Posts Tagged: ‘botnet’

Scam of the day – March 14, 2014 – New Citibank email scam

March 14, 2014 Posted by Steven Weisman, Esq.

Today’s Scam of the day comes from my own email.  Citibank is a popular bank with more than 200 million customers throughout the world, therefore identity thieves can feel pretty confident that when they send out an email blast that many of the people receiving the email will, in fact, be Citibank customers.  This particular scam email follows a familiar pattern.   It presents what would be a reasonable reason for responding by clicking on the link; in this case it is to add security features to your account to help prevent the very types of identity theft that this scam is actually attempting to perpetrate.  It looks pretty official and the message doesn’t even have grammatical or spelling errors.  However it is a total scam.  If you click on the link in these types of scams one of two things will happen.  Either you will be sent to a phony but official looking website where you will be prompted to provide personal information that will end up being used to make you a victim of identity theft or merely by clicking on the link, you will download keystroke logging malware programs that will steal the information from your computer or other device and use that information to make you a victim of identity theft.  This identity theft tactic is called phishing.

Here is the email that I received.  DO NOT CLICK ON THE LINK.

“Dear Esteemed Customer,
We have added extra security to your Citi account to prevent identity   theft on your account.To secure your Citi account, click the link below:
Note: You need to login using your email address and password to access   before you can access the secured Citi network.
Best regards,   Citi Customer Service”


Regardless of how official an email or a text message may appear, you should never click on any links or download any attachments unless you are absolutely sure that it is legitimate.  In the case of this particular email, it was sent from an address that was not an email address of Citibank which was a sure indication that it was a scam.  Rather, it was sent from a computer address hacked into a botnet of compromised computers so that the identity thieves can send out phony emails that are difficult to trace back to the criminals.  However, even an email originating from a legitimate looking email address, can be merely a phony email.  In this particular case, if you have any thought that it might be legitimate, you should call or email Citibank at a telephone number or email address that you know is legitimate to confirm that it is a scam.  Also, make sure that you keep your anti-malware and anti-virus software up to date on all of your electronic devices.


Scam of the day – January 7, 2014 – Latest AOL scam

January 7, 2014 Posted by Steven Weisman, Esq.

Phishing scams often take the form of emails that you receive that appear to be legitimate and require you to click on a link contained in the email for various reasons which also may appear legitimate.  However, in the case of phishing emails, if you click on the link, you will only succeed in doing one of two things, both of which are bad.  In one type of email, you will be taken to another page where you will be prompted to provide personal information which will then be used to make you a victim of identity theft.  The second bad thing that can happen if you click on a link in a phishing email is that by clicking on the link, you will unwittingly download keystroke logging malware that can steal all of the information from your computer, laptop, smartphone, tablet or other device and use that information to make you a victim of identity theft.

Here is a phishing email that is presently being sent that purports to be from America Online (AOL), but it is not.  It is a phishing scam.  DO NOT CLICK ON THE LINK.


Your two incoming mails were placed on pending status due to the recent upgrade to our database,
In order to receive the messages Click here to login and wait for responds from Aol Team.
We apologies for any inconvenience and appreciate your understanding.
Regards, Aol Team.


There are a couple of telltale signs that this is a scam.  People receiving this email do not have their name appear in the salutation and if you click on the details section of your email, you will see that the email did not come from AOL, but instead came from a botnet which is a network of zombie computers taken over by hackers to spread this type of material.  Check the archives of Scamicide or “50 Ways to Protect Your Identity in a Digital Age” for more information about botnets.

In any event, as I have told you many times, even if you think the email is legitimate, you should never click on a link in an email unless you are absolutely sure that it is, in fact, legitimate.  Because you can never be sure who is actually sending you an email, if you are an AOL subscriber who has the slightest thought that this email might be legitimate, call AOL at a customer service number that you know is accurate to confirm that it is merely a scam.

Scam of the day – June 16, 2013 – Ameriprise phishing scam

June 16, 2013 Posted by Steven Weisman, Esq.

