Category: ‘Site Related’

Scam of the day – July 31, 2014 – Latest software security updates

July 31, 2014 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates provide critical security updates for a number of important software programs which we all use including Google Chrome and Mozilla Firefox, which if not installed will put you in serious jeopardy of identity theft and being hacked.

TIPS

Here is the link to the latest security updates as issued by the Department of Homeland Security: https://www.us-cert.gov/ncas/bulletins/SB14-209

Scam of the day – July 30, 2014 – European Central bank hacked and extorted

July 30, 2014 Posted by Steven Weisman, Esq.

The European Central Bank has announced that hackers had hacked into its computers and stole information about people who had registered for some bank events which included news conferences.  Many of the people whose information was stolen were journalists who attended bank events including news conferences.  The information stolen included names, email addresses and telephone numbers.  Shortly after the information was stolen, the bank received an extortion email demanding money and threatening to release the information if the hackers were not paid.  It is important to note that although the hacking was of the European Central Bank which has much confidential and sensitive information within its computers, the hacking was from a public website of the bank that is not connected to the bank’s computers and data banks of sensitive information.  The hacking is, however, embarrassing for an institution that prides itself on its security.

TIPS

This incident is another reminder that your personal information is only as safe as the places with the weakest security that hold your information.   As much as you can, you should limit the information you provide companies and governmental agencies.  It is also important to note that when apparently innocuous information such as this is compromised it makes those people affected more vulnerable to spear phishing which occurs when you receive a phony email that is directed to you personally and appears to come from a trusted source with which you have done business.  It is for this reason that I advise people never to click on links in emails or download attachments from emails unless you are absolutely sure that they are legitimate.  Too often the email that appears legitimate may actually be coming from an identity thief who has personal information about you and who may put malware into these links and attachments.

Scam of the day – July 29, 2014 – Government takes action against mortgage relief scams

July 29, 2014 Posted by Steven Weisman, Esq.

The Federal Trade Commission, Consumer Financial Protection Bureau as well as attorneys general from fifteen states have started legal actions against more than 40 law firms and companies including the Utah based Danielson Law Group, FMC Counseling Services and California based Mortgage Relief Advocates that are alleged to have falsely promised distressed homeowners that they could lower their mortgage payments and interest rates as well as stop foreclosures.  In violation of the law these companies and law firms collected advance fees for services not yet performed and in most cases were never performed.  These fees ranged up to $6,000 for initial fees with additional monthly fees for which the consumers received little or nothing.

TIPS

A telltale signs of a mortgage relief scams is the demand for an upfront fee before services are rendered.  The FTC’s Mortgage Relief Services Rule bans advance fees until you have actually received an offer of relief from your lender and you have accepted that offer.  Mortgage scammers also often tell you to stop paying your mortgage and not to communicate with your lender.  This is bad advice when you have a problem with your  mortgage.  Failing to make payments can make it worse and not communicating with your lender if you are having a problem paying your mortgage will only make the problem worse.  Finally, don’t trust any company that guarantees that they can get you a mortgage payment reduction and never transfer title to your home to anyone saying they are trying to help you.  That is another sure sign of a scam.

If you do find yourself having difficulty making your mortgage payment, either speak with your lender directly to see if you can get a modification or call a legitimate credit counselor through the Homeownership Preservation Foundation which is a non-profit company that provides free help to modify your mortgage and avoid foreclosure.  You can reach them at 1-888-995-HOPE.

Scam of the day – July 28, 2014 – Malaysia becoming a scam center

July 28, 2014 Posted by Steven Weisman, Esq.

Recently Malaysia has become a major hub for scams, most prominently romance scams in which the scam artist, the only criminal we refer to as an artist, contacts the victim on a legitimate dating website, such as Match.com and starts an online relationship with the victim that soon progresses to a plea for money.  It has been estimated that the total cost of Malaysian cybercrime last year was 300 million dollars with romance scams being one of the most prominent of the scams perpetrated.  Two American women, in particular each was swindled out of more than $250,000.  The scammers are quite often from Nigeria or Ghana, but come to Malaysia because it is easy to get a student visa, the country has a sophisticated computerized banking system and the Internet infrastructure is strong.  This creates a perfect storm for scammers.  Often the scammers pose online as American, Canadian, Australian or British nationals who are in Malaysia for business.

