Scam of the day – February 20, 2017 – Immigration assistance scams

Immigrants concerned about their status as American immigration laws and policies are changing are being preyed upon by scammers posing as attorneys and charging for immigration forms that can be obtained free or claiming to have special relationships with immigration officials that enable them to obtain favorable results.  Advertisements for such phony lawyer services are appearing on flyers in store windows and throughout social media.  The truth is that these scammers offer no services of any value and merely exploit the fears and concerns of immigrants in the United States.

TIPS

You can always check on the status of an attorney in your state by checking online with your state’s bar association or board of registration for lawyers.  In addition, people needing access to free or low cost legal advice regarding immigration issues should go to the U.S. Citizenship and Immigration Services’ (USCIS) website by clicking on this link to get access to such low cost and free services that you can rely upon. https://www.uscis.gov/avoid-scams/find-legal-services

Scam of the day – February 19, 2017 – WhatsApp adds dual factor authentication

WhatsApp is a mobile messaging app for your smartphone that allows you to send text messages, photographs, videos and audio.  With more than a billion people using WhatsApp, it is not surprising that it has become attractive to scammers seeking to use its popularity to lure people into becoming scam victims.  Also, like many popular apps, it has been a target of hackers seeking to take over the accounts of legitimate users of the app and send out malware filled messages that appear to be trustworthy because the messages look like they are coming from someone the victim trusts.

Mere passwords have not proven to be a particular secure method of authentication.  Many people use simple to guess passwords and even what may appear to be complex passwords can often be identified by sophisticated hackers using password cracking software.  However, more and more companies such as Facebook, Twitter, Google, Tumblr, Yahoo and others are using dual factor authentication by which when your password is used to access you account, a special code is sent to your smartphone that must be used in order to complete access to the account. This provides dramatically enhanced security.  Now WhatsApp has become the latest app to offer dual factor authentication.

TIPS

Passwords are just too vulnerable to be the sole method of authentication for important apps or accounts.  Whenever you are able to use dual factor authentication for a particular website, account or app, you should take advantage of this.  Some dual factor authentication protocols do not require it to be used when you are accessing the account from the computer or smartphone that you usually use, but only if the request to access the account comes from a different device, which still provides security without even having to use the special code.

Scam of the day – February 18, 2017 – Florida man sentenced for Business email scam

Recently, Jeffrey Ihm was sentenced to eleven years and eight months in federal prison after being convicted of multiple criminal counts related to his business email scam through which he managed to steal $2,234,681.

Ihm posed in emails as executives of a number of legitimate companies, such as Roper Industries and tricked Well Fargo Bank and other financial institutions to send him the money.

This scam, which is often referred to as the business email scam has become a serious problem in the last couple of years with many companies becoming victims of the scam.

TIPS

The key for businesses is to have a protocol in place in regard to approvals necessary and verification required before paying bills, particularly when funds are requested to be wired.

The lesson also applies to all of us as individuals.  Scammers also send phony bills that appear to individuals that appear to come from companies with which we do business, but with a different address to send the money. Never send a payment to a different address from that which you have done in the past unless you have verified both the accuracy of the bill and the address.

Scam of the day – February 17, 2017 – Company hit twice by W-2 scam

Income tax identity theft is a multi billion dollar problem that costs the government and, by extension,  we the taxpayers billions of dollars each year while tremendously inconveniencing the individual taxpayers whose identities are stolen as it generally takes the IRS months to fully investigate each instance of identity theft and send to the victimized taxpayer his or her legitimately owed tax refund.  Armed with a potential victim’s name and Social Security number, it is a simple matter for an income tax identity thief to file a phony return with a counterfeit W-2 to obtain a fraudulent income tax refund.

I have been warning you for a year about identity thieves tricking companies into providing employee W-2s to them.  These stolen W-2s contain all of the information the identity thieves need to file a fraudulent income tax return.  The scam works by sending phishing emails to HR and accounting departments within companies often posing as the CEO of the company or someone else in upper management requesting copies of all employee W-2s under various guises.  Other times, payroll management companies have been targeted using the same type of phishing emails.  In some instances, the phishing emails have been recognized as scams, but in other instances, companies have unwittingly handed over thousands of W-2s to clever identity thieves.

