Scam of the day – April 25, 2017 – Latest security updates from the Department of Homeland Security

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  This has been a particular busy week for security updates.  These new updates from the Department of Homeland Security includes critical updates for Google Chrome, Mozilla Firefox and Amazon Fire.


Here is a  link to a list of all of the recent security updates as posted by the Department of Homeland Security:

Scam of the day – April 24, 2017 – FTC shuts down NutriMost Ultimate Fat loss System

The FTC settled deceptive marketing claims against the companies selling the NutriMost Ultimate Fat Loss System, which since 2012 had claimed it had used new technology that would enable people using the system to lose forty pounds or more in forty days.  Unfortunately, there was no scientific support for these representations.  Customers were also not told until it was too late that the system required them to follow a very restrictive diet of less than 500 calories per day.  Under the terms of the settlement, which is filed with the Federal Court for Western Pennsylvania, the defendants are required to refund two million dollars to defrauded consumers.  I will continue to follow this story and as more information becomes available as to how to claim a refund if you were a victim of this scam, I will let you know.


The truth is that there are no quick fixes when it comes to weight loss and you should be wary of any product that promises you can lose tremendous amounts of weight quickly, particularly those that claim to be able to do this without dieting or exercise.  You should also be wary of any weight loss product that is sold exclusively either over the Internet or through mail-order advertisements.  It is also important to remember that no cream that you rub in your skin can help you lose substantial weight and no product can block the absorption of fat or calories.  The best course of action if you are seeking to lose weight is to ask your physician about the effectiveness of a particular weight loss product or program before you reduce your wallet in an effort to reduce your waistline.

Scam of the day – April 23, 2017 – Update on Western Union FTC settlement

As I first reported to you in January, Western Union, which provides money wiring services around the world settled fraud charges brought by the Federal Trade Commission, the Justice Department and a number of states’ Attorneys General.  Under the terms of the settlement which was achieved through a Deferred Prosecution Agreement, Western Union will pay 586 million dollars to be used to reimburse victims of the various scams operated by Western Union in conjunction with scammers around the world who used the services of Western Union to scam victims out of money and also to illegally launder funds.

Wiring money has long been a favored manner for scammers to request payment in a wide variety of scams because of the difficulty of tracing or retrieving the funds once they have been wired.

Among the scams uncovered by prosecutors were scams in which the scammers posed as family members of their victims desperately in need of money, phony lotteries and phony job opportunities.

Under the Deferred Prosecution Agreement, Western Union admits its guilt, but will not be prosecuted if they comply with a number of required changes in how they do business as well as pay the 586 million dollar forfeiture.


Because wiring of funds is such a favorite method for scammers to seek to be paid, you should always be a bit skeptical when you are asked, as a part of any business dealing to wire funds.

If you were a victim of a scam in which funds were wired through Western Union between January 1, 2014 and January 19, 2017, you may be eligible for reimbursement through the forfeited funds Western Union is paying to settle this matter.   The Department of Justice is handling the refund process and be verifying all claims before it will start sending refunds. This may take up to a year.  For specific information about making a claim, go to where you can find information about how and when to make a claim.

April 22, 2017 – Steve Weisman’s latest column for USA Today

We all know that identity theft is a huge problem, but do identity theft protection services really help protect you?  That was the subject of a recent GAO study as well as my column from today’s edition of USA Today.

Scam of the day – April 22, 2017 – Russian cybercriminal sentenced to 27 years in prison

In a stunning development, Russian citizen Roman Seleznev, the son of a Russian legislator close to Vladimir Putin, was sentenced to 27 years in prison for being the mastermind behind massive credit card hacking attacks in which he stole millions of credit card numbers and sold them on the Dark Web to other cybercriminals.  Prosecutors estimated that the financial loss due to Seleznev’s crimes were a minimum of 170 million dollars and could be as high as a billion dollars.  Seleznev’s crimes were made easier by the predominant use of magnetic strip credit cards at the time he was committing his crimes rather than the harder to steal chip credit cards largely now used.

Russian hackers dominate much of international cybercrime, but are permitted to commit their crimes with impunity in Russia so long as they do not attack Russian targets.  In addition, Russia does not extradite indicted Russian hackers.  Seleznev was arrested when he made the mistake of taking a vacation in the Maldives in 2014 where he was arrested with the help of Maldivian police and turned over to American authorities.


