Scam of the day – November 27, 2013 – Arrest of student hacker

November 27, 2013 Posted by Steven Weisman, Esq.

Suffolk County, New York Police recently arrested seventeen year old Matthew Calicchio and accused him of hacking into the student records of students in the Sachem School District and then posting the personal information on thousands of students online.  The hacking was first discovered in August, but was not able to determine who they thought had perpetrated the crime until now.  The hacked information has been taken down, but was up online long enough to pose a significant threat of identity theft to thousands of people whose information had been stolen.

TIPS

If indeed, Calicchio is the hacker, this is just another example of how young and relatively inexperienced hackers can obtain critical information from various sources that do not protect their data properly through encryption and other security measures.  It is also a lesson to all of us to make sure that we limit the places that have our personal information to only those entities that truly require our personal information.  And just as it was said that eternal vigilance is the price of liberty so is it the price of personal security.  Make sure that you monitor your credit report regularly and are regularly looking for indications of identity theft.

Scam of the day – November 26, 2013 – Dangers of hotel Wifi

November 26, 2013 Posted by Steven Weisman, Esq.

Identity theft victim Barbara Shaw now knows all to well the dangers of hotel Wifi.  Upon returning to the United States recently from a European trip, she checked her airline frequent flier account to make sure that she was credited with all of the miles from her trip, only to find that more than 250,000 miles had been withdrawn from her account and converted into gift cards and mailed to the identity thief who stole them from her account.  Eventually, investigators discovered that Ms. Shaw had become a victim of identity theft when she thought she was using a hotel Wifi system when in fact, it was a phony Wifi system set up at the hotel at which she was staying so when she used the Wifi at the hotel to go into the account, she provided the information to the identity thieves who were able to get all of the information they needed to access her account.

TIPS

Make sure that the Wifi you are using is the legitimate Wifi of the hotel, restaurant or other venue that you are using.  Confirm with the hotel or restaurant that the address of the Wifi is the correct one.  Any computer or tablet that has wireless capabilities activated should also have security software installed at the same time.  One of the best ways to protect yourself when using Wifi is to encrypt your data.  Make sure your wireless router has an encryption mechanism and that it is turned on.  Even wireless routers that have encryption capabilities are often delivered with this feature turned off.  It is up to you to make sure that your encryption feature is functioning.  Most wireless routers also have a feature called Identifier Broadcaster that announces your presence to other devices in the Wifi area.  Make sure that yours is turned off so you are not alerting anyone to your computer’s presence.  Finally, even if your Identifier Broadcaster is turned off, wireless routers come equipped with a standard default identifier for your particular computer.  This default identifier is known by identity thieves and hackers, so change your identifier so that your computer cannot be accessed by identity thieves and hackers.

Scam of the day – November 25, 2013 – Smartphone banking scam

November 25, 2013 Posted by Steven Weisman, Esq.

Many of us use our smartphones for so many more tasks then merely speaking on the phone.  Smartphones have become the fast and convenient way for 300 million people to do their banking.  They also have become the fast and convenient way for scam artists and identity thieves to steal the money from your bank account by planting (with your assistance) malware on your smartphone that not only can read all of the information on your smartphone including your banking passwords and other personal information, but can even change the way your bank account balances appear to you on your smartphone so you are not aware that your account has been stolen by an identity thief.

TIPS

The primary way that identity thieves and scammers install the necessary malware to get access to your bank account and steal your money is by luring you into unwittingly downloading the malware that gives them control over and access to the information in your smartphone.  Most often they do this by a technique called phishing which I have described many times previously in Scamicide.  Phishing occurs when you are lured into clicking on a link or downloading an attachment that appears to be legitimate, but in fact is riddled with malware.  The malware is contained in the link or download material that is often contained in an email that appears to be from a company with which you do business or a trusted friend when in fact, the email is from an identity thief.  It is for this reason that I am constantly warning you not to click on links or download attachments unless you are absolutely sure that they are legitimate.  Just because it appears to come from a friend of yours does not make it legitimate.  His or her email could have been hacked making it appear that the communication and the link are legitimate when they are not.  This technique is called spear phishing.  That is why I always tell you to confirm that the email is legitimate regardless of how good it looks before you download anything or click on a link.

