Scam of the day – November 3, 2016 – Infidelity blackmail scam

Police in Philadelphia are warning people about an email presently circulating threatening to expose the person receiving the email as having cheated on his wife unless a ransom of $2,000 is paid through bitcoins.  The email reads in part, “Let’s cut to the chase.  I know you cheated on your wife.  More importantly, I have evidence of the infidelity.  I am going give you two options.  Either ignore this letter or pay me $2,000…”  The emails come directed to the intended blackmail victim by name, however, due to the huge number of these emails presently being sent, it is likely that the scammer is bluffing and does not have evidence of infidelity.  Police are advising people receiving these emails not to pay the demanded extortion money.

The scammers may believe that many married people are unfaithful and are therefore casting a wide net with their extorting emails hoping to find a significant number of cheating spouses willing to pay the amount demanded, however, studies have concluded that the actual number of people having affairs is only about 13%.

TIPS

Paying money to an extortionist is never a good policy because even in the best of circumstances you can never be sure that the extortionist will follow through with his or her share of the bargain.  Obviously, in this particular scam, people who have not cheated on their spouses have nothing to worry about, however, giving in to the demands of an extortionist without any proof that the extortionist has the evidence he or she claims is not advisable.

Scam of the day – June 28, 2015 – FBI issues new alert about Ransomware

I have been reporting about Ransomware to you since 2012.  Ransomware is the name for a type of malware that when downloaded on to your computer encrypts your data and restricts your ability to access your data.  The hacker who infected your computer will have a notice appear on your computer informing you that your data has been locked away and that unless you pay a ransom, usually in untraceable Bitcoins, your data will be destroyed.  Earlier this week the FBI’s Internet Crime Complaint Center issued a new warning about a worldwide increase in the use of Ransomware including the newest variation of Ransomware malware identified as CryptoWall.   Hackers are targeting individual computer users, police department, accounting firms and businesses with Ransomware.  In many instances, after the ransom is paid, an encryption key is provided by the hacker that enables the victim to unlock the data, however in some instances, the hackers never unlock the data.  As with all malware, a key question is how does it become downloaded on to the victim’s computer and the answer is that the malware is downloaded by unwary computer users who click on infected links in emails or click on infected popups or advertisements.

TIPS

Of course, it is of critical importance to use a good firewall and not only install anti-virus and anti-malware software programs, but to keep these programs updated with the latest security updates and patches.  However, the latest incarnations of most malware is generally at least thirty days ahead of the security software companies so you can never rely on your security software and your firewall to keep you totally safe.  Trust me, you can’t trust anyone.  Don’t click on links in emails regardless of how legitimate they may appear until you have confirmed that they are indeed legitimate.  Enable popup blockers to keep these from appearing on your screen.  Finally, no system of malware prevention is 100% effective so it is critical to backup all of your data offline in order to eliminate the danger of Ransomware.

Scam of the day – April 8, 2015 – Tewksbury Police Department pays ransom to retrieve files

The Tewksbury, Massachusetts Police Department became the latest in a long list of police departments that became a victim of ransomware, the malware that, generally through phishing, manages to become downloaded on to the department’s computers that locks and encrypts the victim’s files making them unusable.  In this particular case, the Tewksbury Police Department’s arrest and incident records were locked and a message appeared that read, “Your personal files are encrypted.  File decryption costs – $500.”  The particular type of ransomware used in this case has been called KEYHolder and despite the efforts of federal and state law enforcement agencies as well as two computer security companies, the data could not be retrieved.  Ultimately, the Tewksbury Police Department paid the five hundred dollar ransom electronically in bitcoins as demanded, making it pretty much impossible to trace.

In recent years, particularly since the development of CryptoLocker, one of the early ransomware malware programs, ransoming of computer data has brought criminals as much as 28 million dollars in ransom payments.  Many government agencies and police departments have been targeted along with the computers of ordinary citizens.  No one is safe.  The Colinsville, Alabama Police Department became a victim of ransomware last summer, refused to pay the ransom and lost their infected database of mugshots.  The Durham, New Hampshire Police Department also refused to pay a ransomware, but wisely had backed up its information so it lost nothing of value.  Other police departments, companies, government agencies and individuals have not been so fortunate, however and have either paid the ransom or lost their data in many instances.  Depending on the sophistication of the malware used, sometimes the ransomware can be defeated, but often it cannot.

