Scam of the day – April 29, 2015 – Securities trader arrested and accused of market manipulation

April 28, 2015 Posted by Steven Weisman, Esq.

You may remember the “flash crash” of May 6, 2010 when the Dow Jones Industrial Average plummeted 1,000 points in just minutes causing losses of a trillion dollars before bouncing back by the end of the trading later that day.  Now, five years later, a British  futures trader, Navinder Singh Sarao has been arrested and charged with fraud, commodities manipulation and other offenses that the Department of Justice alleges substantially contributed to the “flash crash.”

The technique that Sarao used that is alleged to have caused the “flash crash” is called “spoofing” and “dynamic layering.” It involves using specially designed trading software to enable the placing of large buy or sell orders that would be cancelled after they had an effect on the market price and before being executed.  Thus when Sarao wanted to drive prices of E-Mini S & P Futures contracts he traded  down, his computer would send huge amounts of sell orders that would drive down the price of the contracts at which point he would buy the contracts and then have his computer automatically cancel his sell orders.  Then he would send out huge numbers of buy orders which would drive the price up at which point he would sell the contracts he bought earlier at the manipulated low price.  He would then cancel the buy orders he used to manipulate the price upward.


Spoofing was outlawed in the Dodd-Frank law in 2010, however, there can be a fine line between white collar criminals spoofing and a legitimate trader canceling orders based upon new information.  The key difference is the intent behind the cancellation.  Legislators and regulators are still struggling to come up with safeguards in the securities markets to prevent illegal exploitation of the markets which have become easier and easier to do with computerized trading.

Scam of the day – April 28, 2015 – Nepal earthquake charity scams

April 28, 2015 Posted by Steven Weisman, Esq.

Unfortunately, in the three years that I have been writing there has been no shortage of disasters both natural and man-made that have touched the hearts of people around the world seeking to help.  Mankind indeed can be quite kind and giving when our fellow man is in need and the generosity of people here in the United States and around the world is a wonderful thing.  However, scammers are always present at times like this, eager to take your charitable impulse and turn it into an opportunity to steal money you intend to help those in need.

The recent earthquake in Nepal, which has killed more than 3,000 people and affected many more is one of those events that has drawn many people who want to help by making a donation to a charity that can provide needed assistance to the affected people of Nepal.  However, there are many scammers who are setting up phony charities or using the names of legitimate charities to steal charitable donations that should be going to help our fellow man.


Be very wary of telemarketers seeking charitable contributions.   Whenever you receive a telephone call that purports to be from a charity, you can never be sure that the caller is legitimate.  In addition, even if the caller is a legitimate solicitor on behalf of a charity, they work on commission and some of what you donate will be going to the telemarketer.  If a telemarketer arouses your interest in a particular charity, ask the telemarketer to send you written information that you can review before making a contribution directly to the charity that you know will go entirely to the charity.

As for email and text message solicitations from charities, be particularly careful because not only can you not be sure if they are legitimate or not, they may be even worse than that.  The email or text message may contain a link or attachment that has malware that can steal the information from your computer or smartphone and use it to make you a victim of identity theft. is a great resource.  It is a free website at which you can look up any charity to which you may be considering making a donation.  Not only will tell you whether or not the charity is a scam or not, it also will tell you how much of the money given to the charity goes toward its charitable works and how much it pays in salary and administrative costs.

Some of the well established and highly rated charities presently working on the Nepal relief effort include AmeriCares, CARE, Catholic Relief Services, Direct Relief, GlobalGiving, Save the Children and the Seva Foundation.  You can get more information about these charities at as well as find links to the charities themselves where you can make a donation.


Scam of the day – April 27, 2015 – MasterCard settlement with Target being challenged

April 26, 2015 Posted by Steven Weisman, Esq.

The massive data breach caused by the hacking of Target in 2013 which compromised the security of as many as a hundred million credit and debit cards resulted in banks incurring millions of dollars in costs to replace the credit and debit cards put at risk by the data breach.  Although Target is still negotiating with Visa in regard to the amount that Target will reimburse Visa for these costs, Target announced recently that it had reached a settlement with MasterCard to pay nineteen million dollars to cover the costs of reissuing new cards for those people affected by the data breach.

Now a small group of banks has brought legal action to block the settlement which they allege is unfair to the banks that suffered losses as a result of having to reissue debit and credit cards.  Charles Zimmerman, one of the lawyers representing the group of banks challenging the proposed settlement has said the settlement “provides paltry restitution for the substantial losses suffered.”  A motion for a preliminary injunction to prevent the settlement will be heard today in federal court in Minnesota.


Regardless of the outcome of this motion hearing or any settlements between the credit card companies, Target and the credit card issuing banks, consumers are well aware that the best place to find a helping hand when it comes to security while shopping is at the end of their own arms.  Part of the reason that we have had so many major retail data breaches in the last couple of years is that the United States still uses magnetic stripe technology from the 1960s rather than the modern computer chip credit cards used primarily throughout the rest of the world that is not susceptible to the type of mass retail hacks that we have seen at Target, Home Depot and others.  With the new chip cards, a new number is created for every transaction for which the card is used, making it worthless for a hacker to steal the credit card’s number from a card processing machine.  Regulations go into effect in October of 2015 that will require retailers to implement such smart card chip technology or be held financially responsible for all losses incurred using the magnetic stripe cards, which is why we will see retailers scrambling to meet the October 2015 deadline.  Meanwhile, some stores such as WallMart have already installed the machines to use the new smart chip cards.

