Scam of the day – August 23, 2017 – National Institutes of Health grant scams

The Federal Trade Commission (FTC) is warning people about an upsurge in phone calls from scammers posing as employees of the National Institutes of Health (NIH) in which the scammers inform their targeted victims that they have been selected to receive a $14,000 grant from the NIH.  All they need to do is pay a processing fee through an iTunes card or a Green Dot money card.

This is a total scam and even if your Caller ID makes it appear that the call is from the NIH, your Caller ID can be tricked through a technique called “spoofing” to look like the call is from the NIH when it is not.

TIPS

You will never be called by the government to tell you that you have been awarded a grant for which you have not applied.  In addition, government grants do not charge a processing fee of any kind.  You can find out more information about federal grant providing agencies at www.grants.gov, however it is important to remember that grants are not given for personal purposes, but only for public projects.

Scam of the day – August 22, 2017 – Latest security updates from the Department of Homeland Security

As shown by the recent massive WannaCry  and Petya ransomware attacks that took advantage of computer users that had not patched their Windows operating system with available updates, constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.

Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  These new critical updates from the Department of Homeland Security include important patches for Microsoft Edge, adobe acrobate and Internet Explorer.

TIPS

Here are the links to a list of all of the recent security updates as posted by the Department of Homeland Security:

https://www.us-cert.gov/ncas/bulletins/SB17-226

https://www.us-cert.gov/ncas/bulletins/SB17-233

Scam of the day – August 20, 2017 – FTC obtains order to stop work-at-home scam

Working at home sounds very appealing.  No commute and you get to work in your pajamas.  What could be more convenient than that? Unfortunately, many work-at-home job proposals are nothing more than scams and, in the case of reshipping work-at-home jobs, you may even be an accessory to a crime when you are recruited to ship goods bought with stolen credit cards.

Recently, the Federal Trade Commission (FTC) obtained a temporary restraining order to shut down a deceptive work-at-home scheme the FTC alleges was being perpetrated under various names including Work At Home EDU, Work At Home Ecademy, Work At Home University, Work At Home Revenue and Work at Home Institute.  These companies promised their victims they could earn “hundreds of dollars per hour from home, without any special skills or experience.”  These  scams were advertised primarily through what is called “native advertising” which is paid advertising that appear to be legitimate news stories.  The advertising was placed in legitimate online websites including Forbes.com.

According to the FTC, the work-at-home jobs offered by these companies were just scams that violated federal law by failing to make required disclosures and provide evidence for their inflated earnings claims.

TIP

As always, if it sounds too good to be true, it usually is.  Check out work at home scams with the big three – your local attorney general, the Better Business Bureau and the FTC.  And as always, you can Google the name of the particular company offering you the work at home program with the word “scam” next to it and see what turns up.  As for reshipping scams, they are always a scam and you should steer clear of them.

It is sometimes hard to distinguish native advertising from legitimate news stories so you should always be skeptical when relying on information contained in news stories that require you to make a payment.  In addition, most legitimate websites do not investigate the advertising that they carry so you cannot rely on a trustworthy website to contain trustworthy advertising.  Remember my motto, “trust me, you can’t trust anyone.”

Scam of the day – August 19, 2017 – Alleged scammer of Facebook and Google arraigned

In my scam of the day for December 26, 2016 I told you about the Boston Division of the FBI warning companies about a huge surge of Business E-Mail Compromise scams (BEC).  The scam involves an email sent to the people who control payments at a targeted company. These people receive an email purportedly from the CEO, company attorney or even a vendor with which the company does business requesting funds be wired to a phony company or person.   At its essence, this scam is remarkably simple and relies more on elementary psychology instead of sophisticated computer malware.  Often the scammers will do significant research to not only learn the name of the key employees involved with payments within a company, but also will infiltrate the email accounts of company employees for a substantial period of time to learn the protocols and language used by the company in making payments.  The scammers will also gather information from the company’s website and from social media accounts of its employees, all in an effort to adapt their message to seem more legitimate.

In March, Evaldas Rimasauskas, a Lithuanian citizen was arrested and charged with perpetrating this type of a scam against both Facebook and Google from which he was able to steal more than a hundred million dollars by posing as a Taiwanese company, Quanta Computer which is a major supplier to American high tech companies.

Now Rimasauskas has been extradited to the United States where earlier this week he was arraigned and pleaded not guilty to charges of wire fraud, money laundering and identity theft.

TIPS

In order to avoid this scam, companies should be particularly wary of requests for wire transfers made by email. Wire transfers are the preferred method of payment of scammers because of the impossibility of getting the money back once it has been sent.  Verification protocols for wire transfers and other bill payments should be instituted including, dual factor authentication when appropriate.  Companies should also consider the amount of information that is available about them and their employees that can be used by scammers to perpetrate this crime.  They also should have strict rules regarding company information included on employee social media accounts that can be exploited for “spear phishing” emails which play a large part in this scam. Finally, employees should be specifically educated about this scam in order to be on the lookout for it.

Scam of the day – August 18, 2017 – HBO continues to be attacked by cybercriminals

Following on the heals of a hacking of HBO in which early episodes of Curb Your Enthusiasm, Ballers and scripts from Game of Thrones were stolen by cybercriminals demanding ransoms be paid or they will release the stolen material, a number of HBO’s social media accounts including its Game of Thrones Twitter account were hacked and taken over by the hacking group OurMine, which has previously managed to hack other entertainment companies such as Netflix and Marvel.  This time the hackers’ actions were little more than a nuisance and the hacking was promptly remedied, however, the vulnerability of HBO was again prominently on display.

