Category: ‘Site Related’

Scam of the day – August 1, 2015 – Six Nigerians extradited to the United States to face fraud charges

August 1, 2015 Posted by Steven Weisman, Esq.

As a result of a joint effort of American law enforcement agencies with law enforcement agencies of South Africa, six Nigerians were extradited from South Africa to the United States to face a variety of fraud charges including conspiracy to commit mail fraud, wire fraud, bank fraud, conspiracy to commit identity theft and conspiracy to commit money laundering.  The six Nigerians are Oladimeji Seun Ayelotan, Rasaq Aderoju Raheem, Olusequn Seyi Shonekan, Taofeeq Olamilekan Oyelade, Olufemi Obaro Omoraka and Anuoluwapo Segun Adegbemigun and they along with fifteen others are accused of operating a number of scams including online romance scams using the online dating site Seniorpeoplemeet.com and scams in which they would convince their victims to ship and receive goods purchased with stolen credit card and banking information as well as depositing checks and wiring the proceeds out of the country as ways of laundering funds obtained through scams and identity theft.

TIPS

A little common sense and skepticism can go a long way in protecting you from becoming a victim of scams.  Online romance scams can be avoided to a great extent by recognizing that someone who immediately falls in love with you and soon thereafter needs you to send money for whatever reason is most likely a scam.  In addition, you may wish to do a reverse image search to see if the photo that has been provided to you is actually the person who they say they are.  Here is a link to Tineye http://tineye.com/ one of the websites where you can do such a reverse image search.  Of course, in some instances, the romance scammer may also be stealing the name of the person whose photo they stole, but that is not often the case.

As for work-at-home scams which are also rampant, it just makes sense that being sent goods and being asked to then send them somewhere else has no legitimate purpose as does depositing money into your account and then being asked to wire the money elsewhere.  These are merely transparent attempts at money laundering.  Don’t get involved.

Scam of the day – July 31, 2015 – Major vulnerability in Android phones discovered

July 31, 2015 Posted by Steven Weisman, Esq.

The bad news is that Zimperium, a security company discovered a serious vulnerability in Android phones, affecting 95% of the world’s Android phones including various models of the Samsung Galaxy.  The worse news is that the vulnerability which would enable a hacker to steal data from hacked smartphones is found in the Android media playback tool called Stagefright and that depending on the messaging platform used by the individual smartphone user, the text message used to send the malware would not even have to be opened in order for the malware to be downloaded automatically.  For other messaging platforms, the text message would have to be opened for the smartphone to become infected, but even then, it would not be necessary for the video to be viewed to infect the smartphone.  All that would be required would be for the text message to be opened.  The good news is that not only has Zimperium created patches for this problem and sent them to Google, which owns Android software, but that apparently, as of now, this vulnerability has not yet been exploited by hackers.  But that is it for the good news, because software patches for Android system smartphones are not distributed by Google, but by the actual phone makers, such as Samsung, LG and Huawei that use the system and the wireless carriers used by Android phone system consumers and they have not been active in providing the patch which Google has already sent to the phone makers and wireless carriers.  Although, it appears that this vulnerability has not yet been exploited by cybercriminals, it would be naive and foolish to believe that it will take long, now that the vulnerability has been uncovered for hackers to start exploiting it.

TIPS

If you have an Android system smartphone, which 79% of the world’s smartphone users do, you should contact your smartphone company and your wireless carrier to demand the security patch for your smartphone.  Meanwhile, Android users with the Hangouts app for text messaging should be particularly wary of text messages with videos attached because as soon as their phones receive the text message, their smartphone becomes infected without even opening the text message.  However, users of the Hangouts app can go to Settings and chooses SMS and make Hangouts your default SMS app and uncheck the box for “Auto-retrieve MMS.”  This will enable you to screen incoming MMS messages in order to avoid downloading malware.  Those people using the standard Messenger app would need to open the text message before their phones would become infected although, they would not have to watch the video in order for their phone to become infected.

