Scam of the day – August 31, 2015 – Jason Chaffetz becomes a victim of income tax identity theft

August 31, 2015 Posted by Steven Weisman, Esq.

Unless you live in Utah, the name of Jason Chaffetz may not be familiar to you.  Jason Chaffetz is a Congressman from Utah, the Chairman of the House Oversight Committee and a recent victim, as he disclosed this week, of income tax identity theft.  Chaffetz did not find out he was a victim of income tax identity theft until he went to file his income tax return only to be told that someone else had filed using his name and Social Security number.  Fortunately for Chaffetz he owed money to the IRS so the fact that he is a victim of income tax identity theft will not delay the payment to him of a refund.  Those victims of income tax identity theft who are owed a refund find insult added to injury as they must wait many months before the IRS completes its investigation and sends a refund.  Chaffetz has long been a critic of IRS Commissioner John Koskinen and this latest matter has only added to the reasons Chaffetz is using in asking for Koskinen to be fired.


Although Congressman Chaffetz is  rightfully placing much of the blame for income tax identity theft on Commissioner John Koskinen, there is plenty of blame for income tax identity theft on the part of Congress itself which continues to fail to pass legislation to require employers to file W-2s with the IRS at the same time they file them with the Social Security Administration.  Presently, employers file W-2s for their employees with the Social Security Administration either at the end of February or March depending on whether they are filing electronically or by paper.  The Social Security Administration does not get around to sending the W-2s to the IRS until July, long after the IRS has already sent out refunds to many income tax identity thieves who filed counterfeit W-2s.  If the IRS received W-2s early and compared them to the W-2s filed with income tax returns before sending out refunds, a tremendous amount of income tax identity theft could be avoided.  As for what we as taxpayers can do to protect ourselves from income tax identity theft, the best things you can do are to keep your Social Security number private and file your income tax return early before an identity thief files one before you do.


Scam of the day – August 30, 2015 – Routers vulnerable to hacking

August 30, 2015 Posted by Steven Weisman, Esq.

If you are reading this online, you have a router.  A router is a networking device that is used to transfer data between your computer and the Internet.  Unfortunately, researchers at Carnegie Mellon University have disclosed that a number of commonly used DSL routers are vulnerable to hacking because they use an easily guessed hard code password.  The affected models are ASUS DSL-N12E, DIGICOM DG-5524 T, Observa Telecom RTAO1N, Philippine Long Distance Telephone (PLDT), SpeedSurf 504AN and ZTE ZXV10 W300.  Although this vulnerability was just announced earlier this week, other researchers had discovered the same problem and had reported on it for two of the affected devices last year.  In addition, earlier this year, at least 700,000 routers from different manufacturers were also vulnerable for the same reason and although they were manufactured by different companies, they all used vulnerable hardware manufactured by the same Chinese company.


Here is a link to the Vulnerability Notice as released by the researchers at Carnegie Mellon University.

I urge you to check and see if your router is one of those affected.  Unfortunately, if your router is one of the vulnerable routers, according to the researchers at Carnegie Mellon there is no practical solution at this time.  However, they do recommend that you adapt your Firewall so that the telnet service of your router is not accessible by untrusted sources.

Steve Weisman’s latest column for USA Today

August 29, 2015 Posted by Steven Weisman, Esq.

Here is  a link to Steve Weisman’s latest column for USA Today.


Scam of the day – August 29, 2015 – Class action filed against IRS for data breach

August 29, 2015 Posted by Steven Weisman, Esq.

The trend of people suing companies and government agencies deemed responsible for data breaches due to their failing to take proper steps to protect personal information they hold continues to accelerate with the recent filing of a proposed class action on behalf of the approximately 330,000 people affected by the recent data breach of the IRS’ Get Transcript program about which I have reported to you a number of times here at Scamicide.  Go to the Archives for more information about this particular data breach.  According to Richard McCune, one of the lawyers who filed the lawsuit, “As custodians of taxpayer information, the IRS has failed in its obligation to protect the personal and sensitive information of hundreds of thousands of taxpayers, their spouses and families.  Furthermore, the breach and theft occurred after repeated warnings over the course of several years regarding the lax computer security system.”


