Scam of the day – May 13, 2015 – What to do if your email is hacked

May 13, 2015 Posted by Steven Weisman, Esq.

Yesterday I told you about a scam which starts when you receive an email that appears to come from one of your friends, but in actuality is coming from a scammer who has hacked into your friend’s email account is sending out messages that appear to come from your friend touting a product.  We have all received these emails and hopefully, you just immediately delete them after informing your friend that his or her email account has been hacked and scam emails are being sent to everyone on his or her email address list.

But what do you do if you are the person whose email has been hacked?

TIPS

1. Change your password on your email account. If you use the same password for other accounts, you should change those as well.
2. Change your security question. I often suggest that people use a nonsensical security question because the information could not be guessed or gathered online. For instance, you may want the question to be “What is your favorite color?” with the answer being “seven.”
3. Report the hacking to your email provider.
4. Contact the people on your email list and tell them you have been hacked and not to click on links in emails that appear to come from you. 5.  Scan your computer thoroughly with an up to date anti-virus and anti-malware program. This is important because the hacker may have tried to install a keystroke logging malware program that can steal all of the information from your computer.
6. Review the settings on your email, particularly make sure that your email is not being forwarded somewhere.
7. Get a free copy of your credit report. You can get your free credit reports from www.annualcreditreport.com. Some other sites promise free credit reports, but sign you up for other services that you probably don’t want or need.
7. Consider putting a credit freeze on your credit report. You can find information about credit freezes here on Scamicide.com

Scam of the day – May 12, 2015 – FTC halts weight loss scam

May 11, 2015 Posted by Steven Weisman, Esq.

How could Oprah ever steer you wrong?  A company, Sale Slash, which sells phony weight loss products such as Premium Green Coffee, Pure Garcinia Cambogia, Premium White Kidney Bean Extract, Pure Forskolin Extract and Pure Caralluma Fimbriata Extracts thought so too which is why they would send spam emails, often from hacked email accounts of your friends who were made part of a botnet of computers sending out emails appearing to come from friends with messages, such as “hi, Oprah says it’s excellent.”  The message would also have links to phony news sites with videos of phony celebrity endorsements.  Obviously, neither Oprah Winfrey nor your friend whose email was hacked are endorsing these phony weight loss products.  Now the Federal Trade Commission (FTC), has obtained a court order halting the actions of Sale Slash and other affiliated companies as well as freezing their assets.

TIPS

The truth is that there are no quick fixes when it comes to weight loss and you should be wary of any product that promises you can lose tremendous amounts of weight quickly without dieting or exercise.  You should also be wary of any weight loss product that is sold exclusively either over the Internet or through mail-order advertisements.  It is also important to remember that no cream that you rub in your skin can help you lose substantial weight and no product can block the absorption of fat or calories.  The best course of action when considering a weight loss product is to ask your physician about the effectiveness of a particular weight loss product or program before you reduce your wallet in an effort to reduce your waistline.

Scam of the day – May 11, 2015 – Latest Security updates from the Department of Homeland Security

May 10, 2015 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  Users of the affected programs should make sure that they update their software with these latest security patches as soon as possible.  Today’s updates include critical updates for Google Chrome, Cisco UCS software, Apple Safari software and Word Press software.  Word Press is used by many companies for website creation.

TIPS

Here are the links to the latest security updates and patches from the Department of Homeland Security:

https://www.us-cert.gov/ncas/bulletins/SB15-124

https://www.us-cert.gov/ncas/current-activity/2015/05/08/Cisco-UCS-Central-Software-Vulnerability

https://www.us-cert.gov/ncas/current-activity/2015/05/07/Apple-Releases-Security-Updates-Safari

https://www.us-cert.gov/ncas/current-activity/2015/05/07/WordPress-Security-and-Maintenance-Release

 

Scam of the day – May 10, 2015 – Hackers with Ransomware targeting Hedge Funds

May 10, 2015 Posted by Steven Weisman, Esq.

