Scam of the day – October 11, 2014 – Nude photos of Emily Watson scam

October 11, 2014 Posted by Steven Weisman, Esq.

Emma Watson is a popular, young actress who is best known for her role as Hermione in the Harry Potter movies.  She is one of the most well searched celebrities on the Internet.  This intelligent Brown University graduate also may be one of the few celebrities who did not have nude photos of her stolen from the cloud.  It may even because she has not taken such pictures.  Regardless, there are many people who would very much like to see nude photographs of her which is why a new scam first reported by the security firm Bitdefender comes as no surprise.  This scam starts with a Facebook posting that promises nude videos of Emma Watson for free, merely by clicking on a link.  If you click on the link the image reproduced below appears on your screen.  Unfortunately, if you download the attachment in order to view the promised video, you will not succeed in seeing a video of Emma Watson, but you will succeed in downloading malware called Trojan.Agent.BFQZ which will steal the information from your computer or other electronic device and use it to make you a victim of identity theft, make postings using your name on Facebook and sign you up for expensive text message services for which you will be billed through your cellular service.

The Emma Watson Trojan virus being shared on Facebook

TIPS

Without even getting into the morality and ethics of viewing what appear to be privacy invading, stolen nude videos of public figures, the plain, hard truth is that many of these solicitations to view these videos are just bait by scammers and identity thieves to lure you into clicking on links and downloading attachments that will install malware on your computer or other electronic device that will end up costing you money and making you a victim of identity theft.  Trust me, you can’t trust anyone.  Never click on links or download attachments unless you are absolutely sure that they are legitimate.

 

Scam of the day – October 10, 2014 – Increasing threat of smartphone hacking

October 10, 2014 Posted by Steven Weisman, Esq.

Hacking of smartphones was in the news recently with the revelation by Lacoon Mobile Security that the Chinese government through a phishing scam lured democracy protestors in Hong Kong into downloading a malware ladened app on to their smartphones that enabled the Chinese government to monitor the communications of protestors.  In this instance, smartphone users in Hong Kong were responding to a message on WhatsApp that read “Check out this Android app designed by Code4HK for the coordination of OCCUPY CENTRAL.”  Those responding to the message and clicking on the link provided ended up downloading malware that enabled the Chinese government to monitor the smartphone users’ communications as well as provide access to all of the personal information stored on the phone.  Code4HK is the name of a group of computer programmers who have been working with the pro-democracy movement in Hong Kong, but had nothing to do with this software or message.  As we all become more and more dependent upon our smartphones, use them for sensitive financial transactions and store more personal information on them, they have become an increasing target for hackers and identity thieves.  Security company McAffee has said that the incidences of mobile malware increased 197% just between 2012 and 2013.

TIPS

The key to protecting the security of your smartphone from the threat of malware is to not downloading the malware in the first place.  One important rule to follow is to not install apps only from legitimate vendors.  Most carriers will also provide security software for your smartphone as well as an app that will scan your smartphone for malicious apps you may have unwittingly downloaded.  Check with your carrier as to what security software and apps are available to you on your particular smartphone.  Never click on a link in an email, text message or other communication unless you have absolutely verified that it is legitimate.  The risk of downloading malware is too great.  Protect your smartphone with a strong password, install security software and encryption software as well as anti-malware programs such as the app Lookout which has a feature that continually scans your smartphones for viruses and malware.

Scam of the day – October 9, 2014 – Latest security updates and patches for the Bash virus

October 9, 2014 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates include important updates for the Bash virus and updates to Google and Google Chrome.  The Bash virus involved not just computer software, but router software and included in today’s updates are security patches for routers.

TIPS

Here are the links to the latest security updates as issued by the Department of Homeland Security:https://www.us-cert.gov/ncas/current-activity/2014/10/07/Google-Releases-Security-Updates-Chrome-and-Chrome-OS   and

https://www.us-cert.gov/ncas/current-activity/2014/10/07/Oracle-Patches-Bash-Vulnerabilities and

https://www.us-cert.gov/ncas/current-activity/2014/10/08/Cisco-Releases-Security-Advisory-ASA

Scam of the day – October 8, 2014 – Justice Department indicts members of international computer hacking gang

October 8, 2014 Posted by Steven Weisman, Esq.

