Scam of the day – October 18, 2016 – Update on Home Depot data breach settlement

October 17, 2016 Posted by Steven Weisman, Esq.

As I reported to you last year, in March of 2015 a settlement was reached between Home Depot and the plaintiffs in a class action on behalf of the 56 million victims of Home Depot’s massive data breach which occurred between April and September of 2014.  The settlement provides for a 13 million dollar fund to reimburse victims for out of pocket losses incurred  with an additional 6.5 million dollars being set aside for legal fees and other related expenses.  You are eligible to receive payments through the settlement if you used your credit or debit card at a self checkout lane at Home Depot between April 10, 2014 and September 23, 2014 and your card information was stolen.  You also are eligible for a payment if you received notification that your email address was compromised or if you specifically received a settlement notice informing you that you are a member of the class action.  Payments of as much as $10,000 will be made to claimants who suffered out of pocket losses and unreimbursed charges as a result of the data breach.  In addition, affected shoppers can receive payments of $15 per hour for time spent remedying the problems they encountered as a result of the data breach.

Similar to the major data breach at Target which occurred a year earlier, Home Depot’s computers and credit card processing equipment were hacked when a third party party vendor’s computers were hacked thereby enabling the hackers to steal the passwords necessary for the third party vendor’s to access Home Depot’s computers.  As an additional part of the settlement Home Depot committed to make greater efforts at data security.


If you were affected by this data breach, you must file a claim and the deadline for filing a claim is October 29th which is rapidly approaching.  Here is the link to go to in order to file a claim.

However, even if you were not a victim of this particular data breach, it is important to remember that we are only as safe as the places with which we do business that have the weakest security. Greater use of EMV smart chip credit cards will reduce the effects of data breaches aimed at gaining credit card and debit card information, but many stores still have not shifted over to the new equipment required to process EMV smart chip credit cards.  However, whenever you can, you should use your EMV chip card.

Also, do not use your debit card for retail purchases.  Limit its use to ATMs.  There are strong laws to protect you from fraudulent use of your credit card, but the laws protecting you from liability in the event of fraudulent use of your debit card are not as strong and you potentially risk losing your entire bank account to which the card is attached.  In addition, even if you report the fraudulent use of your debit card immediately, your bank will freeze your account while it investigates the breach which can be very inconvenient if you need immediate cash or have bills automatically paid from your account.

Scam of the day – October 17, 2016 – Tech support scam

October 16, 2016 Posted by Steven Weisman, Esq.

I have been reporting to you about tech support scams for years, however as with many scams, this one keeps evolving into new forms although the ultimate goal is still the same.  At its essence, the scam involves being contacted purportedly by Microsoft or Apple in some fashion, either by telephone call or in its most recent incarnation by a pop up ad on your computer telling you that problems have been detected on your computer that need to be remedied immediately.  In the case of the latest tech support scam which is now the subject of a legal action by the Federal Trade Commission (FTC) against  five companies, as well as the three men behind the scams, Rajiv Chhatwal, Ruinder Kaur and Neeraj Dubey, the pop up ads often include loud alarms or recorded announcements warning you of dire circumstances.  The ads prompt you to call a toll-free number which leads you to a call center in India where the scammers pose as representatives of Apple or Microsoft.  Under this version of the scam they then ask for remote access so that they can diagnose the problem.  Once they have remote access to your computer, they show their victims innocuous screens and directories on their computers which the scammers say are dangerous malware requiring immediate repair for which they charge between $200 and $400 and provide you with nothing of value.


Neither Microsoft nor Apple will contact you by way of such pop up ads offering tech support for which you will be charged.  It should be noted, however, that Microsoft does regularly issue software security updates, but they do this in automated updates if you have provided for this service or on its website.  If you receive this type of pop up ad purporting to be from Microsoft or Apple and have any thought that it might be legitimate, you should merely contact Microsoft or Apple directly at a telephone number you know is accurate to confirm the pop up was a scam.

Scam of the day – October 16, 2016 – FTC shuts down telemarketing scam

October 16, 2016 Posted by Steven Weisman, Esq.

At the request of the Federal Trade Commission (FTC), a temporary restraining order has been issued by a judge in the Federal District Court for Arizona temporarily shutting down the operation of a telemarketing scam in which three people, utilizing numerous corporations,  lured people into investing thousands of dollars in purported  e-commerce websites.  The scammers targeted older people and veterans from whom they stole millions of dollars with promises of huge profits and fraudulent misrepresentations that the investments were “risk free” and totally guaranteed,   The scammers charged by the FTC are Susan Rodriguez, Matthew Rodriguez and William “Matt” Whitley who did business under the names “Titan Income, ” “Wyze Money,” “Prime Cash,” and “Building Money.”  As alleged by the FTC, the entire operation was a scam and the victims received neither profits nor their investments back when they requested refunds.  The next step in the case against these defendants will be a hearing to replace the temporary restraining order with a more permanent preliminary injunction to stay in affect during the litigation.

Many of the victims of this scam were on the Do Not Call List, which should have been an initial indication to the victims that the “business opportunity” was a scam because calling them to offer a business opportunity was already a violation of the law.


Never invest in anything until you have had a chance to do diligent research into the particular investment.  You should be particularly wary of investment “opportunities” that come your way through unsolicited telemarketers.  Also, the federal Business Opportunity Rule, which was ignored by  the defendants in this case, requires that before you invest in any business opportunity you are provided with a one-page disclosure that provides important facts about the business.  In addition  if, as in this case, you are told how much money you can make, you are required to be given another document with greater details.  For more information about the Business Opportunity Rule, the disclosures you should receive and claims that may not be made by people soliciting investments you can go to this link from the FTC.

Scam of the day – October 15, 2016 – Phony kidnapping scam resurfaces

October 15, 2016 Posted by Steven Weisman, Esq.

I have been warning you about phony kidnapping scams for three years, but recently there has been a resurgence of this particular scam targeting the parents of college students in Virginia, California, Texas, Arizona and elsewhere.

The scam starts with a telephone call informing the person answering the phone that a child or other relative has been kidnapped and if they do not respond by wiring money right away, the relative will be killed.  As with so many scams, we are often our own worst enemy and this scam is no exception.  In many instances, the scammers gather personal information about the intended scam victims from information that the intended victims  or members of their families post on social media.  Armed with this personal information, a scammer can describe the supposed kidnapped victim or provide personal information that would make it appear that indeed they actually do have the person in their custody.  Commonly the ransom demanded is between $600 and $1,900 according to the FBI.


Always be skeptical if you receive such a call.  Never wire money to anyone for anything unless you are totally convinced that what you are doing is legitimate because unlike paying for something with a credit card, once your wired funds have been sent, they are impossible to get back.  Talk to the alleged kidnapper as long as possible, thereby giving someone else with you the time to call  or text the alleged kidnap victim on his or her smartphone.   If the purported kidnapping victim is a young child, call the school to confirm that he or she is safe.   You also could ask the kidnapper to describe your relative as well as provide information, such as his or her birth date, which could be found on a driver’s license, however, it is important to remember that much of this kind of information may be available through social media or elsewhere on the Internet.

Many of these kidnapping scams are originating in Puerto Rico or Mexico so be particularly skeptical if you receive the telephone call from Puerto Rico area codes 787, 939 or 856.  Also be wary of calls from Mexico where the area codes which are quite numerous, but can be found by clicking on this link.

Scam of the day – October 14, 2016 – 1.5 million dollar bounty offered for iPhone hacking

October 14, 2016 Posted by Steven Weisman, Esq.

