Scam of the day – February 3, 2015 – Affordable Care Act phishing scam

Recently the United States Computer Emergency Readiness Team which is a part of the Department of Homeland Security issued a warning about a phishing scam related to the Affordable Care Act, commonly referred to as Obamacare.  Since its inception, there has been much confusion about many aspects of the Affordable Care Act and scammers are taking advantage of this confusion by sending emails to their intended victims that purport to come from a federal agency involved with the Affordable Care Act in which the person receiving the email is asked for personal information or directed to a website by way of a link that, if clicked on, will cause keystroke logging malware to be downloaded on to the victim’s computer or other electronic device that will enable the scammer to steal the personal information of the victim and make him or her a victim of identity theft.

TIPS

The rules to follow in order to avoid becoming a victim of this scam are simple and easy to follow.  Never provide personal information in response to an email, text message or phone call from someone until you have confirmed that the communication is legitimate.  You can never trust any communication to be from who it purports to be until you have independently confirmed that it is both legitimate and that there is a legitimate need for your personal information.  You can determine whether or not a communication is legitimate or not through a phone call or other communication with the real company or agency that the communication purports to be. Don’t use the phone number, website or email address supplied to you in the communication itself.  You cannot trust it.

Also, never, and I mean never, click on links in any email or text message until you have again confirmed that the communication is legitimate.  Even if the email address from which the message is that of a legitimate company or agency, their email could have been hacked, so never click on a link until you have independently confirmed that it is legitimate.

Finally, make sure you have a good firewall as well as anti-virus and anti-malware software on all of your electronic devices and keep these security programs updated with the latest patches.

Scam of the day – December 31, 2014 – ICANN suffers data breach

Many of you may not be familiar with the acronym ICANN which stands for the Internet Corporation for Assigned Names and Numbers, however everyone is familiar with what they do.  ICANN is the international organization that administers all website domain names.  ICANN recently disclosed that it had been hacked since November.  Fortunately, the extent of the hacking and data breach was minimal and passwords were not stolen since they were maintained in an encrypted manner by ICANN.  The hackers did, however, manage to obtain the names, addresses, email addresses and phone numbers of ICANN customers.  ICANN is in the process of notifying those people whose data was compromised.  The danger posed by this information falling into the hands of scammers is that it can be exploited by a technique called “spear phishing” where specific people are targeted in emails that appear to be from legitimate sources and directed to them personally by name, such that the victim is more likely to trust that the email is legitimate and be lured into clicking on links contained in the email or text message that contain malware that will enable the scammer to steal the personal information of the victim and use that information to make the person a victim of identity theft.

TIPS

Remember my motto, “trust me, you can’t trust anyone.”  Regardless of whether an email or text message appears to be legitimate, you should never click on links until you have absolutely confirmed that the message is legitimate and the link is legitimate.  Even if the email or text message is addressed to you personally and appears to come from someone or some business or agency with which you have a relationship, you can never be sure that the communication is legitimate and the risk of downloading keystroke logging malware is too great to trust such communications until you have absolutely confirmed that such communications are legitimate.  Additionally, it is important to keep your anti-malware and anti-virus software up to date remembering that your security software will always be at least a month behind the latest malware threats.

Scam of the day – July 21, 2014 – Yahoo email phishing scam

A number of times I have written about email phishing scams that start when you receive an email that purports to be sent from AOL informing you that there is some problem with your AOL account which requires you to click on a link in order to rectify the problem.  Recently, another email server is the subject of a phishing scam.  This time it is Yahoo.  Here is a copy of an email that is presently finding its way into many people’s email boxes.  This is a phishing scam.  DO NOT CLICK ON THE LINK.  Clicking on the link will result in either your downloading a keystroke logging malware program that will steal all of the information from your computer such as your Social Security number, credit card numbers and banking information that will then be used to make you a victim of identity theft or when you click on the link you will be prompted to provide personal information that will also be used to make you a victim of identity theft.  Some phishing emails are better than others and this one was not very convincing.  The email address from which it was sent was not even a Yahoo email address.  It was the address of someone whose email had been hacked and made a part of a botnet of computers used by identity thieves to send out their phishing emails.  In addition, this email is not directed to you by name, but rather as “Yahoo user.”  As with many of these scams that often originate in foreign countries where English is a second language, the grammar is suspect as where in this email the word “responds” is used instead of the correct word “response.”

“Dear Yahoo! User

Your two incoming mails were placed on pending status due to the recent upgrade to our database, In order to receive the messages Click Here to login and wait for responds.

Customer! Mail Product Management.

Copyright © 2014 Mail! Inc. (Co. Reg.. No. 2344507D)All Rights
Reserved. Intellectual Property Rights Policy
Please do not reply to this message. Mail sent to this address cannot be answered.”

