Category: ‘Site Related’

Scam of the day – May 25, 2016 – ATMs hit in Japan for 12.7 million dollars in under three hours

May 25, 2016 Posted by Steven Weisman, Esq.

Using cloned credit cards with account numbers stolen from a South African based bank, thieves managed to steal 12.7 million dollars from 1,400 ATMs in Japan earlier this month although the theft was only recently disclosed.  The thieves used the counterfeit credit cards at 1,400 ATMs in each instance withdrawing the maximum 100,000 yen (approximately $913).  In just under three hours starting at 5:00 a.m. on Sunday, May 15th the criminals, using 1,600 phony credit cards managed to steal 1.4 billion yen (approximately 12.7 billion dollars).  The affected credit cards were issued by South Africa’s Standard Bank.

It isn’t known at this time whether the credit card numbers were stolen through skimming of legitimate cards or a data breach.  Customers whose credit cards were compromised are not liable for any of the illegally made charges on their cards.


This type of theft may not have been possible if ATMs were using processing equipment for the more secure EMV chip cards, however, the deadline under the regulations requiring banks and others with ATM machines to switch to compatibility with EMV chip cards in order to avoid liability is not until October 1, 2017.  You can well expect similar type of ATM thefts to occur until banks and others with ATMs do a better job of protecting our security.  Fortunately, consumers will only be inconvenienced by these type of thefts, having to cancel cards and get new credit card numbers, but at least consumers will not be responsible for fraudulent charges and withdrawals made using their credit card accounts.

Scam of the day – May 24, 2016 – Phony kidnapping scam

May 24, 2016 Posted by Steven Weisman, Esq.

Police in Virginia have been warning the public about an upswing in the phony kidnapping scam.  Among the reported instances of this scam were phony reports of the kidnapping of students at George Mason University and young school children at area parochial schools.

I first warned you about this scam three years ago, but I am doing so again because it is having a resurgence.  The scam starts with a telephone call informing the person answering the phone that a relative has been kidnapped and if they do not respond by wiring money right away, the relative will be killed.  When it comes to many scams, we are often our own worst enemy and this scam is no exception.  In many instances, the scammers gather personal information about the intended scam victims from information that the intended victims  or family members put up on social media.  Armed with this personal information, a scammer can describe the supposed kidnapped victim or provide personal information that would make it appear that indeed they actually do have the person in their custody.  Although recent reports have spiked in Maryland and Virginia, this scam is going on throughout the country.


Always be skeptical if you receive such a call.  Never wire money to anyone for anything unless you are totally convinced that what you are doing is legitimate because unlike paying for something with a credit card, once your wired funds have been sent, they are impossible to get back.  Talk to the alleged kidnapper as long as possible, thereby giving someone else with you the time to call  or text the alleged kidnap victim on his or her smartphone.   If the purported kidnapping victim is a young child, call the school to confirm that he or she is safe.   You also could ask the kidnapper to describe your relative as well as provide information, such as his or her birth date, which could be found on a driver’s license, however, it is important to remember that much of this kind of information may be available through social media or elsewhere on the Internet.

Many of these kidnapping scams are originating in Puerto Rico or Mexico so be particularly skeptical if you receive the telephone call from Puerto Rico area codes 787, 939 or 856.  Also be wary of calls from Mexico where the area codes which are quite numerous, but can be found by clicking on this link.

Scam of the day – May 23, 2016 – Phony state lien notices

May 23, 2016 Posted by Steven Weisman, Esq.

Large and small companies throughout the country are receiving phony notices of outstanding tax liens threatening actions such as seizing of bank accounts unless a settlement amount is paid. Recently the Massachusetts Department of Revenue issued a warning about such phony notices.  Making the problem worse is the fact that in many instances, these notices are sent to companies that may indeed have outstanding tax liens imposed upon them, however, the phony notices generally offer settlement of the claim for an exceedingly small amount when compared to the amount of the lien.  Companies are falling for this scam and sending payment of the offered settlement to the scammers.  These companies then end up still having an outstanding tax lien as well as losing the money they thought they paid in settlement.

