Scam of the day – December 8, 2016 – Holiday online shopping scams

Imagine Andy Williams singing, “It’s the Most Wonderful Time of the Year” and it may indeed be the most wonderful time of the year for many people, but it is not so wonderful if you have been scammed by cybercriminals who really do find the holiday shopping season to be the most wonderful time of the year – for them.   I received an email today showing me how I could get iPads and iPhones at 90% discounts by clicking on links and ordering them online.  If I had clicked on the links, all I would have succeeded in doing would have been paying electronically for goods that I never would have received.  Meanwhile, by clicking on the links, I also would have run the risk of unknowingly downloading keystroke logging malware that could have stolen all of the information from my computer, such as my Social Security number, credit card number and other financial data and made me a victim of identity theft.

People also get in trouble when they go to phony websites that appear to be those of legitimate retailers and turn over their credit card information to a scammer and never get the goods they think they are purchasing.

TIPS

If an offer sounds too good to be true, it usually is.  Scammers always pick the most popular and expensive items to lure people into sending them money for goods that never are delivered.  Never click on links in emails, tweets or text messages unless you are sure the communications are legitimate and it is hard to do so without calling the legitimate company because even if it truly appears to be coming from a legitimate person or entity, their email, twitter, or smart phone may have been hacked into and the communication you receive is from a scammer.  Only deal with companies that you know are legitimate and confirm that you are actually on a legitimate website because phony websites can look quite good.

As for online shopping websites, there are a few ways you can determine whether or not a shopping website is legitimate or not.  First, find out who actually owns the website. Websites such as http://lookwhois.net/ will enable you to merely put in the URL and see who actually owns the website you are considering using for shopping.  If it doesn’t match the  legitimate company that you think you are doing business with, you will know to stay away.  Also, call the company at a telephone number you know is legitimate to confirm the precise website URL that they use.

Scam of the day – July11, 2016 – FBI warns about extortion tied to data breaches

Data breaches have become a modern fact of life as too many places that retain our personal data have been successfully targeted by hackers seeking information from which they can profit.  Often the information is credit card and debit card numbers that can quickly be used to make purchases for goods that are then sold on the black market to convert into cash.  Other times, it is personal information that allows the hacker to access our various online accounts including bank accounts or to use the information to set up new accounts that the cybercriminals can exploit.  None of these scenarios are good for the victims of these data breaches.  Sometimes the fault is with ourselves such as when we use easy to guess passwords or the same password for multiple accounts.  Other times the fault may be with the companies that hold your data that have not instituted proper security measures.

In any event, the FBI has recently noted that now cybercriminals are exploiting data breaches by threatening to  expose the victim’s personal information to others unless the targeted person agrees to pay a ransom in bitcoins which are an easy way to money launder criminal activity.  At the present time the ransoms range from approximately $250 to $1,200.  Here are some of the extortion emails presently being circulated.

“Unfortunately your data was leaked in a recent corporate hack and I now have your information. I have also used your user profile to find your social media accounts. Using this I can now message all of your friends and family members.”

“If you would like to prevent me from sharing this information with your friends and family members (and perhaps even your employers too) then you need to send the specified bitcoin payment to the following address.”

“If you think this amount is too high, consider how expensive a divorce lawyer is. If you are already divorced then I suggest you think about how this information may impact any ongoing court proceedings. If you are no longer in a committed relationship then think about how this information may affect your social standing amongst family and friends.”

“We have access to your Facebook page as well. If you would like to prevent me from sharing this dirt with all of your friends, family members, and spouse, then you need to send exactly 5 bitcoins to the following address.”

“We have some bad news and good news for you. First, the bad news, we have prepared a letter to be mailed to the following address that details all of your activities including your profile information, your login activity, and credit card transactions. Now for the good news, You can easily stop this letter from being mailed by sending 2 bitcoins to the following address.”

Part of the problem is that sometimes, the cybercriminals are bluffing and merely are contacting people after a noteworthy data breach without actually having the information they claim to have.

