AolHack

Twitter is afire with AOLHack talk

Something has gone horribly wrong with AOL email, and here’s what you need to know.

1) If you get an email from an AOL.com email address, treat it as toxic – even if it appears to comes from a friend.

2) If you have, or had, and AOL email account, know that your address book may have been stolen by a hacker

3) How many meaningful emails do you get every day from AOL users anyway?

Sign up for Bob Sullivan’s free email newsletter.

Users have been complaining for a few days that rogue email is being sent from their accounts to friends and others in their address book. The emails are traditional phishing attempts, urging recipients to click on a booby-trapped link, like this: “Have you already seen it?” followed up a link to a hacker site.

Of course, because the email arrives seemingly from someone you know, it’s more tempting than a random hacker email.

On Monday evening, AOL confirmed there was an problem, but issued only a vague statement.  Customer service agents are directing people towards this page, and telling customers to change their passwords. While that’s not a bad idea, it doesn’t seem to be stopping the spam. Reading the tea leaves, here’s what seems to be happening:

A computer criminal has obtained a large number of AOL user address books. It’s very hard to guess how many, but judging from the Twitter chatter, it’s certainly substantial.  That criminal is then using their address to send out “spoofed” emails with fake headers that make them appear to come from an AOL account. It’s not unlike sending an old-fashioned letter to someone and putting a fake return address on it so they think it’s from someone else.

Spoofing is a pretty common technique, and there’s really nothing you can do to stop it. Sometimes you’ll find out it’s happening because you’ll receive a number of email rejection notices in your inbox — if a spammer uses your address to sent a note to an address that’s no longer functional, the message will bounce back to you.  But it’s certainly possible to be the victim of spoofing and never know.

House ad 450w

If this operating theory is correct, there’s not much you can do to stop it, other than avoid clicking on links in AOL mail. Victims of this hack say that changing their passwords has not stopped the spoofing, which would be consistent with this theory of events.  The solution won’t even lie within AOL, once it has confirmed criminals are no longer able to access user address books. Eventually, spam-fighting engines around the globe will have to be updated to stop the flow of these emails to recipients.

Sign up for Bob Sullivan’s free email newsletter.

 

 

{ 5 comments }

Composite from my gmail

Composite from my gmail

I received an unexpected email from a friend today with a Google doc attachment.  It was a friendly note, so friendly that I did consider clicking on it — even with about 20 years experience watching all manner of hacker tricks.  Fortunately, I stopped and asked a simple question, which is almost always enough to separate real email from phishing attacks.

“Did you mean to send me a document?”

I’ve done this 100 times, and I’ve nearly always received a, “Oh no, I must have been hacked” response. Today, however, was different. That’s why I’m nervous for you.

“Yes, I sent it myself…,” was the response I got from my friend’s email account. “Log in to view the document.”

Whoa.  Knowing my friend as I do, I could tell this was not written in her chatty style.  But outside of that language analysis and my already raised eyebrows, I might have clicked.  So I persisted.

“How is the new home?” I asked, fishing for any sense that my friend was behind the email. Again, I expected that a hacker wouldn’t bother responding. After all, in a traditional phishing attack like this, it’s likely the bad guy sent out a million of these emails, just hoping to get 100 or so people to click and cough up their login credentials.

Seconds later, I got a response.

“Nice and lovely.”

Two email responses? This was getting interesting…and concerning.  I now had a pretty strong feeling that a computer criminal was behind the keyboard, but there was still a small chance it was my friend. So I did two things. You can try these two if you think you might be talking to a criminal.

House ad 450w

1) I contacted her on Facebook, borrowing from a technique called “out of band” authentication.  I used a different tool to communicate with her to ask  if the email was real.  Mind you, it’s possible that both my friend’s gmail and Facebook accounts were hacked, and the criminal could have “passed” this test. But it it at least a good start. If I’d had more time, I would have sent her a text message from my cell phone, and waited for a reply, which would genuinely qualify as “out of band” authentication

2) I devised a question that a hacker probably couldn’t answer.

“I’m coming to visit (your new city) soon. Remind me what neighborhood are you in?”

Then, the email fell silent. Again, this isn’t a perfect strategy: a very clever criminal could have hacked into her Facebook account and replied back with her new neighborhood (which, of course, I know).  But again, I’ve climbed up the ladder of authentication pretty easily, and also not said anything too offensive.

