Scam of the day – May 12, 2017 – Mother’s Day scams

Every day is Scam Day and Mother’s Day is no exception.  Although for many of us, Mother’s Day is an opportunity to show our mothers how much we love and appreciate them, for scam artists, the only criminals we refer to as artists, it is yet another opportunity to scam people.  One common Mother’s Day scam involves an email that you get offering Mother’s Day gifts such as flowers, jewelry, shoes or clothing at tremendously discounted prices.  All you need to do is to click on a link to order online.  The problem is that many of these offers are indeed scams.  If you click on the link, one of two things can happen and both are bad.  Sometimes the link will take you to an order form where you provide your credit card information, but never get anything in return.  Instead your credit card information is used to make you a victim of identity theft.  Even worse is the other possibility which is by clicking on the link, you will unwittingly download a keystroke logging malware program that will steal all of the personal information stored on your computer and use that information to make you a victim of identity theft.

Also, be careful when making online purchases.  Merely because a website offering great prices may be highly listed on Google or other search engines does not mean that it is legitimate.  All it means is that the scammers know how to manipulate the positioning of their website in a Google search.  Check out any company with which you may not be familiar with the Better Business Bureau or even Google the company’s name with the word “scam” added to the search and see what you come up with.  Even if you are dealing with a legitimate online company, make sure that your communications are encrypted when you are sending personal information or credit card information.  The easy way to do this is to look to see if the beginning of the web address of the company changes when you go to the page to input this information from “http” to “https” indicating that your data is being encrypted.  And of course, don’t use your debit card for retail purchases either online or in a brick and mortar store because you have less protection from fraud with a debit card than a credit card.

Finally, another Mother’s Day involves e-cards which are great, particularly for those of us who forget to get a Mother’s Day card until the last minute.  However, identity thieves will send emails purporting to contain a link to an electronic Mother’s Day card, but instead download that dangerous keystroke logging malware that I described above.

TIPS

It is always dangerous to buy anything online from any store or company with which you are not familiar.  Check out the company with the Better Business Bureau, your state’s Attorney General, the Federal Trade Commission or just do a Google search to see if the company is legitimate.  Even then you are better off going directly to the company rather than dealing with a company through an email that may just be a forgery of an email from a legitimate company.  As always, if  the offer you receive sounds too good to be true, it usually is.  As for e-cards, never open an e card unless it specifically indicates who sent the card.  Phony e cards will not indicate the name of the sender.

Scam of the day – May 11, 2017 – Bed Bath and Beyond coupon scam

Bed Bath and Beyond is the latest company to be used as a lure by scammers through phony coupons appearing on your Facebook page.  The Coupon, reproduced below promises a $75 dollar discount for Mother’s Day, but don’t click on it.  If you click on it, your are prompted to provide information to a survey in order to receive your coupon, but there is no coupon and the information you provide may be used to make you a victim of identity theft.

Bed Bath & Beyond warns customers about Mother’s Day coupon scam

TIPS

No company could cover the cost of giving away vast numbers of $75 coupons although sometimes participants in legitimate surveys are promised a chance to win a coupon in a drawing.  Facebook is a favorite venue for scammers to use for this type of scam because often unwary victims will unwittingly share the scam with their friends.  If you have doubts about the legitimacy of a coupon, the best place to go is to the company’s website to see what real coupons are being offered.  For Bed Bath and Beyond you can also call their customer service number of 1-800- GO-BEYOND to confirm the legitimacy of any their coupons.

Scam of the day – May 10, 2017 – Hacker pleads guilty to 6.5 million dollar scam

Obinna Obioha, a Nigerian citizen has recently pleaded guilty in federal court to hacking into the computers of American businesses around the country and stealing information that enabled him to scam the companies out of an estimated 6.5 million dollars.

While in Nigeria, Obioha used phishing emails to hack into the computers of companies around the world including the United States.  Through his monitoring of the email accounts of employees of the targeted companies, Obioha was able to recognize when commercial transactions were about to occur, at which time he would then send an email to the company from an email address just slightly different from that of a company with which his targeted company did business.  Posing as a regular business partner of his targeted company, the phony email would be used to send a phony invoice and instructions to wire the payment funds to bank accounts controlled by Obioha and his cohorts.  Obioha admitted successfully perpetrating this scam at least fifty times between January and September of 2016.  Obioha was arrested after flying to New York from Nigeria in October of 2016 and has been in custody since then.  He is now awaiting sentencing.

TIPS

Companies large and small are increasingly falling for this scam.  In order to avoid this scam, companies should be particularly wary of requests for wire transfers made by email. Wire transfers are the preferred method of payment of scammers because of the impossibility of getting the money back once it has been sent.  Verification protocols for wire transfers and other bill payments should be instituted including, dual factor authentication when appropriate.  Companies should also consider the amount of information that is available about them and their employees that can be used by scammers to perpetrate this crime.  They also should have strict rules regarding company information included on employee social media accounts that can be exploited for “spear phishing” emails which play a large part in this scam. Finally, employees should be specifically educated about this scam in order to be on the lookout for it.

