Scam of the day – July 21, 2016 – Hackers attack unpatched computers

July 21, 2016 Posted by Steven Weisman, Esq.

Recently it was disclosed by the security research firm Proofpoint that a twelve year old malware program known commonly as NetTraveler has been used by Chinese hackers against Russian and Eastern European targets exploiting a vulnerability in Microsoft Word designated as CVE-2012-0158.  This malware program enabled the hackers to infiltrate the computers of their victims who generally downloaded the malware as a result of clicking on links in spear phishing emails.  What is particularly significant about this cyberthreat is that this specific vulnerability was patched four years ago, but many people and companies have still not installed the patches necessary to defend against this particular malware thus leaving them needlessly vulnerable.  Similarly, ransomware, which has developed into a major threat to companies, governments and individuals by which their computer data is encrypted with the hacker threatening to destroy the data unless paid a ransom has turned into a huge worldwide problem.  However, the problem is somewhat bigger than it needs to be as some hackers are still using old ransomware programs for which security patches have already been issued, but failed to be installed by many companies, government agencies and individuals.

It is hard enough to defend yourself against the numerous zero day exploits which are the newer strains of malware exploiting vulnerabilities for which there are no existing security defenses.  Once discovered it can take thirty days or more for the security software companies to come up with a patch for the latest zero day exploits.  However,  no one should fall victim to a malware program for which there already exists a security patch.

TIPS

The solution to protecting yourself from various types of malware including ransomware is to first avoid them in the first place by avoiding spear phishing emails and text messages.  Don’t click on links unless you have absolutely confirmed that they are legitimate.  Installing anti-phishing security software is also advisable, but not totally effective so you should not entirely rely on it to screen all of your phishing emails. Secondly, you should install the latest security updates to all of your software programs as soon as they become available.  The best way to do this is to have updates installed automatically, but in any event, make sure you do not delay installing security updates and patches as soon as they become available.  Here at Scamicide we let you know when important new security updates are issued.

Scam of the day – July 20, 2016 – Baseball executive sentenced for hacking

July 20, 2016 Posted by Steven Weisman, Esq.

In July of 2014 I first reported to you about the hacking of the computers of the Houston Astros baseball team.   After a prolonged investigation, Christopher Correa of the St. Louis Cardinals pleaded guilty in January of 2016 to hacking the private online data base of the Astros called Ground Control that contained tremendous amounts of confidential data including scouting reports and statistics on baseball players.  At the time he did the hacking, Correa was the Director of Baseball Development for the St. Louis Cardinals.   Correa was fired by the Cardinals when he first became a suspect in the hacking of the Astros.  A current Astros employee had worked previously for the Cardinals and Correa was able to easily guess the password used by him to access Ground Control by merely using variations of the password the Astro employee had used when he worked for the Cardinals.  Armed with this password, Correa stole data from Ground Control for use by the Cardinals.  Correa has now been sentenced to 46 months in prison and ordered to pay restitution of $279,038.65.  Now that the criminal case against him is over, Major League Baseball is beginning its own investigation that could result in serious consequences for the Cardinals.

TIPS

Although this story reads like fiction, perhaps the biggest lesson for all of us from this story is the danger of using the same password or slight variations thereof for all of your accounts, which unfortunately is a habit that many people have gotten into.  Hackers will often steal passwords of customers from companies when they commit a data breach and then use those passwords for identity theft purposes at banks, brokerage houses and other companies where the victim can suffer substantial financial losses.  The best course to follow is to have a difficult to crack password that is unique for every account.

Scam of the day – July 19, 2016 – Another version of the Nigerian scam

July 19, 2016 Posted by Steven Weisman, Esq.

Today’s Scam of the day comes from the email of a Scamicide reader.   I am sure that the same email has been sent to many of you, as well.  This is just another version of the Nigerian email scam.  Although it may seem that the Nigerian email scam began in the era of the Internet, the basis of the scam actually goes back to 1588 when it was known as the Spanish Prisoner Scam.  In those days, a letter was sent to the victim purportedly from someone on behalf of a wealthy aristocrat who was imprisoned in Spain under a false name.  The identity of the nobleman was not revealed for security reasons, but the victim was asked to provide money to obtain the release of the aristocrat, who, it was promised would reward the money-contributing  victim with great sums of money and, in some circumstances, the Spanish prisoner’s beautiful daughter in marriage.

