Scam of the day – March 12, 2017 – Massive credit card identity theft fraud ring busted

Earlier this week law enforcement officials in Queens, New York arrested thirty people accused of operating a credit card identity theft fraud ring in which they are accused of using the fraudulent credit cards to purchase more than 3.5 million dollars of costly electronics and fashion merchandise that would then be sold and turned into cash.  The indictments name Muhammad Rana and Inderjeet Singh as the kingpins of the scam.

The  primary manner by which they are accused of accomplishing the fraud was through identity theft of personal information of their victims that was then used to set up new credit card accounts.  Particularly in the last year since the implementation of EMV chip credit cards, new account fraud, as indicated by research company Javelin in its 2016 Identity Fraud study, has increased 113% over the previous year.

In this case, the Queens District Attorney is alleging that the criminals obtained the personal information of their victims necessary to establish new accounts  such as their names, dates of birth, current and past addresses, Social Security numbers, bank account information and credit information from one of their co-conspirators who worked at a car dealership where he had access to this information provided by potential car buyers.

TIPS

You are only as secure as the places that have your personal information with the weakest security.  Whenever you provide personal information to any entity, you should inquire as to who has access to this information, how it is stored, how it is protected and the policy for deleting such information when it is no longer needed.

In addition, you should regularly monitor your credit reports to identify incidents of identity theft as early as possible.

Scam of the day – August 28, 2016 – Russian hacker convicted of massive credit card theft

Two years ago, I first told you about the arrest of Russian hacker Roman Seleznev who this week was convicted of hacking into small businesses accross the United States including many pizza parlors, stealing credit card information and selling it on the Dark Web to other cybercriminals.  He even had a website in which he instructed would-be cyberciminals about how to use the stolen credit cards.   Seleznev has been incarcerated while awaiting trial for two years and faces a sentence of up to forty years in prison.

TIPS

What does this conviction mean to you and me?  It is more of a reminder of how large the problem is.  Hacking into retailers at point of sale terminals in stores has become a relatively easy task to accomplish and not only is it easy to accomplish, it does not even have to be done at the store.  It can be done totally over the Internet by hackers anywhere in the world.   Although the EMV smart card chip technology mandated for retailers and credit card companies in October of 2015 prevents attacks such as those of Seleznev from being effective, many retailers have still chosen not to comply with the regulations which are trade group regulations and not a government mandate.  Therefore, the most prudent thing for you to do when shopping at a company that does not use your EMV chip card is to first, refrain from using your debit card for retail purchases so that your bank account is not at risk in a hacking attack  It is important to remember that the rules protecting you from liability for fraudulent use of a debit card are not as strong as those that protect you from liability for fraudulent use of your credit card  You also should monitor your credit card’s use regularly to discover any fraudulent use as early as possible.

This story is also a good example that the risk of data breaches is a risk to small businesses as well as large businesses.  Often small businesses are targeted by hackers as the low hanging fruit because they have not taken proper security steps.

Scam of the day – April 30, 2016 – Class action against P.F. Chang’s restaurant chain continues

In June of 2014 I first reported to you about a data breach at P.F. Chang’s China Bistro a major restaurant chain.  A large number of credit cards and debit cards used at P.F.Chang’s restaurants  between March 2014 and May 19, 2014 were compromised.   A class action was filed by John Lewert and Lucas Kosner in 2014 on behalf of themselves and other similarly situated victims of the data breach.  P.F.Chang was initially successful in having the lawsuit dismissed on the ground that Lewert and Kosner had not personally suffered any harm at this time due to the data breach.  However, recently, the Seventh Circuit Court of Appeals revived the lawsuit, ruling in favor of the plaintiffs and allowing the case to proceed because, the court determined, the plaintiffs and others whose data was stolen faced the “concrete” possibility of becoming a future victim of identity theft.

