Scam of the day – November 28, 2014 – Hotel Wifi threat

November 28, 2014 Posted by Steven Weisman, Esq.

A targeted threat against high level government and business leaders while staying in upscale hotels was exposed by security company Kaspersky Lab recently.  The attack starts with a breach of the particular hotel’s Wifi network and the installation of malware even before the targeted guest arrives at the hotel.  When the hotel guest connects to the hotel’s Wifi system by logging in using his last name and room number, the hackers are alerted and then send a pop-up alert regarding a necessary software update that needs to be clicked on and downloaded.   The pop-up looks legitimate.  In this particular group of targeted attacks, which Kaspersky has deemed “Darkhotel” the pop-up was for an update to Adobe Flash player, although it could be an update for any other program.  The pop-up of course is phony and when the unwary victim clicks on the link, he downloads malware that enables the hacker to steal information from the victim’s laptop or other device.  In this case, the information sought is for corporate espionage, but others using the same tactic could just as well use the technique to gather personal information for purposes of identity theft.

TIPS

You can never be sure of the security of Wifi whether it is at a coffee shop or a hotel.  A good option is to use a Virtual Private Network (VPN) to get an encrypted communication mode whenever you use Wifi.  It is important to be skeptical of any prompt to click on anything when you are on Wifi or anywhere else for that matter.  Don’t click on links in emails, text messages or pop-ups unless you have confirmed that they are legitimate.  In the case of software updates, it is a simple matter to check with the particular company at its website rather than click on a pop-up if you want to make sure that the update is legitimate.  Even if an update is being offered by the company, you are better off accessing it through their website rather than a pop-up which may be just a counterfeit pop-up sent to you by an identity thief.

Scam of the day – November 27, 2014 – Latest security updates from the Department of Homeland Security

November 27, 2014 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates includes many important updates and security patches to prevent serious problems including important security updates for Google Chrome and Apple tv.

TIPS

Here are the links to the latest Department of Homeland Security software updates and security patches: https://www.us-cert.gov/ncas/bulletins/SB14-328

Scam of the day – November 26, 2014 – Coca Cola sued for data breach

November 26, 2014 Posted by Steven Weisman, Esq.

Coca Cola has been sued in a class action filed on behalf of 74,000 employees whose personal information including Social Security numbers was compromised when 55 laptop computers containing unencrypted personal information was stolen from a bottling plant in Pennsylvania and its headquarters in Georgia.  In addition to not encrypting sensitive personal data maintained on portable laptop computers, the lawsuit also alleges that Coca Cola was slow in notifying affected employees that they were in danger of identity theft.  Some affected employees have apparently already become victims of identity theft as a result of this data breach.

TIPS

All computers including laptops containing personal information should be protected by strong passwords.  Particularly for laptops which are often taken out of corporate offices by employees, data should be encrypted, yet many companies and government agencies, including notoriously NASA which suffered multiple data breaches due to unencrypted laptops, fail to take this basic security precaution.  It is inexcusable and way too common.   As individuals, we are only as safe as the places with the weakest security that hold our personal information, which is why we need to be particularly vigilant in freezing our credit reports and regularly monitoring our credit card usage in order to protect ourselves from the negligence of others.

Scam of the day – November 25, 2014 – SEC halts trading of Ebola-related companies

November 25, 2014 Posted by Steven Weisman, Esq.

On November 20th, the Securities and Exchange Commission (SEC) suspended the trading of four companies that claim to be developing products or services related to the Ebola virus.  The SEC has the authority to suspend trading for ten days and prohibit the soliciting of investors when it believes that information about a company is either inaccurate or unreliable.  The four companies whose stock trading was suspended are Bravo Enterprises, Ltd., Immunotech Laboratories, Inc., Myriad Interactive Media, Inc. and Wholehealth Products Inc.  Scammers often exploit public interest in events that are particularly newsworthy to tout low-priced stocks, often called penny stocks whose price can be manipulated by scammers through a technique called pump and dump by which the scammers artificially pump up the value of the stock through rumors, emails, texts, faxes and social media and then sell the stock when the price has been artificially inflated, leaving other investors with large losses when the stock reverts to its more accurate price as the truth becomes known.

TIPS

Never invest in anything or any company that you do not truly understand.  Don’t fall prey to touting of stocks through social media or other communications that are difficult to verify.  Be wary of investments promised to provide a huge profit in little time with no risk.  Never buy stocks based on what is represented to you as “inside information.”  Not only is insider trading illegal, the promise of it is also a common lure by scammers to induce people into buying a stock without properly researching it.  Also, never buy a stock through unlicensed or unregistered brokers.

Scam of the day – November 23, 2014 – New Drupal security threat

November 23, 2014 Posted by Steven Weisman, Esq.

