Category: ‘Site Related’

Scam of the day – April 17, 2014 – Stolen phone leads to identity theft

April 17, 2014 Posted by Steven Weisman, Esq.

New York state police are reporting the theft of a woman’s smartphone that was then used to send text messages appearing to be from the woman whose smartphone was stolen indicating that she had car problems and needed her friends to wire her money to cover towing charges for her car.  The phone thief sent the text message to a number of her friends from the victim’s phone so it appeared the calls were coming from the victim.  The thief persuaded the victim’s friends to wire money to a Western Union kiosk in a Rite Aid pharmacy where the thief collected the funds.  Police managed to catch the thief and have charged him with identity theft and larceny.

TIPS

There are a number of lessons here for all of us.  First, you should always have a complex password for your phone so that it cannot be used by someone who may steal it or if you lose it.  The second lesson is never to trust a text message.  You can never be sure of who is actually sending the text message.  Particularly if you get a text message requesting money, you should call the person and talk to them personally before sending money for an emergency.

Scam of the day – April 16, 2014 – Latest security updates from the Department of Homeland Security

April 16, 2014 Posted by Steven Weisman, Esq.

As regular followers of Scamicide know, whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security.  Today’s software update is particular extensive and includes updates for important software such as Adobe, Google Chrome and Internet Explorer.

TIPS

Here is a link to the latest release from the Department of Homeland Security with links to this important security update:

https://www.us-cert.gov/ncas/bulletins/SB14-104

 

Scam of the day – April 15, 2014 – Attorney General, Eric Holder victim of income tax identity theft

April 15, 2014 Posted by Steven Weisman, Esq.

Today being the deadline for filing your federal income tax return is also a good time to remind you that identity theft and income tax identity theft can happen to anyone.  It can even happen to the Attorney General of the United States.  Recently convicted of this crime were Yafait Tadesse and Eyaso Abebe, a man whose Facebook page describes him as an importer/exporter for Vandelay Industries, which if it sounds familiar is because it was a fictional company created by the George Costanza character in the old Seinfeld television show.  Obtaining the Social Security number of a real person and then filing a phony income tax return on behalf of that person before the potential victim files his or her legitimate federal income tax return is the key to income tax identity theft.  In this case Tadesse and Abebe purchased Social Security numbers including that of Attorney General Holder on black market websites and used the information to file phony returns and collect refunds.

TIPS

The two keys to protecting yourself from income tax identity theft are to protect the privacy of your Social Security number as best you can and file your federal income tax return as early as you can.  Even if an identity thief has managed to get your Social Security number, if you file your income tax return before he or she can file a phony return using your Social Security number, you will suffer no harm.  If an identity thief does manage to file a return using your Social Security number before you do, it can take many months before you can straighten the matter out and get your true refund.

Scam of the day – April 14, 2014 – The last income tax scam of the season

April 14, 2014 Posted by Steven Weisman, Esq.

Tomorrow is April 15th which is the last day for filing your federal income tax return unless you are a procrastinator who has filed an extension.  Identity thieves and scammers love income tax season as it provides them with an opportunity for a wide variety of scams to steal your money.  I have described these scams in numerous Scams of the day.  As the income tax season comes to an end, scammers and identity thieves are busy with one last scam about which I want to warn you.  It starts with you receiving an email that appears to come from the IRS Taxpayer Advocate Service in which you are told that there is a problem with your recently filed federal income tax return and that IRS computers have found errors in your return.  In order to resolve the problem, you are told to click on a link in the email that purports to take you to the IRS Taxpayer Advocate Service website where you are told you will find information about the problem and the name of the taxpayer advocate assigned to your case.  If you click on the link, you will not go to the IRS Taxpayer Advocate Service, which is a real organization.  Instead you will be sent to a legitimate looking, but phony website that will solicit you to provide information that will enable the identity thief behind this scam to make you a victim of identity theft.

TIPS

The easy way to avoid this scam is to remember that the IRS will never initiate contact with taxpayers by email.  If you get an email, text message or phone call purporting to be from the IRS initiating contact about anything, you can be sure that it is a scam.  As a general rule, however, it is important to recognize that whenever you get an email, phone call or text message, you can never be sure of who is contacting you and whether or not they are legitimate.   Therefore never provide information to anyone who contacts you in this manner and do not click on links or attachments in unsolicited text messages or emails which may either be seeking personal information from you to be used to make you a victim of identity theft or will automatically when you click on the link download keystroke logging malware on to your computer that will steal the information from your computer and again use it to make you a victim of identity theft.

Scam of the day – April 13, 2014 – AT&T bill scam

April 13, 2014 Posted by Steven Weisman, Esq.