If you were a customer of P.F. Chang’s affected by the data breach, here is a link to the website of the law firms handling the class action to which you can go for more information.  http://www.siprut.com/ and http://www.litedepalma.com/

TIPS

So what does this mean to you?  As I have cautioned you many times, you should not use your debit card for anything other than an ATM card.  Using it for retail purchases potentially puts your entire bank account tied to the card in jeopardy.  By using a credit card, your liability is limited to no more than $50 for fraudulent charges and many companies do not even charge you anything for fraudulent charges.  Everyone should monitor their credit card statements carefully each month to make sure that no fraudulent charges appear and if they do, you should contact your credit card company to have those charges removed immediately and to get a new credit card.

Scam of the day – April 12, 2016 – Progress of switch to smart chip credit cards

Many of you may remember that the apparent deadline for credit card companies to issue new EMV chip credit cards to replace the old style magnetic strip credit cards and for merchants to install new card processing equipment to handle those transactions was October 1, 2015, yet here we are in April of 2016 and according to a recent study by CardHub only 33% of retailers have upgraded at least 90% of their payment terminals.  In addition 30% of American consumers still have not been issued an EMV chip card.  There are many reasons for this failure of both credit card companies and merchants to adhere to the new regulations pertaining to EMV cards, but most prominent is that the deadline date of October 1, 2015 was not a date by which credit card companies and merchants were required to create and use the EMV cards respectively, but rather a date, after which, the credit card companies and merchants failing to create and use the new EMV cards would merely have greater risk of liability in the event of credit card fraud.

EMV stands for Europay, MasterCard and Visa, the companies that created the credit cards with a computer chip that generate a unique, randomly generated token for each transaction thus making the kind of massive data breaches and credit card fraud that we saw in the Target data breach in 2013 all but impossible to achieve.  The rest of the world has been using EMV cards for many years, but the United States, until recently continued to use the old technology of credit cards with magnetic strips on the back that contained account information that was extremely vulnerable to theft through skimmers on processing equipment or data breaches at merchants.

TIPS

The EMV card is not a panacea by any means to protect us from credit card fraud.  The EMV card offers no protection from online credit card fraud where the chip is not used.  In addition, the EMV cards in the United States generally are tied to a signature for verification rather than the more secure use of a PIN which is what the rest of the world does to authenticate use of the card. However, the EMV card still represents a major step forward in the battle against credit card fraud in the United States.  If you do not have an EMV card yet, you should demand one from your credit card company.  You should also encourage the merchants with which you do business to switch over their processing equipment to the new EMV equipment.

Scam of the day – January 31, 2016 – Amazon customer service exploited by identity thief

Amazon customer, Eric Springer was understandably concerned when he got an email from Amazon customer service thanking him for contacting them because Springer had not contacted Amazon customer service.  Unfortunately, an identity thief posing as Springer contacted Amazon for an online chat and merely by providing Springer’s name, email address and verification through a street address of Springer that he had used with Amazon was able to convince the Amazon employee to provide Springer’s real home address and phone number.   The identity thief did not even have to log in to Springer’s account in order to access the customer service representative thereby negating the protections provided by Springer’s password.  The identity thief took the information provided by the customer service representative and was able to parlay it into more information which he then used to trick Springer’s bank into issuing the identity thief a new credit card in Springer’s name.  This is not an isolated incident and it happens at more places than just Amazon.  We all are potential victims of identity thieves who troll for personal information from wherever they can get it and then use that information to make us victims of identity theft.

TIPS

The less information that you share anywhere, the safer you will be.  This even means limiting the places, particularly social media, where you provide your phone number or home address.  If you can use different addresses for different accounts, it is a good thing to do.  Having multiple email accounts can also be a good idea.    Making your shipping address and home address different can also make it a little more difficult for an identity thief.  Finally, make sure that all of the places with which you have financial dealings, such as your bank, credit card company and even retailers, such as Amazon will notify you if unusual transactions occur or changes are made to your account in order to alert you as soon as possible when problems do occur.

Scam of the day – January 16, 2016 – Turkish hacker sentenced to 334 years in prison

While American judges struggle with finding proper sentences for cybercriminals, Turkish judges don’t appear to be having the doubts that American judges in some instances do.  In the United States, the federal Computer Fraud and Abuse Act (CFAA) provides for a maximum sentence of ten years for a first offender and 20 years for repeat offenders, however there are a number of factors that judges are required to consider that could reduce the length of the sentence.  Recently Deniss Calovskis, who was involved in a major computer attack had his sentence set at the mere 21 months he had already served prior to his trial.  Meanwhile in Turkey, Onur Kopcak, who had already been serving 199 sentence for computer crimes which he had been convicted of in 2013, was sentenced to an additional 135 years in prison for hacking the credit card information of 11 people and selling the information to other criminals.

