Scam of the day – October 31, 2014 – Free credit score scams

October 31, 2014 Posted by Steven Weisman, Esq.

Based on the information contained in your credit reports, your credit score can have a significant effect on whether you are granted a loan and at what interest rate, whether you will be hired for a job, whether you will be sold insurance, whether you can rent an apartment or many other purposes.  We all have a right to an annual free credit report from each of the three major credit reporting agencies, however, your free credit report will not provide you with your credit score.  Recently many people are receiving emails with offers to provide a free copy of your credit score.  Unfortunately, as with any other email or text message that requires you to provide personal information such as your Social Security number which is required to obtain your credit report or credit score, you cannot be sure that the offer is legitimate.  In some instances, companies offering to provide “free” credit reports or scores are actually signing you up for a continuing service that you may not either desire or need.  These sites generally ask for your credit card number, but tell you that they only need the credit card number for verification purposes.  Of course, that it is a lie.  If you were getting something free, you would not need to provide a credit card number.   They are getting your number to use it to charge you monthly fees for services that you may not have thought you ordered.  Even worse however, are scams in which the company offering to provide you with your free credit score is actually just scamming you in order to get your Social Security number which they will use to make you a victim of identity theft.

TIPS

As I always say, you cannot trust any email or text message to be legitimate.  Never click on links, download attachments or provide personal information in response to unsolicited emails or text messages.  The risk is too great.  If you want your free credit reports from each of the three major credit reporting agencies, Equifax, Transunion and Experian, the only place to go is the website www.annualcreditreport.com.  It is important to monitor your credit report not just to find evidence of identity theft, but also to find mistakes that may appear on your report that can adversely affect your credit score.  As for your credit score, the website www.creditkarma.com is a legitimate website that you can trust, that encrypts your data and provides your credit score for free.

Scam of the day – October 30, 2014 – Gallup poll shows hacking of retail stores is the crime most feared

October 30, 2014 Posted by Steven Weisman, Esq.

A recent Gallup poll shows that the hacking of retail stores and the resulting theft of credit and debit card information is the crime that is feared most by Americans – and with good reason.  Identity theft, including the fraudulent use of credit cards by identity stealing hackers accounts for more dollars lost than all other property crimes combined.  Soon we will be heading into the holiday shopping season when credit card shopping both at brick and mortar stores and online will dramatically increase as will the attempts by hackers to steal credit card and debit card information so it is particularly important for everyone to be vigilant when using their credit and debit cards.  The bad news is that there is nothing that we, as individuals can do to reduce the chances of a major data breach at large and small retailers with which we do business, however, the good news is that there is a lot we can do to minimize our exposure.

TIPS

First and foremost, do not use your debit card for any purchases.  Limit its use to ATMs.  The consumer protection laws regarding fraudulent debit card use are not as strong as the laws pertaining to fraudulent use of credit cards.  Potentially, you could lose the entire bank account tied to your debit card if you are not carefully monitoring its use.  In addition, even if you do notify your bank immediately upon promptly noticing fraudulent use of your debit card, your access to your bank account will be frozen while your bank investigates the crime.

Also, when shopping in brick and mortar stores, you may wish to patronize those stores, such as Wall Mart which are ahead of the pack when it comes to transitioning from the old magnetic strip credit cards to the new smart cards with computer chips that would eliminate the risk of your credit card number being captured by a hacker and used for fraudulent purchases.  You also may wish to consider using the new Apple iPay system which also provides greater protection from hackers.

When shopping on line, limit your shopping to the websites of stores that you know are legitimate and make sure that your communications with the website including the providing of your credit card number is encrypted. You can confirm this by looking at the website address and making sure that it begins with “https” rather than merely “http.”  It is important to note that even if you are using a smart card with a computer chip you are not protected from hackers when shopping online because in this instance you are not generating a new number each time you shop.

As we get closer to the holiday season, I will providing you with more tips to avoid holiday scams and identity theft schemes.

