Scam of the day – August 18, 2017 – HBO continues to be attacked by cybercriminals

Following on the heals of a hacking of HBO in which early episodes of Curb Your Enthusiasm, Ballers and scripts from Game of Thrones were stolen by cybercriminals demanding ransoms be paid or they will release the stolen material, a number of HBO’s social media accounts including its Game of Thrones Twitter account were hacked and taken over by the hacking group OurMine, which has previously managed to hack other entertainment companies such as Netflix and Marvel.  This time the hackers’ actions were little more than a nuisance and the hacking was promptly remedied, however, the vulnerability of HBO was again prominently on display.

Since the major Sony data breach of 2014, the entertainment industry has been a frequent target of profit motivated hackers as well as some hackers merely seeking to publicly disrupt these companies   HBO actually does a pretty good job of cybersecurity, both in training its employees as well as requiring dual factor authentication be used by employees.  Although the investigation is ongoing, it appears that the data breach in which the episodes of its shows and scripts were stolen was linked to an email security breach.

TIPS

Companies must do a better job of cybersecurity.  Complicating the problem, however, is that the entertainment industry, like the health care industry which has also shown to be extremely vulnerable to cyberattacks have numerous third party contractors with which they do business. Security vulnerabilities at these third party contractors has led, in a number of circumstances, to larger security breaches at the bigger targeted companies.

While cybersecurity can be extremely difficult to fully implement for large companies, it is not as complex for us as individuals.  Throughout my books and throughout the thousands of Scams of the day here at Scamicide we will continue to advise you on the steps to take to protect yourself from cyberattacks.

Scam of the day – August 16, 2017 – Hackers targeting hotel Wi-Fi

The security company Bitdefender has identified new tactics being used by a notorious hacking group known as DarkHotel to hack into the computers of hotel guests.  DarkHotel has been operating for about ten years now and until recently had been specifically targeting business travelers in order to gain access to their companies’ computers and the data contained therein. Recently , however, DarkHotel has expanded its targets to include political figures, as well.  DarkHotel has exploited vulnerabilities in hotel Wi-Fi to achieve its attacks.

A key element in the success of DarkHotel has been their successful use of spear phishing emails that have been used to lure unsuspecting victims into clicking on links and downloading malware.

TIPS

Whether you are a high profile business person, a politician or a regular citizen, spear phishing is one of the biggest threats to your security and well being.  Spear phishing emails or text messages are personally crafted emails or text messages that have been created using information about you, your job, your interests and other aspects of your life to lure you into clicking on a link and downloading malware.  Most of the major data breaches as well as personal data breaches have been initiated through phishing so the lesson is clear.  Trust me, you can’t trust anyone.  Never click on links in emails or text messages unless you have absolutely confirmed that they are legitimate.

Scam of the day – August 14, 2017 – Telemarketers may get a new weapon

Legitimate telemarketing calls can substantially be avoided by consumers by signing up for the free federal Do-Not-Call list which makes it illegal for telemarketers to contact you on your landline phone or cell phone unless they are representing a charity, debt collector, survey or a politician.  Here is a link to where you can sign up for the Do-Not-Call list if you haven’t yet done so and want to avoid these calls.  https://www.donotcall.gov/

It is important to remember that criminal telemarketers, including many who utilize automated robocalls pay no attention to the Do-Not-Call list.

Now, new technology has been developed that enables telemarketers to contact you by calling directly to your voicemail without your phone ever ringing.  Telemarketers argue that this technology is not subject to the Do-Not-Call list because your phone never rings, which seems like poor reasoning to me, however, the Federal Communications Commission (FCC) is considering an application by a company that wants to use this technology for telemarketing to allow these calls to be made to consumers.

TIPS

Unfortunately, at the present time there is no way for you to block undesired voicemails as we have with other types of robocalls. The FCC is presently soliciting comments from the public as to whether or not to allow this new technology to be used for telemarketing to consumers.  If you wish to comment  to the FCC on this you can do so by clicking on this link.  You will need to insert the name and number of the proceeding as 02-278 Ringless Voicemail.

https://www.fcc.gov/ecfs/filings/express

Scam of the day – August 13, 2017 – Phony online coupon scam

Everyone loves coupons and like many things in our lives, coupons which used to be found commonly in newspapers and magazines have migrated online.  As I have warned you many times in the past, Facebook has become a hot bed for phony online coupons.  Recently the Better Business Bureau of Eastern North Carolina issued a warning about  a number of phony coupons appearing on Facebook including coupons for Target, Lowe’s and Bed Bath and Beyond.  A copy of a phony Bed Bath and Beyond $75 coupon is reproduced below.   Don’t click on it.  If you click on it, you are prompted to provide information to a survey in order to receive your coupon, but there is no coupon and the information you provide may be used to make you a victim of identity theft.

Bed Bath & Beyond warns customers about Mother’s Day coupon scam

TIPS

No company could cover the cost of giving away vast numbers of $75 coupons although sometimes participants in legitimate surveys are promised a chance to win a coupon in a drawing.  Facebook is a favorite venue for scammers perpetrating this type of scam because often unwary victims will unwittingly share the scam with their friends.  One way to determine if a coupon is legitimate is to look for the expiration date found on most coupons.  Most phony coupons do not carry an expiration date. In addition, if the coupon appears too good to be true, it usually is a scam. The best place to go to find out if a coupon is legitimate is to the company’s website to see what real coupons are being offered.  For Bed Bath and Beyond you can also call their customer service number of 1-800- GO-BEYOND to confirm the legitimacy of any their coupons.

