Scam of the day – January 21, 2014 – Target customers get free credit monitoring

January 21, 2014 Posted by Steven Weisman, Esq.

Target has announced that as a service to its 110 million customers who were victims of the massive hacking of their credit card, debit card  information as well as other personal information it is offering a free credit card monitoring service for one year through ProtectMyID a company affiliated with Experian, one of the three major credit monitoring companies.  The offer by Target was communicated to its customers through an email with a link to click on in order to enroll in the program and therein lies the problem.  How can you be sure that the email offering the free credit monitoring service is legitimate?  How can you be sure that the email is not from an identity thief and that clicking on the link is safe and will not download malware that will make you a victim of identity thief?  The answer is, you can’t be sure because this is a tactic used by identity thieves.

TIPS

You should definitely accept Target’s offer of the free credit monitoring service, which is a typical response by companies when they have been hacked.  However you should go directly to Target’s official website of www.target.com and click on the link that reads “Important Notice: data incident involving certain guest information” which, in turn will take you to a safe and secure page where you can sign up for the program.

Scam of the day – January 20, 2014 – Another Nigerian email not from Nigeria

January 20, 2014 Posted by Steven Weisman, Esq.

As I said in a Scam of the day just a few days ago, not all Nigerian letters come from Nigeria.  The name “Nigerian letter” has come to refer to an entire genre of scams that share the same essential element, which is that somehow you have been lucky enough to be picked to receive a huge amount of money with no investment on your part.  Of course, once you are hooked into the scheme, the requests for cash start and they don’t stop until your funds run dry.  The reasons for the requests for funds may seem legitimate, such as for taxes, administrative fees or even bribes, but ultimately, the end is always the same.  I am including this particular recent Nigerian letter because of the creativity in its story.  Here is what I received:

“Good Day
Firstly, I must solicit your confidence in this transaction; this is by virtue of its nature as being utterly confidential and top secret. Though I know that a transaction of this magnitude will make any one apprehensive and worried, but I am assuring you that all will be well at the end of the day. I have decided to contact you due to the urgency of this transaction, as i have been reliably informed of its swiftness and confidentiality. Let me start by first introducing myself properly to you. My name are Mr. Fredrick Elliot, I came to know of you in my private search for a reliable and reputable person to handle a very confidential transaction, which involves a huge sum of money deposited in a Financial Institution in Malaysia, but now transfer to Netherlands, if this is truly of me, I remain my humble self ” Barr. Fredrick Elliot.
In receipt to your profile, is a pleasure and also necessary to relate this issue before your hearing, my late Client (Mr. Dominic Dim Deng) was returning with a military delegation to the regional capital, Juba, from a political conference in the town of Wau on Friday, 2 May 2008, he should had being in (Juba) for a political era, so their plan clash and my Late Client die. See the website for confirmation,
(http://news.bbc.co.uk/1/hi/world/africa/7380412.stm).

My aim of writing you this email now, is that My late Client should have being in Malaysia for a project on 4th night of these incident a project that worth the sum of ($25,500.000.00), Twenty Five Millions Five Hundred Thousand Dollars, deposited with a Financial Institution in Malaysia, now transfer to Netherlands, and he was expected to be Malaysia as soon as he return from juba because My client was a partner in Blue Chip and Construction companies, eventually this incident occurred. I need your humble assistance to retrieve my late Client funds from the Financial Institution into your care as we come over for investment as I can not come out for this fund being his personal Lawyer. All the documents of this money and is whereabouts is in my position, if this proposal is OK by you and you do not wish to take advantage of the trust i hope to bestow on you, then kindly get to me immediately  via my e-mail address the below:
Your most confidential telephone
Your most confidential fax
Your most confidential e-mail address
Your Id either passport or identity card
Send them to my email address: bar. barrfredelliot55@aol.com so that I can forward to you the relevant details of this transaction.
Thank you in advance for your anticipated co-operation.
Regards,
Barr. Fredrick Elliot
E-Mail: barr. barrfredelliot55@aol.co”

TIPS

Never respond to any emails of this kind.  Unfortunately, they still work at managing to swindle people out of their money, but only when people are too blinded by greed to consider the outrageousness of the letter itself.  Of course, if you wanted you could Google, Fredrick Elliot along with the words barrister and scam and you will find numerous citations that tell you that indeed this is a scam, but you should have already known that.

