Another MSSC just asked me for my DL today, and Gigspot and ISS already have my SSN...just about every MSC asks for one's SSN and paypal email address, along with personal addresses, which are all routinely confirmed. My CPA just TOLD me to stop doing this, as it is big risk of personal data.....does anyone else have an opinon? Are we playing russian roulette with our 'hope' that our MSC's don't get hacked, or worse, sell our data?

I would wager that none sell data. Hacked, yes, I suppose that's possible But your bank/credit cards account info can be breached, emails, Instagram, employee info where you actually work, and more, so...

Like employers, they have to have this information to prove who we are and so we can get paid.

There's already been a MSC hack, we just don't know who it was because they haven't come forward and at this point, months after the hack, they probably won't.

Face it, your data is going to be stolen from somebody. My bank, my health care network, two credit card issuers and one MSC have all been hacked, and those are just the ones I know about. On two occasions I have gotten letters from my card issuers giving me new cards and saying somebody I did business with was breached.

I got an EIN to avoid giving out my SSN but there are valid reasons not to do that, as reported by some shoppers.

If you want to shop, you put your information out there, just like if you want to use the app or join the social media site you agree to the terms and conditions, or allow access to your camera, or whatever. We are all pinned like butterflies, and we agree to be. It is part of modern life, and it sucks, but it is what it is.

Pretty sure it was ISS, so therefore every MSC who had shops on their platform and had your data was compromised as well?

@JASFLALMT wrote:

Pretty sure it was ISS, so therefore every MSC who had shops on their platform and had your data was compromised as well?

No, it wasn't ISS. A lot of shoppers misread that message on Confero's site. A stolen database was run against ISS in an attempt to login to accounts and change the payment address, but ISS itself wasn't hacked. ISS said they were unsuccessful in gaining access to their database. There was a lot of confusion on the forum when this was last discussed. I posted and said change ALL of your shopping passwords if you want to be safe, because somebody's been hacked and we don't know who.

The hacked MSC has not come forward. I can absolutely, positively, 100% guarantee you that shopper data was stolen, that it is out there "in the wild", that at least a portion of the database has been used in at least one phishing email attempt, and that the name of the hacked MSC begins with letters N-Z . Of these things I am certain.

I'll just say again, change your passwords, at least for those MSCs beginning with N-Z.

@panama18 wrote:

that at least a portion of the database has been used in at least one phishing email attempt

2, unless you were counting my incident as the 1.

2 then. I didn't know you had an incident. I recently had one and that's what I was referring to.

Pretty standard....to have to give up DL & ssn, DOB, address, etc. I use one of the big credit monitoring services and have been dancing around the idea of having my credit FROZEN. They do it for free. It looks pretty easy to do, but I wonder how big of a deal would it be to unfreeze? Anyone have experience with that?

@panama18 wrote:

2 then. I didn't know you had an incident. I recently had one and that's what I was referring to.

Yeah. I posted it in the thread about the CVS/eBay gift card email scam as I assume the source of the email addresses were the same. The email stated they knew my password, and gave the password I use for MS companies, and tried to get $800 out of me.

However, this is the first I heard of iSS saying they were not hacked, but it makes perfect sense. With me, the password was a simple password I use only for MSCs, so we can also narrow it down to companies that do not require a complex password.

I missed that post. I got the CVS email but I didn't give any thought to where they got the address. It makes sense that it was from the stolen database, and if so then that is two directions the bad guys have come from. There's no telling how many crooks have bought all or part of that database or how many ways they'll try to use it. This is serious stuff. Hopefully they got only emails and passwords.

@panama18 wrote:

There's no telling how many crooks have bought all or part of that database or how many ways they'll try to use it.

Yep. I'm guessing that database has been sold at least a couple of times and will continue to be sold.

As far as I know, unless the MSC has specific shops that you want to perform, which require they have your drivers license, I do not provide mine.

I have not provided my drivers license to most of the MSCs that ask for it, yet am able to shop the clients that I am interested in. I might not be seeing some shops but do not care.

There are some client interactions where I understand protecting their employees makes sense by vetting shoppers more thoroughly.

@bgriffin wrote:

Yeah. I posted it in the thread about the CVS/eBay gift card email scam as I assume the source of the email addresses were the same. The email stated they knew my password, and gave the password I use for MS companies, and tried to get $800 out of me.

However, this is the first I heard of iSS saying they were not hacked, but it makes perfect sense. With me, the password was a simple password I use only for MSCs, so we can also narrow it down to companies that do not require a complex password.

