Scam of the day – March 17, 2015 – ATM skimmer using criminal convicted

March 16, 2015 Posted by Steven Weisman, Esq.

Recently, Dinu Horvat was convicted of a host of charges including conspiracy to commit bank fraud and aggravated identity theft in regard to a scheme in which he installed skimmers on ATMs and hidden cameras to observe people using the ATMs as they input their PINs. Skimmers are small devices that can read a credit or debit card and capture the information on the card for the criminal to use.  They may be installed on an ATM or a gas pump or any other device into which you directly swipe your credit card or debit card Horvat installed these devices on ATMs in New Jersey, Connecticut and Florida.  Along with his accomplices, twelve of whom have already pleaded guilty to charges related to the scam, he managed to steal more than five million dollars from the accounts of thousands of customers.  Horvat will be sentenced in June and faces a maximum prison sentence of thirty years.

TIPS

So what can you do to protect yourself?  The first line of defense is to always check the particular ATM you are using for evidence of tampering such as loose fitting pieces in the slot where you insert your card.  This could be evidence of the installation of a skimmer.  Also, cover your hand as you input your PIN.  Also, feel around the keypad to make sure that plastic covering has not been placed over the keypad, as this is another way that scammers obtain your PIN.  These plastic covers can have electronic sensors to steal your PIN.  However, the best thing you can do is probably to regularly monitor your account balance online so that if you become a victim of identity theft due to an identity thief getting access to your account through an ATM, you can limit the damage and report it to the bank immediately.  It is not very comforting to know that no matter how careful you are, banks with less than appropriate ATM security put you in jeopardy, but that, unfortunately, is a fact of modern life.

Scam of the day – March 16, 2015 – Hacking group threatens Kanye West

March 16, 2015 Posted by Steven Weisman, Esq.

Anonymous is the name of an association of international hackers who have been characterized by some as cyberterrorists and by others as modern day Robin Hoods.  Since 2003 they have hacked into websites and social media accounts of their adversaries, a group that includes major corporations, such as PayPal and MasterCard and Sony; government agencies of the United States and other countries as well as ISIS and child pornography sites.

Now, through a recently released  video which you can view here https://www.youtube.com/watch?v=tibphZYyODo  they have targeted Kanye West as “a direct message to our brother, Mr. West to teach him a lesson on humility, and responsibility, over his out of control hypocritical and impulsive actions.”  They went on to cite numerous examples of West’s behavior including his recent actions at the Grammy awards when he stormed the stage once again to interrupt Beck’s acceptance speech as he had done at a previous Grammy awards where Taylor Swift received an award West deemed inappropriate.  The 7 minute Anonymous video ended with “Our tolerance with your arrogant and distasteful behavior to gain attention online has reached its end.”

TIPS

In many instances for all of us, our vulnerability to having our electronic lives hacked is beyond our control because so much information that can be used to gain access to our various online accounts as well as to make us victims of identity theft is available in data banks that are accessible either legally or illegally through hacking, however, we do not have to make it easy for hackers and identity thieves.  Using strong passwords, strong security questions, dual factor authentication when possible and limiting the places as much as possible that hold our personal information can help considerably in keeping us safe.  If the celebrities whose nude photographs had used dual factor authentication, their photos would have remained secure.  Also, it is important to keep all of your electronic devices up to date with the latest anti-malware and anti-virus software.

Scam of the day – March 15, 2015 – Kansas woman victim of criminal identity theft

March 14, 2015 Posted by Steven Weisman, Esq.

One of the little discussed, but very serious aspects of identity theft occurs when your identity is stolen by someone who then commits a crime using your name.   A recent incident involving Raquel Clark of Wichita, Kansas illustrates this problem.   Ms. Clark was arrested and spent four days in jail recently for crimes committed by a woman who stole Clark’s identity, created phony IDs and used those IDs when she was picked up on criminal charges in the past.  Once authorities were able to confirm that Raquel Clark was not the woman whom both Kansas and Texas law enforcement were seeking, she was released, but not until four days had gone by.

TIPS

If you find that someone has committed crimes with your stolen identity, clear the matter up as quickly as possible with the District Attorney and then get a letter from the DA that you can carry with you at all times so that if you are stopped by a law enforcement officer, such as for a simple automobile violation, you will be able to show that you are not a criminal although such information may still, in some instances, come back to appear on your record.  You can find more detailed information about criminal identity theft in my book “50 Ways to Protect Your Identity in a Digital Age.”