 

Scam of the day – January 19, 2014 – Guccifer

January 19, 2014 Posted by Steven Weisman, Esq.

What do Steve Martin, Colin Powell, George W. Bush, John Dean, Mariel Hemingway, Lorne Michaels, Carl Bernstein, Rupert Everett, Eric Idle, Whoopi Goldberg and Julian Fellowes the writer of “Downton Abbey” have in common?  All have had their email hacked by the legendary hacker who calls himself “Guccifer.”  Guccifer has not exploited his hacking targets for financial gain although the information he obtained would allow him to do so.  Rather his goals, more often appear to be to embarrass his victims and shake the world up a bit.  Through hacking of his victims’ email accounts he has gained access to and made public the final episode of Downton Abbey, months before it was aired.  He has made public embarrassing information he obtained through his hacking efforts of politicians and celebrities on both sides of the Atlantic.

Although, Guccifer, who recently did an extensive interview with the celebrity gossip website TMZ refused to indicate precisely how he has managed to hack into the emails of so many famous people, there does appear to be some evidence that one technique he uses is to get an email address of someone such as he did with media icon, Tina Brown, who has an extensive email address book.  He then uses simple techniques to answer his victim’s security question and change the password to the account whereupon he is able to take over the account and have access to all of the information stored there.  Simple, publicly available information such as birth dates, schools attended and other such information has provided the keys to answering the security questions of his victims.  He also apparently has used lists of the name of pets to answer security questions as well.  And herein lies the lesson for us all.  Even if you are not a celebrity, there is so much information about us all that is publicly available; sometimes the information is even provided by us through our Facebook pages and other social media, that it is an easy task for a hacker to get at our email accounts and other password and security question protected accounts.

TIPS

Since protecting your email address is an impossible task, the key to protecting your account from being hacked is to have strong security questions and the key to that is to provide a question to which the answer can never be guessed by a hacker.  So if your security question is “What is my favorite vegetable?” you should make the answer “electronic clock” or some other totally illogical response.  Don’t worry about remembering it yourself because if the question and answer are as ridiculous as this, you will remember it.

Scam of the day – January 18, 2014 – Investment advice from Bernie Madoff

January 18, 2014 Posted by Steven Weisman, Esq.

Convicted Ponzi schemer Bernie Madoff who stole 50 billion dollars from unsuspecting victims may be the last person from whom you would accept investing advice, but in fact, his advice, as contained in a recent jailhouse interview Madoff gave to the Wall Street Journal does have good advice for people hoping to avoid the fate of Madoff’s many victims.  As you may remember, Madoff did not invest any of the money he received from investors who gave him money.  Instead, he used the money for his own purposes and paid off older investors with money received from newer investors.  Ultimately, this house of cards came toppling down, as it does with all Ponzi schemes when too many people ask for their money and the fraud becomes exposed.

TIPS

With great “chutzpah,” in the interview, Madoff blamed his victims for their losses.  He said that his investors were “sophisticated people” who should have known better.  “People asked me all the time, how did I do it.  And I refused to tell them, and they still invested.  Things have to make sense to you.  You should ask good questions.”  And about this he is correct. No one should ever invest in anything that they do not totally understand.  In Madoff’s situation, with 20/20 hindsight we can see that his investment strategy was impossible, but investors should not have relied on him.  They should have tried to understand the strategy and if they could not understand it, which no one would have been able to do, they should not have invested.  In addition to Madoff’s advice, I would also warn you against ever investing with an investment adviser such as Madoff who both makes the investment decisions and also holds the assets.  These activities should be divided between an investment adviser and a separate broker-dealer who actually holds the investments.  Had this elemental rule been followed by Madoff investors, they would have immediately known that there were no investments.