Scam of the day – May 9, 2017 – Is there a link between autism spectrum traits and cybercriminals?

For quite a while it has been suspected that there is a link between people with Asperger’s syndrome and others Autism spectrum disorders and cybercrime.  This was highlighted by the arrest of British citizen Lori Love who is charged with having hacked the Federal Reserve, the US Army, the Department of Defense, NASA and the FBI.  Love’s extradition to the United States to face charges related to these cybercrimes was approved by a British court and is presently on appeal in Britain.

While law enforcement have long believed there was a connection between cybercrime and Autism, there has been no scientific research in this area until now.  The University of Bath’s Centre for Applied Autism, the cybercrime unit of Britain’s National Crime Agency and the charity Research Autism have begun a joint study to determine whether there is a connection between autism and cybercrime.

TIPS

The researchers hope to come up with a better understanding of the motivations and characteristics of cybercriminals in general in order to use this information to identify people at risk of becoming cybercriminals to enable law enforcement and social agencies to act to prevent people, particularly vulnerable people on the Autism spectrum from becoming cybercriminals.  Anecdotal evidence has tended to indicate that individuals with Asperger’s syndrome have been exploited for cybercrime purposes by criminals recognizing their computer skills that could be funneled into hacking and other computer crimes.

Scam of the day – May 8, 2017 – Jamaican Lottery scam update

In the Scam of the day for November 12, 2016 I informed you about Lavrick Willocks, an accused mastermind of the infamous phony Jamaica lottery scam  who was arrested in Jamaica and was then, along with eight other co-defendants, facing extradition to the United States to stand trial on various criminal charges related to the Jamaica lottery scam.  Now Willocks and the others have all been finally extradited to North Dakota to face criminal charges.

The Jamaican lottery scam by which many Americans, mostly elderly, have been scammed out of money after being told that they have won the non-existent Jamaican lottery continues as other Jamaicans independently operate this scam.    The scam begins when the victim receives a telephone call informing them that they have won this non-existent lottery that they never entered and are then pressured to pay “fees” and “taxes” before their winnings can be sent to them.    This scam has been going on since the 1990s, largely unchecked until Jamaica passed legislation in 2013 making it easier to convict the scammers.

In May of 2015,  following three days of deliberation a North Dakota jury convicted Sanjay Williams, of Montego Bay, Jamaica of conspiracy, wire fraud and money laundering charges related to this scam    This particular case was four years in the making and started when an 86 year old North Dakota widow, Edna Schmeets lost her entire life’s savings of $300,000 to Jamaican scammers who telephoned her and told her that she had won a 19  million dollar Jamaican lottery, but that she needed to pay taxes and fees before she could claim her prize. Williams was sentenced to 20 years in prison.

TIPS

As I have often told you, it is difficult to win a lottery you have entered.  It is impossible to win one that you have not even entered.  You should always be skeptical about being told that you have won a lottery you never entered.  It is also important to remember that it is illegal to play foreign lotteries except when you are actually present in the other country.  While it is true that income taxes are owed on lottery winnings, legal lotteries never collect tax money from winners.  They either deduct the taxes from the winnings or leave it up to the winners to pay their taxes directly to the IRS.  You also should never pay a fee to collect a legal lottery prize.

Scam of the day – May 7, 2017 – New Ransomware uses the Big Mac Index

We are all familiar now with the cyberthreat presented by ransomware, which is malware which when downloaded to your computer encrypts all of your data and threatens to destroy your data unless you pay a prompt ransom, generally in the form of bitcoins.  Reproduced below is what appears on your computer screen when you become a victim of this new strain of ransomware.

Fatboy ransom note

This new strain of ransomware called Fatboy is being sold on Russian Dark Web sites where cybercriminals can partner with the creator of Fatboy to spread the malware and share in the profits.  What is most interesting about Fatboy, however is how the ransom is calculated, which is done by first identifying the country where the ransomware infected victim is located and then applying what is known as the Big Mac Index to come up with the ransom demand.  The Big Mac Index is a financial index created by the Economist, a financial publication that compares countries’ purchasing power by comparing the purchase price for a McDonald’s Big Mac in those countries.

TIPS

The key to not becoming a victim of a ransomware attack is to prevent it in the first place.  Generally, the malware is installed unwittingly by victims when they are lured through phishing and spear phishing emails to click on links infected with the malware.  Never click on links in emails or text messages regardless of how legitimate they may appear until you have verified that it is legitimate.  You should also install anti-phishing software.

It is also important to not only have anti-malware software installed on all of your electronic devices, but to make sure that you update the security software with the latest security patches and updates.  Many victims of ransomware have fallen victim to strains of ransomware for which there are already security software available to thwart it.   Finally, always back up your computer’s data daily, preferably in two different ways in order to protect your data in the event you do become a victim of ransomware.

