Scam of the day – July 28, 2014 – Malaysia becoming a scam center

July 28, 2014 Posted by Steven Weisman, Esq.

Recently Malaysia has become a major hub for scams, most prominently romance scams in which the scam artist, the only criminal we refer to as an artist, contacts the victim on a legitimate dating website, such as Match.com and starts an online relationship with the victim that soon progresses to a plea for money.  It has been estimated that the total cost of Malaysian cybercrime last year was 300 million dollars with romance scams being one of the most prominent of the scams perpetrated.  Two American women, in particular each was swindled out of more than $250,000.  The scammers are quite often from Nigeria or Ghana, but come to Malaysia because it is easy to get a student visa, the country has a sophisticated computerized banking system and the Internet infrastructure is strong.  This creates a perfect storm for scammers.  Often the scammers pose online as American, Canadian, Australian or British nationals who are in Malaysia for business.

TIPS

There are many red flags to help you identify romance scams.  The most important thing to remember is to always be skeptical of anyone who falls in love with you quickly online without ever meeting you and early into the relationship needs you to wire money.  Here are a few other things to look for to help identify a romance scam.  Often their profile picture is stolen from a modeling website on the Internet.  If the picture looks too professional and the person looks too much like a model, you should be wary.  Particular phrases, such as “Remember the distance or color does not matter, but love matters a lot in life” is a phrase that turns up in many romance scam emails.  Also be on the lookout for bad spelling and grammar as many of the romance scammers claim to be Americans, but are actually foreigners lying about where they are and who they are.  Of course you should be particularly concerned if someone falls in love with you almost immediately.  Often they will ask you to use a webcam, but will not use one themselves.  This is another red flag.  One thing you may do is ask them to take a picture of themselves holding up a sign with their name on it.  In addition, ask for a number of pictures because generally when the scammers are stealing pictures of models from websites, they do not have many photographs. Ask for the picture to be at a particular place that you designate to further test them.  In particular be wary of  requests for money to assist your new “friend” out of difficult situation, which may be a false arrest, a car accident, an illness, injury or other emergency.

Scam of the day – July 27, 2014 – Senate holds hearings on the Grandparent scam

July 27, 2014 Posted by Steven Weisman, Esq.

Recently the Senate Special Committee on Aging held a hearing on the infamous Grandparent scam, which occurs when a scammer calls an elderly person posing as their grandchild who has been involved in some sort of emergency and needs the grandparent to wire money to them right away.  One 81 year old witness at the hearing spoke about receiving a call late at night from someone purporting to be his grandson who needed bail money after being arrested on a drug charge.  In response to the call, the witness testified how he purchased a  $7,000 prepaid money card and then provided the money card information to the scammer who has never been heard from again.  It was only afterwards that the witness was able to reach his grandson on his cell phone to learn that the entire matter had been a scam.

The Senate Special Committee on Aging has in recent years focused much attention on scams preying upon older Americans, such as the Jamaican lottery scam, income tax scams, Social Security scams and Medicare fraud.

TIPS

Never wire money unless you are absolutely sure about to whom you are wiring the money and it is not a scam.  If a claim about a medical or legal emergency is made, contact the hospital or legal authorities in the area to confirm that the information is accurate.  Make sure that you have the cell phone numbers of your grandchild as well as  anyone with whom your child or grandchild is traveling so you can confirm any calls claiming that an emergency has arisen.  Call the child directly on his or her cell phone to confirm the story.  Students traveling abroad should register with the State Department’s Smart Traveler Enrollment Program at https://travelregistration.state.gov/ibrs/ui/.  This program can help with communications in an emergency situation.

Scam of the day – July 26, 2014 – Immigrant children charity scam

July 26, 2014 Posted by Steven Weisman, Esq.

