Scam of the day – November 13, 2016 – Important update for victims of the OPM data breach

I initially reported to you in 2014  that  the federal Office of Personnel Management (OPM) was hacked by Chinese hackers who stole personal information of  what was initially thought to be the personal information of about four million present and former federal employees as well as non-employees whose information was gathered by the OPM during the course of background investigations of federal employees.  At that time, the OPM offered free credit restoration services and credit monitoring to the victims through Winvale/CSID.  Then in 2015,  the OPM discovered a much larger data breach affecting more than twenty-one million people and again offered free credit restoration services and credit monitoring services.   Now the contract of  OPM with Winvale/CSID to supply those free credit restoration and monitoring services will end on December 1st.  If you were affected by the initial breach and had availed yourself of the free services offered by OPM, you will need to re-register with the new company, ID Experts.  You can do so by clicking on this link. https://www.opm.gov/cybersecurity

Victims of the second OPM data breach who applied for free credit restoration and monitoring services were already covered by ID Experts so they need not reapply.

TIPS

If you were a victim of the first  OPM data breach,  you should click on the link above and sign up for the free services.

It is important to remember that no identity theft protection company can prevent you from becoming a victim of identity theft.  The best they can do is notify you earlier that you have become a victim.    In fact, the OPM offered these services a year after the data breach actually occurred so the danger of identity theft is significant.   None of the identity theft protection companies help you with the one best step you can take to protect yourself from identity theft which is to put a credit freeze on your credit report.  With a credit freeze on your credit report, even if someone has your personal information including your Social Security number, they cannot access your credit report for purposes of gaining credit or loans in your name.  You can find information about how to put a credit freeze on your credit reports at each of the three major credit reporting agencies by going to the Archives section of Scamicide and putting in the words “credit freeze.”

Scam of the day – November 12, 2016 – Accused Jamaican lottery scammer facing extradition

Earlier this week, Lavrick Willocks, an accused mastermind of the infamous phony Jamaica lottery scam was arrested in Jamaica and is now, along with eight other co-defendants, facing extradition to the United States to stand trial on various criminal charges related to the Jamaica lottery scam  by which many Americans, mostly elderly, have been scammed out of money after being told that they have won the non-existent Jamaican lottery.  The scam begins when the victim receives a telephone call informing them that they have won this non-existent lottery that they never entered and are then pressured to pay “fees” and “taxes” before their winnings can be sent to them.    This scam has been going on since the 1990s, largely unchecked until Jamaica passed legislation in 2013 making it easier to convict the scammers.

In May of 2015,  following three days of deliberation a North Dakota jury convicted Sanjay Williams, of Montego Bay, Jamaica of conspiracy, wire fraud and money laundering charges related to this scam    This particular case was four years in the making and started when an 86 year old North Dakota widow, Edna Schmeets lost her entire life’s savings of $300,000 to Jamaican scammers who telephoned her and told her that she had won a 19  million dollar Jamaican lottery, but that she needed to pay taxes and fees before she could claim her prize. Williams was sentenced to 20 years in prison.

TIPS

As I have often told you, it is difficult to win a lottery you have entered.  It is impossible to win one that you have not even entered.  You should always be skeptical about being told that you have won a lottery you never entered.  It is also important to remember that it is illegal to play foreign lotteries except when you are actually present in the other country.  While it is true that income taxes are owed on lottery winnings, legal lotteries never collect tax money from winners.  They either deduct the taxes from the winnings or leave it up to the winners to pay their taxes directly to the IRS.  You also should never pay a fee to collect a legal lottery prize.

Scam of the day – November 11, 2016 – Brazen debit card scam

Florida law enforcement authorities are warning people about a scam recently being perpetrated on unwary victims which starts with the victim receiving a phone call,  purportedly from their bank, informing them that there is a problem with their debit card and that a new debit card with a chip will be issued by the bank to replace the former debit card.  Here, however, is where the scam becomes particularly brazen.  The scammers then actually go to the house of the victim to pick up his or her  present debit card.  The new chip enabled debit card is promised by the scammer to be sent in the mail shortly.  Unsuspecting victims are turning over their debit cards and their PINs to the scammers who have been using them to steal cash from ATMs and make purchases at retail stores.