Recently the U.S. Department of Justice indicted four members of an international computer hacking gang on charges of hacking into the computer networks of Microsoft Corporation, Epic Games, Inc., Valve Corporation, Zombie Studios and the U.S. Army and stealing more than a hundred million dollars worth of trade secrets and intellectual property.  The hacking involved software and data related to the Xbox One console, Xbox Live online gaming system, games, such as “Call of Duty:  Modern Warfare 3″ as well as software used to train military helicopter pilots for the U.S. Army.  Those indicted included three Americans, Nathan Leroux, Sandadoleh Nesheiwat and eighteen year old Austin Alcala.  Also indicted was David Pokora, a Canadian.  Additionally, an Australian citizen has been charged under Australian law in regard to the same criminal enterprise.  Two of the defendants have already pleaded guilty including David Pokora who thus becomes the first foreigner convicted of stealing trade secrets.

TIPS

Hacking into companies in order to obtain trade secrets has become commonplace.  According to a government report, more than 3,000 companies have been hacked by Chinese hackers.  FBI Director James Comey said recently on the television show 60 Minutes that there are two types of companies in the United States, those that have been hacked by the Chinese and those that just don’t realize that they have been hacked by the Chinese.  The government and business  have both got to a better job of protecting the security of data.   Legislation, regulation and training has got to be improved to meet a threat from government sponsored hacking as well as hacking by private criminals.

Scam of the day – October 7, 2014 – Latest security updates from Department of Homeland Security

October 7, 2014 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates include a number of important security patches related to the Bash virus.

TIPS

Here are the links to the latest security updates as issued by the Department of Homeland Security: https://www.us-cert.gov/ncas/bulletins/SB14-279

Scam of the day – October 6, 2014 – Important Message from FBI Headquarters scam

October 6, 2014 Posted by Steven Weisman, Esq.

Obviously if you were to receive an important message from the FBI, you would take it seriously.  However, the FBI is not going to be sending you important messages by email and the FBI is not going to be notifying you about money you have won in a lottery.  However, a scam email is appearing around the country that appears to be come from FBI director James Comey.  In this email you are told that you have won ten million dollars and all that you need to do is to respond and provide information in order to collect your prize.  By the way, one of the agents mentioned in the email copied below is Bode Williams which is a name that has often occurred in various Nigerian email scams.  In all lottery scams, once you contact the person in charge, you will be told that you need to send in money for administrative fees or income taxes.  Don’t do it.  It is a scam.  The best thing to do is to ignore the email.  Here is a copy of the presently circulating email.  Although it does not show it here, the email does not come from the FBI, but rather from someone whose email address has been hijacked by a scammer and made a part of a botnet to send out these emails in massive numbers.

“This is to officially inform you that it has come to our notice and we have thoroughly completed an investigation with the help of our Intelligence Monitoring Network System that you legally won the sum of $10,000,000.00 USD. from a Lottery Company Inside the United States of America. During our investigation we discovered that your e-mail won the money from an Online Balloting System and we have authorized this winning to be paid to you via a Certified Cashier’s Check.

In order to proceed with this transaction, you will be required to contact the agent in-charge (Derek Roland) via e-mail. Kindly look below to find appropriate contact information:

CONTACT AGENT NAME: Bode Williams

James B. Comey
Director – FBI.”

TIPS

It is hard to win a lottery you have entered. It is impossible to win one that you never even entered.  Lottery scams are one of the most common and profitable scams done by scam artists.  No legitimate lottery requires you to pay administrative fees after you have won and no lottery collects income tax money for the IRS.  A legitimate lottery will either deduct your taxes from the prize before paying you or will, most often, provide you with the entire amount of the prize and it is your responsibility to pay the taxes to the IRS.  Also, never provide your personal information such as your Social Security number to anyone who tells you that you have won a lottery you did not enter.  They may tell you that they need this information to file with the IRS and legitimate lotteries do, but a scammer is only asking for you this information to make you a victim of identity theft.

Scam of the day – October 5, 2014 – More banks hacked by suspected hackers of J.P. Morgan Chase

October 4, 2014 Posted by Steven Weisman, Esq.

With news of the massive data breach at J.P. Morgan Chase in which names, addresses, phone numbers and email addresses of 76 million households and 7 million small businesses were stolen by what appears to be Russian hackers who may or may not be affiliated with the Russian government dominating the news, it seems perfectly appropriate to wish you a happy National Cybersecurity Awareness month.  As frightening as the spectre of a major American bank being vulnerable to vulnerable to such a massive data breach, you may remember that when the story broke last August of the possible data breach at J.P. Morgan Chase, reports were that there were as many as four other banks that had similarly been hacked.  Now, according to a report in the New York Times, that number is actually risen to nine other major financial institutions that may have suffered data breaches at the hands of the same hackers.  Therefore even if you are not a customer of J.P. Morgan Chase, you should be extra vigilant in regard to all of your financial accounts.