The plight of children from Central America pouring into America has caught the attention of many people as the government is working to both enforce our immigration laws while showing compassion for these children.  Times like this bring out the best in many people and there are a number of charities including, most prominently, Catholic Charities USA that are providing humanitarian assistance to these children in need.  Unfortunately, scammers are also taking advantage of the situation by either appealing to people through phony charities or by telephoning people pretending to be representing legitimate charities.  In both cases, the money you contribute goes to a scammer’s pocket and not to help needy children.

TIPS

Phony charities often have names that sound very similar to legitimate charities so don’t give to a charity unless you are sure that it is legitimate.  A good place to go to find out if a charity is legitimate as well as to learn how much of your contribution will go to the charity’s charitable purposes and how much goes to its own salaries and administrative expenses is www.charitynavigator.org.  As for telemarketing charitable solicitations, even if you are enrolled in the Do Not Call List, charities are allowed to call you, however, whenever you get a call, you can never be sure who is on the other end of the line so you should never make a charitable donation over the phone to someone who has called you.  If you are inclined to give a donation in response to such a call, go to the charities website or call them at a number that you know is correct in order to make your contribution.

Scam of the day – July 25, 2014 – Important security updates for Java and other software

July 24, 2014 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always identifying and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates provide critical security updates for a number of important software programs which we all use which if not used will put you in serious jeopardy of identity theft and being hacked.  In particular, this round of security updates provides important security updates for Java software.  Java has been a favorite target of scammers and identity thieves so much that the Department of Homeland Security has even advised people who don’t have to use Java, to disable it.  For more information about Java software I suggest you check out earlier Scams of the day that dealt with Java problems.  You can find these in the Scamicide archives.

TIPS

Here is a link to the latest security alert and updates as issued by the United States Department of Homeland Security: https://www.us-cert.gov/ncas/bulletins/SB14-202

Scam of the day – July 24, 2014 – StubHub hacking – what it means to you

July 24, 2014 Posted by Steven Weisman, Esq.

Six people including both Russian and American citizens were indicted yesterday in New York for hacking into 1,600 StubHub accounts and stealing more than 1.6 million dollars in tickets.  StubHub is a website where people can buy and sell sports and entertainment tickets.  Although the accounts hacked were StubHub accounts, it appears the fault was not that of StubHub, but rather of individual StubHub customers whose passwords and user names were obtained through hacking of other companies or through the use of keystroke logging malware programs unwittingly downloaded, most likely through phishing emails to the victimized consumers.

TIPS

For those people who used the same user name and password for all of their accounts, this hacking is another example of why you should not do so.  Using the same user name and password puts you in danger in all of your online accounts if merely one of your online accounts is hacked.  The better course of action is to use a different user name and password for every account that you use.  Although this may seem like a complicated thing to do, it need not be so.  Just adding a couple of letters describing the account to your password can provide you with much added security.  So for example if you used the basic, safe password of “IHatePasswords123!” which is a strong password and then added a few letters to describe the particular account such as a StubHub password of “IHatePasswords123!StubHb” you would have a difficult to break, but easy to remember password. As for protecting yourself from downloading keystroke logging malware by which you unknowingly download malware that provides access to all of the personal information on your computer the key thing to remember is to never click on a link or download an attachment unless you are absolutely positive that it is legitimate and you have independently confirmed its legitimacy.  Also, you should maintain your anti-malware and anti-virus software up to date with the latest security patches.

Scam of the day – July 23, 2014 – New data breach at Goodwill Industries

July 23, 2014 Posted by Steven Weisman, Esq.