What does that mean? Many people fall for booby traps because they are simply too polite to say, “That doesn’t sound like you!”   Criminals rely on social conventions like these to trick us.  Such a statement might actually generate a reply like, “I can’t believe you said that. I’m really offended,” or similar.  Many people fall for that. So having  polite but informed banter is a good tool for situations like this.

Those details aside, I’m writing this up to share with you something that really concerns me.  It is incredibly labor intensive for a hacker to reply to notes like mine. That says one thing to me: Someone is trying awfully hard to trick you into surrendering your login information.  So watch out.

So what was going on? I’m pretty sure it was this. Users who click on the attachment are taken to a page that looks like Google docs, but it’s not, and are tricked into logging in to a page controlled by criminals, thereby giving up their Google credentials.

This is bad because a bad guy could send out emails in your name, but really, it’s much worse than that. Millions of people use Gmail as their password recovery tool, so when hacker gains access to it, s/he can often use it to hack other accounts. For example, they go to an online banking site, click on ‘I forgot my password,’ and have a password email reset link sent to your Gmail account. The problem can spiral pretty quickly.

My friend wrote an hour later or so to say she knew nothing about the emails, and a hacker must have broken in.  She’s in full recovery mode now. If this has happened to you, here’s Google’s instructions on what to do.

Meanwhile, NEVER click on a link to an attachment you don’t expect, even if it comes from a friend. And even if that “friend” asks you to click on it several times.  On the Internet, nobody knows you’re a dog.  And you don’t know if you’re talking to a hacker, either.

Sign up for Bob Sullivan’s free email newsletter. 

{ 0 comments }

Public Citizen (click for gallery)

Public Citizen (click for gallery)

In case you missed it during the holiday weekend, a set of consumers’ rights were killed off and then rose from the dead, all in the span of about three days.  While consumer advocates are declaring victory over the Cheerios fine print incident, there’s a bigger story you are probably missing: You, dear consumer. have already signs hundreds, if not thousands of “contracts” that contain the exact same provisions as ill-fated Cheerios/General Mills terms.

Verizon. Comcast. Match.com. Wells Fargo. Sallie Mae. Sony. Dell. I could could go on and on, but you get the point.  (If you want to go on and on, visit Citizen.org’s great rogues gallery of firms that require forced arbitration agreements.) Binding arbitration clauses that restrict lawsuits or ban class action cases are like a virus to consumer rights, infecting contracts one by one across the land.

They are simple to enact. Corporations put a piece of paper in front of you and make you sign it to get their service…or they hide a term under an “OK” button on a website … or in some cases they simply declare it so, without any interaction from consumers.  And suddenly, the consumer either cannot sue a company, or cannot join a class action lawsuit, or both.

Sign up for Bob Sullivan’s free email newsletter 

During the weekend, I shared the Cheerios saga with plenty of family and friends, and the response was universal: “That can’t be true!” “That would never hold up in court!” Au contraire, it has in fact help up in the highest court of the land. But let me pause here for a moment:

I write about outrageous things for a living, and one of the reasons I’ve concluded that outrages continue is that people just simply can’t believe such a thing is happening.  I tell them mutual fund fees are stealing one-third (or more!) the money they are saving for retirement in their 401(k) plans, and they don’t believe it (email me! I’ll prove it!). I used to tell them, “Send in your credit card bill one day late, and your interest rate could rise from 10 percent to 30 percent!” For a while no one believed that, either.  In some ways, this means that the more outrageous the behavior, the easier it is for corporations to get away with it. Things go on because no one believes them … until consumers have a personal experience with lost retirement funds, or interest rates, or lost rights.

This deeper truth is right there in General Mills apology, issued Saturday evening

“We never imagined this reaction. Similar terms are common in all sorts of consumer contracts,” the firm wrote in its non-apology apology.

We should thank the Cheerios maker for this: binding mandatory arbitration clauses have been infecting consumer contracts for years. Last week’s incident shined a large spotlight on a serious consumer issue that is often easy to miss, hidden as it in in fine print.  So now that General Mills has relented, why stop there? Consumers should be equally outraged by Verizon, Comast, Match.com and all the rest.  Spend a few moments today reading up on forced arbitration.  I’ll repeat myself, but it bears repeating: If arbitration were so great for consumers, companies would make it voluntary, not mandatory.  Here are some resources:

 

 

I’ll just make two important points:

1) Folks in favor of binding arbitration say it’s not mandatory. If you read that Heritage page, it claims that no one is ever forced to enter a contract.  That’s goofy: If you have only a few choices for cable TV, or cell phone service, or banking, and every one of them requires you to sign an arbitration agreement, then arbitration is forced on you.