TIPS

Now is the time to implement a eight step approach to protecting yourself from identity theft and data breaches.  The first step is to change your password regularly, such as every six months.  A good password has a mixture of capital letters, small letters, symbols and digits.  Don’t use any word in the dictionary because hackers have computer programs that can guess your password. Instead use a phrase, such as IHate2UsePasswords!!.  This is a very secure password.  You should also have a separate and distinct password for each of your accounts, but you can merely adapt this basic password by adding a couple of distinguishing letters for each account.  For example, you could make this your Amazon password by adding the letters “Am” at the end of your basic password so it reads IHate2UsePasswords!!Am.  This is easy to remember.

You should also use dual factor authentication on your accounts when available.  Dual factor identification provides you with an extra level of security by which more than a password is necessary to gain access to your account.  Generally, when you log in through your password to an account a code is then sent to your smartphone which you then must input in order to access your account.

You also should change the answer to your security question to something completely nonsensical.  Answering a security question is required if you forget your password or if you want to change your password.  Unfortunately the answers to common security questions, such as your mother’s maiden name can be found with a little effort by an identity thief in the many places on the Internet that store personal information.  So instead of the answer to your mother’s maiden name being “Jones,” change it to “Grapefruit.”  No identity thief will find it or guess it and it is silly enough for you to remember.

Don’t click on links or download attachments in any email, text message or social media posting unless you have absolutely confirmed that it is legitimate.  Identity thieves and hackers lure people into clicking on links in such communications that results in the victims downloading keystroke logging malware that can steal all of the information from your computer.

Don’t provide personal information over the phone to anyone whom you have not called.  You can never be sure if the person calling you is legitimate regardless of how compelling the reason he or she gives for you to provide personal information.  Don’t rely on your Caller ID because through a technique called “spoofing” an identity thief can make it appear that his or her call is from the IRS, your bank or some other legitimate entity.  If you think the call may be legitimate, hang up and call the company or agency at a number that you know is real, not the number the caller gives you.

Review all of your accounts regularly and carefully to note the smallest charge that should not be there.  Sometimes identity thieves will put regular reoccurring charges on your credit card or phone bill in the hope that you will not bother to look further into it because the charge is so small.  The earlier you catch identity theft, the easier it is to deal with.

Check your credit report from each of the three major credit reporting agencies every year for evidence of fraud or even mistakes that need to be corrected.  Here is the link to the only official place to get your free credit report https://www.annualcreditreport.com/index.action

Put a credit freeze on your credit report so that even if an identity thief obtains your Social Security number, he or she cannot gain access to your credit report.  Yesterday’s Scam of the day contains the links to the credit reporting agencies to use to freeze your credit.

Scam of the day – October 4, 2014 – J.P. Morgan update and credit freeze information

October 4, 2014 Posted by Steven Weisman, Esq.

Last Thursday, in a required SEC filing,  J.P. Morgan Chase & Co. reported that the data breach, which we reported to you about when it was first discovered during the summer, was much larger than initially thought.  At the time, J.P. Morgan believed that only a million accounts were compromised, but now, J.P. Morgan is indicated that information on 76 million households and 7 million small businesses was stolen by hackers thought to be from Russia or another Eastern European country.  According to the SEC filing, J.P. Morgan says that the information stolen included names, addresses, phone numbers and email addresses.  At this time J.P. Morgan is saying that they are not aware of fraudulent activities tied to the data breach and that no account numbers, passwords, user IDs or Social Security numbers were stolen.  The data breach apparently began in June and went on until discovered in mid August, which is especially troubling because it provided time for the hackers to cover their tracks for what may have been their true goal.  The hackers did manage to gain access to the entire list of applications and programs used by J.P. Morgan Chase on its computers which could then be evaluated by the hackers for inevitable vulnerabilities that could be exploited at a later time.  Obviously J.P. Morgan is busy trying to protect against this threat.

