Category: ‘Site Related’

Scam of the day – July 8, 2015 – Harvard hacked: what does it mean to you?

July 8, 2015 Posted by Steven Weisman, Esq.

Harvard University recently announced that it had been hacked for the second time in just four months.  The data breach appears to be limited to the Faculty of Arts and Sciences and Central Administration information technology networks and, fortunately, does not appear to have compromised either research data or personal information of students and faculty, such as Social Security numbers.  More and more colleges and universities are targets of hackers, as I described to you most recently in May 16th’s Scam of the day regarding the major data breach at Penn State.  American engineering schools, including MIT, and Carnegie Mellon, have been targets of Chinese state sponsored hacking for many years.  The goal of these hackings have been to gain information for both commercial and national defense purposes.  However, colleges in general are targeted by hackers seeking personal information for purposes of identity theft.  One reason that colleges and universities are such a tempting target for identity thieves is that they gather and retain so much personal information on applicants, students, faculty and alumni.  Making the problem worse is that college and university computer networks are generally readily accessible by so many people that it becomes difficult to secure these networks.


I have written many times of the extreme vulnerability of colleges and universities, which gather and keep much personal information for which they have no real need, such as the Social Security numbers of applicants to the schools or Social Security numbers of alumni.  Coupled with lax security at many colleges and universities, this gathering and keeping of personal information for which the schools have no need puts the people whose information is affected in great danger of identity theft.  It is important for all of us to always inquire as to any company or agency that has personal information of ours as to what they do to keep this information secure.

For those people who may have been affected by the Harvard data breach, here is a link to Harvard’s official announcement of the data breach with details of the breach as well as suggestions for action by those affected.

Steve Weisman’s appearance on the Free Talk Live radio show

July 7, 2015 Posted by Steven Weisman, Esq.

Here is a link to Steve Weisman’s interview on Mark Edge’s Free Talk Live syndicated radio show in which Steve speaks about cybersecurity.

Scam of the day – July 7, 2015 – New Apple security updates

July 7, 2015 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  This was never more evident than the with the recent hacking of people who did not update their Adobe Flash software promptly.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  Users of the affected programs should make sure that they update their software with these latest security patches as soon as possible.  Today’s updates from Apple include critical updates for many of their software programs including QuickTime and Safari.


Here is the link to Apple’s security updates:

Scam of the day – July 6, 2015 – Windows 10 update scams

July 5, 2015 Posted by Steven Weisman, Esq.

The new Windows 10 operating system is coming.  It is scheduled to start being released on July 29th.  However, if you are a user of Windows 7 or Windows 8.1 you are eligible to receive the new Windows 10 operating system for free.  Microsoft is letting these customers reserve the new operating system now.  Microsoft is notifying customers through a new icon on your taskbar or a popup message as indicated in the screen photo below.  Clicking on the message will take you to a page where you can sign up by merely providing your email address.  Once Windows 10 is available Microsoft will then download it to your computer. Over the years Microsoft has issued new operating systems after years of patches and updates of the previous operating systems.  When it became too cumbersome and difficult to patch the old operating systems, new ones were released.  Unfortunately, many individuals and companies still use the old operating systems, such as Windows XP although they were warned for years that new security update would no longer be issued after a specific date.  People and companies continuing to use the old operating systems, particularly Windows XP have become easy targets for hackers exploiting the vulnerabilities of the older operating systems.



The release of Windows 10 will be exploited by scammers and identity thieves.  In particular you may receive emails or text messages with links or downloads that purport to be of Windows 10.  Don’t trust them.  Microsoft is not contacting people by emails or text messages regarding Windows 10.  Any email or text message, regardless of how legitimate it may look, that purports to be from Microsoft asking you to download an attachment or click on a link to install your Windows 10 is a scam.  If you click on those links or download those attachments all you will succeed in doing is downloading keystroke logging malware that will steal the information from your computer and use it to make you a victim of identity theft.  Microsoft will  also not be calling you on the phone to install Windows 10 either, so if you get a telephone call in which the caller represents that he or she is from tech support at Microsoft to help you download Windows 10, just hang up.  The call is from an identity thief only seeking to get access to your computer and its data.

