Jan 29, 2022 | Blog, Data Breach
Cybercriminals Tampering With Quick Response (“QR”) Codes To Redirect Victims To Malicious Sites That Steal Login & Financial Information
A QR code is a square barcode that a smartphone camera can scan and read to provide quick access to a website, to prompt the download of an application, and to direct payment to an intended recipient. Businesses use QR codes legitimately to provide convenient contactless access and have used them more frequently during the COVID-19 pandemic. Cybercriminals, however, are taking advantage of this technology by directing QR code scans to malicious sites to steal victim data, embedding malware to gain access to the victim’s device, and redirecting payment for cybercriminal use.
Cybercriminals tamper with both digital and physical QR codes to replace legitimate codes with malicious codes. A victim scans what they think to be a legitimate code but the tampered code directs victims to a malicious site, which prompts them to enter login and financial information. Access to this victim information gives the cybercriminal the ability to potentially steal funds through victim accounts.
Malicious QR codes may also contain embedded malware, allowing a criminal to gain access to the victim’s mobile device and steal the victim’s location as well as personal and financial information. The cybercriminal can leverage the stolen financial information to withdraw funds from victim accounts.
Businesses and individuals also use QR codes to facilitate payment. A business provides customers with a QR code directing them to a site where they can complete a payment transaction, but a cybercriminal can replace the intended code with a tampered QR code and redirect the sender’s payment for cybercriminal use.
While QR codes are not malicious in nature, it is important to practice caution when entering financial information as well as providing payment through a site navigated to through a QR code. Law enforcement cannot guarantee the recovery of lost funds after transfer.
FBI Tips To Protect Yourself
- Once you scan a QR code, check the URL to make sure it is the intended site and looks authentic. A malicious domain name may be similar to the intended URL but with typos or a misplaced letter.
- Practice caution when entering login, personal, or financial information from a site navigated to from a QR code.
- If scanning a physical QR code, ensure the code has not been tampered with, such as with a sticker placed on top of the original code.
- Do not download an app from a QR code. Use your phone’s app store for a safer download.
- If you receive an email stating a payment failed from a company you recently made a purchase with and the company states you can only complete the payment through a QR code, call the company to verify. Locate the company’s phone number through a trusted site rather than a number provided in the email.
- Do not download a QR code scanner app. This increases your risk of downloading malware onto your device. Most phones have a built-in scanner through the camera app.
- If you receive a QR code that you believe to be from someone you know, reach out to them through a known number or address to verify that the code is from them.
- Avoid making payments through a site navigated to from a QR code. Instead, manually enter a known and trusted URL to complete the payment.
The FBI advises that if you believe you have been a victim of stolen funds from a tampered QR code, report the fraud to your local FBI field office at www.fbi.gov/contact-us/field-offices. The FBI also encourages victims to report fraudulent or suspicious activities to the FBI Internet Crime Complaint Center at www.ic3.gov.
Source: FBI/ic3.gov
Have You Been Harmed As A Result Of A Data Breach Or Malicious Cyber Activity?
Victims who have been harmed as the result of the illegal or unauthorized use of their personal information due to a data breach or other malicious cyber activity are encouraged to complete the form above on the right or e-mail [email protected] for a free, no-obligation evaluation of potential legal claims.
Jan 26, 2022 | Blog
CFPB Launches Initiative To Save Americans Billions In Junk Fees
The Consumer Financial Protection Bureau (“CFPB”) has launched an initiative to save households billions of dollars a year by reducing exploitative junk fees charged by banks and financial companies. The CFPB’s request is a chance for the public to share input that will help shape the agency’s rulemaking and guidance agenda, as well as its enforcement priorities in the coming months and years.
According to the CFPB, companies across the U.S. economy are increasingly charging inflated and back-end fees to households and families. This new “fee economy” distorts the U.S. free market system by concealing the true price of products from the competitive process. For example, hotels and concert venues advertise rates, only to add “resort fees” and “service fees” after the fact. And fees purportedly charged to cover individual expenses, like paperwork processing, can often greatly exceed the actual cost of that service.
