Scam of the day – November 14, 2017 – Utility Scam Awareness Day

Scams involving utility bills for electric, water or gas services have long been popular with scammers.  Utilities United Against Scams, a consortium of more than 100 American and Canadian utility companies has designated tomorrow, November 15th as Utility Scam Awareness Day.

In one version of the scam, potential victims receive telephone calls purportedly from their utility company informing them of a special company promotion for which they are eligible.  They just need to provide some personal information.

In another version, potential victims are called on the phone and told that their utility service will be terminated for non-payment unless they pay by credit card or prepaid cards such as iTunes cards over the phone.

In a third version of this scam, potential victims receive an email that has a link to take them to their bill.

All of these are scams.  In the first, there is no special promotion and the victim ends up providing personal information that leads to identity theft. In the second, the victim is coerced into giving their credit card or prepaid card information  to a scammer and in the third, merely by clicking on the link to go to the phony bill, the victim ends up downloading keystroke logging malware or ransomware that can lead to identity theft or worse.

TIPS

You can never be sure when you get an email or a telephone call if it is really from a legitimate source.  Email addresses can be hacked to appear legitimate and even if you have Caller ID, a scammer can use a technique called “spoofing” to make it appear that the call is from a legitimate caller.

Trust me, you can’t trust anyone.  Never provide personal or financial information to anyone in response to a telephone call, text message or email until you have independently confirmed that the communication was legitimate.  In the case of a utility bill, merely call the number on the back of your bill and you will be able to confirm whether or not the communication was legitimate.  Also, never click on links unless you have confirmed that they are legitimate.  The risk is too great.  It is also important to remember that no legitimate utility company will require you to immediately pay your bill over the phone with a prepaid card such as an iTunes card.

Scam of the day – November 13, 2017 – FTC settles charges with online tax preparation service

Between October of 2015 and December of 2015, cybercriminals were able to hack into the accounts of almost 9,000 customers of legitimate online tax preparation service TaxSlayer Online.  The hackers used the information gathered in the data breach to make TaxSlayer Online’s customers victims of income tax identity theft and obtained phony tax refunds using the names and information of their victims.

The Federal Trade Commission (FTC) brought legal action against TaxSlayer for it failure to secure the data of its customers and other security related violations.  Among the more serious charges were that TaxSlayer Online failed to notify its customers when a change was made of the bank account to which their tax refund would be sent.

TaxSlayer Online has come to a settlement with the FTC pursuant to which it will be taking extensive security steps to prevent such data breaches in the future.

TIPS

This case again emphasizes the fact that we are only as safe as the places with which we do business that have the worst security.  So what should we be doing to help keep ourselves safe?  First and foremost, everyone should use a unique password for each and every online account that you have.  It is not that difficult to do.  In addition, whenever you can, use dual factor authentication.  With dual factor authentication, you receive a one time code by way of your smartphone each time you go to your online account. Although this may seem like an inconvenience.  It is extremely useful and not terribly time consuming.

Scam of the day – November 12, 2017 – New online employment scam

I have been warning you about employment related scams for years and today’s scam represents the most recent incarnation of scams that involve seeking employment.

Searching for a job online has become the norm for many people seeking employment and there are many legitimate online employment websites such as Careerbuilder.com and Monster.com, however, merely because an ad for a job appears on a legitimate website does not mean that the job is for real.  It may be just a scam seeking either personal information to make you a victim of identity theft, your money or both.  Do not assume because you see an ad for a job on a legitimate employment website that the ad is legitimate.  Although Career builder.com, Monster.com and other online employment agencies do their best to screen their ads, they can’t be even close to perfect.

In the newest variation of the scammer, the scammers will  first do research on their victims and read their resumes.  They then contact the victim and offer them a job, but tell  the victim that he or she will need to purchase some equipment and pay a fee for training.  A check is sent to the victim to pay for the equipment.  The unwary victim deposits the counterfeit check and get provisional credit from his or her bank before the check is discovered to be counterfeit which can take weeks.  At this point the funds are taken back from your account by your bank, but meanwhile the money you have wired as instructed to the scammer is lost forever.

