Scam of the day – July 22, 2014 – Malaysian Airliner Flight MH 17 scams

July 22, 2014 Posted by Steven Weisman, Esq.

With the world’s attention focused on the recent  shooting down of Malaysian Airlines Flight MH 17 over the Ukraine, it was inevitable that identity thieves and scammers would soon be exploiting this event toward their own criminal goals and that is just what is already happening.  There are a variety of scams that have sprung up that are using the shooting down of the airplane as a hook to scam members of the public.  One scam involves phony charities that are asking for donations for the benefit of the victims of the missile attack only to steal all of the donations.  Another scam involves emails, text messages or communications on social media, such as Facebook that promise startling video of the event.  One message reads “Video Camera Caught the moment plane MH17 Crash over Ukraine.  Watch here the video of Crash.”  If your curiosity gets the better of you and you click on the link to view the video, you may unwittingly download a keystroke logging malware program that will steal all of your personal information from your computer and make you a victim of identity theft.

TIPS

You should never give to a charity until you  have confirmed that it is legitimate.  Go to www.charitynavigator.org where you can not only find out whether or not the charity is legitimate, but also how much of your donation goes toward charitable purposes and how much goes to administrative costs and salaries.

As I always warn you, you should never click on any link in any email, text message, social media or other communication unless you are absolutely sure that it is legitimate.  In this case, the particular language that I reported above that is used to lure people to download malware is written in broken English and could be an indication that the source is a foreign scammer or identity thief.  If you must search for such video, stay with legitimate new sources such as CNN, ABC, CBS, NBC, Fox or other sources that can be trusted.

Scam of the day – July 21, 2014 – Yahoo email phishing scam

July 21, 2014 Posted by Steven Weisman, Esq.

A number of times I have written about email phishing scams that start when you receive an email that purports to be sent from AOL informing you that there is some problem with your AOL account which requires you to click on a link in order to rectify the problem.  Recently, another email server is the subject of a phishing scam.  This time it is Yahoo.  Here is a copy of an email that is presently finding its way into many people’s email boxes.  This is a phishing scam.  DO NOT CLICK ON THE LINK.  Clicking on the link will result in either your downloading a keystroke logging malware program that will steal all of the information from your computer such as your Social Security number, credit card numbers and banking information that will then be used to make you a victim of identity theft or when you click on the link you will be prompted to provide personal information that will also be used to make you a victim of identity theft.  Some phishing emails are better than others and this one was not very convincing.  The email address from which it was sent was not even a Yahoo email address.  It was the address of someone whose email had been hacked and made a part of a botnet of computers used by identity thieves to send out their phishing emails.  In addition, this email is not directed to you by name, but rather as “Yahoo user.”  As with many of these scams that often originate in foreign countries where English is a second language, the grammar is suspect as where in this email the word “responds” is used instead of the correct word “response.”

“Dear Yahoo! User

Your two incoming mails were placed on pending status due to the recent upgrade to our database, In order to receive the messages Click Here to login and wait for responds.

Customer! Mail Product Management.

Copyright © 2014 Mail! Inc. (Co. Reg.. No. 2344507D)All Rights
Reserved. Intellectual Property Rights Policy
Please do not reply to this message. Mail sent to this address cannot be answered.”

TIPS

The most important thing to remember is to never click on links in emails or download attachments unless you are absolutely sure that they are legitimate.  In this particular case, it is easy to see that it is a scam.  Additionally, you should make sure that your anti-malware and anti-virus software are installed and up to date with the latest security updates while remembering that you cannot rely on your security software because it is generally about thirty days behind the latest viruses and malware programs.

Scam of the day – July 20, 2014 – Cisco corrects router vulnerability

July 20, 2014 Posted by Steven Weisman, Esq.

Everyone is aware of our vulnerability to having our computers hacked through unwittingly downloading malware that often comes as an attachment to or a link in a phishing email that appears to be legitimate, but whose sole purpose is to lure us into downloading the malware that can steal the information from our computer and make us victims of identity theft.  However, few people are aware that hackers and identity thieves are now targeting the computers of individuals and businesses through their routers.   Cisco, one of the makers of home wireless routers has issued a security patch to remedy this problem.  As always, when security updates and patches are released, it is very important to make sure that you download and install the patches as soon as possible.

TIPS

Here is the link to the Cisco security patch as provided by the Department of Homeland Security: https://www.us-cert.gov/ncas/current-activity/2014/07/16/Cisco-Addresses-Wireless-Residential-Gateway-Vulnerability

It is important to note that other routers are also vulnerable to hackers so if you have one that is not made by Cisco, you should contact the maker of your router to learn what you can do to make its use safer.

Scam of the day – July 19, 2014 – Houston Astros hacked

July 19, 2014 Posted by Steven Weisman, Esq.

No company is safe from the danger of hacking including, as we recently learned Major League Baseball teams.  The Houston Astros were recently embarrassed to announce that their computers had been hacked by unknown hackers who released information about trade discussions involving the Astros and a number of other Major League Baseball teams including the Miami Marlins with which a trade for All-Star outfielder Giancarlo Stanton was discussed.  The hacking did not appear to be for any reason other than to expose and embarrass the management of the Astros, however that is of little consolation to employees of the Astros whose personal information can also be found in the Astros’ computers and which, if released could lead to identity theft.

TIPS

This is just another example that no entity including governmental agencies as well as private companies is safe from the danger of hacking.   A recent report by the State of New York indicated that in New York alone there were more than 900 data breaches that exposes personal and financial records of 7.3 million New Yorkers thus making them victims and potential victims of identity theft.  It is important to remember that you are only as safe as the place with the weakest security that holds your personal information so whenever possible do not provide your personal information, such as your Social Security number to everyone who asks for it.  Health care providers do not need your Social Security number although most request it.  Often the only reason that they want it is to make it easier to collect an unpaid bill from you.  The health care industry in general has done a poor job of protecting personal data from hackers.  The place to find a helping hand in protecting your data is at the end of your own arm.  Limit the places that have your personal information as best you can.  When companies request your Social Security number, offer them another identifier for example.  I recently did this with my eye doctor and the doctor agreed.  You may also want to place a credit freeze on your credit report so that even if your Social Security number and other personal information is stolen, the identity thief will not be able to access your credit report.  You can find information as to how to put a credit freeze on your credit report in the credit freeze section on the right hand side of this page.

Scam of the day – July 18, 2014 – Facebook lottery scam

July 18, 2014 Posted by Steven Weisman, Esq.

Lottery scams are one of the most common scams and with good reason.  They are effective.  Scammers will notify people that they have won a lottery and then often inform the victim that they need to pay administrative fees or income taxes in order to claim their prize.  Other times they will actually be sent what appears to be a certified check and told to deposit into their checking account and then send the administrative fees back to the lottery sponsor.  In all of these phony lotteries there is no prize.  Even when you are provided with a certified check, it is counterfeit and will bounce, but not until you have already sent your check or wired money to the scammer.  Recently many people including a woman in North Carolina received a friend request on Facebook from someone claiming that they are a Facebook administrator and telling the victim that they had won a Facebook lottery.  All they had to do in order to claim their prize was to wire  funds, in the case of the North Carolina woman, it was $350 to the lottery sponsor.  She sent the money as do other victims, but none of them ever received a dime.

TIPS

You will never win a lottery you did not enter so when you are informed that you have won a lottery that you have not entered, you should be extremely skeptical.  In addition, legitimate lotteries never ask you for administrative fees or income tax payments in order to claim your prize.  In regard to income tax payments, although lottery winnings are subject to income taxes, either the lottery sponsor deducts your taxes before giving you your  money or it pays you the full amount and you are responsible for paying the IRS.  Legitimate lotteries never collect taxes for the IRS.  As for phony certified checks, you should remember that when you deposit a check, your bank will give you provisional credit after a few days, which may look like the check has cleared.  But it is not.  And when  a counterfeit check later bounces, the funds are removed from your account.  Facebook’s extreme popularity makes it a fertile target for scammers so be wary of people that you do not know asking to be your friends.