TIPS

The most important thing to remember is to never click on links in emails or download attachments unless you are absolutely sure that they are legitimate.  In this particular case, it is easy to see that it is a scam.  Additionally, you should make sure that your anti-malware and anti-virus software are installed and up to date with the latest security updates while remembering that you cannot rely on your security software because it is generally about thirty days behind the latest viruses and malware programs.

Scam of the day – May 23, 2014 – Pirated movies can lead to identity theft

Finding bootleg versions of popular movies on the Internet is an easy task, but as a recent study by Intelligent Content Protection, an anti-piracy consulting service found, it comes with a risk and that risk is identity theft.  In its study of thirty of the top pirate websites for downloading pirated versions of popular movies, it found twenty-nine of them contained malware of some sort.  Although not all contained the kind of keystroke logging malware that, when installed on your computer, will permit an identity thief to steal all of the information on your computer and make you a victim of identity theft, the risk of such malware is high.

TIPS

Besides the fact that it is both illegal and morally wrong to steal intellectual property such as movies without paying for them, the risk of unwittingly downloading dangerous keystroke logging malware when you go to an illegal pirate site is just too high.  Even if you have anti-malware software and anti virus software on your computer, these programs are only about 5% effective in protecting you from the very latest strains of malware.  So the lesson is clear.  Avoid these pirate websites not just because it is the right thing to do, but also to protect yourself from identity theft.

Scam of the day – March 19, 2014 – Missing Malaysian airline scam

The mysterious disappearance of Malaysian Airlines Flight 370 has captured the attention of people around the world so it should come as no surprise that scammers and identity thieves are using this event as an opportunity to steal people’s identity through malware infected phony news reports, photos and videos.  In 2011 similar scams tied to the Japanese Tsunami were common.  Throughout the Internet and on social media including Facebook and Twitter links to phony stories, photos and videos are appearing with tantalizing headlines such as “Shocking video, Malaysian Airlines missing flight MH 370 found in Sea,” “Malaysian Airlines missing flight MH 370 found in Sea – 50 people alive saved” and “CNN UPDATE Breaking – Malaysian Airplane MH 370 Already Found.  Shocking Video.”    Some phony links even promise videos of the plane in the Bermuda Triangle.  Unfortunately, if you click on these links, all you will succeed in doing is unwittingly downloading keystroke logging malware that will steal your personal information from your computer, laptop, tablet or smartphone and use that information to make you a victim of identity theft.

TIPS

Never click on links unless you are absolutely sure that they are legitimate because they may well be just a lure to get you to unknowingly install malware on your computer, laptop or smartphone.  When looking for information upon which you can rely in regard to anything, stay with websites that you know are legitimate news sites.  Also, make sure that you have proper anti-malware and anti-virus software on all of your electronic devices and keep that software up to date with the latest security patches and updates.  The creators of malware and viruses are often ahead of the makers of anti-malware and anti-virus software, but it is important to keep your devices as safe as possible.

Scam of the day – February 17, 2014 – Kickstarter hacked – the lesson for all of us

Over the last couple of years I have often reported to you about data breaches at major companies who have been hacked.  The recent Target hacking although particularly large, was not particularly unusual.  Two days ago, Kickstarter disclosed that it had been hacked.  Kickstarter is a crowdfunding platform that helps creative people raise fund for their projects by appealing to the public for funds.  In the almost four years since it was launched, Kickstarter has helped fund more than 50,000 artistic endeavors.  According to Kickstarter’s CEO, no credit card data of its customers was compromised, however user names, email addresses, mailing addresses, phone numbers and encrypted passwords were stolen.  This information can readily lead to identity theft through a technique called “spear phishing” by which emails and text messages can be sent to the potential victims by name which may make them appear more legitimate.  These texts and emails lure people into either providing personal information under various legitimate appearing pretexts or by getting the victims to click on links or download attachments riddled with keystroke logging malware that will steal all of the information from your computer or smartphone and use it to make you a victim of identity theft.  In addition, people with weak passwords, such as  the popular”123456″ or “password” may have their Kickstarter encrypted passwords easily unencrypted providing access not only to the victim’s Kickstarter account, but possibly other accounts where the victim uses the same password.

TIPS

If you are a customer of Kickstarter, change your password immediately and everyone who uses the same password for all of their accounts should change their passwords to unique passwords for each account.  You can get detailed information as to how to pick an easy to remember, complex password in my book “50 Ways to Protect Your Identity in a Digital Age,” but a simple rule is to use a phrase, capital letters, small letters and symbols, such as “ICan’tRememberit!!!.”  This is easy to remember and hard to break.  Also, make sure that you have the most current, updated anti-malware software and anti-virus software installed on all of your electronic devices including your computer, tablet and smartphone.