TIPS

Never spend money to apply for a job.  Legitimate employers do not require fees.  Google the address, telephone number and name of the company to see if they match what you have been told.  Don’t send a resume with personal information, such as your Social Security number that can be used to make you a victim of identity theft.  If an ad appears to be from a company that you know is legitimate, confirm by a telephone call to the real company’s HR department that the ad you are answering is legitmate.  A legitimate company will eventually need your Social Security number, but not early in the process.  Make sure that you have confirmed that the job is legitimate before providing this information.

In regard to this particular scam, you should investigate the company thoroughly before agreeing to anything and never consider a check as being legitimate until it has fully cleared.

Scam of the day – November 11, 2017 – New Netflix phishing email

The popularity of Netflix makes it a preferred subject for phishing emails sent to people appearing to come from Netflix in which you are told you need to update your credit card information or asking for other personal information.   As recently as September 24th I warned you about a new Netflix phishing email and now there is an even newer one being circulated that requires you to provide your personal information including your credit card number or else your account will be suspended.  Reproduced below is a copy of the email presently being circulated.  It looks legitimate, but it is easy to counterfeit the Netflix logo and make the email appear to be legitimate when it is not.  Two things can happen if you click on the link in the email.  Either you will be directed to a phony but legitimate looking website where you will be prompted to input your credit card information and thereby turn it over to an identity thief or, even worse, merely by clicking on the link, you will download keystroke logging malware that can steal all of the information from your computer and use it to make you a victim of identity theft.

Screen Shot 2017-11-03 at 11.23.26-1.png

TIPS

As I always say, “trust me, you can’t trust anyone.”  You can never be truly sure when you receive an email seeking personal information such as your credit card number whether or not the email is a scam.  The risk of clicking on a link or providing the requested information is just too high. Instead, if you think that the email might be legitimate, you should contact the company at a telephone number that you know is legitimate and find out whether or not the email was a scam.

As for Netflix in particular, it will never ask in an email for any of your personal information so anytime you get an email purportedly from Netflix asking for your credit card number, Social Security number or any other personal information, it is a scam.  Here is a link to Netflix’s security page for information about staying secure in regard to your Netflix account.  https://help.netflix.com/en/node/13243

Scam of the day – November 10, 2017 – Veterans’ Day scams

Tomorrow, November 11th is Veterans’ Day, a day we set aside to honor those who have served our country and to whom all Americans owe a debt of gratitude.  However, for scam artists, tomorrow is just another opportunity to take advantage of the best intentions of people and steal their money.  People will be receiving telephone calls that purport to be from various veterans’ organizations or charities seeking donations when, in fact, many of these calls will be from scammers seeking to steal money under false pretenses.

Other scams related to Veterans’ Day will occur when veterans receive telephone calls purporting to be from the Veterans’ Administration asking for personal information necessary to verify or update the information of the VA.  Of course, the call is not from the VA and the request for personal information is merely to gather that type of information in order to make the veteran a victim of identity theft.

TIPS

Even if you are on the federal Do Not Call List, which is a good thing to be on if you wish to avoid telemarketers, you are legally able to be called by charities.  The problem is that whenever you receive a call purporting to be from a charity, you have absolutely no way of knowing if you are being contacted by a legitimate charity.  You also cannot know, without doing some research, whether the particular veterans’ charity that may be contacting you is legitimate or not.   As I often advise you, never give personal information such as credit card information to anyone over the phone if you have not made the call.  If you are considering a gift to a particular charity, first check out the charity with www.charitynavigator.org to make sure that the charity is legitimate and then get the address from charitynavigator.org for the charity, if it is legitimate,  so that if you wish to make a gift, you can make it directly to the charity.

As for calls that you may receive purporting to be from the VA or any other governmental agency requesting information, you should never provide information over the phone to anyone because, as I indicated above, you can never be sure if the caller is who he or she says they are.  In this case, you should contact the particular agency at a telephone number that you know is accurate to confirm whether or not the request for personal information was legitimate or not.  Most of the time, the call will turn out to be a scam.

Scam of the day – November 9, 2017 – Car wrap scam resurfacing

Reports are resurfacing of increased instances of the car wrap scam which has been around for a few years.  We have all seen car wraps, which are advertisements for a company wrapped around a car.  For someone looking for some money in return for very little effort, this may seem like a match made in heaven.  But if you are not careful, it could be a match made in scam hell.

