Scam of the day – August 3, 2015 -New Walmart mystery shopper scam

August 2, 2015 Posted by Steven Weisman, Esq.

The mystery shopper scam is a tried and true scam that scammers still use to steal their victims’ money because the scam still works. The scam begins when you are contacted by mail or email purportedly by a company asking you if you want a job as a mystery shopper who will be paid to shop at their store and then report on the shopping experience to assist in market research and improving customer relations.    Below is a copy of an email that is presently being circulated that appears to come from Walmart telling the recipient that he or she has been chosen to be a mystery shopper.  The email address from which it is sent is Walmart@inc.walmart.edu which is not a legitimate Walmart email.  One key indication that it is not a legitimate email address for Walmart is that it ends with .edu which is reserved for educational institutions.  The way the scam progresses is that  if you respond, you are asked to deposit a check into your checking account and use the money to make purchases that you are allowed to keep.  You are then instructed to send the remaining funds back to the company.  Some victims, believing they were being careful,  deposited the check and waited a few days for the check to clear.   They then wired the funds, as requested back to the company only to learn a few days later that the certified check sent to them was a counterfeit and their bank had only given them provisional credit for the check into their account.  Once the check is found to be a fake, the provisional credit is removed from the victim’s account and the victim has lost the money that he or she wired to the scammer.

Here is a copy of the email presently being circulated.  DO NOT CLICK ON THE LINK.

“Hello,

You have been selected for a mystery shopping position

· Assignment location:

· START DATE: Immediate

· COMMISSION: $170.00 Per Survey

READ ABOUT US AND FILL THE ONLINE APPLICATION FORM:

http://hosting.elmark.co.ke/Walmart/

Thanks for reading”

 

TIP

One reason why this scam works so well is that there really are mystery shopping jobs although the actual number is quite few and they do not go looking for you.  If you want to find out if a mystery shopping company is legitimate, you can contact the Mystery Shopping Providers Association which is a trade organization of legitimate mystery shopping companies.  Their website is www.mysteryshop.org.  Other indications that you are involved with a scam is when you receive a check for more than what is owed you and you are asked to wire the difference back to the sender.  This is the basis of many scams.  Whenever you receive a check, wait for your bank to tell you that the check has fully cleared before you consider the funds as actually being in your account.  Don’t rely on provisional credit and never accept a check for more than what is owed with the intention to send back the rest.  That is always a scam.  Also be wary whenever you are asked to wire funds because this is a common theme in many scams because it is difficult to trace and impossible to stop.

Scam of the day – August 2, 2015 – Senators Markey and Blumenthal file legislation to combat automobile hacking

August 2, 2015 Posted by Steven Weisman, Esq.

In the wake of a recent video and story in Wired Magazine that showed how vulnerable today’s Internet connected automobiles are to dangerous hacking, United States Senators Edward Markey and Richard Blumenthal have filed legislation known as the SPY Car Act designed to provide requirements for automobile manufacturer’s to meet the threat of automobile hacking.  SPY is an acronym for Security and Privacy in Your car.  Senator Markey, in particular has long been concerned with the vulnerabilities of automobiles to being hacked and last February  issued a report that determined that the efforts of automakers around the world to prevent hackers from gaining control of cars electronically were “inconsistent and haphazard.”  Further, Markey concluded that most automakers did not even have systems for either detecting security breaches or responding to those breaches.  This new legislation is an attempt to respond to the lack of efforts by the automobile industry to effectively deal with this problem.

The bill if enacted into law would require the National Highway Traffic Safety Administration (NHTSA) and the Federal Trade Commission (FTC) to develop industry wide standards to prevent vehicle control systems from being hacked into.  In addition, the bill would require privacy standards to be developed to protect the privacy of the data collected by our vehicles.  Finally, the bill if enacted into law would require cars to have a new cyber dashboard display that would be affixed to the windows of all new cars that indicated how well the particular type and brand of car protected security and privacy beyond the minimum standards set by law.