Scam of the day – October 29, 2014 – World Health Organization Ebola scam

October 29, 2014 Posted by Steven Weisman, Esq.

I warned you about a number of Ebola scams in my Scam of the day for October 16th, however, a new one is now appearing that requires a specific warning.    This scam starts with an email that appears to come from the World Health Organization that contains a link for you to click on in order to download an attachment purported to contain tips to protect you from the Ebola virus.   It is preying upon the public’s fear and concern regarding Ebola.  However, if you download the attachment, you will not get Ebola information, but will download a keystroke logging malware program that will steal your personal information from your computer and use it to make you a victim of identity theft.

TIPS

Never click on links or download attachments in emails, text messages or social media postings unless you have confirmed that the links or downloads are legitimate.  Trust me, you can’t trust anyone.  It is easy to make a counterfeit message that carries the logo of a real organization and appears to be legitimate.  If you even have the slightest thought that the message may indeed be legitimate, you should merely go to the website at an address that you know is correct or call the entity at a telephone number you have confirmed is correct to verify whether or not the original message to you was phony or not.  In this particular case, the World Health Organization never sends messages to the general public, so you should immediately know it is a scam.

 

Scam of the day – October 28, 2014 – Healthcare worker pleads guilty to identity theft

October 28, 2014 Posted by Steven Weisman, Esq.

Florida medical assistant La Toya Yvette Tillman has been convicted of aggravated identity theft and sentenced to three years in prison.  Through her work at Gastroenterology Consultants she was able to access the database for the entire Memorial Healthcare System, one of the largest health care systems in the country.  Tillman stole personal information including patients’ names, dates of birth and Social Security numbers which she sold by the thousands to identity thieves who, in turn, used the information to file fraudulent income tax returns and commit income tax identity theft.  The lack of security in the health care industry nationwide is far worse than that of retailers such as Target, Home Depot and others that have been the victims of major data breaches.  This case in particular points to the problem of insider identity theft where rogue employees, having access to personal information of patients are able to steal that information.   Regardless of how strong a company’s security is to withstand an attack from outside of the company, it is necessary to combine that security with strong security from threats within the company.

TIPS

This should be a wake up call to many companies and not just those in the health care industry to better protect the privacy of their data banks from threats within the companies as well as outside of the companies.  Too much information is readily accessible in many companies to too many people in the companies with no need to have access to that information.  However, this case also is a good example of companies having access to Social Security numbers, the key to identity theft when they don’t need this information.  People think that medical care providers need your Social Security numbers, when in fact the main reason medical care providers and others demand the number is to make collection of overdue bills easier for them.  Try to limit as much as possible the companies to which you provide your Social Security number to those that truly have a need for it.  The information stolen by La Toya Yvette Tillman would not have been sufficient for her accomplices to file fraudulent tax returns if the Social Security numbers were not included in the stolen data.

 

Scam of the day – October 27, 2014 – Utility bill scam

October 27, 2014 Posted by Steven Weisman, Esq.

This particular scam is another one about which I have repeatedly warned you over the years, but it deserves repeating because there are reports that its frequency is increasing dramatically.  Anytime you receive a call regarding anything in response to which you are advised to make a payment by way of a Green Dot MoneyPak card or any other prepaid card you should be skeptical because these prepaid cards are a favorite method for scam artists to scam you out of your money.  This is because once the scammer has the card number, it is the same as cash and you cannot stop payment on the payment nor trace to whom the payment was made.  Recently, people have been receiving telephone calls purportedly from utility companies telling them that they are behind in their payments and their utilities will be shut off unless immediate payment is made by way of obtaining a Green Dot MoneyPak card or other such card and providing the 14 digit card number to the scammer by phone.   The callers are often quite intimidating and threatening.  Often your Caller ID may even indicate that the call is indeed from your utility company, but it is an easy thing for a scammer to “spoof” or make it appear that a call from them is coming from your utility company.  You can never be sure when you receive a telephone call as to who is really calling you.