TIPS

For customers of J.P. Morgan Chase, now is not the time to run and hide nor take your money out of the bank.  In fact, at the time that the FBI began its initial investigation of this data breach during the summer, it indicated that it was looking into possible data breaches of as many as four other banks as well.  It may well be that we are not yet aware of the breaches that occurred and may still be going on in other banks.  You can expect either the hackers, people who the hackers sell the information they gathered and even totally independent identity thieves to start contacting people through emails, text messages and phone calls purporting to be from J.P. Morgan Chase.  In these contacts, they will attempt to lure unsuspecting victims into providing personal information under various guises or clicking on links to obtain what may appear to be important information.  However, if you provide that personal information all you will do is end up a victim of identity thief.  If you click on the links in emails or text messages appearing to be from J.P. Morgan you may well end up downloading keystroke logging malware that will steal all of the information from your computer that will be used to make you a victim of identity theft.  Trust me, you can’t trust anyone.  Even if your Caller ID appears to show that the call you receive is form J. P. Morgan Chase, scammers are able to make their calls appear to be from J.P. Morgan Chase through a tactic called spoofing.  The best course of action if you receive any purported communication from the bank is to not respond directly, but instead contact the bank independently on your own to find out what the truth is.

This also may be a good time to consider putting a credit freeze on your credit report so that even if someone manages to obtain your Social Security number and other personal information, they will be unable to access your credit report and run up large debt in your name.  A separate credit freeze needs to be established at each of the three major credit reporting agencies to be effective.  Here are the links to the pages at Experian, TransUnion and Equifax where you can put a credit freeze on your report and get some peace of mind.

TransUnion http://www.transunion.com/personal-credit/credit-disputes/credit-freezes.page

Equifax https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp

Experian https://www.experian.com/freeze/center.html

Scam of the day – October 3, 2014 – Jimmy Kimmel named the most dangerous person on the Internet

October 3, 2014 Posted by Steven Weisman, Esq.

Each year, computer security company, McAfee releases a list of the most dangerous celebrities on the Internet.  These are people whose popularity is exploited by identity thieves and hackers who lure unsuspecting people through links in emails, social media and text messages relating to these celebrities or through malware filled websites to unknowingly downloading keystroke logging malware that enables the identity thieves to steal all of the personal information from the victim’s computer, laptop, smartphone or other electronic device and use that information to make the person a victim of identity theft.  This year, comedian and late night talk host Jimmy Kimmel took the title of the most dangerous person on the Internet for the first time.  This is also the first time since 2008 that a man has held this position.  Often the messages used to lure victims into downloading the malware promise to provide particularly salacious or enticing videos or photographs although Jimmy Kimmel seems to be an exception to this rule.  According to McAfee, almost 20% of searches for Jimmy Kimmel on line will take you to malware.

The other celebrities on the list in descending order are Armin van Buuren, Ciara, Flo Rida, Bruce Springstein, Blake Shelton, Britney Spears, Jon Bon Jovi, Chelsea Handler and Christina Aguilera.

TIPS

It is important to remember that merely because a website turns up high on a Google search does not mean that it is legitimate.  Google doesn’t check out websites for legitimacy in ranking sites.  The ranking is done by  secret algorithms that some identity thieves are adept at manipulating.  Also, as I constantly warn you, never click on links or download attachments unless you are absolutely sure that they are legitimate.  Merely because it appears that a friend is passing them on to you does not make them legitimate.  As for celebrity videos and photos, you should have a healthy mistrust of websites with which you are not entirely familiar.  For gossip, www.tmz.com is a good place to go.  They always have the latest gossip and they are legitimate.  Finally make sure that you keep all of your electronic devices secure with anti-malware and anti-virus software and keep your security software current with the latest security patches.

Scam of the day – October 2, 2014 – Important update on Bash bug

October 2, 2014 Posted by Steven Weisman, Esq.

On September 27th I warned you about the revelation that there was a bug called Shellshock in the Bash command-line interpreter on many operating systems including Linux, Unix and Apple’s OSX that had just been discovered after more than twenty years.  This bug is simple to exploit and tremendously dangerous since when exploited by hackers, permits the hacker to take over the computers using the infected operating systems.   The Federal Financial Institution Examinations Council (FFIEC) has warned the banking industry that it should take immediate steps to protect itself from this major threat.  Hackers have been busy trying to take advantage of this security flaw by attacking servers using affected operating systems while security experts have been equally as busy trying to create new patches.   A series of security patches have been released just in the last couple of days. It is also important to know that, as individual computer users, your firewall should protect you unless a hacker tricks you through phishing into clicking on a link and download malware to exploit the flaw.

TIPS

For all of us, this is a reminder to never click on a link in an email, text message or social media posting unless you are absolutely sure that it is legitimate.  Too often, what appear to be legitimate communications with emails are phishing scams with malware attached.

Here are links provided by the Department of Homeland Security which in turn have links to the latest security patches issued by Apple and others to deal with this problem.

https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability

https://www.us-cert.gov/ncas/current-activity/2014/09/30/Apple-Releases-OS-X-bash-Update-10