Car wrapping is actually legitimate, which is part of the problem.  Scammers exploit legitimate advertising through car wraps by either putting an ad on the Internet or contacting you through a mass email in which they seek people to have their car’s used for advertising through this technique called shrink wrapping.  Unsuspecting victims respond to the advertisement and are sent a check for  more than the amount that the victim is owed.  The victim is instructed to deposit the check in his or her bank account and wire the rest back to the company.  This is where the scam comes in.  The check that the scammer sends you is a counterfeit.  However, unfortunately, the money that you wire the scammer comes right out of your bank account and is almost impossible to retrieve.  This scam of sending you a check for more than what you are to be paid is used in many other scam variations.

TIPS

Always be wary if someone asks you to wire money to them as a part of a business transaction.  Scammers do this all the time because it is quick and almost impossible to stop.  In addition, even if you get what appears to be a certified check and wait a few days for the check to clear, you will still be out of luck because it takes weeks for a check to fully clear.  Banks are required by law to give you conditional credit after a few days, which means that if the check turns out to be a counterfeit, the credit is removed from your account and if you have, in turn, made checks or wired funds from you account assuming the check was legitimate, you are out of luck and  your own money.  A check sent to you by someone with whom you are doing business for whatever purpose that is more than the amount you are owed that comes with a request for you to send the overpayment amount back is a scam.  Don’t fall for it.

Scam of the day – November 8, 2017 – New banking malware threat uncovered

Researchers at Cisco Talos have recently uncovered a new method cybercriminals are using to trick people into downloading a strain of malware called Zeus Panda which steals banking information from the victim’s computer and uses it to steal from their bank accounts.

The first step in the process used by the cybercriminals was to come up with a long list of search phrases that people would use when they would search for banking information on search engines, such as Google.  They then used compromised web servers and Search Engine Optimization (SEO) tactics to make sure that the phrases appear high on a search engine search page.  Next the cybercriminals would use infected links that appear in compromised legitimate business websites appearing in the search to redirect the unwary victim to a malicious website where the victim would be prompted to download a document, open the file and click “Enable Editing” which  ultimately downloads the malware that steals banking and other sensitive information to be used by the cybercriminals.

TIPS

This scam is just another reason why it is important to remember my motto, “trust me, you can’t trust anyone.”  Merely because a website comes up high in a search engine search on Google or any other search engine does not mean that it is legitimate.  Companies and servers must constantly monitor themselves to make sure that they are not compromised, however, the key for us as consumers is to follow the rule of never downloading attachments or enabling macros unless we have absolutely confirmed that they are legitimate.  While many people know not to click on unverified links, few people think to confirm attachments from trusted websites before downloading them because they may be infected.

Scam of the day – November 7, 2017 – Another email scam

Reproduced below is another email scam similar to the infamous Nigerian email scam.  This email which is presently being circulated preys on the vulnerability and greed of its victims by promising money for nothing or in this case, a small fee.

Although it may seem that the Nigerian email scam began in the era of the Internet, the basis of the scam actually goes back to 1588 when it was known as the Spanish Prisoner Scam.  In those days, a letter was sent to the victim purportedly from someone on behalf of a wealthy aristocrat who was imprisoned in Spain under a false name.  The identity of the nobleman was not revealed for security reasons, but the victim was asked to provide money to obtain the release of the aristocrat, who, it was promised would reward the money-contributing  victim with great sums of money and, in some circumstances, the Spanish prisoner’s beautiful daughter in marriage.

Today’s scam of the day is just another variation of the Nigerian letter scam.   Although generally you are told initially that you need to contribute little if anything financially to the endeavor, you soon learn that it is necessary for you to contribute continuing large amounts of money for various reasons, such as fees, bribes, insurance or taxes before you can get anything.  Of course, the victim ends up contributing money to the scammer, but never receives anything in return.

