Scam of the day – November 23, 2015 – Dish Network telephone scam

November 23, 2015 Posted by Steven Weisman, Esq.

The Dish Network is a popular satellite television and Internet provider used by millions of people, which is why it is a good hook for scammers who are calling people purporting to be Dish Network technicians and telling their intended victims that they need to update their satellite service at a cost of $120.  The scammer then uses the carrot and the stick approach.  The carrot is that after updating, the customer’s monthly bill would be reduced by $20.  The stick is that if they did not update, their satellite service would not work.


You can never be sure who is really calling you on the phone which is why you should always be skeptical if someone demands money or personal information under any circumstances.  In this case, the Dish Network does not call its customers if it is upgrading their services and they would not charge for upgrades.  However, if you have any questions, you should do what Paula Zimmerman did when she received a call purporting to be from a Dish Network technician.  She merely called the real Dish Network customer service to confirm that indeed the call she had received was a scam.

Scam of the day – November 21, 2015 – Starwood hotels discloses major data breach

November 21, 2015 Posted by Steven Weisman, Esq.

Starwood hotels announced today that it has joined a long line of hotels that have suffered a significant data breach involving credit cards and debit cards.  Just in the last year, major data breaches have occurred at The Trump Hotel Collection, Hilton Hotels and the Mandarin Oriental.  The hacking involves fifty-four of its hotels including its Sheraton, Westin and W brands.  According to Starwood, the data breach resulted in the theft of credit and debit card information including card numbers, the names of the card holders, security codes and expiration dates of the affected cards.  The malware used to gather the data, consistent with some of the more recent hotel data breaches, was found in the payment systems at the hotels’ restaurants, gift shops, bars and other retail shops within the various hotels, but not at the front desk card processors.   The hacking started in November of 2014.   This type of data breach is something about which I wrote a column for USA Today a year ago in which I explained the pattern of these data breaches and why they occur.  Here is a link to that column, entitled “Coming Soon:  Another Major Retailer Hacked.”

Here is a link to the explanation by Starwood of the data breach.

Here is a link to a list of the affected hotels so that you can determine if you stayed at one of the affected hotels since November of 2014.

As is so often the case in these types of data breaches, Starwood is offering a year of free credit monitoring to those affected by the data breach although it is certainly late to be counting on this to provide significant assistance.  Here is a link to information as to how to apply for the free credit monitoring.

The problem continues to be one of weak cybersecurity of many companies coupled with these companies still using credit card and debit card processors for cards with magnetic strips rather than the safer smart EMV chip cards.  Regulations effective October 1st mandate credit card issuers and retailers to switch over to the new smart EMV chip cards or risk increased legal liability, but unfortunately, many companies have not switched over and are not expected to do so for some time.  If smart EMV chip cards had been used at the Starwood hotels, the information stolen in such a hacking would have been worthless, but since they still used the old fashioned magnetic strip cards, Starwood and its customers face financial problems from this data breach.  Target, which learned its lesson the hard way has already switched to the new EMV chip cards as has WalMart.


Until credit card issuing companies and brick and mortar stores and businesses that take credit cards switch to the new smart EMV chip cards, this story will, as I predicted a year ago, continue to occur again and again.  As for we, as consumers, the best we can do is to refrain from using our debit cards for anything other than an ATM card because consumers whose debit card security has been breached are not protected as much as when a credit card is used for fraudulent purchases.  In addition, if you do not already have a new smart EMV chip card, you should demand one from your credit card company.  They are easy to use and they will provide you with much greater security.  If you used a credit card or debit card at any of the above-mentioned Starwood properties since November of 2014 you should carefully monitor your credit card account and bank account for any indication of a problem.

Scam of the day – November 19, 2015 – Verizon Wireless robocall scam

November 19, 2015 Posted by Steven Weisman, Esq.

Scammers are now making robocalls that purport to be from Verizon Wireless in which they promise a “bonus reward” payment of $54.  All you have to do in order to claim your “bonus reward” is go to a Verizon Wireless website and verify your personal information.  Of course, the website you are directed to is not a Verizon Wireless website although it appears genuine.  The account information you verify is actually being turned over to a scammer who uses this information to access your account, steal more information and make you a victim of identity theft.  Making the problem worse is that through a technique called “spoofing,” your Caller ID can be fooled into showing the call coming from “technical support” and the number that it shows, 800-922-0204 is an actual Verizon Wireless customer assistance number although the call is not coming from Verizon Wireless customer assistance.


