Scam of the day – November 11, 2017 – New Netflix phishing email

The popularity of Netflix makes it a preferred subject for phishing emails sent to people appearing to come from Netflix in which you are told you need to update your credit card information or asking for other personal information.   As recently as September 24th I warned you about a new Netflix phishing email and now there is an even newer one being circulated that requires you to provide your personal information including your credit card number or else your account will be suspended.  Reproduced below is a copy of the email presently being circulated.  It looks legitimate, but it is easy to counterfeit the Netflix logo and make the email appear to be legitimate when it is not.  Two things can happen if you click on the link in the email.  Either you will be directed to a phony but legitimate looking website where you will be prompted to input your credit card information and thereby turn it over to an identity thief or, even worse, merely by clicking on the link, you will download keystroke logging malware that can steal all of the information from your computer and use it to make you a victim of identity theft.

Screen Shot 2017-11-03 at 11.23.26-1.png

TIPS

As I always say, “trust me, you can’t trust anyone.”  You can never be truly sure when you receive an email seeking personal information such as your credit card number whether or not the email is a scam.  The risk of clicking on a link or providing the requested information is just too high. Instead, if you think that the email might be legitimate, you should contact the company at a telephone number that you know is legitimate and find out whether or not the email was a scam.

As for Netflix in particular, it will never ask in an email for any of your personal information so anytime you get an email purportedly from Netflix asking for your credit card number, Social Security number or any other personal information, it is a scam.  Here is a link to Netflix’s security page for information about staying secure in regard to your Netflix account.  https://help.netflix.com/en/node/13243

Scam of the day – November 10, 2017 – Veterans’ Day scams

Tomorrow, November 11th is Veterans’ Day, a day we set aside to honor those who have served our country and to whom all Americans owe a debt of gratitude.  However, for scam artists, tomorrow is just another opportunity to take advantage of the best intentions of people and steal their money.  People will be receiving telephone calls that purport to be from various veterans’ organizations or charities seeking donations when, in fact, many of these calls will be from scammers seeking to steal money under false pretenses.

Other scams related to Veterans’ Day will occur when veterans receive telephone calls purporting to be from the Veterans’ Administration asking for personal information necessary to verify or update the information of the VA.  Of course, the call is not from the VA and the request for personal information is merely to gather that type of information in order to make the veteran a victim of identity theft.

TIPS

Even if you are on the federal Do Not Call List, which is a good thing to be on if you wish to avoid telemarketers, you are legally able to be called by charities.  The problem is that whenever you receive a call purporting to be from a charity, you have absolutely no way of knowing if you are being contacted by a legitimate charity.  You also cannot know, without doing some research, whether the particular veterans’ charity that may be contacting you is legitimate or not.   As I often advise you, never give personal information such as credit card information to anyone over the phone if you have not made the call.  If you are considering a gift to a particular charity, first check out the charity with www.charitynavigator.org to make sure that the charity is legitimate and then get the address from charitynavigator.org for the charity, if it is legitimate,  so that if you wish to make a gift, you can make it directly to the charity.

As for calls that you may receive purporting to be from the VA or any other governmental agency requesting information, you should never provide information over the phone to anyone because, as I indicated above, you can never be sure if the caller is who he or she says they are.  In this case, you should contact the particular agency at a telephone number that you know is accurate to confirm whether or not the request for personal information was legitimate or not.  Most of the time, the call will turn out to be a scam.

Scam of the day – November 9, 2017 – Car wrap scam resurfacing

Reports are resurfacing of increased instances of the car wrap scam which has been around for a few years.  We have all seen car wraps, which are advertisements for a company wrapped around a car.  For someone looking for some money in return for very little effort, this may seem like a match made in heaven.  But if you are not careful, it could be a match made in scam hell.

Car wrapping is actually legitimate, which is part of the problem.  Scammers exploit legitimate advertising through car wraps by either putting an ad on the Internet or contacting you through a mass email in which they seek people to have their car’s used for advertising through this technique called shrink wrapping.  Unsuspecting victims respond to the advertisement and are sent a check for  more than the amount that the victim is owed.  The victim is instructed to deposit the check in his or her bank account and wire the rest back to the company.  This is where the scam comes in.  The check that the scammer sends you is a counterfeit.  However, unfortunately, the money that you wire the scammer comes right out of your bank account and is almost impossible to retrieve.  This scam of sending you a check for more than what you are to be paid is used in many other scam variations.

