Scam of the day – January 6, 2017 – Yahoo customer service scam

Yahoo is warning its customers about a scam involving Yahoo customer service.  Certainly with the disclosure over the last couple of months that a billion people had their personal information stolen from Yahoo, there may be many people with a need for customer service from Yahoo, however the scam involves a Yahoo customer service phone line.    Scammers are posting telephone numbers for Yahoo customer service and charging people for their services where, at best, they do nothing for you and, at worse, they steal the information you provide when you speak with them to make you a victim of identity theft.

Yahoo only provides customer services through email, chat, social media, help articles or its Yahoo Help Community forums.  They do not provide customer service by phone and they never charge for customer service.

TIPS

For information about Yahoo customer service you can learn where to get help by going to this Yahoo link.

https://help.yahoo.com/kb/SLN26180.html

If you are in need of customer service in regard to your Yahoo account and want to access its Help Community forums, you can do so by clicking on this link.

https://forums.yahoo.net/

 

Scam of the day – January 5, 2017 – FDA issues cybersecurity guidelines for medical devices

By now, we are all familiar with the Internet of Things which presently includes 5 billion devices and is expected to grow to 25 billion devices by the year 2020.  The Internet of Things is the popular name for the technology by which products and devices are connected and controlled over the Internet.  The range of products that are a part of the Internet of Things is tremendous and includes, cars, refrigerators, televisions, fitness bands, webcams, toys and even medical devices.  The Internet of Things offers tremendous opportunities for constructive and efficient use of these products, but as with any technology connected through the Internet, also provides an opportunity for hackers to exploit the technology for their own criminal purposes.

While hacking of medical devices sounds like something out of fiction, in 2007, former Vice President Dick Cheney was so concerned about hackers that he had the Internet connection on his pacemaker disabled.  In September 2015, the FBI issued a warning saying that “Once criminals have breached such devices, they have access to any personal or medical information stored on the devices and can possibly change the coding controlling the dispensing of medicines or health data collection.”  In 2014, the Food and Drug Administration (FDA)  issued guidelines for building enhanced cybersecurity into the design and development of such medical devices.   Now the FDA has released new recommendations, a year in the making, that deal with maintaining the cybersecurity of medical devices after they have been released into the marketplace.  Here is a link to these important recommendations which are merely recommendations and not enforceable regulations.

http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM482022.pdf

TIPS

While medical device manufacturer’s and the government work on security standards for Internet connected medical devices, what can you do to protect yourself in the meantime? The most important thing you can do is find out what information is stored on your device and how it is accessed.  Also learn about the use of password protection and make sure that your device is not still using a default password.  Learn from the manufacturer what steps they have already taken to protect your device from being hacked.  If your device uses an open wifi connection, you should change it to operate exclusively on a home network with a secured wifi router.  If your device is capable of transmitting data, make sure that the transmissions are encrypted.

Scam of the day – January 4, 2017 – Income tax scams

Income tax identity theft is a major problem that costs taxpayers billions of dollars and can delay your tax refund by many months while the IRS investigates the matter.  While the IRS has gotten somewhat better at discovering income tax identity theft before paying out a fraudulent return, they are still nowhere near as good as they can and should be in preventing this type of crime.

The crime itself is quite simple.  An identity thief uses your Social Security number obtained in any number of ways and files a phony income tax return using a counterfeit W-2 to claim a sizable refund.  If the IRS pays a refund, which they often do, in response to the phony income tax return, the person whose Social Security number was used in filing the phony income tax return will find that the IRS will flag their legitimate income tax return when it is later filed because of it being the second income tax return filed with the same Social Security number.  It takes the IRS 278 days on average to investigate incidents of income tax identity theft causing the victims to have to wait that long before they can receive their legitimate income tax refund.

The vast majority of people file their income tax returns electronically so it should come as no surprise that a scam that is now being perpetrated involves an email you receive that appears to come from the IRS asking you to update your e-filing information including  your Social Security number and bank account information.  Don’t do it.  It is a scam.  The IRS will not communicate with you by emails or text messages.

TIPS

The simplest way to avoid income tax identity theft is to file your income tax return as early in the year as possible in order to beat the identity thief to the punch.  If your legitimate income tax return is filed before the identity thief tries to file an income tax return using your Social Security number, your refund will have already been sent by the IRS.