In addition, you should make sure that your smartphone as well as all of your electronic devices are protected with the latest anti-virus and anti-malware software and that you keep these security programs constantly updated with the latest security patches and updates.  In addition, you may even want to consider having a separate smartphone for online banking and other financial transactions on which smartphone you do not do any text messaging or emails in order to avoid falling prey to phishing.

Scam of the day – November 24, 2013 – Phony Yellow Pages scam

November 24, 2013 Posted by Steven Weisman, Esq.

The Federal Trade Commission recently got an injunction stopping the operation of a scam based in Montreal, Canada, but aimed at American businesses and churches involving phony online business directory listings.  At the time that the FTC acted, the scammers, Mohamad Khaled Kaddoura, Derek Cessford and Aaron Kirby as well as the fifteen companies under which they operated had stolen more than fourteen million dollars from unsuspecting victims.  The scam would start with a phone call in which the scammers said that they were verifying contact information to update or confirm existing directory listings.  Other times they said that they were calling to verify information for cancellation of a listing.  In every instance, these were total misrepresentations because the businesses and churches called had no previous relationship with the callers.  The calls were then followed up with bills averaging about $500.  When the victims complained, the scammers played back portions of the initial telephone calls that made it sound like they actually did purchase the listing services.  If the victims still refused to pay, the then received calls purporting to be from collection agencies threatening legal action.

TIPS

Never provide information to anyone over the phone or in response to an email or text message unless you are absolutely sure that the person contacting you is legitimate and they have a legitimate need for the information you are providing.   In this case,  people receiving the original call should have refused to provide any information until they had verified that their company or church actually had an account with the caller, which, of course they did not.  Had they taken this simple step rather than provide information to someone they did not know, they could have avoided much trouble.  This is a valuable lesson for all of us.  Scammers will often sound legitimate, but being aware of that, you should always decline to provide information to anyone who contacts you until you have absolutely verified that the call is legitimate and the need for the information is legitimate.

Scam of the day – November 23, 2013 – Phony LinkedIn job postings

November 23, 2013 Posted by Steven Weisman, Esq.

LinkedIn is a popular social media website used by business professionals to network with other professionals.  More than 225 million people around the world are members of LinkedIn.  LinkedIn is used by these people to get ideas, explore opportunities and even to list job postings.  Anything with 200 million members is attractive to scam artists so it is not surprising that scammers are constantly trying and often successful in posting phony job offers despite the best efforts of LinkedIn to recognize and take down these phony ads.  Bitdefender, which is a maker of anti-malware software recently exposed a phony job advertisement placed by a recruiter who used the name Annabella Erica.  Scammers had managed to infiltrate and put her profile into the legitimate LinkedIn group Global Jobs Network, which has 167,000 members.   Scammers put these phony ads on LinkedIn and other social media in order to gather personal information which is then exploited for purposes of identity theft.  Other times the phony ads will contain links that if clicked upon will automatically download keystroke logging malware which can steal all of the information from your computer and lead to your becoming a victim of identity theft.

TIPS

The best place to look for a helping hand is at the end of your own arm.  Although LinkedIn and other websites that carry job postings try to identify and either prevent or remove phony ads from appearing on their websites, you cannot depend on these companies to fully protect you.  Certainly a little skepticism helps when you see a job posting for a job that sounds too good to be true.  In that case you should fully investigate the company before providing any information and should never click on any links or download any attachments until you have done sufficient research to make sure that the job offering is legitimate.  In addition, you should make sure that you not only have a good Firewall, anti-virus and anti malware software installed on your electronic devices, but that you keep this security software up to date with the latest patches and updates to help insure your protection.

Scam of the day – November 22, 2013 – Express Courier scam

November 22, 2013 Posted by Steven Weisman, Esq.

