Scam of the day – April 1, 2014 – Military identity theft worsens

April 1, 2014 Posted by Steven Weisman, Esq.

According to a study done by the Federal Trade Commission members of the military are twice as likely to become a victim of identity theft.  One of the primary reasons for this is the military personnel’s Social Security number.  A Social Security number is the key to identity theft.  Once an identity thief has this, he or she is off to the races.  Until recently all military ID cards used the Social Security number and although the Department of Defense has changed its policy and is now issuing military IDs with a unique Department of Defense number, the transition to these numbers only started in 2011 and will take four years to complete so many members of the military still have the old ID cards.  In addition, while Veterans Identification Cards no longer show the veteran’s Social Security number on the card, the person’s Social Security number is still embedded in the magnetic stripe on the back of the card so identity thieves who, through various pretenses manage to scan the card can obtain the Social Security number.  These cards are also being phased out, but many veterans still have these cards.

TIPS

Members of the military with the old-style cards should be particularly careful about providing the card as identification and should limit its use as an identifier whenever possible.  Although members of the military are eligible for an Active Duty Alert to be placed on their files with the three major credit reporting agencies that requires creditors to verify the identity of anyone before issuing credit in the name of the member of the military, a credit freeze, which locks your credit report and requires a PIN to make it available is probably a better choice.  You can find instructions as to how to put a credit freeze on your credit reports on the right hand side of this page.

Scam of the day – March 31, 2014 – Affordable Care Act (Obamacare) scams

March 30, 2014 Posted by Steven Weisman, Esq.

Today is the deadline for the applying for health insurance under the Affordable Care Act (Obamacare) under the initial open enrollment period.  People required to enroll who have not started the process by today face being assessed with a financial penalty.   This is a great opportunity for uninsured people to purchase health insurance.  It is also a great opportunity for identity thieves and scam artists to take advantage of the confusion that surrounds the Affordable Care Act and try to steal your money and your personal information which they can use to make you a victim of identity theft.  There are a number of phony Affordable Care Act websites and people are also receiving calls from identity thieves and scammers posing as legitimate insurance brokers where the goal is merely to obtain your personal information and make you a victim of identity theft.

TIPS

Never give personal information to anyone over the phone who calls you regardless of who they say they are because you can never be sure of their true identity.  Even if your Caller ID indicates that they are legitimate, scammers and identity thieves are able to manipulate Caller ID through a technique called spoofing whereby they are able to make their call appear to be from a legitimate source.  As for websites dealing with the Affordable Care Act, the problems initially occurring with the functioning of the website have been eliminated.  The best source of information both as to how to learn about the Affordable Care Act and to sign up for a plan is https://www.healthcare.gov/

 

Scam of the day – March 30, 2014 – Washington mudslide charity scams

March 30, 2014 Posted by Steven Weisman, Esq.

We have all been horrified by the news about the devastating mudslides in Oso, Washington that have caused tremendous death and destruction.  Our hearts go out to the victims and the families of the victims of this tragedy.  Unfortunately, scammers are well aware of our desire to help the victims of this natural disaster and have already set up phony charities and are attempting steal money from generous people under the pretense of helping the victims of the mudslides.  Unfortunately, I have had to warn you about this type of scam many times in the past as scammers are quick to take advantage of our generous impulses to help our fellow man in the face of natural disasters such as Hurricane Katrina or unnatural tragedies such as the shootings in Newtown, Connecticut.  I urge people to consider helping the victims of this tragedy, but follow the steps I provide below to make sure that your gift will go to the right place.

TIPS

Never give a donation by credit card over the phone or in response to an email or text message because you can never be confident that the person contacting you legitimately represents a legitimate charity.  Email addresses may appear legitimate, but they can be faked by a scammer.  A phone number may appear legitimate, but scammers are able to fool Caller ID through a technique called spoofing by which the number appears legitimate, but it is not.  Phony charities often have names that are confusingly similar to those of legitimate charities.  Always check out a charity first before making a contribution.  The best place to go is to www.charitynavigator.org where you can find out not only whether the charity is legitimate or not, but also how much of your contribution goes toward their salaries and administration expenses and how much goes to its actual charitable purposes.

Scam of the day – March 29, 2014 – Microsoft warns of danger in .rtf files

March 29, 2014 Posted by Steven Weisman, Esq.

