Scam of the day – June 6, 2014 – Secret shopper scam

June 6, 2014 Posted by Steven Weisman, Esq.

Although there is nothing new about secret shopper scams or mystery shopper scams as they are sometimes called, they are scams that are still constantly finding new victims.  I picked today to make this the Scam of the day because I received a scam secret shopper email that I am reproducing below:

Secret Shopper

A TRADITION OF EXCELLENCE

Secret Shopper®

Secret Shopper® is accepting applications for qualified individuals to become mystery shoppers and merchandisers. Its fun and rewarding, and you choose when and where you want to survey. You are never obligated to accept an assignment. There is no charge to become a shopper and you do not need previous experience. After you sign up, you will have access to training materials on our site.

You will write a report about the customer services of the outlet we would give you to evaluate.
The report will be sent back to us via Email, you will have to use the following pointers to prepare your report :

How long it took you to get services.
Ambiance/Outlook of the Shop/Outlet
Smartness of the attendant
Customer service professionalism
Reaction of personnel under pressure
Information that you think would be helpful
Your comments and impressions.

Kindly send us your You can Apply for a job with us now. Email us your

First Name:

Last Name:

House No./Street:

City:

State:

Zip Code:

Phone:

Mobile Phone:

Email:

Alternate Email:

And we would get back to you ASAP with further details on the program

Sincerely,
Recruiting Department,
Secret Shopper®

The mystery shopper scam is a tried and true scam that scammers still use to steal their victims’ money because the scam still works.   The scam begins when you are contacted by mail or email, such as the one featured above purportedly by a company asking you if you want a job as a mystery shopper who will be paid to shop at their store and then report on the shopping experience to assist in market research and improving customer relations.  The pitch sounds legitimate and often the emails and letters appear to be legitimate although it is easy to counterfeit a company’s logo and stationary.  Once you agree to be a mystery shopper, you are sent a certified bank check for an amount such as $5,000 which you are asked to deposit in your checking account and use the money to make purchases that you are allowed to keep.  You are then instructed to send the remaining funds back to the company.  Some victims, believing they were being careful deposited the check and thinking that they were being exceedingly careful, waited a few days for the check to clear.   They then wire the funds, as requested back to the company only to learn a few days later that the certified check sent to them was a counterfeit and their bank had only given them provisional credit for the check into their account.  Once the check is found to be a fake, the provisional credit is removed from the victim’s account and the victim has lost the money that he or she wired to the scammer.

TIP

One reason why this scam works so well is that there really are mystery shopping jobs although the actual number is quite few and they do not go looking for you.  If you want to find out if a mystery shopping company is legitimate, you can contact the Mystery Shopping Providers Association which is a trade organization of legitimate mystery shopping companies.  Their website is www.mysteryshop.org.  Other indications that you are involved with a scam is when you receive a check for more than what is owed you and you are asked to wire the difference back to the sender.  This is the basis of many scams.  Whenever you receive a check, wait for you bank to tell you that the check has fully cleared before you consider the funds as actually being in your account.  Don’t rely on provisional credit and never accept a check for more than what is owed with the intention to send back the rest.  That is always a scam.  Also be wary whenever you are asked to wire funds because this is a common theme in many scams because it is difficult to trace and impossible to stop.

 

Scam of the day – June 5, 2014 – Another Facebook scam

June 5, 2014 Posted by Steven Weisman, Esq.

Because it is so popular, Facebook is a frequent medium for transmitting scams.  Recently, Kris White of Texas was scammed when she responded to a message on her Facebook page from one of her friends telling her that she had won a $250,000 prize in a Facebook Powerball lottery.  She should have been skeptical for many reasons including the poor grammar and punctuation used in the notice of her selection, however she became convinced that the lottery was legitimate because it came accompanied by a document of authenticity signed by President Barack Obama.  Upon responding to the message informing her of her lottery win, she was told to wire $750 to someone in South Africa to pay for the income taxes owed on her prize.  She complied, but, as I am sure you predicted, she won nothing and lost $750.

TIPS

Lottery and sweepstakes scams are very popular among scam artists because they work.  Too often our greed blinds us to reality.  It is difficult to win any lottery.  It is impossible to win one that you never entered.  In Ms. White’s case, the original message did not come from her Facebook friend, but rather from the scammer who had hacked into her friend’s Facebook account.  Whenever you get an email, text message, Facebook message or phone call, you can never be sure who is sending the message.  Trust me, you can’t trust anyone.  There is no Facebook Powerball Lottery and if she had investigated it on Google or Bing she would have quickly learned that fact.  President Obama does not authenticate or endorse any lottery and his signature could easily be forged.  You should always be wary when anyone asks you to wire money because that is the method of payment that scammers often use because it is impossible to get back once you have sent the money.  As for wiring money to cover income taxes, why would you be wiring them to South Africa.  That makes no sense.  Finally, although income taxes are indeed owed on lottery winnings, the lottery sponsors never collect the income tax money from the winners.  They either deduct the taxes from the winnings before distributing the prize or they distribute the entire prize and the responsibility for paying the income taxes is left to the lottery winner.

Scam of the day – June 4, 2014 – Justice Department halts massive hacking scheme

June 4, 2014 Posted by Steven Weisman, Esq.

Earlier this week, the Department of Justice revealed that it had broken a massive hacking scheme and taken over the computer servers that spread two major types of malware about which I have warned you previously.   The two types of malware are GameOverZeus and Cryptolocker.  GameOverZeus steals banking information from victims’ computer which the hackers then used to empty their victims’ bank accounts.  Cryptolocker is a particularly insidious type of malware that when installed on the victim’s computer encrypts all of the data contained on the computer.  After the encryption was accomplished, the criminals then notified the victim that their data would be destroyed unless a ransom payment was made.  This type of malware, has, appropriately been deemed ransomware.  Law enforcement officials estimate that as much as 100 million dollars was stolen by the gang operating these malware programs through a botnet.  Members of the gang included Russians, Ukrainians and British criminals.  Through the joint efforts of the FBI and law enforcement agencies in ten other countries, the computer servers of the hackers were seized and the alleged ringleader of the group, Russian Evgeniy Bogachev was indicted.  American authorities are in contact with Russian authorities to have Bogachev extradited to the United States for trial.

TIPS

This story is important for many reasons.  Certainly is not only good to see law enforcement cracking criminal hacking crimes, but also seeing international cooperation in the law enforcement effort.  However, ultimately, law enforcement is not going to be able to prevent you from becoming a victim of hackers seeking to steal from you through the use of malware such as GameOverZeus and Cryptolocker.  Instead the burden of protecting you from these attacks falls on all of us individually.  In all cases, these malware programs ultimately found their way to their victims’ computers when the victims invited them in by clicking on tainted links in emails or downloaded tainted attachments from phishing emails.  The first line of defense is not to ever click on emails or download attachments unless you are absolutely sure that they are legitimate.  You should also make sure that you have constantly updated anti-virus software and anti-malware software on all of your electronic devices.

The United States Department of Homeland Security has  issued a warning about the GameOverZeus malware that contains links to a number of effective anti-malware programs that can help protect your computer and other electronic devices from infection and remove the infection if it occurs.  Here is a link to that warning which, in turn, contains a link to the anti-malware software programs: https://www.us-cert.gov/ncas/alerts/TA14-150A

Scam of the day – June 3, 2014 – A Nigerian letter resurfacing

June 3, 2014 Posted by Steven Weisman, Esq.

A common scam that has come to be known as the Nigerian letter scam involves an email that you receive that initially appears to offer a large amount of money under various pretenses, such as an inheritance or a bank official who needs your help to move money.  At first the email does not ask for anything from you, but once you respond to the initial communication, more and more money is required from you in order to get the “free” money that was initially promised you.  Many of these scams originate in Nigeria, however, they come from many other places as well.  Here is a copy of one that was in my email today:

“I am David Ellis Head of Inspection Unit United Nations Inspection Agency in Harts field-Jackson International Airport Atlanta, Georgia.  During our investigation, I discovered An abandoned shipment through a Diplomat from United Kingdom which was transferred from JF Kennedy Airport To our facility here in Atlanta, and when scanned it revealed an undisclosed sum of money in 2 Metal Trunk Boxes weighing approximately 110kg each.

The consignment was abandoned because the Content was not properly declared by the consignee as money rather it was declared as personal Effect/classified document to either avoid diversion by the Shipping Agent or confiscation by the relevant authorities. The diplomat’s inability to payfor Non Inspection fees among other things are the reason why the consignment is delayed and abandoned.  By my assessment, each of the boxes contains about $4M or more.They are still left in the airport storage facility till today. The Consignments likeI said are two metal trunk boxes weighing about 110kg each (Internal dimension: W61 x H156 x D73 (cm) effectiveCapacity: 680 L) Approximately.

The details of the consignment including your name and email on the official document from United Nations’ office inLondon where the shipment was tagged as personal effects/classified document is still available with us. As it stands now, you have to reconfirm your Full name, Phone Number, full address so I can cross-check and see if it corresponds with the one on the official documents. It is now left to you to decide if you still need the consignment or allow us repatriate it back to UK (place of origin) as we were instructed.  Like I did say again, the shipper abandoned it and ran away most importantly because he gave a false declaration, he could not pay for the yellow tag, hecould not secure a valid non inspection document(s), etc. I am ready to assist you in any way I can for you to get back this packages provided you will also give me something out of it (financial gratification).  You can either come in person, or you engage the services of a secure shipping/delivery Company/agent that will provide the necessary securityThat is required to deliver the package to your doorstep or the destination of your choice. I need all the guarantee that I can get from you before I can get involved in this project.

Best Regards,

David Ellis INSPECTION OFFICER”

TIPS

This particular Nigerian letter has actually been circulated since 2012.  Greedy people have been falling for it and paying money to scam artists who never provide anything in return.  Anyone receiving such an email knows that they have not actually been involved in such a shipment so their name cannot be legitimately involved in it.  This particular letter is also an example of “too good to be true.”  The shear size of this something for nothing proposition should be enough to let you know that it is a scam.  Finally, by Googling David Ellis Inspection Officer it will be confirmed that this is nothing but a scam.

 

Scam of the day – June 2, 2014 – Facebook privacy checkup

June 1, 2014 Posted by Steven Weisman, Esq.

One of the major causes of identity theft is the fact that many of us share too much personal information on social media.  Identity thieves are able to harvest this information which may include, addresses, employer, email address, phone number, birth date and names of family members to use to make us victims of identity theft.  Too many people don’t even give any thought to the amount of personal information about themselves that they make available online through social media and the danger of identity theft it poses.  Recently Facebook announced that in order to remedy this situation it was offering a privacy checkup to each of its 1.28 billion users.  As a part of Facebook’s new privacy policy it will also change the default setting of new posts by adjusting initial posts to be seen only by friends rather than the public.  A public setting which was formerly the default setting permits anyone on the Internet to see posted photographs and messages.  Soon when people go to post something on Facebook they will see a cartoon blue dinosaur that pops up with the message “We just wanted to make sure you’re sharing with the right people.”  The dinosaur will then guide you through your privacy settings for status updates, remind them of teh apps that they have given permission to use their Facebook data and review the privacy settings for their profile information.

TIPS

Many of us are not aware of the personal information available about us in various social media and how we have, often unwittingly, allowed this information to be broadly available, which can pose a danger to us of identity theft or worse.  Now is a good time to not only review the privacy of your data on Facebook, but on all of your social media.  It might surprise you to learn how widely disseminated your personal information is and that you have agreed for it to be available by not taking the time to better understand the privacy rules in effect on each of the social media sites you use.

Scam of the day – June 1, 2014 – Stoners need not apply – at least not yet

June 1, 2014 Posted by Steven Weisman, Esq.

The FBI takes cybercrime seriously as do many law enforcement agencies and companies around the world.  In a creative move to enhance its cybersecurity, British banks began hiring hackers to hack into their banks in an effort to learn where the vulnerabilities of their security systems are and how to correct those flaws.  Similarly, the FBI is reaching out to hire young hackers to come work for the FBI to help combat cybercrime and black hat hacking.  However, in a recent speech to the White Collar Crime Institute, FBI Director, James B. Comey spoke about the difficulty of finding hackers who meet the FBI requirement of not having smoked marijuana for the preceding three years.  Director Comey acknowledges that this presents a problem to the bureau when it comes to hiring knowledgeable hackers.  According to Comey, “I have to hire a great work force to compete with those cyber criminals and some of those kids want to smoke weed on the way to the interview.”  Comey did say, however, that the FBI is considering changing its drug policy in the future, which would help tremendously in hiring the knowledgeable hackers it desires.

TIPS

If the FBI maintains its present drug policy, it stands little chance of hiring sufficient new agents to combat the serious cybercrimes of today.  With the laws and public perception of marijuana use dramatically changing, hopefully the FBI will make the necessary changes to its drug policy to enable it to hire the new agents it needs.

Scam of the day – May 31, 2014 – AOL customer support scam

May 31, 2014 Posted by Steven Weisman, Esq.

Millions of people still use AOL and so scammers and identity thieves will often send out phishing emails that appear to come from AOL, such as the one reproduced below.  The logo and format of this particular email that is presently circulating is a good counterfeit, however, the repeated faulty grammar is a strong indication that this is a scam.  Like many similar scams, this one works by luring you into clicking on a link in the email in order to resolve an emergency.  However, if you click on the link, one of two things will happen.  You either will be prompted to provide information that will be used to make you a victim of identity theft or by clicking on the link you will unwittingly download a keystroke logging malware program that will steal all of the information from your computer and use it to make you a victim of identity theft.  This particular email appears to be signed by Bud Rosenthal, who actually is an AOL officer, however, the email address from which it is sent is that of a student at a university whose email has been hijacked and made a part of a botnet of zombie computers used to send out the scam emails.  Here is how the email appears.  DO NOT CLICK ON THE LINK:

 

 

AOL
Due to the recent signed in of your Account from an unknown location, you are advice toClick here to confirm the validity of your  AOL® Online Account.Thanks once again for choosing our service.