This scam continues to plague companies both big and small and recently, Monarch Beverage, Indiana’s biggest beer and wine distributor acknowledged that not only had it recently become a victim of this scam turning over W-2s of more than 600 employees to identity thieves, but that in the course of its investigation into the matter, it had been victimized last year by the same scam.

TIPS

All companies have got to do a better job of training employees to recognize phishing emails and installing anti-phishing software programs.  In addition, dual factor authentication should be used before transmitting sensitive data to make sure that the person to whom the material is being sent is really who they represent they are.  These same lessons that apply to companies also apply to all of us as individuals, as well.  Phishing is done to steal the identities and information of unwary individuals every day and the best way to protect yourself is to start with remembering my motto, “trust me, you can’t trust anyone.”  Never provide personal information to anyone who asks for it by phone, text message or email unless you have absolutely confirmed that the request is legitimate and the person or company requesting the information has a legitimate need for the information.  Never click on links or download attachments from emails or text messages unless you have confirmed they are legitimate because those links and attachments could contain keystroke logging malware that can steal all of the information from your computer and use it to make you a victim of identity theft.  Finally, keep all of your electronic devices including your smartphone up to date with the latest security software patches.

Scam of the day – February 16, 2017 – New twist on mail theft

Identity theft is a high tech, low tech and no tech crime and while we often tend to focus our attention on high tech identity theft tactics such as spear phishing, no tech tactics such as fishing for mail with a plastic bottle covered in glue that is lowered into blue public mailboxes to capture mail being sent with checks is making a comeback.  In the Bronx, New York just in the last year police and postal inspectors have made about 150 arrests according to Donna Harris of the U.S. Postal Inspection Service.

I have warned you for years about leaving mail with checks or credit card information in your personal mailbox outside of your home with the flag raised to alert your postal carrier that there is mail in your box to be retrieved is a bad idea because it also alerts identity thieves who can easily steal the mail.  Once they have the checks, they can “wash” the name or even the amount of the check and make the check payable to the thief. They also can use the account number of your check to create counterfeit checks to access your checking account.

TIPS

This is an easy crime to avoid.  The best course of action is to pay your bills electronically and avoid the problem altogether.  However, if you cannot do so or prefer to send a paper check by mail, you should use a gel pen that is not easily “washed” to write your checks and you should mail envelopes with checks in them directly from inside the post office.

Scam of the day – February 15, 2017 – FTC gets court order halting phony rental property scam and free credit reporting scam

The Federal Trade Commission (FTC) has obtained a temporary restraining order against Credit Bureau Center LLC, Michael Brown, Danny Pierce and Andrew Lloyd as a part of its legal action against them on charges that they operated scams involving phony rental property advertisements and offered “free” credit reports for which they charged monthly amounts to their victims’ credit cards.

According to the FTC, the scammers placed Craigslist advertisements for rental properties they were not authorized to represent and in some circumstances even placed advertisements for properties that did not even exist.  When people responded to the ads, the victims were told that before they could see the properties they had to get a free credit report from the defendants’ websites’ myscore.com, creditupdates.com and freecreditnation.com in order to qualify to be considered for renting the properties.  The “free” credit reports, however, were far from free because the fine print in the agreement to obtain the “free” credit report required the victim to enroll in a credit monitoring service with a continuing monthly charge of $29.94.  According to the FTC, the victims never were shown properties even after getting the required credit report and the scammers ignored all communications from their victims after the victims signed up for the credit monitoring service.

TIPS

Advertisements for rental units and vacation rentals that are not owned by the scammers placing the advertisements is a common scam.  It is easy for scammers to get photos and other information about rental units and vacation rentals from legitimate websites and post them to lure victims into sending money to the scammers as a deposit.

A good way to protect yourself from this type of scam is to do a Google or other search engine search with the address of the property to see where it may turn up and who is listed as the owner.  Another good source of information is to go online to the Tax Assessor for the city or town where the property is located and confirm that the name of the property owner matches the name of the person attempting to rent you the property.

In regard to “free” credit reports, you should never have to give a credit card number for a free service although often scammers require this.  You should also carefully read any contract you make.  There rarely is anything fine in fine print.  The victims of this particular scam would have seen that they were signing up for a recurring charge if they carefully read their contract.

Finally, carefully monitor your credit card statements and bank accounts often to discover fraudulent charges as soon as possible.

