Scam of the day – September 20, 2017 – Freedom from Equifax Exploitation Act introduced in the Senate

In the wake of the Equifax data breach, Senators Elizabeth Warren of Massachusetts and Brian Schatz of Hawaii have introduced legislation in the United States Senate entitled the Freedom from Equifax Exploitation Act or FREE Act.  Someone was obviously pretty adept when coming up with this acronym.

If passed, the bill would create a federal standard for credit freezes and require that they be able to be done and lifted at no cost to consumers at any time.  It also would require consumers to be refunded any charges incurred in freezing their credit reports at the other credit reporting agencies in response to the Equifax breach.  In addition it provides for consumers to receive more free copies of their credit reports.

TIPS

Here is a link to the full bill.

https://www.warren.senate.gov/files/documents/2017_09_15_Freedom_from_Equifax_Exploitation_Act_Text.pdf

If you support this bill, you should contact your Senators.    Here is a link for doing so.

https://www.senate.gov/reference/common/faq/How_to_correspond_senators.htm

Presently this bill stands little chance of passage, however if the public is heard, hopefully the laws will change to better protect our privacy and security in regard to credit reports.

Scam of the day – September 18, 2017 – Update on Equifax class actions

The fallout from the huge data breach at Equifax affecting 143 million Americans continues.  Senators Orrin Hatch and Ron Wyden of the Senate Committee on Finance have sent requests to Equifax for detailed information about the data breach.  In addition, the number of class actions filed against Equifax related to the data breach is now up to twenty three.

Class actions are lawsuits brought by a few individuals on behalf of many others similarly situated.  It is an effective way for consumers to seek redress from companies and the lawyers are paid on a contingency basis so there are no out of pocket expenses to the people who make up the class of harmed individuals.  Once the cases have been certified by the judges hearing the cases as appropriate  for class action status a federal panel will be convened to join the cases into a single lawsuit on behalf of all of the victims.  At that time there will be, most likely, a negotiated settlement, but if one cannot be reached, a trial will occur.   Generally in class actions, class members have the opportunity to either opt in or opt out of the class action, in which case they could bring their own individual lawsuits, although this is rarely productive.

TIPS

I will keep you informed as to the progress of the class actions so that you will be able to make intelligent decisions as to what to do in your own particular case in this matter.

Meanwhile it is imperative, if you have not already done so that you get copies of your credit reports from each of the three major credit reporting agencies and that you freeze your credit at each of the three major credit reporting agencies.

You can get your free copies of your credit reports by using this link.

https://www.annualcreditreport.com/index.action

Here are links to each of the credit reporting agencies for information about how to put a credit freeze on your credit reports: 

Scam of the day – September 17, 2017 – Scammers attempting to exploit Equifax data breach

As I often say, things aren’t as bad as you think – they are far worse.  It is not bad enough that 143 million Americans are at heightened danger of identity theft due to the massive data breach at credit reporting agency, Equifax, but now scammers are seeing the concern of people about the data breach as an opportunity to scam them out of their money.

Scammers are contacting people by phone, email and text messages posing as Equifax claiming that they are there to help the victims of the data breach, when the truth is that the scammers merely want to lure you into providing personal information and use it to make you a victim of identity theft.   You can’t trust your Caller ID because through a technique called “spoofing” it can be manipulated to make a call from a scammer appear to be coming from Equifax.

TIPS

It is a good rule to never provide personal information of any kind to someone who calls you on the phone.  If the call appears legitimate, call the person, company or agency back at a telephone number that you know is accurate.

The same rule applies to emails and text messages you receive.  Never provide personal information until you have confirmed that the communication is legitimate.

In this case, Equifax is not contacting victims by email, phone or text messages asking for personal information or credit card information.

Scam of the day – September 16, 2017 – New Adobe security updates

In July I told you that Adobe finally announced that it will be retiring its Adobe Flash software.  However, until that time, they are issuing new security updates and if you are  user of Adobe Flash, you absolutely should install the latest security patches, such as those just released by Adobe as indicated in a link below.