Reproduced below is a sample of one of the phony notices presently being circulated.  There are a number of telltale signs that indicate that this notice is a scam. One distinctive error that would not immediately be apparent in this particular case is the reference to the “state of Massachusetts.”  Massachusetts is one of four states that refer to themselves as “Commonwealths” rather than “states.”  The others are Kentucky, Virginia and Pennsylvania.  Another telltale sign is the indication at the bottom of the page where it states “not affiliated with the IRS or any governmental institutions.  Results may vary from individual and on a case by case basis.”  Perhaps the most telling indication that this is a scam is the phony form indicates a debt account of $10,937 and a specific settlement amount of only $536.   It is important to remember that there is no official form, as this purports to be, that provides a proposed settlement amount on the form.

Although this scam notice is from Massachusetts, this scam is being repeated in other states around the country.

MA Fake Lien



This scam is particularly troublesome because the scammers have often scoured public records including those at Registries of Deeds to find legitimate filings of outstanding tax liens which could lead an unwary company to fall for this scam.  Despite the telltale signs indicated above for immediately determining that this is a scam and not a legitimate communication from a state agency, if you have any thought that such a communication might be legitimate, you should still refrain from sending money or calling the numbers indicated on the notice.  Rather, contact the real state agency that issued the outstanding lien to confirm that such a notice is a scam.


Scam of the day – Mary 22, 2016 – Five year old LinkedIn data breach comes back to haunt users

May 22, 2016 Posted by Steven Weisman, Esq.

Recently  117 million email addresses and passwords of LinkedIn users captured in a 2012 data breach of LinkedIn were offered for sale on the Dark Web, which is that part of the Internet where cybercriminals buy and sell stolen data.  It may seem odd, but it is not unusual for such stolen material to turn up for sale long after the initial data breach.   Back in 2012 LinkedIn thought that the data breach was limited to 6.5 million user names and passwords, however, earlier this week the company acknowledged that the data of 100 million more LinkedIn members were indeed compromised.  In an effort to combat this problem LinkedIn is invalidating the compromised passwords and contacting affected members directing them to reset their passwords.

The stolen information is of value to the hackers to assist in formulating spear phishing emails that will seem to be from LinkedIn and will attempt to lure the recipient into clicking on links that will download dangerous malware such as keystroke logging malware or ransomware on to the intended victim’s computer.  The stolen passwords are also of use to the hackers because too many people use the same password for all of their accounts and therefore a person’s LinkedIn password may be the same as their banking password which could enable the hacker to gain access to the intended victim’s bank account.


LinkedIn is contacting people affected by the data breach and instructing them to change their passwords.  It is important to note that LinkedIn will not ask people to click on a link to change their password in any email so if you get such an email, it is from a hacker seeking to steal your identity.  If you are affected by this data breach, here is a link to where you can safely change your LinkedIn password.

LinkedIn also offers dual factor authentication by which you can have a one time numerical code sent to your smartphone each time you need to access your LinkedIn account.  This is a good security measure to take.

Finally, this case serves as another reminder that you should have unique passwords for all of your accounts.  A strong password contains capital letters, small letters and symbols.  A good way to pick a strong password is to take an easily remembered phrase as your password.  For instance, you can use the phrase IDon’tLikePasswords as your base password.  Add a couple of !! at the end of the password and you have a strong password.  Since you should have a unique password for each of your accounts, you can adapt this base password for particular accounts by merely adding a couple of letters to designate the company at the end of the password so it may read, for instance for a Bankr of America account, IDon’tLikePasswords!!BnkoAm.

May 21, 2016 – Steve Weisman’s latest column from USA Today

May 21, 2016 Posted by Steven Weisman, Esq.

Here is a link to Steve Weisman’s latest column from USA Today.  As if there isn’t enough to worry  about, this column deals with the very real problems that arise when a criminal who has stolen your identity commits crime in your name.

Scam of the day – May 21, 2016 – Turnabout is fair play – Hacking forum is hacked

May 21, 2016 Posted by Steven Weisman, Esq.

As initially reported by Tech security firm Risk Based Security, the online hacking forum has itself been hacked with 800,000 messages and account information of 536,000 registered users stolen and put on line for anyone, including law enforcement to see. was a clearinghouse used by hackers to buy and sell stolen content, passwords and other hacking enabling information.  Although stolen passwords for the account information were encrypted, the method used to encrypt the passwords is easily cracked by someone with sophisticated computer technology.  At the present time is offline and the following screenshot appears if you go to their website. currently is offline.


Perhaps the most important lesson here is the reminder that your security online is only as strong as the websites you use with the weakest security.  Whether it is Ashley Madison or or any other site, you should be wary of ever involving yourself with a website or a company that you would be embarrassed to have your involvement made public.