Steve Weisman’s latest column for USA Today – May 6, 2017

Here is a link to an important column I wrote for USA Today that discusses a recent urgent report from the Department of Homeland Security that discloses serious cyberthreats to the United States and many elements of our infrastructure.

https://www.usatoday.com/story/money/columnist/2017/05/06/homeland-security-sees-rising-cyber-threats/101142164/

Scam of the day – May 6, 2017 – Google Docs phishing scam

A phishing email is presently being sent to unsuspecting victims that urges you to click on a Google Docs link.  A copy of one version of the email is reproduced below. Clicking on the link will turn over your Gmail account to the scammer which not only will give the hacker access to all of your emails, but also your contact list which will enable the hacker to contact your friends with emails that appear to come from you and will be used to lure your trusting friends into clicking on links that can download keystroke logging malware that can lead to identity theft or ransomware.

TIPS

Never click on links or download attachments regardless of from where they may appear to originate unless you have verified that the email is legitimate.  In addition, even people who fell for this scam, would be safe if they used dual factor authentication for their Gmail account which would prevent someone who had your password from accessing your account.  With dual factor authentication, when you go to access your account a special code is sent to your cell phone if the request to access your account comes from a different computer or device that you generally use.  You can sign up for Google’s dual factor authentication by clicking on this link:  https://www.google.com/landing/2step/

Scam of the day – Mary 5, 2017 – 10 Concerts I’ve been to Facebook scam

Facebook is very popular with the general public and anything popular with the general public becomes a popular platform for scammers.  I have written about many Facebook scams over the years, but the latest one is particularly dangerous because it appears so innocuous.  It comes up on your Facebook page under the headline “10 Concerts, but there is one act that I haven’t seen live.  Which is it?”  While this may appear harmless, the information you provide may tell more about you than the person who appears to be posting it.  It may provide information about your approximate age and preferences in music which can then be used by a scammer to send you a phishing email tailored to appeal to your particular interests that you may trust and click on a link contained in the email that contains either keystroke logging malware that can be used to steal your identity or ransomware.

TIPS

We all tend to put too much personal information on social media that can be exploited by scammers and identity thieves to our detriment.  However, if you, as many people do, find this game and other similar games to be fun to play, you may want to just adjust your privacy setting to “friends only” so that you limit who gets to see your answers.

Scam of the day – May 4, 2017 – New mystery shopper scam

I recently warned you about mystery shopper scams, however because these scams continue to snare so many unsuspecting victims, I am including the most recent mystery shopper scam email that is presently circulating as today’s Scam of the day.   Mystery shoppers are people hired to shop at a particular store and report on the shopping experience for purposes of quality control.  Unlike many scams, there actually are legitimate mystery shopper companies, but they never advertise or recruit through emails.

The manner in which the scam works is that when you answer an advertisement or an email to become a mystery shopper, you are sent a bank check to deposit and use for your shopping.  You spend some of the money on the goods that you purchase which you are allowed to keep and also are directed to keep some of the balance of the check as payment for your services.   You are instructed to return the remaining funds by a wire transfer.  The problem is that the check is counterfeit, but the money you send by wire from your own bank account is legitimate and that money is gone from your bank account forever.

Here is a copy of the email I recently received:

 “Mystery Shopper is accepting applications for qualified individuals to become mystery shoppers. It’s fun and rewarding, and you choose when and where you want to shop. You are never obligated to accept an assignment. There is no charge to become a shopper and you do not need previous experience.
 Mystery Shopper NEVER charge fees to become a shopper, mystery shoppers are paid a prearranged fee for a particular shop, We have available for immediate assignment an inspection of the customer service of some stores and businesses in your area. This fee will be paid upfront. During this shop you will visit the location and make several observations as regards the customer service. You will be required to interact with the shop clerk. You may conduct the shop alone or as a couple.
 Please note: If this message goes to your spam mail, you need to move it to your inbox for the link to redirect to our sign up page.
Regards,
Mystery Shopping Services”
 TIPS

One reason why this scam fools so many people is that there really are mystery shopping jobs although the actual number is quite few and they do not go looking for you. An indication that you are involved with a scam is when you receive a check for more than what is owed you and you are asked to wire the difference back to the sender.  This is the basis of many scams.  Whenever you receive a check, wait for your bank to tell you that the check has fully cleared before you consider the funds as actually being in your account.  Don’t rely on provisional credit  which is given after a few days, but which can be rescinded once a check bounces and never accept a check for more than what is owed with the intention to send back the rest.  That is always a scam.  Also be wary whenever you are asked to wire funds because this is a common theme in many scams because it is difficult to trace and impossible to stop.

Additionally, this particular scam email was sent by the email address of a person entirely unrelated to any mystery shopping company which is generally an indication that you are getting the email sent from an unsuspecting victim of an email hacking whose email address is now being used as a part of a botnet of similarly hacked computers to send out scam emails such as this.