TIPS

This scam starts with a phone call and it is always important to remember that whenever you receive a phone call, you cannot be sure who is really calling you even if your Caller ID says the call is coming from your bank or some other legitimate source.  Caller ID can be tricked by a technique called “spoofing” to make a scammers call appear to be legitimate.  For this reason, you should never provide personal information over the phone to someone that you have not called unless you have absolutely confirmed that the call is legitimate.

As for this particular scam, no bank is going to send someone to your home to retrieve your debit card.  If you needed to confirm this fact, all you have to do is call the customer service number on the back of your debit card to find out that this is a scam.

Scam of the day – November 10, 2016 – Phony Apps turning up on the Apple App Store

Numerous sources are reporting about phony apps turning up in the Apple App Store.  With the holiday shopping season just around the corner, these phony apps, many of which are meant to look like apps for legitimate retailers such as Christian Dior, Foot Locker, Nordstrom, Jimmy Choo or Dollar Tree,  present a real danger to consumers who may unwittingly provide their credit card information to a scammer through one of these apps.

While everyone should recognize the risk of downloading apps from unofficial sources, it has generally been believed that you are safer downloading an app from legitimate sources such as the Apple App Store or Google Play where apps are vetted before being made available to the public.  However, it appears that lately there has been an increase in dangerous phony apps with most of them originating in China.

TIPS

It is still a good idea to limit your downloading of apps from legitimate sources such as the Apple App Store and Google Play to avoid malware infected apps.  Phony apps for Pokemon Go was a problem for many people last Summer, particularly in countries where the game was not yet released.  Before downloading any app, read the reviews carefully.  While scammers will write glowing phony reviews about their apps, their reviews are usually cursory and do not provide much information.  Also, make sure that you have installed security software on your phone and that it is updated with the latest security patches.

Scam of the day – November 9, 2016 – Critical Microsoft updates

In November 4th’s Scam of the day, I told you about  an older version of Microsoft’s Windows software, which along with the much exploited Adobe Flash software had been exploited by Russian hackers to attack computer systems to gain access to information.  The group that had done these recent hacks appears to be the same Russian hackers responsible for hacking the Democratic National Committee earlier this year.  Adobe has already issued a security update to patch the vulnerability.  A link to the security update can be found in November 5th’s Scam of the day. Microsoft has just now issued the necessary patches and updates.   Users of Windows 10, the latest version of Windows and the Microsoft’s Edge browser were already protected from the attack.

Once again, the malware necessary to spread these computer hacks was spread, as so often is the case, by spear phishing emails luring unsuspecting victims into clicking on links that downloaded the malware.

TIPS

The best thing you can do to help protect yourself from being hacked is to never click on links in emails or text messages from anyone until you have absolutely verified that the messages and the links are legitimate.  Trust me, you can’t trust anyone.

It is also important to update your security software on all of your electronic devices as soon as security updates become available.  Hackers constantly exploit vulnerabilities in software for which there already exist security patches, but which have not been installed by consumers.   Here is the link to the critical  new Microsoft updates: https://technet.microsoft.com/en-us/security/bulletins

Scam of the day – November 8, 2016 – PayPal email phishing scam

PayPal is a popular payment service used by many people particularly with eBay.  Therefore it can seem plausible when you receive an email that purports to come from PayPal asking you to clear up an undisclosed problem with your account.  However, anyone responding to the email copied below would either end up providing personal information to an identity thief or merely by clicking on the link could download keystroke logging malware that will steal the information from your computer and use it to make you a victim of identity theft.  DO NOT CLICK ON THE LINK.

This particular phishing email is not particularly sophisticated. Although it came with what appears to be a legitimate PayPal logo, that logo is easy to counterfeit.  More importantly It came from an email address of a private person rather than that of PayPal.  The address used, most likely is that of someone whose email account and computer was hacked in order for the identity thief to send out these phishing emails in mass quantities. It also is not directed to you personally as PayPal would do with all of its legitimate communications which is an indication that this is a phishing scam.  Finally, the words “recent” and “activity” improperly appear as “Recentactivity” without a space between the two words.

TIPS

The primary question we all face when we receive such an email asking for personal information or urging us to click on a link is how do we know whether to trust the email or not.  The answer is, as I always say, trust me, you can’t trust anyone.  Regardless of how legitimate such emails appear, you should not provide any personal information or click on any links until you have independently verified by phone call or email to an email address that you know is accurate that the request for personal information is legitimate.

