Scam of the day – July 6, 2015 – Windows 10 update scams

July 5, 2015 Posted by Steven Weisman, Esq.

The new Windows 10 operating system is coming.  It is scheduled to start being released on July 29th.  However, if you are a user of Windows 7 or Windows 8.1 you are eligible to receive the new Windows 10 operating system for free.  Microsoft is letting these customers reserve the new operating system now.  Microsoft is notifying customers through a new icon on your taskbar or a popup message as indicated in the screen photo below.  Clicking on the message will take you to a page where you can sign up by merely providing your email address.  Once Windows 10 is available Microsoft will then download it to your computer. Over the years Microsoft has issued new operating systems after years of patches and updates of the previous operating systems.  When it became too cumbersome and difficult to patch the old operating systems, new ones were released.  Unfortunately, many individuals and companies still use the old operating systems, such as Windows XP although they were warned for years that new security update would no longer be issued after a specific date.  People and companies continuing to use the old operating systems, particularly Windows XP have become easy targets for hackers exploiting the vulnerabilities of the older operating systems.

W10_Laptop_AUX_Build_16x9_en-US_070115-01

TIPS

The release of Windows 10 will be exploited by scammers and identity thieves.  In particular you may receive emails or text messages with links or downloads that purport to be of Windows 10.  Don’t trust them.  Microsoft is not contacting people by emails or text messages regarding Windows 10.  Any email or text message, regardless of how legitimate it may look, that purports to be from Microsoft asking you to download an attachment or click on a link to install your Windows 10 is a scam.  If you click on those links or download those attachments all you will succeed in doing is downloading keystroke logging malware that will steal the information from your computer and use it to make you a victim of identity theft.  Microsoft will  also not be calling you on the phone to install Windows 10 either, so if you get a telephone call in which the caller represents that he or she is from tech support at Microsoft to help you download Windows 10, just hang up.  The call is from an identity thief only seeking to get access to your computer and its data.

Scam of the day – July 5, 2015 – Trump hotel chain hacked

July 4, 2015 Posted by Steven Weisman, Esq.

Donald Trump seems to be constantly in the news these days.  Whether it is for declaring his candidacy for President of the United States or for making inflammatory comments, Trump is omnipresent in the media.  However, the latest Trump news event is not one with which he must be pleased.  It has just been disclosed that the Trump Hotel Collection, which includes hotels in Chicago, Honolulu, Las Vegas, Los Angeles, Miami and New York has been hit with a Target-like credit card and debit card data breach that appears to have started at least as far back as February.  As with so many data breaches, it was discovered not by the company hacked but by credit and debit card processing banks that noticed a pattern of fraudulent use and traced the cards back to the Trump hotels.  This type of hacking and data breach is expected to happen again and again as companies still cling to the use of old fashioned credit and debit cards using magnetic strips rather than the more modern smart credit cards with computer chips that create a new one-time authorizing number each time the card is used.

Here is a link to a column I wrote for USA Today in September of 2014 in which I both described how these data breaches occurred and correctly predicted their continuing pattern. http://www.usatoday.com/story/money/personalfinance/2014/09/27/hacking-target-home-depot-credit-card/16221427/

TIPS

There is little that we as credit and debit card users can do to protect ourselves from the security vulnerabilities of the companies with which you do business.  One important thing to do is to refrain from using your debit cards except in ATMs.  Using your debit card at retail establishments puts you at much greater risk of expensive identity theft in the event of a data breach at the company with which you are doing business because of weaker consumer protection laws regarding liability for fraudulent use of your debit card.  Although the deadline for companies being required to install smart credit card readers is months away, you should ask your credit card company for a replacement credit card with a computer chip now.  Some stores, most notably Wall Mart are already using the safer smart chip cards.  Whenever you can use the smart credit card, it is important to do so.

Scam of the day – July 4, 2015 – Update on hacking of Office of Personnel Management

July 4, 2015 Posted by Steven Weisman, Esq.

It was a month ago that I first reported to you about the hacking of the federal Office of Personnel Management (OPM) in which personal information on anywhere between 4 million and 14 million people was compromised.  The large discrepancy in the number of people who may have been affected by the hacking is due to the fact that although files on 4 million people were accessed, there was information on many millions more within those files.  The risk of identity theft is quite high for those affected by the data breach.  Meanwhile, as they always do, other scammers are taking advantage of people’s legitimate concern about their risk of identity theft and sending out emails that purport to be from the Office of Personnel Management appearing to offer help when all they really are doing is phishing for personal information that can be used to make the targeted person a victim of identity theft.  OPM has hired CSID, a company that provides identity theft protection and fraud resolution services and is offering 18 months of free credit report access, credit monitoring, identity theft insurance and recovery services to those people affected by the data breach.  However, be very skeptical of emails that appear to come from CSID offering assistance, but asking for information.  CSID’s URL for this purpose is opm.csid.com.  Be particularly wary if you receive an email purporting to be from CSID that is not from that address.  In fact, it is a good idea not to trust any email that asks for personal information without confirming first that it is legitimate.