TIPS

The best way to avoid this problem is to limit the places that hold your personal information as much as you can.  For instance, hospitals do not need to have your Social Security number.  Use complex and unique passwords for each of your accounts and use dual factor authentication whenever possible.  Also, do not store personal information or sensitive photos or videos on your smartphone.  You also may wish to consider limiting the amount of personal information you provide on your social media accounts that can be used against you by being leveraged to gain access to your various accounts or trick you into clicking on links in emails or text messages that may download keystroke logging malware on to your computer, smartphone or other electronic device.  You also should limit the use of your debit card to use as an ATM card because the rules regarding protection from unauthorized use of your credit card provide much more protection than the rules regarding protection from unauthorized use of your debit card.

Scam of the day – March 25, 2016 – Chinese businessman pleads guilty to hacking American company

Corporate espionage by which companies hack into the computers of their competitors and steal trade secrets is nothing new.  This has been a particular problem for companies around the world that have been targeted by Chinese hackers often affiliated with the Chinese government.    I reported to you two years ago when the United States Justice Department indicted five members of the Chinese military on charges related to cyberattacks against a number of American companies including US Steel, Allegheny Technologies and SolarWorld.  Those indictments represented the first time that criminal charges of economic espionage were ever been brought against a foreign country.  Now, for the first time, Su Bin, a Chinese businessman has pleaded guilty to assisting two Chinese military hackers in stealing trade secrets related to Boeing’s C-17 military transport plane as well as fighter jets.   The hacking occurred between 2008 and 2014.  Just this past Fall, China agreed with the United States government that it would not engage in economic cyberespionage, however, it remains to be seen whether China considers hacking of companies that are part of the military industrial complex subject to that agreement or whether they consider such hacking to be permissible hacking for matters of national security. Regardless, this legal action by the Justice Department is a further indication of its increased commitment to pursuing cybercriminals.

So what does this mean to you?

TIPS

In so many major hacks and data breaches including many done by foreign hackers against American companies, the malware has been installed on the victim’s computers by the victim himself who in each case unknowingly downloaded an attachment containing malware or clicked on a link with malware.  If these people had been regular readers of Scamicide they would have known that you should never click on a link or download an attachment unless you are absolutely sure that they are legitimate.  Merely because an email, text message or other communication appears to come from someone you know and trust does not mean that it is legitimate.  Never click on a link or download an attachment unless you have independently verified through a telephone call, text message or email with the person who it appears is sending you the communication with the attachment or link to be clicked on.  Additionally, you should always make sure that your anti-malware software and anti-virus software is up to date although as I have often told you, even then your security software is only about 5% effective against the very latest malware programs.

Scam of the day – December 18, 2015 – Congress close to passing cybersecurity legislation

For years Congress has been debating much needed cybersecurity legislation without much success.   Now it appears that a cybersecurity bill that includes provisions previously approved by the House of Representatives and the Senate will be included in the omnibus spending bill which is close to passage and needed to maintain the funding of the federal government.  The essence of the cybersecurity proposal is the sharing of information by businesses and the federal government about technical aspects of cyberthreats such as hacking attacks and malware.  Much of the opposition by businesses to this type of legislation over the years has been the concern of businesses that such sharing could make them vulnerable to lawsuits.  In response to this concern, the new proposed legislation provides for protection from certain types of lawsuits, such as lawsuits based upon violations of electronic privacy protections. Meanwhile there continues to be opposition to the proposed law, deemed “The Cybersecurity Act of 2015” by some privacy advocates who believe the proposed law does not do enough to protect personal information when data is shared pursuant to the newly proposed law.  However, supporters of the bill, including President Obama have said that the protections of corporations from liability in data sharing will only apply if the companies remove personal information when sharing cyberthreat information.

TIPS

I believe that this law is a major step forward in the battle against cybercrime and will help enable companies and the federal government do a better job in fighting the numerous cyberthreats faced by the government and private industry today.  It should also be noted that these threats come not just from cybercriminals and identity thieves, but also from foreign governments and terrorist groups such as ISIS.  It is expected that this law will be passed before the end of the year.  I will keep you updated as to the bill’s progress.