Flaws in Adobe Flash have been exploited by hackers and identity thieves against individuals, companies and government agencies including the U.S. State Department and the White House.  In 2010 Steve Jobs vociferously complained about its security and it has routinely been cited as being extremely vulnerable.  Despite security patch after security patch, new problems keep coming up.  According to security company, Symantec in 2015 80% of the newly discovered software vulnerabilities which can be exploited by malware created by cybercriminals involved Adobe Flash.

Microsoft already blocks Adobe Flash by default in its Edge browser due to security concerns.  Microsoft also blocks outdated versions of Adobe Flash from running in Internet Explorer on Windows 7.  If you use Windows 8.1, Windows 10 or Windows Server 2012R2, this will not affect you because these systems automatically install Adobe Flash security patches.  In addition, to Microsoft Google, Apple and Mozilla block Adobe Flash.   Apple has blocked Adobe Flash from iPhones since 2010.  If you have not already switched to alternative software to Adobe Flash, now is a good time to do so.

TIPS

If you are going to continue to use Adobe Flash, it is imperative that you update your software with the latest security patches when they are issued and here at Scamicide, we will inform you about security patches for Adobe Flash as soon as they are issued.

Here is a link to the latest security patches for Adobe Flash that have just been issued.

https://www.us-cert.gov/ncas/current-activity/2017/09/12/Adobe-Releases-Security-Updates

However, it may well be time for you to replace Adobe Flash to avoid future problems.

Here is a link to a website with alternative plugins you may wish to consider to replace Adobe Flash.

http://alternativeto.net/software/flash-player/

Scam of the day – September 15, 2017 – The importance of updating your software

I am constantly preaching about the importance of not using outdated software which is not updated with the latest security patches, such as we saw as the basis for the WannaCry ransomware attack which exploited vulnerabilities in the Windows XP operating system, which Micosoft had long ago stopped supporting with security updates.

It is important to update all of your software with security patches as soon as they become available.  Equifax has recently confirmed that the vulnerability exploited by hackers in its recent massive data breach was in the Apache Struts software used for developing apps.  The specific vulnerability was designated as CVE-2017-5768.  The problem is that this vulnerability was first exploited by hackers against Equifax in May while a security patch was made available as shown here this security update in March.  https://nvd.nist.gov/vuln/detail/CVE-2017-5638

If Equifax had been prompt in its updating of its Apache Struts software, it could have avoided this data breach.

TIPS

The lesson is clear.  Update all of your software programs as soon as security patches are available and whenever possible, make the updating of security patches automatic so you don’t even have to take any specific action yourself to make sure that you are operating the most safe and secure versions of your software.

Scam of the day – September 14, 2017 – Beware of hurricane damaged used cars

As if Hurricane Harvey and Irma were not bad enough, some of the more than a million cars damaged by these two hurricanes will be turning up as used cars, often being sold to unsuspecting buyers.   Scammers will often put together phony title papers that may indicate the car is from the West coast when in fact, it originally came from Texas or Florida and may contain hidden water damage that could present serious safety problems. The practice of transporting a car to another state and re-registering it is called “title washing.”

TIPS

Whenever you purchase a used car you should always get a full report on its history.  The United States Department of Justice operates The National Motor Vehicle Title Information System which provides much information about used cars.  The NMVTIS provides a list of various companies such as Carfax that have been approved to provide reliable reports.  These companies charge between $2.95 and $12.99 for a report that will provide detailed information on any used car you are considering purchasing. However, as a courtesy to consumers, Carfax is making its data base available at no cost at this time for people to check on the history of a car before they buy it.  Go to   https://www.carfax.com/press/resources/flooded-cars

Also, you should have a mechanic whom you trust always check out any used car that you are considering buying.

Scam of the day – September 13, 2017 – A new twist on the mystery shopper scam

I have been warning you about mystery shopper scams for years, however these scams continue to trap unwary victims so it is important to alert you to new developments in this scam.