So what should consumers do?

First of all, never use your debit card for retail purchases.  Federal law does not provide the same level of consumer protection from liability that you get with the use of a credit card.  Second, you should get a new smart chip card as soon as possible and use it whenever possible.  These new cards also have magnetic strips so you can still use the same card through the old style credit card processors if the store where you are shopping does not yet have card readers capable of processing the sale using the computer chip.

Scam of the day – April 26, 2015 – Intuit sued regarding income tax identity theft

April 26, 2015 Posted by Steven Weisman, Esq.

A lawsuit has been filed in the Federal District Court for the Northern District of California by Christine Diaz and Michelle Fugatt against Intuit, the maker of TurboTax, the popular tax preparation software used by so many people to file both state and federal income tax returns.  Christine Diaz had not used TurboTax since 2011, however someone had managed to access her online TurboTax account to file state income tax returns in Michigan, Missouri, Ohio and Oklahoma as well as a federal income tax return using her Social Security number and name.  Interestingly, the other plaintiff, Michelle Fugatt, had never used TurboTax, but someone managed to set up an account in her name and file an income tax return using her name and Social Security number through TurboTax.

The lawsuit, which will most likely seek class action status to represent many more victims of income tax identity theft tied to TurboTax, alleges that TurboTax has negligently poor security which caused the plaintiffs to become victims of income tax identity theft.  TurboTax has indicated that about 60% of the fraudulent income tax returns filed using TurboTax software used personal information including Social Security numbers stolen from places other than TurboTax to set up TurboTax accounts to file phony income tax returns.  The remaining 40% of fraudulent income tax returns using TurboTax, the company says, can be traced back to identity thieves who have been able to hack into the accounts of TurboTax customers and gain access to personal information including past tax returns and then use that information to file phony tax returns.

Presently the FBI is investigating the tie between income tax identity theft and TurboTax.


Electronic filing has been a boon to legitimate taxpayers looking for a convenient way to file their income tax returns and more quickly get their refunds.  However, it has also been a boon to identity thieves.  In 2010 there were 500,000 fraudulent income tax returns filed electronically with the IRS, however, this number rose to close to 2 million in just three years and it shows no signs of slowing down.  Fraudulent income tax returns largely filed electronically cost the IRS and, in turn, the American taxpayers 5.8 billion dollars in fraudulent refunds paid by the IRS to income tax identity thieves.

TurboTax has recently added new security provisions including a requirement that TurboTax customers provide a code that TurboTax sends to their smartphone or email address in order to access their accounts from a computer other than their home computer

However, much of the security problem is caused by TurboTax users themselves.  Too many people use the same user name and password for all of their accounts so if this information is stolen by hackers from another account of the victim, it can be used to access their TurboTax account.  In addition, many taxpayers become victims because they are too careless in protecting the privacy of their Social Security number either on their computer or in paper documents.

Finally, a particularly safe way to use TurboTax, so long as your computer is protected by good anti-malware and anti-virus software is to use the desktop version of TurboTax rather than the online version so that TurboTax never has a record of your information.

Scam of the day – April 24, 2015 – Security danger found in 1,000 apps

April 24, 2015 Posted by Steven Weisman, Esq.

Cybersecurity company, SourceDNA has announced that it found a major security flaw in a version of the open source code AFN Networking software used by app developers to create apps for iPhones, iPods and iPads.  This security flaw would enable a hacker to easily bypass the app’s security and provide a hacker to gain access to the app user’s credentials and banking data.  Fortunately, the flaw does not affect all of the 100,000 apps that use AFNetworking.  Only 1,000 are affected by the version of AFNetworking that contains the flaw, however, this number includes apps from major companies including Microsoft, Yahoo and Uber.  Some app developers have already patched the problem, however not all of the affected apps have been patched yet so everyone who uses iPhones, iPods and iPads should check to make sure that the apps they are using are safe and secure.  You can go to SourceDNA’s website with this link to find out if your apps are secure


If you are not using an iPhone, iPod or iPad, you do not need to worry about this particular threat.  If you do use these devices you should check out at the link provided above to see if the apps you use are still affected.  If the any of the apps you use are still affected, you should stop using those apps until the flaw is patched.  You also should change your password for apps that have been affected.


Scam of the day – April 23, 2015 – Medicare to finally stop using Social Security numbers on Medicare cards

April 22, 2015 Posted by Steven Weisman, Esq.