TIPS

One of the reasons for the proliferation of cybercrimes has been that the sentences for major cybercriminals have not been sufficiently harsh to serve as a disincentive to criminals from committing these crimes.  Obviously this is not the case in Turkey.  Other reasons for the dramatic increase in scams and cybercrimes in recent years include the ease with which they can be accomplished from anywhere in the world and the difficulty in apprehending the criminals.  Meanwhile, when it comes to protecting yourself from scams, cybercrimes and identity theft, the best place to look for a helping hand is at the end of your own arm and one of the best ways to do this is by following the basic steps regularly provided here on Scamicide.

Scam of the day – November 24, 2015 – Woman pleads guilty to data breach at Michaels

Some of you may remember the 2011 data breach at Michaels, a national chain of craft stores in which 94,000 debit and credit card numbers were stolen along with the PINs for the debit cards.  Recently, Crystal Banuelos, the apparent mastermind of the scam, pleaded guilty to charges of conspiracy to commit bank fraud and aggravated identity theft.  Sentencing is scheduled for February 23, 2016 in the Federal District Court for New Jersey.  Unlike the notorious data breaches at Target and Home Depot, in this case, Banuelos and her co-conspirators physically went into 80 Michaels’ stores around the country posing as service technicians and swapped out legitimate card processing equipment for machines controlled by them that would capture the credit card and debit card information along with the PINs used with the debit cards and transmit that information electronically to Banuelos, who then used that information to create counterfeit debit cards which they used with the stolen PINs to steal $420,000 from their victims’ accounts through ATMs.

TIPS

While PINs are encrypted in a fashion that makes it all but impossible for hackers of legitimate card processing equipment to capture PINs, the use of their own equipment enabled Banuelos and her cohorts to harvest PINs as well as credit and debit card information.  However, the new EMV chip card processing devices will not be as easily manipulated to steal this information in the future.  Again the lesson for consumers is that you are only as safe as the places with which you do business that have the weakest security so it is important to regularly check your bank account and credit card accounts for evidence of any fraudulent use and report that use as soon as possible.  It is also important to refrain from using your debit card for retail purchases because if your information is compromised, your rights under consumer protection laws are not as strong as if your credit card information is compromised

Scam of the day – April 12, 2015 – Bank telephone scam

The rumor that the first words spoken on the telephone by Alexander Graham Bell were “Watson, come here, I want to see you, and, oh, yes, what is your credit card number” turns out not to be true, although it probably didn’t take long for the telephone to become a tool of choice for scammers and identity thieves.  The latest telephone scam that is popping up around the country begins when you receive a recorded call that purports to be from your bank informing you that your credit card or debit card been frozen.  In order to unlock your account, you are instructed to press “1” on your phone to unlock your account.  Once you press “1” you are instructed to enter your credit or debit card number.  If you do this, you will have succeeded in turning over your credit card or debit card to an identity thief.  Making this scam even more insidious is that in some instances, if you have Caller ID, it will indicate that the call is from your bank.  However, this automated call is never from your bank, it only appears to be so due to a technique called “spoofing.”

TIPS

It is easy to know when you receive a recorded call from your bank regarding your credit card or debit card if it is legitimate.  If you receive such a call, it is a scam because no bank will contact you in this fashion.  In addition, you should never provide your personal information over the phone to anyone whom you have not independently contacted in order to be sure that you are not providing that information to a scam artist or identity thief.  If you receive such a call and have any concern that it might be legitimate, merely call your bank at a number that you know is accurate to confirm that the call was a scam.