Scam of the day – July 17, 2015 – Yet another Nigerian email scam

Today’s Scam of the day comes right from my email and I am sure that it has appeared in the email boxes of many of you.  Although it may appear that the Nigerian email scam began in the era of the Internet, the basis of the scam actually goes back to 1588 when it was known as the Spanish Prisoner Scam.  In those days, a letter was sent to the victim purportedly from someone on behalf of a wealthy aristocrat who was imprisoned in Spain under a false name.  The identity of the nobleman was not revealed for security reasons, but the victim was asked to provide money to obtain the release of the aristocrat, who, it was promised would reward the money-contributing  victim with great sums of money and, in some circumstances, the Spanish prisoner’s beautiful daughter in marriage.

Today’s scam of the day is yet another variation of what has come to be known as the Nigerian letter scam.  In the various versions of this scam circulating on the Internet today, you are promised great sums of money if you assist a Nigerian in his effort to transfer money out of his country.  Variations include the movement of embezzled funds by corrupt officials, a dying gentleman who wants to make charitable gifts or a minor bank official trying to move the money of deceased foreigners out of his bank without the government taking it.  the example below of the email I received may not even be from Nigeria, but the scam is the same.  Although generally, you are told initially that you do not need to contribute anything financially to the endeavor, you soon learn that it is necessary for you to contribute continuing large amounts of money for various reasons, such as various fees, bribes, insurance or taxes before you can get anything.  Of course, the victim ends up contributing money to the scammer, but never receives anything in return.

Here is a copy of the email, I recently received:

Dear Friend,
With due respect to your person and much sincerity of purpose . I have a business proposal which I will like to handle with you. $35 million USD is involves. But be rest assured that everything is legal and risk free as I have concluded all the arrangements and the legal papers that will back the transaction up. Kindly indicate your interest as to enable me tell you more detail of the proposal.
Waiting for your urgent response.
Yours Faithfully,
Dr.Lincoln Bah Bah

TIPS

This is a simple scam to avoid.  It preys upon people whose greed overcomes their good sense.  The first thing you should ask yourself is why would you be singled out to be so lucky to be asked to participate in this arrangement.  Since there is no good answer to that question, you should merely hit delete and be happy that you avoided a scam.  As with many such scams, which are originating outside of the United States, the punctuation and grammar are often not good.

Many people wonder why cybercriminals and scammers send out such ridiculously obvious scam letters that anyone with an ounce of sense would recognize as a scam, but that may be intentional on the part of the scammer because if someone responds to such an obvious scam, they are more likely to fall prey to the scam.

Scam of the day – April 22, 2015 – Watch out for the Simda botnet

Recently the Department of Homeland Security joined Interpol and the FBI to issue a serious warning about a botnet called the Simda botnet.  A botnet, as readers familiar with Scamicide will know, is a network of infected computers used by cybercriminals to spread malware.  According to the Department of Homeland Security more than 770,000 computers have already been affected by the Simda botnet which has been around since 2009 preying on computers that are not properly protected by up to date anti-malware software.  The Simda malware not only enables the cybercriminals to use their victims’ computers to spread this and other malware, but it also enables the cybercriminals to steal personal information from the infected computers that make up the botnet and then use that information for purposes of identity theft.

TIPS

Here is a link to which you can go to find out if your computer has been infected with the Simda malware.  http://www.cyberdefense.jp/simda/

If you have been a victim of the Simda malware, you should install anti-virus and anti-malware software to rid your computer of the Simda malware.  You should then change the passwords for all of your accounts because they have been compromised.  You should also get a copy of your credit report from each of the three credit reporting agencies, Equifax, TransUnion and Experian to determine if you have already become a victim of identity theft.  You should also lock up your credit reports with a credit freeze at each of the three credit reporting agencies.  You can find instructions as to how to do this here in the Scamicide archives.

Even if you have not become a victim of the Simda malware, you should make sure that your anti-virus and anti-malware software is constantly updated.