In my Scam of the day for for November 3rd I warned you about a major security flaw in Drupal software.  Many of you may not be familiar with Drupal, but website developers certainly are.  Drupal is a software company whose software is used by a billion websites to manage images, text and video on websites.  On October 15th, Drupal announced that it had discovered a major security flaw that could be exploited by hackers to not only steal data from targeted websites, but also to set up a backdoor application that would permit the hacker to return to retrieve more data.  All of this could be done without any indication that a hacking had occurred.  Most companies responded to Drupal’s announcement and its security update, however, according to Drupal, any website that did not download the Drupal security patch within seven hours of its October 15th announcement should assume that they have been hacked and their sensitive information compromised.  Drupal estimates that about 5% of the billion websites that use Dropal software did not install the necessary security patch in a timely fashion and although this number may seem small, this means that the number of affected websites that may have personal information on you and me is as high as twelve million websites.   Among the websites that did not promptly update their security was the website of the Indiana Department of Education which was hacked twice after failing to update its Drupal software.

TIPS

Part of the problem is that unlike many software companies that provide automatic updates for you to install, Drupal does not do so.  Many companies, to their own detriment are slow to install important security updates and this delay puts them and their customers in serious danger of identity theft and being scammed.  This is why here at Scamicide we provide security updates as they are announced.  The Drupal security problem is also a warning again to us all that we are only as secure as the companies and governmental agencies with which we do business with the least effective security.  Drupal has issued a new security warning with instructions as to how to correct security flaws in their software.  Here is a link you can trust to Drupal’s security warning https://www.drupal.org/SA-CORE-2014-006

Scam of the day – November 22, 2014 – FTC takes action against “free” credit score scams

November 22, 2014 Posted by Steven Weisman, Esq.

The Federal Trade Commission along with the Attorneys General of Illinois and Ohio has announced a settlement with three companies that marketed what the companies advertised as free credit scores and then billed the unsuspecting customers $29.95 per month for credit monitoring services that they neither wanted nor knew that they had ordered.  Under the terms of the settlement, the defendants will be refunding 22 million dollars to scammed customers.  The companies marketed their programs MyCreditHealth and ScoreSense through at least fifty websites and bought advertising on Google and Bing that would appear high on a list when consumers looked for “free credit reports.”  One of their misleading ads read “View your latest Credit Scores from All 3 Bureaus in 60  seconds for $0.”  In the fine print of their agreement, the companies were able to bill the consumers’ credit cards until the customers called to cancel their membership.  Even then, the companies, in many instances did not cancel the contract until after repeated calls.

TIPS

It is important to note that a credit report and a credit score are not the same thing.  Your credit report, which you have a right to a free annual copy of at each of the three major credit reporting agencies, Equifax, Transunion and Experian does not contain your FICO credit score which is derived from the information in your credit report and used by companies to measure your creditworthiness.  There are many companies that also promise free copies of your credit report only to do the same scam of charging you hidden monthly fees for additional services.  The only website to use for your free credit report is www.annualcreditreport.com.  You should also be wary of any company that offers something free and then asks for your credit card.  This is a red flag that what you are ordering is not free.  There are no websites that offer your actual FICO credit score at no charge although there are a number of websites including CreditKarma, CreditSesame and Quizzle that will provide a free approximation of your score sometimes called a FAKO score that can be helpful.

Scam of the day – November 21, 2014 – Online romance scam arrest

November 21, 2014 Posted by Steven Weisman, Esq.

Recently, Nigerian Kazeem Owonla was arrested and extradited to Indiana where he is facing charges for scamming an Indiana woman out of more than $100,000 in a romance scam.  The victim first met Owonla online in January of this year.  Owonla used the name John Tony Hagan in his communications with his Indiana victim who is thought to be one of a number of romance scam victims of Owonla that are still being investigated.  As is the typical situation in these scams, the apparent romance grew quickly and once his victim was hooked, Owonla started asking his victim for money for various purposes such as to pay for the cost of replacing stolen tools or to help him pay his employees when his own funds were stolen.  Somewhat ironically, although Owonla used the alias of John Tony Hagan, the photograph he supplied online was that of Montana Attorney General Tim Fox, a man who protects the citizens of Montana from such scams.

TIPS

There are many red flags to help you identify romance scams.  I describe many of them in detail in my book “The Truth About Avoiding Scams” which you can purchase from Amazon by clicking on the icon of the book at the right hand side of the page.  The most important thing to remember is to always be skeptical of anyone who falls in love with you quickly online without ever meeting you and early into the relationship needs you to wire money.  Here are a few other things to look for to help identify a romance scam.  Often their profile picture is stolen from a modeling website on the Internet.  If the picture looks too professional and the person looks too much like a model (or an attorney general), you should be wary.  Particular phrases, such as “Remember the distance or color does not matter, but love matters a lot in life” is a phrase that turns up in many romance scam emails.  Also be on the lookout for bad spelling and grammar as many of the romance scammers claim to be Americans, but are actually foreigners lying about where they are and who they are.  Of course you should be particularly concerned if someone falls in love with you almost immediately.  Often they will ask you to use a webcam, but will not use one themselves.  This is another red flag.  One thing you may do is ask them to take a picture of themselves holding up a sign with their name on it.  In addition, ask for a number of pictures because generally when the scammers are stealing pictures of models from websites, they do not have many photographs. Ask for the picture to be at a particular place that you designate to further test them.