TIPS

First, if you are one of the millions of people affected by this data breach, I suggest that you go to the OPM’s website for the latest announcements as to the status of the data breach and what you can and should do to protect yourself.  Here is a link to the OPM’s page with the latest information:  http://www.opm.gov/news/latest-news/announcements/

Also, if you are affected by the data breach, here is a link to CSID’s website where you can safely enroll for services: https://www.csid.com/opm/

As for all of us, a good lesson to avoid becoming a victim of phishing that leads to identity theft, never click on links in emails or text messages or provide information requested in an email or a text message unless you have absolutely confirmed that it is a legitimate.  It is easy to send a phony email that looks quite legitimate.

Scam of the day – July 3, 2015 – Turkish man arraigned in worldwide financial hacking scheme

July 2, 2015 Posted by Steven Weisman, Esq.

Ercan Findikoglu who had been arrested in Germany in December of 2013 finally was extradited to the United States where last week he was arraigned on charges related to three major cyberattacks on the global financial system.  Findikoglu, a Turkish citizen is alleged to be the kingpin of an international gang that hacked into three credit and debit card processors and then manipulated the account data on prepaid debit cards to be dramatically increase the balances.  Findikoglu then is alleged to have distributed the stolen debit card information to cohorts around the world who would create cards and then use the phony cards to withdraw money from ATMs around the world.  One plot targeted cards issued by JP Morgan Chase, another by the National Bank of Ras Al-Khaimah in the United Arab Emirates  and a third plot targeted cards issued by Bank Muscat in Oman.  The debit cards of Bank Muscat were distributed to gang members in 24 countries who within a two day period did 36,000 ATM withdrawals totaling 40 million dollars.  The total amount stolen through all three bank hacks was 55 million dollars.

TIPS

The international cooperation involved in this case is good news in the battle against cybercrime which is a crime that knows no borders.  Often the type of international cooperation required to effectively combat such cybercrime is lacking in the international community.  Hopefully, this case provides an indication of a positive change in the war against cybercrime.   Another positive change that is necessary in the battle against cybercrime is greater cooperation between hacked companies and law enforcement and other governmental agencies.  To date, Congress has not enacted the legislation necessary to make this happen, but it is expected that in the not too distant future we will see such laws mandating greater disclosure and cooperation between government and business.

Scam of the day – July 2, 2015 – A new Nigerian letter scam

July 1, 2015 Posted by Steven Weisman, Esq.

The Nigerian letter scam by which you are promised huge amounts of money through an email under various guises, such as an inheritance from a relative you never knew existed or a public official who needs help getting money out of his country is a scam that has actually been around since the 1500s when it was known as the Spanish Prisoner scam.  One thing that this scam has in common in all of its incarnations is that if you respond to the scam, you will not end up getting anything except a lesson in learning to be more skeptical.  Many people have paid thousands of dollars to Nigerian letter scam artists before they realize that they have been the victim of a scam.

I don’t publish every one of these types of letters that I receive, but I wanted to share this particularly creative version of the letter that I got last week.

“Federal Bureau of Investigation (FBI)
Anti-Terrorist And Monitory Crime Division.
Federal Bureau Of Investigation.
INTERNATIONAL MONETARY FUNDS
J.Edgar.Hoover Building Washington Dc
Customers Service Hours / Monday To Saturday
Office Hours Monday to Saturday:

Dear Beneficiary,

Series of meetings have been held over the past 7 months with the secretary general of the United Nations Organization. This ended 3 days ago. It is obvious that you have not received your fund which is to the tune of $2.3million Usd due to past corrupt Governmental Officials who almost held the fund to themselves for their selfish reason and some individuals who have taken advantage of your fund all in an attempt to swindle your fund which has led to so many losses from your end and unnecessary delay in the receipt of your fund.

The National Central Bureau of Interpol enhanced by the United Nations and Federal Bureau of Investigation and the International monetary funds have successfully passed a mandate to the current president of Nigeria his Excellency President Good luck Jonathan to boost the exercise of clearing all foreign debts owed to you and other individuals and organizations who have been found not to have receive their Contract Sum, Lottery/Gambling, Inheritance and the likes. Now how would you like to receive your payment? Because we have two method of payment which is by Check or by ATM card?
ATM Card: We will be issuing you a custom pin based ATM card which you will use to withdraw up to $3,000 per day from any ATM machine that has the Master Card Logo on it and the card have to be renewed in 4 years time which is 2015. Also with the ATM card you will be able to transfer your funds to your local bank account. The ATM card comes with a handbook or manual to enlighten you about how to use it. Even if you do not have a bank account.

