Posts Tagged: ‘credit freeze’

Scam of the day – August 24, 2015 – Plenty of Fish dating site hacked

August 24, 2015 Posted by Steven Weisman, Esq.

Plenty of Fish ( an online dating website with more than a hundred million members had its website corrupted by hackers who managed to install a keystroke logging malware program known as Tinba that enables the identity thieves to steal credit card and banking information from its victims.  What makes this hacking particularly noteworthy is that the hackers did not hack into the computers of Plenty of Fish to install malware as was done in the recent hacking of Ashley Madison.  Instead, they hacked into the computers of a legitimate advertising company, Improve Digital that distributed online advertisements to Plenty of Fish.  The malware was attached to legitimate online advertisements placed by Improve Digital on the Plenty of Fish website.  And as I always say, “things aren’t as bad as you think, they are worse.”  In this case, it was not even necessary for someone visiting the Plenty of Fish website to click on the infected advertisements to permit the malware to be downloaded on to their computers.  All that was necessary was to merely go to the now infected website to have  your computer, in turn, infected with this dangerous malware.


If you are a user of Plenty of Fish, you should monitor your bank accounts and credit card accounts closely.  You also would be wise, if you already have not done so, to put a credit freeze on your credit report.  You can find information as to how to do this here on Scamicide.  Just go to the archives and enter the words “credit freeze.”  You also should make sure that you are using the latest anti-virus and anti-malware software on your computer and run a scan for any viruses or malware.

Scam of the day – August 11, 2015 – Medical Informatics Engineering class actions filed

August 10, 2015 Posted by Steven Weisman, Esq.

Recently I told you about the hacking and data breach of Medical Informatics Engineering (MIE) and its cloud service NoMoreClipboard.   MIE operates more than 300 medical centers in 38 states.  On May 26th it discovered that it had been hacked since May 7th.  Unfortunately the personal information compromised in the data breach was very significant including names, telephone numbers, mailing addresses, usernames, password security questions and answers, spousal information, email addresses, birth dates, Social Security numbers, health insurance policy information and more all of which puts the victims of the data breach in serious jeopardy of traditional and medical identity theft.  It is estimated that almost four million people had their personal information stolen.  The company started notifying affected victims whose personal information was hacked by traditional mail in June and July.  Now, however, two lawsuits have been filed on behalf of the victims in the Federal District Court in Ft. Wayne Indiana seeking class action status.  Both lawsuits  allege that MIE was negligent in not implementing proper security measures to protect the personal information it collected and stored.


If you are one of the victims of the data breach and want more information about the two class actions, you can contact the law firms, Price Waicukauski & Riley LLC and Cohen & Malad LLP by clicking on the following links respectively and

You can also call MIE’s toll-free hotline at 866-328-1987 for more information.   In addition, you should also carefully monitor all of your financial accounts and check your medical records to make sure that someone has not accessed your health insurance and made you a victim of medical identity theft.  You should also put a credit freeze on your credit report.  You can find out how to put a credit freeze on your credit report by going to the Archives of Scamicide.  Be wary of any emails that you receive purporting to be from MIE because you can expect identity thieves to be sending out these as phishing email posing as MIE seeking to have you provide personal information or click on links containing malware.

Scam of the day – July 24, 2015 – Major identity thief convicted

July 23, 2015 Posted by Steven Weisman, Esq.

Hieu Minh Ngo has pleaded guilty to a number of identity theft related charges in the Federal District Court of New Hampshire and been sentenced to 13 years in prison.  Between 2007 and 2013 Ngo obtained access to as many as 200 million consumer records from large data brokers including Court Ventures, which is 2012 was acquired by Experian, one of the three major credit reporting bureaus.  Ngo was able to access these records by posing as a private investigator.   Putting this number into perspective, it represents 60% of the population of the United States.   He then sold to identity thieves comprehensive packages of consumer data, referred to in the world of identity thieves as “fullz,” made up of individuals’ names, credit card numbers, Social Security numbers, birth dates bank account numbers and bank routing numbers, on black market websites he operated called and  According to the Justice Department, Ngo sold fullz to 1,300 identity thieves, who in turn committed large numbers of identity theft including 65 million dollars in income tax identity theft alone.  Ngo could have been sentenced to 24 years in prison, but through a plea bargain got a reduced sentenced in return for his cooperation in identifying his former identity thief customers.

