Scam of the day – May 31, 2016 – New WhatsApp scam

May 30, 2016 Posted by Steven Weisman, Esq.

WhatsApp is a mobile messaging app for your smartphone that allows you to send text messages, photographs, videos and audio.  With more than a billion people using WhatsApp, it is not surprising that it has become attractive to scammers seeking to use its popularity to lure people into becoming scam victims.   I have reported to you for years about the various scams targeting WhatsApp users.    The most recent WhatsApp scam starts with a message that purports to be from WhatsApp offering an upgrade to a golden version of WhatsApp that it says will let you  make video calls, send up to a hundred pictures at one time and delete messages after you have sent them.   However, there is no golden version of WhatsApp and if you click on the link to upgrade your WhatsApp subscription you will end up downloading keystroke logging malware that can steal the information from your smartphone to be used to make you a victim of identity theft.

TIPS

Never click on a link in an email or text message until you have independently confirmed that it is legitimate.  The risk of downloading malware is too great.  Even if your computer or other electronic device is protected with anti-virus and anti-malware security software, the best security software is always at least thirty days behind the latest malware.  Trust me, you can’t trust anyone when it comes to clicking on links.  Even if the link is contained in a communication that appears to come from a person or company you trust, you should always verify that it is legitimate before clicking on the link.

Scam of the day – May 30, 2016 – Memorial Day scams

May 30, 2016 Posted by Steven Weisman, Esq.

As we honor our veterans today on Memorial Day, scammers take Memorial Day as just another opportunity to scam veterans and others.  In the case of Memorial Day, you can expect to be solicited by scammers by phone (remember legitimate charities can call you by phone even if you have enrolled in the Do Not Call List because it exempts charities), email or letters asking for your money for various veterans causes or charitable ventures tied to Memorial Day.

Another common scam used against veterans starts with a telephone call in which the veteran is told that in order to continue to receive various benefits, it is necessary to verify personal information such as the veteran’s birth date, Social Security number or bank account information.  Of course, the call is not from the Veterans Administration and the call is not to verify information, but rather to gain information to be used to make the veteran a victim of identity theft.

TIPS

You never know who is on the other line of a telemarketing call, so never trust them.  If you are at all interested in what they are selling or soliciting, ask them to send you written materials that you can then check out to see if it is legitimate.  When it comes to charities, a good place to go is www.charitynavigator.org where you can see if a charity is legitimate or a scam as well as actually see how much of the money they collect goes toward their charitable purposes and how much towards salaries and administrative costs.

As for calls purporting to be from the Veterans Administration, they do not call you on the phone to verify information.  If you receive such a call, you can never be sure from whom the call comes because clever identity thieves are able to use a technique called “spoofing” to make it appear on your Caller ID as if the call from the identity thief is coming from the VA.  Since you cannot ever be sure who is calling you when you receive a call asking for personal information, you should never give that information out in response to a phone call, text message or email.  Instead if you have the slightest thought that the communication may be legitimate, you should contact the real entity, in this case, the VA at a phone number that you know is accurate to inquire where you will learn that the initial contact was a scam.

Scam of the day – May 29, 2016 – North Korea tied to cyber bank robberies

May 29, 2016 Posted by Steven Weisman, Esq.

In a startling development, security researchers at Symantec and  BAE investigating the cyber bank robbery of the Central Bank of Bangladesh, about which I reported to you in March, are now saying that it appears that the cyber bank robbery was the work of North Korea.  If so, this would be the first time that a nation state used a cyber attack to steal money.

In February, cybercriminals hacked into Bangladesh’s central bank and managed to steal approximately 81 million dollars.  It appears that, as with so many types of cybercrimes, this one started with social engineering spear phishing which lured bank employees to unwittingly download the malware used by the hackers to infiltrate the bank’s computers and obtain not just the passwords and cryptographic keys used for electronic fund transfers, but also the emails of bank employees so that they could copy and adapt the emails by which they made their transfers appear legitimate. Armed with this information, the cybercriminals sent dozens of account transfer requests using the international SWIFT banking messaging service from the Bangladesh Central Bank to the Federal Reserve Bank of New York where the Bangladesh Central Bank has accounts containing billions of dollars.  The account transfer requests processed by the Federal Reserve Bank of New York electronically sent about 81 million dollars to accounts in the Philippines where the funds were transferred multiple times including transfers to Philippine casinos in an effort to launder the money.

Late last year banks in the Philippines and Vietnam also suffered similar cyber attacks.  Now cybersecurity investigators are saying that the same type of malware used in all three attacks was the same used by state sponsored North Korean hackers against South Korean banks in 2013 and Sony in 2014.