Griff, is this the email where they want payment in Bitcoin??? I got one, and they wanted $1400 from me!! They said they videotaped me using the camera on my laptop.....my camera doesn't have a built in camera!!! So, that's where that email came from then??? From the MSC that got hacked???

Ha, I got that email too, and my desktop doesn't have a camera either...not like any of us are doing anything on our computers that would be worth videotaping.

@JASFLALMT wrote:

Ha, I got that email too, and my desktop doesn't have a camera either...not like any of us are doing anything on our computers that would be worth videotaping.

I have embarrassingly bad posture when I'm slouching at my computer. Otherwise... meh.

I must say that my posture is fine (raised by an AF Colonel father), although I have been known to eat at my computer sometimes and I might be taking obscenely large bites of food and talking to my husband while chewing (I would never do that at the dinner table). Oh, and I might occasionally fart when no one else is around.

Speak for yourself Jasflamt! I have been getting that email repeatedly for over 9 mos now and my demand was for thousands in Bitcoin. They even provided a link on how to purchase bitcoin for them which I did not click on. But their follow up emails to me all included the threat of sending all my contacts videos of me watching and making videos. The people most at risk are those who have compromised themselves by doing these sorts of videos, owing tons of back taxes to the IRS , never paying their utility bills and other things the threats might be about which would make them vulnerable to worry.
If you follow the simple advice everyone has to use a different password for each company you deal with, aside from driving you crazy with a thousand passwords, it will be a protection against hackers by them only being able to do a minimal amount of damage.
Unless you take yourself off all sites and never use a credit card including ones you never thought would be compromised you are at risk. Remember these...Target, UCLA, Anthem Blue Cross, Capitol One recently, Home Depot, T Mobile and many more.

@JASFLALMT wrote:

Ha, I got that email too, and my desktop doesn't have a camera either...not like any of us are doing anything on our computers that would be worth videotaping.

You don't have to shelter your life in a BOX! Use simple precautions, it's not hard. First, of all, monitor your credit from multiple sources, even if you don't actively use them. I use Capital One's Credit Wise and Experian the most. (https://www.experian.com ) this gives me access to two credit bureaus with an instant click of a mouse. I do not pay for any of it, yet. I also have Bankrate, Credit Sesame, Kredit Karma, all for free with email notifications. Secondly, Pay attention to downloads. If you don't use the "authorized site" for the download you will get "tag alongs". For Example, let's say you want to download the FireFox browser. If you see anything tag along, extra services you did not ask for uninstall everything and start over. Some of the sites look just like the real site making it difficult to recognize. Pay attention to the IP addresses. Just like Gmail. You get email's that look like they came from Gmail/Microsoft etc. but then you look at the address. The address does not match the company name then you know it's SPAM. Thirdly, devise a schedule and a list of passwords (do not STORE SAID LIST ONLINE on a device) Every year or two change the passwords to sensitive sites, like bank accounts, and credit cards. Some change them even more often than I do (as often as every three months) I don't, I have entirely too many sites. Every two years, order a new debit card with a new number. Same with your credit cards. The reason for this because it stops crazy auto-renewals that you know nothing about in addition to protecting you from unauthorized purchases. Finally, use PayPal or a similar site to make online purchases from unknown sites and whenever it's possible.
Please do not crawl into a box or hole and think that everyone is out to steal your information. I probably forgot some. Oh yea, I also lock cards that I know I will not be using for some reason. I have not paid to freeze my credit yet, but I will when I am in that position. (Even though I have a perfect payment record my score is not high because I have $35,000 worth of student loans on my credit).
Yes, Pay attention to the news. It will let you know when to be extra observant and extra cautious. I have Capital one. (recent breach of sorts). Most breaches that are reported don't obtain the "golden" data. It may obtain less secured information, (like an old mailing list). I got an email from Kellog's the other day saying that invalid password was entered too many times. I don't even remember setting up an account with Kellog's (yes the cereal company) (free coupons etc) but it says I set up the account two years ago so who knows. Maybe when I was trying to do those stupid surveys. But I used the link anyway logged in and checked to see if anyone had changed anything, or accessed anything and changed the password. I am not naive. I know someone ran a program to try and gain access to a "not so important" account that might give them information on someone they can use in a "more important" account.
Oh, and the MSP's are a business, a for-profit business with employees AND IC'S (independent contractors). They have to keep account of their expenses for the IRS, etc. especially if you make over $600 a year. So yes they do need your personal information. If they are talked about on this forum most likely they are a legitimate company. Simply cross-reference your list with the lists provided here on the forum. If you want to work under the table then this is not the job for you. I normally set them up to pay me with PayPal or a check until I get to know them, or have been paid on time a few times then I go to ACH (direct deposit) or investigate them here on the forum.