It is for good reason that scam artists are the only criminals whom we refer to as artists.  A new scam that has recently surfaced is ample evidence of the cleverness of some of these criminals.  The scam starts when you receive a call from a company that calls itself Express Courier inquiring as to whether you are going to be home to sign for a delivery.  When the delivery person arrives, he gives you a beautiful basket of flowers and wine.  It does not come with a card indicating who sent the gift, but you are told that the card will arrive later separately.  You are then asked to not just sign for receipt of the gift package, but to also provide a credit card to pay a minor $3.50 delivery/verification charge that proves that the gift, which included an alcoholic beverage was left in the custody of an adult over the age of 21.  The whole things seems pretty reasonable so people are providing their credit cards which are then swiped through a hand held card processor for the $3.50 charge.  It is not until later that the victim learns that the device through which the card was swiped was not a credit card processor, but rather a skimmer, which is a device about which I have written many times in Scamicide.  A skimmer is used by identity thieves to capture the information from credit cards and debit cards which is later used to access the credit card accounts and bank accounts of the victims and that is just what is happening in these cases.  The victims soon learn that their credit cards have been used for large purchases by the identity thieves and even worse, if the victim used a debit card, his or her bank account was soon emptied.

TIPS

Never provide your credit card to anyone unless you are sure that they are legitimate.  In this case, Express Courier is a legitimate company, however the scam artists pulling off this con were not associated with the real Express Courier, but merely posed as legitimate employees.  When you receive a delivery for something you have not ordered, such as a gift, you are not charged anything and you should not pay anything regardless of the pretext used by the scammer to get you to provide a credit card or a debit card.  Also, you should limit your use of debit cards to use as ATM cards because if you do become a victim of a scam, you do not get the same consumer protections with a debit card that you get with a credit card.  Check out “50 Ways to Protect Your Identity in a Digital Age” for more information about debit card dangers.

Scam of the day – November 21, 2013 – Latest Google Chrome security updates

November 21, 2013 Posted by Steven Weisman, Esq.

I constantly am providing you with the latest security updates for many of the software programs that we all use.  I do this because identity thieves and hackers are always working to identify and exploit vulnerabilities in these programs and use these vulnerabilities to make us victims of identity theft and other scams.  You don’t have to go any further than the recent hackings of a number of U.S. government agencies through the exploiting of vulnerabilities in Adobe’s ColdFusion website development software to see how important it is to keep your software updated with the latest security updates and patches.  Additionally, however, even if you know it is important to keep your software programs updated, many people are wary of whether they are updating with legitimate security updates and patches or malware put out there by identity thieves and scammers posing as providers of security software.  It is for that reason as well that I regularly provide you with links you can trust to the latest security updates and patches as they become available.

TIPS

Google Chrome is a web browser used by many people.  Google has just identified some security flaws in its software and has issued an advisory with links to the necessary security patches that you need to install to keep using Google Chrome safely.  Here is the link to that latest advisory as provided by the United States Department of Homeland Security.

https://www.us-cert.gov/ncas/current-activity/2013/11/18/Google-Releases-Google-Chrome-310165057

Scam of the day – November 20, 2013 – Dangers posed by hacking of government websites

November 20, 2013 Posted by Steven Weisman, Esq.

In November 2nd’s Scam of the day, I told you about the recent arrest of British citizen Lauri Love for hacking into the computers of a number of United Sates Government departments.  In a confidential memorandum, the FBI has recently warned other government agencies about actions of the informal hackers group known as “Anonymous “to also hack various agencies of the United States government. According to the memorandum which was leaked to Reuters, many federal agencies have already been hacked and information stolen from the U.S. Army, the Department of Energy, the Department of Health and Human Services and many more resulting in Anonymous stealing large amounts of personal information contained in the unencrypted computers of these various agencies.  Among the information stolen was personal information on 104,000 employees and contractors of the Department of Energy including bank account information on some of these people.  A common thread between Lauri Love’s hacking and the hacking done by Anonymous is the exploiting of security flaws in Adobe’s Cold Fusion software which is a popular website development software used by many companies and federal agencies.  I have been warning you that this was going to happen since we first became aware of the hacking of Adobe.