Scam of the day – March 6, 2015 – Security problems with Apple Pay

In the wake the massive data breaches in recent years from Target, Home Depot and others in which credit card numbers of millions of consumers were stolen, many people were very enthusiastic about the launch of Apple Pay in October of 2014.  Apple Pay was represented to be a safer and simpler way to make credit card purchases and it is.   The Apple Pay system permits you to tie your credit card to your iPhone and make payments using your phone and a fingerprint activated payment mechanism.   But nothing is fool proof and we should never underestimate the power of a fool or a hacker.  Lately, there have been increased reports of credit card fraud involving credit cards that are used through the Apple Pay system.  What is occurring is that identity thieves are stealing credit card information and then connecting those stolen credit cards to the identity thieves’ own phones.  They then use the cards through the Apple Pay system to purchase expensive goods that they can then sell for cash.  Ironically, much of the fraudulent credit card use is going on at Apple stores.

The flaw is in the process by which a credit card is tied to the Apple Pay system.  Credit cards are added to Apple Pay when the credit card issuing bank electronically sends to the customer’s smartphone an encrypted version of the credit card.  The bank does this only after confirming that the person requesting their card be added to their phone is the legitimate card owner and this is where the problem is found.  Some banks are merely approving the request to add a credit card to a particular phone without confirming the identity of the person making the request while other banks require that the customer confirm his or her identity merely by providing the final four digits of the customer’s Social Security number.  Identity thieves who are able to obtain both the Social Security number and credit card number of their victims, which is not particularly difficult in many instances, are then able to get the stolen cards tied to the identity thief’s phone and the fraud begins.

TIPS

There is not much that we as consumers can do to totally stop this kind of fraud, but there definitely are steps you can take to reduce your chances of becoming a victim of this type of fraud.  First and foremost, we should all do our best to protect the physical security of our credit cards.  You should also not leave your credit card on record when shopping online at a store which you regularly frequent because this makes you susceptible to identity theft in the event of a data breach at that vendor.  In addition, you should limit, as much as possible, the places that have your Social Security number because you are only as secure as the places with the worst security that hold your personal information.  Many companies still ask for your Social Security number as an identifier and you should refuse to provide this whenever possible.  Finally, if you are going to use Apple Pay, you should confirm with your card issuing bank that they use strong verification procedures when authorizing your cards use through Apple Pay.

Scam of the day – October 30, 2014 – Gallup poll shows hacking of retail stores is the crime most feared

A recent Gallup poll shows that the hacking of retail stores and the resulting theft of credit and debit card information is the crime that is feared most by Americans – and with good reason.  Identity theft, including the fraudulent use of credit cards by identity stealing hackers accounts for more dollars lost than all other property crimes combined.  Soon we will be heading into the holiday shopping season when credit card shopping both at brick and mortar stores and online will dramatically increase as will the attempts by hackers to steal credit card and debit card information so it is particularly important for everyone to be vigilant when using their credit and debit cards.  The bad news is that there is nothing that we, as individuals can do to reduce the chances of a major data breach at large and small retailers with which we do business, however, the good news is that there is a lot we can do to minimize our exposure.

TIPS

First and foremost, do not use your debit card for any purchases.  Limit its use to ATMs.  The consumer protection laws regarding fraudulent debit card use are not as strong as the laws pertaining to fraudulent use of credit cards.  Potentially, you could lose the entire bank account tied to your debit card if you are not carefully monitoring its use.  In addition, even if you do notify your bank immediately upon promptly noticing fraudulent use of your debit card, your access to your bank account will be frozen while your bank investigates the crime.

Also, when shopping in brick and mortar stores, you may wish to patronize those stores, such as Wall Mart which are ahead of the pack when it comes to transitioning from the old magnetic strip credit cards to the new smart cards with computer chips that would eliminate the risk of your credit card number being captured by a hacker and used for fraudulent purchases.  You also may wish to consider using the new Apple iPay system which also provides greater protection from hackers.

When shopping on line, limit your shopping to the websites of stores that you know are legitimate and make sure that your communications with the website including the providing of your credit card number is encrypted. You can confirm this by looking at the website address and making sure that it begins with “https” rather than merely “http.”  It is important to note that even if you are using a smart card with a computer chip you are not protected from hackers when shopping online because in this instance you are not generating a new number each time you shop.

As we get closer to the holiday season, I will providing you with more tips to avoid holiday scams and identity theft schemes.