Scam of the day – January 22, 2015 – Tarrish Tellis convicted of income tax identity theft

January 22, 2015 Posted by Steven Weisman, Esq.

We are just at the start of the income tax identity theft season;  income tax identity thieves file early (and often) in order to get their fraudulent income tax returns to the IRS before the victim files his own legitimate income tax return.  The theory behind income tax identity theft is simple and effective.  The identity thief steals someone’s Social Security number and then files a phony income tax return using that Social Security number with phony W-2s or 1099s that can fool the IRS into sending a large, fraudulent refund.  It doesn’t help matters that the IRS still does not match the legitimate W-2s and 1099s sent by employers with those filed by tax filers until late in the summer, long after theirs has sent refunds, but that is another story.

Tarrish Tellis was recently convicted of filing fraudulent income tax returns and stealing more than $700,000 from the IRS through fraudulent refunds obtained as a result of the phony tax returns.  Tellis obtained the Social Security numbers and names of 700 victims from an employee of the Alabama Medicaid State Agency.  Tellis is scheduled for sentencing on April 15th.


The two best things you can do to protect yourself from income tax identity theft are to keep your Social Security number as safe, secure and private as possible and file your income tax return as early as possible to beat the identity thief to the punch.  As shown by the fact that the victims in this case became victims through no fault of their own, but due to the criminal acts of an employee of an agency that had access to their personal information, it is once again abundantly clear that we are only as safe as the places that hold our personal information with the worst security.

Scam of the day – January 21, 2015 – Mailbox identity theft

January 20, 2015 Posted by Steven Weisman, Esq.

Identity theft can be high tech, low tech or, as in the case of Tulsa, Oklahoma native Peter Thomas, distinctly no tech.  Thomas had personal and financial information stolen from mail contained in his mailbox at the apartment complex where he lives.  I have often warned people about the danger of having your mail, such as credit card bills or bank statements stolen from your personal mailbox.  In addition, many people put themselves in great danger of identity theft by putting their outgoing mail in their mailbox and put up the red flag to alert the postman that there is mail to be picked up.  Unfortunately, that is also an alert to identity thieves cruising the neighborhood of mail to be easily stolen.

In the case of Peter Thomas, his mailbox should have been secured as it was locked, however, the locking systems of mailboxes in apartment complexes are often not particularly secure.


In order to avoid becoming a victim of identity theft through your mailbox, you should make sure that it is securely locked so that it is not easily accessed by your friendly neighborhood identity thief and when it comes to outgoing mail, don’t put it in your mailbox for your postal carrier to pick up regardless of how convenient it may be to do so.  In fact, identity thieves have been known to steal mail from the U.S. Postal Service mailboxes found on the corners of major streets so, in order to be safe, you should mail your outgoing mail at the post office.   It may seem like this is being a bit excessive when it comes to protecting your mail, but remember, even paranoids have enemies.

Scam of the day – January 20, 2015 – Apple phishing scam

January 20, 2015 Posted by Steven Weisman, Esq.

I receive the same phishing emails that you do and so when I do get one, I like to pass on a warning to everyone.  Today’s scam email came with “Please confirm your identity” on the subject line.  The email purported to be from Apple and, like all phishing emails, its goal was to lure the victim into either directly providing personal information or to get the potential victim to click on a link in the email that will download keystroke logging malware that would enable the identity thief to steal personal information from the victim’s computer or other electronic device.  Unlike many other phishing emails which are easy to spot because the email address from which it is sent carries the email address of an unwary computer user whose email account has been hacked and used as a part of a botnet to send out these phishing emails, this one came from a legitimate appearing email address of “”  However, as you can see from the email, which is reproduced below, the email itself hardly reads as a legitimate communication from Apple nor did it contain any logo or appear official.  If I had clicked on the link where it indicates “Verify Now” I would have either been prompted to provide personal information that would be used to make me a victim of identity theft or, as I indicated earlier, I would have downloaded keystroke logging malware that would steal that and other information from my computer and use it to make me a victim of identity theft.  Here is a copy of what I received.  DO NOT CLICK ON THE LINK.