International cooperation is an essential element in combating cybercrimes.  Much of the world is beginning to cooperate in this endeavor, but the absence of Russia in this effort is notable.

As for all of us as consumers, the best things we can do are to be vigilant and follow the precautions we constantly tell you about here at, such as using your chip credit card whenever possible and refraining from using your debit card except at ATMs.

Scam of the day – April 21, 2017 – Holiday Inn, Crown Plaza and others hit by massive data breach

InterContinental Hotels Group which operates Holiday Inn, Crown Plaza, Hotel Indigo, Candlewood Suites and Staybridge Suites hotels has announced that they suffered a data breach at an estimated 1,175 of their hotels.  The hacking of their credit card processing systems at these hotels occurred between September 29, 2016 and December 29, 2016 and was discovered in December by credit card processing banks who uncovered a pattern of fraud that was able to be traced back to the affected hotels.  I first reported to you about this in February.

InterContinental Hotels is just the latest hotel chain to disclose that it had been hacked by cybercriminals stealing credit card and debit card information, joining Kimpton Hotels, Marriot Hotels, Hyatt Hotels, Trump Hotels, Hilton, Mandarin Oriental and White Lodging which all suffered data breaches during the past year.  Trump Hotels was hacked twice in the last year.

InterContinental is offering an interactive website where you can look up if you stayed at one of the affected hotels.  Here is a link to that website:

It is not known yet whether the data breach is related to the hacking by the Russian organized crime group Carbanak, that, as reported recently by Brian Krebs managed to install malware into the credit and debit card processing equipment manufactured by MICROS used in hotels around the world.

The primary reasons for the continuing problem of data breaches at hotel chains are the weak cybersecurity of many hotel chains coupled with these companies still using credit card and debit card processors for cards with magnetic strips rather than the safer smart EMV chip cards.  Regulations effective October 1, 2015  mandated credit card issuers and retailers switch over to the new smart EMV chip cards or risk increased legal liability, but unfortunately, many companies have been slow to switch to the new card processing equipment.  If smart EMV chip cards had been used at the bars and restaurants at the InterContinental hotels, the card information that was stolen would have been worthless, but since they still used the old fashioned magnetic strip cards, InterContinental and its customers face financial problems from this data breach.


Until credit card issuing companies and brick and mortar stores and businesses that take credit cards switch to the new smart EMV chip cards, this story will, as I predicted  more than a year ago, continue to occur again and again.  As for us, as consumers, the best thing we can do is to refrain from using our debit cards for anything other than an ATM card because consumers whose debit card security has been breached are not protected as much as when a credit card is used for fraudulent purchases.  In addition, if you do not already have a new smart EMV chip card, you should demand one from your credit card company.  You also should regularly monitor your credit card statements for indications of fraudulent use.

Scam of the day – April 20, 2017 – Aaron Hernandez death scams

It is a sad fact of life that the deaths of famous people, such as the suicide yesterday of former N.E. Patriots player  and convicted murderer Aaron Hernandez, particularly when they occur unexpectedly, as is the case with Hernandez, are exploited by scammers seeking to lure curious unwary people to dangerous websites or  to click on links containing malware.  It is important to never click on links in text messages or emails unless you have absolutely confirmed that they are legitimate because they may contain keystroke logging malware that can steal all of the information from your computer, laptop, smartphone or other device and use that information to make you a victim of identity theft.  In addition, a particularly insidious type of malware can be installed on your computer or other device merely by going to an infected website.  Therefore as tempting as it may be for some people to respond to emails, social media posts or other communications promising unseen videos or photographs of Aaron Hernandez’ last moments, you should avoid clicking on those links and going to websites promising this information.  If you want reliable information, particularly in this era of fake news, you should stay with legitimate news websites.

In addition, it is important to point out that even if you have the most up to date versions of anti-malware security software on your computer and other devices, you will always be at least thirty days behind the newest malware.  It takes that long for the security software companies to come up with new security software to combat newly discovered computer vulnerabilities, sometimes referred to as “zero day” exploits.