TIPS

Always be wary if someone asks you to wire money to them as a part of a business transaction.  Scammers do this all the time because it is quick and almost impossible to stop.  In addition, even if you get what appears to be a certified check and wait a few days for the check to clear, you will still be out of luck because it takes weeks for a check to fully clear.  Banks are required by law to give you conditional credit after a few days, which means that if the check turns out to be a counterfeit, the credit is removed from your account and if you have, in turn, made checks or wired funds from you account assuming the check was legitimate, you are out of luck and  your own money.  A check sent to you by someone with whom you are doing business for whatever purpose that is more than the amount you are owed that comes with a request for you to send the overpayment amount back is a scam.  Don’t fall for it.

Scam of the day – November 8, 2017 – New banking malware threat uncovered

Researchers at Cisco Talos have recently uncovered a new method cybercriminals are using to trick people into downloading a strain of malware called Zeus Panda which steals banking information from the victim’s computer and uses it to steal from their bank accounts.

The first step in the process used by the cybercriminals was to come up with a long list of search phrases that people would use when they would search for banking information on search engines, such as Google.  They then used compromised web servers and Search Engine Optimization (SEO) tactics to make sure that the phrases appear high on a search engine search page.  Next the cybercriminals would use infected links that appear in compromised legitimate business websites appearing in the search to redirect the unwary victim to a malicious website where the victim would be prompted to download a document, open the file and click “Enable Editing” which  ultimately downloads the malware that steals banking and other sensitive information to be used by the cybercriminals.

TIPS

This scam is just another reason why it is important to remember my motto, “trust me, you can’t trust anyone.”  Merely because a website comes up high in a search engine search on Google or any other search engine does not mean that it is legitimate.  Companies and servers must constantly monitor themselves to make sure that they are not compromised, however, the key for us as consumers is to follow the rule of never downloading attachments or enabling macros unless we have absolutely confirmed that they are legitimate.  While many people know not to click on unverified links, few people think to confirm attachments from trusted websites before downloading them because they may be infected.

Scam of the day – November 7, 2017 – Another email scam

Reproduced below is another email scam similar to the infamous Nigerian email scam.  This email which is presently being circulated preys on the vulnerability and greed of its victims by promising money for nothing or in this case, a small fee.

Although it may seem that the Nigerian email scam began in the era of the Internet, the basis of the scam actually goes back to 1588 when it was known as the Spanish Prisoner Scam.  In those days, a letter was sent to the victim purportedly from someone on behalf of a wealthy aristocrat who was imprisoned in Spain under a false name.  The identity of the nobleman was not revealed for security reasons, but the victim was asked to provide money to obtain the release of the aristocrat, who, it was promised would reward the money-contributing  victim with great sums of money and, in some circumstances, the Spanish prisoner’s beautiful daughter in marriage.

Today’s scam of the day is just another variation of the Nigerian letter scam.   Although generally you are told initially that you need to contribute little if anything financially to the endeavor, you soon learn that it is necessary for you to contribute continuing large amounts of money for various reasons, such as fees, bribes, insurance or taxes before you can get anything.  Of course, the victim ends up contributing money to the scammer, but never receives anything in return.

Here is a copy of the email, I recently received:

ATTENTION, I ‘M CONTACTING YOU NOW BASE ON ISSUE IN MY OFFICE THIS MORNING BECAUSE YOUR PAYMENT FILE WHICH CONTAIN YOUR $4.5M WAS BROUGHT TO ME BY THE BANK OF AFRICA HERE IN BENIN REPUBLIC WHO ORDERED ME TO SIGN THE CANCELLATION OF YOUR ALWAYS INSULT HIM BECAUSE THEY TOLD YOU TO PAY $69 TO RECEIVE YOUR FUND. SO I DECIDED TO WRITE YOU BECAUSE I FOLLOWED THE LAW AND I WILL NOT BE AGAINST ANYBODY IN THIS WORLD AND I THINK THAT MAYBE HE HAS A LITTLE PROBLEM WITH YOU. I HAVE NOT TOUCH YOUR PAYMENT FILE UNTIL I HEAR FROM YOU THIS MORNING BECAUSE I HAVE A HUMAN SYMPATHY. SO MY DEAR I NEED TO KNOW WHAT HAPPENED AND IF YOU STILL NEED TO RECEIVE YOUR FUND THEN I WILL TELL YOU WHERE YOU WILL SEND THE $69 AND HAVE THIS FUND SEND TO YOU THROUGH MY POWER. YOUR URGENT REPLY IS NEEDED. THANK,S CHIEF JUSTICE frank williams

