February 25, 2017 – Steve Weisman’s latest column for USA Today

March 3rd is the birthday of Charles Ponzi and although he died many years ago, the scheme with which bears his name still is being used to scam many people today.  Here is a link to my recent column for USA Today in which I give you some tips about how to recognize and avoid a Ponzi scheme.


Scam of the day – February 25, 2017 – Google Chrome malware threat

Google Chrome is the most popular web browser and this popularity has made it a target of hackers who have managed to inject malware into vulnerable websites created with the popular WordPress software.  The malware, in turn attacks the Google Chrome browser making the website unreadable at which point a popup message arises that says, “The ‘Hoefler Text’ font wasn’t found” and prompts the unwary victim to download a software update to fix the problem.  Unfortunately, if you download the suggested corrective software, in fact, you are downloading malware to your computer.


This particular scam takes advantage of vulnerabilities in WordPress software so it is very important, if you use WordPress for your website, as many people do, to update your WordPress security whenever security patches become available.  WordPress even allows you to have the security updates done automatically so you never delay in installing necessary updates.  I urge you to exercise this option.

In regard to this particular scam, although the pop up appears to come from Google Chrome to correct the font issue, Google Chrome will never provide downloads for correcting fonts.  Real messages from Google Chrome will never appear as an overlay to a website.  Finally, never click on links or download attachments of any kind without first verifying that the link or download is legitimate.  The risk is too great.

Scam of the day – February 24, 2017 – Talking doll banned in Germany

Cayla, a new doll from Genesis Toys seems like such a nice girl, but according to the Bundesnetagentur, the German telecommunications regulatory agency, she is a spy and she is now banned from Germany. Cayla is a part of the ever expanding Internet of Things and according to the Bundesnetagentur, Cayla has hidden cameras and microphones that could be used to record private conversations over an insecure Bluetooth connection.

Cayla is not the first doll to be so equipped, In the Fall of 2015, the latest incarnation of Barbie, the “Hello Barbie” was introduced.  Hello Barbie also has hidden microphones and speakers, but  instead of Bluetooth technology, uses Transport Layer Security (TLS) which is an encryption protocol to protect the privacy and security of communications


Many of the devices that make up the Internet of Things come with preset passwords that can easily be discovered by hackers.  Change your password as soon as you set up the product.  Also, set up a guest network on your router exclusively for your Internet of Things devices.

Scam of the day – February 23, 2017 – FTC settles robocall scam charges regarding Caribbean cruise scam

The Federal Trade Commission and ten states have settled civil charges against Fred Accuardi and a number of his affiliated companies that used illegal robocalls and telemarketing to sell Caribbean cruises under the guise of the victims receiving a free cruise for participating in a survey.

Between October 2011 and July 2012, the defendants made 15 million illegal robocalls  each day in which the person answering the call was told that he or she had been chosen to participate in a thirty second survey in return for which he or she would receive a free two day cruise to the Bahamas.  The truth is that the calls were used to market cruises of Caribbean Cruise Lines, Inc in which the consumers were convinced into paying for more expensive, higher level cruise packages.


Automated robocalls are a scam that has been with us for many years and despite the best efforts of the Federal Trade Commission, still is victimizing many people.    It is easy to identify a robocall that is a scam.  If you get a robocall, it is a scam.  Commercial robocalls are illegal.  In 2013 I reported to you about  how the FTC, in an effort to combat robocalls held a contest with a $50,000 prize to the person who came up with the best solution to stop robocalls. The winners that year were Aaron Foss and Serdar Danis who split the prize.  Their solution involved software that will filter out calls being placed by a computer or someone identified as an unwanted caller.  When you use the software, if a robocall comes in, it rings once on your phone and then your phone automatically hangs up on the call.  So all you have to do is let the phone ring and if it stops after one ring, it was a robocall.