 

.

Scam of the day – November 7, 2016 – Regions Bank phishing email

Regions Bank is a large bank based in Alabama with more than 1,700 branches throughout the South, Midwest and even into Texas. Recently, I received a phishing email  that appeared to come from Regions Bank.  Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which  download malware or  trick you into providing personal information that will be used to make you a victim of identity theft, are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work.   The Regions Bank phishing email uses the common ploy of indicating that the bank needs you to verify personal information for security purposes.   As phishing emails go, this one is pretty good, but it does have some telltale flaws.   Although the email address from which it was sent appears to be legitimate, upon closer examination you can determine it is not an official email address of Regions Bank.  Also, although the email is quite short, it contains numerous grammatical errors and the word “Sincerely” is spelled wrong.  Most telling, the email is not directed to you by name and does not contain your account number in the email.  It is important to remember that merely because the email contains the exact logo of the bank does not mean that the communication is legitimate.  It is easy to obtain a copy of the logo on the Internet.

TIPS

Obviously if you do not have an account with Regions bank, you know that this is a phishing scam, but even if you do have an account with this bank, there are a number of indications that this is not a legitimate email from Regions Bank, but instead is a phishing email. Legitimate banks would refer to your specific account number in the email.  They also would specifically direct the email to you by your name.  This email’s salutation is a generic “Dear customer” without even capitalizing the word “customer.”  As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or smartphone and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the customer service number  for your bank where you can confirm that it is a scam, but make sure that you dial the telephone number correctly because scammers have been known to purchase phone numbers that are just a digit off of the legitimate numbers for financial companies, such as Regions to trap you if you make a mistake in dialing the real number.

 

Scam of the day – November 6, 2016 – Scam vote by text advertisement on Twitter

With the Presidential election just two days away, there are still a number of scams related to the election that primarily are focused on tricking you into providing personal information that can be used to make you a victim of identity theft or steal you money.  I described a number of them in the Scam of the day for  August 1, 2016.  However the scam about which I am writing today is an advertisement that was appearing on Twitter encouraging people to vote for Hillary Clinton by way of a text message.  This is a purely political scam motivated by anti-Hillary forces to suppress her vote by tricking people into thinking that they can vote by text message which is not allowed in any state.  Here is a copy of the ad as it appeared until it was withdrawn by Twitter.

TIPS

Regardless of which candidate you prefer, it is important to remember that you cannot vote by text message or email.   As the election gets closer in time, it is important also to not give into the temptation to click on links in emails or text messages that appear to provide you with startling new information about the election.  These communications will be sent around by scammers attempting to lure people into downloading malware by clicking on infected links.  Never click on any link in an email or a text message unless you have absolutely confirmed that it is legitimate. As for news you can trust about the candidates, you are better off using respected, legitimate news sources rather than being lured into downloading possible malware merely because the subject line may promise some incredible news that most likely is untrue from a source that you cannot verify.

November 5, 2016 – Steve Weisman’s latest column for USA Today

The open enrollment period for Medicare is going on now.  Open enrollment for Medicare is open season for scammers who use interest in Medicare as an opportunity to scam unsuspecting victims.

Here is a link to my latest column for USA Today which discusses the various Medicare scams and how to avoid them.

http://www.usatoday.com/story/money/columnist/2016/11/05/how-spot-avoid-medicare-open-enrollment-scams/93297060/

Scam of the day – November 5, 2016 – Latest security updates from the Department of Homeland Security

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  These new updates from the Department of Homeland Security include critical new updates from Adobe about which I wrote a few days ago as well as important newly released security updates from Apple for its operating system and Google Chrome.  The Adobe patch is related to vulnerabilities recently exploited by Russian hackers.

TIPS

Here are the links to  lists of all of the recent security updates as posted by the Department of Homeland Security: https://www.us-cert.gov/ncas/bulletins/SB16-305 and https://www.us-cert.gov/ncas/current-activity/2016/10/31/Apple-Release-Security-Update-iOS and https://www.us-cert.gov/ncas/current-activity/2016/11/02/Google-Releases-Security-Updates-Chrome