The Federal Trade Commission (FTC) can now go after scammers posing as tech support providers even if it's the consumer who called them up. It has just approved amendments to its Telemarketing Sales Rule that expands its coverage to include "inbound" calls to companies pitching "technical support services through advertisements or direct mail solicitations." Samuel Levine, Director of the FTC's Bureau of Consumer Protection, explained that the new rule will allow the agency to hold these scammy businesses accountable and to get money back for the victims. 

"The Commission will not sit idle as older consumers continue to report tech support scams as a leading driver of fraud losses," Levine also said, because the rule's expansion would mostly help protect consumers 60 years and older. According to the agency, older adults reported losing $175 million to tech support scams in 2023 and were five times more likely to fall for them than younger consumers. 

Tech support scams typically trick potential victims into calling them by sending them emails or triggering pop-up alerts claiming that their computer has been infected with malware. Scammers then ask their targets to pay for their supposed services by wiring them money, by putting money in gift or prepaid cars or by sending them cryptocurrency coins, because those methods can be hard to trace and reverse. They've long been a problem in the US — the agency shut down two massive Florida-based telemarketing operations that had scammed victims out of $120 million in total way back in 2014 — but the issue has been growing worse over time. The $175 million victims reported losing in 2023 was 10 percent higher than the reported losses to tech support scams in 2022. 

As the FTC notes, the Telemarketing Sales Rule has been updated several times since the year 2000 before this latest amendment. The first amendment in 2003 led to the creation of the Do Not Call Registry for telemarketers, while subsequent changes were made to cover pre-recorded telemarketing calls and debt collection services.

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/ftc-expands-rules-to-hold-tech-support-scammers-accountable-143051612.html?src=rss

The Federal Trade Commission has published a report that aims to warn people about Bitcoin ATM (or BTM) scams, which have apparently increased tenfold from 2020 to 2023. Americans had lost $65 million to fraud losses involving BTMs within the first six months of this year alone, and the actual amount may be a lot more than that, since most scams go unreported. Further, losses due to BTM scams have been exceptionally high, with people reporting a median loss of $10,000 over the past six months. 

In most of the BTM scams reported, the bad actors impersonated government and business entities, as well as tech support representatives. Almost half of the instances reported started with a phone call, though some victims were fooled by fake security warnings from online ads, pop-ups and emails from scammers pretending to be from Microsoft or Apple. 

Some scammers pretend to be government agents or employees from utility providers, for instance, and tell people that they have to settle their bills by paying through a nearby BTM. Others pretend to be feds or bank agents and scare would-be victims into believing that their accounts are being targeted by hackers, so they have to transfer their money to a "secure account." Those are just some examples of how the bad actors can fool their victims. 

According to the commission's warning, scammers tend to send their targets to specific BTM locations, showing that they prefer some operators over others. Those preferences have changed over time, though, likely due to the fraud prevention measures crypto companies introduce to their systems. Whatever operator the scammer chooses, they send QR codes to their victims, since BTMs typically require depositors to scan one linked to the recipient's account. Those QR codes, of course, send money straight to the scammers' wallets. 

As you can guess, most of the BTM scam victims are older people. The FTC says $46 million of the total losses involving BTMs in the first half of 2024 — that's 71 percent of the overall amount — came from people over 60. If you take BTMs out of the equation, most of the losses from cryptocurrency fraud were reported by people between 18 and 59 years old who fell victim to fake investment opportunities. 

If you have an older person in your life, it's best to warn them about potential BTM scams before they get targeted, because recovering the money they lose from these schemes would most likely be impossible. In addition, it may be time for all BTM operators, as well as the supermarkets, convenience stores and other locations where the machines are installed, to post warnings next to BTMs about these scams. 

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/bitcoin-atm-scams-have-cost-americans-over-10-million-per-month-this-year-140031675.html?src=rss

A data dump that contains 2.7 billion records of personal information for people living in the US, including their Social Security Numbers, have recently been leaked online. The data dump's contents were linked to National Public Data, a company that scrapes information from non-public sources and sells it for background checks. Now, the company has confirmed that it did have "a data security incident" wherein people's names, emails, addresses, phone numbers, social security numbers and mailing addresses had been stolen. 

National Public Data's wording in its Security Incident report is a bit a vague and convoluted, but it did blame the security breach on a third-party bad actor. It said that the bad actor "was trying to hack into data in late December 2023" and that "potential leaks of certain data" took place in April 2024 and summer 2024, indicating that the hacker had successfully infiltrated its system. In April, a threat actor known as USDoD tried to sell 2.9 billion records of people living in the US, UK and Canada for $3.5 million. It claimed that it stole the information from National Public Data. Since then, the records have been leaked in chunks online with the more recent one being more comprehensive and containing more sensitive information. 

The company said it worked with law enforcement to review potentially affected records and will "try to notify" individuals "if there are further significant developments applicable" to them. It also said that it published the notice so that those who were potentially affected can take action. The company is advising people to monitor their financial accounts for fraudulent transactions, and it's also encouraging them to get free credit reports and to put a fraud alert on their file. 

The National Public Data is already facing a proposed class action lawsuit that was filed in early August by a plaintiff who received a notification from their identity theft protection service that their personal information was posted on the dark web. They argued that the company failed "to properly secure and safeguard the personally identifiable information that it collected and maintained as part of its regular business practices." 

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/national-public-data-confirms-breach-that-exposed-americans-social-security-numbers-100046695.html?src=rss