Microsoft has issued a warning to people not to open files with the rtf extension due to a vulnerability that Microsoft has just discovered that could enable a hacker to send you an email with an .rtf file attached that if you download will enable the hacker to take control of your computer.  At the moment, although Microsoft has discovered the problem, they do not have a solution so they are advising people not to open such files and to consider disabling the opening of .rtf files.  RTF is an acronym for rich text format files which is a file format Microsoft developed for use with Word software.

TIPS

Microsoft has released a security advisory with more details about this threat and what you can do to reduce the danger. Here is a link to Microsoft’s security advisory about this problem: http://technet.microsoft.com/en-us/security/advisory/2953095.  For now, the best course of action is to totally avoid rtf files.

Scam of the day – March 28, 2014 – The threat of drones hacking your smartphone

March 28, 2014 Posted by Steven Weisman, Esq.

As I always say, “things aren’t as bad as you think, they are far worse.”  Researchers in London have developed a new software called “Snoopy” which can be used with a drone to steal information from your smartphone that can turn you into a victim of identity theft.  Although it sounds like something out of science fiction, the idea is simple.  It starts with a recent federal court decision permitting commercial drones to fly in US airspace.  The Snoopy software can be installed on the drone which can fly around the area where you are and pick up your smartphone’s attempt to find a close WiFi network.  Snoopy picks up the signal from the smartphone and poses as one of those Wifi connections.  Once the smartphone user has unwittingly connected to what appears to be a safe Wifi network, Snoopy is able to steal information from the connected smartphone and use it to make the phone owner a victim of identity theft.

TIPS

Although hackers are not yet using this hacking method, you can expect it to be happening soon.  The best course of action for smartphone users and anyone connecting to a WiFi network remains the same as always.  Have encryption software on your smartphone or other electronic devices and also make sure that you install anti-virus software and anti-malware software on all of your electronic devices as well and keep these programs up to date with the latest security patches.  Finally, only use WiFi networks that indicate that they are secure.

 

Scam of the day – March 27, 2014 – ATM hacking danger exposed

March 27, 2014 Posted by Steven Weisman, Esq.

As I first reported to you on March 21st’s Scam of the day, on April 8th Microsoft will stop supporting the Windows XP operating system with security updates and patches.  This is very significant because upwards to 95% of ATMs use the Windows XP operating system as do thousands of government websites with which we all do business.  Hackers and identity thieves are constantly working to locate and exploit vulnerabilities in computer software toward their criminal ends.  Unless the banks using  the Windows XP operating system act quickly to upgrade their operating systems to other programs, they will be increasingly vulnerable to hackers and identity thieves.  In fact, as Microsoft issues, as they do each month, new security alerts describing the patches we need to install in order to maintain the security of our systems, what Microsoft will also be doing is informing hackers and identity thieves about similar vulnerabilities that exist in the Windows XP program for which there will be not patches or updates.

A new way to breach the security of ATMs was also disclosed this week by the computer security company Symantec.  Symantec described a new tactic by which ATMs can be hacked into by a hacker who connects a targeted ATM to his or her smartphone through a USB thereby setting up a connection that can be exploited by sending a command via the phone to the ATM to disperse the cash to the hacker.  This problem will only be made worse as security patches cease to be provided in the future for Windows XP.

TIP

Whenever you use an ATM always carefully observe the machine for any evidence of tampering and do not use a machine that does look like it has been tampered with by a skimmer or any other visible alteration.  Also, regularly check your bank account balances for any evidence of fraud so that you can report the matter as soon as possible to your bank in order to protect yourself from losses.  Finally, in regard to the specific issue as to Windows XP and ATMs, ask your bank what operating system they are using and if it is Windows XP, you may wish to find out what ATMs near you do not use this system.

Scam of the day – March 26, 2014 – Latest critical security software updates

March 26, 2014 Posted by Steven Weisman, Esq.

As regular followers of Scamicide know, whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security.  Today’s list of software updates includes critical updates from Adobe, Apple and Google.  The Adobe and Apple patches are of particular importance to your security.

TIPS

Here is a link to the latest release from the Department of Homeland Security with links to the important security patches and updates:

https://www.us-cert.gov/ncas/bulletins/SB14-083

Scam of the day – March 25, 2014 – California DMV data breach

March 25, 2014 Posted by Steven Weisman, Esq.