Here is a copy of the email, I recently received:

ATTENTION, I ‘M CONTACTING YOU NOW BASE ON ISSUE IN MY OFFICE THIS MORNING BECAUSE YOUR PAYMENT FILE WHICH CONTAIN YOUR $4.5M WAS BROUGHT TO ME BY THE BANK OF AFRICA HERE IN BENIN REPUBLIC WHO ORDERED ME TO SIGN THE CANCELLATION OF YOUR ALWAYS INSULT HIM BECAUSE THEY TOLD YOU TO PAY $69 TO RECEIVE YOUR FUND. SO I DECIDED TO WRITE YOU BECAUSE I FOLLOWED THE LAW AND I WILL NOT BE AGAINST ANYBODY IN THIS WORLD AND I THINK THAT MAYBE HE HAS A LITTLE PROBLEM WITH YOU. I HAVE NOT TOUCH YOUR PAYMENT FILE UNTIL I HEAR FROM YOU THIS MORNING BECAUSE I HAVE A HUMAN SYMPATHY. SO MY DEAR I NEED TO KNOW WHAT HAPPENED AND IF YOU STILL NEED TO RECEIVE YOUR FUND THEN I WILL TELL YOU WHERE YOU WILL SEND THE $69 AND HAVE THIS FUND SEND TO YOU THROUGH MY POWER. YOUR URGENT REPLY IS NEEDED. THANK,S CHIEF JUSTICE frank williams

TIPS

This is a simple scam to avoid.  It preys upon people whose greed overcomes their good sense.  The first thing you should ask yourself is why would you be singled out to be so lucky to be asked to participate in this arrangement.  Since there is no good answer to that question, you should merely hit delete and be happy that you avoided a scam.  As with many such scams, which often originate outside of the United States, the punctuation and grammar are not good.

Many people wonder why cybercriminals and scammers send out such ridiculously obvious scam letters that anyone with an ounce of sense would recognize as a scam, but that may be intentional on the part of the scammer because they don’t want to waste their time with people they would have to work hard to convince.  Those who respond to such obvious scam letters are more likely to quickly fall prey to the scam.

Scam of the day – November 6, 2017 – FTC and State Attorneys General act on student loan scams

More than forty-two million Americans have student loans with an outstanding balance of more than 1.4 trillion dollars so it is no surprise that scammers are focusing their attention on these students and former students through scams that falsely promise to provide debt relief.

Now the Federal Trade Commission, working with the Attorneys General of eleven states, has initiated what it cleverly calls, Operation Game of Loans to jointly target these scams.   Some scammers promise dramatic reductions of debt of 50% or more in return for upfront fees of between $500 and $2,500.  Often these scam companies have names that make it appear that they are endorsed by the federal government.

TIPS

The old adage still is true.  If it sounds too good to be true, it probably isn’t true.  Many of these student loan debt relief scammers promise quick loan forgiveness, which is unrealistic.  In addition, you should never pay any upfront fees for student loan debt relief assistance.  That is a sign of a scam.  Also, remember my motto, “trust me, you can’t trust anyone.”  Don’t trust scammers who may be using names that sound like they are affiliated with the government.

For information you can trust about federal student loan repayment option, go to https://studentaid.ed.gov/sa/repay-loans .  There you can learn about loan deferments, forbearance, repayment and loan forgiveness programs and there is never an application fee.  If you owe private student loans, contact your loan servicer directly.

Scam of the day – November 5, 2017 – New Google bug bounty program

As I have reported to you for more than a year, various companies and even federal agencies, such as the Department of Defense offer “bug bounties” to vetted hackers who are able to identify vulnerabilities in their software,web pages and computer networks.  Google and Facebook have long made cash payments to independent hackers, sometimes called white hat hackers to distinguish them from the criminal black hat hackers, who identified vulnerabilities in their computer code.  Generally, these bounties are between $500 and $15,000.  Google has paid out millions of  dollars in bug bounties since the program was started in 2010.

Now Google is offering a new bug bounty program focused on Android apps found in the Google Play Store.  Google is also particularly interested in flaws that may be present in Dropbox, Duolingo, Snapchat, Tinder and Alibaba.  The bounty is $1,000 for every flaw that meet Google’s criteria.

TIPS

This is a positive strategy for businesses and  government to follow to enhance cybersecurity.  As for us as individuals, the best things we can do to protect our cybersecurity is to keep our anti-virus and anti-malware software up to date on all of our electronic devices and refrain from clicking on links or downloading attachments in all forms of electronic communication until we have absolutely confirmed that the communications are legitimate.  Otherwise, the risk of downloading malware is too great.