As for avoiding the phishing emails that appear to come from the IRS, the easiest way to avoid this scam is to follow the rule of never providing personal information in regard to an email until you have confirmed that the email is legitimate and there is a legitimate need for the information to be provided.  In this case, in particular, you don’t need to even bother to look into whether the email is legitimate or not because the IRS will never initiate contact with you by an email so you can ignore it.

 

Scam of the day – January 3, 2017 – FTC brings charges in timeshare resale scam

The Federal Trade Commission has just announced the filing of charges against Pro Timeshare Resales, LLC and a number of individuals connected with this company on charges that they took sizable up-front fees after promising they had buyers and renters ready to buy or rent their time share units.

The scam would begin when the victim would be contacted by phone and told that the company had a ready, willing and able buyer  or renter for the victim’s timeshare unit.  The victim was told that they must pay upfront fees, which could be as much as $2,500.  The truth is that their were no buyers andoften the victims were even called in violation of the Federal Do Not Call List.  When some of the victims asked for  refunds, the scammers refused to return the funds paid to them.

TIPS

Many timeshare owners have become desperate to sell their timeshare units and scam artists take advantage of this desperation. However, regardless of how desperate you are, you should never pay anyone promising to sell your timeshare unit in advance of the actual sale.  If you follow this rule, you will save yourself a lot of headaches.  Before signing with anyone to sell your timeshare unit, you should also investigate the company to make sure that they are legitimate.  Check with your state attorney general and the Federal Trade Commission to see if their are complaints or legal actions against the company.

Scam of the day – January 2, 2017 – Mobile app scams

There seems to be a mobile app for just about anything you could possibly want to do and scammers are quite aware of this which is why the Federal Trade Commission (FTC) recently issued a warning to shoppers in particular about phony apps being circulated by cybercriminals who harvest credit card information, banking information and other personal information from phony shopping apps that they lure people into downloading that appear to be legitimate.   A couple of months ago, I warned you about a few specific phony apps that were made to look like the real apps for Christian Dior, Foot Locker, Nordstrom, Jimmy Choo and Dollar Tree.

TIPS

It is important to limit your downloading of apps to legitimate sources such as the Apple App Store and Google Play to avoid malware infected apps. Before downloading any app, read the reviews carefully.  While scammers will write glowing phony reviews about their apps, their reviews are usually cursory and do not provide much information.   You can also go directly to a legitimate retailers website for information about any apps they may have for their products.  Also, you can do a search on Google or other search engines using the words “fake app” along with the name of the company whose app you are interested in to see if there have been reports of problems.   Finally, make sure that you have installed security software on your phone and that it is updated with the latest security patches.

Scam of the day – January 1, 2017 – Phony FTC complaint phishing email

The Federal Trade Commmission ( FTC) does a pretty good job of protecting consumers from fraud.  Unfortunately the latest fraud about which the FTC recently issued a warning involves an email that appears to come from the FTC, but is actually the work of an identity thief.  This scam has been appearing periodically for about three years and is having a new resurgence. The phony email contains a good copy of the FTC’s logo and looks quite official.  It is not.

Here is a copy of one version of this email.

“This notification has been automatically sent to you because we have received a consumer complaint, claiming that your company is violating the CCPA (Consumer Credit Protection Act).
According to our policy, we have initiated a formal investigation before taking legal action. You can download the document containing the complaint and the plaintiff contact information, from…” followed by a link.

If you receive such an email, do not click on the link.  The email is phony and if you click on the link, you will only end up downloading a keystroke logging malware program that will steal the information from your computer including your Social Security number, credit card numbers, bank account numbers and passwords and end up making you a victim of identity theft.

TIPS

When you receive an email you can never be sure of who sent it.  Sometimes you can immediately tell that the email address of the sender is not a legitimate email address for the company or person that it purports to be, however, other times a legitimate email account may have been hacked into and used to send the phishing email.  Never click on a link or download an attachment in an email unless you are absolutely positive that it is legitimate and the only way to do that is to confirm that the email is legitimate such as by calling on the telephone the person who sent it to you to confirm that it is indeed legitimate.  In the case of this email, your should be immediately skeptical because the email is not directed to you personally and does not contain your name anywhere.  If you have even the slightest thought that the email might be legitimate, contact the FTC at its dedicated line to deal with these kind of scams 877-382-4537 and you can confirm that it is a scam.  Trust me, you can’t trust anyone.

December 31, 2016 – Steve Weisman’s latest column for USA Today

Two weeks ago in my column for USA Today, I provided my cyberpredictions for 2017 some of which may seem pretty dire.  In today’s column I describe some of the simple steps you can take to prevent yourself from becoming a victim of cybercrime.