Scam of the day – July 5, 2015 – Trump hotel chain hacked

July 4, 2015 Posted by Steven Weisman, Esq.

Donald Trump seems to be constantly in the news these days.  Whether it is for declaring his candidacy for President of the United States or for making inflammatory comments, Trump is omnipresent in the media.  However, the latest Trump news event is not one with which he must be pleased.  It has just been disclosed that the Trump Hotel Collection, which includes hotels in Chicago, Honolulu, Las Vegas, Los Angeles, Miami and New York has been hit with a Target-like credit card and debit card data breach that appears to have started at least as far back as February.  As with so many data breaches, it was discovered not by the company hacked but by credit and debit card processing banks that noticed a pattern of fraudulent use and traced the cards back to the Trump hotels.  This type of hacking and data breach is expected to happen again and again as companies still cling to the use of old fashioned credit and debit cards using magnetic strips rather than the more modern smart credit cards with computer chips that create a new one-time authorizing number each time the card is used.

Here is a link to a column I wrote for USA Today in September of 2014 in which I both described how these data breaches occurred and correctly predicted their continuing pattern.


There is little that we as credit and debit card users can do to protect ourselves from the security vulnerabilities of the companies with which you do business.  One important thing to do is to refrain from using your debit cards except in ATMs.  Using your debit card at retail establishments puts you at much greater risk of expensive identity theft in the event of a data breach at the company with which you are doing business because of weaker consumer protection laws regarding liability for fraudulent use of your debit card.  Although the deadline for companies being required to install smart credit card readers is months away, you should ask your credit card company for a replacement credit card with a computer chip now.  Some stores, most notably Wall Mart are already using the safer smart chip cards.  Whenever you can use the smart credit card, it is important to do so.

Scam of the day – July 4, 2015 – Update on hacking of Office of Personnel Management

July 4, 2015 Posted by Steven Weisman, Esq.

It was a month ago that I first reported to you about the hacking of the federal Office of Personnel Management (OPM) in which personal information on anywhere between 4 million and 14 million people was compromised.  The large discrepancy in the number of people who may have been affected by the hacking is due to the fact that although files on 4 million people were accessed, there was information on many millions more within those files.  The risk of identity theft is quite high for those affected by the data breach.  Meanwhile, as they always do, other scammers are taking advantage of people’s legitimate concern about their risk of identity theft and sending out emails that purport to be from the Office of Personnel Management appearing to offer help when all they really are doing is phishing for personal information that can be used to make the targeted person a victim of identity theft.  OPM has hired CSID, a company that provides identity theft protection and fraud resolution services and is offering 18 months of free credit report access, credit monitoring, identity theft insurance and recovery services to those people affected by the data breach.  However, be very skeptical of emails that appear to come from CSID offering assistance, but asking for information.  CSID’s URL for this purpose is  Be particularly wary if you receive an email purporting to be from CSID that is not from that address.  In fact, it is a good idea not to trust any email that asks for personal information without confirming first that it is legitimate.


First, if you are one of the millions of people affected by this data breach, I suggest that you go to the OPM’s website for the latest announcements as to the status of the data breach and what you can and should do to protect yourself.  Here is a link to the OPM’s page with the latest information:

Also, if you are affected by the data breach, here is a link to CSID’s website where you can safely enroll for services:

As for all of us, a good lesson to avoid becoming a victim of phishing that leads to identity theft, never click on links in emails or text messages or provide information requested in an email or a text message unless you have absolutely confirmed that it is a legitimate.  It is easy to send a phony email that looks quite legitimate.

Scam of the day – July 3, 2015 – Turkish man arraigned in worldwide financial hacking scheme

July 2, 2015 Posted by Steven Weisman, Esq.

Ercan Findikoglu who had been arrested in Germany in December of 2013 finally was extradited to the United States where last week he was arraigned on charges related to three major cyberattacks on the global financial system.  Findikoglu, a Turkish citizen is alleged to be the kingpin of an international gang that hacked into three credit and debit card processors and then manipulated the account data on prepaid debit cards to be dramatically increase the balances.  Findikoglu then is alleged to have distributed the stolen debit card information to cohorts around the world who would create cards and then use the phony cards to withdraw money from ATMs around the world.  One plot targeted cards issued by JP Morgan Chase, another by the National Bank of Ras Al-Khaimah in the United Arab Emirates  and a third plot targeted cards issued by Bank Muscat in Oman.  The debit cards of Bank Muscat were distributed to gang members in 24 countries who within a two day period did 36,000 ATM withdrawals totaling 40 million dollars.  The total amount stolen through all three bank hacks was 55 million dollars.