Scam of the day – January 17, 2014 – Credit card technology

January 17, 2014 Posted by Steven Weisman, Esq.

The recent hacking of Target resulting in the theft of credit and debit card information on more than 40 million Target customers brought attention to the technology used in American credit cards.  Unlike credit cards in other parts of the world, American credit cards still use a magnetic strip technology that has been around since the 1960s in which information is contained on a magnetic strip on the back of the card.  When the information on this strip is stolen, the identity thief has access to the credit of the victim.  However in more than 80 other countries around the world, the magnetic strip card technology has been replaced with cards embedded with a microchip.  This technology is often referred to as EMV.  With EMV cards, the chip creates and encrypts a new number every time the card is used.  Thus hacking into the data terminals used by the cardholder is a worthless exercise in trying to access the credit card.  Credit card companies and retailers have resisted for cost reasons updating the credit card system in the United States although changes in regulations in regard to liability for fraudulent credit card use will prompt credit card companies and retailers to switch to this technology by October of 2015.  Hopefully, consumers will also insist on the new EMV cards as a way to shop more safely.

TIPS

Some American companies including Chase, Citi, American Express and Discover are issuing the new EMV cards, but you have to ask for them.  Unfortunately, you can expect the rollout of the new cards to be rather slow and consequently you can also expect more major hacking events similar to what happened at Target between now and October of 2015 so you may wish to consider asking for one of the new EMV cards when you get a new credit card.

Scam of the day – January 16, 2014 – Debit card phishing scam

January 16, 2014 Posted by Steven Weisman, Esq.

Recently customers of St. Anne’s Credit Union, BankFive, Bristol County Savings Bank, Mechanics Cooperative Bank, Taunton Federal Credit Union and Bridgewater Savings Bank in Massachusetts have been receiving telephone calls purportedly from their banks in which the caller tells the person answering the call that the caller works for his or her bank and that there has been a security breach of the customer’s account at the bank and that the account has been frozen for security purposes.  The customer is then told that in order to resolve the situation and make the account available to the customer again, the customer must confirm their debit card number and PIN.  Of course, the calls are not coming from the customers’ banks.  They are coming from scammers seeking this information in order to access the accounts of the people receiving the calls.  In truth, not only are the calls not coming from the banks, many of them are coming from scammers who are not even located in the United States.  Although this scam has recently been reported in Massachusetts, you can expect it to spread rapidly around the country.

TIPS

Your real bank will not ask for your debit card number of PIN on the phone.  Whenever you get a telephone call, text message or email requesting such information, you should refuse to provide it because you can never be sure that the communication is legitimate.  In fact, in all circumstances, this will merely be a scam attempting to get your personal information in order to make you a victim of identity theft.  If you have any thought that the communication might be legitimate, call your bank at a number that you know is legitimate to inquire as to the status of your account.

Scam of the day – January 15, 2014 – Utility bill scam

January 15, 2014 Posted by Steven Weisman, Esq.

As I have often told you, anytime you receive a call regarding anything in response to which you are advised to make a payment by way of a Green Dot MoneyPak card or any other prepaid card you should be skeptical because these prepaid cards are a favorite method for scam artists to scam you out of your money.  This is because once the scammer has the card number, it is the same as cash and you cannot stop payment on the payment nor trace to whom the payment was made.  Recently, particularly in the light of the cold wave that gripped much of the country, people have been receiving telephone calls purportedly from utility companies telling them that they are behind in their payments and their utilities will be shut off unless immediate payment is made by way of obtaining a Green Dot MoneyPak card or other such card and providing the 14 digit card number to the scammer by phone.  Often the caller ID may even indicate that the call is from the utility company, but it is an easy thing for a scammer to “spoof” or make it appear that a call from them is coming from your utility company.  You can never be sure when you receive a telephone call as to who is really calling you.