Scam of the day – November 20, 2014 – Why are Nigerian email scams so absurd?

November 20, 2014 Posted by Steven Weisman, Esq.

Not all Nigerian email scams come from Nigeria although Nigeria is still a hub for this type of scam in which you are told that under some pretense you are to receive a huge amount of money for nothing.  Of course, once you correspond with the sender of the email, you soon learn that it takes payment after payment from you under various guises in order to receive the money and, of course, ultimately, you receive nothing, but the scammer has managed to trick you out of your money.  Here is a copy of such an email that I recently received:

“May God touch your heart as you read this message. I know this maybe a surprise to you but i want you to consider me as a friend because my mind choose you. My name is Waleed Hassan, a retired Oil Merchant from Tripoli, Libya. I am currently in a hospital suffering from the cancer of the lung as i write this message to you. I am a blessed man, but my life has been one of hardship and suffering because of bad health. suicide in my case is not the answer. I suffered the death of family and loved ones, due to the battle that went between the Gaddafi soldiers and the Independent Rebels in my country. My condition is really deteriorating and according to my doctors in all indication regards to medical analysis, it is quite obvious that i may not live for more than 2months. This is because the cancer has gotten to a very bad stage.

Presently I am contacting you because of the funds i lodge with the HSBC BANK when i was still working in England. I choosed from my mind to entrust this amount to a stranger and my mind choose you among different profiles that i have just viewed.

Once the money is transferred to you, i want you to keep 15% of the money for yourself and help me distribute the rest 85% to the street kids, charity organisations and different poor homes. The fund is currently with the HSBC BANK and upon my instruction, it will immediately be transferred to you. If you feel honoured to do the good work for me, Please kindly reply on my Private Email so i can further this with you: haswaled@gmail.com”

This email is typical of many others and filled with poor grammar and spelling errors and of course the story is utterly preposterous.  So who would possibly fall for this?  Only the truly gullible and that is the very strategy used by these scammers.  They do not want to waste their time on people who might eventually see through their scam so they make their plea as outrageous as possible so that if someone takes the bait, they are likely to be able to cheat that person out of their money.

TIPS

By now, we all know that no one is giving you something for nothing and even the most gullible among us must ask themselves, why they were singled out for such good fortune.  The answer is that this is a scam and the best thing you can do is to enjoy the humor of these emails, but never respond to them.

Scam of the day – November 19, 2014 – The twelve scams of Christmas

November 18, 2014 Posted by Steven Weisman, Esq.

It seems that the holiday season starts earlier and earlier each year so it certainly is not too early to warn you about some of the many scams that will be threatening your holidays if you are not careful.  As it says, in “Santa Claus is Coming to Town,” you better watch out.  My list of twelve scams of Christmas isn’t meant to be sung, but it is meant to provide an early warning of the fact that although every season is scam season, the holiday season is a particularly dangerous time of year for scams.  Here is my list of twelve scams of Christmas.  Over the next month I will be explaining them in detail here on Scamicide.

1.  Major data breach at retailers.

2.  Phony online shopping websites purporting to sell the latest toys and gadgets.

3.  Gift card scams.

4.  Delivery service scams.

5.  E greeting card scams.

6.  Phony charities.

7.  Puppy scams in which you are sold non-existent dogs.

8.  Phishing emails that appear to come from major retailers.

9.  Phony holiday vacation deals.

10. Phony holiday apps for your smartphone.

11. Phony holiday contests and lotteries.

12. Grandparent scam – holiday style.

TIPS

Although I will be explaining these scams in detail over the next month, here are a few major tips to keep in mind.

When shopping in a retail store, if you have the Apple iPay, use it.  It may not be perfect, but it is a great improvement over the magnetic stripe credit cards still used by almost all American retailers.   You also might want to consider getting a smart chip card from your credit card provider and using it at the stores such as WalMart which are switching to these safer credit cards well ahead of the October 2015 deadline to change over to the new cards.  Also remember not to use your debit card while retail shopping.  The consumer protection laws relating to debit card use are not as strong as those relating to fraudulent use of credit cards.  It is important to remember that there will be major data breaches at retail stores where we all shop and the hacked companies won’t be quick to discover that they have been hacked so carefully monitor on line your credit card’s usage more often than your monthly statement to be able to learn as quickly as possible if you have been victimized in a data breach.  Also, when shopping at a brick and mortar retail store, keep an eye on your credit card as it is processed by the sales clerk.  There will be more than a few seasonal, rogue employees who will have small electronic devices called skimmers that enable the sales clerk to run your card through this card reading skimmer to steal your credit card information before running the card through the store’s legitimate credit card processing equipment.

Here is a link to a column I wrote for USA Today that describes these holiday scams.  Within the column is another link to an additional column on the same subject.

http://www.usatoday.com/story/money/personalfinance/2014/11/22/holiday-scams-identity-theft/19340731/