2) It’s true class action cases are sometimes abused by lawyers, and that system needs reform.  But how do consumers fare in arbitration? Data is scant, because arbitration ruling are kept secret (unlike open court proceedings).  Public Citizen offers some scant data on outcomes, like this: ” California, National Arbitration Forum arbitrators handled more than 19,000 disputes involving credit card holders. The card holders prevailed only 4 percent of the time. The companies won 94 percent of the time.”

Corporations argue often that arbitration is more efficient that the traditional court system. Sure sounds like it.

Let’s not stop with Cheerios.

Sign up for Bob Sullivan’s free email newsletter 

 

 

 

 

{ 0 comments }

http://www.blog.generalmills.com

http://www.blog.generalmills.com

General Mills on Saturday reversed changes it recently made to terms and conditions that would have limited consumers’ ability to file lawsuits against the firm.  The move comes after a week of pounding in the public marketplace, which served a slice of humble pie to the firm and served as a lesson to American consumers about the ongoing creep of binding mandatory arbitration clauses.

“On behalf of our company and our brands, we would also like to apologize,” said Kirstie Foster, director of External Communications for General Mills, in a post on the firm’s blog. “We’re sorry we even started down this path. And we do hope you’ll accept our apology. We also hope that you’ll continue to download product coupons, talk to us on social media, or look for recipes on our websites.”

The controversy began after a legal advocacy group named the American Association for Justice started poking journalists to write about a change in General Mills’ policy which ensnared users who downloaded coupons or signed up for emails from the firm. The change limited consumers’ ability to join class action lawsuits, and would have forced consumers to use arbitration to settle most disputes.  Such terms are increasingly common in standard form contracts that consumers sign with banks, cell phone providers, and a host of other companies. Critics say arbitration clauses are one-sided and favor only corporations.

General Mills stuck its foot in its mouth a second time last week while attempting to defend its change, saying consumers could opt out of the change — but this column exposed the fine print on the firm’s website which made that a half-hearted offer, showing consumers would be “re-opted-in” by receiving an email or downloading a coupon.

There is nothing half-hearted about Saturday’s retreat:

“We’ve reverted back to our prior terms. There’s no mention of arbitration, and the arbitration provisions we had posted were never enforced. Nor will they be. We stipulate for all purposes that our recent Legal Terms have been terminated, that the arbitration provisions are void, and that they are not, and never have been, of any legal effect. That last bit is from our lawyers,” GM says on its blog post announcing the change.

The firm did defend its original change again, however.

“We’ll just add that we never imagined this reaction. Similar terms are common in all sorts of consumer contracts, and arbitration clauses don’t cause anyone to waive a valid legal claim. They only specify a cost-effective means of resolving such matter,” it said.

To learn more about binding arbitration clauses, visit FairContracts.org

Sign up for Bob Sullivan’s free email newsletter.

 

 

 

{ 0 comments }

http://generalmills.com/Legal_Terms.aspx

http://generalmills.com/Legal_Terms.aspx

General Mills did the predictable thing today and, after refusing to answer questions from The New York Times, wrote a blog post criticizing the paper for getting the Cheerios story wrong yesterday. Feel free to believe the firm — and every other corporation — which tries to say that forcing consumers into binding arbitration and forbidding class action lawsuits is actually consumer friendly.  You’d be better off spending five minutes reading about binding arbitration and making up your own mind.

But in the company’s dismissive post about misinformation, it includes a heck of a Whopper.   If all this silly talk troubles you, writes PR rep Kristie Foster, you can simply wish it away!

“We also provide the opportunity to opt out. Just notify us by email of your wishes,” she writes.

Ah, if it were only as easy as wishing. Here’s what you have to do to opt out (as if anyone would do this).

NEW! Feeling stuck? Try Bob Sullivan’s 30-Day Getting Unstuck Challenge

“You may terminate this Agreement by providing us with written notice of your desire to do so by emailing us at legal.terms@genmills.com.  Please include your first and last name and the year in which you were born in the email.”

Meanwhile, even such emailed wishes, like boxed of Cheerios, have an expiration date. The opt out is only as good as your last coupon, or email.  General Mills fine print is a bit like a monster in a horror flick that can keep coming back to life again and again.  Most digital interactions with the company will put the “contract” terms back in force.

Any such termination will not be valid if you remain (at that time) a user or member or any of our sites or communities, a subscriber to any of our emails, or a participant in any sweepstakes, contest, or other General Mills offering where these terms have been presented.”

So you might wish to opt out of the arbitration clause, but if you wish to download copies of coupons for Cheerios…or any one of thousands of products you may not realize are General Mills…you are back in the group that’s forced into arbitration again.

As Sarah Jones of the American Association for Justice tells me, “As we read it, you can opt-out via email  but the second you take an action that triggers the arbitration clause you are opted right back in.”

The first comment on Foster’s column says this: “How does this language not mean precluded from suing? ‘ Please note we also have new Legal Terms which require all disputes related to the purchase or use of any General Mills product or service to be resolved through binding arbitration,” and there’s only one response at the moment: “I guess they think we’re all stupid.”  I’ll leave that up to you. But really, read up on forced arbitration.

You can start with my story yesterday, and visit the website FairContracts.org for plenty of details  Here’s a pretty even-handed post from the National Association of Attorneys General about it.  Yes, class action lawyers can and do abuse the system, sometimes rewarding themselves with million-dollar fees while impacted consumers only get a coupon or a check worth pennies.  But forcing all consumers to surrender their rights to sue because of these coupon settlements is throwing the baby out with the bathwater, and it’s also a misdirection tactic by corporations simply trying to take your rights. Don’t fall for it.

Sign up for Bob Sullivan’s free email newsletter

 

 

{ 0 comments }

Wikimedia Commons

Wikimedia Commons

Pope Francis is saying and doing all the right things. He’s eating meals with prisoners. He’s washing the feet of the disabled and the elderly. He’s living in a humble apartment and has rejected Vatican comforts. Imagine if someone nailed him to a cross for it?

Today is Good Friday, the day Christians commemorate the Crucifixion of Jesus Christ. It’s also the day I’m most proud to be a Catholic, and the one that most bleeds into the reasons I’m a journalist. But you don’t have to be Christian, or religious at all, to feel the deep wisdom of the day.

Jesus Christ was a rebel. He treated women, foreigners, lepers, the poor all as equals. In some ways, he treated those marginalized groups as superior to the powerful of his time. He embarrassed the power structure constantly, most of all hypocritical church leaders (a lesson we continually forget). For that, he was brutally murdered.

Today, in a world yearning for leaders who aren’t simply opportunists, Pope Francis is winning hearts and minds through the simplest of acts. He calls random people and wishes them happy holidays. He utters “Who am I to judge?” and an entire class of people finally feel respected. He sets up a commission to study the heinous act of pedophilia and puts women, and a victim, in positions of power.

Cynical observers — and don’t us Catholics deserve cynical observers — can say these are mainly words, and they are right. Unless these words and symbols are followed by actions, they will ultimately be meaningless. After all, talk is cheap. At least, today it is.

In Christ’s time, talk could get you killed. Imagine Pope Francis being hauled across Rome in a public spectacle, then nailed to a tree and allowed to bleed out before angry crowds for saying “love the poor.” That’s what happened to Christ, and its happened to a long list of heroes since Christ, too.

Christianity’s focus on this graphic, brutal event is unusual in the annals of world religions. While Easter and Christmas get the headlines, Good Friday provides the Great Lesson. Christ suffered for doing and saying the right things. Suffering, Christ seems to teach us, is a necessary part of justice. Christ doesn’t merely tell us to struggle, to fight, to feels the slings and arrows that come from critics. He lived it. He’s right there with us. He’s one of us.

Christianity doesn’t have a monopoly on struggle, of course. The first lesson of Buddhism is “life is suffering.” But Christianity’s emphasis on the pain of Christ, and on this singularly bloody and humiliating event, is a beautiful lesson and inspiration to all in the midst of struggle, religious or not.

Our time knows no shortage of struggle. Economic anxiety and overwork have led many Americans to crazy choices — 90-minute commutes, three jobs, mountains of student loans. All this anxiety can force people to do things they don’t feel comfortable with. I’ve often remarked that if workers didn’t participate in slimy hidden fee schemes and sales tactics, corporations couldn’t carry out their sinister Gotcha Capitalism tactics on us. If middle-class mortgage brokers refused to sell toxic mortgages to homebuyers, we wouldn’t have had a housing bubble.

While many workers feel they have to choice but to do these things to feed their families, others fight back. Next week, I will write the story of a telemarketer who walked out on his company when it started forcing employees to trick customers into buying timeshares. He just couldn’t take it. He may or may not be Christian — I have no idea, I didn’t ask — but he is now suffering for doing the right thing.

The promise of Good Friday is not that Christ takes suffering away, or somehow makes our lives easier. The promise is that our suffering will not be in vain.

On Good Friday, I often think about the good souls who have shared their stories with me, usually at great personal risk, because they wanted to help me expose some truth. Often, they have been publicly criticized, ostracized, and even fired. In the vast majority of cases, these were ordinary people who had nothing to gain other than a clean conscience and the usually vague sense that they’d done some good.

I’d go crazy if I didn’t believe that their suffering was not in vain. And whether or not they believe in Christ, or have even heard of Christianity, I know deep inside every one of them had a deep sense that it’s ok to suffer for some higher ideal, such as Justice or Truth. For me, the chance to celebrate this central tenet of humanity makes this a very Good Friday.

Sign up for Bob Sullivan’s free email newsletter. 

 

{ 0 comments }

Cheerios.com - but don't click! You'll lose your rights.

Cheerios.com – but don’t click! You’ll lose your rights.

Cheerios, Betty Crocker and Pillsbury might sound like the most American of American brands, but it sure sounds like Betty and friends hate America.

Perhaps you spotted a New York Times story today about consumers giving away their right to sue Big Brand companies if they do something as simple as download a coupon or like a page. In this case, the Big Brand company is General Mills, and it has now joined the long list of firms that are cajoling consumers into surrendering their right to sue by sneaking oppressive legal terms into every last corner of fine print. The good folks at the American Association of Justice alerted me to this on Monday, and I didn’t jump on the story right away because — well, what company hasn’t snuck binding abitration/class action prohibition language into standard form contracts?  I thought everybody knew you can’t really sue big corporations any more. The Supreme Court made that law of the land in 2011 with its chilling 5-4 ‘AT&T vs. Concepcion’ decision. 

Here’s how bad things are. Contracts, as you know them, require some basic things, including consent of the parties, right? WRONG!  After all, even the most sinister, cynical lawyer couldn’t argue that clicking like on a Facebook page signifies consent. So lawyers in this field have changed the word “consent” to “assent.” I’m not even sure I know what the word assent means. But I know it means you are screwed.

I spoke at a conference at Georgetown Law School two weeks ago devoted to this very topic, sponsored by Citizen Works and its super FairContracts.org project.  The list of big brains in the room was remarkable, including Deepak Gupta, the fine lawyer who argued for consumers (and lost) on the Concepcion case.  Ralph Nader spoke, too.  He suggested lawyers who have designed fine print that literally takes away citizens’ right to their day in court should be disciplined.  Others were more measured, though several lawyers repeatedly referred to the Supreme Court as “The Death Star.” Consumer lawyers who still find narrow topics in limited venues to file lawsuits are compared to the Rebel Alliance, hopping from planet to planet (state court to state court) to survive.

Sign up for Bob Sullivan’s free email newsletter. 

I’ve resisted getting into the nitty gritty of this discussion in this piece because the details really don’t matter much. Before, if a company wronged you, you could sue, now you can’t.  There are some exceptions and qualifiers, but that’s all you really need to know.

Just in case, for quick review: Concepcion made it permissible for companies to include language in “contracts” that ban consumers from filing class-action lawsuits against them, and generally forces them into an outside-the-court process called binding mandatory arbitration (or in some cases, small claims court).  This is important because when companies misbehave $30 at a time, there is really no way to get justice now. When large corporations misbehave in large-scale ways, only large-scale lawsuits involving groups of consumers can stop them.  Today, such class action lawsuits are all but illegal.

Some additional details about General Mills situation from the folks at AAJ:

“General Mills has quietly updated its electronic terms of service to include a forced arbitration clause that will eliminate many of its customers’ rights to hold General Mills accountable in court. The April 2 change means that people who purchase General Mills products with coupons, turn in box tops or even just visit their website won’t be able to bring the corporation to court – parents can’t hold anyone accountable if their child has an allergic reaction to a mislabeled product; individuals will be denied access to justice for chipping their tooth on a rock in the cereal; and if you find a dead mouse in the box and get any reimbursement from the corporation, you are prohibited from ever telling anyone about this disgusting discovery.”

Here’s what consumer lawyer Brad Shear thinks of this:

“General Mills new terms of service are very troubling.  It is suspect that a consumer may waive their legal rights by utilizing a digital platform that is not owned or controlled by General Mills.  I doubt a court of law would uphold these new terms of service in regards to platforms that General Mills does not own.  If these new terms of service were deemed legal every single company in the world would incorporate them and nobody would be able sue a company for negligence or bad acts.”

General Mills refused to talk to the New York Times about it — hey, General Mills doesn’t have to anything, right? — and instead emailed a reporter a blah-blah-blah statement about how efficient arbitration is.  Hey, if arbitration were so great, why don’t corporations make it voluntary instead of mandatory?

OK, back out of the weeds.  This is classic divide and conquer strategy.  While you weren’t paying attention, American corporations have invented an extra-legal process and eliminated your due process.  With the Supreme Court squarely on the side of corporations, there isn’t an easy fix. A new federal law banning mandatory arbitration would be nice, but it’s probably not happening. Laws banning specific unconscionable terms, such as requiring consumers to fly long distances to argue their cases,  would be nice.

At a bare minimum, our legal system has to invent a new word for what’s going on here, and it’s not “assent.”  When companies puts some words on a paper in an unreadable small font, that shouldn’t constitute a contract. It’s a lot more like a no parking sign you didn’t notice before you got a ticket.   Now ask yourself: When did General Mills, or AT&T, or any of these corporations become equal to your town government?

If you aren’t angry about this, you aren’t paying attention.  If you want to learn more, you can watch a webcast of the seminar, “Making the Fine Print Fair,” at Georgetown’s website.  I speak at the 7:44 mark of the video. In this case, I compare the shock of fine print that robs you of money or your rights to the Windows Blue Screen of Death. Our legal system has crashed. We need a new operating system.

Sign up for Bob Sullivan’s free email newsletter. 

 

 

 

 

{ 0 comments }

Consumers Union

Consumers Union

Smart phone theft is exploding nationally, but carriers this week promised to deploy a simple new technology that could soon render stolen phones useless.

Consumer Reports said Thursday 3.1 million consumers had their smartphones lifted during 2013, double the number of victims in 2012, according to its annual State of the Net survey. Another 1.4 million phones were lost and not recovered, the survey found.

All that theft has had state and federal legislators sniffing around the problem for some time, urging cell phone makers and carriers to implement a “kill switch” that would render a lost or stolen phone useless. That would  theoretically dry up the now-thriving market for stolen phones.   Carriers have resisted the solution for some time. Why would they do that? If you value each smartphone at $600, the market opportunity presented by 4.5 million lost and stolen phones is $2.7 billion.  That might have something to do with it.  There are also legitimate concerns about hackers wiping out phones as pranks, and about the customer service headache that will no doubt accompany implementation.

Sign up for Bob Sullivan’s free email newsletter. 

But in part under threat from a state law that could be passed as soon as next week in Minnesota,on Tuesday the industry announced the “Smartphone Anti-theft Voluntary Commitment.”  Carriers promise to implement a kill switch and remote data wiping for new phones manufactured after July  2015.

Meanwhile, we certainly shouldn’t blame carriers for the whole problem.  Consumers still don’t seem to realize how serious loss of a cell phone can be — at least until after they lose the phone. (And if you’ve ever been with someone who’s just lost a phone, you know about the hyperventilation, etc.) How do I know this? Look at this data on what consumers do (and don’t do) to protect their phones:

  • Set a screen lock with a 4-digit pin (36 percent) NOTE: Those who don’t are CRAZY
  • Backed up data to a computer or online (29 percent)
  • Installed software that can locate the phone (22 percent)
  • Installed an antivirus app (14 percent)
  • Used a PIN longer than 4 digits, a password, or unlock pattern (11 percent)
  • Installed software that can erase the contents of the smart phone (8 percent)
  • Used security features other than screen lock (e.g. encryption) (7 percent)
  • Took none of these security measures (34 percent)

Sign up for Bob Sullivan’s free email newsletter. CU cell 500 wide

 

 

{ 0 comments }

self-employment taxIf you are paying more than 20 percent of your income in federal taxes, you are doing it wrong.  That’s roughly what the Obamas pay every year — hey, at least it’s more than Mitt Romney. As you should know by now, Obama pays a lower real tax rate than his secretary, which is also true for Warren Buffett and most likely most affluent Americans.  When you use an electronic product to compute your taxes, you always have the change to see your effective tax rate.  If it’s higher than 20 percent, you should feel cheated, no? Particularly if you work for yourself, and your financial advisor has been warning you to put away 30 percent of all your earnings for taxes. In fact, Nancy Humphreys argues that self-employed people pay 25-43 percent tax rates!