As I write today’s Scam of the day, the California Department of Motor Vehicles still is denying that they have been a victim of a data breach although they have indicated that due to “an abundance of caution” they are initiating an investigation.  The problem is that they have been hacked and their investigation should be focused on finding where the hacking occurred.  As was the case with the hacking of Target’s computers and those of many other companies, the companies themselves rarely are the first to discover that their security has been breached.  What happened with Target and others is what happened here; banks monitoring fraudulent use of credit cards were able to discover a connection between thousands of fraudulently cards and the California Registry of Motor Vehicles.  It appears that these were credit and debit cards used in online transactions as the information stolen was for transactions where the card was not present.  Included in the compromised information were the card numbers, expiration date and the three or four digit security code printed on each card.

TIPS

Once again, I urge you all not to use your debit card for anything other than ATM transactions because not only are the consumer protections available to you if your card is fraudulently used less protective than those that you have when your credit card is fraudulently used, but even if you report the fraudulent use of your debit card immediately, there can be a delay in your being able to access your checking account while the bank investigates the incident.  Also, this case points out the extreme importance of constantly monitoring your credit card statements for improper transactions.  The sooner you report the breach, the more you are protected and the less you are inconvenienced.  This particular breach at the California Department of Motor Vehicles appears to have gone on from August 2, 2013 until January 31, 2014 which is a very long time for such a data breach to have gone on undetected.  Waiting for companies to notify you that a breach has occurred is not a good defense against fraud.

Scam of the day – March 24, 2014 – March Madness Scams

March 24, 2014 Posted by Steven Weisman, Esq.

March Madness is in full swing and even though no one will be winning Warren Buffet’s billion dollar challenge to the person who predicted the winner of every game, the excitement around the country is high.  Of course, whenever excitement is high about anything, scam artists, the only criminals we call artists, are there ready to take advantage of heightened interest.  Many people are looking for   T- shirts and other apparel and souvenirs online.  Many websites are offering inferior, unlicensed products. Scammers are quite adept at manipulating search engines such as Google and Bing so that their phony websites turn up high in any search.  People are also anxious to buy tickets and are purchasing them online at places like Craigs list and other sites that are not official ticket vendors.  Unfortunately, many of these tickets are counterfeit.

TIPS

For merchandise purchases, stick to sporting goods websites that you know are legitimate and only pay by a credit card.  With a credit card, if the sale is a fraud, you can always stop payment of the charge.  As for tickets, Craigslist and many other websites do not confirm the legitimacy of the offers they carry.  Again, limit the places you consider to either the official NCAA website of www.ncaa.com/tickets or companies such as Stubhub, Ticketron or Ticketmaster and even with these legitimate companies, use a credit card for extra protection.

Scam of the day – March 23, 2014 – Hacker of nude photos by webcam sentenced

March 23, 2014 Posted by Steven Weisman, Esq.

Last week,  twenty year old Jared Abrahams was convicted of hacking the computers of at least twelve women and attempting to blackmail them.    He was sentenced to 18 months in prison.  Among the women victimized by Abrahams was Cassidy Wolf, Miss Teen USA.  Abrahams hacked into the webcams of his victims’ computers to take nude photos of the young women, many of whom were caught by the webcams of their computers as they undressed in their bedrooms.  He then contacted the young women and threatened to post the photos on social media unless they sent him additional pictures or posed for him on Skype.

TIPS

It is not difficult to hack into the webcam of a computer from afar.  The same types of tricks used to get people to unwittingly download keystroke logging malware that enables the hacker to gather all of the personal information from your computer to be used to make you a victim of identity theft can be used to get you to download the malware that enables the hacker to control your webcam.  Never click on links in emails or download attachments unless you are absolutely positive they are legitimate.  They may be riddled with malware.  Also, install and maintain anti-malware and anti-virus software on your computer and other electronic devices.  For external webcams that are not a built-in component of your computer, a red light will signal that the camera is operating.  Be aware of this.  It is a good idea to merely disconnect the external webcam when you are not using it or merely take a post-it and cover the webcam’s lens whenever you are not using it.  For built in webcams, they too will generally have a blue light to indicate that it is operating, however, again, it is a good idea to merely cover the lens when you are not using it.  Finally, you may wish to keep computers with webcams out of your bedroom.