Scam of the day – December 24, 2013 – Cramming update

December 24, 2013 Posted by Steven Weisman, Esq.

Those of you familiar with the scam called “cramming” from either the list of scams on the right hand side of  the Scamicide home page or having read my book, “The Truth About Avoiding Scams” know that cramming is the name given to the scam that occurs when someone unwittingly agrees to phony charges that keep reoccurring on your phone bill.  At first, the most common way cramming occurred was when people completed contest applications without reading the fine print that also signed them up for a service that would be charged to their phone.  Many times the charges were listed in a vague manner or were for small monthly amounts such that they did not raise suspicion.  Smartphones have recently become the primary target of cramming, which often now starts when you receive a text message about a contest.  When you respond to the text message, once again you get signed up for a monthly service that you never intended to purchase.  Often the crammed amount shows up on the phone bill as “premium text message.”  These charges can range from as little as $2 per month to as much as $25 per month.  Recently the Vermont Attorney General settled cramming claims with 25 different companies accused of cramming who agreed to pay 1.6 million dollars to the state to be returned to cramming victims.  Attorneys General in 39 other states are now actively working to eliminate smartphone cramming with AT & T, Sprint and T-Mobile to eliminate cramming and although these wireless carriers were not directly accused of cramming, their former cooperation with crammers did permit them to perpetrate this fraud.

TIPS

Rarely is there ever anything fine in fine print.  Always make sure, particularly if you are entering a contest that you read the entire rules carefully to make sure that you are not agreeing to charges for a service you do not want.  You should be particularly wary when you receive an offer by way of a text message from a company with which you do not do business on a regular basis.  And, as always, it is a good practice not to click on links in smartphone messages unless you are absolutely sure that the message and link are legitimate.  Too often, they come with malware that can lead to our becoming a victim of identity theft.

Scam of the day – December 23, 2013 – Identity theft risk in old gaming consoles

December 23, 2013 Posted by Steven Weisman, Esq.

A few days ago I warned you about the latest scams tied to the XBox One and PlayStation 4.  However, people who purchase the new gaming consoles generally will sell their  their older gaming consoles on eBay or other sites after they buy the newer version.  To the surprise of many people, this can lead to identity theft.  Video game consoles such as the XBox and PlayStation are not just video game players, but they are quite sophisticated computers that will often have important personal information including credit card information stored on the computer’s hard drive.  Identity thieves know this and will often buy the used gaming consoles to harvest the personal information from the consoles and make their former owners victims of identity theft.

TIPS

If you are selling or otherwise disposing your older video game consoles, make sure that you remove all personal information from the hard drive before you sell or get rid of the console.  The simplest way to do this is to get an external hard drive reader that you can use to connect your console’s hard drive to your computer.  Once it is connected to your computer, you can use a program such as “Eraser,” which is free to remove your personal information from your console’s hard drive.

Scam of the day – December 22, 2013 – Phony Amazon invoice scam

December 22, 2013 Posted by Steven Weisman, Esq.

With just a couple of days to go before Christmas, the holiday shopping season is in full swing.  Unfortunately, it is also full swing for scam season as scammers continue to take advantage of people who may be too distracted by their shopping to follow proper scam avoidance.  A case in point involves an email which many people, including myself, recently received.  The email purports to be from Amazon and it relates to a recent order of mine.  The email itself does not provide much detail, but there is an attached invoice.  Unfortunately, if you download the attached invoice, you will not be downloading a legitimate Amazon invoice, but instead, you will be downloading a keystroke logging malware program that the identity thief who sent you the email will use to steal all of the information from your computer and make you a victim of identity theft.

TIPS

As legitimate as the email appears to be, what you do not see which is a tell-tale sign that this is a scam is that the email was not only addressed to me, but to thirteen other people whose email began with the same first name as mine.  If you click on “details” in the email heading you can see the other people to whom it was also sent.  Obviously this is a scam.  However, as I have often warned you, downloading attachments or clicking on links unless you are absolutely sure that they are legitimate is a dangerous practice because unwittingly you may be downloading keystroke logging malware.  If you did order something from Amazon or anyone else, you should confirm the invoice number with Amazon before considering downloading the invoice.

Scam of the day – December 21, 2013 – What to do if you were a Target hacking victim

December 21, 2013 Posted by Steven Weisman, Esq.

