Scam of the day – May 1, 2016 – Latest security updates from the Department of Homeland Security

May 1, 2016 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  Today’s updates include critical updates for the Android operating system and Google Chrome.  Also included is a newly released security update to the Mozilla Firefox browser.

TIPS

Here are the links to the latest security updates and patches from the Department of Homeland Security: https://www.us-cert.gov/ncas/bulletins/SB16-116

https://www.us-cert.gov/ncas/current-activity/2016/04/26/Mozilla-Releases-Security-Updates

https://www.us-cert.gov/ncas/current-activity/2016/04/28/Google-Releases-Security-Update-Chrome

Scam of the day – April 30, 2016 – Class action against P.F. Chang’s restaurant chain continues

April 30, 2016 Posted by Steven Weisman, Esq.

In June of 2014 I first reported to you about a data breach at P.F. Chang’s China Bistro a major restaurant chain.  A large number of credit cards and debit cards used at P.F.Chang’s restaurants  between March 2014 and May 19, 2014 were compromised.   A class action was filed by John Lewert and Lucas Kosner in 2014 on behalf of themselves and other similarly situated victims of the data breach.  P.F.Chang was initially successful in having the lawsuit dismissed on the ground that Lewert and Kosner had not personally suffered any harm at this time due to the data breach.  However, recently, the Seventh Circuit Court of Appeals revived the lawsuit, ruling in favor of the plaintiffs and allowing the case to proceed because, the court determined, the plaintiffs and others whose data was stolen faced the “concrete” possibility of becoming a future victim of identity theft.

If you were a customer of P.F. Chang’s affected by the data breach, here is a link to the website of the law firms handling the class action to which you can go for more information.  http://www.siprut.com/ and http://www.litedepalma.com/

TIPS

So what does this mean to you?  As I have cautioned you many times, you should not use your debit card for anything other than an ATM card.  Using it for retail purchases potentially puts your entire bank account tied to the card in jeopardy.  By using a credit card, your liability is limited to no more than $50 for fraudulent charges and many companies do not even charge you anything for fraudulent charges.  Everyone should monitor their credit card statements carefully each month to make sure that no fraudulent charges appear and if they do, you should contact your credit card company to have those charges removed immediately and to get a new credit card.

Scam of the day – April 28, 2016 – New evidence revealed against lottery security director

April 28, 2016 Posted by Steven Weisman, Esq.

As I reported to you last July, Eddie Tipton, the former security director of the Multi-State Lottery Association was convicted of electronically rigging the Iowa Hot Lotto game enabling him to buy the winning 16.5 million dollar ticket.  The jury believed the evidence that indicated that Tipton used a  portable USB drive to install malware on to the computer that picked the winning number.  The computer is not accessible to the Internet in order to prevent tampering and only four people including Tipton had access to the room where the computer was housed.  The closed circuit camera that recorded activity in the room had been wiped clean so there was no visual evidence of Tipton tampering with the computer.  In addition, the sophisticated malware used by Tipton was self-deleting and left utterly no trace on the lottery computer.  However, despite the lack of either visual evidence showing Tipton actually tampering with the computer or evidence of the precise malware used, after a week’s deliberations, the jury found Tipton guilty of two counts of fraud.

Now, almost a year later new evidence has been revealed by prosecutors against Tipton who is presently awaiting trial regarding additional lottery fraud in Colorado, Wisconsin, Oklahoma and Kansas.  Where previously, only circumstantial evidence tied Tipton to charges that he rigged state lotteries, now, according to prosecutors, they have found the random number generator used by Tipton to rig a 2 million dollar Megabucks drawing in 2008.  According to prosecutors, a forensic investigation found that the generator had code installed on the computer used to produce the winning Megabucks numbers after the computer had been audited and was used to make the computer not produce random numbers three times during the year leaving Tipton able to predict the winning numbers.

TIPS

No computer system is foolproof, however this case does highlight vulnerabilities in the computer security systems used to protect the honesty of state sponsored lotteries.  Hopefully, this case will lead to better security in the operation of state lotteries to insure that the public has faith in them as being operated honestly.