Scam of the day – July 17, 2014 – Illinois sues student debt settlement companies

July 17, 2014 Posted by Steven Weisman, Esq.

With American students owing more than a trillion dollars in student loans, you could well have predicted scammers to identify this as a great opportunity to scam students and former students already struggling to pay their student loans and you would be right.  Phony debt settlement companies that either charge you for information about debt assistance that is easily accessible for free or, even worse, who charge you for services that they don’t provide have become a major problem.  Earlier this week the Illinois Attorney General sued Broadsword Student Advantage and First American Tax Defense for charging customers for debt settlement services that they never provided.  First American Tax Defense is accused of fabricating totally non-existent government programs, such as the “Obama Forgiveness Program” that it said it would use to reduce student loans.  It also is accused of representing that it was affiliated with the U.S. Department of Education.  Some phony student loan relief agencies have been charging fees of as much as $1,600 to unwary students without providing anything in return.

TIPS

The best place to go if you are having difficulty with a student loan is directly to the servicer of the loan.  You can also find helpful information at StudentLoanBorrowerAssitance.org which is a website maintained by the National Consumer Law Center.  The United States Department of Education also has a lot of helpful information about student loan consolidation and other things you can do to reduce your payments at https://studentaid.ed.gov/repay-loans/consolidation.  The Department of Education also has a toll-free number where you can get helpful loan information at 1-800-4-FEDAID.  One thing to remember is that no legitimate lender will charge you before providing a service.

Scam of the day – July 16, 2014 – E-Z Pass Email scam

July 16, 2014 Posted by Steven Weisman, Esq.

The E-Z Pass transponder system is available to drivers in fourteen states and enables the drivers to avoid stopping to pay tolls when driving on toll roads.  Instead they merely drive through a special lane where their transponder is electronically read.  The tolls are then charged to a credit card on file with E-Z Pass.  It is a very efficient system that works well.  It also works well for scammers who recently have been sending phishing emails to residents of New York, New Jersey, Massachusetts and even Canada where they system is also used.  The emails appear official looking.  It carries the logo of E-Z Pass.  The message is short.  It reads: “Dear customer, You have not paid for driving on a toll road. This invoice is sent repeatedly, please service your debt in the shortest possible time.”  The stilted language is a good indication that this scam may have originated in a country where English is not the primary language.  The email goes on to indicate “The invoice can be downloaded here” and it provides a link for you to supposedly access your bill.  DON’T CLICK ON THE LINK.  In some versions of the scam, if you click on the link, you will be prompted to provide information that can be used to make you a victim of identity theft.  In other versions of the scam, merely clicking on the link will download malware on to your computer that will steal all of your personal information from your computer and use it to make you a victim of identity theft.

TIPS

Never click on links or download attachments in emails or text messages regardless of how official they may appear.  You can never be sure as to whether it is legitimate or not.  Your best course of action is, if you have any inclination that it may be legitimate, to contact the real company or agency and inquire as to the legitimacy of the contact.  In this particular case, E-Z Pass does not communicate regarding bills by emails so you can be confident if you do get such an email it is a scam.  As always, you should also make sure that your anti-malware and anti-virus software is kept up to date, but don’t rely on that to keep you safe because the best anti-malware and anti-virus programs are always at least thirty days behind the latest malware and viruses.

Scam of the day – July 15, 2014 – Mailbox identity theft danger

July 15, 2014 Posted by Steven Weisman, Esq.

Identity theft can be high tech, low tech or no tech and although much attention is often focused on computer phishing schemes, malware and other high tech methods of turning you into a victim of identity theft, low tech and no tech methods of identity theft can be equally as effective in stealing your identity.  One low tech method that has been around for a long time, but seems to be making a resurgence is when identity thieves put strong glue like the kind used on mouse trap paper is put on the inside of the swing-down chute in the mailboxes you find scattered throughout your city.  This glue traps mail on the chute rather than letting it go down into the mailbox when the lid is closed making it easy pickings for an identity thief who can be looking for checks you may be mailing to a business or a credit card payment.  Your check can either be altered through a process called “washing” so that the check is made to appear to be payable to the identity thief.   The identity thieves can also take the information from your check and make counterfeit checks in order to access your checking account.   They may also steal the information from your credit card statement to gain access to your credit card.