With 40 million credit and debit cards affected by the recent hacking of Target, there is a good chance that many Scamicide readers are a part of that group that includes my own wife.  The hacking of Target once again shows that regardless of how careful you are, you are only as safe from identity theft as the place with the weakest security that holds or processes your personal information such as credit cards.  Today I am going to provide the simple steps that you should take if your credit card or debit card was compromised.

TIP

First of all, resolve not to use your debit card for purchases.  Reserve its use for ATMs.  The maximum that you are possibly liable for in regard to fraudulent charges on your credit card is only $50 and most credit card issuers won’t charge you anything.  However, with a debit card, if you don’t notice the illegal withdrawals from your bank account in a timely fashion, you risk losing all of the money in the account and even if you do report the fraudulent activity right away, you will not be made whole by the bank until they have completed an investigation of the matter.

The next thing you should do is check your credit card statement for illegal activity.  Do this online for both speed and to see the most recent transactions.  If fraudulent purchases appear, notify the credit card company to have them remove the charges.  Also file a police report.  You should then cancel the card and have the credit card company issue you a new card.  Even if you have not yet noticed illegal activity, you shouldn’t be complacent because generally in these situations, the thieves sell the stolen credit card information on black market websites and there may be a long time lag before you would see illegal activity on your card.  Why wait for the inevitable?  Cancel the card and get another one.

You also should use this opportunity to obtain your free credit report in order to make sure that there is no evidence of identity theft.  Go to www.annualcreditreport.com.  This is the only source for the free credit reports that you have a right to have by law.  Many other websites with similar names may provide you with a free credit report, but in the fine print, you may find that you have unwittingly signed up for a costly service that you do not want or need.

Finally, you may wish to consider putting a credit freeze on your credit report so that even if someone has sufficient personal information about you to otherwise gain access to your credit report in order to use it to make a large purchase, they would not be able to get access to your credit report because it is frozen and can only be made available by you using a PIN.  You can find all the information you need about credit freezes here on Scamicide.  Just go to the column on the right and click on “credit freezes.”

 

Scam of the day – December 20, 2013 – Massive hacking at Target

December 19, 2013 Posted by Steven Weisman, Esq.

If you, like my wife, shopped at any of the 1,797 Target stores in the United States between November 27th and December 15th, you may be in serious danger of identity theft if you used a credit card or a debit card.  Target announced today that more than 40 million customers who made purchases at Target stores during that time period had their credit and debit card data stolen by hackers through what appears to be a point of sale security breach attack which is the same type of attack that was used against Barnes and Noble in 2012 as I explained to you then in a number of Scams of the day at that time.  The data stolen includes customers names, credit card numbers, debit card numbers, expiration dates and the three digit security code found on cards.  This information can be used easily to make the affected customers victims of identity theft.

As I have repeatedly said, debit cards are a dangerous way to shop because unlike credit cards which carry a potential liability of no more than $50 for fraudulent purchases made using your credit card, if your debit card security is compromised and your discovery of the breach of your security is delayed. you risk losing all of the money in the bank account connected to your debit card.  As more companies have become better at protecting the credit card data and debit card data including PINs that are found on the companies’ computers through encryption and other security measures, the weak link now more and more being exposed by identity thieves is the point of sale (POS) terminals that many companies use that is found at the checkout counter.  We are all familiar with these small machines through which we swipe our credit or debit card rather than giving our card to the clerk to run through the cash register’s credit or debit card processor.  Unfortunately, many stores, including Barnes and Noble as I described in my Scam of the Day on October 25, 2012 and now Target have not taken the steps necessary to protect the security of these devices which in many stores have been manipulated to provide credit card and debit card information including PINs to identity thieves.  In some instances, the identity thieves have posed as repairemen to alter these credit and debit card terminals in order to get access to the information contained therein.  Debit cards in particular present a substantial problem because once the identity thief has the card number and PIN, it is a relatively easy task to create a phony debit card that can be used at any ATM to empty the victim’s account.

The massive scope of this hacking is evidence of a very sophisticated hacker being behind this because of the necessity of physically altering the various  card processors.  Generally when this data is stolen in such a huge hacking, the card information is sold to other criminals on the black market.

TIPS

Don’t use your debit card for shopping.  The risk is just too great.  Limit its use to getting cash from an ATM.  Additionally, if you are shopping with either a credit card or a debit card (and not following my advice) don’t use the POS terminals, but rather ask the clerk to run your card through his or her cash register’s credit card terminal.  Your security is improved as the cash register’s information is generally protected better by most companies.  If you are one of the affected people in this Target hacking, make sure you monitor your credit card account or debit card activity online regularly for quite a while.  Just because you may not have yet had phony charges made is no consolation, as it sometimes takes time before the stolen card information is sold by the hackers and used by the criminals buying the information.

