Scam of the day – March 27, 2014 – ATM hacking danger exposed

March 27, 2014 Posted by Steven Weisman, Esq.

As I first reported to you on March 21st’s Scam of the day, on April 8th Microsoft will stop supporting the Windows XP operating system with security updates and patches.  This is very significant because upwards to 95% of ATMs use the Windows XP operating system as do thousands of government websites with which we all do business.  Hackers and identity thieves are constantly working to locate and exploit vulnerabilities in computer software toward their criminal ends.  Unless the banks using  the Windows XP operating system act quickly to upgrade their operating systems to other programs, they will be increasingly vulnerable to hackers and identity thieves.  In fact, as Microsoft issues, as they do each month, new security alerts describing the patches we need to install in order to maintain the security of our systems, what Microsoft will also be doing is informing hackers and identity thieves about similar vulnerabilities that exist in the Windows XP program for which there will be not patches or updates.

A new way to breach the security of ATMs was also disclosed this week by the computer security company Symantec.  Symantec described a new tactic by which ATMs can be hacked into by a hacker who connects a targeted ATM to his or her smartphone through a USB thereby setting up a connection that can be exploited by sending a command via the phone to the ATM to disperse the cash to the hacker.  This problem will only be made worse as security patches cease to be provided in the future for Windows XP.

TIP

Whenever you use an ATM always carefully observe the machine for any evidence of tampering and do not use a machine that does look like it has been tampered with by a skimmer or any other visible alteration.  Also, regularly check your bank account balances for any evidence of fraud so that you can report the matter as soon as possible to your bank in order to protect yourself from losses.  Finally, in regard to the specific issue as to Windows XP and ATMs, ask your bank what operating system they are using and if it is Windows XP, you may wish to find out what ATMs near you do not use this system.

Scam of the day – March 26, 2014 – Latest critical security software updates

March 26, 2014 Posted by Steven Weisman, Esq.

As regular followers of Scamicide know, whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security.  Today’s list of software updates includes critical updates from Adobe, Apple and Google.  The Adobe and Apple patches are of particular importance to your security.

TIPS

Here is a link to the latest release from the Department of Homeland Security with links to the important security patches and updates:

https://www.us-cert.gov/ncas/bulletins/SB14-083

Scam of the day – March 25, 2014 – California DMV data breach

March 25, 2014 Posted by Steven Weisman, Esq.

As I write today’s Scam of the day, the California Department of Motor Vehicles still is denying that they have been a victim of a data breach although they have indicated that due to “an abundance of caution” they are initiating an investigation.  The problem is that they have been hacked and their investigation should be focused on finding where the hacking occurred.  As was the case with the hacking of Target’s computers and those of many other companies, the companies themselves rarely are the first to discover that their security has been breached.  What happened with Target and others is what happened here; banks monitoring fraudulent use of credit cards were able to discover a connection between thousands of fraudulently cards and the California Registry of Motor Vehicles.  It appears that these were credit and debit cards used in online transactions as the information stolen was for transactions where the card was not present.  Included in the compromised information were the card numbers, expiration date and the three or four digit security code printed on each card.

TIPS

Once again, I urge you all not to use your debit card for anything other than ATM transactions because not only are the consumer protections available to you if your card is fraudulently used less protective than those that you have when your credit card is fraudulently used, but even if you report the fraudulent use of your debit card immediately, there can be a delay in your being able to access your checking account while the bank investigates the incident.  Also, this case points out the extreme importance of constantly monitoring your credit card statements for improper transactions.  The sooner you report the breach, the more you are protected and the less you are inconvenienced.  This particular breach at the California Department of Motor Vehicles appears to have gone on from August 2, 2013 until January 31, 2014 which is a very long time for such a data breach to have gone on undetected.  Waiting for companies to notify you that a breach has occurred is not a good defense against fraud.

Scam of the day – March 24, 2014 – March Madness Scams

March 24, 2014 Posted by Steven Weisman, Esq.

March Madness is in full swing and even though no one will be winning Warren Buffet’s billion dollar challenge to the person who predicted the winner of every game, the excitement around the country is high.  Of course, whenever excitement is high about anything, scam artists, the only criminals we call artists, are there ready to take advantage of heightened interest.  Many people are looking for   T- shirts and other apparel and souvenirs online.  Many websites are offering inferior, unlicensed products. Scammers are quite adept at manipulating search engines such as Google and Bing so that their phony websites turn up high in any search.  People are also anxious to buy tickets and are purchasing them online at places like Craigs list and other sites that are not official ticket vendors.  Unfortunately, many of these tickets are counterfeit.