As we all know, a person’s Social Security number is the key to making that person a victim of identity theft.  Armed with that number, an identity thief can access a person’s credit, file a phony income tax return in the name of the victim and, in general make life miserable for the person whose Social Security number has been compromised.  Where at one time it was commonplace for states to use a person’s Social Security number as the number on a person’s driver’s license, it is now illegal for states to do so.  The Department of Defense, the Veteran’s Administration and numerous other private and governmental entities no longer use the Social Security number as an identifying number in order to reduce identity theft.  However, for more than ten years, the Department of Health and Human Services, the government agency that supervises Medicare, the governmental health insurance program in which 50 million Americans are enrolled, refused to heed the advice of the Government Accountability Office (GAO), the White House Office of Management and Budget and the Inspector General of Social Security to change the identifying number prominently displayed on a person’s Medicare card from the person’s Social Security number to a safer identifying number.  But now, a new federal law was passed that requires Medicare to start issuing cards with a randomly generated Medicare beneficiary identifier rather than the person’s Social Security number, however, Medicare does not have to start doing so for four years.  They have an additional four years to replace the cards of current beneficiaries with new cards with the new identifying numbers.  When fully implemented, this law will significantly reduce the vulnerability of Medicare recipients to identity theft.


This legislation is a good step from many perspectives.  It was passed with bipartisan support and does show that Republicans and Democrats can work together.  There is much that can be done to protect us from scams and identity theft that should be able to be done with bipartisan support and hopefully, this law is just the first of many that will help provide greater security to Americans from scams and identity theft.  However, people who are present Medicare recipients with cards that will for years still contain their Social Security numbers should take greater precautions to protect these cards from being used by identity thieves.  One of the primary things to do is to not carry the card in their wallets or purses unless they absolutely need to bring it with them to a medical appointment.  Additionally, they should take precautions to make sure that documentation that carries their Social Security or Medicare number is properly secured and away from the eyes of caregivers or others who might seek out this information for purposes of identity theft.  Finally, when disposing of documents that contain their Social Security number, they should cross shred the documents to prevent dumpster diving identity thieves from getting this information.

Scam of the day – April 22, 2015 – Watch out for the Simda botnet

April 21, 2015 Posted by Steven Weisman, Esq.

Recently the Department of Homeland Security joined Interpol and the FBI to issue a serious warning about a botnet called the Simda botnet.  A botnet, as readers familiar with Scamicide will know, is a network of infected computers used by cybercriminals to spread malware.  According to the Department of Homeland Security more than 770,000 computers have already been affected by the Simda botnet which has been around since 2009 preying on computers that are not properly protected by up to date anti-malware software.  The Simda malware not only enables the cybercriminals to use their victims’ computers to spread this and other malware, but it also enables the cybercriminals to steal personal information from the infected computers that make up the botnet and then use that information for purposes of identity theft.


Here is a link to which you can go to find out if your computer has been infected with the Simda malware.

If you have been a victim of the Simda malware, you should install anti-virus and anti-malware software to rid your computer of the Simda malware.  You should then change the passwords for all of your accounts because they have been compromised.  You should also get a copy of your credit report from each of the three credit reporting agencies, Equifax, TransUnion and Experian to determine if you have already become a victim of identity theft.  You should also lock up your credit reports with a credit freeze at each of the three credit reporting agencies.  You can find instructions as to how to do this here in the Scamicide archives.

Even if you have not become a victim of the Simda malware, you should make sure that your anti-virus and anti-malware software is constantly updated.

Scam of the day – April 21, 2015 – 14 year old charged with felony hacking

April 21, 2015 Posted by Steven Weisman, Esq.

Domanik Green a 14 year old, eighth grader from Florida has been charged with a felony for hacking the computer of one of his teachers and changing the desktop background to a picture of two men kissing.  The hacking was easy to accomplish because the teacher used an easily guessed password.  The hacking itself was more of an innocuous prank than a serious hack.  The student made no attempt to change grades or even access other data.  Yet under Florida law, Green was charged with a felony, which, if he is convicted of, could have a serious effect on his ability to get a job or go to college.  More than anything else, the incident highlighted the school’s security failings.  It has been reported that the particular school attended by Green used weak passwords and that students were even able to view the teachers entering their passwords.


Hopefully, a more appropriate sanction other than a felony conviction will be done in this case.  This case also, once again, highlights the importance of using strong passwords and keeping them secret.  It is also important for people to use unique passwords for every account that they have.  A strong password will combine capital letters, small letters and symbols.  A good way to pick a password is to choose a short phrase, such as IDon’tLikePasswords and then add a couple of symbols so it reads IDon’tLikePasswords!!! which can then be used as a base password to be adapted by a few letters to indicate a particular account so, for instance using this password for an Amazon account would make it IDon’tLikePasswords!!!Ama.  That would be a strong and unique password.

Scam of the day – April 20, 2015 – Latest security updates from the Department of Homeland Security

April 19, 2015 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  Users of the affected programs should make sure that they update their software with these latest security patches as soon as possible.  Today’s updates include important security patches for Google Chrome, Oracle, Adobe Flash, Adobe ColdFusion, Flex, and Microsoft Windows.  The Adobe Flash vulnerability had been exploited by Russian hackers to obtain information from the computers of other governments.


Here are links to the latest security updates from the Department of Homeland Security: