Scam of the day – July 14, 2014 – Chinese hackers steal information from Federal Office of Personnel Management

July 14, 2014 Posted by Steven Weisman, Esq.

Hacking of American companies by Chinese hackers is not particularly startling as it is going on all of the time, however the federal government is now admitting that back in March Chinese hackers were able to hack into the data bases of the Office of Personnel Management and gain access to personal information on thousands of government workers.  What is particularly troublesome is that the Office of Personnel Management manages a program called e-QIP where federal employees who are seeking security clearances must provide much personal information including personal financial data.  It is not known what the purpose of the hacking was and whether or not it was government sanctioned or not.  What is known is that, just as the hacking into the computers of the United States Department of Energy last week, showed, government databases are just as vulnerable as those of private companies.

TIPS

So what does this mean to you?

First and foremost if you are someone whose information was maintained by the Office of Personnel Management you should be on heightened alert for identity theft.  You should check your credit report with each of the three major credit reporting agencies, Equifax, TransUnion and Experian.  You also would be wise to put a credit freeze on your credit reports at each of the three major credit bureaus to prevent someone with personal information about you from gaining access to your credit report and utilizing your credit.  You can find a detailed explanation of credit freezes along with instructions for getting one in the right hand column of the first page of Scamicide.  As for the rest of us, this is yet another lesson that you are only as safe from identity theft as the places with the weakest security that hold personal information about you.  Whenever possible limit the amount of personal information held by companies and governmental agencies with which you do business.  Also, do not leave your credit card number on file with any retailer with which you do business regularly.  It may be convenient to do so, but it increases your risk of identity theft if the company is hacked and your data is compromised.

Scam of the day – July 13, 2014 – Bank of Hawaii text message scam

July 13, 2014 Posted by Steven Weisman, Esq.

Recently many residents of Hawaii have been receiving a text message that appears to come from the Bank of Hawaii informing them that their accounts have been blocked or suspended or their lines of credit have been reduced.  They are also told in the text message to call 857-453-3714 and enter their account number and PIN in order to rectify the situation.  This is a  phishing scam and anyone providing that information to the scammer would end up becoming a victim of identity theft and having their accounts emptied.

TIPS

Regardless of how official such a text message may appear, you should never provide personal information to anyone in response to a telephone call, email or text message because in none of those situations can you be sure that the person contacting you is legitimate.  If you do receive a communication from a bank, government agency or any other person or entity that you think might have a legitimate need for personal information from you, you should call the real entity at a telephone number that you know is legitimate in order to ascertain the truth.  Banks do not call, text or email their customers asking for personal information.  You should always be skeptical of anyone asking for such information.  As  I always say, “trust me, you can’t trust anyone.”  This particular scam involved the Bank of Hawaii, but this scam is constantly being done around the country using the names of other banks.  As for those of you in Hawaii who may have fallen for this scam.  You should contact the real Bank of Hawaii at 888-643-3888 or by email at icare@boh.com for help.

Scam of the day – July 12, 2014 – Russian hacker arrested

July 12, 2014 Posted by Steven Weisman, Esq.

Earlier this week Roman Valerevich Seleznev, a Russian national was arrested in Guam by federal law enforcement officers.  He is charged with hacking into cash register systems at various retailers in the United States during the years 2009 through 2011.  According to his indictment, Seleznev would scan the computers of retailers throughout the United States looking for vulnerabilities which he would exploit through malware that he would interject into the computer systems of these vulnerable retailers, which would capture credit card data which Seleznev would then sell online to other criminals.  The Secret Service says that he stole the data from more than 200,000 credit cards and made more than two million dollars selling this card data on black market websites.  Presently he is being held in custody in Guam and will have his next day in court in two weeks.  Complicating the situation is that Seleznev is the son of a prominent Russian politician.  The Russian government is calling the arrest an illegal kidnapping.

TIPS

What does this arrest mean to you and me?  It is more of a reminder of how large the problem is.  Hacking into retailers at point of sale terminals in stores has become a relatively easy task to accomplish and not only is it easy to accomplish, it does not even have to be done at the store.  It can be done totally over the Internet by hackers anywhere in the world.  Credit card fraud is worse in the United States than in most of the rest of the world because we still have not adopted the smart card technology by which credit cards carry a computer chip that issues a new identifying number every time it is used which makes the stealing of the number used at any particular transaction worthless.  The hacking of point of sale terminals will be an exercise in futility when we finally start using smart cards in large numbers.  However, it is not expected that this will be done in the United States until October of 2015 when through a change in the rules governing credit card usage, companies whose point of sale terminals are hacked will be responsible for data thefts.  Until that time, the best you can do is to refrain from using your debit card for retail purchases so that your bank account is not at risk in a hacking attack.  You also should monitor your credit card’s use regularly to note any fraudulent use so that you can limit the damage.