TIPS

Automobile hacking is just another part of the broad Internet of Things where we are all increasingly vulnerable to hacking that threatens our well being.  Companies have got to do a better job of incorporating security into all of the devices and products that we use that are connected to the Internet. It is only a matter of time before hacking into the products involved with the Internet of Things results in devastating consequences.  Here is a copy of my USA Today column I wrote in April about the Internet of Things and the dangers posed.   http://www.usatoday.com/story/money/columnist/2015/04/04/weisman-internet-of-things-cyber-security/70742000/

Here is a link to the legislation proposed by Senators Markey and Blumenthal.  If you support this legislation, I urge you to contact your Senators to request that they vote favorably on this bill.  http://www.markey.senate.gov/imo/media/doc/SPY%20Car%20legislation.pdf

Scam of the day – August 1, 2015 – Six Nigerians extradited to the United States to face fraud charges

August 1, 2015 Posted by Steven Weisman, Esq.

As a result of a joint effort of American law enforcement agencies with law enforcement agencies of South Africa, six Nigerians were extradited from South Africa to the United States to face a variety of fraud charges including conspiracy to commit mail fraud, wire fraud, bank fraud, conspiracy to commit identity theft and conspiracy to commit money laundering.  The six Nigerians are Oladimeji Seun Ayelotan, Rasaq Aderoju Raheem, Olusequn Seyi Shonekan, Taofeeq Olamilekan Oyelade, Olufemi Obaro Omoraka and Anuoluwapo Segun Adegbemigun and they along with fifteen others are accused of operating a number of scams including online romance scams using the online dating site Seniorpeoplemeet.com and scams in which they would convince their victims to ship and receive goods purchased with stolen credit card and banking information as well as depositing checks and wiring the proceeds out of the country as ways of laundering funds obtained through scams and identity theft.

TIPS

A little common sense and skepticism can go a long way in protecting you from becoming a victim of scams.  Online romance scams can be avoided to a great extent by recognizing that someone who immediately falls in love with you and soon thereafter needs you to send money for whatever reason is most likely a scam.  In addition, you may wish to do a reverse image search to see if the photo that has been provided to you is actually the person who they say they are.  Here is a link to Tineye http://tineye.com/ one of the websites where you can do such a reverse image search.  Of course, in some instances, the romance scammer may also be stealing the name of the person whose photo they stole, but that is not often the case.

As for work-at-home scams which are also rampant, it just makes sense that being sent goods and being asked to then send them somewhere else has no legitimate purpose as does depositing money into your account and then being asked to wire the money elsewhere.  These are merely transparent attempts at money laundering.  Don’t get involved.

Scam of the day – July 31, 2015 – Major vulnerability in Android phones discovered

July 31, 2015 Posted by Steven Weisman, Esq.

The bad news is that Zimperium, a security company discovered a serious vulnerability in Android phones, affecting 95% of the world’s Android phones including various models of the Samsung Galaxy.  The worse news is that the vulnerability which would enable a hacker to steal data from hacked smartphones is found in the Android media playback tool called Stagefright and that depending on the messaging platform used by the individual smartphone user, the text message used to send the malware would not even have to be opened in order for the malware to be downloaded automatically.  For other messaging platforms, the text message would have to be opened for the smartphone to become infected, but even then, it would not be necessary for the video to be viewed to infect the smartphone.  All that would be required would be for the text message to be opened.  The good news is that not only has Zimperium created patches for this problem and sent them to Google, which owns Android software, but that apparently, as of now, this vulnerability has not yet been exploited by hackers.  But that is it for the good news, because software patches for Android system smartphones are not distributed by Google, but by the actual phone makers, such as Samsung, LG and Huawei that use the system and the wireless carriers used by Android phone system consumers and they have not been active in providing the patch which Google has already sent to the phone makers and wireless carriers.  Although, it appears that this vulnerability has not yet been exploited by cybercriminals, it would be naive and foolish to believe that it will take long, now that the vulnerability has been uncovered for hackers to start exploiting it.

