Category: ‘Site Related’

Scam of the day – July 23, 2016 – Six month jail term for celebrity hacker

July 23, 2016 Posted by Steven Weisman, Esq.

Earlier this week, twenty-nine year old Andrew Helton was sentenced to six months in prison for hacking hundreds of Apple and Google accounts including many of celebrities  and stealing 161 nude or partially nude photos from thirteen people.  I first reported to you about Helton when he pleaded guilty to the hacking charges in February of this year.

Between March 2011 and May 2013, Helton used a simple phishing scheme to steal the usernames and passwords of 363 Apple and Google email accounts including those of many celebrities.  Once he had access to his victims’ email accounts he was able to access all of the contents of their email accounts including 161 sexually explicit or nude images of thirteen of his victims.  It should be noted that Helton did not post any of the stolen photos online and his case is totally unrelated to the stealing and posting of nude photos of celebrities including Jennifer Lawrence and Kate Upton that occurred in September of 2014 although a similar phishing tactic was used to obtain the usernames and passwords of the victims.

Helton obtained the usernames and passwords of his victims by sending emails to his victims that appeared to come from Apple or Google in which his victims were asked to verify their accounts by clicking on a link which took them to a website that appeared to be a login page for Apple or Google.  Once they entered their information, Helton had all that he needed to access his victims’ accounts.  It is interesting to note that in a letter to the court, Helton emphasized his lack of computer talent saying, “There was no expertise involved.  All I did was essentially copy and paste.” Even the email addresses of his targets were obtained from easily accessed contact lists online.  The fact that such havoc could be spread by someone without having particular computer skills points out how easily any of us can be victimized if we do not take proper precautions.

TIPS

The type of phishing scam used by Helton is one used by many other scammers and it is easy to defend against.  Always be skeptical when you are asked to provide your personal information, such as your user name, password or any other personal information in response to an email or text message.  Trust me, you can’t trust anyone.  Always look for telltale signs that the communication is phony, such as bad grammar or the sender’s email address which may not relate to the real company purporting to send you the email.  Beyond this, even if the email or text message appears legitimate, it is just too risky to provide personal information in response to any email or text message until you have independently verified by contacting the company that the communication is legitimate.

In addition, you should not store personal data or any photos or other material on your email account. Store such data in the cloud or some other secure place.

Scam of the day – July 22, 2016 – Home Depot class action update

July 22, 2016 Posted by Steven Weisman, Esq.

As I reported to you in March a tentative settlement was reached between Home Depot and the plaintiffs in a class action on behalf of the 56 million victims of Home Depot’s massive data breach which occurred between April and September of 2014.  The tentative settlement provides for a 13 million dollar fund to reimburse victims for out of pocket losses incurred  with an additional 6.5 million dollars being set aside for legal fees and other related expenses.  Home Depot announced also agreed to provide eighteen months of free credit monitoring through security company All Clear ID to affected shoppers.  You can receive payments through the settlement if you used your credit or debit card at a self checkout lane at Home Depot between April 10, 2014 and September 23, 2014 and your card information was stolen.  You also are eligible for a payment if you received notification that your email address was compromised or if you specifically received a settlement notice informing you that you are a member of the class action.  Payments of as much as $10,000 will be made to claimants who suffered out of pocket losses and unreimbursed charges as a result of the data breach.  In addition, affected shoppers can receive payments of $15 per hour for time spent remedying the problems they encountered as a result of the data breach.

Similar to the major data breach at Target which occurred a year earlier, Home Depot’s computers and credit card processing equipment were hacked when a third party party vendor’s computers were hacked thereby enabling the hackers to steal the passwords necessary for the third party vendor’s to access Home Depot’s computers.  As an additional part of the settlement Home Depot committed to make greater efforts at data security.

