Scam of the day – November 13, 2012 – Online greeting card scams

As we begin our descent into the holiday season there will be many holiday season related scams which we will be discussing over the next few weeks.  One that has been very prevalent of late is that of online greeting cards.  They are easy to send.  Many are free.  Many are very entertaining and they offer a chance to send a timely greeting even if you have forgotten an important holiday, birthday or anniversary until the last minute.  However, they also are fraught with scams and dangers.  Clicking on a phony online greeting card sent to you can result in your downloading a keystroke logging program that will steal all of the information from your computer and make you a victim of identity theft.

TIPS

When a legitimate card is sent to you, the email message will state the name of the person who is sending you the card.  When the message states that it is from “a friend” or a “secret admirer” you should not click on the link because if you do so, you will download a dangerous keystroke logging program.  As an additional precaution you should also make sure that your Firewall and security software are constantly kept current and up to date.  Finally, if you get an online greeting card from a name that is a common name, you should contact that person before opening the card to make sure that the card is legitimate.

Scam of the day – November 12, 2012 – Hospital data breach

Earlier this week officials at the Women & Infants hospital in Rhode Island disclosed that ultrasound images along with personal data including names, birthdates and Social Security numbers of approximately 14,000 patients was lost.  Although the data was discovered to be missing in September, it was not until this past Monday that the hospital warned the affected patients that their personal information was missing.  At this point in time it is not known if the data was stolen or merely accidentally misplaced.  What is known is that, once again, the data was not encrypted so that anyone stealing or finding the information would be in a position to use it for identity theft.  In the light of similar data breaches that have occurred for years, this neglect is inexcusable.

TIPS

You have to be particularly vigilant with the information held by medical facilities and providers because along with your other personal data, they hold medical insurance information that if it falls into the wrong hands can make you a victim of medical identity theft, which, as I have described in earlier postings is a particular insidious form of identity theft that is difficult to fix and can even result in your receiving dangerously improper medical care as the medical identity thief’s medical information becomes mixed with yours.  Whenever you use a medical provider ask them specifically if they encrypt their data and what they do to make sure their data is secure.

Scam of the day – November 11, 2012 – Moneygram scam settlement

Wiring money is a part of many scams because scammers know that it is both quick and difficult to trace.  In addition, wired money is the equivalent of cash.  In fact, any time that you are asked as a part of any financial transaction to wire funds, you should consider the possibility that it is a scam.  That is not to say that all wired transactions are scams, but it certainly is something that should put you on the alert.  That being said, earlier this week MoneyGram, a company that specializes in wiring funds agreed to pay 100 million dollars as a part of a settlement with the United States Department of Justice which had brought charges against MoneyGram International, Inc. accusing the company of not doing enough to stop fraud through the use of its services.  Remembering the old adage, “When you are getting run out of town, get in front and look like you are leading the parade,” the CEO of MoneyGram said that they agreed to the fund to be used to provide compensation to victims of scams that utilized the services of MoneyGram because “We take compliance very seriously at MoneyGram and nothing angers us more than when our services are used to perpetrate illegal activity.”  It should be noted that MoneyGram as a company did not perpetrate any frauds, however, the allegations are that as with other companies that wire funds, they had not done enough to stem the use of their services for fraudulent purposes.

TIP

The lesson of this case is to always be wary when you are asked to wire funds in any transaction.  That very fact should make you more alert to the possibility that the transaction might be a scam and should make you more cautious.  Remember that when you wire money, the funds are gone.  If there is a problem later or fraud involved, you are out of luck.  The money is gone and you generally have no recourse.

Scam of the day – November 10, 2012 – Latest Twitter hacking

A common technique used by scammers and identity thieves is to send you an email or text message purporting to be from companies with which many people do business, such as large national banks, Facebook, Twitter or Ebay telling you that there has been a security breach of your account and that it is necessary for you to take particular steps to protect your data and your account.  The email or text then requires you to provide confirming personal information, which then is used by the identity thief to make you a victim of identity theft or requires you to click on a link to take you to a page where you will be assisted in protecting your account when in actuality what you do by clicking on the link is download keystroke logging malware that will steal all of the information on your computer and make you a victim of identity theft.  However, a similar email that many Twitter users are receiving is actually legitimate, however, there is more to the story.  The legitimate email from Twitter reads “Twitter believes that your account may have been compromised by a website or service not associated with Twitter.  We’ve reset your password to prevent others from accessing your account.”  The email then instructs people as to how they can change their passwords to the password they now wish to use.  The number of Twitter users receiving the email actually is more than the number of Twitter users that were actually in danger of having their accounts hijacked, but Twitter affirmatively decided to err on the side of caution and change more account passwords than might have been necessary and it is hard to criticize that decision although it is possible that the broad resetting of passwords may also have represented a mere mistake by Twitter in determining what accounts were in jeopardy.  But there is another scam of which you should be aware.  Knowing that the word is getting out that the email from Twitter is legitimate, scammers will be emailing and texting their phony versions of this email representing themselves as Twitter. In the scammers emails they will be either asking for personal information or directing you to link to a page to reset your password that will download that keystroke logging malware program I warned you about.  Don’t provide such information and don’t click on any links unless you are sure they are legitimate.