TIPS

For merchandise purchases, stick to sporting goods websites that you know are legitimate and only pay by a credit card.  With a credit card, if the sale is a fraud, you can always stop payment of the charge.  As for tickets, Craigslist and many other websites do not confirm the legitimacy of the offers they carry.  Again, limit the places you consider to either the official NCAA website of www.ncaa.com/tickets or companies such as Stubhub, Ticketron or Ticketmaster and even with these legitimate companies, use a credit card for extra protection.

Scam of the day – March 23, 2014 – Hacker of nude photos by webcam sentenced

March 23, 2014 Posted by Steven Weisman, Esq.

Last week,  twenty year old Jared Abrahams was convicted of hacking the computers of at least twelve women and attempting to blackmail them.    He was sentenced to 18 months in prison.  Among the women victimized by Abrahams was Cassidy Wolf, Miss Teen USA.  Abrahams hacked into the webcams of his victims’ computers to take nude photos of the young women, many of whom were caught by the webcams of their computers as they undressed in their bedrooms.  He then contacted the young women and threatened to post the photos on social media unless they sent him additional pictures or posed for him on Skype.

TIPS

It is not difficult to hack into the webcam of a computer from afar.  The same types of tricks used to get people to unwittingly download keystroke logging malware that enables the hacker to gather all of the personal information from your computer to be used to make you a victim of identity theft can be used to get you to download the malware that enables the hacker to control your webcam.  Never click on links in emails or download attachments unless you are absolutely positive they are legitimate.  They may be riddled with malware.  Also, install and maintain anti-malware and anti-virus software on your computer and other electronic devices.  For external webcams that are not a built-in component of your computer, a red light will signal that the camera is operating.  Be aware of this.  It is a good idea to merely disconnect the external webcam when you are not using it or merely take a post-it and cover the webcam’s lens whenever you are not using it.  For built in webcams, they too will generally have a blue light to indicate that it is operating, however, again, it is a good idea to merely cover the lens when you are not using it.  Finally, you may wish to keep computers with webcams out of your bedroom.

Scam of the day – March 22, 2014 – Could Malaysian Flight 370 have been hacked?

March 21, 2014 Posted by Steven Weisman, Esq.

The mysterious disappearance of Malaysian Flight 370 continues to baffle investigators.  What we do know is that during the flight, two essential communication and location systems were turned off while the aircraft continued to fly.  Investigators appear to be focusing on the pilots or someone else on board physically turning off these systems.  But could the systems have been turned off by a hacker remotely sabotaging the plane?  The frightening answer is that theoretically this is possible.  In fact, in 2012, Boeing, the manufacturer of the Boeing 777 which was used on Flight 370 applied to the Federal Aviation Administration to make modifications to its onboard data systems because, according to federal records, “data network and design integration may result in security vulnerabilities from intentional or unintentional corruption of data systems critical to the safety and maintenance of the airplane… This may enable the exploitation of network security vulnerabilities and increased risks potentially resulting in unsafe conditions for the airplanes and occupants.”

In 2013, at a security summit, Hugo Teso showed that an Android smartphone could be used to take control of an airplane.  The FAA disputes Teso, but his theory appears sound.

TIPS

Until the aircraft is found, all we have is conjecture.  Hopefully, the truth will emerge and soon.

Scam of the day – March 21, 2014 – New hacking threat to ATMs

March 21, 2014 Posted by Steven Weisman, Esq.

In terms of computer software, the Windows XP operating system is old, having been first introduced in 2001.  Approximately 95% of the world’s ATMs use this software as their operating system.  The problem is that Microsoft is phasing out this operating system and will not longer be providing security patches and updates for Windows XP after April 8th.  This means that for those banks who have not switched to a new operating system, they will be left vulnerable to the attacks of hackers who will no longer find themselves remedying newly discovered vulnerabilities.   The results could be devastating.  Banks around the world are already planning to switch to new operating systems, but it has been estimated that only a third of banks will make the necessary switch to a new system before the April 8th deadline.  This would leave those banks still running Windows XP using unsupported software which, according to the Department of Homeland Security will result in an “elevated risk to cybersecurity dangers.”