Today’s Scam of the day comes directly from my email where I received the following email purporting to be from AT &T.  This is an example of a phishing email that may appear to be from a legitimate source, but is from an identity thief.  As with many phishing scams it implies that there is an emergency, namely in this case, a problem with my billing information that could result in the termination of my account.  The email then provides a link for me to go to in order to provide the necessary information to maintain my account.  DO NOT CLICK ON THE LINK.  Clicking on the link will either take you to a page where you are asked to provider personal information that would be used to make you a victim of identity theft or it will cause keystroke logging malware to be installed on to your computer or other device that would steal your personal information and make you a victim of identity theft.  In this particular phishing scam there are many indications that it is a scam.  First is that it came from an email of a private individual and not from AT&T.  In fact, the email probably was sent as part of a botnet where an unsuspecting victim’s computer was hacked and used to send out these scam emails.  Another indication is that the email is not directed to me by name, but rather to me as “Dear customer.”  In addition there is not identification of my particular account.  Finally, and most tellingly are the spelling errors such as the incorrect spelling of the word “failure” and “result.”

 

“Dear customer,

 We noticed that your billing information has recently change as we are unable to process
your last month bill.

 Please update your billing information by clicking on our secure server below to avoid termination of your AT&T line.

www.att.com/billing/update

 Note: Faluire to update your billing information will rezult to termination of your Line and you wont be able to restore your number.

Best regards,
AT&T© 2014 AT&T Inc.All rights reserved.”

TIPS

Never click on links in emails or text messages unless you are absolutely sure that they are legitimate and do not provide personal information in response to an email unless you are absolutely sure that both the request is legitimate and that the request is actually coming from the real company.  When I first received this email I could tell right away that it was a scam.  However, if I had any thought that it might be legitimate, I would call the company, in this case AT&T at a telephone number that I know is correct in order to inquire about the email.

Scam of the day – April 12, 2014 – Heartbleed password reset scams

April 12, 2014 Posted by Steven Weisman, Esq.

By  now everyone is aware of the Heartbleed security flaw in the Open SSL  security technology that has been used by two-thirds of the world’s websites to encrypt communications between computer users and these websites.  Where until recently we were under the impression that our passwords as well as all information communicated using this technology including credit card numbers when buying something on these websites were secure and protected, we now learn that this flaw, which has existed for two years permits a hacker to get access to all of this information and use it to make us victims of identity theft.  Experts including myself are advising people to change their passwords although it cannot be emphasized enough that you should not change your passwords until the websites have implemented the security measures necessary to patch this problem.  Fortunately, the software necessary to do just that is available.  However, you should confirm with all websites where you have done business and use a password that the website has indeed updated their security before you change your password because otherwise you may be merely turning your new password over to an identity thief.

A new scam, however has arisen from the Heartbleed affair as identity thieves are sending emails to people posing as legitimate websites, such as Amazon in which the identity thief posing as the legitimate company tells you that you need to change your password and provides a link in the email for you to do so.  The emails look legitimate, but they are phony.  If you click on the links two things can happen and they both are bad.  You will either be prompted to provide personal information that will be used to make you a victim of identity theft or merely by clicking on the link, you will download keystroke logging malware that will steal information from your computer and make you a victim of identity theft.

TIPS

As I constantly advise you, never click on links in emails unless you are absolutely sure that they are legitimate.  In this case, you may get a legitimate email from a company with which you do business prompting you to change your password and to initiate the process by clicking on a link.  However, you have absolutely no way of knowing whether or not the email is legitimate or a phishing scam.  The best thing to do in this situation is to ignore the email and instead go directly to the website of the particular company at an address you know is correct and change your password there.  In this way, you can be sure that you are not providing information to an identity thief.  When Target sent emails to customers with a link to access credit monitoring after its major data breach last year, you could not be sure if the email was from Target or not.  Savvy computer users just went directly to the Target website where they could access the free credit monitoring without the risk of providing information to an identity thief.

Scam of the day – April 11, 2014 – Windows XP support scams

April 11, 2014 Posted by Steven Weisman, Esq.

Scammers and identity thieves are quite adept at taking advantage of whatever concern people may have at any particular time and, as you are aware, the announcement by Microsoft that it would no longer be issuing security updates for the Microsoft XP operating system has left many consumers concerned about what they should be doing if they are still using that system on their computers, laptops or tablets.  Scammers and identity thieves have been taking advantage of this situation by starting to contact people by phone claiming that they are a part of Windows Helpdesk, Windows Service Center, Microsoft Tech Support or any of a number of different entities and that they can help by providing updates remotely or by directing them to websites where they can sign up for help.  All of these offers are phony.  Neither Microsoft nor any other entity connected to Microsoft is making unsolicited calls to consumers.  Allowing the caller to get remote access to your computer will only result in the identity thief getting access to the personal information contained in your computer which will be used to make you a victim of identity theft.  When you are directed to websites, in other variations of the scam you are prompted to provide your credit card which will be used to steal from you or you will be prompted to provide personal information that will be used to make you a victim of identity theft.