In a frightening speech two days ago in Las Vegas to a convention of hedge fund managers that hopefully will serve as a wake-up call to those in the financial industry, John Carlin, the head of the Justice Department’s National Security Division warned his audience that hedge funds have become the target of a wide range of hackers including nationally sponsored hackers from Russia, China, Iran and North Korea as well as criminal groups from around the world and terrorist groups.  One of the primary attack methods is the use of Ransomware, about which I have written numerous times over the last few years.  Ransomware is a type of malware that when downloaded on to the victim’s computers encrypts and seals the victim’s data.  The victim is then informed that either the victim pays a ransom immediately or its data will be destroyed.  Already several hedge funds have fallen victim to this type of attack.

TIPS

An important thing to remember about Ransomware as with most malware used by hackers and identity thieves is that in almost every case, the malware was downloaded through socially engineered phishing emails that tricked employees into downloading the dangerous malware.  Corporate America has not done a good job of either training employees as to how to avoid phishing emails or segregating and isolating important data from vulnerability to such attacks.

This story is not only important to the national and international economies, but also to all of us personally as Ransomware is being used against individuals as well as companies.  Once again, the best way to avoid downloading Ransomware malware is to follow my motto of “trust me, you can’t trust anyone.”  Never click on a link or download an attachment until you have confirmed that it is legitimate.  In addition, make sure that you keep your anti-virus and anti-malware software up to date although this is no guarantee of protection against Ransomware because the latest malware is always at least a month ahead of the security software companies.  In addition, make sure that all of your data is backed up either in the cloud or by other data backup methods.

Scam of the day – May 9, 2015 – FTC stops mortgage relief scam

May 8, 2015 Posted by Steven Weisman, Esq.

Scammers are always taking advantage of people at their most vulnerable so it is certainly no surprise that mortgage relief scams through which scammers promise to provide financial relief for homeowners having difficulty paying their mortgages are extremely common.  Recently, the Federal Trade Commmission (FTC) shut down such a scam which went under the names of HOPE Services and HAMP Services.  These scammers made it appear in their written and oral communications that they were non-profit companies affiliated with the federal government to provide mortgage relief.  They made false promises of being able to lower monthly payments and interest rates, when in fact, all they did was steal payments from their victims whom they directed to make their payments directly to them instead of to their lenders.  In addition, they also advised their victims not to talk to their lenders or attorneys.  The misuse of the HOPE name may have been done to take advantage of the goodwill and reputation of HOPE NOW, which is a legitimate and effective alliance of counselors, mortgage companies and others to legitimately help homeowners in financial distress.

TIPS

Certainly, advising someone having difficulties paying their mortgage not to speak with their lender or an attorney is such outrageous advice that it should be a strong indication that you are dealing with a scammer.  If you are experiencing difficulty paying your mortgage, you can call 1-888-995-HOPE for free personalized assistance from housing counseling agencies that are certified by the Department of Housing and Urban Development (HUD).  You also can get assistance by going to the website of HOPE NOW at www.hopenow.com.

Scam of the day – May 7, 2015 – The latest Nigerian letter scam email

May 6, 2015 Posted by Steven Weisman, Esq.

Although it may seem as if this scam only began in earnest with the invention of email, in fact, the scam itself is just a variation of a scam that is more than four hundred years old when it was called “the Spanish Prisoner Con.  At that time a letter was sent to the targeted victim purportedly from someone on behalf of a wealthy aristocrat who was imprisoned in Spain under a false name.  The identity of the nobleman was not revealed for security reasons, but the victim was asked to help raise money to obtain the release of the aristocrat, who, it was promised, would reward the money-contributing victim with great sums of money and, in some versions of the con, the Spanish prisoner’s beautiful daughter in marriage.

