Scam of the day – December 11, 2014 – Phony shipping phishing scam

December 10, 2014 Posted by Steven Weisman, Esq.

Phony shipping phishing scam.  Try saying that fast three times.  Most likely you will trip on your words, but that is nowhere near much of a problem when compared to what happens to you if you fall for this scam.  The holiday season is a time when people are ordering gifts from many retailers.  It is common for companies to send an email confirmation when you order something online.  Scammers are taking advantage of this practice to send vast amounts of phony shipping notices and confirmation from what appear to be legitimate companies, such as Amazon with which so many of us do business.  However in these phishing emails, in which the scammer poses as a legitimate company, you are prompted to click on a link or download an attachment under various guises, such as confirming the order.  These links and attachments are filled with malware that will enable the scammer to steal all of your personal information from your computer and use it to make you a victim of identity theft.

Here is a copy of a phony phishing notice purportedly from Amazon.

bogusemail.jpg

TIPS

Legitimate companies will not have attachments or links for you to click on in any real confirmation of your order.  If you receive an email that informs you of a problem with your order or anything else that appears to require action on your part, never click on any links or download any attachments that may appear in such emails.  Rather, contact the real company through its website or a telephone number that you know is accurate.  Don’t use the telephone number contained in the email and don’t click through the email to purportedly go to the website.  Taking these simple steps can save you a lot of grief.

Scam of the day – December 10, 2014 – SEC charges investment advisor with fraud

December 10, 2014 Posted by Steven Weisman, Esq.

The SEC has brought fraud charges against Levi Lindemann, an investment adviser, accusing him of stealing almost a million dollars from elderly investment clients.  According to the SEC, between the years of 2009 and 2013, Lindemann collected money from investors only to use the money for his own personal use.  By paying off older investors with the funds supplied by newer investors, he made it appear that he was making substantial profits for his clients.  This is the mark of a typical Ponzi scheme, pioneered by Charles Ponzi at the start of the twentieth century.  Lindemann provided clients with phony account statements and forged documents to make it appear that his clients had indeed invested in legitimate investments.

TIPS

The rules for protecting yourself from investment scams are always the same.  Before investing in anything, you should make sure you understand the investment and carefully investigate both the investment and the person advising you to make the investment.  Anyone carefully evaluating Lindemann’s scheme would have found that it was phony.  In addition, a red flag in both the Bernie Madoff scam and the Ponzi scam allegedly operated by Lindemann is when the person advising you to make the investment is also the custodian of the account.  They should never be the same person.  Always have a separate broker-dealer from your individual adviser.  This way the actual funds and investments are monitored by a third party.

Scam of the day – December 9, 2014 – Banks win first round in Target lawsuit

December 9, 2014 Posted by Steven Weisman, Esq.

Last year’s massive data breach at Target was the first of a series of data breaches that continue unabated to this day with no end in sight.  While millions of Target customers were inconvenienced by the theft of their credit card or debit card information, banks that issued those cards and had to replace those stolen cards suffered financial losses involved with replacing the stolen cards as high as 400 million dollars.  Five of these banks, Umpqua Bank, Mutual Bank, Village Bank, CSE Federal Credit Union and First Federal Savings filed a class action in federal court on behalf of themselves and other affected banks seeking payment from Target for the losses they incurred as a result of the Target data breach.  Target responded to the lawsuit by filing a Motion to Dismiss the lawsuit arguing that it was not responsible for the data breach, however Judge Paul A. Magnuson, in denying Target’s motion ruled that there was sufficient evidence of Target’s negligence to warrant a trial.  Specifically, the judge said that Target ignored security software program alerts that there was a problem and also actually disabled some of its own security features which contributed to the data breach.  According to Judge Magnuson, “Plaintiffs have plausibly alleged that Target’s conduct both caused and exacerbated the harm they suffered.”

TIPS

The importance of this early ruling in the case of the banks against Target cannot be overestimated.   While in the past retailers were not held responsible for the occasional data breach occurring in the processing of credit and debit card transactions, an ultimate verdict in favor of the banks could signal a major change in how retailers conduct business in general and in particular what security steps they will need to take in order to avoid financial responsibility for future data breaches.  Coupled with regulations shifting responsibility for data breaches to retailers who fail to switch to new smart credit cards with computer chips by October of 2015, this ruling may signal a new paradigm for company electronic security.

Scam of the day – December 8, 2014 – Continuing saga of the Sony data breach

December 8, 2014 Posted by Steven Weisman, Esq.

