Scam of the day – August 2, 2014 – Nigerian letter, Chinese style

August 2, 2014 Posted by Steven Weisman, Esq.

By now everyone is familiar with the so-called Nigerian letter scam which starts with your receiving an email from Nigerian telling you of an inheritance or some other way that you have been fortunate enough to be receiving a fortune.  At first it appears that you do not have to do anything to claim your money, but as time goes on more and more fees make their way into the mix, from taxes to administrative fees to even bribes of public officials, the victim ends up paying thousands of dollars and ultimately receiving nothing.  These emails are still being sent and they are still successful too much of the time as some people’s greed blinds their good sense.  This scam has worked with little variation for more than six hundred years.

Now we have a new variation.  In this new version of the scam you receive an actual letter from a private wealth management company affiliated with a bank in China.  You are told that a deceased client of the company has a name that is very similar to yours and that the client died leaving nine million dollars which has been wisely invested to a point where it is now worth twelve million dollars.  The scammers sending you this letter know your actual name and direct the letter to you by name and describe the dead relative with a name quite similar to yours.  The letter is well written and looks official.  Once again, the letter initially makes it appear that claiming the millions is simple and at no cost, but as time goes by more and more funds are required to be paid in order to claim your inheritance which never comes.  Interestingly enough, the letter closes with a reminder that “riches never come easy or on a platter of gold.”  The people receiving the letter should heed that advice and ignore the letter. It is nothing but a scam and no good will come if you communicate with the sender in any way.  It has been estimated by law enforcement officials that ten thousand of these letters have already been circulated and that as many as six hundred people have fallen for the scam.  That is only 6%, but it is 6% too many.

Scam of the day – August 1, 2014 – Homeland Security warning about retail hackings

August 1, 2014 Posted by Steven Weisman, Esq.

Everyone is aware of the epidemic of hackings of major companies, such as Target, P.F. Chang’s, Neiman Marcus, Michaels, Sally’s Beauty Supply and Goodwill Industries and, as I have repeatedly warned you, these hackings will only increase in frequency in the upcoming months.  Yesterday, the Department of Homeland Security issued  a report that details how these hackings occurred and what needs to be done to reduce them.  A major part of the problem is that more and more companies permit both their employees as well as third party contractors to access the company’s computers over the Internet.  There are many legitimate reasons for doing this, but it tremendously increases the chances of major data breaches as employees and third party contractors who may not be following proper security practices are being hacked and, in essence, providing identity thieves and hackers with access to the computers of the targeted companies.  In addition there are some inherent security flaws in the Microsoft and Apple software used by these employees and third party contractors.   Thus the hackers exploit the weakest links, which they are doing quite effectively.

The Department of Homeland Security identified a malicious software which they have called “Backoff” that, when it makes its way on to the Point of Sale credit and debit card processors, is able to steal credit and debit card information, account numbers, expiration dates of credit card and debit cards and PINs.  Backoff is a very evolved type of malware that, to date, has avoided detection by the anti-malware and anti-virus software used by companies today to protect their computers from data breaches and hackings.

TIPS

Corporate America has a lot of things it should be doing, but it is unlikely that these steps will be done in a sufficiently timely manner to stop data breaches in the upcoming months.  A switch to smartcard technology with computer chips in the credit card would render this type of credit card data unusable to identity thieves, but retailers have been extremely slow to adopt this technology.  Requiring employees and third party vendors to use stronger passwords and to change those passwords regularly would help as would the requirement of two-step verification rather than merely using passwords to provide access.  Another important step for companies to do is to limit access to the credit card and debit card processing systems by people having access to other computer systems within the company.   Credit and debit card processing systems should be isolated.

But what can we do?

The most important thing to do is to recognize that data breaches will be occurring.  Everyone should regularly monitor their credit card usage carefully to recognize security breaches as soon as possible and then to report the breach to your credit card company.  In addition, limit your use of your debit card to use as an ATM card.  Do not use it for retail purchases.  The consumer protection laws available to you if your debit card is hacked are not as strong as the laws that protect fraudulent use of your credit card.  In addition, even if you do become aware and report a breach of your debit card security right away, your access to your account will be delayed while your bank investigates the matter.

Scam of the day – July 31, 2014 – Latest software security updates

July 31, 2014 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates provide critical security updates for a number of important software programs which we all use including Google Chrome and Mozilla Firefox, which if not installed will put you in serious jeopardy of identity theft and being hacked.