Most people are familiar with Goodwill Industries, a network of agencies that sell donated clothing and household items at their stores around the country and use the proceeds of the sales to pay for job training and other community service programs.  The parent organization, Goodwill Industries International, Inc. has just announced that it is investigating a data breach involving credit cards and debit cards used to make purchases at Goodwill stores around the country.  They are not confirming that a breach has occurred, but that is only because as was the exact same situation with the recent data breach at P.F. Chang’s and a number of other massive data breaches in the last year, they have not discovered the breach yet.  It occurred.  Their computers have been hacked and data stolen.  The data breach was uncovered by banks who monitor fraudulent credit card use and as with the breach at P.F. Chang’s and others, the banks noted that a common denominator for the fraudulent card use was, in this case, that the cards had been used recently at Goodwill Industries.  You can expect a confirmation by Goodwill shortly.  It appears that the breach occurred at Goodwill stores in at least 21 states including California and New Jersey.  It is not known yet how the data breach was accomplished.

TIPS

No one should use a debit card for retail purchases because the consumer protection laws regarding fraudulent use of the debit card are not as favorable to the consumer as the laws relating to fraudulent use of a credit card.  Additionally, even if you discover that your debit card has been fraudulently used immediately, your account will be closed pending an investigation of the fraudulent use which can tremendously inconvenience you.  If you have used a credit card or debit card at a Goodwill store going back as far as June of 2013 you should monitor your account closely for indications of fraud.

This case also is another indication of the immediate need for the United States to catch up with the rest of the world and start using smart credit cards with computer chips that would eliminate this type of fraud.  Present regulations do not provide an incentive for retailers to use these cards until October of 2015 although some companies like Target, having been already harmed are speeding up the process.

As for we, the public, this is just another reminder that regardless of how careful you are in protecting your financial information, you are only as safe as the places with which you do business that have the worst security systems.

Scam of the day – July 22, 2014 – Malaysian Airliner Flight MH 17 scams

July 22, 2014 Posted by Steven Weisman, Esq.

With the world’s attention focused on the recent  shooting down of Malaysian Airlines Flight MH 17 over the Ukraine, it was inevitable that identity thieves and scammers would soon be exploiting this event toward their own criminal goals and that is just what is already happening.  There are a variety of scams that have sprung up that are using the shooting down of the airplane as a hook to scam members of the public.  One scam involves phony charities that are asking for donations for the benefit of the victims of the missile attack only to steal all of the donations.  Another scam involves emails, text messages or communications on social media, such as Facebook that promise startling video of the event.  One message reads “Video Camera Caught the moment plane MH17 Crash over Ukraine.  Watch here the video of Crash.”  If your curiosity gets the better of you and you click on the link to view the video, you may unwittingly download a keystroke logging malware program that will steal all of your personal information from your computer and make you a victim of identity theft.

TIPS

You should never give to a charity until you  have confirmed that it is legitimate.  Go to www.charitynavigator.org where you can not only find out whether or not the charity is legitimate, but also how much of your donation goes toward charitable purposes and how much goes to administrative costs and salaries.

As I always warn you, you should never click on any link in any email, text message, social media or other communication unless you are absolutely sure that it is legitimate.  In this case, the particular language that I reported above that is used to lure people to download malware is written in broken English and could be an indication that the source is a foreign scammer or identity thief.  If you must search for such video, stay with legitimate new sources such as CNN, ABC, CBS, NBC, Fox or other sources that can be trusted.

Scam of the day – July 21, 2014 – Yahoo email phishing scam

July 21, 2014 Posted by Steven Weisman, Esq.

A number of times I have written about email phishing scams that start when you receive an email that purports to be sent from AOL informing you that there is some problem with your AOL account which requires you to click on a link in order to rectify the problem.  Recently, another email server is the subject of a phishing scam.  This time it is Yahoo.  Here is a copy of an email that is presently finding its way into many people’s email boxes.  This is a phishing scam.  DO NOT CLICK ON THE LINK.  Clicking on the link will result in either your downloading a keystroke logging malware program that will steal all of the information from your computer such as your Social Security number, credit card numbers and banking information that will then be used to make you a victim of identity theft or when you click on the link you will be prompted to provide personal information that will also be used to make you a victim of identity theft.  Some phishing emails are better than others and this one was not very convincing.  The email address from which it was sent was not even a Yahoo email address.  It was the address of someone whose email had been hacked and made a part of a botnet of computers used by identity thieves to send out their phishing emails.  In addition, this email is not directed to you by name, but rather as “Yahoo user.”  As with many of these scams that often originate in foreign countries where English is a second language, the grammar is suspect as where in this email the word “responds” is used instead of the correct word “response.”