The international cooperation involved in this case is good news in the battle against cybercrime which is a crime that knows no borders.  Often the type of international cooperation required to effectively combat such cybercrime is lacking in the international community.  Hopefully, this case provides an indication of a positive change in the war against cybercrime.   Another positive change that is necessary in the battle against cybercrime is greater cooperation between hacked companies and law enforcement and other governmental agencies.  To date, Congress has not enacted the legislation necessary to make this happen, but it is expected that in the not too distant future we will see such laws mandating greater disclosure and cooperation between government and business.

Scam of the day – July 2, 2015 – A new Nigerian letter scam

July 1, 2015 Posted by Steven Weisman, Esq.

The Nigerian letter scam by which you are promised huge amounts of money through an email under various guises, such as an inheritance from a relative you never knew existed or a public official who needs help getting money out of his country is a scam that has actually been around since the 1500s when it was known as the Spanish Prisoner scam.  One thing that this scam has in common in all of its incarnations is that if you respond to the scam, you will not end up getting anything except a lesson in learning to be more skeptical.  Many people have paid thousands of dollars to Nigerian letter scam artists before they realize that they have been the victim of a scam.

I don’t publish every one of these types of letters that I receive, but I wanted to share this particularly creative version of the letter that I got last week.

“Federal Bureau of Investigation (FBI)
Anti-Terrorist And Monitory Crime Division.
Federal Bureau Of Investigation.
J.Edgar.Hoover Building Washington Dc
Customers Service Hours / Monday To Saturday
Office Hours Monday to Saturday:

Dear Beneficiary,

Series of meetings have been held over the past 7 months with the secretary general of the United Nations Organization. This ended 3 days ago. It is obvious that you have not received your fund which is to the tune of $2.3million Usd due to past corrupt Governmental Officials who almost held the fund to themselves for their selfish reason and some individuals who have taken advantage of your fund all in an attempt to swindle your fund which has led to so many losses from your end and unnecessary delay in the receipt of your fund.

The National Central Bureau of Interpol enhanced by the United Nations and Federal Bureau of Investigation and the International monetary funds have successfully passed a mandate to the current president of Nigeria his Excellency President Good luck Jonathan to boost the exercise of clearing all foreign debts owed to you and other individuals and organizations who have been found not to have receive their Contract Sum, Lottery/Gambling, Inheritance and the likes. Now how would you like to receive your payment? Because we have two method of payment which is by Check or by ATM card?
ATM Card: We will be issuing you a custom pin based ATM card which you will use to withdraw up to $3,000 per day from any ATM machine that has the Master Card Logo on it and the card have to be renewed in 4 years time which is 2015. Also with the ATM card you will be able to transfer your funds to your local bank account. The ATM card comes with a handbook or manual to enlighten you about how to use it. Even if you do not have a bank account.

Check: To be deposited in your bank for it to be cleared within three working days. Your payment would be sent to you via any of your preferred option and would be mailed to you via UPS. Because we have signed a contract with UPS which should expire in the next three weeks you will only need to pay $280 instead of $620 saving you $340 So if you pay before the three weeks you save $340 Take note that anyone asking you for some kind of money above the usual fee is definitely a fraudsters and you will have to stop any communication with every other person if you have been in contact with any. Also remember that all you will ever have to spend is $280.00 nothing more!
Nothing less! And we guarantee the receipt of your fund to be successfully delivered to you within the next 24hrs after the receipt of payment has been confirmed.

Note: Everything has been taken care of by the Federal Government of Nigeria the International Monetary Funds, The United Nation and also the FBI and including taxes, custom paper and clearance duty so all you will ever need to pay is $280.

DO NOT SEND MONEY TO ANYONE UNTIL YOU READ THIS: The actual fees for shipping your ATM card is $420 but because UPS have temporarily discontinued the C.O.D which gives you the chance to pay when package is delivered for international shipping We had to sign contract with them for bulk shipping which makes the fees reduce from the actual fee of $620 to $280 nothing more and no hidden fees of any sort!