The CFPB’s research has found several areas where back-end fees might obscure the true cost of a product and undermine a competitive market:
- In 2019, the major credit card companies charged over $14 billion each year in punitive late fees.
- In 2019, bank revenue from overdraft and non-sufficient funds (“NSF”) fees surpassed $15 billion .
The CFPB will strive to strengthen competition in consumer finance by using its authorities to reduce these kinds of junk fees. To craft rules, issue industry guidance, and focus supervision and enforcement resources to achieve this goal, the CFPB is seeking input from the public.
The CFPB is interested in hearing about people’s experiences with fees associated with their bank, credit union, prepaid or credit card account, mortgage, loan, or payment transfers, including:
- Fees for things people believed were covered by the baseline price of a product or service
- Unexpected fees for a product or service
- Fees that seemed too high for the purported service
- Fees where it was unclear why they were charged
The CFPB is also interested in hearing from small business owners, non-profit organizations, legal aid attorneys, academics and researchers, state and local government officials, and financial institutions, including small banks and credit unions.
Source: Consumerfinance.gov
If you believe you have been harmed due to fees you believed were covered by the baseline price of a product or service; unexpected fees for a product or service; fees that seemed too high for the purported service; or fees where it was unclear why they were charged, please contact Kehoe Law Firm, P.C. by completing the form above on the right or via [email protected] for a free, no-obligation evaluation of potential legal claims.
Jan 14, 2022 | Blog
The Consumer Financial Protection Bureau (“CFPB”) has released a bulletin reminding debt collectors and credit bureaus of their legal obligations in light of the “No Surprises Act,” which protects consumers from certain unexpected medical bills.
Companies that try to collect on medical bills that are prohibited by the No Surprises Act, or who furnish information to credit bureaus about such invalid debts, may face significant legal liability under the Fair Debt Collection Practices Act (“FDCPA”) and the Fair Credit Reporting Act (“FCRA”).
The CFPB’s bulletin advises credit bureaus that the accuracy and dispute obligations imposed by the FCRA apply with respect to debts stemming from charges that exceed the amount permitted by the No Surprises Act.
The CFPB will investigate claims and take action against companies that attempt to collect or report or furnish consumer information about debts stemming from charges that exceed the amounts permitted under the No Surprises Act.
The bulletin released on January 13, 2022 by the CFPB includes the following reminders to debt collectors, information furnishers, and credit bureaus:
Consumer financial protection law prohibits debt collectors from misrepresenting the character, amount, or legal status of any debt. This prohibition includes misrepresenting that a consumer must pay a debt stemming from a charge that exceeds the amount permitted by the No Surprises Act. In addition, debt collectors are also prohibited from using unfair or unconscionable means to collect or attempt to collect any debt, including the collection of any amount unless such amount is expressly authorized by the agreement creating the debt or permitted by law. Courts have emphasized that collecting an amount that exceeds what is owed would violate the prohibition on unfair or unconscionable debt collection practices.
Many debt collectors furnish information about unpaid medical debts to credit bureaus. Furnishers must have reasonable written policies and procedures regarding the accuracy and integrity of consumer information provided to credit bureaus. Credit bureaus preparing a consumer report must follow reasonable procedures to assure the maximum possible accuracy of information contained in the consumer report. Both credit bureaus and furnishers must conduct reasonable and timely investigations of consumer disputes to verify the accuracy of consumer information.
For furnishers and credit bureaus, the accuracy and dispute obligations imposed by federal consumer financial protection law apply with respect to debts stemming from charges that exceed the amount permitted by the No Surprises Act.
Source: Consumer Financial Protection Bureau
Consumers who believe they are victims of illegal debt collection or credit reporting practices are encouraged to contact Kehoe Law Firm, P.C. by completing the form above on the right or via [email protected] for a free, no-obligation evaluation of potential legal claims.