TIPS

All businesses and governmental agencies have got to do a better job at cybersecurity in general.  In particular, greater attention has to be paid to the dangers of social engineering spear phishing which has been at the root of the almost all of the major data breaches at both companies like Target and governmental agencies, such as the Office of Personnel Management.  The international banking system is under attack and although the  security of the SWIFT system itself appear not to have been breached, that is little consolation when individual banks are hacked thereby obtaining the authorizations necessary to utilize the SWIFT system to steal money.  Although SWIFT continues to say that its messaging system is secure, it is apparent that just as the individual banks need to increase their security, so does SWIFT have to recognize the security vulnerabilities that exist in banks around the world and introduce dual factor authentication and confirmation protocols in order to protect the security of the international banking system.

Scam of the day – May 28, 2016 – Latest security updates from the Department of Homeland Security

May 28, 2016 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  Today’s updates include critical updates for the Itunes as well as other Apple programs, Google Chrome, Symantec anti-virus software and Adobe Connect.

TIPS

Here is the link to a list of all of the recent security updates as posted by the Department of Homeland Security: https://www.us-cert.gov/ncas/bulletins/SB16-144

Here is the link to Google Chrome updates: https://www.us-cert.gov/ncas/current-activity/2016/05/26/Google-Releases-Security-Update-Chrome

Here is the link to the Adobe Connect updates: https://www.us-cert.gov/ncas/current-activity/2016/05/23/Adobe-Releases-Security-Update-Adobe-Connect

Scam of the day – May 27, 2016 – Guccifer pleads guilty to hacking celebrities and politicians

May 27, 2016 Posted by Steven Weisman, Esq.

Following closely on the heels of the Inspector General’s report about Hillary Clinton’s use of her personal email account for government business, yesterday Marcel Lehel Lazar, who used the alias, Guccifer, pleaded guilty to aggravated identity theft and unauthorized computer access in federal court yesterday.  As part of a plea agreement, seven other charges brought against him regarding his hacking activities were dismissed.  He will be sentenced in September.  It was Guccifer’s public leaking of emails from former Clinton adviser Sidney Blumenthal that first made public that Hillary Clinton was using a private email address of hdr22@clintonemail.com for official business.  According to prosecutors, Guccifer hacked into the email accounts of about a hundred prominent people and although the names of the victims were not made public in court documents, it has been widely reported and confirmed that among the people whose email accounts were hacked were Steve Martin, Colin Powell, George W. Bush, John Dean, Mariel Hemingway, Lorne Michaels, Carl Bernstein, Rupert Everett, Eric Idle, Whoopi Goldberg and Julian Fellowes the writer of “Downton Abbey.”  Although  Guccifer hacked into the email accounts of many  entertainers and politicians, he did not exploit his hacking targets for financial gain even though the information he obtained would have allowed him to do so.  Rather his goals, more often, appeared to be to embarrass his victims and shake the world up a bit.  Through hacking of his victims’ email accounts he gained access to and made public the final episode of Downton Abbey, months before it was aired.  He also made public embarrassing information he obtained through his hacking efforts of politicians and celebrities on both sides of the Atlantic including allegations that former Secretary of State Colin Powell had an affair with a European Parliament member, Corina Cretu.

One technique Guccifer used was to get an email address of someone, such as he did with media icon, Tina Brown, who has an extensive email address book and harvest more email addresses of the rich and famous.  He then used simple techniques to answer his victim’s security question and change the password to the account whereupon he was able to take over the account and have access to all of the information stored there.  Simple, publicly available information such as birth dates, schools attended and other such information provided the keys to answering the security questions of his victims.  He also apparently used lists of the name of pets to answer security questions as well.  And herein lies the lesson for us all.  Even if you are not a celebrity, there is so much information about us all that is publicly available.   Sometimes the information is even provided by us through our Facebook pages and other social media, making it is an easy task for a hacker to get at our email accounts and other password and security question protected accounts.

TIPS

Protecting your email address is a difficult task.  The key to protecting your account from being hacked is to have strong security questions because it is often too easy for a hacker to guess the answer to common security questions and gain access to the password for your email account. The key to an unbreakable security question is to have an answer  that can never be guessed by a hacker.  So if your security question is “What is my favorite vegetable?” you should make the answer “fire truck” or some other totally illogical response.  Don’t worry about remembering it yourself because if the question and answer are as ridiculous as this, you will remember it.

Scam of the day – May 26, 2016 – Five arrested in IRS impersonation scam

May 26, 2016 Posted by Steven Weisman, Esq.

