Scam of the day – August 19, 2014 – Major data breach at hospital group

August 18, 2014 Posted by Steven Weisman, Esq.

In a filing yesterday with the Securities and Exchange Commission, Community Health Systems, Inc. a major hospital group company with 206 hospitals in 29 states disclosed that it had suffered a major data breach in which the names, addresses, birth dates, Telephone numbers and Social Security numbers of 4.5 million of its patients who had done business with Community Health Systems during the past five years.  The hacking originated in China and followed a familiar pattern whereby information gathering malware was surreptitiously installed on the computers of Community Health Systems.  This information places the affected individuals in serious danger of identity theft.  The health care industry has increasingly in the last six months become a frequent target for large scale hacking and data breaches as the security in general for many of the companies that make up this industry is extremely lax.  In fact, in April, the FBI warned the health care industry specifically that its cybersecurity was not sufficient to protect the personal information it stores.

TIPS

If you were a patient at any of the hospitals of Community Health Systems during the past five years, you should be particularly concerned, but even if you have not, your turn will come as more and more companies and industries continue to suffer major data breaches.  So what can you do?  The first thing is to limit, as much as possible, the information that you provide to the companies with which you do business.  Don’t store your credit card number with an online merchant merely for convenience because it puts you in danger of identity theft if the company is hacked.  You also should monitor all of your financial accounts closely for fraudulent activities.  You also may wish to consider putting a credit freeze on your credit report to block an identity thief from accessing your credit report and your credit even if he or she has your personal information.  For more specific tips on what you can do to protect yourself, I urge you to get a copy of my new book, “Identity Theft Alert” which can be purchased from Amazon by clicking on the link on the right hand side of this page.

Scam of the day – August 18, 2014 – IRS issues new warning about phony collection calls

August 18, 2014 Posted by Steven Weisman, Esq.

Although I have been warning you about this particular scam for a long time, most recently in my Scam of the Day for March 1, 2014, another warning is warranted in the light of the IRS and the Treasury Inspector General for Tax Administration disclosing that so far in 2014 there have been more than 90,000 complaints to the IRS about scam telephone calls in which a scam artist calls an unwary victim and pretends that the scammer is calling from the IRS.  The person receiving the telephone call is told that he or she must pay an overdue tax amount immediately by way of credit card, debit card, cash card or wired funds or there will be harsh penalties including jail time.   Already this year, this scam has cost American taxpayers millions of dollars.

TIPS

This scam is easy to spot.   The IRS will never initiate communications with a taxpayer by phone so if someone calls you purporting to be from the IRS in an initial effort to collect overdue taxes, you should hang up because it is a scam.   Even if your Caller ID appears to show that the call is from the IRS, this does not mean that the call actually is from the IRS.  Through a technique called “spoofing” a scammer can make the call appear to be legitimate, but it is not.  The IRS will never demand payment by credit card, debit card, cash card or wired funds through an initial telephone call.  If you think that you really may owe taxes, call the IRS at 800-829-1040 to speak to a real IRS employee.  If you receive a scam call, you may wish to report the call to the Treasury Inspector General for Tax Administration at 800-366-4484.

Scam of the day – August 17, 2014 – Data breach at Supervalu stores

August 16, 2014 Posted by Steven Weisman, Esq.

The Supermarket chain Supervalu Inc. has disclosed that it has joined the growing list of major companies suffering a major data breach.  Although the breach apparently occurred between June 22nd and July 17th, it was only disclosed a few days ago.  Supervalu operates stores under a number of different names including Cub Foods, Hornbacher’s, Shop ‘n Save, Shoppers Food & Pharmacy and Farm Fresh.  In addition, the data breach also apparently affected stores that it sold in 2013, but still supplied the information technology services that were the Achilles heel in this data breaches.  Those stores go under the names Albertsons Acme (not necessarily the same one used by Wylie Coyote) Jewel-Osco, Shaw’s and Star Market.  All in all the data breach may have reached as many as 1,000 stores.  It has been confirmed that the breach which, as in the case of the Target data breach occurred at the point of sale card registers included account numbers, expiration dates and cardholder names.