TIPS

The real email from Twitter does contain a link to go to change your password, namely https://twitter.com.  However, you are better protected by not clicking on the link, but typing the real address directly into your address line.  The real email from Twitter does not ask for personal information. If you are asked for personal information, the email you got is from a scammer.   Also check out the address from which you your email is coming and if it isn’t the real email address of twitter as indicated above, don’t trust it.  Don’t even trust an email from an address that contains the word “twitter” in it because that may be from a scammer who just used the name in the phony address.

CREDIT FREEZE

A credit freeze is, as the name implies, a freezing of your credit report at your request whereby no one can have access to your credit report even if they have your Social Security number and other personal information about you.  You control access to the credit report through a special PIN that you choose.   Thus, even if someone was able to steal your Social Security number, they could not parlay that into access to your credit report to be  able to purchase things or set up accounts using your name.  If you need to thaw out your credit report at such times as you want to apply for credit in the future, it is an easy procedure to do so using your PIN; then, after your new credit has been established, you can freeze your credit report again.

Here is a link to Consumers Union’s webpage that describes the credit freeze laws for each individual state.  Because the laws differ from state to state, you should check on the laws for your own particular state when putting on a credit freeze because the costs differ from state to state.  http://defendyourdollars.org/document/guide-to-security-freeze-protection

Having your credit frozen will not affect your ability to get your annual free credit reports from each of the three major credit-reporting agencies Equifax, Experian and TransUnion.  It is important to put a credit freeze on your credit report at each of the three major credit reporting agencies.  Here are the links to each of them where you can go to freeze your credit.

Equifax  https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp

TransUnion:  https://freeze.transunion.com/sf/securityFreeze/landingPage.jsp

Experian   https://www.experian.com/freeze/center.html

Scam of the day – November 9, 2012 – Image stealing malware

Regular visitors to this website/blog have read about keystroke logging malware that can be unwittingly downloaded on to your computer when you think you are downloading free music, free games, or are persuaded to click on a link in a tainted email.  Once installed on your computer, this type of malware, which is often called a Trojan Horse for obvious reasons, can read everything in your computer that is contained in documents or text.  Now, however, a new type of malware is appearing that steals the images that are stored on your computer in formats such as .jpg, .jpeg or .dmp.  While you might wonder what problem would be presented by the stealing of your photographs or scans, you should consider what files you do have in such formats.  Many people will scan financial documents into their computers, which can provide an identity thief using this type of malware which is called a Pixsteal Trojan, with all of the information he or she needs to make you a victim of serious identity theft.  In addition, many people may keep photographs of a private nature on their computer, which, if they fall into the wrong hands can result in blackmail.

TIPS

You should take the same precautions to avoid Pixsteal Trojans as you do any other Trojan Horse malware.  Never click on links unless you are sure that they are not risky.  As I always say, trust me, you can’t trust anyone.  Even if you get an email or a Facebook message that appears to be from a friend, it may actually be from someone who has hacked into their account so you can’t trust it.  And even if it really is from your friend, they may unwittingly be passing on the malware that they unknowingly downloaded on to their own computer and are now passing on to you.  Also, maintain your security software up to date on all of your electronic devices including smart phones and other portable devices.

Scam of the day – November 8, 2012 – South Carolina data breach update

As I first reported to you on October 31st, foreign hackers succeeded in stealing the computer records of 3.6 million South Carolina citizens from the South Carolina Department of Revenue.  These records contained a treasure trove of information for identity thieves including names, Social Security numbers, credit card numbers and debit card numbers.  What is particularly troubling about this data breach is that we have heard this all before.  Last year Social Security numbers of 3.5 million Texans were mistakenly disclosed to the public by a government employee.  In 2006 a lost laptop of a Veterans Administration employee contained personal data of 26.5 million veterans that could have been used for identity theft and these are just a few of the instances of either accidental or purposeful data security breaches.  What is most troubling is that with the execption of some of the credit card numbers and debit card numbers in the most recent South Carolina hacking, none of the rest of the information in all of these instances were encrypted which would have protected the privacy of the individuals even if the system’s security had been breached.

TIPS

This is not just a South Carolina problem.  It is a problem with every company, state agency or federal agency that holds your personal information.  You are only as safe as the weakest place that holds your personal information.  The key then is to ask of any company or institution that holds your information, do they encrypt this information and if not, why not.  When it comes to state or federal agencies, a call to your state and federal legislators might also bring this problem to their attention.  Meanwhile, as I have discussed in the past, you may wish to have a credit freeze on your credit report so that even if your Social Security number falls into the wrong hands, it cannot be used to purchase expensive items because your credit report is locked and can only be unlocked through the use of your private PIN.