TIPS

There are many red flags to help you identify romance scams.  The most important thing to remember is to always be skeptical of anyone who falls in love with you quickly online without ever meeting you and early into the relationship needs you to wire money.  Here are a few other things to look for to help identify a romance scam.  Often their profile picture is stolen from a modeling website on the Internet.  If the picture looks too professional and the person looks too much like a model, you should be wary.  Particular phrases, such as “Remember the distance or color does not matter, but love matters a lot in life” is a phrase that turns up in many romance scam emails.  Also be on the lookout for bad spelling and grammar as many of the romance scammers claim to be Americans, but are actually foreigners lying about where they are and who they are.  Of course you should be particularly concerned if someone falls in love with you almost immediately.  Often they will ask you to use a webcam, but will not use one themselves.  This is another red flag.  One thing you may do is ask them to take a picture of themselves holding up a sign with their name on it.  In addition, ask for a number of pictures because generally when the scammers are stealing pictures of models from websites, they do not have many photographs. Ask for the picture to be at a particular place that you designate to further test them.  In particular be wary of  requests for money to assist your new “friend” out of difficult situation, which may be a false arrest, a car accident, an illness, injury or other emergency.

Scam of the day – July 27, 2014 – Senate holds hearings on the Grandparent scam

July 27, 2014 Posted by Steven Weisman, Esq.

Recently the Senate Special Committee on Aging held a hearing on the infamous Grandparent scam, which occurs when a scammer calls an elderly person posing as their grandchild who has been involved in some sort of emergency and needs the grandparent to wire money to them right away.  One 81 year old witness at the hearing spoke about receiving a call late at night from someone purporting to be his grandson who needed bail money after being arrested on a drug charge.  In response to the call, the witness testified how he purchased a  $7,000 prepaid money card and then provided the money card information to the scammer who has never been heard from again.  It was only afterwards that the witness was able to reach his grandson on his cell phone to learn that the entire matter had been a scam.

The Senate Special Committee on Aging has in recent years focused much attention on scams preying upon older Americans, such as the Jamaican lottery scam, income tax scams, Social Security scams and Medicare fraud.

TIPS

Never wire money unless you are absolutely sure about to whom you are wiring the money and it is not a scam.  If a claim about a medical or legal emergency is made, contact the hospital or legal authorities in the area to confirm that the information is accurate.  Make sure that you have the cell phone numbers of your grandchild as well as  anyone with whom your child or grandchild is traveling so you can confirm any calls claiming that an emergency has arisen.  Call the child directly on his or her cell phone to confirm the story.  Students traveling abroad should register with the State Department’s Smart Traveler Enrollment Program at https://travelregistration.state.gov/ibrs/ui/.  This program can help with communications in an emergency situation.

Scam of the day – July 26, 2014 – Immigrant children charity scam

July 26, 2014 Posted by Steven Weisman, Esq.

The plight of children from Central America pouring into America has caught the attention of many people as the government is working to both enforce our immigration laws while showing compassion for these children.  Times like this bring out the best in many people and there are a number of charities including, most prominently, Catholic Charities USA that are providing humanitarian assistance to these children in need.  Unfortunately, scammers are also taking advantage of the situation by either appealing to people through phony charities or by telephoning people pretending to be representing legitimate charities.  In both cases, the money you contribute goes to a scammer’s pocket and not to help needy children.

TIPS

Phony charities often have names that sound very similar to legitimate charities so don’t give to a charity unless you are sure that it is legitimate.  A good place to go to find out if a charity is legitimate as well as to learn how much of your contribution will go to the charity’s charitable purposes and how much goes to its own salaries and administrative expenses is www.charitynavigator.org.  As for telemarketing charitable solicitations, even if you are enrolled in the Do Not Call List, charities are allowed to call you, however, whenever you get a call, you can never be sure who is on the other end of the line so you should never make a charitable donation over the phone to someone who has called you.  If you are inclined to give a donation in response to such a call, go to the charities website or call them at a number that you know is correct in order to make your contribution.

Scam of the day – July 25, 2014 – Important security updates for Java and other software

July 24, 2014 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always identifying and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates provide critical security updates for a number of important software programs which we all use which if not used will put you in serious jeopardy of identity theft and being hacked.  In particular, this round of security updates provides important security updates for Java software.  Java has been a favorite target of scammers and identity thieves so much that the Department of Homeland Security has even advised people who don’t have to use Java, to disable it.  For more information about Java software I suggest you check out earlier Scams of the day that dealt with Java problems.  You can find these in the Scamicide archives.

TIPS

Here is a link to the latest security alert and updates as issued by the United States Department of Homeland Security: https://www.us-cert.gov/ncas/bulletins/SB14-202

Scam of the day – July 24, 2014 – StubHub hacking – what it means to you

July 24, 2014 Posted by Steven Weisman, Esq.

Six people including both Russian and American citizens were indicted yesterday in New York for hacking into 1,600 StubHub accounts and stealing more than 1.6 million dollars in tickets.  StubHub is a website where people can buy and sell sports and entertainment tickets.  Although the accounts hacked were StubHub accounts, it appears the fault was not that of StubHub, but rather of individual StubHub customers whose passwords and user names were obtained through hacking of other companies or through the use of keystroke logging malware programs unwittingly downloaded, most likely through phishing emails to the victimized consumers.