TIPS

Supervalu has set up a call center for consumers to call for further information.  The number is 855-731-6018.  Additional information may also be obtained by going to Supervalu’s website, www.supervalu.com and go to the Consumer Security Advisory section where information can be obtained about complimentary consumer identify protection services.  Consumers who may have shopped at any of the affected stores should carefully monitor their credit card account for fraudulent use and if you used a debit card, you should strictly monitor your bank account for evidence of fraud.  Establishing a credit freeze at each of the three major credit reporting bureaus is also a good idea.  You can get information as to how to put a credit freeze on your credit report by going to the Credit Freeze section of Scamicide as listed on the right hand side of this page.  Finally, this should again be a lesson to consumers to not use debit cards for retail transactions.  The risk is too great.

Scam of the day – August 16, 2014 – Treasury Department says IRS puts taxpayers in danger of identity theft

August 16, 2014 Posted by Steven Weisman, Esq.

An audit performed by the Inspector General for the Treasury Department has found that the IRS does not consistently perform background checks on contractors with which it does business putting millions of Americans in danger of identity theft.  According to the report, the IRS failed to perform proper background checks in more than half of the contracts reviewed by the Inspector General.  Many of these contractors failed to perform any criminal or credit background checks on their employees despite the fact that these employees would be handling sensitive personal information.  In one instance, the IRS provided a printing services contractor with a compact disk with names, addresses and Social Security numbers of 1.4 million taxpayers with not a single person working on this matter having been screened by way of a criminal background check or credit check.  In other instances, former criminals with lengthy records were found to have access to IRS records containing personal information that could be used for identity theft purposes.  This is not the first time that the IRS has been found negligent in this regard.  A previous investigation in 2013 uncovered the same problems of a lack of sufficient background checks for people with access to sensitive IRS information.  The IRS has said that it will now make changes in its policies to require such background checks in the future, but at the moment, that is just lip service.

TIPS

This is just another example of how you are only as safe from identity theft as the places with the weakest security that hold your personal information.  One takeaway from this is that as much as possible, you should limit the places that do hold your personal information.  When a business asks for your Social Security number as an identifying number, which they still may do under the law, offer them something else such as your driver’s license number which is not likely to be of use to an identity thief.

Scam of the day – August 15, 2014 – Accused Russian hacker arraigned

August 14, 2014 Posted by Steven Weisman, Esq.

In my Scam of the day for July 12th I told you about the arrest in Guam of Roman Seleznev, a Russian accused of hacking into the point of sale systems of the Broadway Grill in Washington DC and retail establishments throughout the country between 2009 and 2011.  Now, Seleznev has been extradited to the United States and he was arraigned in federal court in Seattle a few days ago.   According to his indictment, Seleznev scanned the computers of retailers throughout the United States looking for vulnerabilities which he exploited through malware that he would interject into the computer systems of these vulnerable retailers, which would capture credit card data which Seleznev would then sell online to other criminals.  The Secret Service says that he stole the data from more than 200,000 credit cards and made more than two million dollars selling this card data on black market websites.  Complicating the situation is that Seleznev is the son of a prominent Russian politician.  The Russian government is calling the arrest an illegal kidnapping.

TIPS

What does this arrest mean to you and me?  It is more of a reminder of how large the problem is.  Hacking into retailers at point of sale terminals in stores has become a relatively easy task to accomplish and not only is it easy to accomplish, it does not even have to be done at the store.  It can be done totally over the Internet by hackers anywhere in the world.  Credit card fraud is worse in the United States than in most of the rest of the world because we still have not adopted the smart card technology by which credit cards carry a computer chip that issues a new identifying number every time it is used which makes the stealing of the number used at any particular transaction worthless.  The hacking of point of sale terminals will be an exercise in futility when we finally start using smart cards in large numbers.  However, it is not expected that this will be done in the United States until October of 2015 when, through a change in the rules governing credit card usage, companies, whose point of sale terminals are hacked, will be responsible for data thefts.  Until that time, the best you can do is to refrain from using your debit card for retail purchases so that your bank account is not at risk in a hacking attack.  You also should monitor your credit card’s use regularly to note any fraudulent use so that you can limit the damage.