Scam of the day – July 30, 2015 – Lafayette shooting charity scams

July 30, 2015 Posted by Steven Weisman, Esq.

It is a sad statement on life today that Louisiana Attorney General Buddy Caldwell is warning people about scams related to charities springing up in regard to the recent shootings at the Grand Theatre in Lafayette, Louisiana.  Scammers constantly turn up with phony charities whenever there is such a tragic event such as the recent shootings.  Phony charities were ready to steal the money of charitably inclined people following Hurricane Katrina and the shootings at the Sandy Hook elementary school and they are ready to steal money from people who want to help the victims of the Grand Theatre shootings and their families.

TIPS

To make sure that your charitable donations are going to where they can do the most good, make sure that any charity you wish to donate to is legitimate.  You can do this by going to www.charitynavigator.org and learn not just if the charity is a scam, but also how much of the donations to the particular charity is spent on salaries and administrative expenses rather than going to the charitable purposes of the charity.  If you are contacted by phone, email or text message from a charity, you can never be sure that the person contacting you is legitimate even if he or she uses the name of a legitimate charity.  In that case, if you are charitably inclined, your best course of action is to contact the charity directly by phone or at an email address that you know is accurate to make your donation.

Scam of the day – July 29, 2015 – FTC refunds money to victims of Yellow Pages scam

July 29, 2015 Posted by Steven Weisman, Esq.

The FTC has settled a claim against a company known as Your Yellow Book which sent out invoices to companies bearing a logo like the famous walking fingers logo used by the legitimate Yellow Pages.  The invoices indicated that they were only verifying or updating an already existing business relationship when in fact there was no prior business relationship and no prior contract for a listing in the Your Yellow Book’s online business directory, which had no relationship with the legitimate Yellow Pages.  Many people paid the invoices that ranged up to $487 not realizing that the bill was a total misrepresentation.  Two of the people involved in Your Yellow Book, Brandie Law and Robert Law had previously been involved with similar actions in 2011 and 2012.  The FTC is now, through a claims administrator mailing more than 3,133 checks to victims of this scam.  For more information about these refunds go to the tab at the top of the page marked “FTC Scam Refunds.”

TIPS

If you were a victim of this scam and have not yet received your check, click on the tab at the top of this page marked “FTC Scam Refunds” for information as to how to claim your refund.  However, everyone else should take a lesson from this common scam and never pay an invoice merely because you get what appears to be a legitimate looking bill until you have confirmed that the bill is indeed legitimate and that you or your company actually received the services for which you are billed.  This particular scam is both simple and effective so it is up to you to be on the lookout for it.

Scam of the day – July 28, 2015 – Lottery security chief convicted of rigging lottery

July 28, 2015 Posted by Steven Weisman, Esq.

Last week, Eddie Tipton, the former security director of the Multi-State Lottery Association was convicted of electronically rigging the Iowa Hot Lotto game enabling him to buy the winning 16.5 million dollar ticket.  The jury believed the evidence that indicated that Tipton used a  portable USB drive to install malware on to the computer that picked the winning number.  The computer is not accessible to the Internet in order to prevent tampering and only four people including Tipton had access to the room where the computer was housed.  The closed circuit camera that recorded activity in the room had been wiped clean.  In addition, the sophisticated malware used by Tipton was self-deleting and left utterly no trace on the lottery computer.  However, despite the lack of either photographic evidence showing Tipton actually tampering with the computer or evidence of the precise malware used, after a week’s deliberations, the jury found Tipton guilty of two counts of fraud and he is facing a potential prison sentence of ten years.

TIPS

No computer system is foolproof, however this case does highlight vulnerabilities in the computer security systems used to protect the honesty of state sponsored lotteries.  Hopefully, not just Iowa, but other states using similar systems will revisit their own security systems to make sure that they are as strong as they can be.

Scam of the day – July 27, 2015 – Medical Informatics Engineering hacked

July 27, 2015 Posted by Steven Weisman, Esq.