Scam of the day – July 11, 2014 – Latest critical software security patches

July 11, 2014 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always identifying and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates provide critical security updates for a number of important software programs which we all use which if not used will put you in serious jeopardy of identity theft and being hacked.

TIPS

Here is a link to the latest security update from the Department of Homeland Security that contains links to many important software programs including various Apple products: https://www.us-cert.gov/ncas/bulletins/SB14-188

Here is a link to a recently released security update from Adobe.  Adobe products have been frequent targets of identity thieves and hackers so it is important to maintain your Adobe software up to date with the latest security patches: https://www.us-cert.gov/ncas/current-activity/2014/07/08/Adobe-Releases-Security-Updates-Flash-Player-and-Air

Here is a link to the latest Microsoft security update which includes patches for a number of important programs including Internet Explorer: https://www.us-cert.gov/ncas/current-activity/2014/07/08/Microsoft-Releases-July-2014-Security-Bulletin

Here is a link to the latest Cisco updates: https://www.us-cert.gov/ncas/current-activity/2014/07/09/CISCO-Addresses-Apache-Struts-2-Vulnerability

 

Scam of the day – July 10, 2014 – Indiana passes law to protect children from identity theft

July 10, 2014 Posted by Steven Weisman, Esq.

Children have become a ripe target of identity thieves and with good reason.  Armed with a Social Security number of a child, an identity thief can establish credit in the name of the child, abuse that credit with little chance that the child or his or her parents will become aware of the identity theft until the child reaches an age where they may be applying for financial aid for college or applying for a car loan.  It is only then that the child and his or her family become aware that the child’s credit report has been corrupted which can create substantial problems for that child, not only in obtaining a loan, but in getting a job, insurance, renting an apartment, getting a loan or in the many other areas where a credit report is used.  For adults, credit reports can be frozen such that even if someone has that person’s Social Security number and other identifying information, the person’s credit report cannot be accessed and used for fraudulent purposes, however except in a handful of states, the credit reports of children cannot be frozen.  Now Indiana has joined this small number of states that permit the credit reports of children to be frozen.  If your state does not have such a law, you should lobby your legislators to pass such legislation.

TIPS

Freezing a credit report is one of the most effective ways to prevent identity theft.  Unlike costly credit monitoring, which is often offered for free to victims of a data breach by the company whose data has been stolen, a credit freeze can actually stop forms of identity theft.  Credit monitoring merely tells you after the fact that you have been a victim.  It offers the same protection as someone who has just been hit by a truck while crossing the street and someone comes over to the victim lying in the road and informs him or her that he or she has been just been hit by a truck.  For instructions as to how to put a credit freeze on your credit report, go to the archives of Scamicide at the top of this page and type in “credit freeze.”

Scam of the day – July 9, 2014 – Spoofing scam

July 9, 2014 Posted by Steven Weisman, Esq.

Spoofing is a funny sounding word, but there is nothing funny about spoofing, which is the name for the scam tactic used by scammers by which they are able to fool your caller ID such that when you receive a call, it appears to come from a legitimate company, governmental agency, such as the IRS or even your own telephone number.  Sometimes the spoofed calls are automated robocalls in which you are asked for financial information in order to assist you in obtaining a lower interest on your credit card or some tempting ruse.  Other times there will actually be someone on the line purporting to be from a legitimate company or governmental agency.  Using either the carrot or stick approach, they either try to instill fear in you in order to lure you into providing personal information in order to avoid a problem with your bank, the IRS or some other entity or they use the carrot and try to entice you to provide your personal information in order to receive a prize or some other financial benefit.  In all cases you risk identity theft when you provide personal information by phone in response to any telephone call you receive.

TIPS

There are some basic precepts to remember to help protect you from being scammed by spoofed calls.  First, remember that your caller ID is not fool proof.  You cannot trust your caller ID to accurately inform you as to who is really calling you.  Second, the IRS does not initiate contact with taxpayers by email, text messages or phone calls so if you receive such a communication, you can be sure that it is a scam.  Third, robocalls are illegal except from charities or politicians so whenever you receive a robocall that purports to be from a company or governmental agency, you can be sure it is a scam.  You should never provide personal information to anyone over the phone whom you have not called.  If you ever receive a communication requesting personal information and you think it might possibly be legitimate, merely hang up and call the entity back at a number that you know is accurate and even then do not provide personal information unless there is a real need for it.

Scam of the day – July 8, 2014 – Gift card scam

July 8, 2014 Posted by Steven Weisman, Esq.