TIPS

Never make a payment to a utility company in response to a telephone call.  No utility will require immediate payment by way of a Green Dot MoneyPak card.  If you are behind in your utility payments, call the utility company at a number that you know is accurate and discuss a payment plan with a legitimate representative of the utility company.

Scam of the day – October 26, 2014 – Myverizon38.com scam

October 26, 2014 Posted by Steven Weisman, Esq.

This scam is a slight variation of the scam I reported to you about on March 6, 2014 in the Scam of the day. “Spoofing” is the name for the tactic used by identity thieves to make a call that you receive appear to come from a legitimate source, when, in truth it is from a scammer who has merely managed to make it look like the call is legitimate.  Many people are reporting receiving calls on their smart phones or landlines that on Caller ID appear to be from “Technical Support” and carrying a telephone number that is a real number for Verizon Wireless technical support.  The call received is an automated robocall that informs you that you have are eligible for a $38 reward and then directs you to the website www.myverizon.38.com.  This website is a phony website which lures you into providing personal information that is then used to make you a victim of identity theft.  In other variations of this scam, merely by clicking on a link on the phony website, you will unwittingly download keystroke logging malware that will steal the personal information from your computer and use this information to make you a victim of identity theft.   This type of scam by which a legitimate-looking, phony website tricks you into providing personal information or clicking on tainted links is called “phishing.”  Back when I first reported on this scam to you, the phony website was www.verizon54.com and the amount of the phony reward was $54.

TIPS

You can never trust a phone call to actually be from whom the caller says.  Spoofing is easy to accomplish by identity thieves.  Don’t be tricked into trusting a telephone call.  In addition, robocalls are illegal so you should never trust a prerecorded call.  Nor should you click on links that you are not sure are legitimate.  If you have any thought that the original contact might be legitimate, contact the company directly at a website address or telephone number that you know is accurate to inquire about the particular matter.

Scam of the day – October 25, 2014 – Sergei Tsurikov sentenced to 11 years for credit card hacking

October 25, 2014 Posted by Steven Weisman, Esq.

Sergei Tsurikov, an Estonian hacker was sentenced to eleven years in federal prison following his conviction for the sophisticated hacking of RBS WorldPay, a credit card processing company.  The scheme involved hacking into the computers of RBS WorldPay, breaking the encryption software used by RBS WorldPay and accessing the customer data on payroll debit cards used by a number of RBS WorldPay’s customers to pay their employees.  Payroll debit cards are used as a way of allowing employees to conveniently withdraw their wages through ATMs.  Through his hacking, Tsurikov was able to raise the account limits on the hacked accounts and then provided a network of his accomplices around the world with 44 counterfeit cards that were used to withdraw more than 9 million dollars from more than 2,100 ATMS in more than 200 cities in the United States, Russia, Ukraine, Estonia, Japan and Canada and other countries.  The entire robbery was accomplished in less than twelve hours.

TIPS

Sophisticated hackers are rarely caught and prosecuted, which is one reason that this type of crime is such a growth industry.  In particular, one of the problems has been getting the cooperation of foreign law enforcement agencies necessary to take effective action against this type of crime.  However in this instance, there was significant international cooperation throughout the investigation and later prosecution by law enforcement agencies in the United States, Estonia, the Netherlands and Hong Kong.  Ultimately, it was Estonian law enforcement that apprehended Tsurikov who was then extradited by Estonia to the United States where he was put on trial and convicted.  This is a very positive step forward in fighting international cybercrime.

Scam of the day – October 24, 2014 – President Obama’s Executive Order regarding credit card security and identity theft

October 24, 2014 Posted by Steven Weisman, Esq.