Once again, I had to go no further than my own email box to find today’s “scam of the day.”  In my email today was an email that purported to be from Ameriprise, the online brokerage and financial planning company.  As you can see in the email which is reproduced below, I was invited to click on a link to receive a “secured message” about an important matter supposedly affecting my account.  This is a scam.   DO NOT CLICK ON THE LINKS IN THE EMAIL COPIED BELOW.   Phishing is the name for the scam in which you receive an email that appears to be legitimate and attempts to lure you to a tainted website or to download a tainted link.  The email is not from Ameriprise and if you click on the links you will either be taken to a phony Ameriprise website and prompted to provide personal information that will lead to your becoming a victim of identity theft or you will, when you click on the link, unknowingly download a keystroke logging malware program that will steal information from your computer and make you a victim of identity theft.  This particular email is not a very professional attempt, however, to scam me.  The email address from which it came is from a personal aol account and probably not the account of the identity thief, but an account that had been hijacked as a part of a botnet by the identity thief.  For more information about botnets and how they work, you can either check out my book “50 Ways to Protect Your Identity in a Digital Age” or go to the list of topics on the right side of the scamicide opening page and scroll down to the topic of botnets for some cursory information about how they work and how to avoid them.  In addition, the email salutation reads “Dear Customer.”  It does not even use my name.  Finally there is no logo or other appearance that the email is from the real Ameriprise.

“Dear Customer,
There is an important message regarding your account with, please sign in to our secured message center at our website, sign in and view the secured message we have for you, the message will be stored in the secured message center for 48hours after which it will no longer be available. We bring you messages like this to bring to your attention to updates, to protect your account from unauthorized usage and secure your account anytime we notice usual activities in your account. so please take a few minutes to log into your account at and read  the messages .
Thank you.”


Never click on links unless you are absolutely sure that they are legitimate.  Unfortunately, anytime you receive an email with a link, you cannot trust it because even if it is from someone whom you trust, their email account may have been hacked and the email is actually being sent by an identity thief posing as a friend or a company with which you do business.  The best course of action if you think the email may be legitimate is to call the real person or company to confirm whether or not the email is legitimate.  Also, make sure that your security software and anti-malware software are installed and kept up to date on all of your electronic devices.

If you receive any phishing emails, please send copies of them to me and we will feature them in Scamicide to warn others.  Remember, we are all in this together.

Scam of the day – May 10, 2013 – Hackers attack on banks and credit unions fails – this time

May 10, 2013 Posted by Steven Weisman, Esq.

The hacking group Anonymous had reportedly targeted 130 banks and credit unions for a disruptive Distributed Denial of Service  (DDoS) attack on Tuesday, May 7th, but the attack failed to substantially materialize.  In a DDoS attack, large numbers of computers, remotely controlled by hackers as a BotNet, flood the websites of particular businesses or governmental agencies and shut them down because the websites are unable to handle the huge number of hits on the website.  Tuesday’s attack pretty much failed to materialize.  Although approximately 600 sites were shut down, few of these were inside the United States and if such an attack was indeed made against American governmental agencies, banks and credit unions, the attack was successfully defended.  But this is not to say that business and government have found a way to stop hacking into their computers.  In fact, the attack may not have occurred at all.  It may have merely been a subterfuge to see what the response would be by governmental agencies and businesses.  Additionally, although DDoS attacks are a nuisance, they are rarely more than that, however, larger more insidious attacks may occur while efforts are being focused against repelling the DDoS attack.


Large and small businesses are and will continue to be targets for hackers.  If you operate such a business you must take necessary security steps to protect your business from hackers.  As for we, the public, we should do what we can to protect ourselves.  Limit the information available about you at companies with which you do business so if they are hacked, you are not in danger of having your personal information used to make you a victim of identity theft.  Also make sure that you have backup records for all financial dealings and accounts that you have with companies with which you do business so that if an attack either accesses your account or deletes data, you have records that show what you have.  For more information about how to protect yourself, I urge you to consider purchasing my book “50 Ways to Protect Your Identity in a Digital Age” which you can get from Amazon at a reduced price merely by clicking on the link of the book on the right hand side of the front page of Scamicide.

Scam of the day – May 1, 2013 – Denial of Service attacks

May 1, 2013 Posted by Steven Weisman, Esq.