TIPS

Never make a payment to a utility company in response to a telephone call.  No utility will require immediate payment by way of a Green Dot MoneyPak card.  If you are behind in your utility payments, call the utility company at a number that you know is accurate and discuss a payment plan with a legitimate representative of the utility company.

Scam of the day – January 14, 2014 – Firefighters Support Foundation scam

January 14, 2014 Posted by Steven Weisman, Esq.

Recently residents of Montana have been receiving letters soliciting contributions to the Firefighters Support Foundation, an organization that appears to support Montana firefighters.  In truth, the organization is not a legitimate organization promoting the welfare of firefighters, but in actuality is a scam intended to raise money only for the scammers who operate the phony charity.

TIPS

Solicitations for phony charities are quite common.  Often the phony charities have names that sound legitimate and it is difficult to know merely from a solicitation whether or not the charity is legitimate or not.  Phony charities related to police and firefighters are particularly common.  Prior to giving to any charity, I suggest you first look into whether indeed the charity is legitimate or not and the best way I know to do that is to go to www.charitynavigator.org where not only can you find out whether the charity is a scam, but also how much of your donation goes toward the charitable purposes of a legitimate charity and how much goes toward salaries, administrative costs and fund raising.

Scam of the day – January 13, 3014 – Phony IRS collection scam

January 13, 2014 Posted by Steven Weisman, Esq.

As we start the income tax season, IRS scams are beginning to proliferate.  One that is presently being reported starts with a phone call that purports to be from the IRS telling the victim that he or she owes money to the IRS for overdue taxes and that there will be dire consequences unless the person obtains a Green Dot MoneyPak card and then provides the number to the phony IRS agent.  Although this seems particularly outrageous and ridiculous, the scammers who are doing this scam are quite adept at convincing people to obtain the cards and provide their numbers to the scammer.  The Green Dot MoneyPak card and other money cards are a medium of choice for paying scammers because they are impossible to trace.

TIPS

The IRS does not contact you by phone in regard to money that is owed for overdue taxes.  Neither will they contact you by email.  They also will not demand payment by way of a Green Dot MoneyPak card.  Although there are many legitimate uses for these cards, anytime you are asked to pay by way of a Green Dot MoneyPak card, you should be a bit more skeptical of the situation.  If ever you are contacted by phone by anyone who represents that they are an IRS representative, tell them to contact you by mail.

Scam of the day – January 12, 2014 – Phony court summons scam

January 12, 2014 Posted by Steven Weisman, Esq.

Reports are coming from around the country of people receiving phony emailed court summons from courts in various major cities such as New York, Houston, St. Louis, Washington DC and others in which the person receiving the email is prompted to click on an attachment to obtain further details.  This scam, like many, is a phishing attempt to get people to click on a link or download an attachment that will result in the person receiving the email either providing personal information that can be used by the scammer for purposes of identity theft or will cause the person downloading the attachment to unwittingly download a keystroke logging malware program that will provide the identity theft with all of the information in the victim’s computer which would also be used to make the person a victim of identity theft.  In either case, nothing good can come from downloading the attachment.

Here is a copy of one of the recent emails currently being circulated:

“Notice of appearance,

Hereby you are informed that you are due in the court of Houston

on the 19 of January, 2014 at 09:00 am for the hearing of your case.

You are kindly asked to prepare and bring the documents relating to the case to Court on the specified date.

Please, download the copy of the court notice attached herewith to read the details.

Note: The case may be heard by the judge in your absence if you do not come.”

TIPS

Many people are comfortable ignoring these emails merely because they provide no precise information about a particular case or court.  In addition, if they refer to a city or state where you have never been, you can also be pretty sure that it is a scam.  However, as I constantly advise you, under no circumstances should you ever download an attachment or click on a link unless you are sure that it is legitimate.  If you have any thought that the email might be legitimate, you should call the court for further information.  In addition, it is important not to provide personal information online unless you are sure that it is legitimate and required.  Finally, make sure that your security software is maintained up to date with the latest patches.