TIPS

If you believe you are entitled to payment as a part of the class action, click on this link for more information and to get the claim form which must be filed by October 29th.   http://www.homedepotbreachsettlement.com/frequently-asked-questions.aspx

A hearing on final approval of the settlement will occur on August 12th in the Federal District Court for Northern Georgia.

As for all of us, even if we were not a victim of this particular data breach, it is important to remember that we are only as safe as the places with which we do business that have the weakest security.  Greater use of EMV smart chip credit cards will reduce the effects of data breaches aimed at gaining credit card and debit card information, but many stores still have not shifted over to the new equipment required to process EMV smart chip credit cards.  However, whenever you can, you should use your EMV chip card.

Also, do not use your debit card for retail purchases.  Limit its use to ATMs.  There are strong laws to protect you from fraudulent use of your credit card, but the laws protecting you from liability in the event of fraudulent use of your debit card are not as strong and you potentially risk losing your entire bank account to which the card is attached.  In addition, even if you report the fraudulent use of your debit card immediately, your bank will freeze your account while it investigates the breach which can be very inconvenient if you need immediate cash or have bills automatically paid from your account.s

Scam of the day – July 21, 2016 – Hackers attack unpatched computers

July 21, 2016 Posted by Steven Weisman, Esq.

Recently it was disclosed by the security research firm Proofpoint that a twelve year old malware program known commonly as NetTraveler has been used by Chinese hackers against Russian and Eastern European targets exploiting a vulnerability in Microsoft Word designated as CVE-2012-0158.  This malware program enabled the hackers to infiltrate the computers of their victims who generally downloaded the malware as a result of clicking on links in spear phishing emails.  What is particularly significant about this cyberthreat is that this specific vulnerability was patched four years ago, but many people and companies have still not installed the patches necessary to defend against this particular malware thus leaving them needlessly vulnerable.  Similarly, ransomware, which has developed into a major threat to companies, governments and individuals by which their computer data is encrypted with the hacker threatening to destroy the data unless paid a ransom has turned into a huge worldwide problem.  However, the problem is somewhat bigger than it needs to be as some hackers are still using old ransomware programs for which security patches have already been issued, but failed to be installed by many companies, government agencies and individuals.

It is hard enough to defend yourself against the numerous zero day exploits which are the newer strains of malware exploiting vulnerabilities for which there are no existing security defenses.  Once discovered it can take thirty days or more for the security software companies to come up with a patch for the latest zero day exploits.  However,  no one should fall victim to a malware program for which there already exists a security patch.

TIPS

The solution to protecting yourself from various types of malware including ransomware is to first avoid them in the first place by avoiding spear phishing emails and text messages.  Don’t click on links unless you have absolutely confirmed that they are legitimate.  Installing anti-phishing security software is also advisable, but not totally effective so you should not entirely rely on it to screen all of your phishing emails. Secondly, you should install the latest security updates to all of your software programs as soon as they become available.  The best way to do this is to have updates installed automatically, but in any event, make sure you do not delay installing security updates and patches as soon as they become available.  Here at Scamicide we let you know when important new security updates are issued.

Scam of the day – July 20, 2016 – Baseball executive sentenced for hacking

July 20, 2016 Posted by Steven Weisman, Esq.

In July of 2014 I first reported to you about the hacking of the computers of the Houston Astros baseball team.   After a prolonged investigation, Christopher Correa of the St. Louis Cardinals pleaded guilty in January of 2016 to hacking the private online data base of the Astros called Ground Control that contained tremendous amounts of confidential data including scouting reports and statistics on baseball players.  At the time he did the hacking, Correa was the Director of Baseball Development for the St. Louis Cardinals.   Correa was fired by the Cardinals when he first became a suspect in the hacking of the Astros.  A current Astros employee had worked previously for the Cardinals and Correa was able to easily guess the password used by him to access Ground Control by merely using variations of the password the Astro employee had used when he worked for the Cardinals.  Armed with this password, Correa stole data from Ground Control for use by the Cardinals.  Correa has now been sentenced to 46 months in prison and ordered to pay restitution of $279,038.65.  Now that the criminal case against him is over, Major League Baseball is beginning its own investigation that could result in serious consequences for the Cardinals.