Scam of the day – December 19, 2013 – Playstation 4 and Xbox One targeted by hackers

December 18, 2013 Posted by Steven Weisman, Esq.

Computer security company Kaspersky Lab recently disclosed that it had found that hackers have been targeting the new Playstation 4 and Xbox One gaming consoles in large numbers.  However, owners of these two systems are not alone.  According to Kaspersky, there are an estimated  34,000 cyber attacks on gaming systems each day through the world.  The country with the largest number of gaming cyber attacks is Spain wtih Poland a relatively close second.  The hackers are after gamers’ usernames and password which they then sell on the black market.  This also poses a larger problem of identity theft for hacked gamers due to the fact that too many people use the same usernames and passwords for multiple accounts, putting their security in jeopardy if that information falls into the hands of an adept identity thief.

TIPS

As with so many  instances of hacking, the way that hackers gain access to your smartphone, computer, laptop or gaming console is through phishing techniques that lure people into downloading tainted attachments or clicking on infected links.  As I constantly remind you, never click on links or download attachments unless you are absolutely sure that they are legitimate and even if they appear to come in a text or an email from someone you trust, your friend’s smartphone or email account could have been hacked so it appears a message containing a link or an attachment is coming from someone you trust when in fact, it is coming from an identity thief or hacker who has infected the link or attachment with keystroke logging malware that will steal the information from your computer, smartphone or other device and make you a victim of identity theft.

Scam of the day – December 18, 2013 – Latest critical security patches

December 18, 2013 Posted by Steven Weisman, Esq.

As I regularly do on Scamicide, today I am providing you with information about the latest security patches and updates for many important software programs that you use including Google Chrome, Adobe, Microsoft Windows, Internet Explorer and Mozilla Firefox.  The list that I provide you is one that is compiled by the Department of Homeland Security’s National Cybersecurity and Communications Integration Center.  It is of critical importance that you download and update the software programs that you use when new security patches and updates become available because the scam artists and identity thieves are constantly working to identify vulnerabilities in these programs that they exploit to your detriment.  Delaying the downloading of these important security patches and updates can have dire consequences.  But just as it is important to install these security patches and updates, many people are wary when they receive notices about downloading such patches and updates because they are wary that the security patch or update that they are installing may be malware that they are being tricked into downloading by a scammer or identity thief.  Fortunately, you can rely on the safety of the security patches and updates provided here by Scamicide.  Make sure you check Scamicide every day not only to become informed about the latest scams and identity theft schemes as well as how to avoid them, but also to find the latest security patches and updates.

TIPS

Here is a link to the latest Cyber Security Bulletin from the Department of Homeland Security containing links to important security patches and updates:

https://www.us-cert.gov/ncas/bulletins/SB13-350

Scam of the day – December 17, 2013 – John Donald Cody sentenced for charity fraud

December 17, 2013 Posted by Steven Weisman, Esq.

In the Scam of the day of October 8, 2013 I told you about the start of the trial of John Donald Cody, a scam artist who was convicted on November 14, 2013 of operating a one hundred million dollar Navy veterans charity scam.  Yesterday, Cody was sentenced to 28 years in prison and fined 6 million dollars.  Cody was tried in Ohio, however, his scam stretched across the country with victims in 41 states.    Among the victims of his scam were former president George W. Bush as well as former Republican presidential candidates Mitt Romney, John McCain and Rudolph Giuliani all of whom were scammed into giving money to the phony charity run by Cody that purported to provide funds for Navy veterans, but instead became just a bank account for Cody.

TIPS

Charity scams are always with us, but they are particularly prominent during the holiday season when people are particularly charitably inclined.  Many phony charities have names that sound legitimate  and may even closely approximate the names of real, legitimate charities so you can never trust the name to tell you much.  You should never give to a charity until you have checked it out to make sure that it is legitimate.  A good place to do that is on the website www.charitynavigator.org where you can also find out how much of what the charity collects goes towards its charitable purposes and how much is spent on administrative salaries and costs of fund raising.  Also, never make a charitable donation over the phone to a telemarketer who has called you.  If you receive such a call, and you can get one even if you are on the federal Do-Not-Call list because charitable calls are exempted from the list, you can never be sure of to whom you are speaking so if you do want to give to a charity that appears to be calling you, contact the charity directly yourself either by phone or online to make sure that your donation is going to the right place.