The software developed by Foss and Danis is now available to anyone for free for your landline and for $4.99 per month for both your landline and mobile phone.  The company providing the service is Nomorobo and you can sign up for the service at   https://www.nomorobo.com/

Long time Scamicide reader Marty Kenney recently reminded me about nomorobo.  He has used it for a long time successfully.

Scam of the day – February 22, 2017 – Latest security updates from the Department of Homeland Security

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  These new updates from the Department of Homeland Security includes critical updates for Adobe software including Adobe Flash.

I have been warning you for years about flaws in Adobe Flash that have been exploited by hackers and identity thieves against individuals, companies and government agencies including the U.S. State Department and the White House.  Problems with Adobe Flash are nothing new.  In 2010 Steve Jobs vociferously complained about its security and it has routinely been cited as being extremely vulnerable.  Despite security patch after security patch, new problems keep coming up.  According to security company, Symantec 80% of the newly discovered software vulnerabilities which can be exploited by malware created by cybercriminals involved Adobe Flash.


Here are the links to a list of all of the recent security updates as posted by the Department of Homeland Security:


Some alternative plugins you may wish to consider to replace Adobe Flash include  GNU Gnash, and Silverlight.

Silverlight can be downloaded free directly from the Microsoft at this link: https://www.microsoft.com/silverlight/ while GNU Gnash can be downloaded free at this link: http://www.gnu.org/software/gnash/

Scam of the day – February 21, 2017 – U.S. Army warns about sextortion

The Army Criminal Investigation Command is warning military personnel about the dangers of sextortion.  Sex extortion or sextortion has been around for years on the Internet with criminals persuading people into performing sexual acts online that are recorded and then used to blackmail the victims.    The Army’s Computer Crime Investigative Unit (CCIU) is warning soldiers about extortionists who threaten to send the videos to the Soldier’s command, family and friends unless they pay a ransom.    Special Agent Daniel Andrews, the Director of the CCIU advises soldiers “Be cautious of your online communications and do not share intimate, personal information with strangers or people you have never met in person.”

Some sextortionists not only demand a payment, but also sensitive military information or access to Army systems or facilities according to Andrews.


The best solution to any problem is to avoid the problem altogether.  If you are going to indulge in cybersex or phone sex, it should only be done with people whom you totally trust.  Engaging in such activities with strangers or people you do not know well is asking for trouble.  The Army Criminal Investigation Command advises military personnel who have been caught up in this scam not to send the demanded payments and cease all communication with the extortionists.   Victimized soldiers should notify the CCIU at usarmy.cciuintel@mail.mil or 571-305-4478 to report the crime.

Scam of the day – February 20, 2017 – Immigration assistance scams

Immigrants concerned about their status as American immigration laws and policies are changing are being preyed upon by scammers posing as attorneys and charging for immigration forms that can be obtained free or claiming to have special relationships with immigration officials that enable them to obtain favorable results.  Advertisements for such phony lawyer services are appearing on flyers in store windows and throughout social media.  The truth is that these scammers offer no services of any value and merely exploit the fears and concerns of immigrants in the United States.


You can always check on the status of an attorney in your state by checking online with your state’s bar association or board of registration for lawyers.  In addition, people needing access to free or low cost legal advice regarding immigration issues should go to the U.S. Citizenship and Immigration Services’ (USCIS) website by clicking on this link to get access to such low cost and free services that you can rely upon. https://www.uscis.gov/avoid-scams/find-legal-services

Scam of the day – February 19, 2017 – WhatsApp adds dual factor authentication

WhatsApp is a mobile messaging app for your smartphone that allows you to send text messages, photographs, videos and audio.  With more than a billion people using WhatsApp, it is not surprising that it has become attractive to scammers seeking to use its popularity to lure people into becoming scam victims.  Also, like many popular apps, it has been a target of hackers seeking to take over the accounts of legitimate users of the app and send out malware filled messages that appear to be trustworthy because the messages look like they are coming from someone the victim trusts.