By now, everyone is aware of the massive data breach at Sony Pictures Entertainment.  The extent of the attack was unprecedented.  The hackers disabled its internal computer systems as well as stole and then leaked five major movies including the recent Brad Pitt movie, “Fury” and the yet to be released new version of “Annie.”  In addition, and most damaging to those people affected, the hackers also accessed files with personal information of 47,000 Sony employees that included their Social Security numbers thereby placing those employees, including Sylvester Stallone and Judd Apatow in serious danger of identity theft.  One of the troubling aspects to this hacking is that much of the stolen material was easily accessed by opening an unprotected file directory entitled “Password” that contained thousands of Sony passwords to its internal computers, social media accounts and web services accounts.  The North Korean government has been considered by many to be behind this attack, which contains many similarities to similar attacks done by the North Korean government against South Korean businesses and government agencies.  The motive behind the attack has been thought to be in retaliation for the upcoming Sony movie “The Interview” starring James Franco and Seth Rogen which is a comedy involving a CIA plot to assassinate North Korean leader Kim Jon-Un.  Investigators are still trying to determine the actual source of the attack.

TIPS

Despite Sony’s statements that it did everything in its power to prevent such an attack, such statements seem disingenuous, when you consider the unprotected “Password” computer file, the failure of Sony to limit Internet access to sensitive files and the lack of basic security measures that would have provided much protection against such an attack.  Hopefully, this hacking will serve as a much needed wake up call to companies to increase their security immediately.  As for individual victims of the hacking whose Social Security numbers have been compromised, they should immediately contact the three major credit reporting agencies, Equifax, TransUnion and Experian and place a credit freeze on their credit reports to limit access to their credit reports by identity thieves who may have their Social Security numbers.  You can go to the Scamicide.com archives to see how to put a credit freeze on your account.  They should also carefully monitor all of their financial accounts much more often for the first signs of identity theft.

Scam of the day – December 7, 2014 – Xbox Live taken offline by Lizard Squad

December 7, 2014 Posted by Steven Weisman, Esq.

Early last week, people attempting to play online games through XBox Live were unable to access the network due to a Denial of Service Attack apparently done by the hacking group known as Lizard Squad.  The problem was remedied within a day, but Lizard Squad through a tweet has promised a much larger attack on XBox Live on Christmas.  Attacking online game networks is nothing new to Lizard Squad.  Earlier this year they did a similar Denial of Service Attack on the Sony PlayStation Network and have attacked networks of “League of Legends” and “Grand Theft Auto.”  A Denial of Service Attack occurs when a cybercriminal floods a single system with multiple viruses causing the system to overload and crash.  It is important to note that this type of attack is not actually a hacking and no personal information of the online gamers was or is compromised in a Denial of Service Attack.  Individual gamers are only inconvenienced.

TIPS

Although this type of attack does not put individual customers of the company attacked in danger of losing personal information that can be used to make the customer a victim of identity theft, it is important to remember that whenever you use a particular retail website for purchases of goods or services, there is the temptation to leave your credit card on record with the company for the sake of convenience, however, this is not a good thing to do.  By leaving your credit card on record, you make yourself susceptible to identity theft in the event that the company is hacked and does lose data.  It is not too difficult to merely input your credit card each time you need to make a purchase and as always, never use your debit card for anything other than an ATM card.

Scam of the day – December 6, 2014 – New data breach at bebe

December 6, 2014 Posted by Steven Weisman, Esq.

Women’s clothing store bebe, which operates 175 retail stores and 35 outlet stores around the world announced yesterday that its payment processing systems had been hacked between November 8th and November 26th.  During this period, the hackers were able to steal credit card and debit card information including names, account numbers, expiration dates and verification codes.  It is not known yet how many credit cards and debit cards were compromised in the attack.  The hacking only affected in store purchases.  On line purchases were not compromised.

TIPS

As is becoming common, the affected company, bebe, is offering free credit monitoring for a year.  If your credit or debit card was compromised, you can obtain the free credit monitoring by calling 1-877-322-8228.  Here also is a link to bebe’s official statement regarding the data breach:

http://www.bebe.com/content.jsp?pageName=protectingcustomers

This should also serve as another reminder to only use your credit card for purchases.  Limit your debit card to use at ATMs.  The consumer protection laws pertaining to fraudulent credit card use are much stronger than the laws that apply to fraudulent use of a debit card.

 

Scam of the day – December 5, 2014 – Identity thief convicted and sentenced to 90 months in prison

December 4, 2014 Posted by Steven Weisman, Esq.