Scam of the day – March 14, 2015 – Latest Security updates from the Department of Homeland Security

March 13, 2015 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  The recent discovery and then patching of the FREAK vulnerability is a good example of how important it is to update your software with the latest security patches as soon as possible.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  Users of the affected programs should make sure that they update their software with these latest security patches as soon as possible.

TIPS

Here is the link to the Department of Homeland Security software updates: https://www.us-cert.gov/ncas/bulletins/SB15-069

Scam of the day – March 13, 2015 – Latest developments in the Sony hacking and data breach

March 13, 2015 Posted by Steven Weisman, Esq.

Nine former employees who had filed individual lawsuits against Sony in December and January in response to the massive hacking and data breach apparently done by North Koreans have joined together to file an amended class action lawsuit on their own behalf and on behalf of a large number of employees and former employees whose personal information was compromised in the massive data breach.  Among the new information contained in the civil complaint filed by the former employees is reference to a September 2014 audit done by PricewatershouseCoopers that indicated that Sony did not do an adequate job of monitoring its systems.  The complaint when on to also assert that Sony has yet to contact all of its former employees to inform them whether or not their information was among that stolen.  The lawsuit alleged that more than 47,000 Social Security numbers were taken in the data breach including 15,200 from present and former employees who worked for the company as far back as 1955.

TIPS

The hacking of Sony should be a wake-up call to all companies.  Despite Sony’s assertions that this was an unprecedented attack and that Sony had taken proper data security precautions, the facts do not support those assertions.  The list of Sony’s failings are many.  Data banks were not properly segregated.  The company was particularly susceptible to phishing attacks.  It retained personal information long after it was necessary and it kept an unencrypted file entitled “Passwords” with a compendium of passwords providing ready access to the hackers to sensitive information.  These are just a few of Sony’s failings.

The lesson to all of us as individuals is once again that we are only as safe as the places with the weakest security that hold our personal information.  It is also a warning to us all to limit, as much as possible, the places that do hold that information.  Many companies including medical providers, a particularly rich target of hackers recently, request your Social Security number as an identifying number although they have no real need for your Social Security number.  We all should resist providing our Social Security numbers to companies that request it unless they have  legitimate need for it.

Scam of the day – March 12, 2015 – Feds bring charges in one of largest data breaches in history

March 13, 2015 Posted by Steven Weisman, Esq.

Late last week, the Justice Department announced charges against two Vietnamese citizens living in the Netherlands and a Canadian for their roles in the hacking of at least eight email service providers throughout the United States between 2009 and 2012.  The accused hacker Viet Quoc Nguyen stole information including proprietary marketing data containing more than a billion email addresses, which Nguyen then exploited along with Gian Hoang Vu, another defendant by sending spam to millions of the email addresses. Nguyen and Vu received approximately two million dollars in commissions on sales generated by the spam that directed the recipients to the websites for numerous products.  The third defendant, David-Manuel Santos Da Silva was indicated on money laundering and other related charges.

TIPS

Gian Hoang Vu was arrested by Dutch law enforcement officers in the Netherlands in 2012 and was extradited to the United States in March of 2014.  Last month he pleaded guilty to conspiracy to commit computer fraud and will be sentenced in April.  David-Manuel Santos Da Silva was arrested in Florida in February and was arraigned last week.  Nguyen is still presently on the loose.

The investigations into this matter and the arrests of two of the three people accused is a good example of increase cooperation between not only American law enforcement agencies, but also those of foreign countries and is the type of concerted effort and cooperation it will take to effectively battle against international white collar computer crime.

Scam of the day – March 11, 2015 – Apple and Microsoft release FREAK security updates

March 11, 2015 Posted by Steven Weisman, Esq.

I have been reporting to you for about a week about the serious FREAK vulnerability that can be exploited by hackers to enable them to decrypt what people believe are safe and secure encrypted communications done through their computers and other electronic devices.  This vulnerability potentially puts millions of people in a position where their communications carrying sensitive information such as credit card information, passwords, credit card information and more could be intercepted by an identity thief who could use this information to make them victims of identity theft.  This vulnerability is similar to last year’s Heartbleed in that it is not malware installed by hackers, but merely a flaw that has existed in much used security software that has been around for years, but only discovered a few weeks ago, but which can be exploited by knowledgeable hackers.

Fortunately, along with a number of other security updates, Apple has just released a security patch to remedy the FREAK problem for Apple products.

