Scam of the day – September 24, 2017 – New Netflix phishing scam

The popularity of Netflix makes it a preferred subject for phishing emails sent to people appearing to come from Netflix in which you are told you need to update your credit card information or asking for other personal information.  Reproduced below is a copy of an email presently being circulated.  It looks legitimate, but it is easy to counterfeit the Netflix logo and make the email appear to be legitimate when it is not.  Two things can happen if you click on the link in the email.  Either you will be directed to a phony but legitimate looking website where you will be prompted to input your credit card information and thereby turn it over to an identity thief or, even worse, merely by clicking on the link, you will download keystroke logging malware that can steal all of the information from your computer and use it to make you a victim of identity theft.

netflix phising.jpg

TIPS

As I always say, “trust me, you can’t trust anyone.”  You can never be truly sure when you receive an email seeking personal information such as your credit card number whether or not the email is a scam.  The risk of clicking on a link or providing the requested information is just too high. Instead, if you think that the email might be legitimate, you should contact the company at a telephone number that you know is legitimate and find out whether or not the email was a scam.

Often telltale signs of a phishing email scam is when the email address of the sender is that of a private individual rather than the company purporting to be sending the email. This is due to the email being sent through a botnet of hijacked computers.  Poor grammar is another indication of a phishing email.  This often occurs because the scam may originate in a country where English is not the primary lanugage.

As for Netflix in particular, it will never ask in an email for any of your personal information so anytime you get an email purportedly from Netflix asking for your credit card number, Social Security number or any other personal information, it is a scam.  Here is a link to Netflix’s security page for information about staying secure in regard to your Netflix account.  https://help.netflix.com/en/node/13243

Subscribers to Scamicide should go to the www.scamicide.com website to see the reproduction of the actual email.  It doesn’t appear in the email sent to subscribers.

Scam of the day – September 23, 2017 – Massachusetts Attorney General sues Equifax

Massachusetts Attorney General Maura Healey became the first state attorney general to sue Equifax in regard to the recent massive data breach.  Specifically, the lawsuit accuses Equifax of not properly updating its Apache Struts software with security patches for vulnerabilities that were exploited by the hackers although the patches were available months before the data breach.  The lawsuit also accuses Equifax with a failure to promptly notify victims of the data breach in a timely fashion and failing to encrypt data.

The lawsuit seeks civil penalties and other financial penalties.   I expect numerous other state attorneys general to also sue Equifax in the days ahead.

TIPS

I will keep you informed as to developments in this case as well as the multiple class actions that have been filed privately against Equifax in regard to the data breach and let you know what you may need to do to obtain compensation related to the data breach.  In the meantime, if you have not already done so you should freeze your credit at each of the three credit reporting agencies and sign up for Equifax’s free identity protection services which are being offered for one year.

Scam of the day – September 22, 2017 – SEC discloses data breach

Two days ago, the Securities and Exchange Commission disclosed that its EDGAR filing system used by companies to file both public and confidential information was hacked and that the hacking “may have provided the basis for illicit gain through trading.”  Hacking to obtain inside information for purposes of stock trading has become a new concern, most notably in the case of American and Ukrainian hackers who hacked into public relations companies Business Wire and PR Newswire to get press releases dealing with corporate profits and losses before the information was made public.  The hackers were caught and convicted.

What is particularly disturbing about the SEC data breach is that vulnerabilities in the SEC’s information security systems were identified by the Government Accountability Office two years ago and recommendations were made to improve the systems, however, many of those critical recommendations still have not been implemented leaving the integrity of our financial system in serious jeopardy.

In addition, the system not only is vulnerable to data being stolen, but even data being changed or manipulated which also could have a devastating effect on our financial system.

TIPS

The SEC should immediately implement the GAO recommendations previously ignored dealing with protecting its network boundaries from possible intrusions, identifying and authenticating users, authorizing access to resources, auditing and monitoring actions taken on its systems and network and most importantly encrypting sensitive information while it is being transmitted.  In addition the SEC should immediately act to follow up on fifteen new security deficiencies identified by the GAO this past summer dealing with its information systems.

