware of the Fake Tax Form Scam

Tax season is a confusing time. In the midst of a paperwork blizzard, it seems that everyone needs triplicate copies of every document. It's not unusual for someone to lose a copy of an important document and need it to be re-issued. Of course, everyone's busy enough that no one wants to double check.

That's exactly what sammers are counting on with a recent ploy targeting business owners and other people who prepare tax forms.

In this scheme, the scammer sends an email claiming to be a hired company or someone from the IRS. They claim to be in need of duplicate copies of W-2 forms. An overworked clerk doesn’t want an earful from the boss or may fear they are out of compliance with the tax authority, so they send the forms along with little questioning.

Unfortunately, those forms contain a lot of personally identifiable information. The W-2 includes a name, an address and a Social Security number. With that information, fraudsters can open fake credit cards and apply for other loans. They can also file a fraudulent tax return in an attempt to grab a refund check. In short, your W-2 in the wrong hands can mean serious trouble.

What to do if you’re targeted

While the scam was originally directed at HR professionals and others at large corporations, scammers have broadened their net to include school districts, tribal councils, not-for-profits and small businesses.  If you prepare W-2s for employees as part of your job or as a small business owner, be on the lookout for these fake emails. Here’s the sample text from one such message:

“ATTN: Due to some complains (sic) we had concerning the W-2 mismatch, We advice (sic) you to send your 2015 filled W-2 form in (PDF) format for confirmation.”

Notice the strange abbreviations, the spelling and grammar errors, and the poor punctuation. All of these are signs that this is not the professional work of the IRS.

You may also get a message that looks like it’s from a boss or CEO asking for similar information. Watch for the same errors in spelling and grammar. It’s always worth confirming these requests in another message. Also look out for emails from former employees. Scammers may be relying on outdated information.

W-2 security is a pretty big deal. If someone really needs another copy, the safest option is to mail it to the address listed on the form. While email is generally a secure way to communicate, it’s not fully secure and you may not have assurance that the email is correct or uncompromised. There’s no sense taking chances with sensitive information. It’s also very unlikely that someone would need duplicate copies of ALL W-2s. Be suspicious of any such request.

If your information has been compromised

If you fear your information has been unwittingly released by your employer, don’t panic. There are three steps for minimizing the impact that this data breach can have on your life. Your first step should be a call to one of the major credit bureaus: Experian, Equifax or TransUnion. Ask them to put a fraud alert on your account. This will force anyone who wants to issue credit in your name to verify that you’re actually the one asking for it first.

Next, order a copy of your credit report. This will show all the accounts that are open in your name. If you see anything you don’t recognize, call the company and immediately close the account. Also, review statements for the accounts you do have. Check for charges you don’t recognize. If you see any, call the issuing institution and shut down the account. Telling them there’s fraud as soon as possible will limit your liability.

Third, file a complaint with the Federal Trade Commission (FTC) at This will create a fraud affidavit, a document certifying that fraud occurred. This will help you when it comes time to file a police report and take additional steps.

It’s also worth filing your taxes as soon as possible. If a thief tries to file a tax return using your information after you have already done so, the IRS will be alerted to the fraud and thus prevent further damage from occurring. Filing early will ensure that a complete and accurate return is available to investigators who would be looking into possible fraud.

It Costs How Much to Get Married?!

According to a new report by a leading wedding magazine, The Knot, the average American wedding cost has eclipsed $35,000. That’s more than half of the yearly median income! Most of that spending isn’t on lavish luxuries for bride and groom – it comes from the guest list. Couples are inviting more people and doing more for them, trying to create an unforgettable experience for their loved ones.