Jan 10, 2022 | Blog
The Securities and Exchange Commission has announced two awards totaling more than $4 million to whistleblowers who provided information and assistance in two separate covered actions.
In the first order, the SEC issued an award of approximately $2.6 million to one whistleblower. The whistleblower, who reported internally before reporting to the SEC, provided significant new information during an existing investigation that alerted SEC staff to misconduct occurring overseas, which would have been difficult to detect in the absence of the whistleblower’s information.
In the second order, the SEC issued approximately $1.5 million to joint whistleblowers who provided substantial ongoing assistance throughout the course of the investigation that led to the success of the covered action. The joint whistleblowers had multiple communications with SEC staff and provided information about key witnesses.
The SEC has awarded approximately $1.2 billion to 241 individuals since issuing its first award in 2012. All payments are made out of an investor protection fund established by Congress that is financed entirely through monetary sanctions paid to the SEC by securities law violators. No money has been taken or withheld from harmed investors to pay whistleblower awards. Whistleblowers may be eligible for an award when they voluntarily provide the SEC with original, timely, and credible information that leads to a successful enforcement action. Whistleblower awards can range from 10 percent to 30 percent of the money collected when the monetary sanctions exceed $1 million.
As set forth in the Dodd-Frank Act, the SEC protects the confidentiality of whistleblowers and does not disclose any information that could reveal a whistleblower’s identity.
Source: SEC.gov
Questions Or Concerns About Providing Information To The SEC About Securities Fraud?
If so, please know that Kehoe Law Firm’s legal team understands the issues associated with making the decision to voluntarily come forward with information about securities fraud or other wrongdoing. Moreover, the Firm’s legal staff has extensive experience investigating and prosecuting fraud, as well as interacting with sources of information, especially brave, honest individuals who are willing to expose fraud committed against the United States government.
If you have questions or concerns about voluntarily providing information as a whistleblower to the SEC regarding violations of the federal securities laws, including questions about whistleblower award eligibility or the form and manner in which the information is required to be provided to the SEC, please complete the form on the right or contact Kehoe Law Firm, P.C., [email protected].
If you prefer to speak privately with an attorney, please contact either Michael Yarnoff, Esq., [email protected], (215) 792-6676, Ext. 804, or John Kehoe, Esq., [email protected], (215) 792-6676, Ext. 801.
Jan 10, 2022 | Blog
FTC Report To Congress Finds There Is Little Evidence To Support Manufacturers’ Justifications For Repair Restrictions
In a new report to Congress, the Federal Trade Commission (“FTC”) identified numerous types of repair restrictions, such as using adhesives that make parts difficult to replace, limiting the availability of spare parts, and making diagnostic software unavailable.
The report’s findings, including that “there is scant evidence to support manufacturers’ justifications for repair restrictions,” are primarily based on responses to the FTC’s requests for public comments and empirical research issued in connection with its July 2019 workshop, “Nixing the Fix: A Workshop on Repair Restrictions.”
Congress directed the FTC to issue the report, noting that it “is aware of the FTC’s ongoing review of how manufacturers – in particular mobile phone and car manufacturers – may limit repairs by consumers and repair shops, and how those limitations may increase costs, limit choice, and impact consumers’ rights under the Magnuson-Moss Warranty Act.”
The Anti-Tying Provision Of The Magnuson-Moss Warranty Act (“MMWA”)
The MMWA is a consumer protection law passed in 1975 to clarify how written warranties may be used when marketing products to consumers.
The MMWA requires warrantors of consumer products to provide consumers with detailed information about warranty coverage.
Section 102(c) of the MMWA, known as the anti-tying provision, prohibits warrantors from conditioning warranty coverage on the consumer’s use of an article or service identified by brand, trade, or corporate name, unless the warrantor provides that article or service without charge or the warrantor has received a waiver from the FTC.