As I have mentioned many times, regardless of what your Caller ID may indicate, you can never be sure who actually is calling you when you receive a phone call and you cannot trust your Caller ID.  Of course, whenever you are promised something for nothing, as in this scam, you should always be skeptical.  If you have any thought that the offer may be legitimate, you can always contact the real company by going to a website address or calling at a phone number that you know is legitimate, not the phone number to which you are directed in the scammer’s telephone call, email or text.

Scam of the day – November 18, 2015 – Debt collection scams

November 18, 2015 Posted by Steven Weisman, Esq.

Debt collection scams essentially come in two varieties.  One occurs when scammers use deceptive and abusive tactics to collect on debts such as credit card debt in violation of the FTC Act and the Fair Debt Collection Practices Act.  Often these scammers misrepresent who they are, often claiming to be sheriffs or other process servers, and falsely threaten their victims with arrest and other serious consequences.  Presently the FTC is returning millions of dollars to people who were abused by Asset Capital and Management Group, in such a debt collection scam.  Victims of this particular company can get more information about receiving a check for their losses by calling 855-312-3324.  You also can click on the tab entitled “FTC Scam Refunds” at the top of this page.  I urge everyone to check out this particular tab from time to time to see if you are eligible for refunds relating to various FTC actions.

The second debt collection scam involves scammers harassing their victims about totally non-existent debts.  They manage to sound convincing to their unfortunate victims because the scammers have previously gathered much personal information about their potential victims so that when they talk to them on the phone they sound convincing and legitimate.  Using illegal collection tactics, they threaten arrest and garnishment of wages unless the victim pays the non-existent debt immediately.  Often out of fear, their victims pay.  The Federal Trade Commission (FTC) has taken action against 61 such scammers over the last three years, but the scam continues.  One particular phony debt collection scam shut down by the FTC operated out of call centers in India and scammed unsuspecting victims out of more than five million dollars before it was closed by the FTC.


Debtors have considerable rights pursuant to the Fair Debt Collection Practices Act including the right of the debtor who may have been first contacted by phone to request that written documentation in support of the claimed debt be sent to the debtor before any further action is taken.  In addition, debtors have the right to demand that they not be contacted by phone, after which no legitimate debt collector will contact the debtor.  To do so would violate federal law.   For more information about your rights as a debtor and what to do if you are in debt or being hounded by someone posing as a legitimate debt collector you can find much helpful information by clicking on this link from which is an interagency website for a number of different federal agencies.


Scam of the day – November 17, 2015 – FTC shuts down Click4Support

November 17, 2015 Posted by Steven Weisman, Esq.

Tech support scams are a profitable way for scammers to steal your money.  I have been warning you about these scams for years.  They come in a number of different varieties including pop up ads on your computer and telephone calls purportedly from Microsoft, Apple or Google.  Recently the Federal Trade Commission (FTC) announced that, along with the Attorneys General of Pennsylvania and Connecticut, it had filed legal action against a company, Click4Support which the FTC alleges stole more than 17 million dollars from unwary consumers by pretending that they represented Microsoft, Apple and others offering unneeded tech support services.  A federal court judge has issued a preliminary injunction against Click4Support stopping their scam and freezing their assets.

Click4Support used online advertisements and popups that made them appear to be a part of Microsoft and Apple.  The ads would lure unsuspecting computer users to call Click4Support and then give Click4Support remote access to the victims’ computers for purposes of identifying viruses, malware and other problems, which were always found whether or not they actually existed.  Then Click4Support sold its services either on a one time basis or a long-term service plan at a cost that ranged from $69 to thousands.  In return, the victims actually got nothing of value and, in some instances, their computers were harmed.


In the phone scams for tech support, it is important to remember that neither Microsoft nor Apple will ever call you about tech support so if someone represents that they are doing just that, it is a scam.  Hang up the phone.  Don’t trust popup ads for tech support service either.  If you have any concerns about your computer’s security contact a reputable computer security company using a telephone number that you have confirmed is legitimate.

Scam of the day – November 16, 2015 – FBI agent advises ransomware victims to pay the ransom

November 16, 2015 Posted by Steven Weisman, Esq.

Speaking recently at a cybersecurity conference in Boston, FBI Assistant Special Agent Joseph Bonavolonta startled many people when, in discussing ransomware, he said “the ransomware is that good.  To be honest, we often advise people just to pay the ransom.”  I have been warning you about ransomware since 2012.  Ransomware  problems start when you find your computer frozen and a message on your screen tells you that your computer will remain frozen until you pay a “ransom.”  CryptoWall and its predecessor CrytoLocker ransomware have been used effectively by criminals for years.    The most recent version of ransomware being used is called Tescrypt.  Companies and individuals have been the targets of ransomware.  In fact, a number of police departments, including the Swansea Massachusetts police department have been the victims of ransomware and actually paid the ransom.