(For a fun piece analyzing the IRS top 400 taxpayers, read this slightly dated post by tax truth-teller David Kay Johnston). Spoiler — one-quarter of the top 400 paid 15 percent or less in taxes).

This piece is not a whine, however: It’s a warning. Major changes are coming in the way Americans work, and pay taxes, and without sweeping reform, this new workforce is going to get crushed.

Sign up for Bob Sullivan’s free email newsletter. 

The numbers are a little squishy, but the trend is not: Tens of millions of Americans will begin working for themselves during this decade.  In a landmark report, Intuit guestimated that 40 percent of all U.S. workers will be classified as “contingent” workers by 2020. To you and me, that means freelancers — sole proprietors — or as I like to call them, onetrepreneurs.  And they are going to have a hell of a shock once they start paying taxes, because it’s not unfair to say onetrepreneurs pay double the taxes of traditional corporate workers.

Some of this trend is the result of opportunities born of the Internet (I put myself and my BobSullivan.net adventure into this category). Costs of all kinds are down, and economies of scale once limited to large corporations — such as distribution of news — are now available to individuals. Hooray!  This decade will see a surge in creativity among this group.

But that’s putting a brave face on it. The phrase “contingent workers” is really borne from the idea that many (U.S.) companies now enjoy the spoils of maintaining a flexible workforce. In other words, they don’t hire employees, they buy units of time, on an as-needed basis, from freelancers.  In many cases, workers wish they had full-time positions and the benefits that come with them, but only piece work is available. It’s certainly not like the dock work doled out daily to longshoremen, as depicted in the movie On the Waterfront, but it can be a stressful way to earn a living.

Then, there’s the taxes.

For starters, contingent workers paid via 1099s must pay estimated taxes during the year.  It’s the solo worker’s version of withholding. The IRS wants your money all year long, not just at the end of the year, so every quarter, freelancers must guess at their year’s tax liability and pay 25 percent to Uncle Sam. (The easiest way to do this is to set yourself up with an electronic account at the IRS. It’s a bit tedious, but worth it.)  States (and city) tax rules vary, but that may be a separate quarterly pain.

Financial advisers tell freelances to set aside 30 cents of every dollar earned to make sure they have enough these quarterly payments.  Wait: 30 percent?  Why? Self-employment tax.

Anyone who’s ever received a 1099 report for extra income knows about self-employment tax, which can feel like double taxation. But with millions of folks entering these ranks, it can’t be repeated enough: When you work for any employer, that firm pays Social Security and Medicare taxes right along with you.  When you work for yourself, you have to pay both halves of this tax, which can work out to about 15 percent. That’s 15 percent ABOVE your federal income tax rate.

One can certainly make the case that this is fair — each worker is responsible for contributing the same to these two services, which most people will receive benefits from at some point.  I’m not arguing that self-employment tax is unfair here.  But it is:

a) A shock, and will be a huge shock to contingent workers newly struggling to get by

b) A hassle and a burden, and a potential barrier to people who are considering the onetrepreneur life

If 40 percent of Americans are going to be freelancers by 2020, you don’t want to be in the 40th percentile.  The sooner you embrace the onetrepreneur reality, and the quicker you beat other workers to the space, the better off you will be.

Congress and the White House could do a lot to make this embrace easier.  Health care reform is a big step: Workers cite obtaining health care as a key barrier to starting their own small business.  But tax reform is a close second. Making life easier for sole proprietors to pay their fair share of taxes would be a big help. My suggestions:

*Set up a withholding scheme that feels like traditional withholding for workers paid via 1099.  Force companies that pay vendors to make withholding an option.  This would “feel” much better than paying quarterly estimated taxes.

*Self-employment tax should be graduated so lower and middle class workers pay less. Right now, the scale is actually tipped in favor of the rich. Because Social Security and Medicare taxes are income capped, sole proprietors (or those who earn substantial salaries in addition to freelance income) sometimes end up avoiding self-employment tax at all because they have already reached the cap. That’s backwards.