Here is a link to the security patches.  If you are an Apple user, I urge you to install these security updates right away. https://www.us-cert.gov/ncas/current-activity/2015/03/09/Apple-Releases-Security-Updates-OS-X-iOS-and-Apple-TV

Additionally, here is a link to the latest Microsoft security patches for multiple Microsoft programs including patches for FREAK vulnerability:  https://technet.microsoft.com/en-us/library/security/ms15-mar.aspx

As always, when security updates and patches are issued, we will report them to you on Scamicide as they are released.  It is important to install the latest security updates for all of your software when they become available in order to protect your security and privacy on your computers and other electronic devices

Scam of the day – March 10, 2015 – Maker of Snuggies to pay 7.5 million dollars to FTC

March 10, 2015 Posted by Steven Weisman, Esq.

Direct marketer, Allstar Marketing Group, LLC, the maker of such familiar “as seen on TV” products as the Magic Mesh door cover, Cat’s Meow, Roto Punch, Perfect Tortilla, Forever Comfy and, of course, the famous Snuggie, a blanket with sleeves, agreed to pay 7.5 million dollars to the FTC to settle charges related to its deceptive and confusing “buy-one-get-one-free” promotions.  All marketers are required to clearly disclose all costs involved with the purchase of their products including processing fees and handling fees.  According to the FTC, Allstar had been cheating consumers since 1999 using a confusing “buy-one-get-one-free” promotion than failed to clearly disclose the real cost whereby a consumer would not be aware of undisclosed processing and handling fees that would considerably raise the cost of the purchase.  In addition, the FTC alleged that Allstar would use misleading automated voice prompts when customers purchased items by phone that would result in the consumers not only paying more than they realized for products, but even charge consumers who hung up during the call thinking they were not making a purchase.

TIPS

The FTC and the New York Attorney General’s office worked jointly on this matter.  The New York Attorney General’s office will receive an additional $500,000 as part of the settlement in addition to the 7.5 million dollars paid to the FTC.  The funds paid to the FTC will be refunded to defrauded consumers.  As soon as details are finalized in regard to how the refunds will be processed, I will report that information to you.

In addition to their television advertising, Allstar also used a website to sell its products online.  The same fraudulent tactics were used although in some instances, the charges were actually disclosed in fine print at the bottom of the page.  As I always say, there is little that is fine about fine print, but it is critical that you make sure you understand what is in the fine print before ever buying a product or service.

Scam of the day – March 9, 2015 – FREAK update

March 9, 2015 Posted by Steven Weisman, Esq.

I reported to you last week about the disclosure of the serious FREAK vulnerability that can be exploited by hackers to enable them to decrypt what people believe are safe and secure encrypted communications of their computers and other electronic devices.  This potentially puts you in a position where your communications carrying sensitive information such as credit card information, passwords, credit card information and more could be intercepted by an identity thief who could use this information to make you a victim of identity theft.  This vulnerability is similar to last year’s Heartbleed in that it is not malware, but merely a flaw that has existed in much used security software that has been around for years, but only discovered a few weeks ago.  Efforts to come up with patches to correct the flaw are moving ahead and some temporary solutions have been offered by Google and Microsoft.

TIPS

Here are some helpful links.

This is the link to the Department of Homeland Security’s most recent update on the problem.  http://www.kb.cert.org/vuls/id/243585

This is the link to the Microsoft Security Advisory regarding FREAK.  https://technet.microsoft.com/library/security/3046015.aspx

Finally, here is a link to a website that has a lot of helpful information about the extent of the problem and the present status of patches and updates.  https://freakattack.com/  By going to this website in your browser, you will find out at the top of the opening page of the website whether or not your browser is affected.

 

Scam of the day – March 8, 2015 – FTC announces new Robocall Contests

March 8, 2015 Posted by Steven Weisman, Esq.

We have all received those annoying robocalls with the voice of an actual person, such as “Rachel” from cardholder services, but without a real person on the line. Robocalls are recorded, computer generated mass phone calls that contain a variety of enticing offers, such as a lower mortgage rate, lower credit card interest or a better automobile warranty. Illegal robocalls are easy to spot.  If you receive a robocall, it is illegal.  Federal law prohibits recorded sales messages unless you have given your specific written permission to receive them.  Only politicians, charities and poll taking researchers are allowed to use robocalls.

TIPS

The very fact that you are receiving a robocall indicates that the caller is acting illegally so why should you expect their offer to be anything close to legitimate.  Hang up immediately.

The Federal Trade Commission (FTC) has just announced two new robocall contests in an effort to get help from the public in its battle to stop robocalls.  Contestants will compete in the development of a new honeypot which is the term for an information system that can be used to gather and analyze robocalls.  One of the two contests has a $25,000 top prize and as many as two honorable mention awards of $10,500 each.  You can find information about the robocall contests at www.challenge.gov in the section entitled “Robocalls:  Humanity Strikes Back.”