TIPS

Here is the link to the latest security updates as issued by the Department of Homeland Security: https://www.us-cert.gov/ncas/bulletins/SB14-209

Scam of the day – July 30, 2014 – European Central bank hacked and extorted

July 30, 2014 Posted by Steven Weisman, Esq.

The European Central Bank has announced that hackers had hacked into its computers and stole information about people who had registered for some bank events which included news conferences.  Many of the people whose information was stolen were journalists who attended bank events including news conferences.  The information stolen included names, email addresses and telephone numbers.  Shortly after the information was stolen, the bank received an extortion email demanding money and threatening to release the information if the hackers were not paid.  It is important to note that although the hacking was of the European Central Bank which has much confidential and sensitive information within its computers, the hacking was from a public website of the bank that is not connected to the bank’s computers and data banks of sensitive information.  The hacking is, however, embarrassing for an institution that prides itself on its security.

TIPS

This incident is another reminder that your personal information is only as safe as the places with the weakest security that hold your information.   As much as you can, you should limit the information you provide companies and governmental agencies.  It is also important to note that when apparently innocuous information such as this is compromised it makes those people affected more vulnerable to spear phishing which occurs when you receive a phony email that is directed to you personally and appears to come from a trusted source with which you have done business.  It is for this reason that I advise people never to click on links in emails or download attachments from emails unless you are absolutely sure that they are legitimate.  Too often the email that appears legitimate may actually be coming from an identity thief who has personal information about you and who may put malware into these links and attachments.

Scam of the day – July 29, 2014 – Government takes action against mortgage relief scams

July 29, 2014 Posted by Steven Weisman, Esq.

The Federal Trade Commission, Consumer Financial Protection Bureau as well as attorneys general from fifteen states have started legal actions against more than 40 law firms and companies including the Utah based Danielson Law Group, FMC Counseling Services and California based Mortgage Relief Advocates that are alleged to have falsely promised distressed homeowners that they could lower their mortgage payments and interest rates as well as stop foreclosures.  In violation of the law these companies and law firms collected advance fees for services not yet performed and in most cases were never performed.  These fees ranged up to $6,000 for initial fees with additional monthly fees for which the consumers received little or nothing.

TIPS

A telltale signs of a mortgage relief scams is the demand for an upfront fee before services are rendered.  The FTC’s Mortgage Relief Services Rule bans advance fees until you have actually received an offer of relief from your lender and you have accepted that offer.  Mortgage scammers also often tell you to stop paying your mortgage and not to communicate with your lender.  This is bad advice when you have a problem with your  mortgage.  Failing to make payments can make it worse and not communicating with your lender if you are having a problem paying your mortgage will only make the problem worse.  Finally, don’t trust any company that guarantees that they can get you a mortgage payment reduction and never transfer title to your home to anyone saying they are trying to help you.  That is another sure sign of a scam.

If you do find yourself having difficulty making your mortgage payment, either speak with your lender directly to see if you can get a modification or call a legitimate credit counselor through the Homeownership Preservation Foundation which is a non-profit company that provides free help to modify your mortgage and avoid foreclosure.  You can reach them at 1-888-995-HOPE.

Scam of the day – July 28, 2014 – Malaysia becoming a scam center

July 28, 2014 Posted by Steven Weisman, Esq.

Recently Malaysia has become a major hub for scams, most prominently romance scams in which the scam artist, the only criminal we refer to as an artist, contacts the victim on a legitimate dating website, such as Match.com and starts an online relationship with the victim that soon progresses to a plea for money.  It has been estimated that the total cost of Malaysian cybercrime last year was 300 million dollars with romance scams being one of the most prominent of the scams perpetrated.  Two American women, in particular each was swindled out of more than $250,000.  The scammers are quite often from Nigeria or Ghana, but come to Malaysia because it is easy to get a student visa, the country has a sophisticated computerized banking system and the Internet infrastructure is strong.  This creates a perfect storm for scammers.  Often the scammers pose online as American, Canadian, Australian or British nationals who are in Malaysia for business.