Distributed Denial of Service (DDos) is the name for a tactic that has increasingly been used by hackers against major financial institutions.  Most recently, online broker Charles Schwab & Co. was disabled and inaccessible by its customers for more than an hour because of such an attack.  Earlier in April, American Express and Wells Fargo were victims of such an attack and, in a major attack a few months ago, the websites of JP Morgan Chase, Bank of America, Citibank and Sun Trust all were temporarily shut down due to a DDoS attack.  A DDos attack is accomplished when a website is flooded with nuisance requests from tens of thousands of computers all being controlled by a single controlling computer.  This network of computer is called a BotNet.  Regular readers of Scamicide are familiar with the term BotNet which has also been called Zombie computers and refers to a network of infected computers that are infected by hackers and then controlled by the hackers to send out their viruses and other malware.  The attacked websites are not able to handle the huge volume of computer hits, which results in the affected website being closed down.  It is thought that many, if not all of these recent DDoS attacks have originated from the same hackers in Eastern Europe and there is concern that this is just the beginning of major computer attacks against American financial institutions.


So what does this mean to you?  Although both the government and the private sector are working hard to defend DDoS attacks and, in fact, are making progress in doing so,it can be expected that these and even more sophisticated attacks will be coming against our financial institutions including banks and brokerage houses in which you have money and investments.  You can’t just put your head in the sand, but you can prepare yourself for such attacks.  Make sure that you have backup records of your financial accounts on computer discs rather than just on your hard drive which can be accessed or even destroyed by hackers.  You also can use USB  flash drives and external hard drives.  You can also store information in the cloud, but that brings a range of different security issues.  You also may wish to keep readily accessible paper records of your accounts, but make sure that you keep them secure in your home.  Even friends and family members have been known to steal such documents for identity theft purposes.  Finally, you may wish to inquire of all companies with which you do business as to how they maintain both the security of their records from attack and their online presence.

Scam of the day – March 15, 2013 – Important Adobe Flash Player Updates

March 14, 2013 Posted by Steven Weisman, Esq.

Adobe, which makes the flash Player used by many of us on our computers and portable devices has just issued new security updates to correct vulnerabilities that could be exploited by hackers to install malware on your computer or portable device that would enable the hacker to steal all of the information from your computer as well as control your computer and make it part of a botnet, a network of computers taken over by hackers that use your computer to spread malware.  It is important to install these latest software security updates as soon as possible.  As I have often said, hackers are constantly working to detect and exploit security flaws in the software we use.  Software developers are working just as hard to plug up vulnerabilities as they are discovered.  Therefore it is critical to your personal security to install updates as soon as they are available.


Here is a link to the security bulletin of Adobe which will provide you with all the assistance you need to download the proper security update for your particular computer or portable device.

Scam of the day – February 7, 2013 – Bamital botnet

February 7, 2013 Posted by Steven Weisman, Esq.

Yesterday, Microsoft announced that in a joint effort with federal authorities it had stopped a botnet affecting more than 300,000 computers around the world.  As regular readers of this blog know, a botnet is a network of computers remotely operated by hackers.  After infecting the computers with malware that often is unwittingly downloaded by the computer user through clicking on infected links or tainted attachments, the hackers creating the botnet use the infected computers to spread their malware for purposes of identity theft or other scams while setting up a barrier to their being discovered.  This particular botnet which appears to have come from Eastern Europe, as many botnets do, has been called the Bamital botnet.  Those computers infected by the botnet were temporarily shut down from being able to use the Internet.


If your computer was part of the Bamital botnet, you would have been temporarily unable to search the Internet.  Then you would be directed to a website that would provide you with instruction as to how to clear your computer of offending malware so that you could again use the Internet safely.  Care should always be taken when clicking on links or downloading attachments to avoid becoming part of a botnet or to avoid downloading malware such as keystroke logging programs targeting your computer that can steal the information from your computer and make you a victm of identity theft.  A sign that your computer may be infected is that it is unusually slow or you receive emails that respond to emails that you did not send.  My recommendation if you find that you were a victim of this botnet or any botnet is to have a professional clear your computer of offending malware rather than do it yourself unless you are a sophisticated computer user.