TIPS

If you have an Android system smartphone, which 79% of the world’s smartphone users do, you should contact your smartphone company and your wireless carrier to demand the security patch for your smartphone.  Meanwhile, Android users with the Hangouts app for text messaging should be particularly wary of text messages with videos attached because as soon as their phones receive the text message, their smartphone becomes infected without even opening the text message.  However, users of the Hangouts app can go to Settings and chooses SMS and make Hangouts your default SMS app and uncheck the box for “Auto-retrieve MMS.”  This will enable you to screen incoming MMS messages in order to avoid downloading malware.  Those people using the standard Messenger app would need to open the text message before their phones would become infected although, they would not have to watch the video in order for their phone to become infected.

Scam of the day – July 30, 2015 – Lafayette shooting charity scams

July 30, 2015 Posted by Steven Weisman, Esq.

It is a sad statement on life today that Louisiana Attorney General Buddy Caldwell is warning people about scams related to charities springing up in regard to the recent shootings at the Grand Theatre in Lafayette, Louisiana.  Scammers constantly turn up with phony charities whenever there is such a tragic event such as the recent shootings.  Phony charities were ready to steal the money of charitably inclined people following Hurricane Katrina and the shootings at the Sandy Hook elementary school and they are ready to steal money from people who want to help the victims of the Grand Theatre shootings and their families.

TIPS

To make sure that your charitable donations are going to where they can do the most good, make sure that any charity you wish to donate to is legitimate.  You can do this by going to www.charitynavigator.org and learn not just if the charity is a scam, but also how much of the donations to the particular charity is spent on salaries and administrative expenses rather than going to the charitable purposes of the charity.  If you are contacted by phone, email or text message from a charity, you can never be sure that the person contacting you is legitimate even if he or she uses the name of a legitimate charity.  In that case, if you are charitably inclined, your best course of action is to contact the charity directly by phone or at an email address that you know is accurate to make your donation.

Scam of the day – July 29, 2015 – FTC refunds money to victims of Yellow Pages scam

July 29, 2015 Posted by Steven Weisman, Esq.

The FTC has settled a claim against a company known as Your Yellow Book which sent out invoices to companies bearing a logo like the famous walking fingers logo used by the legitimate Yellow Pages.  The invoices indicated that they were only verifying or updating an already existing business relationship when in fact there was no prior business relationship and no prior contract for a listing in the Your Yellow Book’s online business directory, which had no relationship with the legitimate Yellow Pages.  Many people paid the invoices that ranged up to $487 not realizing that the bill was a total misrepresentation.  Two of the people involved in Your Yellow Book, Brandie Law and Robert Law had previously been involved with similar actions in 2011 and 2012.  The FTC is now, through a claims administrator mailing more than 3,133 checks to victims of this scam.  For more information about these refunds go to the tab at the top of the page marked “FTC Scam Refunds.”

TIPS

If you were a victim of this scam and have not yet received your check, click on the tab at the top of this page marked “FTC Scam Refunds” for information as to how to claim your refund.  However, everyone else should take a lesson from this common scam and never pay an invoice merely because you get what appears to be a legitimate looking bill until you have confirmed that the bill is indeed legitimate and that you or your company actually received the services for which you are billed.  This particular scam is both simple and effective so it is up to you to be on the lookout for it.

Scam of the day – July 28, 2015 – Lottery security chief convicted of rigging lottery

July 28, 2015 Posted by Steven Weisman, Esq.

Last week, Eddie Tipton, the former security director of the Multi-State Lottery Association was convicted of electronically rigging the Iowa Hot Lotto game enabling him to buy the winning 16.5 million dollar ticket.  The jury believed the evidence that indicated that Tipton used a  portable USB drive to install malware on to the computer that picked the winning number.  The computer is not accessible to the Internet in order to prevent tampering and only four people including Tipton had access to the room where the computer was housed.  The closed circuit camera that recorded activity in the room had been wiped clean.  In addition, the sophisticated malware used by Tipton was self-deleting and left utterly no trace on the lottery computer.  However, despite the lack of either photographic evidence showing Tipton actually tampering with the computer or evidence of the precise malware used, after a week’s deliberations, the jury found Tipton guilty of two counts of fraud and he is facing a potential prison sentence of ten years.