Although the name Medical Informatics Engineering MIE or even its cloud service NoMoreClipBoard may not be familiar to you, it should be.  The company operates more than 300 medical centers in 38 states.  On May 26th it discovered that it had been hacked since May 7th.  Unfortunately the personal information compromised in the data breach was very significant including names, telephone numbers, mailing addresses, usernames, password security questions and answers, spousal information, email addresses, birth dates, Social Security numbers, health insurance policy information and more all of which puts the victims of the data breach in serious jeopardy of traditional and medical identity theft.  The company started notifying affected victims whose personal information was hacked by traditional mail in June and July.  For a list of the medical facility clients of Medical Informatics Engineering, go to the list contained in this press release of MIE. http://www.businesswire.com/news/home/20150724005450/en/Medical-Informatics-Engineering-Updates-Notice-Individuals-Data#.VbQtVZWh3X4

TIPS

If you are concerned that you might have been a victim of this data breach, call MIE’s toll-free hotline at 866-328-1987.  You should also carefully monitor all of your financial accounts and check your medical records to make sure that someone has not accessed your health insurance and made you a victim of medical identity theft.  You should also put a credit freeze on your credit report.  You can find out how to put a credit freeze on your credit report by going to the Archives of Scamicide.  Be wary of any emails that you receive purporting to be from MIE because you can expect identity thieves to be sending out these as phishing email posing as MIE seeking to have you provide personal information or click on links containing malware.

Scam of the day – July 26, 2015 – Darkode cybercrime forum busted

July 26, 2015 Posted by Steven Weisman, Esq.

Hackers and identity thieves use underground Internet forums to buy, sell and trade malware, botnets, and information to commit cybercrimes around the globe.  Recently the Justice Department announced the dismantling of perhaps the most prominent of the approximately 800 criminal forums, Darkode and the arrest of twelve of its principals.  Among the charged defendants is the primary administrator of Darkode, 27 year old Johan Anders Gudmonds of Sweden.  An important aspect of this action against Darkode was that it represented the joint efforts of a coalition of law enforcement from 20 countries, which represents the largest coordinated international law enforcement effort ever brought against cybercriminals.

Darkode was a password-protected forum where cybercriminals would buy, sell, trade and share information, ideas and malware.  In order to become a member of Darkode, a criminal would first have to be recommended by a present member of Darkcode and would have to prove that he or she would bring new skills or products to the group.  In addition, prospective members  had to go through an extensive vetting process.

TIPS

One of the key elements of Darkode and many other illegal cybercriminal enterprises is the use of botnets or infected zombie computers to spread the malware and avoid detection.  Cybercriminals would take over the computers of unwary individuals and use their computers to remotely send out their malware to their targets, such as banks or other commercial enterprises.  Many of you may actually be part of a botnet without knowing it.  Most people become part of a botnet when they unwittingly download the malware that permits the cybercriminal to remotely take over the victim’s computer.  Usually this is done through phishing emails in which the victim is lured into clicking on a link infected with the malware.  Even if you have the most up to date anti-malware software, you may be vulnerable because it generally takes the security software companies at least a month to catch up to the latest strains of malware.  So the lesson to us all is one I am constantly preaching, namely never click on any link or download any attachment until you have verified that it is legitimate.  Merely because it may be sent from a friend of yours does not mean that you can trust it.  Your friend’s email account may have been taken over by a hacker or your friend is unwittingly passing on malware without even knowing it.  Trust me, you can’t trust anyone.

Steve Weisman’s latest column for USA Today

July 25, 2015 Posted by Steven Weisman, Esq.

Here is a link to my column from today’s edition of USA Today.  It deals with the recent data breach at UCLA Health services and the problems of medical identity theft.

http://www.usatoday.com/story/money/personalfinance/2015/07/24/steve-weisman-health-care-data-breach/30593661/

Scam of the day – July 25, 2015 – Fiat Chrysler recalls 1.4 million vehicles due to hacking threat

July 25, 2015 Posted by Steven Weisman, Esq.