Now, a class action lawsuit has been filed in the Federal District Court for the Central District of California against Experian alleging it was negligent in failing to protect its consumer data from Ngo.  The class action is seeking to have Experian ordered to notify all affected consumers, provide free credit monitoring services to affected consumers and establish a fund to reimburse those who became victims of identity theft due to Experian’s negligence.  I will keep you informed as further developments in this case occur.


This case is yet another example of how vulnerable we all are to identity theft because we are only as secure as the companies and governmental agencies that have our personal information.  One thing, however, we can all do to protect ourselves is to put a credit freeze on our credit reports at each of the three major credit reporting bureaus, which will prevent access to our personal credit records and the information contained therein.  Go to the Archives section of Scamicide for further information about how to put a credit freeze on your credit reports.

Scam of the day – July 23, 2015 – FTC accuses Lifelock of misleading consumers

July 23, 2015 Posted by Steven Weisman, Esq.

In a recent court filing in the Federal District Court of Arizona, Lifelock, one of the most well known companies offering identity theft protection services has been accused by the Federal Trade Commission (FTC) of failing to live up to a settlement Lifelock made in 2010 with the FTC as well as 35 state attorneys general regarding charges that Lifelock used misleading and deceptive advertising as well as failing to adequately protect the security of the personal data of its customers.  According to the FTC, Lifelock violated the 2010 settlement by failing to maintain a comprehensive information security program to protect its users’ sensitive personal data, including credit card numbers, Social Security numbers and bank account numbers as well as by falsely advertising that it protected consumers’ sensitive data with the same high-level safeguards as financial institutions.  Lifelock has publicly disputed the allegations.


If the charges are proved to be true, this would be very disturbing to Lifelock customers because any company holding such tremendous amounts of personal information would be a prime target of hackers and identity thieves.  It is also important to remember that neither Lifelock nor any of the other identity theft protection services are able to truly protect you from identity theft.  They merely help you take certain steps to reduce your chances of becoming a victim of identity theft and help you monitor your accounts to let you know sooner if you become a victim of identity theft.  In fact, none of the identity theft protection services assist you in putting a credit freeze on your credit report which may be the single best step you can take to protect yourself from identity theft.  You can find instructions for putting a credit freeze on your credit reports here in the Archives of Scamicide.   None of the things that any of these companies do for you are things you cannot do for yourself at less cost.  In fact, although it is obviously self-serving, the cost of my book “Identity Theft Alert” in which I provide you with precise steps you can take to help protect yourself from identity theft is less than a month’s cost of most identity theft protection services.

Scam of the day – July 20, 2015 – UCLA Health System hacked affecting 4.5 million people

July 19, 2015 Posted by Steven Weisman, Esq.

The parade of data breaches at major health care providers continues as I predicted in my USA Today column last December.  Here is a link to that column.

The present data breach is of the UCLA Health System and it may have been going on undetected since September of 2014 until recently being discovered.  The information that may have been compromised is a treasure trove of data for identity thieves.  It included names, Social Security numbers, medical records, ID numbers and addresses on 4.5 million people.  But, as I always say, things aren’t as bad as you think — they are worse.  The stolen data was totally unencrypted making the threat to the people in the UCLA Health Systems computers more serious.

Medical identity theft can not only result in your financial life being threatened.  The mixing of medical records of the victim of the identity theft with the medical records of the identity thief utilizing the medical insurance can potentially be deadly, such as when a person might receive the wrong blood type in a transfusion or a drug to which they may be seriously allergic.  Again, compounding the problem, it can be extremely difficult or even impossible to remove the identity thief’s medical information from the victim’s medical records after the problem has been discovered due to quirks in the medical privacy laws.


If you are one of the people affected by this data breach, UCLA will be notifying you by regular mail and will explain your options.  They will not be notifying people by email or text messages so if you receive such a communication, you should not click on any links contained in the email or text message because they have been sent by an identity thief as a phishing email attempting to lure you into downloading malware by clicking on the link.

Those people affected will be offered free credit monitoring for a year.  They also should monitor their financial and medical insurance accounts carefully for early indications of fraud.  Putting a credit freeze on their credit reports would also be a good step to take.  You can find more information about credit freezes here in the Scamicide archives.

Here is a link to a press release by UCLA which describes the data breach and your options.

Scam of the day – June 5, 2015 – Major data breach at the Office of Personnel Management

June 5, 2015 Posted by Steven Weisman, Esq.