Scam of the day – May 20, 2016 – First criminal conviction in massive securities fraud scheme

May 19, 2016 Posted by Steven Weisman, Esq.

I have been reporting to you about developments in this ingenious and massive stock fraud since last summer when the story first broke.   Forty-three people were charged both civilly and criminally in the largest hacking and securities fraud enterprise in American history.  The defendants were made up of rogue stock traders including hedge fund manager and former Morgan Stanley employee Vitaly Korchevsky along with computer hackers based in the Ukraine.  The hackers used simple phishing tactics to gain access to more than 150,000 press releases issued by Marketwired, PR Newswire in New York and Business Wire of San Francisco on behalf of numerous American companies including Panera, Caterpillar, Inc and Align Technology that contained earnings and other corporate information prior to their public release.  This enabled the rogue stock traders to make trades based on this inside information before it became known to the public.  Trades using this stolen information were made by traders in Russia, Ukraine, Malta, Cyprus, France and here in the United States in Georgia, New York and Pennsylvania  It is estimated that between 2010 and 2015, the defendants made profits of  as much as 100 million dollars on 800 trades during this time.  A number of the civil defendants have already pleaded guilty to charges related to this scam, but earlier this week, Vaym Iermolovych became the first person involved to plead guilty to criminal charges in regard to this scam.

The cornerstone of this scam as so many cyberscams was the ability to hack into the company computers of Marketwired, PR Newswire and Business Wire by hacking into social media sites where they stole the passwords of employees of these companies who used the same passwords at work.  The scammers also used spear phishing emails to gain the further access they needed to infiltrate the computers of the targeted companies.


One of the biggest takeaways from this case is how easy it is to still use spear phishing emails to lure people into clicking on links tainted with malware that permits hackers to steal a person’s or company’s data.  Apparently corporations still have not learned to sufficiently train their employees to recognize phishing emails nor have they learned to encrypt and segregate sensitive data from hackers.   In addition, this case also illustrates the danger of using the same password for all of your accounts.  This is important to all of us as individuals because identity thieves and hackers use the same phishing techniques to hack into the computers of us as individuals and steal our personal information.  Never click on links in emails regardless of from whom they appear to come unless you are absolutely sure that the link is legitimate.  It well could contain keystroke logging malware that will steal all of the information from your computer.  Also, it is important to remember that you cannot rely on your anti-malware software to protect you because the best anti-malware software is always at least a month behind the latest malware.  However, it is still important to have security software on all of your electronic devices and keep that software up to date with the latest security patches because many scammers use older versions of malware for which there are defenses.

Finally, this case also reminds us to use unique passwords for all of our accounts so that if our password is compromised at a company with lax security, our own security at other places where we use passwords is not threatened.   Although it may seem difficult to have to remember so many different password, an easy way to deal with this is to have a strong base password that contains capital letters, small letters and symbols and adapt that base password for each of your accounts.  Using an easily remembered phrase as the base password such as IDon’tLikePasswords is effective.  Make it even better by adding a couple of symbols at the end such as IDon’tLikePasswords!!! and then adapt it for each of your accounts so, for instance, your Amazon account password would be IDon’tLikePasswords!!!AMA.

Scam of the day – May 19, 2016 – Serious flaw in Symantec security software exposed

May 19, 2016 Posted by Steven Weisman, Esq.

Security software is supposed to keep you safe which is why it is a necessity for anyone who uses the Internet on their computer or portable devices including smartphones, which is why it is so disturbing to learn, as we did earlier this week, that Symantec and Norton anti-virus software has a huge security flaw that makes its users vulnerable to having their computers and mobile devices taken over by hackers. This vulnerability was discovered by white hat hacker Tavis Ormandy who found that this vulnerability can be exploited by a hacker who merely has to send a particularly formatted file by email or just send a link in the email to start the attack.  The victim does not even have to open the attached file or click on the link for the attack to be successful.  All the victim has to do is merely open the email and the malware becomes active.

Although this particular flaw was found only in anti-virus software of Symantec under its Symantec and Norton brands, it is important to note that in the last year many good makers of security software including Kaspersky Lab, Avast, AVG Technologies, Intel Security and Malwarebytes have all had similar flaws found in their security software programs.


The good news is that a security update has already been developed to patch this serious security flaw. Here is a link to the notice from the Department of Homeland Security that tells you what you need to do to patch this vulnerability.