In the various versions of this scam circulating on the Internet today, you are promised great sums of money if you assist a Nigerian in his effort to transfer money out of his country.  Variations include the movement of embezzled funds by corrupt officials, a dying gentleman who wants to make charitable gifts or a minor bank official trying to move the money of deceased foreigners out of his bank without the government taking it.  The example below of the email  received by a Scamicide reader whose name I have crossed out involves “donating” money to the recipient of the email for charitable purposes.   Although generally, you are told initially in these scams that you do not need to contribute anything financially to the endeavor, you soon learn that it is necessary for you to contribute continuing large amounts of money for various reasons, such as various fees, bribes, insurance or taxes before you can get anything.  Of course, the victim ends up contributing money to the scammer, but never gets anything in return.

Here is a copy of the email recently received by a Scamicide reader:

“Dear  XXXXXX,

I got your details after an extensive on-line search Via (Network Power Charitable Trust) for a reliable person, I’m Mrs.Rose Duggan, 61 years old dying woman who was diagnosed for cancer about 4 years ago,I have decided to donate ($10,500,000.00) to you for charitable goals.Contact me if you are interested in carrying out this task, so that i can arrange the release of the funds to you.

Thank you and God bless you.
Mrs.Rose Duggan”

TIPS

This is a simple scam to avoid.  It preys upon people whose greed overcomes their good sense.  The first thing you should ask yourself if you receive such an email is why would you be singled out to be so lucky to be asked to participate in this arrangement.  Since there is no good answer to that question, you should merely hit delete and be happy that you avoided a scam.

Many people wonder why cybercriminals and scammers send out such ridiculously obvious scam letters that anyone with an ounce of sense would recognize as a scam, but that may be intentional on the part of the scammer because if someone responds to such an obvious scam, they are more likely to be gullible enough to fall prey to the scam.

Scam of the day – July 18, 2016 – Facebook cloning or spoofing

July 18, 2016 Posted by Steven Weisman, Esq.

Just last weekend, I received three “friend” requests on Facebook from people who were already Facebook friends of mine, which is an indication that someone had set up new Facebook pages in their names and was attempting to lure their friends into becoming friends with the hacker.  This scam is called either Facebook cloning or Facebook spoofing and the goal of the hacker is to get people to respond to the new friend request and then to lure the friends of the person whose Facebook page they commandeered to trust communications and postings from the cloned page in an effort to get them to click on links and download malware or ransomware or respond to emergency requests by sending money.

TIPS

There are many things you can do to protect yourself from this type of scam.  Scammers harvest information from social media to help them in their scams so the first thing you should do is to check to see if the public is able to see your posts.  Click on the padlock at the top right hand side of your Facebook page and click on “Who can see my stuff?”  It should say “friends,” but if it says “public” you should change that setting to “friends” to increase your privacy.

As for accepting friend requests, if you are already a friend of the person, don’t accept a second request.  Also, when accepting friend requests, don’t do it from the friend request email.  Instead go directly to your Facebook page from your browser and not from a link in the email because it could be a phishing scam seeking to steal your password or other information.

Finally, it is worth repeating that you should never trust any communication that contains a link until you have confirmed independently that the communication is legitimate.  The risk of malware in a link found in social media, a text message or email is just too great.

If your Facebook account has been cloned, here is a link that will take you to Facebook with tips as to what to do and how to report the problem.  https://www.facebook.com/help/174210519303259

Scam of the day – July 17, 2016 – Pokemon Go scam

July 17, 2016 Posted by Steven Weisman, Esq.

It hasn’t taken very long for the Pokemon Go app to become the most downloaded phone app in the United States and it is equally popular around the world.   As I am sure you all know, the Pokemon Go app uses the popular Pokemon characters from twenty years ago and has updated them into a virtual reality game and, using GPS, allows gamers to  go out in the real world with their smartphones and catch Pokemon characters in the blended real and virtual worlds.  Of course, anything this popular will be used in some fashion to scam people and Pokemon Go is no exception to this rule.

The Pokemon Go app is free.  Nintendo and Niantic Labs, the developers of the new Pokemon Go app make money when gamers use real money to buy virtual currency called PokeCoins which gamers can use to purchase items to enhance the game experience such as eggs which hatch rare Pokemon or incense to lure Pokemon to their location.  Scam artists, the only criminals we refer to as artists are sending people emails such as the following, attempting to lure their victims into paying them to continue playing Pokemon Go.

“We regret to inform you that due to the overwhelming response to our new Pokemon Go app and the need for more powerful servers we can no longer afford to keep your account as free.  Your account will be frozen in 24 hours if you do not upgrade.”

