Scam of the day – January 14, 2017 – FTC sending refunds to Herbalife scam victims

The Federal Trade Commission (FTC)  has settled its claims against the multilevel marketing company Herbalife which sells nutritional supplements. The FTC had claimed that  Herbalife was an illegal pyramid scheme where affiliates’ earnings were tied primarily to signing up more affiliates rather than to selling products.   Sometimes a legitimate multilevel marketing business may look quite similar to an illegitimate pyramid scheme, which is one of the reasons that so many people fall prey to these scams.  For every legitimate multilevel marketing company, such as Mary Kay and Amway, there are many that are just scams.  In a legitimate multilevel marketing company, investors make money by selling products to the public and by recruiting new salespeople.  In a pyramid scheme the source of profits is based primarily on the recruiting of new members or salespeople.

Under the terms of the settlement Herbalife is required to revamp its compensation system to provide for rewarding retail sales rather than primarily providing incentives rewarding distributors for recruiting new affiliates. In addition, Herbalife will be paying 200 million dollars in refunds to the 350,000 people harmed by their scheme.  For more detailed information about the refund and how to get a check if this affects you, go to the top of this page to the tab entitled “FTC scam refunds.”

TIPS

Anyone who is considering investing in what is represented to be a multilevel marketing business should always investigate the company and the terms of investment carefully before investing any money.  In addition, you should also check out the company with the FTC and your state’s attorney general to make sure that the company is legitimate before investing any money.  Here is a link to information from the FTC that you should consider before investing in a multilevel marketing business.  http://www.consumer.ftc.gov/articles/0065-multilevel-marketing

Scam of the day – January 13, 3017 – A new version of the Nigerian letter

Although it may seem as if this scam only began in earnest with the invention of email, in fact, the Nigerian email scam of today is just a variation of a scam that is more than four hundred years old when it was called “the Spanish Prisoner con.  At that time, a letter was sent to the targeted victim purportedly from someone on behalf of a wealthy aristocrat who was imprisoned in Spain under a false name.  The identity of the nobleman was not revealed for security reasons, but the victim was asked to help raise money to obtain the release of the aristocrat, who, it was promised, would reward the money-contributing victim with great sums of money and, in some versions of the con, the Spanish prisoner’s beautiful daughter in marriage.

In one of the present day typical incarnations of this scam, you receive an email in which you are promised great sums of money if you assist a Nigerian in his effort to transfer money out of his country.  Other variations include the movement of embezzled funds by corrupt officials, a dying gentleman who wants to make charitable gifts or a minor bank official who is trying to move the money of deceased foreigners out of his bank without the government taking it.  The email which I received recently and is copied below deals with abandoned property.

What all of these scams have in common is that as soon as you contact the scammer, the need for you  to provide fees for a variety of purposes becomes apparent and regardless of how much money you pay, you never receive anything.

Here is a copy of the email I recently received:

 

“Good Day!

I am contacting you regarding a special cargo that has been abandoned here at our warehouse for over a period of 2 years and when scanned, it revealed an undisclosed sum of money in it. From my findings, the cargo originated from Europe and the content was not declared as money by the consignor in order to avoid diversion by the shipping agent, and also failure to pay the special cargo non-inspection fee of 3,475  . I strongly believe the box will contain about 4.6 million or more.

In my private search for a reliable person, my proposal now is to present you as the recipient of the cargo since the shipper has abandoned it which is a possibility due to the fact it has been abandoned for a period whereby a new beneficiary can be presented to the clearance department for claim and also my position at this shipping service. I will pay for the fee and arrange for the cargo to be delivered to your address. Alternatively, I can personally bring it myself and then we share the total money in the box equally.

Regards,

Mr. Lewis Hawkins
Asst. Operations Manager
ZIM Integrated Shipping Services Ltd
Chicago (IL) Agents: 9950 W.Lawrence Avenue,
Suite 215 Schiller Park, IL 60176”

TIPS

Although it should be apparent to everyone who reads this email that it is a scam, the very outrageousness of  the email is most likely intentional because as more people become aware of the Nigerian letter scam, the scammers do not want to waste their time on potential victims who may be skeptical of their scam, so they often send out emails like these that are so ridiculous in an effort to catch only the most gullible and greedy.  Also note that the salutation does not even indicate to whom the email is being sent.  Instead, the lazy scammer merely addresses it as “Good day! ” Never  reply to emails such as this.     If you receive a particularly inventive or interesting Nigerian email, please share it with us here at Scamicide.