Earlier this week, five people were arrested in Miami and accused of impersonating the IRS and calling people on the phone, telling them that unless they wired money immediately, they would be arrested.  According to the Treasury Inspector General for Tax Administration (TIGTA) Jennifer Varino Nunez, Dennis Delgado Caballero, Arnoldo Perez Mirabal, Yaritza Espinosa Diaz and Roberto Fontanella Caballero swindled more than 1,500 victims out of approximately two million dollars using this scam.  Most of the criminals perpetrating this scam make the calls on their computers using Voice over Internet Protocol (VOIP) which is not only an easy and economical way to make the calls, but also is easier for hiding the origin of the call.  In addition, using VOIP makes it easier for the criminal to make the call appear to their victims’ Caller ID as if the call really originated with the IRS.

TIPS

This is an easy scam to avoid.  The IRS will never initiate a collection for overdue taxes by a telephone call.  In addition, they will never ask you to verify personal information over the phone nor ask for your credit card number or require you to immediately wire money to resolve the matter.  If you do get a call purporting to be from the IRS demanding payment of overdue taxes, you should just hang up.   If you believe you may indeed owe taxes to the IRS, you should call the IRS directly at 800-829-1040.  If you have become a victim of this scam, you should either report it by phone to the IRS at 800-366-4484 or report it by filling in the IRS Impersonation Scam Reporting form on line which you can get by clicking on this link.  https://www.treasury.gov/tigta/contact_report_scam.shtml

Scam of the day – May 25, 2016 – ATMs hit in Japan for 12.7 million dollars in under three hours

May 25, 2016 Posted by Steven Weisman, Esq.

Using cloned credit cards with account numbers stolen from a South African based bank, thieves managed to steal 12.7 million dollars from 1,400 ATMs in Japan earlier this month although the theft was only recently disclosed.  The thieves used the counterfeit credit cards at 1,400 ATMs in each instance withdrawing the maximum 100,000 yen (approximately $913).  In just under three hours starting at 5:00 a.m. on Sunday, May 15th the criminals, using 1,600 phony credit cards managed to steal 1.4 billion yen (approximately 12.7 billion dollars).  The affected credit cards were issued by South Africa’s Standard Bank.

It isn’t known at this time whether the credit card numbers were stolen through skimming of legitimate cards or a data breach.  Customers whose credit cards were compromised are not liable for any of the illegally made charges on their cards.

TIPS

This type of theft may not have been possible if ATMs were using processing equipment for the more secure EMV chip cards, however, the deadline under the regulations requiring banks and others with ATM machines to switch to compatibility with EMV chip cards in order to avoid liability is not until October 1, 2017.  You can well expect similar type of ATM thefts to occur until banks and others with ATMs do a better job of protecting our security.  Fortunately, consumers will only be inconvenienced by these type of thefts, having to cancel cards and get new credit card numbers, but at least consumers will not be responsible for fraudulent charges and withdrawals made using their credit card accounts.

Scam of the day – May 24, 2016 – Phony kidnapping scam

May 24, 2016 Posted by Steven Weisman, Esq.

Police in Virginia have been warning the public about an upswing in the phony kidnapping scam.  Among the reported instances of this scam were phony reports of the kidnapping of students at George Mason University and young school children at area parochial schools.

I first warned you about this scam three years ago, but I am doing so again because it is having a resurgence.  The scam starts with a telephone call informing the person answering the phone that a relative has been kidnapped and if they do not respond by wiring money right away, the relative will be killed.  When it comes to many scams, we are often our own worst enemy and this scam is no exception.  In many instances, the scammers gather personal information about the intended scam victims from information that the intended victims  or family members put up on social media.  Armed with this personal information, a scammer can describe the supposed kidnapped victim or provide personal information that would make it appear that indeed they actually do have the person in their custody.  Although recent reports have spiked in Maryland and Virginia, this scam is going on throughout the country.

TIPS

Always be skeptical if you receive such a call.  Never wire money to anyone for anything unless you are totally convinced that what you are doing is legitimate because unlike paying for something with a credit card, once your wired funds have been sent, they are impossible to get back.  Talk to the alleged kidnapper as long as possible, thereby giving someone else with you the time to call  or text the alleged kidnap victim on his or her smartphone.   If the purported kidnapping victim is a young child, call the school to confirm that he or she is safe.   You also could ask the kidnapper to describe your relative as well as provide information, such as his or her birth date, which could be found on a driver’s license, however, it is important to remember that much of this kind of information may be available through social media or elsewhere on the Internet.