Scam of the day – December 16, 2013 – Protecting your smartphone from being hacked

December 16, 2013 Posted by Steven Weisman, Esq.

When it was first disclosed that reporters from the British tabloid “News of the World” had hacked into the smartphones of numerous people including celebrities, politicians, and even the royal family, it was big new around the world.  However, now that a criminal trial in Britain is going on dealing with those actions, news coverage in the United States has been somewhat muted.  Regardless of your interest in the particular case, everyone should be interested in protecting their smartphones from being hacked because the danger of identity theft that smartphone hacking provides is huge.  First, the good news, the simple way that the reporters for the “News of the World” used to hack into smartphones was to have two people call the number simultaneously.  When one went to voice mail, the hacker merely took advantage of the fact that at the time of the hackings many people did not bother to change the default PIN for retrieving voicemails and so they merely entered the default PIN for the network and got immediate access to the voice mails of the person called.  That problem has been fixed.  Now all networks have different PINS, which you set.  Some networks will only allow you to change your PIN in a call from your own smartphone to prevent hackers from calling, posing as you and answering security questions and then being able to change the PIN and get access to your voice mail.

TIPS

Protecting your voice mail begins with a strong PIN that is not easily guessed by a hacker.  You also should have a security question that is difficult for a hacker to guess.  Remember even if you are not a celebrity, you probably have a lot of personal information about you online such that someone could learn your mother’s maiden name, where you went to school or your pet’s name.  Many people don’t recognize the amount of personal information they provide to “friends” on Facebook and other social media.  I suggest that you use a nonsensical security question such as, “What is my favorite color?” with the answer “seven.”  It would be impossible for a hacker to guess and silly enough for you to remember.  Protecting the security of your smartphone is even more important today than it was years ago because we all do so much more on our smartphones and they contain much personal and financial information.  Protect your phone with a complex password, have it lock when it has not been used for a period of time, install encryption software, install anti-malware software, install anti-virus software and keep all of these security programs up to date with the latest security patches.  Also make sure that when you download apps, that you get them from legitimate sources.  Corrupted apps are a major source of malware that steals information from your phone.  Also do not click on links or download attachments on your smartphone unless you are absolutely sure they are legitimate.  Tainted links and attachments are a major source of malware that often is to new for your anti-malware software to protect you from.    Finally, delete voice mails after you have listened to them.  If you follow these precautions, your safety will be much improved.

Scam of the day – December 15, 2013 – Nude photos of Carla Bruni used to hack diplomats

December 15, 2013 Posted by Steven Weisman, Esq.

Although the hacking occurred two years ago, it has just been discovered that the promise of nude photographs of Carla Bruni, the attractive wife of French President Nicolas Sarkozy was used to hack into the computers of dozens of diplomats attending the 2011 Group of 20 economic summit.  The Group of 20 Finance ministers and Central Bank Governors, generally referred to as the G 20 is an organization of the finance ministers and central bank governors from 20 major world economies.  The ministers each received an email with the subject line being “French first lady nude photos and a link to connect to those photos.  According to a French government source, almost all of the ministers and bank governors receiving the email took the bait and clicked on the link which indeed did take them to nude photos of Carla Bruni.  However, by clicking on the link, the ministers and bank governors also unwittingly downloaded keystroke logging malware that was used to steal information from the computers of those hacked.  It is also worth noting that before becoming the wife of Nicolas Sarkozy, Carla Bruni was a model, actress and singer who often posed nude and her nude pictures are readily accessible on the Internet without clicking on tainted links.

TIPS

Obviously and to their detriment, the affected finance ministers and bank governors were not regular readers of Scamicide because if they were, they would have known, as I repeatedly warn you, that you should never click on links in emails unless you are absolutely sure that they are legitimate because, as in this case, they often come tainted with keystroke logging malware that can be used to make you a victim of identity theft by stealing your personal information from your computer.  In this particular instance, the goal of the hackers from China who perpetrated this crime was most likely to obtain important financial information from these minsters and governors.  The promise of nude photos being used to lure people into clicking on tainted links is nothing new.  Every year this type of scam catches many unwary people.  Last year, purported photographs of Lily Collins were the most dangerous on the Internet.  You can go to the archives of Scamicide to see last year’s full list of the most dangerous women on the Internet.  Along with not clicking on links from strangers or even links in emails from friends until you have verified that the email actually was from your friend and not from someone who hacked and took over their email account, you should also make sure that your anti-malware software is up to date with the latest updates.