“Dear Yahoo! User

Your two incoming mails were placed on pending status due to the recent upgrade to our database, In order to receive the messages Click Here to login and wait for responds.

Customer! Mail Product Management.

Copyright © 2014 Mail! Inc. (Co. Reg.. No. 2344507D)All Rights
Reserved. Intellectual Property Rights Policy
Please do not reply to this message. Mail sent to this address cannot be answered.”

TIPS

The most important thing to remember is to never click on links in emails or download attachments unless you are absolutely sure that they are legitimate.  In this particular case, it is easy to see that it is a scam.  Additionally, you should make sure that your anti-malware and anti-virus software are installed and up to date with the latest security updates while remembering that you cannot rely on your security software because it is generally about thirty days behind the latest viruses and malware programs.

Scam of the day – July 20, 2014 – Cisco corrects router vulnerability

July 20, 2014 Posted by Steven Weisman, Esq.

Everyone is aware of our vulnerability to having our computers hacked through unwittingly downloading malware that often comes as an attachment to or a link in a phishing email that appears to be legitimate, but whose sole purpose is to lure us into downloading the malware that can steal the information from our computer and make us victims of identity theft.  However, few people are aware that hackers and identity thieves are now targeting the computers of individuals and businesses through their routers.   Cisco, one of the makers of home wireless routers has issued a security patch to remedy this problem.  As always, when security updates and patches are released, it is very important to make sure that you download and install the patches as soon as possible.

TIPS

Here is the link to the Cisco security patch as provided by the Department of Homeland Security: https://www.us-cert.gov/ncas/current-activity/2014/07/16/Cisco-Addresses-Wireless-Residential-Gateway-Vulnerability

It is important to note that other routers are also vulnerable to hackers so if you have one that is not made by Cisco, you should contact the maker of your router to learn what you can do to make its use safer.

Scam of the day – July 19, 2014 – Houston Astros hacked

July 19, 2014 Posted by Steven Weisman, Esq.

No company is safe from the danger of hacking including, as we recently learned Major League Baseball teams.  The Houston Astros were recently embarrassed to announce that their computers had been hacked by unknown hackers who released information about trade discussions involving the Astros and a number of other Major League Baseball teams including the Miami Marlins with which a trade for All-Star outfielder Giancarlo Stanton was discussed.  The hacking did not appear to be for any reason other than to expose and embarrass the management of the Astros, however that is of little consolation to employees of the Astros whose personal information can also be found in the Astros’ computers and which, if released could lead to identity theft.

TIPS

This is just another example that no entity including governmental agencies as well as private companies is safe from the danger of hacking.   A recent report by the State of New York indicated that in New York alone there were more than 900 data breaches that exposes personal and financial records of 7.3 million New Yorkers thus making them victims and potential victims of identity theft.  It is important to remember that you are only as safe as the place with the weakest security that holds your personal information so whenever possible do not provide your personal information, such as your Social Security number to everyone who asks for it.  Health care providers do not need your Social Security number although most request it.  Often the only reason that they want it is to make it easier to collect an unpaid bill from you.  The health care industry in general has done a poor job of protecting personal data from hackers.  The place to find a helping hand in protecting your data is at the end of your own arm.  Limit the places that have your personal information as best you can.  When companies request your Social Security number, offer them another identifier for example.  I recently did this with my eye doctor and the doctor agreed.  You may also want to place a credit freeze on your credit report so that even if your Social Security number and other personal information is stolen, the identity thief will not be able to access your credit report.  You can find information as to how to put a credit freeze on your credit report in the credit freeze section on the right hand side of this page.