Another similar type of scam involves the identity thief putting the glue on a small object at the end of a string and lowering the string into the mailbox to go fishing for mail with checks, credit card statements or other information that can be used to make you a victim of identity theft.

TIPS

Although it seems like you should be able to trust the U.S. mail, you would be prudent to mail payments and letters with financial information directly from the post office rather than use vulnerable mailboxes.  You also should consider making your payments electronically which is even safer.  When you do use checks, you should use a type of pen called a gel pen which you can purchase at any office supply store.  The ink from these pens is almost impossible to wash off of a check by a counterfeiter.  Finally, do not put mail with personal information or checks in your own personal mailbox at your home.  Often people do this and raise the red flag on the mail box to inform the letter carrier  that there is outgoing mail to be picked up from your box.  Unfortunately, it also informs an identity thief cruising your neighborhood that there are “goodies” in your mailbox.

 

Scam of the day – July 14, 2014 – Chinese hackers steal information from Federal Office of Personnel Management

July 14, 2014 Posted by Steven Weisman, Esq.

Hacking of American companies by Chinese hackers is not particularly startling as it is going on all of the time, however the federal government is now admitting that back in March Chinese hackers were able to hack into the data bases of the Office of Personnel Management and gain access to personal information on thousands of government workers.  What is particularly troublesome is that the Office of Personnel Management manages a program called e-QIP where federal employees who are seeking security clearances must provide much personal information including personal financial data.  It is not known what the purpose of the hacking was and whether or not it was government sanctioned or not.  What is known is that, just as the hacking into the computers of the United States Department of Energy last week, showed, government databases are just as vulnerable as those of private companies.

TIPS

So what does this mean to you?

First and foremost if you are someone whose information was maintained by the Office of Personnel Management you should be on heightened alert for identity theft.  You should check your credit report with each of the three major credit reporting agencies, Equifax, TransUnion and Experian.  You also would be wise to put a credit freeze on your credit reports at each of the three major credit bureaus to prevent someone with personal information about you from gaining access to your credit report and utilizing your credit.  You can find a detailed explanation of credit freezes along with instructions for getting one in the right hand column of the first page of Scamicide.  As for the rest of us, this is yet another lesson that you are only as safe from identity theft as the places with the weakest security that hold personal information about you.  Whenever possible limit the amount of personal information held by companies and governmental agencies with which you do business.  Also, do not leave your credit card number on file with any retailer with which you do business regularly.  It may be convenient to do so, but it increases your risk of identity theft if the company is hacked and your data is compromised.

Scam of the day – July 13, 2014 – Bank of Hawaii text message scam

July 13, 2014 Posted by Steven Weisman, Esq.

Recently many residents of Hawaii have been receiving a text message that appears to come from the Bank of Hawaii informing them that their accounts have been blocked or suspended or their lines of credit have been reduced.  They are also told in the text message to call 857-453-3714 and enter their account number and PIN in order to rectify the situation.  This is a  phishing scam and anyone providing that information to the scammer would end up becoming a victim of identity theft and having their accounts emptied.

TIPS

Regardless of how official such a text message may appear, you should never provide personal information to anyone in response to a telephone call, email or text message because in none of those situations can you be sure that the person contacting you is legitimate.  If you do receive a communication from a bank, government agency or any other person or entity that you think might have a legitimate need for personal information from you, you should call the real entity at a telephone number that you know is legitimate in order to ascertain the truth.  Banks do not call, text or email their customers asking for personal information.  You should always be skeptical of anyone asking for such information.  As  I always say, “trust me, you can’t trust anyone.”  This particular scam involved the Bank of Hawaii, but this scam is constantly being done around the country using the names of other banks.  As for those of you in Hawaii who may have fallen for this scam.  You should contact the real Bank of Hawaii at 888-643-3888 or by email at icare@boh.com for help.