To effect the release of your fund valued at $2.3million Usd you are advised to contact our correspondent in Africa the delivery officer Mr Nicholas Justina with the information below,

Full Name:Mr Nicholas Justina
Telephone: (719) 377-2771
You are advised to contact him with the informations as stated below:

Your full Name..
Your Address:…………..
Home/Cell Phone:…………..
Preferred Payment Method (ATM / Cashier Check)

Upon receipt of payment the delivery officer will ensure that your package is sent within 24 working hours. Because we are so sure of everything we are giving you a 100% money back guarantee if you do not receive payment/package within the next 24hrs after you have made the payment for shipping.

Yours sincerely,
Miss Donna Story


Although it should be apparent to everyone who reads this email that it is a scam, the very outrageousness of  the email is most likely intentional because as more people become aware of the Nigerian letter scam, the scammers do not want to waste their time on potential victims who may be skeptical of their scam, so they often send out emails like these that are so outrageous in an effort to catch only the most gullible and greedy.  Also note the misspelling of the word “monetary” that appears as “monitory crime commission.”  Of course, by the fact that you are reading Scamicide, you have already indicated that you are too smart to fall for this type of scam.  If you receive a particularly inventive or interesting Nigerian email, please share it with us here at Scamicide.

Scam of the day – July 1, 2015 – Critical Adobe Flash update

July 1, 2015 Posted by Steven Weisman, Esq.

Adobe Flash software is a highly used video software program so it should be of little surprise that it is highly scrutinized for vulnerabilities by hackers who exploit these vulnerabilities to gain access to their targets computers.  Unpatched vulnerabilities in Adobe Flash software were exploited by Russian hackers who hacked into the White House and State Department computer systems.  Recently, the security firm FireEye found attempts to attack aerospace, defense, construction, technology and telecom companies by exploiting a flaw in Adobe Flash uncovered by FireEye.  FireEye promptly notified Adobe which promptly created a patch for the problem.  A link to the patch can be found below.

The problem is that hackers are now distributing kits on black market websites that enable other hackers to exploit this vulnerability on computers that have not been updated and all too often individuals and companies fail to update their software in a timely basis.  Already this flaw is being exploited by hackers as a way of getting victims to download Ransomware on to their computers.  As I have written about many times before, Ransomware encrypts and locks your computer data.  The hacker then threatens to destroy the data unless a ransom is paid immediately.


Businesses, government agencies and individual computer users must make it a priority to install the latest security patches and updates as soon as they become available.  Time after time, companies, government agencies and individual computer users have become victims of devastating computer hacks that they could have easily avoided had they promptly updated their software with the latest security patches and updates as soon as they became available.  Don’t make this mistake.  Here at Scamicide we regularly provide you the links to the latest security patches.

Here is the link to the latest Adobe Flash security update:

Scam of the day – June 30, 3015 – SEC and Secret Service investigating insider trading data breach

June 30, 2015 Posted by Steven Weisman, Esq.

The Securities and Exchange Commission (SEC) and the Secret Service are investigating data breaches at about sixty companies in the biotechnology, medical instruments, hospital equipment and pharmaceutical drug fields that appear to have been going on since 2013.  The information stolen in these data breaches appears to have been used by the hackers, who have been identified as FIN4 by the security company FireEye, which first uncovered the hacking last year, for purposes of insider trading.  The hackers focused on executives within the targeted companies that had information about mergers and acquisitions as well as other information useful in predicting the movement of the stocks of these companies on the stock exchanges.  Insider trading on non-public information that moves a stock’s price is illegal.


At this point in time we do not know whether the hackers are Americans or are launching the attacks from somewhere outside of the country.  Although the evaluation and use of the precise information sought and stolen indicates that the hackers are quite sophisticated both in the health care industry and in financial markets, the manner by which the information was stolen was quite basic.  They used phony Microsoft Outlook login pages to trick the targeted individuals into providing their user names and passwords.  They would then view private emails and even, on some occasions interject themselves into email conversations in order to gather useful information.  Although this is particularly troublesome, regulators should be able to identify who made trades at opportune times and ultimately find the hackers.