Many of these kidnapping scams are originating in Puerto Rico or Mexico so be particularly skeptical if you receive the telephone call from Puerto Rico area codes 787, 939 or 856.  Also be wary of calls from Mexico where the area codes which are quite numerous, but can be found by clicking on this link.  http://dialcode.org/North_America/Mexico/

Scam of the day – May 23, 2016 – Phony state lien notices

May 23, 2016 Posted by Steven Weisman, Esq.

Large and small companies throughout the country are receiving phony notices of outstanding tax liens threatening actions such as seizing of bank accounts unless a settlement amount is paid. Recently the Massachusetts Department of Revenue issued a warning about such phony notices.  Making the problem worse is the fact that in many instances, these notices are sent to companies that may indeed have outstanding tax liens imposed upon them, however, the phony notices generally offer settlement of the claim for an exceedingly small amount when compared to the amount of the lien.  Companies are falling for this scam and sending payment of the offered settlement to the scammers.  These companies then end up still having an outstanding tax lien as well as losing the money they thought they paid in settlement.

Reproduced below is a sample of one of the phony notices presently being circulated.  There are a number of telltale signs that indicate that this notice is a scam. One distinctive error that would not immediately be apparent in this particular case is the reference to the “state of Massachusetts.”  Massachusetts is one of four states that refer to themselves as “Commonwealths” rather than “states.”  The others are Kentucky, Virginia and Pennsylvania.  Another telltale sign is the indication at the bottom of the page where it states “not affiliated with the IRS or any governmental institutions.  Results may vary from individual and on a case by case basis.”  Perhaps the most telling indication that this is a scam is the phony form indicates a debt account of $10,937 and a specific settlement amount of only $536.   It is important to remember that there is no official form, as this purports to be, that provides a proposed settlement amount on the form.

Although this scam notice is from Massachusetts, this scam is being repeated in other states around the country.

MA Fake Lien

 

TIPS

This scam is particularly troublesome because the scammers have often scoured public records including those at Registries of Deeds to find legitimate filings of outstanding tax liens which could lead an unwary company to fall for this scam.  Despite the telltale signs indicated above for immediately determining that this is a scam and not a legitimate communication from a state agency, if you have any thought that such a communication might be legitimate, you should still refrain from sending money or calling the numbers indicated on the notice.  Rather, contact the real state agency that issued the outstanding lien to confirm that such a notice is a scam.

 

Scam of the day – Mary 22, 2016 – Five year old LinkedIn data breach comes back to haunt users

May 22, 2016 Posted by Steven Weisman, Esq.

Recently  117 million email addresses and passwords of LinkedIn users captured in a 2012 data breach of LinkedIn were offered for sale on the Dark Web, which is that part of the Internet where cybercriminals buy and sell stolen data.  It may seem odd, but it is not unusual for such stolen material to turn up for sale long after the initial data breach.   Back in 2012 LinkedIn thought that the data breach was limited to 6.5 million user names and passwords, however, earlier this week the company acknowledged that the data of 100 million more LinkedIn members were indeed compromised.  In an effort to combat this problem LinkedIn is invalidating the compromised passwords and contacting affected members directing them to reset their passwords.

The stolen information is of value to the hackers to assist in formulating spear phishing emails that will seem to be from LinkedIn and will attempt to lure the recipient into clicking on links that will download dangerous malware such as keystroke logging malware or ransomware on to the intended victim’s computer.  The stolen passwords are also of use to the hackers because too many people use the same password for all of their accounts and therefore a person’s LinkedIn password may be the same as their banking password which could enable the hacker to gain access to the intended victim’s bank account.

TIPS

LinkedIn is contacting people affected by the data breach and instructing them to change their passwords.  It is important to note that LinkedIn will not ask people to click on a link to change their password in any email so if you get such an email, it is from a hacker seeking to steal your identity.  If you are affected by this data breach, here is a link to where you can safely change your LinkedIn password.  https://www.linkedin.com/uas/request-password-reset?trk=li_corpblog_corp_security

LinkedIn also offers dual factor authentication by which you can have a one time numerical code sent to your smartphone each time you need to access your LinkedIn account.  This is a good security measure to take.

Finally, this case serves as another reminder that you should have unique passwords for all of your accounts.  A strong password contains capital letters, small letters and symbols.  A good way to pick a strong password is to take an easily remembered phrase as your password.  For instance, you can use the phrase IDon’tLikePasswords as your base password.  Add a couple of !! at the end of the password and you have a strong password.  Since you should have a unique password for each of your accounts, you can adapt this base password for particular accounts by merely adding a couple of letters to designate the company at the end of the password so it may read, for instance for a Bankr of America account, IDon’tLikePasswords!!BnkoAm.