Concerned citizens should consider contacting their senators and congressmen to urge them to act in this matter.  The integrity of our financial system is in jeopardy.

Scam of the day – September 21, 2017 – Flood insurance robocall scam

According to the Federal Emergency Management Agency (FEMA), scammers continue to target the victims of recent hurricanes Harvey and Irma through robocalls in which people receiving the calls are being told that their flood insurance premiums are overdue and that they must pay the scammers immediately to avoid loss of insurance coverage.

TIPS

You can never be sure whenever you receive a phone call whether or not the person calling you is legitimate and even if your Caller ID indicates that the call is from a legitimate source, your Caller ID can be tricked through a technique called spoofing to make the call appear authentic when it is not.  In this instance, if you receive such a call and wish to confirm whether or not it is legitimate, the best course of action is to contact your insurance agent or your insurance company directly at telephone numbers that you know are legitimate.  If you have a flood insurance policy with the National Flood Insurance Program (NFIP Direct) you can reach them at 800-638-6620.

Scam of the day – September 20, 2017 – Freedom from Equifax Exploitation Act introduced in the Senate

In the wake of the Equifax data breach, Senators Elizabeth Warren of Massachusetts and Brian Schatz of Hawaii have introduced legislation in the United States Senate entitled the Freedom from Equifax Exploitation Act or FREE Act.  Someone was obviously pretty adept when coming up with this acronym.

If passed, the bill would create a federal standard for credit freezes and require that they be able to be done and lifted at no cost to consumers at any time.  It also would require consumers to be refunded any charges incurred in freezing their credit reports at the other credit reporting agencies in response to the Equifax breach.  In addition it provides for consumers to receive more free copies of their credit reports.

TIPS

Here is a link to the full bill.

https://www.warren.senate.gov/files/documents/2017_09_15_Freedom_from_Equifax_Exploitation_Act_Text.pdf

If you support this bill, you should contact your Senators.    Here is a link for doing so.

https://www.senate.gov/reference/common/faq/How_to_correspond_senators.htm

Presently this bill stands little chance of passage, however if the public is heard, hopefully the laws will change to better protect our privacy and security in regard to credit reports.

Scam of the day – September 18, 2017 – Update on Equifax class actions

The fallout from the huge data breach at Equifax affecting 143 million Americans continues.  Senators Orrin Hatch and Ron Wyden of the Senate Committee on Finance have sent requests to Equifax for detailed information about the data breach.  In addition, the number of class actions filed against Equifax related to the data breach is now up to twenty three.

Class actions are lawsuits brought by a few individuals on behalf of many others similarly situated.  It is an effective way for consumers to seek redress from companies and the lawyers are paid on a contingency basis so there are no out of pocket expenses to the people who make up the class of harmed individuals.  Once the cases have been certified by the judges hearing the cases as appropriate  for class action status a federal panel will be convened to join the cases into a single lawsuit on behalf of all of the victims.  At that time there will be, most likely, a negotiated settlement, but if one cannot be reached, a trial will occur.   Generally in class actions, class members have the opportunity to either opt in or opt out of the class action, in which case they could bring their own individual lawsuits, although this is rarely productive.

TIPS

I will keep you informed as to the progress of the class actions so that you will be able to make intelligent decisions as to what to do in your own particular case in this matter.

Meanwhile it is imperative, if you have not already done so that you get copies of your credit reports from each of the three major credit reporting agencies and that you freeze your credit at each of the three major credit reporting agencies.

You can get your free copies of your credit reports by using this link.

https://www.annualcreditreport.com/index.action

Here are links to each of the credit reporting agencies for information about how to put a credit freeze on your credit reports: 

Scam of the day – September 17, 2017 – Scammers attempting to exploit Equifax data breach

As I often say, things aren’t as bad as you think – they are far worse.  It is not bad enough that 143 million Americans are at heightened danger of identity theft due to the massive data breach at credit reporting agency, Equifax, but now scammers are seeing the concern of people about the data breach as an opportunity to scam them out of their money.

