Scam of the day – December 2, 2013 – Safe holiday shopping on your smartphone

December 2, 2013 Posted by Steven Weisman, Esq.

More and more people are using their smartphones for online shopping and other financial transactions.  It is important to remember, however, that is just as important to use proper security precautions on your smartphone as you do with your computer, laptop or other electronic devices.  Theft of smartphones is a frequent occurrence, particularly during the holiday season.  If you have not protected your smartphone properly, all of the information stored on your smartphone becomes available to the identity thief who can use this information to make you a victim of identity theft.  Clicking on infected links or downloading attachments infected with malware can also cause your smartphone’s information to be turned over to an identity thief at your extreme peril.

TIPS

Start with the basics.  Make sure you have a complex password for your phone.  Too many people do not even use one.  Also, have your phone time out and locked after a period of time so that if your phone is stolen it will not readily be usable by a criminal stealing your phone.   In addition, you should make sure that you are using encryption software, anti-virus software and anti-malware software on your smartphone and keep these programs up to date with the latest patches.  Finally, only get your apps from legitimate sources, such as the Apple App store or Android Market.  Infected apps are a major source of identity theft.

Scam of the day – December 1, 2013 – Important Microsoft security alert

December 1, 2013 Posted by Steven Weisman, Esq.

Identity thieves and scammers constantly are exposing vulnerabilities in the software programs that we use for their criminal purposes, which is why it is critical that you update your software programs as soon as possible when security patches and updates become available.  Recently Microsoft issued a security advisory in which the company indicated that it had discovered a serious vulnerability in the Windows XP and Windows Server 2003, two of the older Windows software programs.  At the moment Microsoft has not developed a sufficient update or patch to remedy this problem, however, Microsoft does recommend a Workaround, which is a setting or configuration change that will not remedy the vulnerability, but will block attacks until a patch can be developed.

TIPS

The full Microsoft Security Advisory including instructions as to how to construct a Workaround that will block attacks attempting to take advantage of the identified vulnerability in the affected software programs can be found by clicking on the following link and going to the Microsoft Security Advisory.  If you use either of these programs, it is critical that you take this preventive action.

https://www.us-cert.gov/ncas/current-activity/2013/11/28/Microsoft-Releases-Security-Advisory-Microsoft-Windows-Kernel

Scam of the day – November 30, 2013 – Holiday shopping scams

November 30, 2013 Posted by Steven Weisman, Esq.

As the holiday shopping season is in full swing, over the next month I will be warning you about the latest scams and identity theft schemes related to holiday shopping, both in brick and mortar stores and online.  Today, I will start with shopping in a store.  Most of us use either a debit card or a credit card when shopping in a store.  The biggest risk when using either card occurs when a criminal clerk takes your card of either variety and swipes it through a small device, no bigger than the palm of your hand, called a skimmer.  This device will steal all of the information from your card and store it for the identity thief behind this scam to use either for purchases online using your credit or debit card number or by actually taking the information and imbedding it on a phony credit card.

TIPS

The first thing you should do is retire your debit card to use only as an ATM card.  While federal law limits the amount that you are liable for when fraudulent charges are made using your credit card to no more than $50, with a debit card, if you do not recognize that your account has been compromised right away, potentially the identity thief could empty the entire bank account tied to your debit card.  In addition, even if you do notice the fraudulent use immediately, your account will be frozen while the bank does its investigation into the matter, thereby limiting your access to your funds.  As for the danger of skimmers, you should watch your credit card every minute that the clerk has it in his or her possession to make sure that he or she only swipes it through the store’s credit card processor and doesn’t do that extra swipe through a skimmer.

Scam of the day – November 29, 2013 – Criminal identity theft

November 29, 2013 Posted by Steven Weisman, Esq.

Recently Kimberly Fossen of Portland, Oregon was awarded $105,000 in her lawsuit against the county for her arrest and temporary jailing when the police were actually looking for Minh Thuy Nguyen who had stolen Kimberly Fossen’s identity a year earlier.  At the time of her arrest, Fossen knew that the arrest warrant was meant for Nguyen instead of her and tried to tell police to compare fingerprints to confirm that this was a case of criminal identity theft where someone steals your identity and then commits crimes in your name.  However, the police denied her request, took her to jail and arraigned her the next day in court while shackled and dressed in a prison uniform.  Shortly thereafter the police discovered their mistake and Fossen was freed.  In other cases, people have been jailed for months before they are able to convince authorities that they are dealing with criminal identity theft.