TIPS

No computer system is foolproof, however this case does highlight vulnerabilities in the computer security systems used to protect the honesty of state sponsored lotteries.  Hopefully, not just Iowa, but other states using similar systems will revisit their own security systems to make sure that they are as strong as they can be.

Scam of the day – July 27, 2015 – Medical Informatics Engineering hacked

July 27, 2015 Posted by Steven Weisman, Esq.

Although the name Medical Informatics Engineering MIE or even its cloud service NoMoreClipBoard may not be familiar to you, it should be.  The company operates more than 300 medical centers in 38 states.  On May 26th it discovered that it had been hacked since May 7th.  Unfortunately the personal information compromised in the data breach was very significant including names, telephone numbers, mailing addresses, usernames, password security questions and answers, spousal information, email addresses, birth dates, Social Security numbers, health insurance policy information and more all of which puts the victims of the data breach in serious jeopardy of traditional and medical identity theft.  The company started notifying affected victims whose personal information was hacked by traditional mail in June and July.  For a list of the medical facility clients of Medical Informatics Engineering, go to the list contained in this press release of MIE. http://www.businesswire.com/news/home/20150724005450/en/Medical-Informatics-Engineering-Updates-Notice-Individuals-Data#.VbQtVZWh3X4

TIPS

If you are concerned that you might have been a victim of this data breach, call MIE’s toll-free hotline at 866-328-1987.  You should also carefully monitor all of your financial accounts and check your medical records to make sure that someone has not accessed your health insurance and made you a victim of medical identity theft.  You should also put a credit freeze on your credit report.  You can find out how to put a credit freeze on your credit report by going to the Archives of Scamicide.  Be wary of any emails that you receive purporting to be from MIE because you can expect identity thieves to be sending out these as phishing email posing as MIE seeking to have you provide personal information or click on links containing malware.

Scam of the day – July 26, 2015 – Darkode cybercrime forum busted

July 26, 2015 Posted by Steven Weisman, Esq.

Hackers and identity thieves use underground Internet forums to buy, sell and trade malware, botnets, and information to commit cybercrimes around the globe.  Recently the Justice Department announced the dismantling of perhaps the most prominent of the approximately 800 criminal forums, Darkode and the arrest of twelve of its principals.  Among the charged defendants is the primary administrator of Darkode, 27 year old Johan Anders Gudmonds of Sweden.  An important aspect of this action against Darkode was that it represented the joint efforts of a coalition of law enforcement from 20 countries, which represents the largest coordinated international law enforcement effort ever brought against cybercriminals.

Darkode was a password-protected forum where cybercriminals would buy, sell, trade and share information, ideas and malware.  In order to become a member of Darkode, a criminal would first have to be recommended by a present member of Darkcode and would have to prove that he or she would bring new skills or products to the group.  In addition, prospective members  had to go through an extensive vetting process.

TIPS

One of the key elements of Darkode and many other illegal cybercriminal enterprises is the use of botnets or infected zombie computers to spread the malware and avoid detection.  Cybercriminals would take over the computers of unwary individuals and use their computers to remotely send out their malware to their targets, such as banks or other commercial enterprises.  Many of you may actually be part of a botnet without knowing it.  Most people become part of a botnet when they unwittingly download the malware that permits the cybercriminal to remotely take over the victim’s computer.  Usually this is done through phishing emails in which the victim is lured into clicking on a link infected with the malware.  Even if you have the most up to date anti-malware software, you may be vulnerable because it generally takes the security software companies at least a month to catch up to the latest strains of malware.  So the lesson to us all is one I am constantly preaching, namely never click on any link or download any attachment until you have verified that it is legitimate.  Merely because it may be sent from a friend of yours does not mean that you can trust it.  Your friend’s email account may have been taken over by a hacker or your friend is unwittingly passing on malware without even knowing it.  Trust me, you can’t trust anyone.