Mere passwords have not proven to be a particular secure method of authentication.  Many people use simple to guess passwords and even what may appear to be complex passwords can often be identified by sophisticated hackers using password cracking software.  However, more and more companies such as Facebook, Twitter, Google, Tumblr, Yahoo and others are using dual factor authentication by which when your password is used to access you account, a special code is sent to your smartphone that must be used in order to complete access to the account. This provides dramatically enhanced security.  Now WhatsApp has become the latest app to offer dual factor authentication.


Passwords are just too vulnerable to be the sole method of authentication for important apps or accounts.  Whenever you are able to use dual factor authentication for a particular website, account or app, you should take advantage of this.  Some dual factor authentication protocols do not require it to be used when you are accessing the account from the computer or smartphone that you usually use, but only if the request to access the account comes from a different device, which still provides security without even having to use the special code.

Scam of the day – February 18, 2017 – Florida man sentenced for Business email scam

Recently, Jeffrey Ihm was sentenced to eleven years and eight months in federal prison after being convicted of multiple criminal counts related to his business email scam through which he managed to steal $2,234,681.

Ihm posed in emails as executives of a number of legitimate companies, such as Roper Industries and tricked Well Fargo Bank and other financial institutions to send him the money.

This scam, which is often referred to as the business email scam has become a serious problem in the last couple of years with many companies becoming victims of the scam.


The key for businesses is to have a protocol in place in regard to approvals necessary and verification required before paying bills, particularly when funds are requested to be wired.

The lesson also applies to all of us as individuals.  Scammers also send phony bills that appear to individuals that appear to come from companies with which we do business, but with a different address to send the money. Never send a payment to a different address from that which you have done in the past unless you have verified both the accuracy of the bill and the address.

Scam of the day – February 17, 2017 – Company hit twice by W-2 scam

Income tax identity theft is a multi billion dollar problem that costs the government and, by extension,  we the taxpayers billions of dollars each year while tremendously inconveniencing the individual taxpayers whose identities are stolen as it generally takes the IRS months to fully investigate each instance of identity theft and send to the victimized taxpayer his or her legitimately owed tax refund.  Armed with a potential victim’s name and Social Security number, it is a simple matter for an income tax identity thief to file a phony return with a counterfeit W-2 to obtain a fraudulent income tax refund.

I have been warning you for a year about identity thieves tricking companies into providing employee W-2s to them.  These stolen W-2s contain all of the information the identity thieves need to file a fraudulent income tax return.  The scam works by sending phishing emails to HR and accounting departments within companies often posing as the CEO of the company or someone else in upper management requesting copies of all employee W-2s under various guises.  Other times, payroll management companies have been targeted using the same type of phishing emails.  In some instances, the phishing emails have been recognized as scams, but in other instances, companies have unwittingly handed over thousands of W-2s to clever identity thieves.

This scam continues to plague companies both big and small and recently, Monarch Beverage, Indiana’s biggest beer and wine distributor acknowledged that not only had it recently become a victim of this scam turning over W-2s of more than 600 employees to identity thieves, but that in the course of its investigation into the matter, it had been victimized last year by the same scam.


All companies have got to do a better job of training employees to recognize phishing emails and installing anti-phishing software programs.  In addition, dual factor authentication should be used before transmitting sensitive data to make sure that the person to whom the material is being sent is really who they represent they are.  These same lessons that apply to companies also apply to all of us as individuals, as well.  Phishing is done to steal the identities and information of unwary individuals every day and the best way to protect yourself is to start with remembering my motto, “trust me, you can’t trust anyone.”  Never provide personal information to anyone who asks for it by phone, text message or email unless you have absolutely confirmed that the request is legitimate and the person or company requesting the information has a legitimate need for the information.  Never click on links or download attachments from emails or text messages unless you have confirmed they are legitimate because those links and attachments could contain keystroke logging malware that can steal all of the information from your computer and use it to make you a victim of identity theft.  Finally, keep all of your electronic devices including your smartphone up to date with the latest security software patches.