TIPS

There are many red flags to help you identify romance scams.  The most important thing to remember is to always be skeptical of anyone who falls in love with you quickly online without ever meeting you and early into the relationship needs you to wire money.  Here are a few other things to look for to help identify a romance scam.  Often their profile picture is stolen from a modeling website on the Internet.  If the picture looks too professional and the person looks too much like a model, you should be wary.  Particular phrases, such as “Remember the distance or color does not matter, but love matters a lot in life” is a phrase that turns up in many romance scam emails.  Also be on the lookout for bad spelling and grammar as many of the romance scammers claim to be Americans, but are actually foreigners lying about where they are and who they are.  Of course you should be particularly concerned if someone falls in love with you almost immediately.  Often they will ask you to use a webcam, but will not use one themselves.  This is another red flag.  One thing you may do is ask them to take a picture of themselves holding up a sign with their name on it.  In addition, ask for a number of pictures because generally when the scammers are stealing pictures of models from websites, they do not have many photographs. Ask for the picture to be at a particular place that you designate to further test them.  In particular be wary of  requests for money to assist your new “friend” out of difficult situation, which may be a false arrest, a car accident, an illness, injury or other emergency.

Scam of the day – July 27, 2014 – Senate holds hearings on the Grandparent scam

July 27, 2014 Posted by Steven Weisman, Esq.

Recently the Senate Special Committee on Aging held a hearing on the infamous Grandparent scam, which occurs when a scammer calls an elderly person posing as their grandchild who has been involved in some sort of emergency and needs the grandparent to wire money to them right away.  One 81 year old witness at the hearing spoke about receiving a call late at night from someone purporting to be his grandson who needed bail money after being arrested on a drug charge.  In response to the call, the witness testified how he purchased a  $7,000 prepaid money card and then provided the money card information to the scammer who has never been heard from again.  It was only afterwards that the witness was able to reach his grandson on his cell phone to learn that the entire matter had been a scam.

The Senate Special Committee on Aging has in recent years focused much attention on scams preying upon older Americans, such as the Jamaican lottery scam, income tax scams, Social Security scams and Medicare fraud.

TIPS

Never wire money unless you are absolutely sure about to whom you are wiring the money and it is not a scam.  If a claim about a medical or legal emergency is made, contact the hospital or legal authorities in the area to confirm that the information is accurate.  Make sure that you have the cell phone numbers of your grandchild as well as  anyone with whom your child or grandchild is traveling so you can confirm any calls claiming that an emergency has arisen.  Call the child directly on his or her cell phone to confirm the story.  Students traveling abroad should register with the State Department’s Smart Traveler Enrollment Program at https://travelregistration.state.gov/ibrs/ui/.  This program can help with communications in an emergency situation.

Scam of the day – July 26, 2014 – Immigrant children charity scam

July 26, 2014 Posted by Steven Weisman, Esq.

The plight of children from Central America pouring into America has caught the attention of many people as the government is working to both enforce our immigration laws while showing compassion for these children.  Times like this bring out the best in many people and there are a number of charities including, most prominently, Catholic Charities USA that are providing humanitarian assistance to these children in need.  Unfortunately, scammers are also taking advantage of the situation by either appealing to people through phony charities or by telephoning people pretending to be representing legitimate charities.  In both cases, the money you contribute goes to a scammer’s pocket and not to help needy children.

TIPS

Phony charities often have names that sound very similar to legitimate charities so don’t give to a charity unless you are sure that it is legitimate.  A good place to go to find out if a charity is legitimate as well as to learn how much of your contribution will go to the charity’s charitable purposes and how much goes to its own salaries and administrative expenses is www.charitynavigator.org.  As for telemarketing charitable solicitations, even if you are enrolled in the Do Not Call List, charities are allowed to call you, however, whenever you get a call, you can never be sure who is on the other end of the line so you should never make a charitable donation over the phone to someone who has called you.  If you are inclined to give a donation in response to such a call, go to the charities website or call them at a number that you know is correct in order to make your contribution.

Scam of the day – July 25, 2014 – Important security updates for Java and other software

July 24, 2014 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always identifying and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates provide critical security updates for a number of important software programs which we all use which if not used will put you in serious jeopardy of identity theft and being hacked.  In particular, this round of security updates provides important security updates for Java software.  Java has been a favorite target of scammers and identity thieves so much that the Department of Homeland Security has even advised people who don’t have to use Java, to disable it.  For more information about Java software I suggest you check out earlier Scams of the day that dealt with Java problems.  You can find these in the Scamicide archives.

TIPS

Here is a link to the latest security alert and updates as issued by the United States Department of Homeland Security: https://www.us-cert.gov/ncas/bulletins/SB14-202