Scam of the day – December 18, 2014 – Latest Sony hacking developments

December 18, 2014 Posted by Steven Weisman, Esq.

The repercussions of the hacking of Sony continue to grow.  Although, it still has not been definitively determined that the North Korean government was behind the sophisticated hacking of Sony in retaliation for the release of the James Franco, Seth Rogen movie “The Interview” in which Franco and Rogen attempt to kill North Korean leader Kim Jong Un, forensic evidence appears to indicate that the hackers most likely had ties to the North Korean government.  Along with the release of embarrassing emails, released and unreleased movies and much financial information about Sony, the hackers have also threatened to release myriads of personal data of Sony employees that would be easily used to make those employees victims of identity theft.  Now in a recent communication, the hackers have threatened violence likened by the hackers to that of 9/11 at theaters showing the movie slated to open on Christmas day.

In an interesting development, in a headline the New York Daily News called Howard Stern an “idiot” for likening the Sony hacking to the attacks on the World Trade Center on September 11, 2001.  The Daily News’ headline could not be more ill timed as it was just a few hours later that the hackers threatened a 9/11 type attack on theaters.  In response, Sony has cancelled the Christmas opening of the film.  However, even beyond this threat of violence, Stern is correct in recognizing that just as the attack of 9/11 ushered in a new era of terrorist attacks, the attack on Sony could well be ushering in a new era of destructive cyberterrorism that, in fact, could have a devastating effect on world economies.

In a further development, two class action lawsuits have already been filed by former employees and present employees of Sony alleging, among other things, that Sony was extremely negligent in the protection of personal information thereby making them vulnerable to the hacking.

TIPS

The Sony hacking is just the latest example of the fact that despite your best efforts to protect your privacy and your personal information that in the wrong hands can be used to make you a victim of identity theft, you are only as secure as the government agencies and companies that have your information with the weakest security.  Therefore it is incumbent upon us all to both limit  the places that have our personal information as much as possible and to monitor our accounts and credit report regularly for indications of security breaches.

Scam of the day – December 17, 2014 – Afghan style Nigerian email scam

December 17, 2014 Posted by Steven Weisman, Esq.

Not all Nigerian email scams originate in Nigeria.  The long-time scam that has come to be known as the Nigerian email scam has many variations, but a common theme.  In the email you are promised something for nothing, however, once you respond to the plea which can be under the guise of a long lost deceased relative, a banker trying to send money out of the country or even, as this latest incarnation of the scam describes, helping to get money out of a war torn country, you soon learn that you need to send money for various purposes to facilitate the movement of the funds.  Of course, the money you send is lost and you receive nothing, but a lesson.

Here is a copy of the email I recently received.

“I am in the military unit here in Afghanistan,we have some amount of funds that we want to move out of the country.My partners and I need a good partner someone we can trust. It is risk free and legal. Reply to this email m.alanedward2@yahoo.cl

Regards,
Major. Alan Edward”

Although I only recently received this email, it has been circulating for at least two years.

TIPS

As I always say, “trust me, you can’t trust anyone.”  This email has scam written all over it.  Why are you being singled out to be blessed with such good fortune by an email that doesn’t even come with a salutation addressed to you by name?  Apparently it needs to be repeated, but if it looks too good to be true, it generally is.  Unfortunately, you still receive these emails because people still fall for these scams.  When you get such an email, the only thing you should do is get a good chuckle out of it and then delete it immediately.

Scam of the day – December 16, 2014 – Danger of smartwatch hacking

December 16, 2014 Posted by Steven Weisman, Esq.

Samsung’s Android smartwatches represent  the latest development in wearable technology.  These modern marvels will enable people to access the Internet and easily send and receive messages.  Unfortunately, they were not developed with a strong security component.   A six digit PIN is all that is needed to access the smartwatch and a nearby hacker can readily use a brute force attack by which large numbers of passwords flood the device until the correct password is found in order to gain access and control of the smartwatch and put your information in jeopardy thereby making you a potential victim of identity theft.

TIPS

Fortunately, with present technology the hacker would have to be relatively close to the victim to hack into the device, but this is of little consolation as hackers would be trolling for smartwatches in public places such as malls as the devices become more popular.  Samsung and the other smartwatch developers need to provide greater security protection, perhaps through a password or automatic encryption, however, at the moment these devices are in need of enhanced security before you can feel comfortable using them for anything of a personal nature.  As the entire “Internet of things” including smart refrigerators and cars, it becomes more important for the manufacturers of these things to pay more attention to our personal security.

Scam of the day – December 15, 2014 – FBI warns American businesses of Iranian hackers

December 15, 2014 Posted by Steven Weisman, Esq.

The FBI has sent out a confidential warning to American businesses about an imminent threat of hacking by Iranian hackers who may, or may not, be state sponsored.  The attack appears to be focused on the always vulnerable educational institutions as well as energy companies, airlines and defense contractors.  The FBI warning provides detailed technical information about the different types of malware used in the attack as well as information about techniques such as spear phishing that are being used by the hackers to enable their malware to be unwittingly downloaded on to the computer networks of the targeted companies.  Spear phishing, as you may remember is a technique whereby the victim receives a seemingly legitimate email message addressed to the victim by name that lures the victim into clicking on a link that downloads the malware used to attack the company.