Bud Rosenthal
Bud Rosenthal, AOL Membership Group CEO

Privacy Policy | Customer Support
©2014 AOL, Inc. All Rights Reserved.

 TIPS

There are numerous reasons not to trust this email.  The email address from which it was sent has no relation to AOL.  It is not addressed to you personally.  It contains faulty grammar.  It is an obvious phishing email and its only purpose is to lure you into either providing personal information or downloading malware.  As I have warned you many times, never click on links or download attachments unless you are absolutely sure that the email is legitimate.  In this case, if you even had a slight thought that it might be legitimate, all you would have to do is to call the real AOL to learn that this was a phishing scam.

Scam of the day – May 30, 2014 – Flawed LifeLock wallet app

May 29, 2014 Posted by Steven Weisman, Esq.

Lifelock is one of the most prominent companies providing services to protect people from identity theft and resolve identity theft related problems when it does occur.  Last year Lifelock bought Lemon Wallet, a company that makes mobile wallet apps for iPhones and Android system phones.    Mobile wallet apps permit users to store their ID cards, payments cards, loyalty cards and more on the app.  However after learning that the data stored on those apps was not sufficiently secure, the apps have been withdrawn from the App Store, Amazon Apps and Google Play.  Information stored on the apps is being deleted from its servers.

TIPS

If you are a user of the LifeLock wallet app, you should confirm that your information has been deleted from the app.  LifeLock is updating the security features for the app and expects to have it back and running in the future although no expected date for its availability has been determined.

Scam of the day – May 29, 2014 – Car hacking

May 28, 2014 Posted by Steven Weisman, Esq.

I have been warning you about the danger of the Internet of Things which refers to the increasing use of computer technology in things that formerly did not involve computers or communication through the Internet, such as refrigerators, thermostats and cars.  Too often the developers of these cutting edge computer programs used to make these various products more intelligent and useful have neglected to sufficiently concern themselves with the security of these programs resulting in new vulnerabilities that are now and will even more in the future be exploited by hackers.

Cars are more and more computerized and this has resulted in an increasing number of car thefts due to exploiting of the electronic key systems of the cars.  In London, for example almost half of the cars stolen last year were hacked by car thieves using cheap electronic devices that will open a locked car in less than ten seconds.  Other electronic devices can even take over the car’s diagnostic unit, permitting hackers to control the car’s lights, locks, steering and braking systems.

TIPS

At the moment car manufacturers have not installed security systems to prevent the opening and stealing of cars through remote entry by a hacker, however, this is something that we all should both be aware of as a potential problem and notify our car manufacturers as to our displeasure that they have not acted sufficiently to prevent this type of problem.  Certainly, no one should ever leave anything of value in a car feeling secure that the car is locked.

Scam of the day – May 28, 2014 – FBI to take action against Russian hackers

May 27, 2014 Posted by Steven Weisman, Esq.

It has been a little more than a week since I first told you about the Justice Department’s legal actions against five Chinese military personnel on charges of hacking into six American companies in order to steal corporate secrets.  Although we have known that this form of international corporate espionage has been done by Chinese hackers for years, it was not until now that the government took official action.  However, China is certainly not alone in this type of offense.  In particular, Russian hackers have been doing the same types of cybercrimes for the same reasons.  It has been estimated by the cybersecurity company CrowdStrike earlier this year that the Russian government has been involved in the same type of corporate espionage through hacking of literally hundreds of companies not just in the United States, but also in Europe and Asia.  I predict that it will not be long before indictments  similar to those that have been brought already against Chinese hackers will be brought against Russian perpetrators.

TIPS

Companies throughout the world must recognize that they must do a better job at protecting the security of their data.  It is also important to note that regardless of how sophisticated the malware programs used by hackers whether for state-sponsored corporate espionage or by individual criminals to gather personal information for identity theft purposes, these malware programs are worthless unless they are able to be installed into the computers of corporations and the way this is done is still predominantly by way of phishing emails whereby employees of  companies are tricked into clicking on links in emails that download the malware into their companies’ computers.  Until companies do a better job of establishing protocols and security systems related to clicking on links and downloading attachments, we will all be vulnerable.