No computer product or software is perfect and new vulnerabilities are constantly being discovered which is why it is so critical that you update your software of all kinds as soon as security patches become available.  Delay in doing so can have disastrous results.

Scam of the day – May 18, 2016 – Bing bans tech support ads

May 18, 2016 Posted by Steven Weisman, Esq.

Tech support scams have been a major problem for quite a while and I have reported to you about them for years. At their essence these scams generally involve you being contacted by phone, often by someone purportedly from Microsoft or Apple informing you that problems have been detected on your computer that need to be remedied immediately.  They then either ask for remote access so that they can fix the problem at no cost to you or they ask for personal information.   In both situations the caller is up to no good.  If you provide remote access to your computer you will have effectively turned over all of the information in your computer to the caller who can and will then use that information to make you a victim of identity theft or install ransomware on your computer and extort a payment from you in order to unlock your computer.  If you provide personal information by phone or in an email or text message, that information too will be used to make you a victim of identity theft.

However, the tech support scammers now also reach their victims through ads in online search engines such as Google and Bing.  Because it can sometimes be so difficult for consumers to distinguish between a legitimate tech support company and a scam, Bing, which is operated by Microsoft has just banned all third party advertisements for tech support companies on Bing.  Similarly, Google announced that starting on July 13th, it will no longer accept advertisements from payday loan companies, a business that while sometimes legitimate is filled with scammers.


As for the most common tech support scams which start with a phone call, it is important to remember that neither Microsoft nor Apple will contact you by phone in regard to diagnosing software problems. Neither will they contact you by way of emailed messages.  If someone contacts you by phone unsolicited by you indicating that they are from Microsoft tech support and they are calling to help you with a problem that you did not contact them about, you should immediately hang up.  You are talking to a scammer.  It should be noted, however, that Microsoft does regularly issue software security updates, but they do this either in automated updates if you have provided for this service or on their website.

Scam of the day – May 17, 2016 – Russian cybercriminal innovator sentenced

May 16, 2016 Posted by Steven Weisman, Esq.

Although you probably have not heard of Nikita Kuzman or the Gozi malware he created, Kuzman has dramatically changed the world in which we live.  Kuzman, a Russian with degrees earned in computer science at two major Russian universities invented the Gozi malware which was unleashed on an unsuspecting public in 2007.  This malware was among the first to be able to steal bank account related data including usernames and passwords from the infected computers of its victims and then use this information to steal money from the victims’ accounts.  Gozi infected more than a million computers throughout the world and was used to steal tens of millions of dollars from individuals, companies and even government agencies such as NASA.  However, what distinguishes Kuzman from other cybercriminals who have created similar types of malware is that Kuzman then created the business model for implementing the use of the malware by leasing the use of Gozi to less sophisticated cybercriminals, who would pay Kuzman a fee of $500 per week for the use of the Gozi malware which would send the stolen information to computers controlled by Kuzman who would, in turn, provide the data to the criminals spreading the malware so long as they paid their weekly leasing costs.

According to Troels Oerting, the head of Interpol’s European Cybercrime Centre, there are only about a hundred cybercriminal masterminds like Guzman in the world today.  The proliferation of small and large scale computer crimes perpetrated against individuals, companies and government agencies is primarily accomplished by less accomplished cybercriminals who have purchased or leased the malware from innovators such as Kuzman who initiated this business model.  And like any business, the criminals who do create this malware also routinely provide tech support and updates for a price.

Kuzman was recently sentenced in the U.S. District Court for the Southern District of New York to various computer crimes and was required to pay a financial penalty of $6,934,979.  The prison sentence imposed was a mere 37 months of time served pending his trial.  The reason for this light sentence is that Kuzman because of his continuing cooperation with federal investigators regarding others charged with similar crimes.


An important element of the story about the Gozi malware and other similar types of malware is that regardless of how sophisticated the malware is, it is useless until it is downloaded on to the computers of its intended victims and this is generally done not through complex software or technology, but rather by luring unsuspecting victims into clicking on links and downloading attachments in socially engineered phishing emails.  And just as the malware itself has gotten more sophisticated over the years, so have the psychologically compelling spear phishing emails used to spread the malware.  Malware tainted phishing emails formerly addressed to “Dear Customer” now come addressed to you by name and often contain sufficient personal information to cause victims to trust the emails and click on the tainted links.  The lesson is clear.  Trust me, you can’t trust anyone.  Never click on a link or download an attachment until you have absolutely confirmed that the email or text message sent with a link or attachment is legitimate.