TIPS

If you learn that you are a victim of criminal identity theft and that someone has stolen your name and committed crimes using your name, you should contact the police an District Attorney’s office immediately.  File a report indicating that you are a victim of identity theft.  Get a letter from the District Attorney explaining the situation so that if you are ever stopped by a police officer or arrested, you can prove that the criminal is not you.  For more details on what you can do, get a copy of “50 Ways to Protect Your Identity in a Digital Age” which can be ordered from Amazon by clicking on the link on the right hand side of this page.

Scam of the day – November 28, 2013 – Dangerous electronic greeting cards

November 28, 2013 Posted by Steven Weisman, Esq.

Happy Thanksgiving to everyone.  I hope your day is a good one free of scams and identity theft.  Electronic greeting cards have become very popular and with good reason.  Even if you don’t remember a birthday or delay sending a holiday card until the last minute, you can send an electronic greeting card, often for free, and have it delivered immediately.  Many electronic greeting cards are quite inventive with videos and music, as well.  But, unfortunately, you can always count on scam artists and identity thieves to try to spoil anything and electronic greeting cards are no exception.  The scam starts when you get a phony electronic greeting card that requires you to click on a link to read the card.  If you click on one of these phony greeting cards, you will end up downloading a keystroke logging malware program that will steal all of the information from your computer and end up with you becoming a victim of identity theft.

TIPS

One of the first things to notice is who is indicated as the person sending the card.  If it states that the card is being sent by “a friend” or “an admirer,” you can be pretty sure that it is a phony card.  However, even if the card uses the name of someone you know, it still is risky to open the card without confirming with an email or a phone call that your friend actually did send you the card.  It is also important to keep your security software including anti-virus software and anti-malware software installed and up to date at all times.

Scam of the day – November 27, 2013 – Arrest of student hacker

November 27, 2013 Posted by Steven Weisman, Esq.

Suffolk County, New York Police recently arrested seventeen year old Matthew Calicchio and accused him of hacking into the student records of students in the Sachem School District and then posting the personal information on thousands of students online.  The hacking was first discovered in August, but was not able to determine who they thought had perpetrated the crime until now.  The hacked information has been taken down, but was up online long enough to pose a significant threat of identity theft to thousands of people whose information had been stolen.

TIPS

If indeed, Calicchio is the hacker, this is just another example of how young and relatively inexperienced hackers can obtain critical information from various sources that do not protect their data properly through encryption and other security measures.  It is also a lesson to all of us to make sure that we limit the places that have our personal information to only those entities that truly require our personal information.  And just as it was said that eternal vigilance is the price of liberty so is it the price of personal security.  Make sure that you monitor your credit report regularly and are regularly looking for indications of identity theft.

Scam of the day – November 26, 2013 – Dangers of hotel Wifi

November 26, 2013 Posted by Steven Weisman, Esq.

Identity theft victim Barbara Shaw now knows all to well the dangers of hotel Wifi.  Upon returning to the United States recently from a European trip, she checked her airline frequent flier account to make sure that she was credited with all of the miles from her trip, only to find that more than 250,000 miles had been withdrawn from her account and converted into gift cards and mailed to the identity thief who stole them from her account.  Eventually, investigators discovered that Ms. Shaw had become a victim of identity theft when she thought she was using a hotel Wifi system when in fact, it was a phony Wifi system set up at the hotel at which she was staying so when she used the Wifi at the hotel to go into the account, she provided the information to the identity thieves who were able to get all of the information they needed to access her account.

TIPS

Make sure that the Wifi you are using is the legitimate Wifi of the hotel, restaurant or other venue that you are using.  Confirm with the hotel or restaurant that the address of the Wifi is the correct one.  Any computer or tablet that has wireless capabilities activated should also have security software installed at the same time.  One of the best ways to protect yourself when using Wifi is to encrypt your data.  Make sure your wireless router has an encryption mechanism and that it is turned on.  Even wireless routers that have encryption capabilities are often delivered with this feature turned off.  It is up to you to make sure that your encryption feature is functioning.  Most wireless routers also have a feature called Identifier Broadcaster that announces your presence to other devices in the Wifi area.  Make sure that yours is turned off so you are not alerting anyone to your computer’s presence.  Finally, even if your Identifier Broadcaster is turned off, wireless routers come equipped with a standard default identifier for your particular computer.  This default identifier is known by identity thieves and hackers, so change your identifier so that your computer cannot be accessed by identity thieves and hackers.

Scam of the day – November 25, 2013 – Smartphone banking scam

November 25, 2013 Posted by Steven Weisman, Esq.

Many of us use our smartphones for so many more tasks then merely speaking on the phone.  Smartphones have become the fast and convenient way for 300 million people to do their banking.  They also have become the fast and convenient way for scam artists and identity thieves to steal the money from your bank account by planting (with your assistance) malware on your smartphone that not only can read all of the information on your smartphone including your banking passwords and other personal information, but can even change the way your bank account balances appear to you on your smartphone so you are not aware that your account has been stolen by an identity thief.

