Scam of the day – February 17, 2016 – Identity theft danger in vacation photos

February 17, 2016 Posted by Steven Weisman, Esq.

At one time tourists were easy to spot with cameras in their hands and hanging on straps around their necks, but today, stand-alone cameras have largely been replaced by our smartphones with which we not only are able to take good photographs, but also do all manner of personal and financial transactions. This is very convenient for us all, but particularly for identity thieves who will linger in tourist spots and be ready to assist you by taking a picture of you and your family at popular tourist destinations.  The problem is that rather than take your picture, the criminal takes your smartphone and promptly runs away with it leaving you without a photograph and, more importantly without your phone, which may have stored large amounts of personal information that can be used by the thief for purposes of accessing your bank account or otherwise making you a victim of identity theft.

TIPS

Your mother was right when she told you not to trust strangers.  The best way to deal with a problem is to avoid it in the first place so don’t give your smartphone to a stranger to take your picture.  Some good smartphone security measures you should already be taking include setting up a strong password to unlock your smartphone and make sure that you have good anti-virus and anti-malware security software installed on your smartphone and constantly updated.  It also is a good idea not to store personal information on your smartphone.  Finally, there are a number of good apps that will help you remotely track your phone’s location as well as lock it and erase information remotely.  Here are links with more information about those apps for Android and iPhones.

http://www.ctia.org/your-wireless-life/consumer-tips/how-to-deter-smartphone-thefts-and-protect-your-data/anti-theft-protection-for-android-wireless-handsets

http://www.ctia.org/your-wireless-life/consumer-tips/how-to-deter-smartphone-thefts-and-protect-your-data/anti-theft-protection-for-ios-apple-wireless-handsets

Scam of the day – February 16, 2016 – Bank vishing scam

February 16, 2016 Posted by Steven Weisman, Esq.

Vinton County National Bank in Ohio is warning its customers of a vishing scam presently being done in Ohio although everyone, regardless of where you live should be aware that this type of scam is also turning up throughout the country.  Vishing is a combination of the word “voice” and the word “phishing” and it refers to phishing scams done over the phone.  In this particular instance, people are receiving telephone calls purportedly from their bank telling them that there has been a security problem with their debit card and their account has been frozen.  They are then directed to a phony security department that persuades the intended victim to provide personal information about their bank account in an effort to resolve the problem.  Unfortunately, if the person called falls for the scam and provides personal information, he or she ends up becoming a victim of identity theft.

TIPS

Although in the case of the Ohio vishing calls, Caller ID indicates that the calls have not originated with the bank, more sophisticated scammers are able to trick Caller ID into indicating that the call indeed is coming from your bank through a technique called “spoofing” so you cannot trust your Caller ID to screen legitimate calls from those scammers.  No bank will ever ask for your personal information by phone, email or text message so the easy way to avoid becoming a victim of vishing is to just refrain from ever giving personal information to someone who contacts you by phone, email or text message requesting personal information.  If you think that the communication might be legitimate, merely hang up and contact the bank at a telephone number you know is accurate.

Scam of the day – February 15, 2016 – Income tax fraud convictions

February 15, 2016 Posted by Steven Weisman, Esq.

Last week in Florida five people were sentenced to prison sentences ranging up to nine years related to their convictions on tax fraud and other related charges.  Ronald J. Scriven, the mastermind of the criminal enterprise which went on between 2007 and 2011 was sentenced to nine years in federal prison.  Scriven operated a number of tax preparation businesses and filed phony income tax returns on behalf of people recruited by him and the other members of his criminal ring, Danesa Webb, Walter Pressley, Fritznel Jacques and Michael Brown.  Pressely, at the time, was a resident of the First Step Sober Community House in Pompano Florida and he and the others recruited homeless people, recovering alcoholics and drug addicts in whose names Scriven filed fraudulent federal income tax returns which resulted in the IRS paying Scriven 7.5 million dollars in fraudulent refunds.  Scriven enlisted the people in whose names he filed income tax returns by telling them that they were eligible for “Obama money.”  Scriven also filed fraudulent income tax returns on behalf of dead people whose Social Security numbers he also managed to obtain.

TIPS

Fraudulent income tax preparers can be found everywhere and because when hire someone to prepare your income tax returns it is necessary to provide him or her with personal information that can result in your becoming a victim of identity theft or a party to a fraud, you should be particularly careful to check out the legitimacy of anyone you entrust with this job.  Here is a link to an interactive web page of the IRS that will help you understand tax return preparer credentials and enable you to look up the qualifications of anyone you may be considering to help you with the filing of your federal income tax return.  http://irs.treasury.gov/rpo/rpo.jsf

Scam of the day – February 14, 2016 – FBI and British law enforcement arrest alleged hacker of CIA director

February 14, 2016 Posted by Steven Weisman, Esq.