TIPS

This is a simple scam to avoid.  It preys upon people whose greed overcomes their good sense.  The first thing you should ask yourself is why would you be singled out to be so lucky to be asked to participate in this arrangement.  Since there is no good answer to that question, you should merely hit delete and be happy that you avoided a scam.  As with many such scams, which often originate outside of the United States, the punctuation and grammar are not good.

Many people wonder why cybercriminals and scammers send out such ridiculously obvious scam letters that anyone with an ounce of sense would recognize as a scam, but that may be intentional on the part of the scammer because they don’t want to waste their time with people they would have to work hard to convince.  Those who respond to such obvious scam letters are more likely to quickly fall prey to the scam.

Scam of the day – November 6, 2017 – FTC and State Attorneys General act on student loan scams

More than forty-two million Americans have student loans with an outstanding balance of more than 1.4 trillion dollars so it is no surprise that scammers are focusing their attention on these students and former students through scams that falsely promise to provide debt relief.

Now the Federal Trade Commission, working with the Attorneys General of eleven states, has initiated what it cleverly calls, Operation Game of Loans to jointly target these scams.   Some scammers promise dramatic reductions of debt of 50% or more in return for upfront fees of between $500 and $2,500.  Often these scam companies have names that make it appear that they are endorsed by the federal government.

TIPS

The old adage still is true.  If it sounds too good to be true, it probably isn’t true.  Many of these student loan debt relief scammers promise quick loan forgiveness, which is unrealistic.  In addition, you should never pay any upfront fees for student loan debt relief assistance.  That is a sign of a scam.  Also, remember my motto, “trust me, you can’t trust anyone.”  Don’t trust scammers who may be using names that sound like they are affiliated with the government.

For information you can trust about federal student loan repayment option, go to https://studentaid.ed.gov/sa/repay-loans .  There you can learn about loan deferments, forbearance, repayment and loan forgiveness programs and there is never an application fee.  If you owe private student loans, contact your loan servicer directly.

Scam of the day – November 5, 2017 – New Google bug bounty program

As I have reported to you for more than a year, various companies and even federal agencies, such as the Department of Defense offer “bug bounties” to vetted hackers who are able to identify vulnerabilities in their software,web pages and computer networks.  Google and Facebook have long made cash payments to independent hackers, sometimes called white hat hackers to distinguish them from the criminal black hat hackers, who identified vulnerabilities in their computer code.  Generally, these bounties are between $500 and $15,000.  Google has paid out millions of  dollars in bug bounties since the program was started in 2010.

Now Google is offering a new bug bounty program focused on Android apps found in the Google Play Store.  Google is also particularly interested in flaws that may be present in Dropbox, Duolingo, Snapchat, Tinder and Alibaba.  The bounty is $1,000 for every flaw that meet Google’s criteria.

TIPS

This is a positive strategy for businesses and  government to follow to enhance cybersecurity.  As for us as individuals, the best things we can do to protect our cybersecurity is to keep our anti-virus and anti-malware software up to date on all of our electronic devices and refrain from clicking on links or downloading attachments in all forms of electronic communication until we have absolutely confirmed that the communications are legitimate.  Otherwise, the risk of downloading malware is too great.

Scam of the day – November 4, 2017 – FTC obtains court order against credit monitoring scammers

In the February 15, 2017 Scam of the Day I first told you about the Federal Trade Commission (FTC) getting a temporary restraining order against Credit Bureau Center LLC, Michael Brown, Danny Pierce and Andrew Lloyd as a part of its legal action against them on charges that they operated scams involving phony rental property advertisements and offered “free” credit reports for which they charged monthly amounts to their victims’ credit cards.  Now nine months later, a court has issued a final order against Danny Pierce and Andrew Lloyd in which they will pay $762,000 to settle the FTC’s claims.  Litigation continues against the other defendants.