As with many types of malware, you download it when you click on tainted links or tainted attachments, which is why I always warn you not to click on any links or download attachments unless you are absolutely sure that they are legitimate.  In many instances, the ransomware has come as hidden malware in a phony email purporting to be from Federal Express or UPS.  As we approach the holiday shopping season, you can expect an upswing in people falling for this scam and clicking on links and downloading attachments in emails purportedly from these companies related to holiday shopping.


The best way to deal with ransomware is to avoid it in the first place.  Have a good firewall, good anti-virus and good anti-malware software installed on your computer, tablet or other devices and keep the software up to date.  However, remember that the security software companies are always playing catchup with the hackers, so your security software will not always protect you.  The latest incarnations of most malware is generally at least thirty days ahead of the security software companies so you can never rely on your security software and your firewall to keep you totally safe.   However, make sure that when security updates are available that you download them as soon as possible.  Many people become victims of older versions of ransomware because they have not updated their security software.  Also, you should always back up everything on your computer in the Cloud or on a USB drive or preferably both.  Finally, never click on links or download attachments unless you are absolutely positive that they are legitimate and the only way to do this is to confirm that they are legitimate with the real companies you think may be sending you the email before ever clicking on a link or downloading an attachment.

If you are a victim of ransomware, here are a couple of free links that may help you.   The first  is a link to Microsoft’s Malware Protection Center with links and instructions for removing ransomware infections from your computer:  The second is to Malwarebytes Anti-Malware which will detect and remove malware such as trojans and spyware.  The link is  Some types of malware cannot be defeated after it is installed, but it is always worth a try.  However, the best course of action to take is to avoid downloading anything unless you are confident it is legitimate and always back up all of your data both in the cloud and offline so that even if you do become a victim of ransomware, you don’t have to pay because your data is already preserved.

Scam of the day – November 15, 2015 – Bank of America phishing email

November 15, 2015 Posted by Steven Weisman, Esq.

Here is another good example of a phishing email.   It makes for compelling reading, but it is a scam.  Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.  They are a staple of identity thieves and scammers and with good reason because they work.  As always, they lure you by making it appear that there is an emergency that requires your immediate attention or else dire consequences will occur.  Here is a copy of a new phishing email that appears to come from Bank of America that is presently circulating.  This particular one came with particularly good looking graphics and a Bank of America logo, but it is a scam.

Security Alert
BankAmerica account ending in ****
Unusual account activity detected
Dear Customer,
We detected unusual activity on your Bank of America account on 11/07/2015. For your protection, please verify this activity so you can continue making transactions without interruption.
Please sign in to Online Banking or visit Online Banking at to review and verify your account activity, or you can call us immediately at 1.800.383.0618in the U.S.; international customers please call collect via the international operator at757.677.4701. After verifying your credit card transactions, we’ll take the necessary steps to protect your account from fraud.
If we don’t hear from you, unfortunately certain limitations may be placed on your account.
Please disregard this notice if you have already taken the required action.

Security Icon Your last sign-in was 11/07/2015
To verify that this email is from Bank of America, confirm your last sign-in date is correct. To access Online or Mobile Banking, go directly to or use our Mobile Banking App.
Remember: We never ask for private information such as an account number, card PIN, or Social Security or Tax ID number in email messages. If you think an email is suspicious, don’t click on any links. Instead, forward it to and delete it.

This is a service email from Bank of America. Please note that you may receive service emails in accordance with your Bank of America service agreements, whether or not you elect to receive promotional email.
Read our Privacy Notice.
Please don’t reply directly to this automatically generated email message.
Bank of America Email, NC1-028-09-01, 150 N College St., Charlotte, NC 28255
Bank of America, N.A. Member FDIC. Equal Housing Lender
В© 2015 Bank of America Corporation. All rights reserved


Some indications that this is a phishing email is that the email address from which it was sent had nothing to do with Bank of America, but most likely was from a computer that was part of a botnet of computers controlled remotely by the scammer.  In addition, legitimate emails from your bank would include the last four digits of your account rather than just **** as appears in this email.  They also would not use the generic “Dear Customer,” but would rather specifically direct the email to you by your name.  As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call your bank at a telephone number that you know is accurate and you will be able to confirm that it is a scam.

Steve Weisman’s latest column from USA Today

November 14, 2015 Posted by Steven Weisman, Esq.

Here is a link to Steve Weisman’s latest column from USA Today about income tax identity theft