Scam of the day – April 27, 2016 – Friend’s emergency scam

April 26, 2016 Posted by Steven Weisman, Esq.

The emergency email scam continues to snare unwary victims despite much discussion in the news of this type of scam.   It starts when you get an email describing a dire emergency that a friend or relative has encountered, generally in a foreign country, that requires the immediate wiring of funds to your friend or relative.  Sometimes the emergency relates to an arrest.  Other times it relates to a medical emergency, but it always is an urgent request for immediate funds to resolve the problem.  This scam is also done by communications on social media, such as Facebook, by text message or the telephone, such as in the infamous grandparent scam.

Often when the scam is done by email, it can appear that the email is really coming from your friend because your friend’s email account may have been hacked and used to send you the plea for help.

Here is a copy of such an email that was sent to me by the person receiving it.  It was initially sent through the hacked email of the purported friend in need in order to make it appear legitimate.

“Good Morning,

Sorry for any inconvenience, but I’m in a terrible situation. I came down here to France on vacation with my family after my birthday, last night on our way back to my hotel room we were robbed at gunpoint  all cash,credit cards and cell phones were stolen off me, leaving my passport and life safe. My luggage is still in custody of the hotel management pending when I make payment on outstanding bills I owe. I called my bank for a wire transfer but it has proven almost Impossible to operate my account from here as they made me understand international transactions take 7 working days to be effective which I can’t wait. I need you to help me with a loan to pay my hotel bills and get my self home. I’ll reimburse you as soon as I get back Home. I’ll appreciate whatever you can assist me with, let me know if you can help.

Thanks,
Bill”

TIPS

If you receive such a communication, you should immediately be skeptical, particularly if you are being contacted by an email, text message or social media.  If you have any concern that the communication might be legitimate, it is easy to contact the person on their cell phone to confirm that the communication you received was just a scam.  Anytime you are asked to wire money for any purpose, you should be particularly skeptical and very careful because once money is wired, it is impossible to recover if you find out you have been scammed.

If you are contacted and told by your friend that they do not have access to their cell phone, you should first try to contact them on their cell phone which will definitely prove to you that this is a scam.  Even if you cannot make contact with your real friend or relative through their cell phone, you can always call the police, embassy or hospital where they say they are in order to confirm that this is a scam.

Students and others traveling abroad should register with the State Department’s Smart Traveler Enrollment Program at https://travelregistration.state.gov/ibrs/ui/.  This program can help with communications in an emergency situation.  Parents who have children traveling overseas, should also consider establishing a special code word to use in the event of the need for emergency communications to prove that the communication is legitimate.

Scam of the day – April 25, 2016 – Ecuador and Japan earthquake charity scams

April 25, 2016 Posted by Steven Weisman, Esq.

The problems following the recent devastating earthquakes in Ecuador and Japan continue to increase with affected people in those areas of the world in great need of help.   This kind of natural disaster brings out the best in us as many people are quick to make donations to charities to help the earthquake survivors and the families of the victims.  This kind of natural disaster also brings out the worst in scammers  who are quick to take advantage of the generosity of people by contacting them, posing as charities, but instead of collecting funds to help the victims of these natural disasters, the scam artists steal the money for themselves under false pretenses.   Charities are not subject to the federal Do Not Call List so even if you are enrolled in the Do Not Call List, legitimate charities are able to contact you.  The problem is that whenever you are contacted on the phone, you can never be sure as to who is really calling you so you may be contacted either by a phony charity or a scammer posing as a legitimate charity.  Similarly, when you are solicited for a charitable contribution by email or text message, you cannot be sure as to whether the person contacting you is legitimate or not.