Scammers are contacting people by phone, email and text messages posing as Equifax claiming that they are there to help the victims of the data breach, when the truth is that the scammers merely want to lure you into providing personal information and use it to make you a victim of identity theft.   You can’t trust your Caller ID because through a technique called “spoofing” it can be manipulated to make a call from a scammer appear to be coming from Equifax.

TIPS

It is a good rule to never provide personal information of any kind to someone who calls you on the phone.  If the call appears legitimate, call the person, company or agency back at a telephone number that you know is accurate.

The same rule applies to emails and text messages you receive.  Never provide personal information until you have confirmed that the communication is legitimate.

In this case, Equifax is not contacting victims by email, phone or text messages asking for personal information or credit card information.

Scam of the day – September 16, 2017 – New Adobe security updates

In July I told you that Adobe finally announced that it will be retiring its Adobe Flash software.  However, until that time, they are issuing new security updates and if you are  user of Adobe Flash, you absolutely should install the latest security patches, such as those just released by Adobe as indicated in a link below.

Flaws in Adobe Flash have been exploited by hackers and identity thieves against individuals, companies and government agencies including the U.S. State Department and the White House.  In 2010 Steve Jobs vociferously complained about its security and it has routinely been cited as being extremely vulnerable.  Despite security patch after security patch, new problems keep coming up.  According to security company, Symantec in 2015 80% of the newly discovered software vulnerabilities which can be exploited by malware created by cybercriminals involved Adobe Flash.

Microsoft already blocks Adobe Flash by default in its Edge browser due to security concerns.  Microsoft also blocks outdated versions of Adobe Flash from running in Internet Explorer on Windows 7.  If you use Windows 8.1, Windows 10 or Windows Server 2012R2, this will not affect you because these systems automatically install Adobe Flash security patches.  In addition, to Microsoft Google, Apple and Mozilla block Adobe Flash.   Apple has blocked Adobe Flash from iPhones since 2010.  If you have not already switched to alternative software to Adobe Flash, now is a good time to do so.

TIPS

If you are going to continue to use Adobe Flash, it is imperative that you update your software with the latest security patches when they are issued and here at Scamicide, we will inform you about security patches for Adobe Flash as soon as they are issued.

Here is a link to the latest security patches for Adobe Flash that have just been issued.

https://www.us-cert.gov/ncas/current-activity/2017/09/12/Adobe-Releases-Security-Updates

However, it may well be time for you to replace Adobe Flash to avoid future problems.

Here is a link to a website with alternative plugins you may wish to consider to replace Adobe Flash.

http://alternativeto.net/software/flash-player/

Scam of the day – September 15, 2017 – The importance of updating your software

I am constantly preaching about the importance of not using outdated software which is not updated with the latest security patches, such as we saw as the basis for the WannaCry ransomware attack which exploited vulnerabilities in the Windows XP operating system, which Micosoft had long ago stopped supporting with security updates.

It is important to update all of your software with security patches as soon as they become available.  Equifax has recently confirmed that the vulnerability exploited by hackers in its recent massive data breach was in the Apache Struts software used for developing apps.  The specific vulnerability was designated as CVE-2017-5768.  The problem is that this vulnerability was first exploited by hackers against Equifax in May while a security patch was made available as shown here this security update in March.  https://nvd.nist.gov/vuln/detail/CVE-2017-5638

If Equifax had been prompt in its updating of its Apache Struts software, it could have avoided this data breach.

TIPS

The lesson is clear.  Update all of your software programs as soon as security patches are available and whenever possible, make the updating of security patches automatic so you don’t even have to take any specific action yourself to make sure that you are operating the most safe and secure versions of your software.