Mystery shoppers are people hired to shop at a particular store and report on the shopping experience for purposes of quality control.  Unlike many scams, there actually are legitimate mystery shopper companies, but they never advertise or recruit through emails.

I first learned about this particular mystery shopper scam when contacted by a Scamicide reader who thought she had been contacted by the National Shopping Service Network which is a legitimate mystery shopping company, however, the truth is that scammers are using the name of this legitimate company to fool unwary victims.

The manner in which the scam works is that when you answer an advertisement, an email or a text message to become a mystery shopper and you are sent a bank check or, in the case of the recent Scamicide reader, a US Postal Money Order, to deposit and use for your shopping.  You spend some of the money on the goods that you purchase which you are allowed to keep and also are directed to keep some of the balance of the check as payment for your services.    You are generally instructed to return the remaining funds by a wire transfer.  In a new twist encountered by the Scamicide reader, the scammers wanted funds to be sent back by way of iTunes gift cards. The problem is that the check or money order is counterfeit, but the money you send by wire or by iTunes cards is real and lost forever.

 TIPS

One reason why this scam fools so many people is that there really are mystery shopping jobs although the actual number is quite few and they do not go looking for you. An indication that you are involved with a scam is when you receive a check for more than what is owed you and you are asked to wire the difference back to the sender.  This is the basis of many scams.  Whenever you receive a check, wait for your bank to tell you that the check has fully cleared before you consider the funds as actually being in your account.  Don’t rely on provisional credit  which is given after a few days, but which can be rescinded once a check bounces and never accept a check for more than what is owed with the intention to send back the rest.  That is always a scam.  Also be wary whenever you are asked to wire funds  or send gift cards because this is a common theme in many scams because it is difficult to trace and impossible to stop.  Legitimate companies do not use gift cards as payments.

Specifically in regard to the real National Shopping Service Network, they do not communicate with people through private email addresses such as aol or gmail.  They also do not use cashier’s checks, iTunes cards or wire transfers for transactions.  These are indications of a scam.

Scam of the day – September 12, 2017 – IRS warns tax professionals about new ransomware attack

The IRS has issued a warning to tax professionals about a new IRS themed ransomware attack presently being sent by email.  If someone were to click on the link in the email, ransomware would be downloaded that would encrypt and lock the information of the person falling for the scam leaving the victim facing the dilemma of having to pay a ransom in order to retrieve his or her computer data or face the threat of having the data destroyed.

Here is a copy of the email presently being circulated.  As phishing emails go, this one is not particularly convincing.  It is filled with grammatical and punctuation errors which often are a sign that the scam originated in a country where English is not the primary language.

IRS questionnaire text with IRS and Department of Justice logos

TIPS

The IRS does not initiate contact with taxpayers or tax professionals by email or text messages to request personal or financial information.  In addition, to avoid all kinds of malware including ransomware, you should never click on links in emails or text message unless you have confirmed that the email or text message is legitimate.  Specifically to protect yourself from ransomware, individuals as well as companies and government agencies should backup all data regularly and make sure that security software is constantly updated with the latest security patches.

Scam of the day – September 11, 2017 – Social media tech support scams

As with any technology that we use, there usually comes a time when you need some tech support for large or small problems that may occur. Unfortunately, for much social media, you will not readily find a telephone number to call and speak to a real person about your problem. However when that happens, unfortunately many people turn to the Internet to search for a tech support telephone number and end up getting a telephone number for a scammer who will induce the victim to make a payment, often by iTunes gift cards, which are particularly popular with scammers these days.  Other times the scammers trick their victims into providing personal information that can be used to make the person a victim of identity theft.

TIPS

Among the social media services that do not provide tech support by phone are Facebook, Instagram, Snapchat and Twitter.  Here are links to tech support for those social media services:

Facebook:  https://www.facebook.com/help/

Instagram: https://help.instagram.com/

Snapchat: https://support.snapchat.com/en-US

Twitter: https://support.twitter.com/