TIPS

The primary way that identity thieves and scammers install the necessary malware to get access to your bank account and steal your money is by luring you into unwittingly downloading the malware that gives them control over and access to the information in your smartphone.  Most often they do this by a technique called phishing which I have described many times previously in Scamicide.  Phishing occurs when you are lured into clicking on a link or downloading an attachment that appears to be legitimate, but in fact is riddled with malware.  The malware is contained in the link or download material that is often contained in an email that appears to be from a company with which you do business or a trusted friend when in fact, the email is from an identity thief.  It is for this reason that I am constantly warning you not to click on links or download attachments unless you are absolutely sure that they are legitimate.  Just because it appears to come from a friend of yours does not make it legitimate.  His or her email could have been hacked making it appear that the communication and the link are legitimate when they are not.  This technique is called spear phishing.  That is why I always tell you to confirm that the email is legitimate regardless of how good it looks before you download anything or click on a link.

In addition, you should make sure that your smartphone as well as all of your electronic devices are protected with the latest anti-virus and anti-malware software and that you keep these security programs constantly updated with the latest security patches and updates.  In addition, you may even want to consider having a separate smartphone for online banking and other financial transactions on which smartphone you do not do any text messaging or emails in order to avoid falling prey to phishing.

Scam of the day – November 24, 2013 – Phony Yellow Pages scam

November 24, 2013 Posted by Steven Weisman, Esq.

The Federal Trade Commission recently got an injunction stopping the operation of a scam based in Montreal, Canada, but aimed at American businesses and churches involving phony online business directory listings.  At the time that the FTC acted, the scammers, Mohamad Khaled Kaddoura, Derek Cessford and Aaron Kirby as well as the fifteen companies under which they operated had stolen more than fourteen million dollars from unsuspecting victims.  The scam would start with a phone call in which the scammers said that they were verifying contact information to update or confirm existing directory listings.  Other times they said that they were calling to verify information for cancellation of a listing.  In every instance, these were total misrepresentations because the businesses and churches called had no previous relationship with the callers.  The calls were then followed up with bills averaging about $500.  When the victims complained, the scammers played back portions of the initial telephone calls that made it sound like they actually did purchase the listing services.  If the victims still refused to pay, the then received calls purporting to be from collection agencies threatening legal action.

TIPS

Never provide information to anyone over the phone or in response to an email or text message unless you are absolutely sure that the person contacting you is legitimate and they have a legitimate need for the information you are providing.   In this case,  people receiving the original call should have refused to provide any information until they had verified that their company or church actually had an account with the caller, which, of course they did not.  Had they taken this simple step rather than provide information to someone they did not know, they could have avoided much trouble.  This is a valuable lesson for all of us.  Scammers will often sound legitimate, but being aware of that, you should always decline to provide information to anyone who contacts you until you have absolutely verified that the call is legitimate and the need for the information is legitimate.

Scam of the day – November 23, 2013 – Phony LinkedIn job postings

November 23, 2013 Posted by Steven Weisman, Esq.

LinkedIn is a popular social media website used by business professionals to network with other professionals.  More than 225 million people around the world are members of LinkedIn.  LinkedIn is used by these people to get ideas, explore opportunities and even to list job postings.  Anything with 200 million members is attractive to scam artists so it is not surprising that scammers are constantly trying and often successful in posting phony job offers despite the best efforts of LinkedIn to recognize and take down these phony ads.  Bitdefender, which is a maker of anti-malware software recently exposed a phony job advertisement placed by a recruiter who used the name Annabella Erica.  Scammers had managed to infiltrate and put her profile into the legitimate LinkedIn group Global Jobs Network, which has 167,000 members.   Scammers put these phony ads on LinkedIn and other social media in order to gather personal information which is then exploited for purposes of identity theft.  Other times the phony ads will contain links that if clicked upon will automatically download keystroke logging malware which can steal all of the information from your computer and lead to your becoming a victim of identity theft.

TIPS

The best place to look for a helping hand is at the end of your own arm.  Although LinkedIn and other websites that carry job postings try to identify and either prevent or remove phony ads from appearing on their websites, you cannot depend on these companies to fully protect you.  Certainly a little skepticism helps when you see a job posting for a job that sounds too good to be true.  In that case you should fully investigate the company before providing any information and should never click on any links or download any attachments until you have done sufficient research to make sure that the job offering is legitimate.  In addition, you should make sure that you not only have a good Firewall, anti-virus and anti malware software installed on your electronic devices, but that you keep this security software up to date with the latest patches and updates to help insure your protection.