Scam of the day – January 12, 2017 – FTC and NY Attorney General sue marketers of Prevagen

The Federal Trade Commission and the New York Attorney General have sued the marketers of Prevagen, a dietary supplement touted in television advertisements as being able to dramatically improve the memory of people taking the supplement that sold for as much as $68 for a thirty day supply. According to the complaint filed by the FTC, the marketers based their claims on a study that didn’t even show that Prevagen worked better than a placebo in regard to improving cognitive function.

The FTC and the New York Attorney General are seeking refunds for consumers who purchased Prevagen as well as an injunction against the marketers preventing them from falsely marketing the product.

TIPS

You should always be wary of products sold that promise to dramatically improve your memory.  Never buy any such product without doing research as to the effectiveness of the product and consulting with your own physician.

I will follow this case and keep you updated as to new developments as they occur.

Scam of the day – January 11, 2016 – FDA warns about heart devices vulnerable to hacking

Earlier this week the FDA issued a warning that various implantable cardiac devices, such as pacemakers and defibrillators made by St. Jude Medical are vulnerable to being hacked.  This is not surprising since anything that is a part of the Internet of Things carries the risk of being able to be hacked although the dangers posed by devices such as pacemakers being able to be hacked are particularly serious.  It should be noted, however, that there are no reports of anyone being harmed by these identified vulnerabilities.

Last summer financial research and trading firm, Muddy Waters made public their research identifying the problems with the St. Jude devices.  Often when such vulnerabilities are found by security researchers, they will contact the company first before making the information public in order to provide the company with an early opportunity to remedy the problem.  Muddy Waters came under criticism for not doing so as well as for financially capitalizing on the drop in the stock price of St. Jude Medical by shorting the stock before the information was made public which resulted in a drop in the value of the stock. However, they did not violate any laws by doing so.

TIPS

Fortunately,  a security patch has been developed for the vulnerable devices which are connected to the Internet St. Jude Medical’s Merlin@home Transmitter.  The security software patch will automatically be downloaded to those people using the devices so long as they are are connected to the St. Jude Medical Merlin@home Transmitter.  The FDA advises users of the devices to make sure that their medical devices are connected to the Merlin.net network at all times to make sure that they will get this and any future security updates.

In the future you can expect such updates of the security software for such medical devices that are a part of the Internet of Things to be issued on a  regular basis.

Scam of the day – January 10, 2017 – Webcam security

In yesterday’s Scam of the day I told you about the Federal Trade Commission’s (FTC) legal action against D-Link in regard to security problems with their routers and IP cameras.  While IP cameras are somewhat different from Webcams, it is important to secure the more common webcams as well. Webcam hacking is a major problem.  Fortunately, there are simple precautions you can take to prevent your webcam from being hacked.

For years, cybercriminals have hacked into the webcams of their victims to obtain photographs and videos that they could use to blackmail their victims. Jared Abrahams was convicted of hacking the computers of at least twelve women and attempting to blackmail them.    He was sentenced to 18 months in prison.  Among the women victimized by Abrahams was Cassidy Wolf, Miss Teen USA.  Abrahams hacked into the webcams of his victims’ computers to take nude photos of the young women, many of whom were caught by the webcams of their computers as they undressed in their bedrooms.  He then contacted the young women and threatened to post the photos on social media unless they sent him additional pictures or posed for him on Skype.

Often when people install webcams, they use easily obtained default logins and passwords.  These default passwords are easy to find online.  Generally, when you hook up anything wireless to your router, it comes with a password and login so it is critical that whenever you install any of these Internet of Things devices, you should change the password and login to protect yourself, which leads us to my second concern – routers.  A study by security company Avast found that about 80% of Americans do not properly secure their routers, leaving themselves vulnerable to being hacked.  Many people still use either default passwords or easily guessed passwords, such as “password” for their routers.