Scam of the day – August 14, 2014 – Latest security updates from the Department of Homeland Security

August 14, 2014 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates provide critical security updates that will help protect against the SQL attack used by the Russian hackers recently to steal data on more than a billion people.

TIPS

Here is the link to the latest security updates as issued by the Department of Homeland Security: https://www.us-cert.gov/ncas/bulletins/SB14-223

Scam of the day – August 13, 2014 – Robin Williams death scams

August 13, 2014 Posted by Steven Weisman, Esq.

You can always count on scammers and identity thieves to capitalize on every tragic event that captures the public’s imagination.  Celebrity deaths seem to be of particular interest to many people.  Following the deaths of celebrities in recent years such as Whitney Houston, Amy Winehouse and Paul Walker, scammers and identity thieves set up scams and identity theft schemes to take advantage of the curiosity of the public about the deaths of these celebrities.  The sad passing of Robin Williams by suicide is bringing new scams and identity theft schemes.   Some of these scams  start with a post on your Facebook page, which often can appear to come from someone you know, when in fact, it is really from an identity thief who hacked into the Facebook account of a friend of yours.  The post provides a link to be able to view photographs of Robin Williams purported to be police photographs that have not appeared in the news.  Unfortunately, if you fall for this bait by clicking on the link, one of two things can happen, both of which are bad.  In one scam, you are led to a survey that you need to complete before you can view the video. In fact, there is no such video and by providing the survey information, you have enabled the scammer to get paid by advertisers for collecting completed surveys.  However, the problem is worse because by completing the survey, you have turned over valuable information to a scammer who can use that information to target you for phishing and identity theft threats.  Even worse though in another variation of this scam is when click on the link and unwittingly download a keystroke logging malware program that will steal all of the information from your computer including credit card numbers, passwords and bank account information and use that information to make you a victim of identity theft.

TIPS

Remember my mantra, “trust me, you can’t trust anyone.”  Merely because a post on your Facebook page appears to come from someone you trust is no reason to consider it reliable.    The posting could be merely from someone who has hacked your friend’s Facebook account.  Other times, the posting may indeed be from your real friend, however, that real friend may unwittingly be passing on tainted links that they have received.    For news matters, you should only rely on legitimate news sources, such as the websites of the major network news stations such as CNN.  In matters such as rare celebrity footage, you should limit your sources to only those that you know are legitimate and can trust such as www.tmz.com.  If it isn’t on TMZ, then it doesn’t really exist.  It is a scam.  Also, make sure that you keep your anti-malware software up to date with the latest security patches.

Scam of the day – August 12, 2014 – Grandparent scam criminals arrested

August 12, 2014 Posted by Steven Weisman, Esq.

Recently Pennsylvania Attorney General Kathleen G. Kane announced that her office had arrested four scammers for running a multistate grandparent scam.  According to Attorney General Kane, these particular scammers had managed to steal hundreds of thousands of dollars from senior citizens in eleven states.  The average age of their victims was 79.  The Federal Trade Commission has estimated that the grandparent scam costs elderly Americans 42 million dollars each year.  There are many variations of the scam.  Generally, it starts with a telephone call from someone pretending to be a grandchild of the person receiving the call.  The scammer then implores the grandparent to send money by a wire transfer to the grandchild immediately to help them out in an emergency encountered in a foreign country where the child is temporarily located.   The emergency may be a health emergency or a legal problem, such as an arrest.   They also ask that the grandparent not tell the grandchild’s parents because of embarrassment.

TIP

If you receive such a call, contact the parents or another source of accurate information as to the grandchild’s whereabouts.  You can even call the grandchild’s cell phone.  Always be wary of any request to wire funds because once money is wired, it is almost impossible to get the money back which is why this is the choice of many scammers.  Grandchildren should be wary of the amount of personal information that they make available on social media such as Facebook because scammers gather such information to make them more believable when the pose as the grandchild.  People should also be more careful as to the information that they put in obituaries as to the names and other information about grandchildren that can be used as a source of information by scam artists about surviving grandparents.