In the more recent incarnations of this scam, you receive an email in which you are promised great sums of money if you assist a Nigerian in his effort to transfer money out of his country.  Other variations include the movement of embezzled funds by corrupt officials, a dying gentleman who wants to make charitable gifts or a minor bank official who is trying to move the money of deceased foreigners out of his bank without the government taking it.  The email which I received recently and is copied below falls in the category of the assistance being needed in making  charitable distributions.

What all of these scams have in common is that soon after agreeing to help, you learn that money is needed to be sent by you for lawyer fees, bribes, insurance and other costs.  The reward is always just around the corner and the fees keep mounting.

Here is a copy of the email I recently received:

“Charitable Donation From Mrs. Gretchen Mishra                                                                                                                                                                                                                                                                            Abidjan Cote D’Ivoire                                                                                                                                                                                                                                                                                                                                   Attention!!!!

Greetings in the name of the LORD Almighty the giver of every good thing. I know this proposal will definitely come to you as a huge surprise, but I implore you to take your time to go through it carefully as the decision you make will go a long way to determine my future. I am Mrs. Gretchen Mishra an ageing widow of 57 years old suffering from long time illness breast Cancer and Cancer of the lungs. I have some funds which I inherited from my late husband, the sum of USD $4,500,000.00 and I needed a very honest and God fearing person who can withdraw this money then use the funds for Charity works.

I WISH TO ENTRUST THIS FUND TO YOU FOR CHARITY WORKS. I found your email address from the internet after honest prayers to the LORD to bring me HONEST PERSON I CAN CONFIDE ON, and I decided to contact you if you may be willing and interested to handle these trust funds in good faith. I am desperately in keen need of assistance and I have summoned up courage to contact you for this task, you must not fail me and the millions of the poor people in our today’s WORLD.
This is not stolen money and there are no dangers involved. Please if you would be able to use the funds for the Charity works please kindly let me know immediately. Please kindly respond quickly for further details if you can handle this task.
Regards,
Mrs. Gretchen Mishra”

TIP

There are a number of ways to confirm that the email you are receiving is a scam including a careful review of the email address, however, you do not need to even go that far in your considerations.  Although you may want to open the email (so long as you do not click on any links, which can lead to your downloading malware that can lead to identity theft) for sheer entertainment purposes, all of these scenarios are scams.  Just ask yourself, why are you being singled out for this email?  You are not.  The emails are sent out all over the Internet.  Don’t be a victim.  Do not respond to the email in any fashion.  If you do, you will be hounded.

Scam of the day – May 6, 2015 – Another data breach at Sally Beauty stores

May 6, 2015 Posted by Steven Weisman, Esq.

It was just a little over a year ago that I told you about a massive data breach at beauty supply company, Sally Beauty and apparently they have not learned their lesson.  Earlier this week the store said it was looking into “reports of unusual activity” on credit and debit cards used at some of its stores.  According to the store, “Since learning of these reports, we have been working with law enforcement and our credit card processor and have launched a comprehensive investigation with the help of a leading third-party forensics expert to aggressively gather facts while working to ensure our customers are protected.” It appears that more than 25,000 transactions were compromised by the data breach.  Once again, however, Sally Beauty did not take the prudent step of moving to smart card technology as some companies, such as Wal Mart have done ahead of the October 2015 deadline for doing so.

TIPS

Just as I advised you yesterday, the best thing you can do to protect yourself when shopping in a retail store is to not use your debit card which, if compromised can potentially put your entire bank account in jeopardy.  You also should carefully monitor your credit card statements to look for fraudulent purchases so that in the event of a data breach, you can quickly determine if you have become a victim of identity theft and close down the account so that all it will cost you is the inconvenience of getting a new credit card.

Scam of the day – May 5, 2015 – Data breach at Las Vegas Hard Rock Hotel and Casino

May 5, 2015 Posted by Steven Weisman, Esq.