Scam of the day – March 31, 2015 – New developments in sextortion

Sex extortion or sextortion has been around for years on the Internet with criminals tricking people into performing sexual acts online that are recorded and then used to blackmail the victims.  In other cases, hackers have gained access to the webcams of women and used them to take photographs of the women who unwittingly undressed in front of computers in their rooms, not knowing they were being recorded.  In one notorious case, Miss Teen USA, Cassidy Wolf refused to be a victim of sextortion and helped law enforcement find and prosecute Jared James Abrahams who was sentenced to 18 months in prison in March of 2014.

Now, however, as with many scams, sextortion has evolved.  In the latest incarnation, uncovered by cybersecurity firm Trend Micro, Cybercriminals in Asia set up fake profiles on social media such as Facebook and then lure their victims to platforms with both video and voice capabilities such as Skype and entice them into performing sexual acts, which are recorded by the cybercriminals.  In a new twist on this scam, however, the cybercriminals then pretend that they are having audio difficulties and convince their victims into downloading a specific Android app on to their Android smartphone which they represent will remedy the problem.  However, instead of fixing the problem, the app is malware that steals all of the contact information stored on the victim’s smartphone.  The cybercriminal then threatens to send the videos to everyone on the victim’s contact list unless the victim pays a ransom.

TIPS

The best solution to any problem is to avoid the problem altogether.  An easy and decidedly low-tech way to protect yourself from webcam surveillance is to merely put a post it over the camera when you are not using it.  If you are going to indulge in cybersex or phone sex, it should only be done with people whom you totally trust.  Engaging in such activities with strangers or people you do not know well is asking for trouble.  Also, make sure that all of your electronic devices including your smartphone and computer are protected with the latest updated security software.  Even then, however, no security software is 100% effective against the latest viruses and malware so you should never click on links or download attachments unless you have absolutely confirmed that they are legitimate and you should never download apps from anywhere other than legitimate app stores.  The risk of malware is just too high.

 

Scam of the day – May 30, 2013 – Iranian attacks on American banks

It should come as no surprise to regular readers of Scamicide because I have been warning you about this for many months, that the American banking system is under intense cyberattack from cybercriminals intent upon disrupting our financial system.  These attacks could have a  profound effect on you if you do not take the proper precautions.  Recently the source of many of these cyberattacks has been traced to Iran and, due to the sophistication of the recent attacks, it is speculated that the attacks are part of a governmental effort against the American banking system rather than the work of just common cybercriminals.  This situation will get worse before it gets better, however there are some things that you can do to protect yourself.

TIPS

Be a part of the solution and not a part of the problem.  Online banking is still the most safe way to do your banking, but online banking security starts with a secure password that is difficult for cybercriminals to decipher.  Don’t use any word that is in the dictionary.  Computer programs used by identity thieves can crack any such password in short order.  Use a mixture of letters and symbols, the longer the better.  Including signs that are easy for you to remember, such as $ or ! and in multiples as a part of your password can dramatically enhance the security of your password and your account.  Also, refrain from using public WIFI for financial transactions and when you do use WIFI, make sure your tablet, laptop, or smartphone contains the most up to date security and encryption software.  Also, keep hard copies and a USB flash drive of your banking records to help prove what you have in your account if you account is hacked.  Finally, when disposing of paper records of your bank account, make sure you use a cross shredder so that the records cannot be used to make you a victim of identity theft.

Scam of the day – September 27, 2012 – Scammers targeting financial advisers

Our extensive use of electronic communications has become a boom for scammers and cybercriminals whose latest target are financial advisers and brokers.  Financial advisers are receiving phony emails purporting to be from their customers asking them to wire money into specific bank accounts.  Recently, an unwary experienced financial planner wired $15,850 into an account at PNC Bank at what he thought was the direction of his client only to learn later that it was a scam.  Investors increasingly communicate with their financial advisers through email.  With the ease in hacking into someone’s email along with the availability of so much information about individual victims online through social media and other sources, it is an easy scam to accomplish.

TIPS

As always, be skeptical whenever anyone asks you to wire money.  Once money is wired, it is gone.  This is a favorite tactic of scammers.  Financial advisers should confirm any and all financial transactions with their clients personally before sending money anywhere.  Being aware of how easy it is to hack into someone’s email is a good first step in providing for greater safety.