TIPS

For those people who used the same user name and password for all of their accounts, this hacking is another example of why you should not do so.  Using the same user name and password puts you in danger in all of your online accounts if merely one of your online accounts is hacked.  The better course of action is to use a different user name and password for every account that you use.  Although this may seem like a complicated thing to do, it need not be so.  Just adding a couple of letters describing the account to your password can provide you with much added security.  So for example if you used the basic, safe password of “IHatePasswords123!” which is a strong password and then added a few letters to describe the particular account such as a StubHub password of “IHatePasswords123!StubHb” you would have a difficult to break, but easy to remember password. As for protecting yourself from downloading keystroke logging malware by which you unknowingly download malware that provides access to all of the personal information on your computer the key thing to remember is to never click on a link or download an attachment unless you are absolutely positive that it is legitimate and you have independently confirmed its legitimacy.  Also, you should maintain your anti-malware and anti-virus software up to date with the latest security patches.

Scam of the day – July 23, 2014 – New data breach at Goodwill Industries

July 23, 2014 Posted by Steven Weisman, Esq.

Most people are familiar with Goodwill Industries, a network of agencies that sell donated clothing and household items at their stores around the country and use the proceeds of the sales to pay for job training and other community service programs.  The parent organization, Goodwill Industries International, Inc. has just announced that it is investigating a data breach involving credit cards and debit cards used to make purchases at Goodwill stores around the country.  They are not confirming that a breach has occurred, but that is only because as was the exact same situation with the recent data breach at P.F. Chang’s and a number of other massive data breaches in the last year, they have not discovered the breach yet.  It occurred.  Their computers have been hacked and data stolen.  The data breach was uncovered by banks who monitor fraudulent credit card use and as with the breach at P.F. Chang’s and others, the banks noted that a common denominator for the fraudulent card use was, in this case, that the cards had been used recently at Goodwill Industries.  You can expect a confirmation by Goodwill shortly.  It appears that the breach occurred at Goodwill stores in at least 21 states including California and New Jersey.  It is not known yet how the data breach was accomplished.

TIPS

No one should use a debit card for retail purchases because the consumer protection laws regarding fraudulent use of the debit card are not as favorable to the consumer as the laws relating to fraudulent use of a credit card.  Additionally, even if you discover that your debit card has been fraudulently used immediately, your account will be closed pending an investigation of the fraudulent use which can tremendously inconvenience you.  If you have used a credit card or debit card at a Goodwill store going back as far as June of 2013 you should monitor your account closely for indications of fraud.

This case also is another indication of the immediate need for the United States to catch up with the rest of the world and start using smart credit cards with computer chips that would eliminate this type of fraud.  Present regulations do not provide an incentive for retailers to use these cards until October of 2015 although some companies like Target, having been already harmed are speeding up the process.

As for we, the public, this is just another reminder that regardless of how careful you are in protecting your financial information, you are only as safe as the places with which you do business that have the worst security systems.

Scam of the day – July 22, 2014 – Malaysian Airliner Flight MH 17 scams

July 22, 2014 Posted by Steven Weisman, Esq.

With the world’s attention focused on the recent  shooting down of Malaysian Airlines Flight MH 17 over the Ukraine, it was inevitable that identity thieves and scammers would soon be exploiting this event toward their own criminal goals and that is just what is already happening.  There are a variety of scams that have sprung up that are using the shooting down of the airplane as a hook to scam members of the public.  One scam involves phony charities that are asking for donations for the benefit of the victims of the missile attack only to steal all of the donations.  Another scam involves emails, text messages or communications on social media, such as Facebook that promise startling video of the event.  One message reads “Video Camera Caught the moment plane MH17 Crash over Ukraine.  Watch here the video of Crash.”  If your curiosity gets the better of you and you click on the link to view the video, you may unwittingly download a keystroke logging malware program that will steal all of your personal information from your computer and make you a victim of identity theft.

TIPS

You should never give to a charity until you  have confirmed that it is legitimate.  Go to www.charitynavigator.org where you can not only find out whether or not the charity is legitimate, but also how much of your donation goes toward charitable purposes and how much goes to administrative costs and salaries.

As I always warn you, you should never click on any link in any email, text message, social media or other communication unless you are absolutely sure that it is legitimate.  In this case, the particular language that I reported above that is used to lure people to download malware is written in broken English and could be an indication that the source is a foreign scammer or identity thief.  If you must search for such video, stay with legitimate new sources such as CNN, ABC, CBS, NBC, Fox or other sources that can be trusted.