Fool me once shame on you, fool me twice, shame on me.  In a repeat of a story we have heard over and over during the last few years, the Hard Rock Hotel and Casino in Las Vegas is notifying its customers of a major data breach that began on September 3, 2014 and was not discovered and stopped until April 2, 2015 at the restaurant, bar and various retail and service stores at its Las Vegas hotel and casino.  The data breach did not extend to charges made on credit and debit cards at the casino and hotel itself nor to some of other businesses operating there including Nobu, Affliction, John Varvatos, Rocks, Hart & Huntington Tatoo and Reliquary Spa & Salon.  However, numerous other retail stores and services at the Hard Rock Las Vegas property were affected with credit and debit card numbers, customer names, and CVV codes compromised.  Although we still do not know how the data breach was accomplished and the malware necessary to accomplish the data breach was planted in the computers of the affected companies, it is reasonable to speculate that the pattern of Target, Home Depot and so many other data breaches was followed here by which malware was implanted on the computers of the companies that were the victims of the data breaches through phishing emails that enabled the hackers to steal credit card and debit card information that could be used for purposes of fraud and identity theft.  Had the United States broadly adopted the smart card chip technology used throughout the rest of the world instead of the old magnetic strip technology still used in the United States, this type of a data breach would have been of little value to the hackers, but since companies such as those affected here at the Hard Rock continue to use this old technology, they continue to put their customers in danger of identity theft.

Here is a link to a column I wrote about this problem for USA Today in September of 2014 in which I predicted exactly how this would occur.

http://www.usatoday.com/story/money/personalfinance/2014/09/27/hacking-target-home-depot-credit-card/16221427/

TIPS

There is little we, as consumers, can do to convince retailers to move to the more advanced smart credit card chip technology that generates a new number for every transaction so that a data breach that steals that number would be worthless to an identity thief who could not use that number for future purchases.  However, until retailers switch to this technology which is not expected to be widely adopted until October of 2015, the most important things that we can do as consumers is to refrain from using debit cards for retail purchases because they do not provide the same level of protection from liability that credit cards do.  We also should regularly review our credit card bills to look for fraudulent purchases and evidence of identity theft so that we can stop the bleeding as quickly as possible.  If you find that your credit card has been compromised, you should contact your credit card issuer immediately, close the account and have fraudulent charges removed.  Although the law permits credit card companies to hold their customers responsible for up to $50 of fraudulent charges, most companies do not hold their customers responsible for any amount of fraudulent purchases when the fraud is reported promptly.

Scam of the day – May 4, 2015 – Hacking group threatens Cape Coral, Florida police

May 4, 2015 Posted by Steven Weisman, Esq.

Just three days ago I told you about an FBI warning to police departments around the country that hackers are actively attempting to not only hack into the computers of the police departments, but also searching the Internet for personal information on police officers and then making this information public, which can put the officer in danger of identity theft or worse.  This tactic which is called “doxing” has now been used against the Cape Coral, Florida Police Department.  Hackers claiming to be in the notorious hacking group, Anonymous posted videos online threatening members of the Cape Coral, Florida Police Department with doxing in response to a recent conviction of Travis Robey on charges of violently resisting a police officer stemming from an incident last June.  Hackers, claiming to be part of Anonymous posted personal information about members of the Cape Coral Police Department including their names, addresses and phone numbers, which they said they obtained by hacking into the computers of the Cape Coral Police Department.  The Cape Coral Police Department denies that their computers have been hacked and are conjecturing that Anonymous managed to get this information from public sources.

TIPS

There are many lessons to be learned from this.  As I have reported in the past, police departments have become a frequent target for hackers including those who have used Ransomware to prevent police departments from being able to access their data unless they pay a ransom as well as malicious hackers who use doxing to put officers in jeopardy.  In many instances, the information obtained is information that can be found through social media or public data sources and this should serve as a stern warning to all of us to be more careful about the personal information that we put on social media or share with other public sources.  The less information that is available about you on line, the safer you are from identity theft and other personal threats.