“The following information for your Apple ID was updated on

Shipping and/or billing address

Please confirm your identity today or your account will be Disabled

due to concerns we have for the safety and integrity of the Apple Community.

To confirm your identity, we recommend that you go to:

Verify Now >”


Because you can never be sure when you receive an email that asks for personal information or requires you to click on a link for whatever reason that the email is legitimate, the only course of action to follow is to not click on the link or provide any information in direct response to the email.  In this case, it was obvious that this email was a scam so I just ignored it.  If, however, you have any thought that the email might be legitimate, you should merely go directly to the real website of the company or person sending you the email or call them on the phone at a number that you know is legitimate to confirm whether or not the email is legitimate.

Scam of the day – January 19, 2015 – University employee payroll scam

January 19, 2015 Posted by Steven Weisman, Esq.

The Internet Crime Complaint Center, known as IC3 has issued an alert warning about a spear phishing scam aimed at university employees around the country.  It starts with an email addressed specifically with the name of the intended victim.  The email looks official and appears to have been sent by the Human Resources Department of the college or university where the intended victim works.  The email informs the potential victim that there has been a change of the employee’s status and that the employee is required to click on a link contained in the email that takes the employee to a website that appears to be that of the Human Resource Department for the college or university where the victim works where the employee is prompted to input information.  The website is  counterfeit.  The scam is a ruse intended to obtain the login information of the potential victim.  Once this information is provided to the scammer, he or she then logs on to the real Human Resources Department page and changes the bank account information for where the employee’s check is deposited so that the school sends the victim’s check to a bank account controlled by the identity thief.  In addition, since many people use the same user name and password for all of their accounts, the scammers may also attack other accounts of the victim.


Although the IC3 warning deals specifically with university and college employees, this scam works just as well with any company that pays their employees through direct deposit so everyone who is paid through a direct deposit should be aware of this scam.  Remember my mantra, “trust me, you can’t trust anyone.”  Never click on links in emails unless you are sure they are legitimate.  In many instances, by clicking on the link, you are unwittingly downloading malware on to your computer or other electronic device.  You also should never provide personal information in a reply to an email.  Confirm whether or not the request for personal information is legitimate and even then, go directly to a website for the company or other institution that you know is legitimate to provide such information.  Finally, as I have warned you many times, (sorry to be a nag) use a unique password for all of your accounts so that if your password from a particular account is jeopardized, your other accounts are still safe.  This is not as difficult as it might seem.  In my book “Identity Theft Alert,” I provide instructions as to how to pick easy to remember, strong passwords.

Scam of the day – January 18, 2015 – Adobe, Mozilla and Microsoft security updates

January 18, 2015 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  Today’s updates are critical updates from Adobe relating to the Flash Player, Mozilla Firefox vulnerabilities and eight vulnerabilities in Microsoft Windows, which are essential for maintaining your online security.


Here are links to the necessary updates as provided by the Department of Homeland Security.

Scam of the day – January 17, 2015 – Ghana Johnson indicted for income tax identity theft

January 17, 2015 Posted by Steven Weisman, Esq.

Recently, an Ohio woman, Ghana Johnson was indicted on federal charges related to income tax identity theft in which she is accused of filing 106 phony income tax returns and claiming $476,000 in phony refunds using stolen Social Security numbers and falsified W-2s and other income records.  She is accused of obtaining the Social Security numbers and other personal information primarily through stealing the admission records from a medical and dental assistant school in Cleveland as well as through holding herself out as a legitimate tax preparer and thereby gaining information from family members, friends and others who she cheated.


With the start of the year, income tax identity theft will shortly be in full swing because income tax identity thieves rush to file phony returns before the legitimate taxpayers whose information they have stolen file their own legitimate returns.  It is for this reason that the earlier you file, the safer you will be from income tax identity theft.  Income tax identity theft is a multi-billion dollar crime that is only getting worse and due to IRS budget cuts and failure to enact sufficient security measures can be expected to be worse this year.  Things you can learn from this particular case are to limit, as much as possible, the places that hold your personal information, particularly your Social Security number and make sure that any tax preparer you use is legitimate.