TIPS

Remember, anyone who makes an unsolicited call to you offering to help you with your Microsoft XP is not connected with Microsoft or any related company.  As always, you can never be sure of who is calling you whenever you receive a phone call even if your Caller ID indicates it is a legitimate caller.  Caller ID can be manipulated by scammers through a technique called spoofing.  The best thing you can do is to consider upgrading to another operating system.  Windows XP is outdated and continued use of it will make you vulnerable to various hacking scams.  You can go directly to Microsoft at www.microsoft.com to learn what other options may be available to you.

Scam of the day – April 10, 2014 – Serious security danger on the Internet of Heartbleed

April 10, 2014 Posted by Steven Weisman, Esq.

The term “Heartbleed” sounds serious and it is.  Heartbleed is the name of the recently discovered security flaw in the Open SSL encryption security technology that is used by up to 2/3 of websites on the Internet.  An indication that the website you are communicating with uses Open SSL is the presence of the tiny padlock icon next to the website address.  Another indication of the use of Open SSL being used is the letter “s” appearing after the initial “http” at the beginning of a website address.  The padlock and the “s” indicated to people communicating with websites that your communications were encrypted and safe from hackers.  Now we have discovered that this encryption technology had been cracked by attackers as long as two years ago.  This means that your communications online with your bank and retailers may have been compromised.  Many websites that have used the Open SSL encryption technology including Amazon and Facebook have fixed the problem or are working on it.  There are patches available.

TIPS

The first thing that you should do is to change your passwords at websites you have used that utilized the Open SSL encryption because your password may be in the possession of hackers.   However, do not change your password until you have confirmed with the Website that it has patched the security flaw.   Heartbleed is a good reminder to us all that we should change our passwords on a regular basis as well as have different passwords for every website where we use a password so that if one gets hacked, identity thieves would not have the passwords for all of our other accounts.  It doesn’t have to be a difficult task as just adding or changing a letter or two can do the trick if you have a good, complex password with letters both capital and small as well as figures and signs.  Also, again as we all should be doing, monitor all of your accounts regularly for evidence of fraudulent use.

Here is a helpful link you can go to in order to check and see if the websites you go to were among those affected by Heartbleed.  One word of caution, this is not guaranteed by its creator to be 100% accurate: http://filippo.io/Heartbleed/

For people who have websites that use Open SSL, here is a link to the notice from the Department of Homeland Security with the links to rectify the situation.https://www.us-cert.gov/ncas/alerts/TA14-098A

Scam of the day – April 9, 2014 – Follow up on ATM danger

April 8, 2014 Posted by Steven Weisman, Esq.

Yesterday Microsoft officially ended technical support for its Windows XP program, which is still used by 95% of the world’s ATMs.  Many people are justifiably concerned about the security of the ATMs that they use and if it is safe to still use them or are they in serious jeopardy of having their accounts hacked.  Although April 8th was the day that Microsoft indicated that it would no longer issue technical updates to the Windows XP operating system, some ATMs work on a variation of the Windows XP operating system called Windows Embedded.  Security updates for Windows Embedded will continue to be issued until January 12, 2016.  In addition, some major banks have made private arrangements for security updates from Microsoft for Windows XP.  JPMorgan, for instance has made private arrangements with Microsoft for updates for another year.  However, the basic fact is that Microsoft is stopping further updates of Microsoft XP because it is an outdated system and the cost of constantly patching it does not make sense.  Anyone using Windows XP whether commercially or privately should update to another operating system as soon as possible.

TIPS

Ask your bank what it is doing about the Windows XP operating system and if they tell you that they are still able to use it in the short run, ask them what their intentions are in the long run because security patches are not a solution to the vulnerabilities that have already been identified in the Windows XP operating system.   If your account is hacked due to a flaw in the Microsoft XP operating system running an ATM that you use, you will not be responsible for any funds lost if you notify the bank right away and it is a good idea to monitor your account online every few days to make sure that it is secure. If you use Windows XP on your home devices, you too are at risk and should update your operating system to another system as soon as possible.

Scam of the day – April 8, 2014 – Latest security update from the Department of Homeland Security

April 8, 2014 Posted by Steven Weisman, Esq.

As regular followers of Scamicide know, whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security.  Today’s software update applies to Apple’s Safari browser.

TIPS

Here is a link to the latest release from the Department of Homeland Security with links to this important security update:

https://www.us-cert.gov/ncas/current-activity/2014/04/02/Apple-Releases-Security-Updates-Safari