According to the FTC, the scammers placed Craigslist advertisements for rental properties they were not authorized to represent and in some circumstances even placed advertisements for properties that did not even exist.  When people responded to the ads, the victims were told that before they could see the properties they had to get a free credit report from the defendants’ websites’ myscore.com, creditupdates.com and freecreditnation.com in order to qualify to be considered for renting the properties.  The “free” credit reports, however, were far from free because the fine print in the agreement to obtain the “free” credit report required the victim to enroll in a credit monitoring service with a continuing monthly charge of $29.94.  According to the FTC, the victims never were shown properties even after getting the required credit report and the scammers ignored all communications from their victims after the victims signed up for the credit monitoring service.

TIPS

Advertisements for rental units and vacation rentals that are not owned by the scammers placing the advertisements is a common scam.  It is easy for scammers to get photos and other information about rental units and vacation rentals from legitimate websites and post them to lure victims into sending money to the scammers as a deposit.

A good way to protect yourself from this type of scam is to do a Google or other search engine search with the address of the property to see where it may turn up and who is listed as the owner.  Another good source of information is to go online to the Tax Assessor for the city or town where the property is located and confirm that the name of the property owner matches the name of the person attempting to rent you the property.

In regard to “free” credit reports, you should never have to give a credit card number for a free service although often scammers require this.  You should also carefully read any contract you make.  There rarely is anything fine in fine print.  The victims of this particular scam would have seen that they were signing up for a recurring charge if they carefully read their contract.

Finally, carefully monitor your credit card statements and bank accounts often to discover fraudulent charges as soon as possible.

Scam of the day – November 3, 2017 – New developments in the Internet of Things

I have been warning you about dangers in the rapidly expanding Internet of things for more than three years.  The Internet of Things is made up of a broad range of devices connected to the Internet including home thermostats, security systems, medical devices, refrigerators, televisions, cars and toys.

Recently the FBI issued a  new warning to consumers about the dangers of posed by hacking of various devices that makeup the Internet of Things.

Here is a link to the FBI warning.  https://www.ic3.gov/media/2017/171017-1.aspxGPS.

Recently, Italian researcher Giovanni Mellini published his findings that he was able to remotely hack into and take control of a sex toy described by its manufacturer as “the world’s first teledildonic butt plug.”  There has been a trend in recent years in the sex toy industry to creating sex toys that can connect to smartphones and computers through Bluetooth or Wifi technology that enables the sex toy to be controlled remotely.  While this opens up new vistas for consenting adults far away from each other, it also opens up frightening new opportunities for hackers.

TIPS

Many of the devices that make up the Internet of Things come with preset passwords that can easily be discovered by hackers.  Change your password as soon as you set up the product.  Also, set up a guest network on your router exclusively for your Internet of Things devices.  Configure network firewalls to block traffic from unauthorized IP addresses and disable port forwarding.  Make sure that you install the latest security patches as soon as they become available.  Use encryption software for the transmission of data and find out where data is stored and what steps are taken to secure the information.  Also, limit the amount of information you provide when setting up the accounts for the toys.  The less information out there, the less the risk of identity theft.  Finally make sure your router is secure and use its whitelisting capabilities which will prevent your device from connecting to malicious networks.

Scam of the day – November 2, 2017 – Phony retailer website shopping scams

Although it is not yet even Halloween, many people have already turned their attention to the upcoming holiday shopping season and for many of us, shopping online is both more convenient and often more economical than shopping in a brick and mortar store.  The problem is that scammers are quite adept at setting up phony websites to sell shoddy or even non-existent items.  Many times, the scammers will make their websites appear to be those of legitimate retailers in order to trick people into trusting them and it takes little skill to make a phony website that looks just like that of a legitimate retailer that you trust.

So how can you keep from being scammed?

TIPS

The first indication that you are shopping on a scammer’s website is often that the price looks to be good to be true.  Most of the time, if it looks too good to be true, it probably is a scam.

Scams are often perpetrated by people whose primary language is not English so be on the lookout for grammar and spelling mistakes in the website.

A good place to evaluate a website selling retail goods is www.resellerRatings.com where you can find reviews about particular merchants and see if they are legitimate.  If they are not even listed there, they probably are a scam.

Finally, it can be very helpful to find out to whom the website where you are considering shopping is registered. You can go to www.whois.com/whois/ and find out who actually owns the website at which you are considering shopping and if it doesn’t match who they say they are, you should stay away from it.