As first reported by CNN, British law enforcement in conjunction with the FBI have arrested a sixteen year old in Britain on charges related to the hacking of high level officials at the CIA, FBI, Department of Homeland Security, the White House and other federal agencies.  Among those who were hacked by the hacker who described himself as Cracka and often referred to a group with which he was affiliated as “Crackas With Attitude” were CIA Director, John Brennan and Director of National Intelligence, James Clapper.  I have previously described these hackings in earlier Scams of the day here on Scamicide.  Just this past week, Cracka had released online some personal information about employees of the FBI, Justice Department and Department of Homeland Security although the government has downplayed the significance of the recently released information as being nothing more than an internal phone directory.  However, it is entirely possible that more sensitive information was also accessed by Cracka.

TIPS

Perhaps the most disturbing part of this entire scenario is not merely that email accounts and more of important government agencies and officials were hacked, but that they were hacked by a relatively unsophisticated teenaged hacker without the skills or software available to foreign governments and sophisticated cybergangs.  Once again, it initially appears that Cracka used elemental social engineering techniques to obtain the information he needed to hack his various targets.  Social engineering techniques such as spear phishing remain a huge problem to individuals, companies and governments who have not done enough to protect themselves from this threat.

February 13, 2016 – Steve Weisman’s latest USA Today column

February 14, 2016 Posted by Steven Weisman, Esq.

Here is a link to Steve Weisman’s latest column from USA Today about identity theft.

http://www.usatoday.com/story/money/columnist/2016/02/13/identity-theft-alert-wonder-woman-can-mean/78742826/

Scam of the day – February 13, 2016 – Valentine’s day scams

February 13, 2016 Posted by Steven Weisman, Esq.

Tomorrow is Valentine’s day, which is a very important day to many people including scammers and identity thieves who always manage to find an opportunity in whatever is going on to scam you out of your money.  There are many Valentine’s day scams, but the most prevalent are phony florists, online dating scams, phony Valentine’s day electronic greeting cards and delivery scams.

Scammers set up phony florist websites or send you an email purporting to be from a local florist with a great deal you merely have to click on in order to save a great deal of money on flowers.

Online dating scams are plentiful with most revolving around scammers quickly professing true love for you and then asking for money.

Electronic greeting cards are a great way to send a Valentine’s day card at the last minute when you forgot to get one ahead of time, but phony electronic greeting cards can be filled with malware and if you click on the link to open the card, you will infect your computer or other electronic device with malware that will steal your personal information and use it to make you a victim of identity theft.

A common delivery scam operating on Valentine’s day involves a delivery of a gift basket of wine and flowers to you, however the person delivering the gift basket requests a small payment, generally five dollars or less, as a delivery fee because alcohol is being delivered.  The person delivering the basket will only accept a credit card as payment.  When you turn over your credit card, the scammer then takes down the information and runs up charges on your credit card.

TIPS

Never trust an online florist or other retailer until you have checked them out to make sure that they are valid.  Otherwise, you might be turning over your credit card information to a scammer.  It is also important to remember, as I constantly warn you, that you can never be confident when you receive an email, particularly one with a link in it or an attachment to download, if the person sending you the email is who they claim to be.  Clicking on links sent by scammers can download keystroke logging malware on to your computer or other electronic device that will, in turn, enable the identity thief to steal personal information from your computer and use it to make you a victim of identity theft.  Always confirm the legitimacy of an email or text message before clicking on links contained in the message.

As for online dating scams, of course you should be wary of anyone who immediately indicates he or she is in love with you and then asks for money.  Some other telltale signs of an online romance scam include wanting to communicate with you right away on an email account outside of the dating site, claiming to be working abroad, asking for your address and poor grammar which is often a sign of a foreign romance scammer.  Many romance scams originate in Eastern Europe.

Never trust an online greeting card, particularly if it does not indicate from whom it is being sent.  Be very wary of a card sent by “an admirer.”  Even if you recognize the name, confirm that it was really sent from that person before you click on the link and open the card.

In regard to the delivery scam, there is no special delivery charge for alcohol so if someone requires a payment for such a delivery and on top of that won’t accept cash, merely decline the gift.

Happy Valentine’s day and be safe.

Scam of the day – February 12, 2016 – Update on Facebook farming scam

February 12, 2016 Posted by Steven Weisman, Esq.

Today I am updating you about Facebook farming, which is a type of scam I warned you about four days ago in the Scam of the day for February 4th.  We have all seen Facebook postings urging us to click that we “like”them.  Sometimes it is an emotional appeal to show support for a sick child.  Sometimes it is to show support for a political message. Today’s version of the scam illustrates another version of the scam. In this version a  familiar company promises a chance at a substantial prize merely for liking or sharing an offer.  In the one copied below, it appears Southwest Airlines (which they misspell as South West Air) is offering free first class tickets to anywhere in the world along with $5,000 spending money  to the winners of this contest.   A savvy traveler will know, by the way, that Southwest does not have first class seating.

While some of the postings described above urging people to click on links or share the posting are legitimate, unfortunately sometimes they are not.  Often they are done to take advantage of Facebook’s algorithms that value the popularity measured by likes and shares which then appear on the Facebook pages of more people.  Although the original content liked or shared may appear sincere or entertaining, the scammers who use this technique, which is called “farming,” then are able to change the content to something entirely different from what was originally shared or liked.  This can be done for purposes of sending advertising or gathering marketing information, but, at its worst, it can be used to send malware infected content that can steal personal information from your computer and use it to make you a victim of identity theft.