Norman Perry was recently convicted of aggravated identity theft and sentenced to 90 months in prison.  Perry’s scheme is startlingly simple and stands as a good lesson to all of us.  He took out advertisements in which he promised, for a fee,  to find lost and unclaimed funds for people.  Each state has an unclaimed property  program where abandoned or lost funds such as unclaimed security deposits, dividends or bank accounts are turned over to the state by businesses holding these funds.  Perry represented that he had unique skills in finding these funds for people and retrieving the funds for his clients/victims.  He informed his victims that in order to retrieve the funds on their behalf, he would need their names, Social Security numbers and addresses.  In fact, this information is required in order to retrieve funds through unclaimed property programs.  However, Perry had no intention of finding abandoned funds on behalf of his clients.  He took the personal information his victims provided to him and filed phony income tax returns on their behalf and received $135,743 in refunds from the IRS.

TIPS

There are companies that do the services Perry claimed to do, but there is absolutely no need to pay anyone to do this for you because you can do the same search for unclaimed property yourself at no cost.  There is no reason to provide your personal information to anyone in order to find unclaimed or abandoned property.  Here is a link to the website of the National Association of Unclaimed Property Administrators.  All you need to do is to click on the state where you wish to see if any property is being held on your behalf and you will be directed to the program for your particular state.  The process is simple and has no cost. http://www.naupa.org/

The lesson of Norman Perry’s crime is a simple one.  Never provide personal information, particularly your Social Security number to anyone unless you are absolutely sure that they are honest and have a need for your information.

Scam of the day – December 4, 2014 – Which online shopping websites are the safest?

December 4, 2014 Posted by Steven Weisman, Esq.

Shopping online is not limited to Cyber Monday.  Many of us are fond of the ease and convenience of online shopping, not to mention the considerable savings we sometimes achieve.  However, there is always a question about the safety of the online shopping experience.  Recently, the password management company, LastPass did a security comparison of ten popular online retailers and rated them for security considering the following factors:

1.  Password requirement

2.  Assistance in setting up a strong password

3.  Use of a security question

4.  Simplicity of security question

5.  Automatic encryption of data

6.  Storage of  personal data

The optimum score would be by a company that required a password, provided assistance in evaluating the strength of your password, required a security question asking for information not readily available to an identity thief, automatically used encryption for transfer of data and stored the least information necessary.  At the top of LastPass’ list was the Apple App Store, eBay and Macy’s.  At the bottom of their list was JC Penny and Sears.

TIPS

The best place to find a helping hand is, as always, at the end of your own arm.  When shopping online, you should always make sure that a password is necessary and that you use a strong password.  You can find information about setting up a strong password in the archives of Scamicide.  Security questions are always a good idea and an even better idea is to make a nonsensical answer to your security question which will turn a weak security question, such as your mother’s maiden name into a strong security question.  For example, if your mother’s maiden name is “Smith,” make the answer to the question “Grapefruit.”  No one will find that answer by doing research.  Never provide credit card information unless the transaction is encrypted which you can determine by looking for “https” rather than merely “http” at the beginning of the website address line.  Finally, regardless of how convenient it may be, don’t leave your credit card stored with the retailer for future use. Insert the credit card anew each time you purchase something.  Leaving your credit card information with the retailer just makes you more vulnerable in the event of a data breach of the retailer.

Scam of the day – December 3, 2014 – Phony electronic coupons

December 3, 2014 Posted by Steven Weisman, Esq.

Discount coupons are a way of life and with good reason.  Many coupons can reduce the cost of your purchases dramatically.  During the holiday shopping season, people are looking for extra savings wherever they can find them.  One place you may find them is in an email or text message from a company with which you do business.  The email may look just like a legitimate message from a retailer with which you do business, but in many instances it will be a counterfeit coupon that will either lure you into clicking on a link that will download keystroke logging malware on to your computer or smartphone that will enable the criminal to steal personal information from your electronic device and use it to make you a victim of identity theft or you will be required to provide personal information in order to access the coupon.  Again, this information is used to make you a victim of identity theft.

TIPS

It is impossible to be able to be sure as to whether or not a coupon you receive in an email or text message is legitimate or not.  Even the email address or number of the sender can be faked to make it appear legitimate.  However, this does not mean that you have to lose out on the coupon.  If indeed it is a legitimate coupon, it will also be available on the particular retailer’s website so merely go to the company’s website (and not by clicking on a link in the text message or email) and you will be able to access real coupons.

Scam of the day – December 2, 2014 – Latest security updates issued by the Department of Homeland Security

December 2, 2014 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates includes many important updates and security patches to prevent serious problems including important security updates for Adobe Flash.

TIPS

Here are the links to the latest Department of Homeland Security software updates and security patches: https: https://www.us-cert.gov/ncas/bulletins/SB14-335