The Office of Personnel Management (OPM) is the federal agency that deals with federal security clearances and federal employee records and as such contains sensitive personal information of millions of Americans who work for or have worked in the past for the federal government.  Late Thursday, it was announced that hackers had managed to steal employee data on at least four million present and former federal employees.  Although the data breach was announced just yesterday, the breach was first found in April and appears to have originated more than a year ago.  This is the third major data breach in the last year of the federal government following successful hacks into the White House and State Department email systems and the Office of Personal Management which was hacked last summer although at that time the files stolen totaled tens of thousands rather than millions.

Last year’s hacking into the OPM’s computers was thought to be the work of Chinese hackers who appeared to be looking for information on people with top security clearances who might be the targets of further identity theft or even extortion by the Chinese government looking for classified information it could use in commerce, foreign affairs or espionage.  Although it is initially been indicated by federal investigators that the latest OPM data breach was done by Chinese hackers, whether the goal is espionage or identity theft for profit is unclear at the present time.  The Social Security numbers and other personal identifying information targeted in this latest hacking would generally be used for identity theft purposes, but when coupled with other personal information could also be used for extortion purposes of federal employees, some of whom are in sensitive positions or even for finding out the profiles of people who get security clearance in the United States and using that information to tailor the appearance of spies to meet those profiles.


The OPM was already in the process of making necessary security changes to prevent this type of hacking by restricting remote access of its computer networks and limiting the Internet accessibility of some information, however, these and other security measures were not fully implemented in time to thwart this massive data breach.

The advice for present and former federal employees is the same as for any victim of a similar data breach.  Check your credit report for free through to see if damage has already been done.  Remember, in this data breach as with most data breaches, the damage has gone on for some time before it is discovered and made public.  Put a credit freeze on your credit report so that someone with your Social Security number will not be able to access your credit report to establish credit in your name.  You may also wish to change user names and passwords for your accounts and make sure that you use unique passwords for every account that you have.  Monitor your bank accounts, investment accounts and credit card accounts for fraudulent use.  You may wish to close accounts and open new ones for extra protection.  Remember, even paranoids have enemies.

Scam of the day – May 13, 2015 – What to do if your email is hacked

May 13, 2015 Posted by Steven Weisman, Esq.

Yesterday I told you about a scam which starts when you receive an email that appears to come from one of your friends, but in actuality is coming from a scammer who has hacked into your friend’s email account is sending out messages that appear to come from your friend touting a product.  We have all received these emails and hopefully, you just immediately delete them after informing your friend that his or her email account has been hacked and scam emails are being sent to everyone on his or her email address list.

But what do you do if you are the person whose email has been hacked?


1. Change your password on your email account. If you use the same password for other accounts, you should change those as well.
2. Change your security question. I often suggest that people use a nonsensical security question because the information could not be guessed or gathered online. For instance, you may want the question to be “What is your favorite color?” with the answer being “seven.”
3. Report the hacking to your email provider.
4. Contact the people on your email list and tell them you have been hacked and not to click on links in emails that appear to come from you. 5.  Scan your computer thoroughly with an up to date anti-virus and anti-malware program. This is important because the hacker may have tried to install a keystroke logging malware program that can steal all of the information from your computer.
6. Review the settings on your email, particularly make sure that your email is not being forwarded somewhere.
7. Get a free copy of your credit report. You can get your free credit reports from Some other sites promise free credit reports, but sign you up for other services that you probably don’t want or need.
7. Consider putting a credit freeze on your credit report. You can find information about credit freezes here on

Scam of the day – April 22, 2015 – Watch out for the Simda botnet

April 21, 2015 Posted by Steven Weisman, Esq.

Recently the Department of Homeland Security joined Interpol and the FBI to issue a serious warning about a botnet called the Simda botnet.  A botnet, as readers familiar with Scamicide will know, is a network of infected computers used by cybercriminals to spread malware.  According to the Department of Homeland Security more than 770,000 computers have already been affected by the Simda botnet which has been around since 2009 preying on computers that are not properly protected by up to date anti-malware software.  The Simda malware not only enables the cybercriminals to use their victims’ computers to spread this and other malware, but it also enables the cybercriminals to steal personal information from the infected computers that make up the botnet and then use that information for purposes of identity theft.


Here is a link to which you can go to find out if your computer has been infected with the Simda malware.

