Snippets issue highlights SIM card replacement trick and overpriced bullion sales: Internet Scambusters #704
Is someone else assuming your identity via a cell phone?
They could be, if they had enough information to trick your service provider into issuing them with a replacement SIM card, as we explain in this week's Snippets issue.
We also have warnings about overpriced precious metals and a little known security vulnerability in networked printers.
Let's get started...
SIM Card, Precious Metals and Printer Security Alerts
We tend to give little thought to those gold-colored miniature SIM cards that connect us with our cell phone network providers, as long as they're doing their job.
But beware! Scammers have recently been giving them plenty of thought.
That small card contains a mountain of data about you as well as being the key to making calls and, increasingly, to making mobile payments so it can be like real gold in the wrong hands.
Using stolen personal information culled from the Internet and underworld sources, scammers piece together information about individuals and their phone network provider.
Then, they contact the phone company and ask for a replacement SIM card to be sent to them.
The card, of course, is programmed with the victims' identities and other details. Once the crooks activate it, they can assume your digital identity, making purchases and calls in your name.
Dell security expert Keith Jarvis, who recently raised the alarm on this issue, told an Atlanta TV station: "They essentially have your phone number and can impersonate you through your phone."
The solution, he says, is to implement the security-vetting procedures available from most phone companies that require additional information before replacement SIM cards are issued.
For instance, many cell companies issue PIN codes that have to be used when requesting a new card. Contact them to ensure you're protected.
Similarly, many card issuers and digital payment handlers can require users to provide a PIN to complete a mobile transaction. Make sure you use these if available -- but don't store them on your phone!
Do The Math
Talking of gold, have you been seeing ads in your local newspaper recently offering precious metals at seemingly great prices?
The ads virtually shout out loud to you about what a great deal these represent -- and, indeed, some of them do sell (or even buy) at good prices. But not all of them.
Just because a full-page ad is dressed up with all kinds of clever words, images of coins, metal bars and dollar bills, and copious exclamation points, doesn't mean that you'll be getting the best deal.
Often, bullion sellers hype up their sales by implying their coins or metal bars are only available in limited quantity or in a few selected states and that their release is being strictly controlled by the issuing "mint," which, you might be led to believe, was a government agency.
And, of course, they claim that while others have been paying a much higher price for the same product, you, the reader, can get it for, say, half price.
There's not necessarily anything illegal about all this hype, but it's easy for the unwary investor to assume the price is right.
Before taking the plunge, you need to do the math.
For example, in one recent example, a newspaper ad, dressed up to look almost like a news story, offered silver bars to readers for $57 when, the ad said, people who didn't respond to the offer would have to pay $134.
But if readers were to check the weight of the bar and then check it with a reputable bullion dealer, they'd have discovered that the same amount of silver was available for $18!
And the actual market trading price of the relevant amount of silver at the time was just $15.30 per ounce.
Remember this if you're ever tempted by one of these ads. Do the math and read the small print in the ad so you know who you're really dealing with and whether the price really is right!
Networked Printers at Risk?
Finally, we want to return to the subject of security risks relating to something you'd never suspect -- this time, your network-connected printer.
Some manufacturers offer a service that enables you to print a document remotely -- that is, via the Internet, when you're away from your desk.
Users get a special email address. When they or someone else who has the address emails a document to this address, it spews out on the networked printer.
Very convenient. But what if you subsequently sell or give the printer to someone else?
It's possible that any documents subsequently sent to that same email address will appear on the old printer, wherever it is.
That's exactly what happened when Consumer Reports magazine tested the theory.
The publication calls on manufacturers to warn consumers about the risk and to add further security features to their products.
But in the meantime, it says, consumers should erase the settings on networked printers before disposing of them.
"This can universally be done by using a 'Reset to default' or similarly named process initiated through the control panel on the printer," the magazine explains.
"The other option -- and one that would still work if the user had already sold an insecure printer -- would be to log into the website for the account they established for remote printing, and 'remove' their printer from the account."
See the full report here: Lab Report: Connected Printers Have a Security Glitch.
Alert of the Week
Now that tax filing season has passed, expect a surge in phony IRS calls claiming you owe them money.
You'll know it's a scam because the IRS doesn't phone or email citizens to announce that they owe money.
If you want to hear what an IRS scam call sounds like, check out this recent NPR broadcast: A Real-Life Tax Scam: This Is What IRS Phone Fraud Sounds Like.
That's all for today -- we'll see you next week.