TIPS

This particular Iranian hacking scheme may be the same one recently identified as Operation Cleaver by the security firm Cylance  recently that uncovered attacks on more than fifty companies in sixteen countries including the United States.  As for us as individuals, we need to recognize that regardless of how careful we are at protecting the security of our own personal information, that information, as seen in the recent Sony hacking is only as safe as the companies with the weakest security practices that hold our information.  Therefore, whenever possible you should limit the companies and governmental agencies that have your personal information.

Scam of the day – December 14, 2014 – CFPB stops student loan scams

December 14, 2014 Posted by Steven Weisman, Esq.

The Consumer Financial Protection Bureau (CFPB) announced that it is suing Student Loan Processing.US alleging it illegally marketed student loan debt relief services and in a separate action closed College Education Services for illegally marketing student loan debt relief services.   According to CFPB Director Richard Cordray, “Student loans are already a significant debt for many Americans…College Educations Services and Student Loan Processing.US added to that hardship by taking advantage of troubled borrowers and failing to describe their services honestly.”   College Education Services targeted students through ads and its websites CollegeDefaultedStudentLoan.com and HelpStudentLoanDefault.com where it falsely promised lower payments in return for advance payments that ranged between $195 and $2,500 although federal law requires that payments for such debt settlements not be paid for in advance.  Student Loan Processing US. charged its customers 1% of the loan balance or $250 in advance for its debt settlement services and falsely represented that it was affiliated with the U.S. Department of Education.  With Americans owing more than a trillion dollars in student loans, it is no surprise that scammers see this as a great opportunity to take advantage of desperate people.  I have warned you many times in the past about various student loan scammers.

TIPS

Two important things to remember are not to pay advance fees and not to provide your Federal Student Aid PIN to debt settlement companies.  Legitimate companies do not need your Federal Student Aid PIN to help you.  It is also important to note that help with student loans is available for free.  The best place to go if you are having difficulty with a student loan is directly to the servicer of the loan.  You can also find helpful information at StudentLoanBorrowerAssistance.org which is a website maintained by the National Consumer Law Center.  The United States Department of Education also has a lot of helpful information about student loan consolidation and other things you can do to reduce your payments at https://studentaid.ed.gov/repay-loans/consolidation.   You can also check out their Income-Based Repayment program and their Pay As You Earn program which are available at no cost to the borrower. The Department of Education also has a toll-free number where you can get helpful loan information at 1-800-4-FEDAID.

Scam of the day – December 13, 2014 – Unusual identity theft arrest

December 13, 2014 Posted by Steven Weisman, Esq.

It is not unusual for someone to steal another person’s identity and then use that person’s name to obtain credit or government benefits.  It is, however, quite unusual for someone to steal another person’s identity and then have the nerve to go to court to have the victim’s name changed legally to the name of the identity thief, but this is exactly what Ramon Perez-Rivera is accused of doing according to a federal court indictment in Kansas.  Perez-Rivera, an illegal immigrant, is accused in the indictment of stealing the identity of a man identified only as T.A.P in the indictment and using the victim’s Social Security number and identity to obtain food stamps and Medicaid benefits as well  as register to vote, get an American passport and a driver’s license in the name of the victim.  However, Perez-Rivera did not stop there.  According to prosecutors, Perez-Rivera filed a name change in 1996 in a California court and obtained a court order legally changing his name from the name of his victim to his actual name of Ramon Perez-Rivera.  This enabled him to have the victim’s Social Security number reassigned to his real name and even to have the victim’s birth certificate changed to reflect his real name.  It wasn’t until he tried to obtain Supplemental Security Income benefits through the Social Security Administration that his crimes were discovered.

TIPS

Your Social Security number is a key to identity theft.  Armed with a Social Security number of his victim, it is a relatively easy task for an identity thief to steal the identity of his victim so the first thing we should all be conscious of is to keep our Social Security number as safe as possible.  Don’t carry your Social Security card with you in your wallet or purse and limit the number of places to which you provide it to only those places that truly need this information.  Your doctor does not need your Social Security number although many ask for it.  In fact, with the medical industry in general more vulnerable to hackers than even the retail industry, providing your Social Security number to your physician is a dangerous thing to do.  The Social Security Administration sends each of us an annual accounting of our benefits and you should examine this carefully each year for evidence of identity theft.

Scam of the day – December 12, 2014 – Latest security updates

December 12, 2014 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates includes many important updates and security patches to prevent serious problems including important security updates for Adobe Flash and Cold Fusion, Microsoft Window and Internet Explorer, Google, and  Apple Safari.