TIPS

Certainly you want to always keep your anti-virus and anti-malware software up to date on all of your electronic devices, however, you can never be fully confident that this will keep you safe because the latest viruses and malware are always at least a month ahead of the software security updates created to deal with these issues.  Since generally the ransomware is downloaded on to the victim’s computer by clicking on a link in an email, it is critical that you not click on links in emails unless you are absolutely sure that the link is legitimate.  Finally, it is very important to back up all of your data independently every day so that even in a worst case scenario, you will not need to give into the demands of extortionists.

Scam of the day – January 8, 2015 – Hackers steal 5 million dollars worth of Bitcoins

Earlier this week, the British Company Bitstamp was forced to suspend its operation following a hacking of the company in which five million dollars worth of Bitcoins, the electronic currency, was stolen.  Hacking is not unusual in the world of Bitcoin exchanges.  In February of 2014, Mt. Gox, then the largest Bitcoin exchange went out of business following a massive hack resulting in the theft of 437 million dollars worth of Bitcoins.  It should be noted, however, that the amount of Bitcoins stolen in this hacking represents only a small amount of the Bitcoins held by Bitstamp which wisely locks most of their Bitcoins in computers that are not connected to the Internet and therefore not susceptible to hacking.  This is the type of security that companies such as Sony should be doing when trying to protect some of their digital assets and data.

TIPS

Bitstamp has indicated that it is shutting down only temporarily as a security precaution, however, they warned Bitstamp customers not to make deposits to previously issued deposit addresses.  Although Bitcoins continue to grow in acceptance and use, it is important for people using this form of digital currency to be sure that the companies with which they do business in this regard are providing heightened security.

Scam of the day – October 18, 2014 – Was Dropbox hacked?

Dropbox is a popular service that enables you to store photos, documents and other information in the cloud.  Hackers are claiming that they stole close to 7 million Dropbox usernames and passwords and have posted some of these on Black market websites offering to post more in exchange for bitcoins, the untraceable digital currency.  According to Dropbox, however, the company has not been hacked.   Dropbox says that because people often use the same username and password for multiple accounts, that information was stolen from other, less secure companies and attempted to be used on Dropbox.  According to a Dropbox spokesman, “These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts.  We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now.  All other remaining passwords have been expired as well.”

TIPS

This is another example of why it is a good practice to have separate distinct passwords and usernames for all of your accounts so that if one company where you have your information is hacked, your other accounts are not endangered.  In addition, as always, if the company with which you are dealing provides for dual factor identification, you should take advantage of this to provide added security so that you would not be in danger of having your account taken over even if someone managed to get your username and password.  Dropbox provides for dual factor identification.  If you use Dropbox and haven’t yet added dual factor identification, here is a link to enable you to set it up for your account. https://blog.dropbox.com/2014/10/have-you-enabled-two-step-verification/

Scam of the day – August 11, 2014 – Identity thief sentenced – what it means to you

Recently, Turkish citizen Alper Erdogan was sentenced to more than nine years in prison and ordered to pay more than a million dollars in restitution after being convicted of aggravated identity theft, conspiracy to commit computer hacking and conspiracy to commit credit card fraud.  Erdogan did not do the actual hacking, but did sell the credit card numbers to other identity thieves.  Often the people who do the hacking of major companies such as Target do not use the stolen credit card numbers themselves, but rather sell them through the Internet to other identity thieves on black market websites.  One such website is called McDumpals, which humorously has a McDonald’s restaurant theme and shows a caricature of Ronald McDonald pointing a gun at the viewer of the screen next to the words “I’m swipin it”   Often payment on these illegal websites is made by bitcoins so that the payments cannot be traced.

TIPS

One good element of this case is the international cooperation involved in the investigation and prosecution of Erdogan who was extradited by the Republic of Georgia to stand trial in the United States, although it should be noted that it did take almost two years after Erdogan was indicted in Florida for the extradition to occur.  The bigger lesson is that once again, people became victims of identity theft because the United States still is lagging behind the rest of the world in issuing and using smart credit cards with computer chips that create a new number each time the card is used.  The United States largely continues to use outdated magnetic strip credit card technology that is extremely susceptible to identity theft.  It is not expected that retailers and others who process credit cards will switch over to the smart cards until October of 2015 when new regulations will prompt the switch.  In addition, it is important to remember that you are only as safe as the places with the weakest security that hold your personal information, such as a credit card so, don’t leave your credit card on record with an online retailer for convenience sake and monitor your credit card usage regularly so you can report any fraudulent charges as soon as possible in order to avoid problems.