TIPS

So what should you do?  Posts that promise some sort of prize for sharing or liking are most likely scams. If you think that the posting of a company offering a contest might be legitimate, you should go to the company’s website to find out if indeed it is legitimate or not.  As for the other scams, you may wish to be a bit skeptical before automatically sharing or liking a post. You may wish to even do a little research yourself to find out if the posting is legitimate.    A 2007 photo of a seven year old Pennsylvania girl with Stage IV cancer posing in her cheerleading uniform has been used numerous times for Facebook farming.  Today that girl is a cancer free teenager whose family is understandably outraged that their daughter’s photograph has been abused by scammers through Facebook farming.

Here is a copy of the scam contest appearing on the Facebook pages of many Facebook users.

 

Southwest Airlines scam on Facebook

Scam of the day – February 11, 2016 – Chase email phishing scam

February 11, 2016 Posted by Steven Weisman, Esq.

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.  They are a staple of identity thieves and scammers and with good reason because they work.  Here is a copy of a new phishing email that appears to come from Chase bank that is presently circulating. DO NOT CLICK ON THE LINK.

“Dear  User,
Your account requires verification due to our recent upgrade. It is mandatory that you confirm your details through our secure link below.

Chase/Connect
Thank you for your co-operation.

Sincerely Yours,

Chase Center© 2016 JPMorgan Chase & Co”

TIPS

An indication that this is a phishing email is that the email address from which it was sent had nothing to do with Chase, but most likely was from a computer that was part of a botnet of computers controlled remotely by the scammer.  In addition, legitimate credit card companies would refer to your specific account number in the email.  They also would not use the generic greeting “Dear User,” but would rather specifically direct the email to you by your name.  As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the customer service number on the back of your credit card where you can confirm that it is a scam.

Scam of the day – February 10, 2016 – FTC sues DeVry University

February 10, 2016 Posted by Steven Weisman, Esq.

For profit universities have been a target of state and federal investigations for years.  I have written about this topic since 2012.  It should be noted that not all for profit colleges are scams, but there are a large number of for profit colleges, sometimes referred to as “diploma mills” that at times offer credit for your “life experience” and lure students in with promises of a helpful degree, but the students end up with a worthless degree and an empty wallet.  Sometimes the names of these scamming colleges and universities are confusingly similar to legitimate colleges.  For instance, Columbia State University is a diploma mill while Columbia University is an eminent Ivy League school.

Now the Federal Trade Commission is suing for profit DeVry University alleging that the university’s advertising, particularly as it relates to their graduates’ opportunities for getting a job after graduation are false and deceptive.  Similarly the U.S. Department of Education is also taking legal action against Devry based on its advertising and marketing practices.

TIP

Check out any school your are considering attending that is a for profit university with the United States Department of Education’s website at www.ope.ed.gov/accreditation to make sure it is an accredited institution.

You also should investigate whether a local college, university or community college would be more cost effective for you.  For profit colleges and universities are often more expensive than these other alternatives without offering any distinct advantages.  Also, check out the graduation rates of any for profit college you are considering and finally, investigate the job prospects in your field of study.  Don’t just take the word of the college.

Scam of the day – February 9, 2016 – FDA issues new draft guidelines for medical device cybersecurity

February 9, 2016 Posted by Steven Weisman, Esq.

By now, we are all familiar with the Internet of Things which presently includes 5 billion devices and is expected to grow to 25 billion devices by the year 2020.  The Internet of Things is the popular name for the technology by which products and devices are connected and controlled over the Internet.  The range of products that are a part of the Internet of Things is tremendous and includes, cars, refrigerators, televisions, fitness bands, webcams, toys and even medical devices.  The Internet of Things offers tremendous opportunities for constructive and efficient use of these products, but as with any technology connected through the Internet also provides an opportunity for hackers to exploit the technology for their own criminal purposes.

While hacking of medical devices sounds like something out of fiction, in 2007, former Vice President Dick Cheney was so concerned about hackers that he had the Internet connection on his pacemaker disabled.  In September 2015, the FBI issued a warning saying that “Once criminals have breached such devices, they have access to any personal or medical information stored on the devices and can possibly change the coding controlling the dispensing of medicines or health data collection.”  In 2013, the Food and Drug Administration (FDA) initially issued guidelines for these medical products and now the FDA has issued a new Draft Guidance document with recommendations for how companies should be dealing with the important issue of cybersecurity in medical devices.  Medical device manufacturers affected by the Draft Guidance have until April 21, 2016 to submit comments to the FDA.

TIPS

While medical device manufacturer’s and the government work on security standards for Internet connected medical devices, what can you do to protect yourself in the meantime? The most important thing you can do is find out what information is stored on your device and how it is accessed.  Also learn about the use of password protection and make sure that your device is not still using a default password.  Learn from the manufacturer what steps they have already taken to protect your device from being hacked.  If your device uses an open wifi connection, you should change it to operate exclusively on a home network with a secured wifi router.  If your device is capable of transmitting data, make sure that the transmissions are encrypted.