I have reported to you many times about the “bug bounty” programs used by private companies such as Google and Facebook as well as, more recently, the Department of Defense which offer a “bug bounty” to vetted hackers who are able to identify vulnerabilities in their web pages and computer networks. Private companies, such as Google and Facebook have long made cash payments to independent hackers, sometimes called white hat hackers to distinguish them from the criminal, black hat hackers, who identify vulnerabilities in their computer code.  Generally, these bounties are between $500 and $15,000, however, Google has doubled the reward that it will pay anyone who finds a flaw in the security of its Chromebook to $100,000.   Google has paid out more than six million dollars in bug bounties since the program was started in 2010.  Apple, which had long resisted paying bounties to people finding the worms in their Apples announced  last summer that it will pay $25,000 to people who find vulnerabilities in its digital compartments and into its customers’ data, $50,000 for identifying bugs enabling hackers to gain access into iCloud data and a whopping $100,000 to anyone who finds vulnerabilities in Apple’s firmware.

Private security companies also pay bounties for discovering software flaws in the products we use.  Recently, Zerodium tripled the amount it had previously been offering for hackers who can identify previously undiscovered vulnerabilities in iPhones and iPads to 1.5 million dollars.  Companies like Zerodium make their money by selling their information to governments as well as private companies.  Earlier this year, the FBI paid a million dollar bounty to a security company that provided them with a way to hack into the encrypted iPhone of one of the San Bernadino terrorists.


Bug bounties are a positive strategy for businesses and  government to enhance cybersecurity.  Facebook even paid a bounty to a ten year old Finnish boy.  Although the ten year old white hat hacker used his talents for good, the fact that a ten year old boy has the technological sophistication to identify and exploit vulnerabilities in commonly used software programs should give us all a bit of  concern.  As for us as individuals, the best things we can do to protect our own cybersecurity is to keep our anti-virus and anti-malware software up to date on all of our electronic devices and refrain from clicking on links or downloading attachments in all forms of electronic communication until we have absolutely confirmed that the communications are legitimate.  Otherwise, the risk of downloading malware is too great.

Scam of the day – October 13, 2016 – Vera Bradley stores hacked

October 13, 2016 Posted by Steven Weisman, Esq.

Luggage and handbag manufacturer, Vera Bradley announced yesterday that its retail stores suffered a data breach in which credit card numbers, customer names, card expiration dates and verification codes for customers who used credit and debit cards at its stores between July 25th and September 23rd were stolen by criminals who hacked into the company’s payment processing equipment.  Vera Bradley was notified of the data breach by law enforcement on September 15th.  Generally, breaches like this are discovered when a pattern for stolen credit cards being sold on the Dark Web where criminals buy and sell stolen credit cards indicates a common source or when the card issuing banks notice a pattern of fraudulent use traceable back to a single common denominator, namely the victims all shopped at a particular store.  Vera Bradley could have avoided this data breach had it switched over to EMV chip cards instead of continuing to use the old-style magnetic strip credit cards which are so much more susceptible to theft through data breaches.

Unlike most companies that suffer such data breaches, Vera Bradley is not offering free credit monitoring at this time.


If you were a customer at a Vera Bradley store between July 25th and September 23rd, you should go online right away to monitor use of your credit card or debit card.  It is a good policy not to use your debit card for retail purchases because you have less protection under the law for unauthorized use.  Further, even if you report fraudulent use of your debit card immediately to your bank, your bank account to which the card is tied will be frozen and inaccessible to you while the bank investigates the matter.  Use your EMV chip card whenever possible and even if you were not a shopper at Vera Bradley, you should regularly monitor your credit card statement online so that you can discover any fraudulent use early.  Finally, be wary of any emails or text messages you may get that appear to be from Vera Bradley that require you to provide personal information.  Scammers often take advantage of data breaches such as this to send phishing emails to lure people into providing personal information they can use to make you a victim of identity theft.

For more information about Vera Bradley, you can go directly to its website at

Scam of the day – October 12, 2016 – Latest updates from Department of Homeland Security

October 11, 2016 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  These new updates from the Department of Homeland Security include critical new updates to Adobe Flash and ten Microsoft updates. I have been warning you for years about flaws in Adobe Flash that have been exploited by hackers and identity thieves against individuals, companies and government agencies including the U.S. State Department and the White House.  Problems with Adobe Flash are nothing new.  In 2010 Steve Jobs vociferously complained about its security and it has routinely been cited as being extremely vulnerable.  Despite security patch after security patch, new problems keep coming up.  It appears that just as companies retire certain programs when it is just too difficult to patch them, this may well be the time for Adobe to retire Flash and if it doesn’t, you should consider retiring it yourself and replacing it with another plugin that performs the same function, but is safer.