Many people are finding a tempting offer appearing in their email or as a text message.  In the communication you are told that you will receive a $50 gift card from a major company if you merely complete a short survey.  The survey looks official and the page has the official logo of a familiar company, however often what the scammers are seeking is personal information that can be used to make you a victim of identity theft.

TIPS

As I always say, “trust me, you can’t trust anyone.”  Merely because the text message or email appears to be official and carries a company’s logo does not make the communication legitimate.  It is very easy to copy a logo on to a text message or email and make the communication look official and legitimate when, in fact, it is a counterfeit and a scam.  No legitimate survey will ever ask for banking information, passwords, Social Security numbers, credit card information or banking information.  The only reason for asking for that information is to make you a victim of identity theft.  Finally, no company is going to be in a position to give everyone who completes a customer satisfaction survey a $50 gift card.  A legitimate company may enter you into a drawing to win such a card by completing a survey, but no company is giving away $50 gift cards to everyone.

Scam of the day – July 7, 2014 – Latest Apple and Cisco security updates

July 7, 2014 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates provide critical security updates for a number of important software programs which we all use which if not used will put you in serious jeopardy of identity theft and being hacked.

TIPS

Here is the link to the latest security updates as issued by the Department of Homeland Security:

https://www.us-cert.gov/ncas/current-activity/2014/07/02/Cisco-Releases-Security-Advisory-Unified-Communications-Domain

https://www.us-cert.gov/ncas/current-activity/2014/07/01/Apple-Releases-Security-Updates-OS-X-Safari-iOS-devices-and-Apple

Scam of the day – July 6, 2014 – Another AOL phishing scam

July 6, 2014 Posted by Steven Weisman, Esq.

Millions of people still use AOL and so scammers and identity thieves often send out phishing emails that appear to come from AOL, such as the one reproduced below.  The logo and format of this particular email that is presently circulating is quite poor.  Compare it to the excellent counterfeit phishing email I included in the Scam of the Day for Mary 31, 2014.  This one comes from an email address that has no relation to the company, AOL.  It does not contain any logo and it is not directed to the recipient specifically by name.  Like many similar scams, this one works by luring you into clicking on a link in the email in order to resolve an problem.  However, if you click on the link, one of two things will happen.  You either will be prompted to provide information that will be used to make you a victim of identity theft or by clicking on the link you will unwittingly download a keystroke logging malware program that will steal all of the information from your computer and use it to make you a victim of identity theft.   Here is how the email appears.  DO NOT CLICK ON THE LINK:

“Dear User,

Verify, to update your Premium Acc today

Service Team.

America Online”

TIPS

There are numerous reasons not to trust this email.  The email address from which it was sent has no relation to AOL.  It is not addressed to you personally.  It does not contain an AOL logo and the email is far too short and curt.  It is an obvious phishing email and its only purpose is to lure you into either providing personal information or downloading malware.  As I have warned you many times, never click on links or download attachments unless you are absolutely sure that the email is legitimate.  In this case, if you even had a slight thought that it might be legitimate, all you would have to do is to call the real AOL to learn that this was a phishing scam.

Scam of the day – July 5, 2014 – FTC accuses T-Mobile of cramming

July 5, 2014 Posted by Steven Weisman, Esq.

Cramming is the name for putting unauthorized third party charges on to a consumer’s telephone bill without the knowledge or approval of the consumer.  This has long been a problem with landline phones and recently has become a major problem with cellular service.  There are many ways that these unauthorized charges make their way to a victim’s phone, sometimes, consumers actually unknowingly sign up for premium texting services that may be for things such as flirting tips, horoscopes or celebrity gossip.  Whatever the source of the charges, they are fraudulent and typically cost about $9.99 per month and continue to appear for months without end.  This week the Federal Trade Commission (FTC) filed legal action against mobile carrier T-Mobile alleging that it earned hundreds of millions of dollars by knowingly participating in cramming of their customers’ accounts since 2009.  One particular problem with cramming in mobile accounts is that the bills can be so long that, according to the FTC, customers would not readily be able to identify unauthorized charges on their bills which can sometimes be as long as fifty pages and when found may not readily indicate what they are for.  The FTC gave the example of one unauthorized charge designated as “8888906150BrnStorm23918.”  T-Mobile strongly denies the charges and is fighting the legal action.

TIPS

Regardless of whether the specific legal charges against T-Mobile are  true or not, cramming is a large problem.  The first line of defense is to make sure that whenever you click on a link or enter a contest or ever provide personal information to anyone that you read the fine print to make sure that you have not unwittingly signed up for such a service.  The second thing to do is to make sure that you carefully review your landline and mobile phone bills each month and question any charges that are not clear to you or which you believe you did not authorize.