TIPS

Here are the links to the latest Department of Homeland Security software updates and security patches:

https://www.us-cert.gov/ncas/current-activity/2014/12/09/VMware-Releases-Updates-vCAC

https://www.us-cert.gov/ncas/current-activity/2014/12/09/Adobe-Releases-Security-Updates-Reader-and-Acrobat

https://www.us-cert.gov/ncas/current-activity/2014/12/09/Microsoft-Releases-December-2014-Security-Bulletin

https://www.us-cert.gov/ncas/current-activity/2014/12/08/ISC-Releases-Security-Updates-BIND

https://www.us-cert.gov/ncas/bulletins/SB14-342

https://www.us-cert.gov/ncas/current-activity/2014/12/04/Apple-Releases-Security-Updates-Safari

Scam of the day – December 11, 2014 – Phony shipping phishing scam

December 10, 2014 Posted by Steven Weisman, Esq.

Phony shipping phishing scam.  Try saying that fast three times.  Most likely you will trip on your words, but that is nowhere near much of a problem when compared to what happens to you if you fall for this scam.  The holiday season is a time when people are ordering gifts from many retailers.  It is common for companies to send an email confirmation when you order something online.  Scammers are taking advantage of this practice to send vast amounts of phony shipping notices and confirmation from what appear to be legitimate companies, such as Amazon with which so many of us do business.  However in these phishing emails, in which the scammer poses as a legitimate company, you are prompted to click on a link or download an attachment under various guises, such as confirming the order.  These links and attachments are filled with malware that will enable the scammer to steal all of your personal information from your computer and use it to make you a victim of identity theft.

Here is a copy of a phony phishing notice purportedly from Amazon.

bogusemail.jpg

TIPS

Legitimate companies will not have attachments or links for you to click on in any real confirmation of your order.  If you receive an email that informs you of a problem with your order or anything else that appears to require action on your part, never click on any links or download any attachments that may appear in such emails.  Rather, contact the real company through its website or a telephone number that you know is accurate.  Don’t use the telephone number contained in the email and don’t click through the email to purportedly go to the website.  Taking these simple steps can save you a lot of grief.

Scam of the day – December 10, 2014 – SEC charges investment advisor with fraud

December 10, 2014 Posted by Steven Weisman, Esq.

The SEC has brought fraud charges against Levi Lindemann, an investment adviser, accusing him of stealing almost a million dollars from elderly investment clients.  According to the SEC, between the years of 2009 and 2013, Lindemann collected money from investors only to use the money for his own personal use.  By paying off older investors with the funds supplied by newer investors, he made it appear that he was making substantial profits for his clients.  This is the mark of a typical Ponzi scheme, pioneered by Charles Ponzi at the start of the twentieth century.  Lindemann provided clients with phony account statements and forged documents to make it appear that his clients had indeed invested in legitimate investments.

TIPS

The rules for protecting yourself from investment scams are always the same.  Before investing in anything, you should make sure you understand the investment and carefully investigate both the investment and the person advising you to make the investment.  Anyone carefully evaluating Lindemann’s scheme would have found that it was phony.  In addition, a red flag in both the Bernie Madoff scam and the Ponzi scam allegedly operated by Lindemann is when the person advising you to make the investment is also the custodian of the account.  They should never be the same person.  Always have a separate broker-dealer from your individual adviser.  This way the actual funds and investments are monitored by a third party.

Scam of the day – December 9, 2014 – Banks win first round in Target lawsuit

December 9, 2014 Posted by Steven Weisman, Esq.

Last year’s massive data breach at Target was the first of a series of data breaches that continue unabated to this day with no end in sight.  While millions of Target customers were inconvenienced by the theft of their credit card or debit card information, banks that issued those cards and had to replace those stolen cards suffered financial losses involved with replacing the stolen cards as high as 400 million dollars.  Five of these banks, Umpqua Bank, Mutual Bank, Village Bank, CSE Federal Credit Union and First Federal Savings filed a class action in federal court on behalf of themselves and other affected banks seeking payment from Target for the losses they incurred as a result of the Target data breach.  Target responded to the lawsuit by filing a Motion to Dismiss the lawsuit arguing that it was not responsible for the data breach, however Judge Paul A. Magnuson, in denying Target’s motion ruled that there was sufficient evidence of Target’s negligence to warrant a trial.  Specifically, the judge said that Target ignored security software program alerts that there was a problem and also actually disabled some of its own security features which contributed to the data breach.  According to Judge Magnuson, “Plaintiffs have plausibly alleged that Target’s conduct both caused and exacerbated the harm they suffered.”

TIPS

The importance of this early ruling in the case of the banks against Target cannot be overestimated.   While in the past retailers were not held responsible for the occasional data breach occurring in the processing of credit and debit card transactions, an ultimate verdict in favor of the banks could signal a major change in how retailers conduct business in general and in particular what security steps they will need to take in order to avoid financial responsibility for future data breaches.  Coupled with regulations shifting responsibility for data breaches to retailers who fail to switch to new smart credit cards with computer chips by October of 2015, this ruling may signal a new paradigm for company electronic security.