If you have been a victim of the Simda malware, you should install anti-virus and anti-malware software to rid your computer of the Simda malware.  You should then change the passwords for all of your accounts because they have been compromised.  You should also get a copy of your credit report from each of the three credit reporting agencies, Equifax, TransUnion and Experian to determine if you have already become a victim of identity theft.  You should also lock up your credit reports with a credit freeze at each of the three credit reporting agencies.  You can find instructions as to how to do this here in the Scamicide archives.

Even if you have not become a victim of the Simda malware, you should make sure that your anti-virus and anti-malware software is constantly updated.

Scam of the day – April 15, 2015 – TIGTA report on income tax identity theft

April 14, 2015 Posted by Steven Weisman, Esq.

The April 15th deadline for the filing of federal income taxes has come and gone, but if you have become a victim of income tax identity theft this tax season, your problems have only just begun. Income tax identity theft occurs when an identity thief files an income tax return using the name and Social Security number of a legitimate taxpayer and claims a refund based generally on a counterfeit W-2.  If you discover that you are a victim of income tax identity theft this year, your problems have just started. According to a recently released report by the Treasury Inspector General for Tax Administration (TIGTA), although the IRS has made some progress in assisting the innocent victims of income tax identity theft in getting their legitimate refunds, it still takes, on average, 278 days to resolve the claim of a victim of income tax identity theft although the IRS routinely tells taxpayers that they can expect their claims to be resolved within 180 days. According to the TIGTA report, the range of time it takes the IRS to resolve an income tax identity theft victim’s account and pay the legitimate refund ranged from a commendable low of 16 days to an inexcusable high of 762 days.


So what should you do if you are a new victim of income tax identity theft?    Filing a police report immediately is very important in order to document your claim.  Although this is the era of electronic communications, the next thing you should do is mail to the IRS a paper tax return with an attached Form 14039 Identity Theft Affidavit and the police report.  According to the IRS, this will shave an average of 54 days off the time it takes the IRS to process your claim.   Your case will then be assigned to an IRS employee to assist you with clearing your name and getting your refund. As a victim of identity theft, you also are eligible to receive an Identity Protection Personal Identification Number (IP PIN) to use for future income tax returns to protect you from becoming a victim again of income tax identity theft.  You also should put a credit freeze on your credit report because if someone is able to file an income tax return on your behalf, they have access to your Social Security number which they could also use to access your credit report and obtain credit in your name.  Putting a credit freeze on your credit report will thwart future attempts by an identity thief to access your credit.  You can find information about credit freezes and how to put one on your credit reports at Experian, Equifax and Transunion by going to the Archives section of Scamicide.

Scam of the day – February 27, 2015 – Texas court dismisses data breach class action

February 27, 2015 Posted by Steven Weisman, Esq.

More and more massive data breaches have become a part of everyday life.  Breaches such as recently occurred at Anthem and in the past few years affected Target, Home Depot and many other companies affect just about everyone.  Sometimes the data breaches, such as occurred with Target only affect credit card information, but other data breaches, such as the recent Anthem data breach result in much personal information being stolen which can then be used to turn the person whose information has been stolen into a victim of identity theft.  Recently a number of class actions on behalf of the victims of these data breaches have been filed against the breached companies for failing to use proper security measures.  Recently the Federal District Court for Southern Texas dismissed a class action brought by Beverly Peters on behalf of herself and others whose information had been compromised following a February 2014 data breach affecting 405,000 employees and patients of the St. Joseph Health System, a Texas hospital and health clinic company.  The class action was dismissed by the court because as of the date of the court hearing there was no evidence that any of the people affected had become victims of identity theft.


The problem with this decision is that in many instances, identity thieves wait before using the stolen information in the hope that as time goes by, people will be less vigilant in guarding their identities.  In massive data breaches such as the one suffered by the St. Joseph Health System, the hackers often steal all of the information and then sell it in batches on black market websites to identity thieves whose use of the information results in the victims suffering identity theft.  While credit monitoring is often offered on a free basis, as it was in this case, by the hacked company following the data breach, credit monitoring does nothing to stop identity theft.  It only tells you that you have become a victim sooner than you might otherwise become aware.  A much better alternative is to put a credit freeze on your credit reports at each of the three major credit reporting agencies, Equifax, Transunion and Experian.  This will prevent even someone with your personal information from accessing your credit report to obtain credit in your name and thus help keep you from becoming a victim of identity theft.  You can find information in the Archives of Scamicide about how to put a credit freeze on your credit reports.