Scam of the day – August 25, 2016 – Another Chase phishing email

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work.  Reproduced below is a copy of a new phishing email that is presently circulating that appears to come from Chase bank.  DO NOT CLICK ON THE LINK.  Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond.  As phishing emails go, this one is pretty good.  It looks legitimate.  However, the email address from which it was sent is that of an individual totally unrelated to Chase and is most likely the address of an email account of someone whose email account was hacked and made a part of a botnet of computers used by scammers to send out phishing emails.   The grammar and spelling is good, but as so often is the case, the email is not directed to you by name and does not contain your account number in the email.  It carries a legitimate looking Chase logo, but that is easy to counterfeit.

Chase logo

Dear Chase OnlineSM Customer,
Please confirm that you or someone authorized to use your account made
the following transaction(s) on your account:

www.Chase.com/validate/account:

Your online account will be fully restored and protected after the verification process.
Thank you for being a valued customer.

Customer Service Center.
JPMorgan Chase & Co ©2016

TIPS

There are a number of indications that this is not a legitimate email from Chase, but instead is a phishing email. Legitimate credit card companies would refer to your specific account number in the email.  They also would not use the generic greeting “Dear Chase  OnlineSM Customer,” but would rather specifically direct the email to you by your name.  As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the customer service number on the back of your credit card where you can confirm that it is a scam, but make sure that you dial the telephone number correctly because scammers have been known to buy phone numbers that are just a digit off of the legitimate numbers for financial companies, such as Chase to trap you if you make a mistake in dialing the real number.

 

Scam of the day – May 20, 2013 – Critical Microsoft updates

As I often tell you, it is critical to keep your software programs updated with the latest security patches.  Identity thieves and scammers are constantly locating and exploiting flaws in the software we all use in an effort to steal from us, make us victims of identity theft or gain control of our computers to make them a part of a bot net of zombie computers that they can use to spread viruses and malware as well as attack companies.  Consequently I regularly report on the latest software security updates for you to download.  Microsoft recently announced new updates for Windows, Internet Explorer, NET Framework, Lync, Microsoft Office and Microsoft Windows Essential.  Since everyone uses at least one of these programs, it is important for you to update your programs.

TIPS

Here is a link you can trust to the official Microsoft updates that you should download as soon as possible:  https://www.us-cert.gov/ncas/alerts/TA13-134A

If you have not already done so, you should consider making future updates automatic.  Links to enable you to do this can be found on the page that I am linking you to above.

Scam of the day – May 1, 2013 – Denial of Service attacks

Distributed Denial of Service (DDos) is the name for a tactic that has increasingly been used by hackers against major financial institutions.  Most recently, online broker Charles Schwab & Co. was disabled and inaccessible by its customers for more than an hour because of such an attack.  Earlier in April, American Express and Wells Fargo were victims of such an attack and, in a major attack a few months ago, the websites of JP Morgan Chase, Bank of America, Citibank and Sun Trust all were temporarily shut down due to a DDoS attack.  A DDos attack is accomplished when a website is flooded with nuisance requests from tens of thousands of computers all being controlled by a single controlling computer.  This network of computer is called a BotNet.  Regular readers of Scamicide are familiar with the term BotNet which has also been called Zombie computers and refers to a network of infected computers that are infected by hackers and then controlled by the hackers to send out their viruses and other malware.  The attacked websites are not able to handle the huge volume of computer hits, which results in the affected website being closed down.  It is thought that many, if not all of these recent DDoS attacks have originated from the same hackers in Eastern Europe and there is concern that this is just the beginning of major computer attacks against American financial institutions.

TIPS

So what does this mean to you?  Although both the government and the private sector are working hard to defend DDoS attacks and, in fact, are making progress in doing so,it can be expected that these and even more sophisticated attacks will be coming against our financial institutions including banks and brokerage houses in which you have money and investments.  You can’t just put your head in the sand, but you can prepare yourself for such attacks.  Make sure that you have backup records of your financial accounts on computer discs rather than just on your hard drive which can be accessed or even destroyed by hackers.  You also can use USB  flash drives and external hard drives.  You can also store information in the cloud, but that brings a range of different security issues.  You also may wish to keep readily accessible paper records of your accounts, but make sure that you keep them secure in your home.  Even friends and family members have been known to steal such documents for identity theft purposes.  Finally, you may wish to inquire of all companies with which you do business as to how they maintain both the security of their records from attack and their online presence.