Scam of the day – February 16, 2014 – Latest Target information – what it means to you

Although we have known for some time that the hacking of Target was accomplished through the initial hacking of Fazio Mechanical, a heating and air conditioning company that does business with Target and  had access to Target’s computers for billing and ordering purposes, it was not until recently that we learned that the way that Fazio was hacked was through a common technique called “spear phishing” where the victim receives an email directed to them by name that appears legitimate or promises something enticing, such as free pornography or videos of a newsworthy or otherwise intriguing event. Once the victim clicks on the link in the email or downloads the attachment in the email, malware is downloaded on to the victims’ computer that provides access to the all of the information in the victim’s computer, which in this case included the information necessary to access the Target computer system.  Even though Fazio’s computers were protected by anti-malware programs, either its program was not as good as necessary or it was merely not current with the latest malware threats.  Anti-malware software programs are generally at least thirty days behind the latest malware threats.

Also criticism is now being made of Target’s offer of one year’s worth of free credit monitoring service through Protect MyID.  The problem is twofold.  First, credit monitoring merely helps to inform you that you have already become a victim of identity theft.  It does nothing to prevent identity theft.  But even further Target’s program which is done through the credit reporting bureau Experian only provides you with credit monitoring of your Experian file.  It does not provide you with monitoring of your file with the other two credit reporting agencies, Equifax and Transunion, which makes the monitoring incomplete.  Experian does offer you the additional monitoring for a year, but for a fee that can be as much as $75.

TIPS

The first lesson is that you should never click on links or download attachments unless you are absolutely sure that the links or downloads are legitimate.  Always confirm before you download.  Second, you cannot rely on your anti-malware software to be 100% effective.  Ultimately it is up to you not to download questionable material.  All of that being said, you should make sure that you have anti-malware and anti-virus software on all of your electronic devices and make sure that you keep the software up to date with the latest security patches and updates.

Finally although credit monitoring does offer some benefits, preventing identity theft through pro-active steps such as putting a credit freeze on your credit reports at each of the three major credit reporting agencies is a better way to protect yourself from identity theft in the event your personal information is compromised.  You can find how to put a credit freeze on your credit report by going to the section on “credit freezes” on the right hand side of this page.

 

Scam of the day – November 28, 2013 – Dangerous electronic greeting cards

Happy Thanksgiving to everyone.  I hope your day is a good one free of scams and identity theft.  Electronic greeting cards have become very popular and with good reason.  Even if you don’t remember a birthday or delay sending a holiday card until the last minute, you can send an electronic greeting card, often for free, and have it delivered immediately.  Many electronic greeting cards are quite inventive with videos and music, as well.  But, unfortunately, you can always count on scam artists and identity thieves to try to spoil anything and electronic greeting cards are no exception.  The scam starts when you get a phony electronic greeting card that requires you to click on a link to read the card.  If you click on one of these phony greeting cards, you will end up downloading a keystroke logging malware program that will steal all of the information from your computer and end up with you becoming a victim of identity theft.

TIPS

One of the first things to notice is who is indicated as the person sending the card.  If it states that the card is being sent by “a friend” or “an admirer,” you can be pretty sure that it is a phony card.  However, even if the card uses the name of someone you know, it still is risky to open the card without confirming with an email or a phone call that your friend actually did send you the card.  It is also important to keep your security software including anti-virus software and anti-malware software installed and up to date at all times.

Scam of the day – November 25, 2013 – Smartphone banking scam

Many of us use our smartphones for so many more tasks then merely speaking on the phone.  Smartphones have become the fast and convenient way for 300 million people to do their banking.  They also have become the fast and convenient way for scam artists and identity thieves to steal the money from your bank account by planting (with your assistance) malware on your smartphone that not only can read all of the information on your smartphone including your banking passwords and other personal information, but can even change the way your bank account balances appear to you on your smartphone so you are not aware that your account has been stolen by an identity thief.

TIPS

The primary way that identity thieves and scammers install the necessary malware to get access to your bank account and steal your money is by luring you into unwittingly downloading the malware that gives them control over and access to the information in your smartphone.  Most often they do this by a technique called phishing which I have described many times previously in Scamicide.  Phishing occurs when you are lured into clicking on a link or downloading an attachment that appears to be legitimate, but in fact is riddled with malware.  The malware is contained in the link or download material that is often contained in an email that appears to be from a company with which you do business or a trusted friend when in fact, the email is from an identity thief.  It is for this reason that I am constantly warning you not to click on links or download attachments unless you are absolutely sure that they are legitimate.  Just because it appears to come from a friend of yours does not make it legitimate.  His or her email could have been hacked making it appear that the communication and the link are legitimate when they are not.  This technique is called spear phishing.  That is why I always tell you to confirm that the email is legitimate regardless of how good it looks before you download anything or click on a link.

In addition, you should make sure that your smartphone as well as all of your electronic devices are protected with the latest anti-virus and anti-malware software and that you keep these security programs constantly updated with the latest security patches and updates.  In addition, you may even want to consider having a separate smartphone for online banking and other financial transactions on which smartphone you do not do any text messaging or emails in order to avoid falling prey to phishing.