TIPS

Although this story reads like fiction, perhaps the biggest lesson for all of us from this story is the danger of using the same password or slight variations thereof for all of your accounts, which unfortunately is a habit that many people have gotten into.  Hackers will often steal passwords of customers from companies when they commit a data breach and then use those passwords for identity theft purposes at banks, brokerage houses and other companies where the victim can suffer substantial financial losses.  The best course to follow is to have a difficult to crack password that is unique for every account.

Scam of the day – July 19, 2016 – Another version of the Nigerian scam

July 19, 2016 Posted by Steven Weisman, Esq.

Today’s Scam of the day comes from the email of a Scamicide reader.   I am sure that the same email has been sent to many of you, as well.  This is just another version of the Nigerian email scam.  Although it may seem that the Nigerian email scam began in the era of the Internet, the basis of the scam actually goes back to 1588 when it was known as the Spanish Prisoner Scam.  In those days, a letter was sent to the victim purportedly from someone on behalf of a wealthy aristocrat who was imprisoned in Spain under a false name.  The identity of the nobleman was not revealed for security reasons, but the victim was asked to provide money to obtain the release of the aristocrat, who, it was promised would reward the money-contributing  victim with great sums of money and, in some circumstances, the Spanish prisoner’s beautiful daughter in marriage.

In the various versions of this scam circulating on the Internet today, you are promised great sums of money if you assist a Nigerian in his effort to transfer money out of his country.  Variations include the movement of embezzled funds by corrupt officials, a dying gentleman who wants to make charitable gifts or a minor bank official trying to move the money of deceased foreigners out of his bank without the government taking it.  The example below of the email  received by a Scamicide reader whose name I have crossed out involves “donating” money to the recipient of the email for charitable purposes.   Although generally, you are told initially in these scams that you do not need to contribute anything financially to the endeavor, you soon learn that it is necessary for you to contribute continuing large amounts of money for various reasons, such as various fees, bribes, insurance or taxes before you can get anything.  Of course, the victim ends up contributing money to the scammer, but never gets anything in return.

Here is a copy of the email recently received by a Scamicide reader:

“Dear  XXXXXX,

I got your details after an extensive on-line search Via (Network Power Charitable Trust) for a reliable person, I’m Mrs.Rose Duggan, 61 years old dying woman who was diagnosed for cancer about 4 years ago,I have decided to donate ($10,500,000.00) to you for charitable goals.Contact me if you are interested in carrying out this task, so that i can arrange the release of the funds to you.

Thank you and God bless you.
Mrs.Rose Duggan”

TIPS

This is a simple scam to avoid.  It preys upon people whose greed overcomes their good sense.  The first thing you should ask yourself if you receive such an email is why would you be singled out to be so lucky to be asked to participate in this arrangement.  Since there is no good answer to that question, you should merely hit delete and be happy that you avoided a scam.

Many people wonder why cybercriminals and scammers send out such ridiculously obvious scam letters that anyone with an ounce of sense would recognize as a scam, but that may be intentional on the part of the scammer because if someone responds to such an obvious scam, they are more likely to be gullible enough to fall prey to the scam.

Scam of the day – July 18, 2016 – Facebook cloning or spoofing

July 18, 2016 Posted by Steven Weisman, Esq.

Just last weekend, I received three “friend” requests on Facebook from people who were already Facebook friends of mine, which is an indication that someone had set up new Facebook pages in their names and was attempting to lure their friends into becoming friends with the hacker.  This scam is called either Facebook cloning or Facebook spoofing and the goal of the hacker is to get people to respond to the new friend request and then to lure the friends of the person whose Facebook page they commandeered to trust communications and postings from the cloned page in an effort to get them to click on links and download malware or ransomware or respond to emergency requests by sending money.