Scam of the day – January 16, 2015 – Airlines frequent flier accounts hacked

January 16, 2015 Posted by Steven Weisman, Esq.

American Airlines and United Airlines both have recently announced that last month frequent flier accounts for thousands of their customers were hacked by identity thieves stealing miles to book free trips and upgrades.  Although the hacking occurred in December, the airlines are just now notifying affected customers.  Both affected airlines have informed the victims of the hackings that their stolen miles will be restored to their accounts.   It is important to note the important distinction that the computers of American Airlines and United Airlines were not hacked, but rather individual accounts of customers whose usernames and passwords has somehow been obtained by the identity thieves to gain access to their frequent flier accounts.


The lesson of this scam is one that I have previously mentioned many times, namely, you should use complex usernames and passwords and, most importantly, have different usernames and certainly different passwords for all of your accounts.  Otherwise you are at risk for all of your online activities from banking to retail purchases if someone manages to steal just one account’s username and password.  I have written extensively about how to pick a difficult to steal, but easy to remember password many times before, but one tip is definitely worth remembering.  Pick a phrase, such as “IDon’tLikePasswords” and you can use this complex and strong password which has symbols, small letters and capital letters and then strengthen it further by adding a couple of exclamation points at the end to read “IDon’tLikePasswords!!” and then use it as a base password that you distinguish with a few letters for each account.  So, for example, if the password were to be for your American Airlines frequent flier account, you could make the password “IDon’tLikePasswords!!AM.”

Scam of the day – January 15, 2015 – Identity thieves buy cars and breast implants

January 15, 2015 Posted by Steven Weisman, Esq.

As a result of a joint investigation by Houston police and federal postal inspectors, four people, Joel Cruz, Darion Wells, Devante Ruffin and Jamonte Booker have been arrested and charged with operating an identity theft ring and using the stolen identities to buy twelve luxury automobiles worth $485,136 as well as breast implants for two of the identity thieves, Devante Ruffin and Jamonte Booker.  According to police, the scam started when two of the accused while attempting to lease an apartment noticed a storage facility on the property that contained unsecured boxes of old paper leasing records for the complex.  Police say the accused identity thieves stole the boxes and used the personal information contained in the records to start their crime spree.  When they were apprehended, the accused identity thieves had information on as many as thousands more people from these stolen rental records that they had not yet used.


This is another example of the fact that regardless of how good you are at keeping your personal information safe and secure from identity thieves, you are only as safe as the places that have your information with the weakest security.  Companies should review their stored records and shred documents with personal information that is no longer needed.  We, as consumers should request that companies that have our personal information store it securely and destroy the records of our personal information when it is no longer needed.

Scam of the day – January 13, 2015 – President Obama proposes legislation to combat identity theft

January 13, 2015 Posted by Steven Weisman, Esq.

Yesterday, in a speech at the Federal Trade Commission, President Obama urged the passage of the Personal Data Notification and Protection Act, which would set a national standard requiring companies that have been hacked and suffered data breaches to notify affected customers within thirty days of learning of the breach.  Presently, there is no federal standard although 48 states have varying laws that apply to notifications by companies suffering data breaches.  This was the first of a number of speeches involving cybersecurity that the President will be giving leading up to his State of the Union address in which he is expected to make this topic a major part of his speech.  Although this seems like a good first step toward greater cybersecurity, some consumer advocates are concerned that a new federal standard may not be as strong as that provided by some states and that the federal law could preempt these more protective state laws.


Cybersecurity has got to be made a greater priority by both business and government, however, regardless of what is done in this regard by private industry and the government, it is important to remember that if you are looking for a helping hand, the best place to find it is at the end of your own arm.  We cannot solely rely on corporations and government to protect our privacy and security.  We all must do the best we can to protect ourselves from identity theft and maintain our privacy as best we can.  You can find many specific tips on how to do this in my book “Identity Theft Alert” which can be ordered from Amazon by clicking on the link on the right hand side of the page.