President Obama has signed an Executive Order leading the way for greater protection for Americans from data breaches and identity theft.   He also announced that a number of companies including Home Depot Target,  Walgreen and Walmart are accelerating their move to more secure chip and PIN credit card use at their stores. Although regulations that would encourage retailers to switch to these smart cards no later than October of 2015, these companies are planning on completing the move to smart card readers by January of 2015 with Walmart already leading the way.  Also starting in January Citi and FICO are joining together to make credit scores available free to Citi Bank credit cards.  Already providing free credit scores are Discover, Barclaycard, Pentagon Credit Union and First National Bank of Omaha.  It is hoped that more banks will follow this example.  Under the President’s order the reporting of credit card fraud will be made quicker and easier within two years.  Finally, the President announced that the Department of Justice and the FBI are working to improve greater information sharing between hacked companies and affected consumers with the National Cyber-Forensics and Training Alliance’s Internet Fraud Alert System.

TIPS

The President’s actions are a good first step and they do indicate a greater willingness of businesses to work with the government in order to better protect consumer data.  However, much remains to be done and Congressional action is definitely required to improve the laws necessary to protect consumers from data breaches and identity theft.  However, it is good to see the President taking the lead on this important issue. Meanwhile, the primary responsibility for protecting ourselves from identity theft still rests with all of us as individuals.  I urge you to pick up a copy of my new book “Identity Theft Alert” which provides simple steps you can take to dramatically improve your chances of avoiding identity theft.  You can order the book from Amazon by clicking on the link on the right hand side of this page.  I also urge you to read scamicide.com every day so you can become aware of the latest scams and identity theft schemes.

Scam of the day – October 23, 2014 – Latest security updates from the Department of Homeland Security

October 23, 2014 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates includes many important updates and security patches to prevent serious problems including important security updates for Microsoft Windows,  Internet Explorer, Mozilla Firefox, iPhones and Apple TV.

TIPS

Here are the links to the latest security updates as issued by the Department of Homeland Security:

https://www.us-cert.gov/ncas/current-activity/2014/10/22/Microsoft-Releases-Advisory-Unpatched-Windows-Vulnerability

https://www.us-cert.gov/ncas/bulletins/SB14-293

https://www.us-cert.gov/ncas/bulletins/SB14-286

https://www.us-cert.gov/ncas/current-activity/2014/10/20/Apple-Releases-Security-Updates-iOS-and-Apple-TV

Scam of the day – October 22, 2014 – Staples becomes the latest data breach victim

October 21, 2014 Posted by Steven Weisman, Esq.

Staples, the  popular office supply store is the latest major retailer to be hacked and suffer a data breach.  As I have written many times before, including in a column for USA Today in which I wrote about the data breaches following the same pattern each time, the news about the Staples data breach is in the early stage where the company announces that it is investigating what it calls a “potential” credit and debit card breach.  As I indicated in my USA Today column, http://www.usatoday.com/story/money/personalfinance/2014/09/27/hacking-target-home-depot-credit-card/16221427/ this is because the retailer generally does not discover that it has been hacked until banks monitoring fraudulent credit card use notice a pattern of fraudulent card use that lead back to the source of the stolen credit card and debit cards, which in this case was some Staples stores.  Ironically, earlier in the day before it announced the “potential” data breach, Staples announced that the Staples App would work with Apple Pay, the new pay by phone App in the iPhone 6.  Greater use of pay by phone and smart credit cards with chips would dramatically reduce the problems caused by the epidemic of data breaches targeting magnetic strip credit card and debit cards used throughout the United States.

TIPS

At the moment, we don’t yet know how long the Staples data breach, which initially appears to have been limited to stores in the Northeastern United States has been going on.  Certainly if you have shopped at a Staples store in the last six months you should carefully review your credit card statements and monitor your account carefully.  As always, I urge you not to use your debit card for retail purchases because of the greater risk of serious financial harm when compared to using a debit card which provides greater consumer protection.  As more information about this data breach becomes known, I will let you know.