Scam of the day – February 20, 2015 – Latest security updates from the Department of Homeland Security

February 20, 2015 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  Today’s updates include critical updates for Google Chrome and Internet Explorer.   Users of the affected programs should make sure that they update their software with these latest security patches as soon as possible.

TIPS

Here is the link to the Department of Homeland Security software updates:https://www.us-cert.gov/ncas/bulletins/SB15-047

Scam of the day – February 19, 2015 – Anthem data breach update

February 19, 2015 Posted by Steven Weisman, Esq.

As I reported to you right after it happened earlier this month, Anthem, a major care health care company suffered a data breach that could affect as many as 80 million Americans.  The data stolen included birth dates, Social Security numbers and other information putting the affected victims in extreme danger of identity theft.  Anthem is now offering free identity theft repair and credit monitoring services to current or former members of affected Anthem plans going back to 2004.  This includes customers of Anthem, Inc. companies Amerigroup, Anthem and Empire Blue Cross Blue Shield companies, Caremore and Unicare.  It also includes customers of affiliated Blue Cross and Blue Shield companies who used their Blue Cross Blue Shield insurance in any of the states where Anthem, Inc. does business.  Those state are California, Colorado, Connecticut, Georgia, Indiana, Kentucky, Maine, Missouri, Nevada, New Hampshire, New York, Ohio, Virginia and Wisconsin.

TIPS

Anthem has contracted with AllClear ID to provide two years of identity theft repair and credit monitoring services to affected customers.  Identity repair assistance is available without enrollment by merely calling AllClear ID at 877-263-7995.  Additionally, affected customers may enroll at no charge in the AllClear PRO credit monitoring service during this two year period.  You can enroll either by phone at 877-263-7995 or online at https://anthem.allclearid.com/

Additionally although neither Anthem nor AllClear ID provides this service, if you were a victim of this data breach, it would be advisable to put a credit freeze on your credit reports at each of the three major credit reporting agencies, Equifax, Transunion and Experian.  You can find more information about credit freezes and how to put them on your credit reports at no charge by going to the Scamicide archives.

Scam of the day – February 18, 2015 – Jamaica lottery scam extradition

February 18, 2015 Posted by Steven Weisman, Esq.

Regular readers of Scamicide.com will remember that I have written about the Jamaica lottery scam for more than three years.  Jamaica is a hot bed of phony lottery scams, victimizing unwary Americans for more than ten years.  It has been estimated that Jamaican scammers operating phony lotteries steal more than three hundred million dollars from Americans annually.  Generally they way the scam operates is that the targeted victim is told on the telephone  that he or she has won a lottery (that they never entered), but that the victim needs to pay some administrative fees before receiving the huge prize.  The victims of this scam pay the fees, which can run into thousands of dollars, but never get the prize. The telephone call generally comes from the 876 area code.  Scammers in Jamaica make as many as 30,000 calls each day to the United States telling people that they have won a non-existent lottery.  Although Jamaican officials have recently become increasingly aggressive in trying to shut down these scams, it wasn’t until now that the first scammer has been both indicted by an American grand jury and extradited by Jamaican authorities to the United States, where the accused scammer, Damion Bryan Barrett is facing charges of 37 counts of wire fraud.

TIPS

As always, the best place to look for a helping hand is at the end of your own hand. Here are a couple of important things to remember.  You cannot win a lottery or contest that you did not enter and it is illegal for Americans to participate in foreign lotteries in the first place.  In addition, if your caller ID shows that you are receiving a call from the Jamaican area code of 876, you should not even answer the call unless you have a friend vacationing in Jamaica.  Don’t fall for this scam.

Scam of the day – February 17, 2015 – Billion dollar international bank hacking

February 17, 2015 Posted by Steven Weisman, Esq.

Russian cybersecurity company, Kasperky Lab issued a report yesterday disclosing what may well be the biggest bank hacking in history.  The hacking of more than 100 banks in the United States, Japan, Switzerland, the Netherlands and primarily Russia was accomplished by a criminal group called the Carbanak cybergang composed of Russians, Chinese and Europeans who through advanced malware installed on the computers of the targeted banks permitted the hackers to infiltrate the computers of the banks’ employees in charge of cash transfer systems and ATMs.  They then installed a remote access tool (RAT) on these employees’ computers that enabled the hackers to see everything done on these employees’ computers with the goal of mimicking the look of legitimate transactions when the hackers activated electronic transactions and programmed ATMs to dispense money at specific times to steal as much as a billion dollars over the last two years.