TIPS

Never provide credit card information over the phone to anyone whom you have not called or in response to an email or text message.  Before you give to any charity, you may wish to check out the charity with www.charitynavigator.org where you can learn whether or not the charity itself is a scam.  You can also see how much of the money that the charity collects actually goes toward its charitable purposes and how much it uses for fund raising and administrative costs.  If you do wish to make a donation to a charity, go to the real charity’s website or call them at a telephone number that you know is accurate in order to make your donation rather than responding to a telephone call or electronic communication.  Charitynavigator.org lists some highly rated charities involved with earthquake relief, which you may wish to consider if you are thinking about making such a charitable gift.  They are Global Giving, Helping Hand for Relief and Development, and the International Medical Corps.  Below are links to their pages on Charitynavigator.org that describes the charities in detail as well as provide a link to make a donation if you are so inclined.

http://www.charitynavigator.org/index.cfm?bay=search.summary&orgid=11648#.Vxt5gfkrIkU

http://www.charitynavigator.org/index.cfm?bay=search.summary&orgid=12691#.Vxt5uPkrIkU

http://www.charitynavigator.org/index.cfm?bay=search.summary&orgid=8158#.Vxt59fkrIkU

 

Scam of the day – April 24, 2016 – Scams involving the death of Prince

April 23, 2016 Posted by Steven Weisman, Esq.

It is a sad fact of life that the deaths of celebrities, such as the recent untimely death of Prince, particularly when they occur unexpectedly, are exploited by scammers seeking to lure curious unwary people to dangerous websites or click on links containing malware.  It is important to never click on links in text messages or emails unless you have absolutely confirmed that they are legitimate because they may contain keystroke logging malware that can steal all of the information from your computer, laptop, smartphone or other device and use that information to make you a victim of identity theft.  In addition, a particularly insidious type of malware can be installed on your computer or other device merely by going to an infected website.  Therefore as tempting as it may be for some people to respond to emails, social media posts or other communications promising unseen videos of Prince’s last moments, photographs, you should avoid clicking on those links and going to websites promising this information.  If you want reliable information, you should stay with legitimate news websites.

In addition, it is important to point out that even if you have the most up to date versions of anti-malware security software on your computer and other devices, you will always be at least thirty days behind the newest malware.  It takes that long for the security software companies to come up with new security software to combat newly discovered computer vulnerabilities, sometimes referred to as “zero day” exploits.

TIPS

These types of scams, capitalizing on the deaths of celebrities, such as Whitney Houston, Michael Jackson, Paul Walker and Robin Williams have become far too common and predictable.  Don’t be a victim of these scams.  Never click on links in emails or text messages promising you photographs, videos or even new information about events such as these and don’t even go to websites with which you may be unfamiliar to find such information because your computer may get infected merely by going to the website without clicking on any links.  For reliable information, limit your searches to reliable sources.

April 23, 2016 – Steve Weisman’s latest column for USA Today

April 23, 2016 Posted by Steven Weisman, Esq.

Here is a link to Steve Weisman’s latest column for USA Today.  It contains startling information about how vulnerable we all are to having our bank accounts hacked by rogue employers at the banks we use.

http://www.usatoday.com/story/money/columnist/2016/04/23/how-vulnerable-our-bank-data-cyber-heist-very/83085352/

Scam of the day – April 23, 2016 – Google doubles bounty for white hat hackers

April 23, 2016 Posted by Steven Weisman, Esq.

Last month, I advised you about the new  “bug bounty” program announced by the Department of Defense in which it is offering a “bug bounty” to vetted hackers who are able to identify vulnerabilities in its web pages and computer networks.  However, private companies, such as Google and Facebook have long made cash payments to independent hackers, sometimes called white hat hackers to distinguish them from the criminal black hat hackers, who identified vulnerabilities in their computer code.  Generally, these bounties are between $500 and $15,000, however, Google has recently announced that it has doubled the reward that it will pay anyone who finds a flaw in the security of its Chromebook to $100,000.   Google has paid out more than six million dollars in bug bounties since the program was started in 2010.

TIPS

This is a positive strategy for businesses and  government to follow to enhance cybersecurity.  As for we as individuals, the best things we can do to protect our cybersecurity is to keep our anti-virus and anti-malware software up to date on all of our electronic devices and refrain from clicking on links or downloading attachments in all forms of electronic communication until we have absolutely confirmed that the communications are legitimate.  Otherwise, the risk of downloading malware is too great.