Check: To be deposited in your bank for it to be cleared within three working days. Your payment would be sent to you via any of your preferred option and would be mailed to you via UPS. Because we have signed a contract with UPS which should expire in the next three weeks you will only need to pay $280 instead of $620 saving you $340 So if you pay before the three weeks you save $340 Take note that anyone asking you for some kind of money above the usual fee is definitely a fraudsters and you will have to stop any communication with every other person if you have been in contact with any. Also remember that all you will ever have to spend is $280.00 nothing more!
Nothing less! And we guarantee the receipt of your fund to be successfully delivered to you within the next 24hrs after the receipt of payment has been confirmed.

Note: Everything has been taken care of by the Federal Government of Nigeria the International Monetary Funds, The United Nation and also the FBI and including taxes, custom paper and clearance duty so all you will ever need to pay is $280.

DO NOT SEND MONEY TO ANYONE UNTIL YOU READ THIS: The actual fees for shipping your ATM card is $420 but because UPS have temporarily discontinued the C.O.D which gives you the chance to pay when package is delivered for international shipping We had to sign contract with them for bulk shipping which makes the fees reduce from the actual fee of $620 to $280 nothing more and no hidden fees of any sort!

To effect the release of your fund valued at $2.3million Usd you are advised to contact our correspondent in Africa the delivery officer Mr Nicholas Justina with the information below,

Full Name:Mr Nicholas Justina
Email: nicholas_justina@aol.com
Email:nicholasjustina2@gmail.com
Telephone: (719) 377-2771
You are advised to contact him with the informations as stated below:

Your full Name..
Your Address:…………..
Home/Cell Phone:…………..
Occupation:………………..
Preferred Payment Method (ATM / Cashier Check)

Upon receipt of payment the delivery officer will ensure that your package is sent within 24 working hours. Because we are so sure of everything we are giving you a 100% money back guarantee if you do not receive payment/package within the next 24hrs after you have made the payment for shipping.

Yours sincerely,
Miss Donna Story
FEDERAL BUREAU OF INVESTIGATION
UNITED STATES DEPARTMENT OF JUSTICE
WASHINGTON, D.C. 20535″

TIPS

Although it should be apparent to everyone who reads this email that it is a scam, the very outrageousness of  the email is most likely intentional because as more people become aware of the Nigerian letter scam, the scammers do not want to waste their time on potential victims who may be skeptical of their scam, so they often send out emails like these that are so outrageous in an effort to catch only the most gullible and greedy.  Also note the misspelling of the word “monetary” that appears as “monitory crime commission.”  Of course, by the fact that you are reading Scamicide, you have already indicated that you are too smart to fall for this type of scam.  If you receive a particularly inventive or interesting Nigerian email, please share it with us here at Scamicide.

Scam of the day – July 1, 2015 – Critical Adobe Flash update

July 1, 2015 Posted by Steven Weisman, Esq.

Adobe Flash software is a highly used video software program so it should be of little surprise that it is highly scrutinized for vulnerabilities by hackers who exploit these vulnerabilities to gain access to their targets computers.  Unpatched vulnerabilities in Adobe Flash software were exploited by Russian hackers who hacked into the White House and State Department computer systems.  Recently, the security firm FireEye found attempts to attack aerospace, defense, construction, technology and telecom companies by exploiting a flaw in Adobe Flash uncovered by FireEye.  FireEye promptly notified Adobe which promptly created a patch for the problem.  A link to the patch can be found below.

The problem is that hackers are now distributing kits on black market websites that enable other hackers to exploit this vulnerability on computers that have not been updated and all too often individuals and companies fail to update their software in a timely basis.  Already this flaw is being exploited by hackers as a way of getting victims to download Ransomware on to their computers.  As I have written about many times before, Ransomware encrypts and locks your computer data.  The hacker then threatens to destroy the data unless a ransom is paid immediately.

TIPS

Businesses, government agencies and individual computer users must make it a priority to install the latest security patches and updates as soon as they become available.  Time after time, companies, government agencies and individual computer users have become victims of devastating computer hacks that they could have easily avoided had they promptly updated their software with the latest security patches and updates as soon as they became available.  Don’t make this mistake.  Here at Scamicide we regularly provide you the links to the latest security patches.

Here is the link to the latest Adobe Flash security update:  https://helpx.adobe.com/security/products/flash-player/apsb15-14.html

Scam of the day – June 30, 3015 – SEC and Secret Service investigating insider trading data breach

June 30, 2015 Posted by Steven Weisman, Esq.