TIPS

As  prudent bank customer, you should ask your bank manager what operating system they are using for their ATMs and if it is Windows XP, what they intend to do about Microsoft no longer providing security updates.  You may wish to consider limiting your ATM use to banks that you know have updated their operating system software.  As always, you should also monitor your bank account’s activities for any fraudulent charges, which may or may not be tied to your use of an ATM.

Scam of the day – March 20, 2014 – Maricopa County Community College hacked

March 20, 2014 Posted by Steven Weisman, Esq.

As the old saying goes, “fool me once, shame on you; fool me twice, shame on me.”  Recently the Maricopa County Community College revealed that its computers had been hacked and personal information including Social Security numbers and banking information of more than 2.4 million students, former students, employees and vendors covering a period of more than thirty years was compromised.  As I have indicated to you in a number of Scams of the day, colleges and universities have been prime targets for hackers because they provide the perfect combination of often lax security and large amounts of personal information.  What makes this security breach even more egregious is the fact that Maricopa County Community College was hacked back in 2011, but steps to improve the security of their computer systems were not taken despite the recommendations of employees of the colleges information technology department and their warning that the 2011 breach which only affected 400 people exposed a flaw that could affect many more people.

TIPS

Presently a class action is being prepared by the Phoenix law firm of Gallagher and Kennedy. If you have been affected by the data breach, you may wish to contact them.  You also should check your credit report at www.annualcreditreport.com to get your free credit report from each of the three credit reporting agencies, Equifax, Experian and TransUnion in order to look for evidence of identity theft.  You should also consider putting a credit freeze on your credit report to prevent it from being accessed by an identity theft armed with your Social Security.  You can find instructions here on the Scamicide website as to how to put a credit freeze on your credit report.  This data breach also brings up the question again as to why Maricopa retained personal information on people who have long ago ceased to have a relationship with the college.

Scam of the day – March 19, 2014 – Missing Malaysian airline scam

March 19, 2014 Posted by Steven Weisman, Esq.

The mysterious disappearance of Malaysian Airlines Flight 370 has captured the attention of people around the world so it should come as no surprise that scammers and identity thieves are using this event as an opportunity to steal people’s identity through malware infected phony news reports, photos and videos.  In 2011 similar scams tied to the Japanese Tsunami were common.  Throughout the Internet and on social media including Facebook and Twitter links to phony stories, photos and videos are appearing with tantalizing headlines such as “Shocking video, Malaysian Airlines missing flight MH 370 found in Sea,” “Malaysian Airlines missing flight MH 370 found in Sea – 50 people alive saved” and “CNN UPDATE Breaking – Malaysian Airplane MH 370 Already Found.  Shocking Video.”    Some phony links even promise videos of the plane in the Bermuda Triangle.  Unfortunately, if you click on these links, all you will succeed in doing is unwittingly downloading keystroke logging malware that will steal your personal information from your computer, laptop, tablet or smartphone and use that information to make you a victim of identity theft.

TIPS

Never click on links unless you are absolutely sure that they are legitimate because they may well be just a lure to get you to unknowingly install malware on your computer, laptop or smartphone.  When looking for information upon which you can rely in regard to anything, stay with websites that you know are legitimate news sites.  Also, make sure that you have proper anti-malware and anti-virus software on all of your electronic devices and keep that software up to date with the latest security patches and updates.  The creators of malware and viruses are often ahead of the makers of anti-malware and anti-virus software, but it is important to keep your devices as safe as possible.

Scam of the day – March 18, 2014 – Latest critical security updates

March 17, 2014 Posted by Steven Weisman, Esq.

As regular followers of Scamicide know, whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security.  Today’s list of software updates includes critical updates from Ubuntu, Adobe, Apple and Google.  The Adobe and Apple patches are of particular importance to your security.

TIPS

Here are the links to the latest software security updates and patches as provided by the United States Department of Homeland Security:

https://www.us-cert.gov/ncas/current-activity/2014/03/13/Ubuntu-Releases-Security-Update

https://www.us-cert.gov/ncas/current-activity/2014/03/13/Adobe-Releases-Security-Update-Shockwave-Player

https://www.us-cert.gov/ncas/current-activity/2014/03/12/Security-Updates-Released-iOS-devices-and-Apple-TV

https://www.us-cert.gov/ncas/current-activity/2014/03/12/Security-Updates-Available-Adobe-Flash-Player

https://www.us-cert.gov/ncas/current-activity/2014/03/12/Security-Update-Chrome-OS

https://www.us-cert.gov/ncas/current-activity/2014/03/12/Google-Releases-Chrome-Update