TIPS

There are many things you can do to protect yourself from this type of scam.  Scammers harvest information from social media to help them in their scams so the first thing you should do is to check to see if the public is able to see your posts.  Click on the padlock at the top right hand side of your Facebook page and click on “Who can see my stuff?”  It should say “friends,” but if it says “public” you should change that setting to “friends” to increase your privacy.

As for accepting friend requests, if you are already a friend of the person, don’t accept a second request.  Also, when accepting friend requests, don’t do it from the friend request email.  Instead go directly to your Facebook page from your browser and not from a link in the email because it could be a phishing scam seeking to steal your password or other information.

Finally, it is worth repeating that you should never trust any communication that contains a link until you have confirmed independently that the communication is legitimate.  The risk of malware in a link found in social media, a text message or email is just too great.

If your Facebook account has been cloned, here is a link that will take you to Facebook with tips as to what to do and how to report the problem.  https://www.facebook.com/help/174210519303259

Scam of the day – July 17, 2016 – Pokemon Go scam

July 17, 2016 Posted by Steven Weisman, Esq.

It hasn’t taken very long for the Pokemon Go app to become the most downloaded phone app in the United States and it is equally popular around the world.   As I am sure you all know, the Pokemon Go app uses the popular Pokemon characters from twenty years ago and has updated them into a virtual reality game and, using GPS, allows gamers to  go out in the real world with their smartphones and catch Pokemon characters in the blended real and virtual worlds.  Of course, anything this popular will be used in some fashion to scam people and Pokemon Go is no exception to this rule.

The Pokemon Go app is free.  Nintendo and Niantic Labs, the developers of the new Pokemon Go app make money when gamers use real money to buy virtual currency called PokeCoins which gamers can use to purchase items to enhance the game experience such as eggs which hatch rare Pokemon or incense to lure Pokemon to their location.  Scam artists, the only criminals we refer to as artists are sending people emails such as the following, attempting to lure their victims into paying them to continue playing Pokemon Go.

“We regret to inform you that due to the overwhelming response to our new Pokemon Go app and the need for more powerful servers we can no longer afford to keep your account as free.  Your account will be frozen in 24 hours if you do not upgrade.”

You are then told to sign up for the new upgraded version at a cost of $12.99 per month.  People signing up for the service risk not only losing money, but turning over passwords and other personal information to a scammer who can use that information to make you a victim of identity theft.

TIPS

So how do Erica and everyone else playing Pokemon Go protect themselves from these scams?  Here is a list of important steps to take.

  1.  Remember that Pokemon Go is a free app and Nintendo is not charging for upgrades.  Any notices you receive to the contrary are scams and should be ignored.
  2.  Install the updated version of the Pokemon Go app since the original version unintentionally invaded your privacy by providing full access to your Google account.
  3. Use a strong password and make sure that you don’t use the same password for your Pokemon Go account for any other account.
  4. Make sure that your smartphone is protected with security software and keep it up to date with the latest security patches.

July 16, 2016 – Steve Weisman’s latest column from USA Today

July 16, 2016 Posted by Steven Weisman, Esq.

With all of the uproar about Hillary Clinton’s email usage, I wondered how careful the rest of us are in our use of email. Here is a column I wrote for today’s edition of USA Today in which I describe how to safely and securely use email.

http://www.usatoday.com/story/money/columnist/2016/07/16/careless-emails-cybersecurity-clinton/86873874/

Scam of the day – July 16, 2016 – Google warning Gmail users about foreign hackers

July 16, 2016 Posted by Steven Weisman, Esq.