*Self-employment tax could come with amnesty, or a ramp-up feature, to make things easier on folks who set out on their own for the first few years.

Some analysts predict a coming  ”barbell economy,” with workers either sliding towards employment at huge corporations, like Walmart, or working for very small or solo companies. Few companies in the middle will remain.

Most of the good jobs will be on one side of that barbell, and I promise you, most of the innovation will be, too. If Congress wants to help the middle class and the future of America, it will consider reforming the self-employment tax — at least to make sure that contingent workers aren’t paying high tax rates than the president of the United States.

Sign up for Bob Sullivan’s free email newsletter. 

 

 

{ 0 comments }

Credit score releaseAmericans would gain free access to their credit scores and new rights to challenge errors that keep scores low under a bill introduced in the U.S. Senate on Wednesday.

The “Stop Errors in Credit Use and Reporting (SECURE) Act” is sponsored by Sens. Brian Schatz (D-Hawaii) and Sherrod Brown (D-Ohio). The legislation would force the credit industry to supply consumers with “access to meaningful credit scores free of charge annually.” It also would establish a national registry of credit reporting agents so that consumers know which companies are collecting and disseminating information about them; enhance consumer rights to fix credit report errors that lead to artificially low scores; and give consumers new legal rights to get redress from credit bureaus and banks that deny them credit based on errors.

Sign up for Bob Sullivan’s free email newsletter.

“Errors in a credit report can make the difference between whether someone can live the American Dream and buy a home or even get a job,” Schatz said.  “Whether you have good credit or not is determined by a dark ecosystem of companies that are not accountable to consumers. When the stakes are this high and your credit can affect whether you get a job or house, consumers deserve to be on a level playing field with banks.”

Consumers Union, which recently issued a report on the difficulty consumers face dealing with credit score and credit report errors, hailed the legislation.

Read the original version on this story on Credit.com

“Maintaining an accurate credit report is absolutely critical for consumers in today’s economy,” said Pamela Banks, policy counsel for Consumers Union.  “But too often, credit reports contain errors and those mistakes can mean higher interest rates on loans, pricier insurance premiums, and even missed job opportunities.  The SECURE Act provides a good framework for holding credit reporting agencies and creditors accountable for making sure credit reports are fair and accurate. Giving consumers free access to their credit score will help consumers know where they stand with lenders and others when it comes to their credit record.”

There is a new focus in Washington D.C. on credit scores and the possibility of giving consumers free access to them. In February, the Consumer Financial Protection Bureau called on the credit industry to voluntarily offer scores to consumers. The banking industry reaction to that suggestion was initially negative.

“There are a variety of ways banks work to educate their customers and help them make the right choices,” Ken Clayton, the American Bankers Association’s chief counsel, said at the time. “It seems inappropriate for a government agency to endorse one ‘good idea’ as a best practice and seek to impose it on everyone. … Attempts to dictate one result once again opens the bureau to criticism that it is picking winners and losers, and is overreaching in its efforts to micromanage the marketplace.”

The SECURE Act ratchets up the rhetoric on the idea considerably. The proposal leaves numerous questions unanswered, however. Chief among them: what credit scores would be free to consumers, how would they be delivered, and who would pay the cost?

Most consumers don’t have a single credit score, but rather dozens of proprietary scoresmaintained by various financial institutions. All are based on information in a consumer’s credit report, and many are based on the traditional FICO score invented by Fair Isaac. But providing any single credit score annually might not give consumers an accurate picture of their real ability to borrow in any given marketplace.

The CFPB called on credit card issuers to send credit scores to consumers through monthly bills. Consumers Union recommended that score be provided via the free annual credit report that consumers can now obtain at AnnualCreditReport.com, but only a fraction of Americans use the site today.  With either notion, there is a cost for companies involved.  They’d certainly face an increase in customer service calls, for example, from consumers with questions about the scores.

Still, there is considerable appetite among consumers to see their scores, and Consumers Union argues that access should be required by federal law.

“Consumers shouldn’t have such a hard time obtaining a reliable credit score,” said Maureen Mahoney, public policy fellow for Consumers Union.  “Congress should give all consumers the right to get the same credit scores used by lenders at no cost every year.  Free credit scores are especially important for those without bank accounts or credit cards who don’t qualify for current voluntary programs.”

Sign up for Bob Sullivan’s free email newsletter.

{ 0 comments }