If you were affected by this data breach and want more information about the lawsuit, you can contact McCuneWright, one of the law firms that filed the lawsuit by clicking on this link.

As for the rest of us, the best things you can do to protect yourself from  income tax identity theft is to protect the privacy of your Social Security number and file your income tax return as early as possible to prevent an identity thief from filing one using your name and Social Security number before you get a chance to file your legitimate return.

Scam of the day – August 28, 2015 – Money flipping scam

August 28, 2015 Posted by Steven Weisman, Esq.

Social media is suddenly being flooded with advertisements for money flipping opportunities.  In one version of the scam being found on Instagram, there is a photograph of someone folding a pile of money with text that says that it is easy to “flip” a couple of hundred dollars to as much as thousands of dollars and then gives you contact information in order to take part in this great opportunity.  Once contacted the scammer then instructs the victim to provide their debit card and PIN to the scammer in order to be able to deposit a check into your account.  The scammer then tells you that he or she will deposit a check into your account and then withdraw the money shortly thereafter.  You then get paid for allowing the scammer to use your account in this manner.  The problem is that the check the scammer deposits into your account is counterfeit, but the money withdrawn from your account in the amount of the counterfeit check is not so you lose money from your account.


Certainly everyone wants, as Dire Straits sang years ago, “money for nothing,” however, you should always be skeptical of anyone proposing a scheme that appears to offer that kind of reward.  What possible legitimate reason could there be for a stranger to need to use your bank account to cash a check?  This is an obvious scam and one that should be avoided.   You also should never consider giving your debit card and PIN to a stranger or even a friend for that matter.

Alaska cruise with Steve Weisman of

August 27, 2015 Posted by Steven Weisman, Esq.

Bottom Line Publications is sponsoring a luxury cruise of Alaska on the Crystal Serenity from June 19th to June 26th 2016.  The trip will also feature a number of speakers on a variety of personal finance topics.  Steve Weisman of will be one of the speakers talking about scams, identity theft and cybersecurity.

If you are interested in joining Steve on the cruise or want more information, here is a link to the cruise website.


Scam of the day – August 27, 2015 – Virginia news shooting scams

August 27, 2015 Posted by Steven Weisman, Esq.

Yesterday’s news was filled with coverage of the tragic killing of Virginia WDBJ news reporter Alison Parker and cameraman Adam Ward by Vester Flanagan, also known professionally as Bryce Williams, a deranged and disgruntled former co-worker.  During the course of the killings Flanagan actually took videos of the murders as he committed them and posted them to his Facebook and Twitter accounts shortly after the killings while he was on the run from law enforcement.  Some legitimate news sites are presenting edited still photos from the videos while others are providing the actual footage.    The videos themselves were taken down shortly after being posted.  However, there will be people out of morbid curiosity looking on the Internet for those grisly videos and scammers are only too willing to take advantage of their curiosity.  You can expect that there will be websites, text messages and emails purporting to provide links to the videos and you also can expect those websites, text messages and emails to be contaminated with malware that will enable the scammer to steal the personal information from the computers, smartphones and other electronic devices of the morbidly curious and use that information to make them victims of identity theft.


Never click on links in emails or text messages unless you are absolutely sure that they are legitimate.  The risk of downloading malware is just too high.  In addition, there are some types of malware that can steal your information when you merely go to an infected website so whenever seeking videos or photos of controversial subjects, you should stay with legitimate news websites.  Merely because a website may turn up high in a Google or other search engine search does not mean that the website is legitimate.  It only means that the makers of the website know how to manipulate the logarithms used by Google to receive a high ranking.

Scam of the day – August 26, 2015 – Bank of America security message scam

August 26, 2015 Posted by Steven Weisman, Esq.