Edited 1 time(s). Last edit at 08/28/2019 06:55PM by F and L TeleComm.

Yes, that is the email. I believe if we all put together a list of possible MSCs we could narrow it down and figure out which MSC got hacked.

For instance the password that Panama had listed in their email was only used for certain MSCs. As was mine. I believe the two of us have likely figured out which company it is. But if a few others checked their list of possible MSCs it would be helpful.

I was hacked by my health care provider, credit card co. and the IRS. Health care had a group working for them, they were transferring information to Florida, they got caught. IRS, someone got our return, who knows, the IRS gave us a code to use so that it wouldn't happen again.
Those of you who give the credit card companies your mother's maiden name, school, etc. waste of time, anyone can get the information. Call your credit card company and tell them you want a code instead. I did this with all of my credit card companies. Be sure to write down the codes you give them. No one can get into your account without the code including you. Never had a problem with Mystery shopping companies.

Honny Brown. Not true. They do NOT need a photo of your DL. They do probably need your paypal or other payment address...maybe some even require a SSN. But they do NOT need any of that data to pay an IC under $600 per year..

Edited 1 time(s). Last edit at 08/29/2019 03:01PM by salisburync.

The IRS demands that they know where your expenses are. You can not just arbitrarily tell them I spent $500,000 in independent contractor fees. And if one IC receives over $600 the MSP is required to report that income. You as an IC are required to report ALL moneys earned otherwise its called "tax evasion" which is a federal crime. Why do you think they don't need a copy of your ID?? IF you go get a job with any company they will ask for a copy of your ID. I was an independent contractor for free government phones, during the onboarding process, all of them required proof of identification. This is standard practice.It's also used as proof of citizenship and the right to work in this country. Salisbury, NC

SalisburyNC, you have to pay taxes on any amounts you earn as an IC, even amounts under $600 (even though you will not receive a 1099 for lower amounts). It is a law that you report lesser amounts, even if you don't get the 1099.

Edited to make a correction.

@salisburync wrote:

They do probably need your paypal or other payment address...maybe some even require a SSN. But they do NOT need any of that data to pay an IC under $600 per year..

Edited 2 time(s). Last edit at 08/30/2019 12:22PM by JASFLALMT.

salisburync is actually correct. They don't need that information to pay you less than $600 a year. A business can pay anyone less than $600 a year without issuing a 1099. The reason 1099s are required are twofold. It's not just to make sure contractors pay taxes it's also there to make sure a business doesn't inflate expenses. Let's say Griffin's Widgets makes $100,000 a year in profit but doesn't want to pay taxes on that much. They could just drop a $50,000 payment to JASFLALMT in their accounting software and BOOM! Now they only have to pay taxes on $50,000. My LLC pays several people less than $600 a year without getting that information. Last year we had to fire our lawn care guy because he refused to send in the tax form and he was at $600. So yes, if an MSC pays you less than $600 a year they are not required to collect any personal information from you other than your name and address and that has nothing to do with a shopper trying to evade paying taxes on that information.

It seems to me that most employers would want to DOCUMENT monies paid to people. The individual may have earned under $600, but from a company standpoint if I have 1000 people who earned $599, then that's 599,000 of expenses that I have no proof that I paid out. Now If they collect that information at the very beginning of that relationship then when that person gets to 599 they don't have to fire that person like you did. Unless that person gives YOU a receipt for payment for services.

A check stub is all the documentation needed for payments under $600.

Some MSP's don't post the invoices for your checks. Maritz, TS you can go in and look at your check, and lists of checks. Even MF keeps payroll records on their page. CI all you get basically is your shop log of individual jobs I don't like that. I think there should be a link on that type of webpage to pull your invoice for your check. But that's just my opinion. I mention these four because I do the most work for them. I slacked off on companies that require longer reports, I still do them but just occasionally.

Hello, I'm a new shopper and when I went to register on the MaritzCx site it asks that I upload a photo of myself. so.....they would have my SS# and my photo. I didn't register because of the photo requirement, it this something just Maritz does? I registered with several other companies and no photo was required.

Several MSCs want photos. Some want a scan of your DL or Passport. It varies from one MSC to another.

@724PM wrote:

Hello, I'm a new shopper and when I went to register on the MaritzCx site it asks that I upload a photo of myself. so.....they would have my SS# and my photo. I didn't register because of the photo requirement, it this something just Maritz does? I registered with several other companies and no photo was required.