Scam of the day – August 12, 2017 – Mortgage modification scams

Recently Sammy Araya, the mastermind behind a mortgage modification scam that managed to steal approximately eleven million dollars from victims of his  scam was sentenced to twenty years in prison for his crimes.

Araya and his cohorts took advantage of vulnerable people having difficulty paying their mortgages by representing that they were affiliated with various federal programs such as the Home Affordable Modification Program (HAMP) and could reduce their mortgage payments.  Araya persuaded his victims to pay him what he called “trial mortgage payments” that he represented would be used to reduce their mortgages, but instead were used by Araya solely for his own personal use.  Many of Araya’s victims lost their homes to foreclosure when they made their payments to him rather than their lenders.

TIPS

Mortgage modification scams are common and dangerous.  Never pay any fees upfront to anyone promising to get you a mortgage modification.  It is a violation of federal law for legitimate mortgage relief organizations to charge you before their work is completed and your lender has modified the mortgage.

Also, avoid the mistake that Araya’s victims made and never send your mortgage payment to anyone other than your lender.

Finally, if you do decide to work with a particular mortgage modification company, make sure that they are legitimate by checking with your state’s attorney general.

You can also get help with mortgage modifications by going to www.hopenow.com which is a website of an alliance of legitimate lenders and government regulators.

Scam of the day – August 11, 2017 – Nationwide insurance settles data breach lawsuit

It appears that the insurance company Nationwide, despite its catchy slogan, may not be on your side.  Nationwide Mutual Insurance Company has just settled a legal complaint brought against it by the attorneys general of 32 states and the District of Columbia related to a 2012 data breach in which sensitive personal information including Social Security numbers of  1.2 million of its customers and even people who merely applied for insurance quotes and did not buy insurance from Nationwide was stolen in a massive hacking and data breach.

Under the terms of the settlement Nationwide will pay 5.5 million dollars to the states’ attorneys general who will use the funds to cover the costs of the investigation and legal action against Nationwide as well as to assist in future consumer protection enforcement cases.

Two class actions by injured consumers regarding the data breach are still pending in the courts.

The key reason for the liability of Nationwide in this case is that the data breach was made possible due to the failure of Nationwide to update their security software with patches that were already available.  Had Nationwide installed the security updates in a timely fashion, the hacking and data breach would have been thwarted.

In addition to the 5.5 million dollar payment, Nationwide is also required under the terms of the settlement to update its security practices, install security updates in a timely manner and take other specified steps to protect consumers’ data.  Nationwide is also required to notify consumers that the company keeps their personal information even if the consumer does not become a customer of Nationwide.

TIPS

You will continue to see legal actions, settlements and court decisions such as this in the future as law enforcement is increasingly holding companies responsible for their faulty security practices.  As New York Attorney General Eric Schneiderman said, “Nationwide demonstrated true carelessness while collecting and retaining information from prospective customers, needlessly exposing their personal data in the process.”

So what does this mean to you and me?

Once again, this shows that regardless of how protective you are of your personal information, you are only as safe as the companies and institutions with the weakest security that have your information. Try as much as you can to limit providing personal information to companies unless there is a real need and inquire as to what the companies do to protect your data.  In addition, as I have advised many times, the best thing you can do to protect yourself from identity theft is to put a credit freeze on your credit reports at the three major credit reporting agencies. You can learn how to do this by going to the “search the website” section of Scamicide and putting in the words “credit freeze.”

 

Scam of the day – August 10, 2017 – Latest security updates from the Department of Homeland Security

As shown by the recent massive WannaCry  and Petya ransomware attacks that took advantage of computer users that had not patched their Windows operating system with available updates, constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  These new critical updates from the Department of Homeland Security are for software of Microsoft, Adobe, Mozilla and Google Chrome.

TIPS

Here are the links to a list of all of the recent security updates as posted by the Department of Homeland Security:

https://www.us-cert.gov/ncas/current-activity/2017/08/08/Microsoft-Releases-August-2017-Security-Updates

https://www.us-cert.gov/ncas/current-activity/2017/08/08/Adobe-Releases-Security-Updates

https://www.us-cert.gov/ncas/current-activity/2017/08/08/Mozilla-Releases-Security-Updates

https://www.us-cert.gov/ncas/current-activity/2017/08/03/Google-Releases-Security-Updates-Chrome-OS

Scam of the day – August 9, 2017 – Solar eclipse glasses scam

Solar eclipses are rare and spectacular events.  On August 21st a solar eclipse will be largely visible throughout a wide area of the United States. Many people are attracted to this phenomenon as well as scammers willing to take advantage of those people.

Viewing a solar eclipse without protective glasses is extremely dangerous and can result in serious damage to your eyes.  Regular sunglasses will not protect your eyes while watching an eclipse.  The only way to safely observe this event is to use specially created eclipse glasses.  Fortunately, there are many places that you can purchase proper eclipse glasses. Unfortunately, there are many scammers who are selling defective eclipse glasses that will provide little or no protection whatsoever.

TIPS

The American Astronomical Society has a list of Reputable Vendors of Solar Filters & Viewers which lets you know both the trustworthy manufacturers of effective eclipse glasses as well as where you can buy them.  Here is a link to their website with that information. https://eclipse.aas.org/resources/solar-filters

Make sure that any eclipse glasses you purchase carry the manufacturer’s name and address on the glasses and that they are on the approved list. Don’t take the risk of buying eclipse glasses from any company that is not on the American Astronomical Society’s list.