Since the major Sony data breach of 2014, the entertainment industry has been a frequent target of profit motivated hackers as well as some hackers merely seeking to publicly disrupt these companies   HBO actually does a pretty good job of cybersecurity, both in training its employees as well as requiring dual factor authentication be used by employees.  Although the investigation is ongoing, it appears that the data breach in which the episodes of its shows and scripts were stolen was linked to an email security breach.

TIPS

Companies must do a better job of cybersecurity.  Complicating the problem, however, is that the entertainment industry, like the health care industry which has also shown to be extremely vulnerable to cyberattacks have numerous third party contractors with which they do business. Security vulnerabilities at these third party contractors has led, in a number of circumstances, to larger security breaches at the bigger targeted companies.

While cybersecurity can be extremely difficult to fully implement for large companies, it is not as complex for us as individuals.  Throughout my books and throughout the thousands of Scams of the day here at Scamicide we will continue to advise you on the steps to take to protect yourself from cyberattacks.

Scam of the day – August 21, 2017 – Amazon phishing email

It must be phishing season.  Today’s Scam of the day is yet another phishing email.  This one purports to be from Amazon and again the email attempts to lure you into clicking on a link to make important updates to your account.  Unfortunately, if you do so you will  either download malware or provide personal information that will be used to make you a victim of identity theft, are nothing new.   Phishing emails are a staple of identity thieves and scammers and with good reason because they work. Reproduced below is a copy of a new phishing email that appears to come from Amazon.  At the intelligent suggestion of a Scamicide reader, I have removed the link from the version of the email reproduced below and will continue to do so when showing examples of new phishing emails in the future.  Until now, I had thought it was important for people to see the exact phishing email and merely strongly advise people not to click on the link, however, the risk of someone even accidentally clicking these infected links is too great to continue to show these links.

Amazon is a popular target for this type of phishing email because it is used by just about everyone.   Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond. As phishing emails go, this one is pretty good.  It looks legitimate.  However, the email address from which it was sent is that of an individual totally unrelated to Chase and is most likely the address of an email account of someone whose email account was hacked and made a part of a botnet of computers used by scammers to send out phishing emails.   As so often is the case with these type of phishing emails, it does not contain your account number in the email.  It carries a legitimate looking Amazon logo, but that is easy to counterfeit.

 

Dear Customer,                                                                                                 We have recently upgraded our server for the help of our customers, and we recommend a new security features as part of our commitment to keep our customers safe.                                                                                             For security measures the following information is required to solidify your profile. 

INFECTED LINK WAS FORMERLY LOCATED HERE.  IT HAS BEEN REMOVED FROM THIS COPY

Your sincerely                                                                                                             Amazon

© 2017 Amazon or its affiliates.                                                                                                All rights reserved                                                                                                                          410 Terry Avenue N., Seattle, WA 98109-5210.    Reference:219862590

Scam of the day – August 16, 2017 – Hackers targeting hotel Wi-Fi

The security company Bitdefender has identified new tactics being used by a notorious hacking group known as DarkHotel to hack into the computers of hotel guests.  DarkHotel has been operating for about ten years now and until recently had been specifically targeting business travelers in order to gain access to their companies’ computers and the data contained therein. Recently , however, DarkHotel has expanded its targets to include political figures, as well.  DarkHotel has exploited vulnerabilities in hotel Wi-Fi to achieve its attacks.

A key element in the success of DarkHotel has been their successful use of spear phishing emails that have been used to lure unsuspecting victims into clicking on links and downloading malware.

TIPS

Whether you are a high profile business person, a politician or a regular citizen, spear phishing is one of the biggest threats to your security and well being.  Spear phishing emails or text messages are personally crafted emails or text messages that have been created using information about you, your job, your interests and other aspects of your life to lure you into clicking on a link and downloading malware.  Most of the major data breaches as well as personal data breaches have been initiated through phishing so the lesson is clear.  Trust me, you can’t trust anyone.  Never click on links in emails or text messages unless you have absolutely confirmed that they are legitimate.

Scam of the day – August 14, 2017 – Telemarketers may get a new weapon

Legitimate telemarketing calls can substantially be avoided by consumers by signing up for the free federal Do-Not-Call list which makes it illegal for telemarketers to contact you on your landline phone or cell phone unless they are representing a charity, debt collector, survey or a politician.  Here is a link to where you can sign up for the Do-Not-Call list if you haven’t yet done so and want to avoid these calls.  https://www.donotcall.gov/

It is important to remember that criminal telemarketers, including many who utilize automated robocalls pay no attention to the Do-Not-Call list.

Now, new technology has been developed that enables telemarketers to contact you by calling directly to your voicemail without your phone ever ringing.  Telemarketers argue that this technology is not subject to the Do-Not-Call list because your phone never rings, which seems like poor reasoning to me, however, the Federal Communications Commission (FCC) is considering an application by a company that wants to use this technology for telemarketing to allow these calls to be made to consumers.

TIPS

Unfortunately, at the present time there is no way for you to block undesired voicemails as we have with other types of robocalls. The FCC is presently soliciting comments from the public as to whether or not to allow this new technology to be used for telemarketing to consumers.  If you wish to comment  to the FCC on this you can do so by clicking on this link.  You will need to insert the name and number of the proceeding as 02-278 Ringless Voicemail.

https://www.fcc.gov/ecfs/filings/express