This provision, for example, bars an automobile manufacturer from voiding a warranty if a consumer has scheduled maintenance performed by someone other than the dealer, prohibits a printer manufacturer from conditioning its warranty on the purchaser’s use of the manufacturer’s branded ink, and forbids a smartphone manufacturer from voiding a warranty when a consumer has a new battery installed at a kiosk at the mall.
Essentially, the anti-tying provision bars manufacturers from using access to warranty coverage as a way of obstructing consumers’ ability to have their consumer products maintained or repaired using third-party replacement parts and independent repair shops.
Companies may seek a waiver of this prohibition if: (1) the warrantor satisfies the FTC that the manufacturers’ parts or services are necessary for the product to function, and (2) the waiver is in the public interest. Since 1975, only three waiver requests have been made to the FTC, all of which were denied.
Types Of Repair Restrictions
There are certain manufacturer practices that “right to repair” advocates assert have the effect of limiting consumer repair choices.
Repair restrictions discussed at the FTC’s July 2019 Workshop on Repair Restrictions generally fall into eight categories:
1) Physical restrictions; 2) Unavailability of parts, repair manuals, and diagnostic software and tools; 3) Designs that make independent repairs less safe; Telematics (i.e., information on the operation and status of a vehicle that is collected by a system contained in the vehicle and wirelessly relayed to a central location, often the manufacturer or dealer of the vehicle); 4) Application of patent rights and enforcement of trademarks; 5) Disparagement of non-OEM parts and independent repair; 6) Software locks; 7) Digital Rights Management and Technical Protection Measures; and 8) End User License Agreements.
Source: Federal Trade Commission
If you feel that you have been prevented or obstructed from having a consumer product repaired using third-party replacement parts or independent repair shops or facilities, or that your warranty was voided, or will be voided, because of independent repair, please complete the form on the right or e-mail [email protected] for a free, no-obligation evaluation of potential legal claims.
Jan 9, 2022 | Blog
The Securities and Exchange Commission recently announced an award of more than $13 million to a whistleblower whose information and assistance prompted the opening of an investigation and significantly contributed to the success of an SEC enforcement action.
The whistleblower promptly alerted SEC staff to an ongoing fraud and provided extensive assistance to SEC staff by meeting in person and helping the staff understand the mechanics of the fraudulent scheme. The whistleblower’s information also helped the SEC obtain emergency relief to minimize investor losses.
The SEC has awarded approximately $1.2 billion to 238 individuals since issuing its first award in 2012. All payments are made out of an investor protection fund established by Congress that is financed entirely through monetary sanctions paid to the SEC by securities law violators. No money has been taken or withheld from harmed investors to pay whistleblower awards. Whistleblowers may be eligible for an award when they voluntarily provide the SEC with original, timely, and credible information that leads to a successful enforcement action. Whistleblower awards can range from 10 percent to 30 percent of the money collected when the monetary sanctions exceed $1 million.
As set forth in the Dodd-Frank Act, the SEC protects the confidentiality of whistleblowers and does not disclose any information that could reveal a whistleblower’s identity.
Source: SEC.gov
Questions Or Concerns About Providing Information To The SEC About Securities Fraud?
If so, please know that Kehoe Law Firm’s legal team understands the issues associated with making the difficult decision to voluntarily come forward with information about securities fraud or other wrongdoing. Moreover, the Firm’s legal staff has extensive experience investigating and prosecuting fraud, as well as interacting with sources of information, especially brave, honest individuals who are willing to expose fraud committed against the United States government.
If you have questions or concerns about voluntarily providing information as a whistleblower to the SEC regarding violations of the federal securities laws, including questions about whistleblower award eligibility or the form and manner in which the information is required to be provided to the SEC, please complete the form on the right or contact Kehoe Law Firm, P.C., [email protected].
If you prefer to speak privately with an attorney, please contact either Michael Yarnoff, Esq., [email protected], (215) 792-6676, Ext. 804, or John Kehoe, Esq., [email protected], (215) 792-6676, Ext. 801.
