Scam of the day – April 7, 2014 – Multi-million dollar bank hacking conspiracy broken

A few days ago, Robert Dubuc and Oleg Pidtergerya pleaded guilty to a number of criminal counts in charges brought against them in federal court.  The conspiracy of which they were a part is very telling of the danger that threatens the international banking system.  The scheme began before the two defendants ever got involved.  Ukrainian hackers gained illegal access to the bank accounts of more than a dozen large financial institutions and companies, including Automatic Data Processing, Inc (ADP), Citibank, E-Trade, JP Morgan Chase Bank, Pay Pal, TD Ameritrade and TIAA-CREF.  Once the hackers gained access to the accounts, they transferred funds stolen electronically from these accounts to bank accounts and pre-paid debit cards that they controlled.  At this point they then progressed to the cashing out phase of the scam by which people known as “cashers” would withdraw the funds from the new accounts through ATM withdrawals and bank withdrawals after which the funds were sent to the two Ukranian hackers behind the scam.  Dubuc and Pidtergerya were cashers.


Banks and other financial institutions have not been particularly forthright when it comes to disclosing the successful hacking of their accounts.  Nor has their security been as good as it has to be.  Where this leaves us as customers is that we need to be particularly vigilant in monitoring our accounts at all times for signs of fraudulent purchases.  Sometimes we are our own worst enemy such as when we unwittingly download keystroke logging malware through clicking on tainted links or downloading dangerous malware that steals the information from our computers, smartphones, tablets and other portable electronic devices and then uses this information to make us victims of identity theft and access our accounts.  It is important to monitor all of your financial accounts more often than monthly.  It is also important to maintain the most up to date security software on all of our electronic devices and finally, it is up to us to use caution whenever we are online and not to click on links unless we are absolutely sure they are legitimate.

Scam of the day – December 6, 2013 – Massive hack of two million internet accounts

Trustwave, a cybersecurity company has just uncovered a hacking of close to two million Facebook, Google, Twitter, Yahoo, LinkedIn and other social media accounts.  Even more ominously, the hacking includes other Internet sites including ADP, a payroll service provider.  The hackings appear to have started on October 21st and still are going on.  Compromised information includes usernames and passwords.  The hacking is a worldwide phenomena with computers affected in more than 100 countries.  ADP, Facebook, LinkedIn and Twitter have already notified its users to reset passwords for affected accounts.  Particularly troublesome is the hacking of ADP, the payroll company.  Approximately 2,400 accounts had their security breached.  Although the exact manner that the hacking was accomplished still has not been identified, what is known is that the hacking was achieved by luring people into downloading keystroke logging malware that stole the information from their computers.  This technique is referred to as phishing.  You will find more about phishing in my book “50 Ways to Protect Your Identity in a Digital Age,” but in essence phishing occurs when an identity thief sends you an official looking email or you go to a counterfeit website where although the email and the website appear legitimate, they are not.  When you click on links in the email or website you download the malware.


Also distressing is the fact that in uncovering this hacking, Trustwave identified the passwords that were compromised and the large majority of them were simple passwords that are easy for identity thieves to guess.  The most common password of the stolen passwords was 123456.  Another problem for people who had their passwords and user names stolen is that people often use the same password for many different accounts so they are in danger not just in the hacked accounts, but in others they use.  Scamicide and “50 Ways to Protect Your Identiy in a Digital Age” provide detailed help in picking a simple to remember, but complex password that will make you safer on line.  Also, it is important to have anti-malware and anti-virus software installed on your computer and maintained up to date with the latest patches.  Also keep all of your software updated with the latest security patches.  For this reason, whenever software companies issue security patches, I provide links to them here on Scamicide.  Check this site each day to make sure you are safe.  Finally, do not click on links or download attachments in emails or on websites unless you are absolutely sure that they are legitimate.