So what does it mean to you?

TIPS

Once again, this illustrates that your personal information is only as safe as the place with the weakest security that holds your information.  It is important to limit the places that hold your personal information to as few places as actually need it.  Also, do not leave credit cards on file with online companies with which you shop for your convenience.  Your convenience can lead to your becoming a victim of identity theft if they are hacked.  You should make sure that you monitor your credit reports at least annually to be on the lookout for identity theft and you may wish to consider putting a credit freeze on your credit report to limit the damage if you do become a victim of a hacking.  For more information about credit freezes and getting free copies of your credit reports check out my book “50 Ways to Protect Your Identity in a Digital Age.”

Scam of the day – November 19, 2013 – Denver Bronco Cheerleaders become victims of identity theft

November 19, 2013 Posted by Steven Weisman, Esq.

Things have been going quite well for the Peyton Manning, led Denver Broncos this year, however, recently the Denver Bronco cheerleaders became victims of identity theft by way of a scheme that could happen to anyone.  Law enforcement officials in Denver indicted two people who are alleged to be part of an organized identity theft ring that stole mail from the mailboxes of people looking for checks, which they would then use to make counterfeit checks which they would then cash in order to access the accounts of the payers of the checks.   Checks mailed by the Denver Broncos to their cheerleaders were stolen from the mailboxes of the cheerleaders, used to make counterfeit checks and then cashed to provide funds to purchase drugs.

TIPS

It is very easy to obtain a perfectly legal software program that will create legitimate checks and this software can be misused to create counterfeit checks if the criminal has the bank information provided on actual checks of the companies whose checks they are counterfeiting.  For this reason, if you are paying your bills by way of a written, paper check that you are mailing, you should never put it in your home mailbox and lift the red flag.  Lifting the red flag, may give notice to your letter carrier that you have outgoing mail, but it also gives notice to your friendly neighborhood identity thief that there is mail that may be useful for him to steal.  Additionally, incoming mail with checks, credit card information or other information that can be used to make you a victim of identity theft is a quite risky unless you have a lock on your mailbox.

Scam of the day – November 18, 2013 – Latest Adobe developments

November 18, 2013 Posted by Steven Weisman, Esq.

For more than a month I have been warning you and updating you about the hacking of Adobe and the theft of both personal information on more than 38 million of its customers as well as source code for for its Adobe Acrobat, Cold Fusion and ColdFusion Builder programs.  The danger posed by the theft of the source code cannot be overestimated as it can be expected to lead to exploitation of flaws in the code of these programs, some of which are used in the development of many of the websites we all frequent that can lead to identity theft for millions more people.  Facebook and a number of other companies are so concerned that they are now requiring members who use the same password for Facebook as they do for Adobe to change their passwords.  Identity thieves rely on many people using the same passwords for multiple sites and once a password has been compromised, as has happened with the Adobe hacking, identity thieves use that password at other sites to gain access to information that can make the person whose information has been stolen a victim of identity theft.  Adobe has been quite active in trying to update its security for its products since the time of the hacking and has just released security updates for its Adobe Flash Player as well as its ColdFusion software.  If you use either of those programs, you should download and install these updates as soon as possible.

TIPS

Here are the links to the latest Adobe security updates for the Adobe Flash Player and the Adobe ColdFusion software.  If you use either or both of these programs you should install them immediately.  It is vital that you install security patches and updates for all of the software programs you use as soon as they are available.  Identity thieves and hackers rely on people procrastinating installing these security patches.  It is also important to use different passwords for each of your online accounts so that if, as happened here, your information is stolen by one company with which you do business being hacked, your entire online life is not jeopardized.

https://www.us-cert.gov/ncas/current-activity/2013/11/13/Adobe-Releases-Security-Updates-Adobe-Flash-Player

https://www.us-cert.gov/ncas/current-activity/2013/11/13/Adobe-Releases-Security-Update-Adobe-ColdFusion

Follow Scamicide each and every day so that you are constantly updated as to the latest developments in scams and identity theft and what you need to do to protect yourself.