Scam of the day – February 14, 2017 – FTC issuing refunds to buyers of indoor tanning system

Today being Valentine’s Day is probably a good time to tell you that the Federal Trade Commission (FTC) is now mailing 2.59 million dollars of refunds to the purchasers of the Mercola indoor tanning systems, which was represented by Mercola to not only provide you with an attractive, healthy tan, but also be safe, not increase your risk of melanoma, and even reverse the appearance of aging.  The FTC sued Mercola over these false and misleading representations.

Unfortunately, the truth is that we need to adjust our thoughts on the attractiveness of a tan because there is no such thing as a healthy tan and no tanning system can avoid the risk of melanoma or reverse the appearance of aging.

In 2016, the FTC settled its complaints against Dr. Joseph Mercola and his indoor tanning system companies, D-Lite, SunSplash and Vitality.  Now the FTC is mailing refund checks to the customers of these companies who bought the indoor tanning systems after January 1, 2012.

TIPS

Customers of Dr. Mercola who completed a claim form prior to October 31, 2016 will be receiving refund checks averaging about $1,897.  If you receive a check you should cash or deposit it within sixty days.  No fee is required to be paid in order to be eligible for or receive one of these refund checks.  For more information, click on the tab at the top of this page that reads “FTC Scam Refunds.”

Scam of the day – February 13, 2017 – Man sues Verizon for failing to prevent him from committing identity theft

In a rather unusual lawsuit, to say the least, James Leslie Kelly who is serving a ten year sentence for identity theft has filed a civil lawsuit against Verizon Wireless seeking 72 million dollars that he claims is owed him because, he alleges, Verizon Wireless was negligent in failing to recognize that he had stolen the identity of someone with a similar name when Kelly stole $300 worth of products and services from Verizon Wireless using his victim’s name.

Kelly’s self prepared lawsuit most likely will be dismissed without a trial.

TIPS

As outrageous as Kelly’s lawsuit is, there is a lesson to all of us, which is that even if you take all the steps you can to protect yourself from identity theft, you are only as safe as the places that have your personal information and accounts with the weakest security and while I am not passing any judgment on whether Verizon Wireless should have done a better job of protecting the real victim of identity theft in this case, I am telling everyone that, as much as possible, you should limit the places that have your personal information and monitor all of your accounts often in order to recognize when your personal security has been breached.

Scam of the day – February 12, 2017 – Data breach at InterContinental Hotels

InterContinental Hotels became the latest hotel chain to disclose that it had been hacked by cybercriminals stealing credit card and debit card information, joining Kimpton Hotels, Marriot Hotels, Hyatt Hotels, Trump Hotels, Hilton, Mandarin Oriental and White Lodging which all suffered data breaches during the past year.  Trump Hotels was hacked twice in the last year.

According to a statement released by InterContinental, credit card and debit card processing equipment was infected with malware at restaurants and bars at their hotels between August and December of 2016. The full extent of the data breach has not yet been determined.  For a list of the affected restaurants, you can go to this link. https://www.ihg.com/content/us/en/customer-care/protecting-our-guests

It is not known yet whether the data breach is related to the hacking by the Russian organized crime group Carbanak, that, as reported recently by Brian Krebs managed to install malware into the credit and debit card processing equipment manufactured by MICROS used in hotels around the world.

The primary reasons for the continuing problem of data breaches at hotel chains are the weak cybersecurity of many hotel chains coupled with these companies still using credit card and debit card processors for cards with magnetic strips rather than the safer smart EMV chip cards.  Regulations effective October 1, 2015  mandated credit card issuers and retailers switch over to the new smart EMV chip cards or risk increased legal liability, but unfortunately, many companies have been slow to switch to the new card processing equipment.  If smart EMV chip cards had been used at the bars and restaurants at the InterContinental hotels, the card information that was stolen would have been worthless, but since they still used the old fashioned magnetic strip cards, InterContinental and its customers face financial problems from this data breach.

TIPS

Until credit card issuing companies and brick and mortar stores and businesses that take credit cards switch to the new smart EMV chip cards, this story will, as I predicted  more than a year ago, continue to occur again and again.  As for us, as consumers, the best thing we can do is to refrain from using our debit cards for anything other than an ATM card because consumers whose debit card security has been breached are not protected as much as when a credit card is used for fraudulent purchases.  In addition, if you do not already have a new smart EMV chip card, you should demand one from your credit card company.  You also should regularly monitor your credit card statements for indications of fraudulent use.