TIPS

As of today, no bank has admitted that it was one of the affected banks.  This makes fighting similar attacks more difficult, which is one reason President Obama has recently been advocating for a law to mandate public disclosure of such security breaches by financial institutions.  An important aspect to this hacking that has been often overlooked in some early reporting of the story is that although the malware used to perpetrate this crime is amazingly sophisticated, the planting of the sophisticated malware into the computers of the targeted banks was accomplished by old-fashioned phishing emails that lured the bank employees to click on infected link.  Everyone including companies, governments and private individuals have got to do a better job of not clicking on links no matter how legitimate they may appear until you have confirmed that they are indeed legitimate. Remember my motto, “trust me, you can’t trust anyone.”

Scam of the day – February 16, 2015 – Turbo Tax scam update

February 16, 2015 Posted by Steven Weisman, Esq.

As I reported to you previously, earlier this month following a rash of fraudulent state income tax filings using Turbo Tax software in nineteen states, Turbo Tax temporarily suspended electronic state income tax filings through Turbo Tax.  Although the matter is still under investigation, it does not appear that Turbo Tax was hacked.  More likely it is that identity thieves who already obtained the Social Security  numbers of their victims were using Turbo Tax’s convenient software to file fraudulent return in which they claim phony refunds.  On the federal level, this is a 5.2 billion dollar problem annually.  Now, enterprising identity thieves are sending out phishing emails that appear to be sent by Turbo Tax in which the email recipient is told that there is a problem with the person’s electronically filed income tax return and that they need to click on a link and provide personal information in order to rectify the problem.  This is a scam that is intended either to lure the victim into downloading keystroke logging malware that will steal personal information from the victim’s computer or other electronic device and use that information to make the person  a victim of identity theft or to lure the victim into providing the personal information directly to the identity thief posing as Turbo Tax.

TIPS

Whenever you get an email or a text message either asking for personal information directly or instructing you to click on a link, you should not respond until you have absolutely confirmed that the email or text message is legitimate.  Making a counterfeit email look official is child’s play so even if the communication looks legitimate, you should not trust it.  The better course of action is to contact the company directly at a telephone number, email address or website that you know is legitimate to confirm whether the original communication was legitimate.  Scammers and identity thieves always take advantage of the latest public concerns to convince people to provide information used to make them victims of identity theft.

Scam of the day – February 15, 2015 – President Obama’s Executive Order on cybersecurity

February 15, 2015 Posted by Steven Weisman, Esq.

In an effort to help combat cybercrime, President Barack Obama has issued an Executive Order encouraging and promoting information sharing both within the private sector as well as between the private sector and the government.  It has long been known that such information sharing about cyberthreats is an important step in the battle against cybercrime, data breaches and hackers.  The Department of Homeland Security will take the lead in establishing Information Sharing and Analysis Organizations (ISAOs) including setting up voluntary standards for these organizations.

TIPS

Although this is a very promising first step that will undoubtedly aid in the battle against cybercrime, data breaches and hackers, it is only a first step.  When looking for a helping hand to protect yourself from cybercrime and hackings, the best place to look is still at the end of your own arm.  We all must recognize that each of us is responsible for following best practices to protect ourselves as best we can from cybercrime and hackings.  We cannot rely on either government or private industry to do the job for us.  One of the reasons I write Scamicide each day is to arm you with the knowledge you need to protect yourself as best you can from threat of cybercrime and hackings.

Scam of the day – February 13, 2015 – Valentine’s day scams

February 13, 2015 Posted by Steven Weisman, Esq.

Tomorrow is Valentine’s day, which is a very important day to many people including scammers and identity thieves who always manage to find an opportunity in whatever is going on to scam you out of your money.  There are many Valentine’s day scams, but the most prevalent are phony florists, online dating scams, phony Valentine’s day electronic greeting cards and delivery scams.

Scammers set up phony florist websites or send you an email purporting to be from a local florist with a great deal you merely have to click on to in order to save a great deal of money on flowers.

Online dating scams are plentiful with most revolving around quickly professing true love for you and then asking for money.

Electronic greeting cards are a great way to send a Valentine’s day card at the last minute when you forgot to get one ahead of time, but phony electronic greeting cards can be filled with malware and if you click on the link to open the card, you will infect your computer or other electronic device with malware that will steal your personal information and use it to make you a victim of identity theft.