State sponsored hacking from countries such as China, North Korea and Russia pose a threat to everyone, but Google, which has for years been monitoring hacking attempts by foreign governments, is notifying Gmail customers when Google has reason to believe that their Gmail accounts are being targeted.  If Google finds that you have been targeted you will receive the following message that takes up your entire screen warning you of the danger and urging you to use the more security dual factor authentication.  In its warning, Google indicates that less than 0.1% of all Gmail accounts are targeted, however, it is important to note that this percentage translates into more than a million people who are in jeopardy.

Screen Shot 2016-04-01 at 3.52.40 PM

TIPS

As I have suggested many times, whenever you have the opportunity to use dual factor authentication, it is a wise choice to make because even if someone manages to steal your password or even trick you into providing it, as was the case with Jennifer Lawrence when she was convinced by a phishing email to provide her password to a cybercriminal who used it to access nude photos of her that she stored in the cloud, the hacker will not be able to access your email or other account because a special code provided to you through your cell phone is required whenever you wish to gain access to your account.

Finally, as I so often say, even paranoids have enemies so I urge you to err on the side of caution if you receive this type of notice and not necessarily trust it.  It could be a phishing communication from a cybercriminal luring you into clicking on a link which will either get you to provide personal information that can be used to make you a victim of identity theft or will download keystroke logging malware or ransomware.  The best course of action would be to merely go to Google directly from your browser without clicking on the link contained in the notification.  Here is a link you can trust that will take you to instructions for enabling dual factor authentication for Gmail  https://support.google.com/accounts/answer/185839?hl=en

Scam of the day – July 15, 2016 – Omni Hotels data breach

July 14, 2016 Posted by Steven Weisman, Esq.

Omni Hotels and Resorts just became the latest hotel chain to suffered a massive data breach joining Hyatt, Hotels, Starwood Hotels, Hilton Hotels and Trump Hotels who all suffered similar data breaches in the last year in which credit card and debit card information of their customers was stolen by unknown hackers.  Although the data breach at Omni was just recently discovered, it goes back to December 23, 2015 and was stealing credit card and debit card data from Omni Hotels up until June 14, 2016.  The Omni data breach affected forty-eight of Omni’s sixty hotels in North America.  As often is the case, hackers who steal the credit and debit card data sell it in large batches to other cybercriminals on a part of the Internet called the Dark Web.    The first batches of stolen credit cards and debit card information started turning up on the Dark Web in February of 2016.  The hotel industry continues to be an easy target for hackers as it is an industry that services large numbers of people and often the hotels are individually operated franchises rather than operating under a central data security system.  It should be noted, however, that Omni does not operate franchises.

The primary reasons for the continuing problem of data breaches at hotel chains are the weak cybersecurity of many hotel chains coupled with these companies still using credit card and debit card processors for cards with magnetic strips rather than the safer smart EMV chip cards.  Regulations effective October 1, 2015  mandated credit card issuers and retailers switch over to the new smart EMV chip cards or risk increased legal liability, but unfortunately, many companies have been slow to switch to the new card processing equipment.  If smart EMV chip cards had been used at Omni hotels, the card information that was stolen would have been worthless, but since they still used the old fashioned magnetic strip cards, Omni and its customers face financial problems from this data breach.

TIPS

Until credit card issuing companies and brick and mortar stores and businesses that take credit cards switch to the new smart EMV chip cards, this story will, as I predicted  more than a year ago, continue to occur again and again.  As for us, as consumers, the best we can do is to refrain from using our debit cards for anything other than an ATM card because consumers whose debit card security has been breached are not protected as much as when a credit card is used for fraudulent purchases.  In addition, if you do not already have a new smart EMV chip card, you should demand one from your credit card company.  You also should regularly monitor your credit card statements for indications of fraudulent use.

Certainly if you have been an Omni customer since December 23, 2015 you should carefully review your credit and debit card statements for indications of identity theft and fraudulent charges.  If you were affected by this particular data breach, Omni  is offering free credit monitoring services for a year through AllClear ID.  You can sign up for these services by clicking on this link  https://omnihotels.allclearid.com/