You are then told to sign up for the new upgraded version at a cost of $12.99 per month.  People signing up for the service risk not only losing money, but turning over passwords and other personal information to a scammer who can use that information to make you a victim of identity theft.

TIPS

So how do Erica and everyone else playing Pokemon Go protect themselves from these scams?  Here is a list of important steps to take.

  1.  Remember that Pokemon Go is a free app and Nintendo is not charging for upgrades.  Any notices you receive to the contrary are scams and should be ignored.
  2.  Install the updated version of the Pokemon Go app since the original version unintentionally invaded your privacy by providing full access to your Google account.
  3. Use a strong password and make sure that you don’t use the same password for your Pokemon Go account for any other account.
  4. Make sure that your smartphone is protected with security software and keep it up to date with the latest security patches.

July 16, 2016 – Steve Weisman’s latest column from USA Today

July 16, 2016 Posted by Steven Weisman, Esq.

With all of the uproar about Hillary Clinton’s email usage, I wondered how careful the rest of us are in our use of email. Here is a column I wrote for today’s edition of USA Today in which I describe how to safely and securely use email.

http://www.usatoday.com/story/money/columnist/2016/07/16/careless-emails-cybersecurity-clinton/86873874/

Scam of the day – July 16, 2016 – Google warning Gmail users about foreign hackers

July 16, 2016 Posted by Steven Weisman, Esq.

State sponsored hacking from countries such as China, North Korea and Russia pose a threat to everyone, but Google, which has for years been monitoring hacking attempts by foreign governments, is notifying Gmail customers when Google has reason to believe that their Gmail accounts are being targeted.  If Google finds that you have been targeted you will receive the following message that takes up your entire screen warning you of the danger and urging you to use the more security dual factor authentication.  In its warning, Google indicates that less than 0.1% of all Gmail accounts are targeted, however, it is important to note that this percentage translates into more than a million people who are in jeopardy.

Screen Shot 2016-04-01 at 3.52.40 PM

TIPS

As I have suggested many times, whenever you have the opportunity to use dual factor authentication, it is a wise choice to make because even if someone manages to steal your password or even trick you into providing it, as was the case with Jennifer Lawrence when she was convinced by a phishing email to provide her password to a cybercriminal who used it to access nude photos of her that she stored in the cloud, the hacker will not be able to access your email or other account because a special code provided to you through your cell phone is required whenever you wish to gain access to your account.

Finally, as I so often say, even paranoids have enemies so I urge you to err on the side of caution if you receive this type of notice and not necessarily trust it.  It could be a phishing communication from a cybercriminal luring you into clicking on a link which will either get you to provide personal information that can be used to make you a victim of identity theft or will download keystroke logging malware or ransomware.  The best course of action would be to merely go to Google directly from your browser without clicking on the link contained in the notification.  Here is a link you can trust that will take you to instructions for enabling dual factor authentication for Gmail  https://support.google.com/accounts/answer/185839?hl=en

Scam of the day – July 15, 2016 – Omni Hotels data breach

July 14, 2016 Posted by Steven Weisman, Esq.

Omni Hotels and Resorts just became the latest hotel chain to suffered a massive data breach joining Hyatt, Hotels, Starwood Hotels, Hilton Hotels and Trump Hotels who all suffered similar data breaches in the last year in which credit card and debit card information of their customers was stolen by unknown hackers.  Although the data breach at Omni was just recently discovered, it goes back to December 23, 2015 and was stealing credit card and debit card data from Omni Hotels up until June 14, 2016.  The Omni data breach affected forty-eight of Omni’s sixty hotels in North America.  As often is the case, hackers who steal the credit and debit card data sell it in large batches to other cybercriminals on a part of the Internet called the Dark Web.    The first batches of stolen credit cards and debit card information started turning up on the Dark Web in February of 2016.  The hotel industry continues to be an easy target for hackers as it is an industry that services large numbers of people and often the hotels are individually operated franchises rather than operating under a central data security system.  It should be noted, however, that Omni does not operate franchises.

The primary reasons for the continuing problem of data breaches at hotel chains are the weak cybersecurity of many hotel chains coupled with these companies still using credit card and debit card processors for cards with magnetic strips rather than the safer smart EMV chip cards.  Regulations effective October 1, 2015  mandated credit card issuers and retailers switch over to the new smart EMV chip cards or risk increased legal liability, but unfortunately, many companies have been slow to switch to the new card processing equipment.  If smart EMV chip cards had been used at Omni hotels, the card information that was stolen would have been worthless, but since they still used the old fashioned magnetic strip cards, Omni and its customers face financial problems from this data breach.