This is another phishing scam that is making the rounds these days.  It appears to be a legitimate email from Bank of America informing you that due to upgrades being done to the Bank of America computer systems, it is necessary for you to confirm personal account information in order to maintain your account.  Of course, if you click on the link contained in the email, you will only succeed in either unwittingly downloading keystroke logging malware that will steal your personal information from your computer and use it to make you a victim of identity theft or you will be sent to another website that prompts you to provide your personal information directly, which then wil be used to make you a victim of identity theft.  Either way you lose.  Here is a copy of the email presently being circulated:


We need you to confirm your Bank of America account due to our new upgrading. It is mandatory that you confirm your details through our secure link below.

Thank you for your co-operation.
Bank of America Admin
Copyright © 2015 BOA Inc.”


There are a number of ways to know that this is a phishing scam.  First of all, if you are not an account holder at Bank of America, you can rest assured that the email is a scam.  Unfortunately, there are so many people that are account holders at Bank of America, the scammers just send out the email in large numbers hoping to reach Bank of America account holders among the random people being sent the email.  The email address from which it is sent was not that of Bank of America, but rather that of a private individual whose email account was hacked, taken over and made part of a botnet to send these emails in large numbers.  Because you can never be sure whenever you receive an email that asks you to provide personal information whether it is legitimate or not, the best thing to do is to remember my motto, “trust me, you can’t trust anyone” and confirm whether it is legitimate or not by calling the real company, in this case Bank of America to learn whether or not the email is phony or not.  Chances are, you will be told that it is a scam.

Scam of the day – August 25, 2015 – American Community Survey

August 24, 2015 Posted by Steven Weisman, Esq.

Many people are receiving letters, phone calls and even visits from people representing that they are with the United States Census Bureau taking a survey known as the American Community Survey.  While it is true that the official United States Census is only done once every ten years, the Census Bureau does a limited survey of randomly selected people in all of the states as well as Washington D.C. and Puerto Rico each year.

So how can you tell if you are being contacted and solicited for information by a legitimate census worker or by a scammer merely using the American Community Survey as a ruse to gather personal information from you in order to make you a victim of identity theft?  First of all, the real American Community Survey does not ask for your Social Security number or credit card information.  If you are asked for that information, it is a scam.


If you are contacted about participating in the American Community Survey, it is prudent to confirm that you have been selected to participate in the survey.  You can do this by calling their service line at 800-354-7271.  You can also complete the survey by phone at this number.  If you have been contacted by phone, you can confirm that the phone call is legitimate by calling one of the Census’ telephone centers.  If you want to verify that someone who is visiting your home is a legitimate census worker, you can confirm this by calling the Census Regional Office for your area.  Here is a link with all of that contact information and more from the Census Bureau.

Scam of the day – August 24, 2015 – Plenty of Fish dating site hacked

August 24, 2015 Posted by Steven Weisman, Esq.

Plenty of Fish ( an online dating website with more than a hundred million members had its website corrupted by hackers who managed to install a keystroke logging malware program known as Tinba that enables the identity thieves to steal credit card and banking information from its victims.  What makes this hacking particularly noteworthy is that the hackers did not hack into the computers of Plenty of Fish to install malware as was done in the recent hacking of Ashley Madison.  Instead, they hacked into the computers of a legitimate advertising company, Improve Digital that distributed online advertisements to Plenty of Fish.  The malware was attached to legitimate online advertisements placed by Improve Digital on the Plenty of Fish website.  And as I always say, “things aren’t as bad as you think, they are worse.”  In this case, it was not even necessary for someone visiting the Plenty of Fish website to click on the infected advertisements to permit the malware to be downloaded on to their computers.  All that was necessary was to merely go to the now infected website to have  your computer, in turn, infected with this dangerous malware.


If you are a user of Plenty of Fish, you should monitor your bank accounts and credit card accounts closely.  You also would be wise, if you already have not done so, to put a credit freeze on your credit report.  You can find information as to how to do this here on Scamicide.  Just go to the archives and enter the words “credit freeze.”  You also should make sure that you are using the latest anti-virus and anti-malware software on your computer and run a scan for any viruses or malware.