Here are the links to  lists of all of the recent security updates as posted by the Department of Homeland Security: and and

Some alternative plugins you may wish to consider to replace Adobe Flash include  GNU Gnash, and Silverlight.  Silverlight can be downloaded free directly from the Microsoft at this link: while GNU Gnash can be downloaded free at this link:

Scam of the day – October 11, 2016 – FTC refunding 20 million dollars to victims of “free” credit monitoring scam

October 10, 2016 Posted by Steven Weisman, Esq.

Following the settlement of lawsuits brought by Illinois, Ohio and the Federal Trade Commission (FTC) against One Technologies, a company that offered free credit monitoring and then without the knowledge or assent of its customers charged them $29.95 per month for the “free” service, the FTC is now sending out refunds checks to victims of the scam.  One Technologies marketed their scam through at least fifty websites using the names MyCreditHealth, Score Sense,, and  One Technologies paid for advertising on Google, Bing and other search engines so that their advertisements would appear near the top of the page when searching for free credit reports and similar terms.


For specific information about the refunds, go to the top of this page to the tab entitled FTC Scam Refunds.  People interested in getting a free copy of their credit reports from each of the three major credit reporting agencies, Experian, Equifax and TransUnion should remember that the only government authorized way to access your credit reports free is by going to  Many companies offer what appear to be free credit reports, however, if you read the fine print, you may find that, as in this case, you are unwittingly signing up for a continuing service.  When signing up for any free service, you should never provide your credit card number.  Sometimes scammers lie to you by saying that they need your credit card number merely for confirmation purposes.  Finally, it is important to remember that merely because a company appears high on the page in a search engine inquiry, does not mean that the company is legitimate.  It may only mean that the company either paid for the spot, as One Technologies did, or the company is adept at manipulating the algorithms used by the search engines to determine placement.  It does not mean that the company has been checked out to be legitimate.

Scam of the day – October 10, 2016 – Hurricane Matthew charity scams

October 9, 2016 Posted by Steven Weisman, Esq.

While Hurricane Matthew has caused serious damage on the South Coast of the United States, the utter devastation caused by this storm in Haiti, where hundreds of people died as a result of the storm, has been so much worse.   This kind of natural disaster brings out the best in us as many people are quick to make donations to charities to help the survivors of the storms and the families of the victims.  This kind of natural disaster also brings out the worst in scammers  who are quick to take advantage of the generosity of people by contacting them posing as charities, but instead of collecting funds to help the victims of the storms, these scam artists steal the money for themselves under false pretenses.   Charities are not subject to the federal Do Not Call List so even if you are enrolled in the Do Not Call List, legitimate charities are able to contact you.  The problem is that whenever you are contacted on the phone, you can never be sure as to who is really calling you so you may be contacted either by a phony charity or a scammer posing as a legitimate charity.  Similarly, when you are solicited for a charitable contribution by email, you cannot be sure as to whether the person contacting you is legitimate or not.


Never provide credit card information over the phone to anyone whom you have not called or in response to an email.  Before you give to any charity, you may wish to check out the charity with where you can learn whether or not the charity itself is a scam.  You can also see how much of the money that the charity collects actually goes toward its charitable purposes and how much it uses for fund raising and administrative costs.  Here is a link to with a list of a number of highly rated charities helping in the Haitian relief. 

October 9, 2016 – Steve Weisman’s latest column from USA Today

October 9, 2016 Posted by Steven Weisman, Esq.

October is National Cyber Security Awareness month.  Cyber security is something about which we should all be aware.  Here is a link to my latest column from USA Today in which I discuss some simple steps you can take to increase your cyber security.