TIPS

As we connect to the Internet through more and more devices that are a part of the Internet of Things, it becomes increasingly important to be cognizant of maintaining proper security in all devices including, of course, routers and webcams.  Laziness can have dire consequences.  Never use default logins and passwords.  As soon as you install any device that accesses the Internet, make sure that you protect yourself with secure logins and passwords.

It is not difficult to hack into the webcam of a computer from afar.  The same types of tricks used to get people to unwittingly download keystroke logging malware that enables the hacker to gather all of the personal information from your computer to be used to make you a victim of identity theft can be used to get you to download the malware that enables the hacker to  take control of your webcam.  Never click on links in emails or download attachments unless you are absolutely positive they are legitimate.  They may be riddled with malware.  Also, install and maintain anti-malware and anti-virus software on your computer and other electronic devices.  For external webcams that are not a built-in component of your computer, a red light will signal that the camera is operating.  Be aware of this.  It is a good idea to merely disconnect the external webcam when you are not using it or merely take a post-it and cover the webcam’s lens whenever you are not using it.   Recently a photograph taken in 2015 was made public showing Pope Francis using his iPad with a sticker over the built in web camera.  This simple technique is also used by Mark Zuckerberg,  FBI Director James Comey and me.  It is a simple and easy solution.   For built in webcams, they too will generally have a blue light to indicate that it is operating, however, again, it is a good idea to merely cover the lens when you are not using it.

Scam of the day – January 9, 2017 – FTC sues D-Link over router security flaws

Many of us give little thought to our routers, however, if you are reading this online, you have a router.  A router is a networking device that is used to transfer data between your computer and the Internet.  Unfortunately,  unless proper security precautions are taken, your router can put you in danger of being hacked, becoming a victim of identity theft or having your computer taken over in a botnet and used by cybercriminals to spread malware.

The Federal Trade Commission (FTC) has filed a complaint against D-Link Corporation alleging it has failed to take reasonable steps to protect the security of its routers and IP cameras thereby putting its customers in extreme danger of being hacked.

Among the flaws exposed by the FTC were hardcoded login credentials in the D-Link  software of the username and password “guest” that could enable a hacker easy access to the webcam’s live feed.  The FTC also noted a software flaw called “command injection” that would allow a hacker to take control of the consumers’s router by sending unauthorized commands over the Internet.

TIPS

Regardless of whether you have a D-Link router or webcam or some other brand, it is important to secure your router and webcam.  Always do your homework and research routers before you purchase one to make sure you are getting one that provides greater security.  Also, upon installing your router, immediately change the default password to a strong, secure password. Finally download the latest security updates to your router whenever they become available and check the manufacturer’s website regularly to find the latest security patches and updates.

Scam of the day – January 8, 2017 – Scammers selling goods on Amazon

Amazon is a great place to buy things.  The prices are good and the convenience of on-line shopping is an added bonus.  However, as always, anything that attracts consumers also attracts scammers and scammers have been flocking to become third party seller’s on Amazon, luring unwary customers into buying defective or counterfeit products. In some instances, the scammers sell products via Amazon and then never even send anything in return to the victimized consumer.  Many of these scammers are based in China although that fact is not necessarily apparent from their online advertisements.

Unfortunately, it is easy for anyone to become a seller on Amazon which does little to investigate companies seeking to sell their goods on Amazon. Fortunately,  Amazon provides its own A-Z guarantee on anything sold on Amazon so you are not likely to lose money when you are scammed by one of these scammers although you will experience inconvenience and lose time having to deal with the problem.

TIPS

It can be difficult to distinguish scam ads on Amazon from the ads of legitimate merchants although, as always, if a price appears too good to be true, it usually is.  When shopping on Amazon, you may wish to consider not buying from third party merchants on Amazon and limit your Amazon purchases to those items sold by Amazon directly to avoid this problem.