A common delivery scam operating on Valentine’s day involves a delivery of a gift basket of wine and flowers to you, however the person delivering the gift basket requests a small payment, generally five dollars or less, as a delivery fee because alcohol is being delivered.  The person delivering the basket will only accept a credit card as payment.  When you turn over your credit card, the scammer then takes down the information and runs up charges on your credit card.

TIPS

Never trust an online florist or other retailer until you have checked them out to make sure that they are valid.  Otherwise, you might be turning over your credit card information to a scammer.  It is also important to remember, as I constantly warn you, that you can never be confident when you receive an email, particularly one with a link in it or an attachment to download, if the person sending you the email is who they claim to be.  Clicking on links sent by scammers can download keystroke logging malware on to your computer or other electronic device that will, in turn, enable the identity thief to steal personal information from your computer and use it to make you a victim of identity theft.  Always confirm the legitimacy of an email or text message before clicking on links contained in the message.

As for online dating scams, of course you should be wary of anyone who immediately indicates he or she is in love with you and then asks for money.  Some other telltale signs of an online romance scam include wanting to communicate with you right away on an email account outside of the dating site, claiming to be working abroad, asking for your address and poor grammar which is often a sign of a foreign romance scammer.  Many romance scams originate in Eastern Europe.

Never trust an online greeting card, particularly if it does not indicate from whom it is being sent.  Be very wary of a card sent by “an admirer.”  Even if you recognize the name, confirm that it was really sent from that person before you click on the link and open the card.

In regard to the delivery scam, there is no special delivery charge for alcohol so if someone requires a payment for such a delivery and on top of that won’t accept cash, merely decline the gift.

Happy Valentine’s day and be safe.

 

Scam of the day – February 12, 2015 – Anthem hacking lawsuits filed

February 11, 2015 Posted by Steven Weisman, Esq.

Although the disclosure of the hacking and data breach at Anthem, the country’s second largest health insurance company was only disclosed eight days ago, the first lawsuits alleging negligence on the part of Anthem in failing to take proper steps to protect the personal data on the as many as 80 million Anthem customers were filed in Indiana, California, Alabama and Georgia.  It now appears that the actual hacking was first detected by Anthem on January 27th, but started as early as December 10th.  Once again, as is the pattern with so many major data breaches, it appears that the hackers gained access to Anthem’s, what have been reported to be, unencrypted data bases through phishing emails that tricked five Anthem employees  into either providing their passwords or clicking on malware loaded links that stole the passwords from the Anthem employees’ computers.

TIPS

Many companies are just not doing enough to protect their sensitive data including personal information of their customers.   There are many steps that companies can and should be taking including greater encryption of data, employee education about phishing and limiting of access to information from off-site computers.  Whether companies need to be prompted by lawsuits or legislation, the problem is so significant that companies must take action now to better protect themselves from hacking.

As for we, the customers, all we can do is try to limit as best we can the personal information provided to the companies with which we do business (your doctor, does not need your Social Security number) and monitor our financial and medical dealings for signs of identity theft.  Putting a credit freeze on your credit reports at each of the three major credit reporting agencies is another good step to take in order to reduce your risk of identity theft.  You can find information about how to put a credit freeze on your credit reports here on Scamicide in the archives.

Scam of the day – February 11, 2015 – BMW vulnerable to being hacked

February 11, 2015 Posted by Steven Weisman, Esq.

Regular readers of Scamicide will remember that I have written much about the Internet of Things and the problems it poses for scams and identity theft.  As more and more products and devices include a convenient connection to the Internet that permits, for instance, people to remotely control the heating and cooling systems in their homes, the problem of criminals hacking into these devices for illegal purposes has increased dramatically.  Unfortunately, as many of these products, including our cars, are having Internet capabilities built into the products, not enough care has gone into developing proper security.  A German automobile club has discovered a security vulnerability in BMW’s Connected Drive system, which could be exploited to unlock several models of BMW cars.

In addition, earlier this week, Massachusetts Senator Edward Markey’s office issued a report that determined that the efforts of automakers around the world to prevent hackers from gaining control of cars electronically were “inconsistent and haphazard.”  Further, Markey concluded that most automakers did not even have systems for either detecting security breaches or responding to those breaches.

TIPS

Fortunately, BMW will be remotely sending out 2.2 million software patches to correct this security flaw by adding https encyption to the car’s electronic communications that will prevent the car from accepting connections from servers without the appropriate security certificate.  I expect that we will be hearing much more about the vulnerability of the Internet of Things in the months ahead.  As consumers we should ask the makers of any Internet connected product or device that we use about the security precautions they are taking and what we should be doing.