Scam of the day – November 7, 2012 – Disaster investment scams

Following in the wake of Hurricane Sandy and tonight’s projected Nor’Easter which is expected to hit many of the areas already devastated by Hurricane Sandy, there will be many scams as scam artists and identity thieves attempt to further victimize the victims of the storm.  I have already warned you about the scams involving phony contractors, phony FEMA representatives, phony insurance adjusters and phony charities, but with history as a guide, you should also be wary of the next round of scams which will take the form of scam investment opportunities.  As previously happened following Hurricane Katrina, you can expect to receive emails and other communications offering to let you in on fool-proof investments in companies that have developed products or are providing services that will be part of the massive clean-up and reconstruction of the storm affected areas.  These investments may be in a revolutionary new type of generator, a water-removal system or other storm related technologies or products.  Many of these investments will be scams and you should be very careful before making private investments.

TIPS

First you must ask yourself, why is this stranger contacting me to invest in this fool-proof investment that is guaranteed to deliver a huge profit?  You should also never underestimate the power of a fool.  Nothing is fool proof and no investment can guarantee a huge profit.    Before investing with anyone, you should investigate the person offering to sell you the investment with the Securities and Exchange Commission’s Central Registration Depository.  This will tell you if the broker is licensed and if there have been disciplinary procedures against him or her.  You can also check with your own state’s securities regulation office for similar information.  Many investment advisers will not be required to register with the SEC, but are required to register with your individual state securities regulators.   You can find your state’s agency by going to the website of the North American Securities Administrators Association.   You should also check with the Financial Industry Regulatory Authority (FINRA) for information about the particular  investment adviser.  It is also important to remember that you should never  invest in something that you do not completely understand.  This was a mistake that many of Bernie Madoff’s victims made.  You also may want to check out the SEC’s investor education website at www.investor.gov.  Scammers can be very convincing and it may sound like there is a great opportunity for someone to make some money, but you must be careful that the person making money is not the scam artist taking yours.

Scam of the day – November 6, 2012 – Video update scam

It is an unfortunate fact that I never have difficulty coming up with a new scam or identity theft scheme for each day’s “scam of the day.”  Often, like today, I merely have to go to the inbox of my email account.  Today I found an email where the subject line read “New Video Update” and the message told me that I had a new video update followed by the tantalizing words “This changes everything.”  In case I was still hesitating to click on the link to the video update, the email went on to say “Don’t miss this, will be taking this down ASAP.”  And just in case I was still hesitating, the email ended with a “P.S. Don’t miss this video.”  Well, I will just have to miss the video because if I had clicked on the link, I would have downloaded a keystroke logging malware program that would have enabled the scammer to steal all of the information in my computer and make me a victim of identity theft.

TIPS

As I regularly repeat, never click on links in emails or tweets or Facebook messages or anywhere else you receive a link unless you are absolutely sure it is legitimate.  And even then you have to be extra careful because the source of an email or other message may appear to come from someone you trust, but their account may have been hacked into so that the link actually is coming from a scammer.  The best course of action is not to click on a link unless you have confirmed with the sender that it is legitimate.  Remember, even paranoids have enemies.  By the way, this particular scam didn’t even indicate who was sending the video other than indicating it was sent by “Member Center.”  Member Center of what was not in anyway clear.

Scam of the day – November 5, 2012 – Free iPad mini scam

Scammers always take advantage of whatever is new and exciting in the news so it is not a surprise that scams surrounding the introduction by Apple of the new iPad mini are being used to steal money from unwary victims.  You may receive a message on your Facebook page that you have been chosen to receive a free iPad mini.  All you need to do is click on a link that leads you to a “Request for Permission” page on Facebook.  Unfortunately, if you give permission, you won’t get a free iPad mini, but will succeed in downloading an app that will enable the scammer to use your Facebook account to send out more phony messages to all of your friends who are likely to trust the message because it appears to come from you.  If they, in turn, click on the link provided to them to get a free iPad mini, they will end up either providing information that will be used to make them victims of identity theft or unwittingly, they will download a keystroke logging malware program that can steal the information from their computers such as passwords, credit card numbers and Social Security numbers.

TIPS

As I always say, “Trust me, you can’t trust anyone.”  No one is giving out free iPad minis and why should you have been selected when you never even entered a contest?  If it looks too good to be true, it generally is.  Don’t trust messages on your Facebook page or in your email that contain links.  You can never be sure when you first see such a message that it is indeed from your friend instead of a hacker nor can you be sure that even if the message is from your friend that your friend is not unknowingly passing on malware or a scam.  Never click on a link until you have confirmed it is legitimate.  If you do manage to install a malicious app, remove the message from your timeline, revoke the app’s publishing rights and report the scam to Facebook and make sure that you have revoked access to your Facebook account.