TIPS

Until credit card issuing companies and brick and mortar stores and businesses that take credit cards switch to the new smart EMV chip cards, this story will, as I predicted  more than a year ago, continue to occur again and again.  As for us, as consumers, the best we can do is to refrain from using our debit cards for anything other than an ATM card because consumers whose debit card security has been breached are not protected as much as when a credit card is used for fraudulent purchases.  In addition, if you do not already have a new smart EMV chip card, you should demand one from your credit card company.  You also should regularly monitor your credit card statements for indications of fraudulent use.

Certainly if you have been an Omni customer since December 23, 2015 you should carefully review your credit and debit card statements for indications of identity theft and fraudulent charges.  If you were affected by this particular data breach, Omni  is offering free credit monitoring services for a year through AllClear ID.  You can sign up for these services by clicking on this link  https://omnihotels.allclearid.com/

Scam of the day – July 14, 2016 – Latest updates to Adobe Flash

July 14, 2016 Posted by Steven Weisman, Esq.

After three consecutive months of new security updates being issued for Adobe Flash during the Spring, there were no security updates issued in June, however, now for the fourth time in the last five months, Adobe is issuing a new security update for Adobe Flash software.  I have been warning you for years about flaws in Adobe Flash that have been exploited by hackers and identity thieves against individuals, companies and government agencies including the U.S. State Department and the White House.  Problems with Adobe Flash are nothing new.  In 2010 Steve Jobs vociferously complained about its security and it has routinely been cited as being extremely vulnerable.  Despite security patch after security patch, new problems keep coming up.  It appears that just as companies retire certain programs when it is just too difficult to patch them, this may well be the time for Adobe to retire Flash and if it doesn’t, you should consider retiring it yourself and replacing it with another plugin that performs the same function, but is safer. Adobe Flash has already been proven to be so vulnerable to successful attacks by hackers that installing new security patches as quickly as they are issued is little more than putting a Band-aid on the Titanic if I can mix my metaphors.

TIPS

Here is the link to the latest Adobe Flash security update which I urge you to download as soon as possible if you wish to continue to use Adobe Flash: https://helpx.adobe.com/security/products/flash-player/apsb16-25.html

Some alternative plugins you may wish to consider to replace Adobe Flash include  GNU Gnash, and Silverlight.  Silverlight can be downloaded free directly from the Microsoft at this link: https://www.microsoft.com/silverlight/ while GNU Gnash can be downloaded free at this link: http://www.gnu.org/software/gnash/

Scam of the day – July 13, 2016 – Evil spirit scam

July 13, 2016 Posted by Steven Weisman, Esq.

Police in New York are warning people about a resurgence of a scam I first warned you about in the Scam of the day for May 21, 2012.   This particular scam targets Chinese Americans and begins when the scammer who is also of Chinese heritage approaches elderly Chinese women on the streets and tell them that they are plagued by evil spirits and that the only way to get rid of the evil spirits is through a purification ceremony.  They victims are told that they have to bring their cash and jewelry to the ceremony to purify their belongings and protect them from the evil spirits.  The victims’ cash and jewelry is then put in a bag and when the victims are not looking the money and jewelry is taken out of the bag by the scammer.  After the ceremony, the victims are told to take the bag home, but not to open the bag for a few days or the purification will not work.  By the time the victims learn they have been swindled, the scammers are long gone.  This particular scam has been preying upon the Asian communities in cities such as Boston, Seattle, Chicago and San Francisco in addition to New York.  In San Francisco alone, police estimate that the scammers managed to steal more than 2 million dollars worth of cash and valuables from about sixty victims reporting the crime.  This type of scam is also being reported in Haitian and Latino communities as fellow Haitians and Latinos prey upon people within their communities with similar scams.

TIPS

We tend to trust people who are like us; people who have the same cultural heritage, race, religion or social group.  Unfortunately, “people like us” can be swindlers who take advantage of our trust.  This type of fraud is called affinity fraud.  This was what happened to many of the Jewish victims of Bernie Madoff who preyed upon many victims using their shared religion as an inducement.  Be extra careful when an investment or other offer is made to you by someone who shares an affinity with you.  Check them out as you would anyone else before doing any business with them.