These types of scams, capitalizing on the deaths of celebrities, such as Prince, Whitney Houston, Michael Jackson, Paul Walker and Robin Williams have become far too common and predictable.  Don’t be a victim of these scams.  Never click on links in emails or text messages promising you photographs, videos or even new information about events such as these and don’t even go to websites with which you may be unfamiliar to find such information because your computer may get infected merely by going to the website without clicking on any links.  For reliable information, limit your searches to reliable sources.

Scam of the day – April 19, 2017 – Phony Nintendo Switch emulator scam

The recently launched Nintendo Switch is the latest video game console released by Nintendo.  Software emulators for the Nintendo Switch are being offered online in many places including YouTube where thousands of videos can be found offering Nintendo Switch emulators.  Emulators permit someone to play console-only games on their portable devices such as their smartphones or tablets.  Nintendo does not make such an emulator.  People going to one of these phony Nintendo Switch emulator websites are generally directed to a survey that they must complete in order to receive the code necessary to use the offered emulator, however, this is a scam and while completing the survey provides the scammers with rewards because they are paid by marketers for each completed survey they supply, the person trying to get the emulator ends up with nothing.  Even worse is the very real possibility that someone downloading attachments for what they think is a Nintendo Switch emulator will be downloading malware that can either lead to identity theft or ransomware malware.

The phony Nintendo Switch emulator scam was uncovered by Symantec, a security company.


There presently is no emulator for the Nintendo Switch, so any online offer of one at this time is a scam.  Being directed to a survey when you are attempting to locate something free on the Internet is always a source of concern for while there are legitimate surveys that will provide you something in return, such as a chance at winning a gift card, many of these surveys are scams providing nothing in return.  Finally, as always never click on links or download attachments unless you have absolutely confirmed that the link or download is legitimate.  The risk of downloading dangerous malware is too great.

Scam of the day – April 18, 2017 – New study about seniors and susceptibility to scams

A recently released  preliminary study by researchers at Cornell University published in the Journals of Gerontology concluded that naturally occurring changes in the brains of older people makes them vulnerable to financial exploitation.  The changes noted were in a part of the brain that alert us when facing a risky situation as well as another part of the brain that controls the ability to read social cues.  This deterioration of the brain can and is exploited by scammers to swindle older people.

A previous study by the University of Iowa also found changes in another part of the brain during aging that controls belief and doubt that would make older people less skeptical and therefore more likely to be a scam victim.

According to a study by the MetLife Mature Market Institute the cost of financial exploitation of the elderly is approximately 3 billion dollars annually.


If you have an elderly family member who may be undergoing a decline in mental acuity, it is important to take specific steps to help prevent them from becoming a victim of financial exploitation.  First, it is important to recognize that many elderly victims of financial exploitation are victimized by their own family members or caregivers.  Keeping personal financial information and account information safe and secure is an important first step to take.  It is also important to regularly monitor the accounts of seniors.  Limits on access to funds such as through debit cards that can be customized to monitor spending, block certain types of transactions and set spending limits can be useful to some people.

Scam of the day – April 17, 2017 – PayPal phishing scam

PayPal is a popular payment service used by many people particularly with eBay.  Therefore it can seem plausible when you receive an email that purports to come from PayPal asking you to clear up an undisclosed problem with your account.  However, anyone responding to the email copied below would either end up providing personal information to an identity thief or merely by clicking on the link could download keystroke logging malware that will steal the information from your computer and use it to make you a victim of identity theft.  DO NOT CLICK ON THE LINK.

This particular phishing email is not particularly sophisticated. Although it came with what appears to be a legitimate PayPal logo, that logo is easy to counterfeit.  More importantly It came from an email address of a private person rather than that of PayPal.  The address used, most likely, is that of someone whose email account and computer was hacked in order for the identity thief to send out these phishing emails in mass quantities through a botnet. It also is not directed to you personally as PayPal would do with all of its legitimate communications which is an indication that this is a phishing scam.   Additionally, the salutation is spelled incorrectly where it reads “Dear Costumer.”


The primary question we all face when we receive such an email asking for personal information or urging us to click on a link is how do we know whether to trust the email or not.  The answer is, as I always say, trust me, you can’t trust anyone.  Regardless of how legitimate such emails appear, you should not provide any personal information or click on any links until you have independently verified by phone call or email to an email address that you know is accurate that the request for personal information is legitimate.  In the case of PayPal, if you have a question about your account, you can contact PayPal online here