Earlier this week there was a story in Wired Magazine about two white hat hackers, Charlie Miller and Chris Valasek who hacked into a Jeep Cherokee through its UConnect entertainment system and were able to remotely take control of the car’s speed, brakes, radio, windshield wipers and other features.  Largely in response to this story which heightened awareness of the ability of hackers to take control of our increasingly computerized cars, Fiat Chrysler issued a recall yesterday of 1.4 million vehicles to make corrections to prevent this type of problem.  According to Fiat Chrysler’s press release, the company has “applied network-level security measures to prevent the type of remote manipulation demonstrated in a recent media report.  These measures — which required no customer or dealer actions — block remote access to certain vehicle systems and were fully tested and implemented within the cellular network on July 23, 2015.”  Customers affected by the recall will also receive a USB device to personally upgrade the vehicle software and provide new security features in addition to those installed by the network upgrades.  Meanwhile the National Highway Traffic Safety Administration has issued a “recall query” to look into the actions of Fiat Chrysler to patch the security vulnerabilities.

Miller and Valasek will be presenting their research to the upcoming DefCon 23 white hat hackers convention in Las Vegas in early August.  I will be reporting from the conference about this and other developments in hacking.

TIPS

The affected vehicles are:

2013-2015 MY Dodge Viper specialty vehicles

2013-2015 Ram 1500,2500 and 3500 pickups

2013-2015 Ram 3500,4500,5500 Chassis Cabs

2014-2015 Jeep Grand Cherokee and Cherokee SUVs

2014-2015 Dodge Durango SUVs

2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans

2015 Dodge Challenger

If you have own of the affected vehicles, you should contact your dealer to inquire about when you will be receiving the USB device and what you need to do.

This is just the latest development in what I have described many times before as the security issues involved in what we call the Internet of Things.  As more and more of the things we deal with have computerized components, there are greater threats to our security unless steps are taken to keep these devices safe and secure.  Here is a link to a column I wrote about this in my column for USA Today in April.

http://www.usatoday.com/story/money/columnist/2015/04/04/weisman-internet-of-things-cyber-security/70742000/

Scam of the day – July 24, 2015 – Major identity thief convicted

July 23, 2015 Posted by Steven Weisman, Esq.

Hieu Minh Ngo has pleaded guilty to a number of identity theft related charges in the Federal District Court of New Hampshire and been sentenced to 13 years in prison.  Between 2007 and 2013 Ngo obtained access to as many as 200 million consumer records from large data brokers including Court Ventures, which is 2012 was acquired by Experian, one of the three major credit reporting bureaus.  Ngo was able to access these records by posing as a private investigator.   Putting this number into perspective, it represents 60% of the population of the United States.   He then sold to identity thieves comprehensive packages of consumer data, referred to in the world of identity thieves as “fullz,” made up of individuals’ names, credit card numbers, Social Security numbers, birth dates bank account numbers and bank routing numbers, on black market websites he operated called Superget.info and findget.me.  According to the Justice Department, Ngo sold fullz to 1,300 identity thieves, who in turn committed large numbers of identity theft including 65 million dollars in income tax identity theft alone.  Ngo could have been sentenced to 24 years in prison, but through a plea bargain got a reduced sentenced in return for his cooperation in identifying his former identity thief customers.

Now, a class action lawsuit has been filed in the Federal District Court for the Central District of California against Experian alleging it was negligent in failing to protect its consumer data from Ngo.  The class action is seeking to have Experian ordered to notify all affected consumers, provide free credit monitoring services to affected consumers and establish a fund to reimburse those who became victims of identity theft due to Experian’s negligence.  I will keep you informed as further developments in this case occur.

TIPS

This case is yet another example of how vulnerable we all are to identity theft because we are only as secure as the companies and governmental agencies that have our personal information.  One thing, however, we can all do to protect ourselves is to put a credit freeze on our credit reports at each of the three major credit reporting bureaus, which will prevent access to our personal credit records and the information contained therein.  Go to the Archives section of Scamicide for further information about how to put a credit freeze on your credit reports.