Scam of the day – August 11, 2014 – Identity thief sentenced – what it means to you

August 11, 2014 Posted by Steven Weisman, Esq.

Recently, Turkish citizen Alper Erdogan was sentenced to more than nine years in prison and ordered to pay more than a million dollars in restitution after being convicted of aggravated identity theft, conspiracy to commit computer hacking and conspiracy to commit credit card fraud.  Erdogan did not do the actual hacking, but did sell the credit card numbers to other identity thieves.  Often the people who do the hacking of major companies such as Target do not use the stolen credit card numbers themselves, but rather sell them through the Internet to other identity thieves on black market websites.  One such website is called McDumpals, which humorously has a McDonald’s restaurant theme and shows a caricature of Ronald McDonald pointing a gun at the viewer of the screen next to the words “I’m swipin it”   Often payment on these illegal websites is made by bitcoins so that the payments cannot be traced.

TIPS

One good element of this case is the international cooperation involved in the investigation and prosecution of Erdogan who was extradited by the Republic of Georgia to stand trial in the United States, although it should be noted that it did take almost two years after Erdogan was indicted in Florida for the extradition to occur.  The bigger lesson is that once again, people became victims of identity theft because the United States still is lagging behind the rest of the world in issuing and using smart credit cards with computer chips that create a new number each time the card is used.  The United States largely continues to use outdated magnetic strip credit card technology that is extremely susceptible to identity theft.  It is not expected that retailers and others who process credit cards will switch over to the smart cards until October of 2015 when new regulations will prompt the switch.  In addition, it is important to remember that you are only as safe as the places with the weakest security that hold your personal information, such as a credit card so, don’t leave your credit card on record with an online retailer for convenience sake and monitor your credit card usage regularly so you can report any fraudulent charges as soon as possible in order to avoid problems.

Scam of the day – August 10, 2014 – Comcast billing scam

August 10, 2014 Posted by Steven Weisman, Esq.

Comcast is one of the biggest providers of cable and Internet services in the country and their billing can be far from simple which makes them a tempting target for scammers.  The latest Comcast related scam starts with a telephone call to the potential victim from a scammer who represents that he or she is a Comcast employee calling to inform you of a new promotion where if you make an initial $600 payment, you will not be billed for six months and after that you bill will only be $99 per month.  Because Comcast often does offer tempting promotions the offer doesn’t seem unrealistic.  In addition, the scammer calling generally has information about the victim’s Comcast account such as how long they have been a Comcast customer and the amount of their current bill that makes the call seem even more legitimate.  However, then comes the catch.  In order to take advantage of this offer, the victim is told that he or she must use a Green Dot Money-Pak cash card.  Of course, once the victim send the money via the cash card, the money is lost forever and to make things worse, when the victim stops paying his or her regular Comcast bill, there services may be terminated.

TIPS

You can never trust anyone calling you on the phone to be who they say they are.  Even if the Caller ID appears to say it is someone legitimate, such as Comcast, scammers can alter Caller ID through a process called spoofing so it appears that the call is from a legitimate source even though in truth it is not.  You should always be wary whenever anyone asks for payment by way of a cash card such as the Green Dot Money-Pak or by wiring funds, such as through Western Union because once those funds have been sent in those ways, they are impossible to get back.  If you ever get contacted on the phone with an offer that you think might be legitimate, you should hang up and contact the company at a number that you know is legitimate to find out the truth.

In response to this particular scam, Comcast issued the following statement: “We are aware of the Greendot Moneypak scam in which victims receive an email or call offering them a promotional package for Comcast services.  The call or email advises the victim to pay an upfront fee using a Greendot Moneypak.  While Comcast accepts Greendot as one form of payment, under no circumstances would it be required in advance for services.  We encourage customers to confirm promotional emails or call that appear to be from Comcast by verifying the offer information on the company’s official website www.comcast.com or by calling 1-800-COMCAST (266-2278).”