Scam of the day – January 7, 2016 – Sheriff warns of mailbox identity theft danger

Identity theft can be high tech, low tech or no tech.  Stealing mail from mailboxes for purposes of identity theft has been done by identity thieves for years.  Numerous times over the last few years I have warned you about the danger of having your mail, such as credit card bills or bank statements stolen from your personal mailbox.  In addition, many people put themselves in great danger of identity theft by putting their outgoing mail in their mailbox and put up the red flag to alert the postman that there is mail to be picked up.  Unfortunately, that is also an alert to identity thieves cruising the neighborhood of mail to be easily stolen that may include checks that can be easily counterfeited and credit card information.  Recently, in Florida, the Martin Country Sheriff’s Office issued a warning about a recent increase in identity theft related mailbox thefts in the Jensen Beach area, however, this problem is not limited to Florida, but indeed is national in scope.

TIPS

In order to avoid becoming a victim of identity theft through your mailbox, you should make sure that it is securely locked so that it is not easily accessed by your friendly neighborhood identity thief and when it comes to outgoing mail, don’t put it in your mailbox for your postal carrier to pick up regardless of how convenient it may be to do so.  In fact, identity thieves have been known to steal mail from the U.S. Postal Service mailboxes found on the corners of major streets so, in order to be safe, you should mail your outgoing mail at the post office.   It may seem like this is being a bit excessive when it comes to protecting your mail, but remember, even paranoids have enemies.

Scam of the day – January 6, 2017 – Yahoo customer service scam

Yahoo is warning its customers about a scam involving Yahoo customer service.  Certainly with the disclosure over the last couple of months that a billion people had their personal information stolen from Yahoo, there may be many people with a need for customer service from Yahoo, however the scam involves a Yahoo customer service phone line.    Scammers are posting telephone numbers for Yahoo customer service and charging people for their services where, at best, they do nothing for you and, at worse, they steal the information you provide when you speak with them to make you a victim of identity theft.

Yahoo only provides customer services through email, chat, social media, help articles or its Yahoo Help Community forums.  They do not provide customer service by phone and they never charge for customer service.

TIPS

For information about Yahoo customer service you can learn where to get help by going to this Yahoo link.

https://help.yahoo.com/kb/SLN26180.html

If you are in need of customer service in regard to your Yahoo account and want to access its Help Community forums, you can do so by clicking on this link.

https://forums.yahoo.net/

 

Scam of the day – January 5, 2017 – FDA issues cybersecurity guidelines for medical devices

By now, we are all familiar with the Internet of Things which presently includes 5 billion devices and is expected to grow to 25 billion devices by the year 2020.  The Internet of Things is the popular name for the technology by which products and devices are connected and controlled over the Internet.  The range of products that are a part of the Internet of Things is tremendous and includes, cars, refrigerators, televisions, fitness bands, webcams, toys and even medical devices.  The Internet of Things offers tremendous opportunities for constructive and efficient use of these products, but as with any technology connected through the Internet, also provides an opportunity for hackers to exploit the technology for their own criminal purposes.

While hacking of medical devices sounds like something out of fiction, in 2007, former Vice President Dick Cheney was so concerned about hackers that he had the Internet connection on his pacemaker disabled.  In September 2015, the FBI issued a warning saying that “Once criminals have breached such devices, they have access to any personal or medical information stored on the devices and can possibly change the coding controlling the dispensing of medicines or health data collection.”  In 2014, the Food and Drug Administration (FDA)  issued guidelines for building enhanced cybersecurity into the design and development of such medical devices.   Now the FDA has released new recommendations, a year in the making, that deal with maintaining the cybersecurity of medical devices after they have been released into the marketplace.  Here is a link to these important recommendations which are merely recommendations and not enforceable regulations.

http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM482022.pdf

TIPS

While medical device manufacturer’s and the government work on security standards for Internet connected medical devices, what can you do to protect yourself in the meantime? The most important thing you can do is find out what information is stored on your device and how it is accessed.  Also learn about the use of password protection and make sure that your device is not still using a default password.  Learn from the manufacturer what steps they have already taken to protect your device from being hacked.  If your device uses an open wifi connection, you should change it to operate exclusively on a home network with a secured wifi router.  If your device is capable of transmitting data, make sure that the transmissions are encrypted.