The Securities and Exchange Commission (SEC) and the Secret Service are investigating data breaches at about sixty companies in the biotechnology, medical instruments, hospital equipment and pharmaceutical drug fields that appear to have been going on since 2013.  The information stolen in these data breaches appears to have been used by the hackers, who have been identified as FIN4 by the security company FireEye, which first uncovered the hacking last year, for purposes of insider trading.  The hackers focused on executives within the targeted companies that had information about mergers and acquisitions as well as other information useful in predicting the movement of the stocks of these companies on the stock exchanges.  Insider trading on non-public information that moves a stock’s price is illegal.

TIPS

At this point in time we do not know whether the hackers are Americans or are launching the attacks from somewhere outside of the country.  Although the evaluation and use of the precise information sought and stolen indicates that the hackers are quite sophisticated both in the health care industry and in financial markets, the manner by which the information was stolen was quite basic.  They used phony Microsoft Outlook login pages to trick the targeted individuals into providing their user names and passwords.  They would then view private emails and even, on some occasions interject themselves into email conversations in order to gather useful information.  Although this is particularly troublesome, regulators should be able to identify who made trades at opportune times and ultimately find the hackers.

Scam of the day – June 29, 2015 – New settlement provides funds for victims of Bernie Madoff

June 29, 2015 Posted by Steven Weisman, Esq.

Irving Picard, the trustee appointed by the Securities Investor Protection Corporation (SIPC) to protect the interests of the victims of the Bernie Madoff Ponzi scheme has announced a settlement with Plaza Investments International by which Plaza will pay 140 million dollars to be applied to the losses suffered by Madoff’s victims.  Plaza is one of a number of feeder funds that invested millions of dollars of their clients’ funds with Madoff without properly investigating what Madoff did with the money.  It is also alleged that Plaza, as did other feeder funds failed to recognize indications that what Madoff was doing was a scam.  Madoff, who is now serving a 150 year prison sentence was found guilty of stealing approximately 20 billion dollars from individual investors, celebrities and other investment managers who, such as Plaza invested their clients’ funds with him.  Madoff’s scheme was a classic Ponzi scheme by which he never invested anything, but just used the money received from new investors to pay off earlier investors.  This latest settlement brings the total amount recovered on behalf of Madoff’s victims to 10.874 billion dollars.

TIPS

Bernie Madoff has actually indicated that it was his victims own fault that they lost the money they invested with him.  He went on to explain that if they had done their proper research, they would have realized that it was impossible to do what he said he was doing with the money.  Although to hear these words coming from a man who financially ruined so many people is offensive, there is a bit of truth to what he says and a lesson to all of us.  You should never invest in anything that you do not completely understand.  Only put your money into investments that you are familiar with and never let your investment adviser also be the custodian of your funds.  Madoff did both functions which made it easier for him to cheat his victims as there was no one to oversee or regulate his actions.

Scam of the day – June 28, 2015 – FBI issues new alert about Ransomware

June 28, 2015 Posted by Steven Weisman, Esq.

I have been reporting about Ransomware to you since 2012.  Ransomware is the name for a type of malware that when downloaded on to your computer encrypts your data and restricts your ability to access your data.  The hacker who infected your computer will have a notice appear on your computer informing you that your data has been locked away and that unless you pay a ransom, usually in untraceable Bitcoins, your data will be destroyed.  Earlier this week the FBI’s Internet Crime Complaint Center issued a new warning about a worldwide increase in the use of Ransomware including the newest variation of Ransomware malware identified as CryptoWall.   Hackers are targeting individual computer users, police department, accounting firms and businesses with Ransomware.  In many instances, after the ransom is paid, an encryption key is provided by the hacker that enables the victim to unlock the data, however in some instances, the hackers never unlock the data.  As with all malware, a key question is how does it become downloaded on to the victim’s computer and the answer is that the malware is downloaded by unwary computer users who click on infected links in emails or click on infected popups or advertisements.

TIPS

Of course, it is of critical importance to use a good firewall and not only install anti-virus and anti-malware software programs, but to keep these programs updated with the latest security updates and patches.  However, the latest incarnations of most malware is generally at least thirty days ahead of the security software companies so you can never rely on your security software and your firewall to keep you totally safe.  Trust me, you can’t trust anyone.  Don’t click on links in emails regardless of how legitimate they may appear until you have confirmed that they are indeed legitimate.  Enable popup blockers to keep these from appearing on your screen.  Finally, no system of malware prevention is 100% effective so it is critical to backup all of your data offline in order to eliminate the danger of Ransomware.

Steve Weisman’s latest USA Today column

June 27, 2015 Posted by Steven Weisman, Esq.

Here is a link to Steve’s latest column for USA Today about online travel scams:

http://www.usatoday.com/story/money/personalfinance/2015/06/27/beware-of-online-vacation-scams/29354675/