Here is a link to my latest column.

http://www.usatoday.com/story/money/columnist/2016/12/31/protecting-your-cybersecurity-2017/95977850/

Scam of the day – December 31, 2016 – President takes action against Russian hackers

In the last Scam of the day for 2016 it is appropriate that we discuss the issue of Russian hacking of American organizations that occurred in 2015 and 2016 that were intended to influence the Presidential election.  Two days ago, President Obama ordered sanctions against Russia including the ejection of 35 Russians spies that the administration said were posing as diplomats and specific actions against three organizations that it said supported the hacking operations.  The possibility of further covert actions against Russia was also hinted at.

A day prior to the President’s announced sanctions, the Department of Homeland Security and the FBI issued a joint analysis report entitled “Grizzly Steppe – Russian Malicious Cyber Activity” in which it provided details about the hackings.  Here is a link to the report.

https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf

TIPS

Although the report contains important information about Russian hacking of American institutions, the report also provides a long list of specific steps that institutions and individuals can take to avoid being a victim of cybercrime.

Here are just a few of the things that all of us as individuals should consider.

  1. Backup all important information offline.
  2. Be on the alert for spear phishing. The report emphasizes, as I have warned you about for years, that the primary cause of hacking is people clicking on links in spear phishing emails that download malware.  Use both anti-phishing security software as well as your own brain to refrain from clicking on links in emails unless you have absolutely confirmed that they are legitimate.
  3. Use strong firewalls with whitelisting configurations by which only approved applications will be allowed to be downloaded on to your computers.  This is much better than blacklisting because it protects you from threats about which you know nothing.
  4. Limit the personal information you provide on social media.
  5. Use dual factor authentication whenever possible.

Scam of the day – December 30, 2016 – Latest security updates from the Department of Homeland Security

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  These new updates from the Department of Homeland Security includes critical updates for Microsoft products and Samsung mobile products.

TIPS

Here are the links to a list of all of the recent security updates as posted by the Department of Homeland Security:

https://www.us-cert.gov/ncas/bulletins/SB16-361

Scam of the day – December 29, 2016 – Chinese hackers charged with securities fraud

It didn’t take long for one of my cyberpredictions for 2017 to be realized.  In fact, it actually happened in the waning days of 2016.  My prediction, as found in my recent column for USA Today and here in Scamicide.com, predicted that law firms would be targets for hackers seeking inside information from them about their large corporate clients that may be considering mergers or takeovers of other companies.  Using this non-public information, a savvy hacker could trade in the stock of these companies and make tremendous profits before the information about the mergers or acquisitions became known by the public and drove up the price of the stocks.

http://www.usatoday.com/story/money/columnist/2016/12/17/think-cyberthreats-bad-now-theyll-get-worse-2017-spear-phishing-etc/95262574/

Recently a thirteen count indictment was unsealed in which three Chinese defendants are alleged to have hacked into the computers of at least seven law firms involved with mergers and acquisitions and stole confidential inside information about impending mergers and takeovers that enabled the hackers to buy stock in these companies before the knowledge of the impending mergers became public and then sell their stock at tremendous profits when the news of the mergers became known.  It is estimated that the hackers made profits of more than four million dollars using this information.  The SEC has also brought a civil action against the three defendants.

Among the companies involved with mergers or takeovers that the hackers are alleged to have profited from using this confidential information were InterMune, a biotech company, Intel, Altera, Pitney Bowes and Borderfree.  On the Pitney Bowes takeover of Borderfree alone, the hackers were able to achieve a profit of more than 105% by purchasing Borderfree stock before the announced takeover and selling soon after the takeover was announced.

TIPS

For law firms and other companies, this should be another wake up call to provide better security.  The major hacking of a law firm that resulted in the leaking of what has become known as the Panama Papers should have been sufficient notice that law firms and other companies and agencies that hold sensitive and confidential information must take the necessary steps to protect their data better.

For the rest of us as individuals, this should serve as a reminder that our own cybersecurity is inexorably tied to all of the companies and governmental agencies that hold our personal information.  Whenever possible, you should limit the amount of personal information that you provide any company or governmental agency.  For instance, your physician does not need your Social Security number although they often ask for it.

Finally, security begins at home and you should make sure that you are protecting your cybersecurity as best you can by not clicking on links in emails unless you have verified that the communication is legitimate, installing and constantly updating your security software, using unique strong passwords for all of your accounts, using strong security questions, using dual factor authentication and encrypting your communications.