Scam of the day – November 15, 2017 – New updates for Adobe Flash

As we learned again, most recently with the Equifax data breach, delay in installing security patches and updates for your software as soon as they become available can lead to disastrous consequences.  Adobe has recently issued critical updates to a number of its software programs including the popular, but seriously vulnerable Adobe Flash.

Flaws in Adobe Flash have been exploited by hackers and identity thieves against individuals, companies and government agencies including the U.S. State Department and the White House.  In 2010 Steve Jobs vociferously complained about its security and it has routinely been cited as being extremely vulnerable.   According to security company, Symantec in 2015 80% of the newly discovered software vulnerabilities which can be exploited by malware created by cybercriminals involved Adobe Flash. Adobe has announced that it will be retiring Adobe Flash in 2020.  It will still be issuing security patches until then, but now is a good time to move away from Adobe Flash if you have not already done so.


If you are going to continue to use Adobe Flash, it is imperative that you update your software with the latest security patches when they are issued.  Here is a link to the latest updates for Adobe Flash.

However, it may well be time for you to replace Adobe Flash to avoid future problems.

Here is a link to a website with alternative plugins you may wish to consider to replace Adobe Flash.


Scam of the day – October 19, 2017 – Congress forces IRS to suspend multi-million dollar Equifax contract

In the Scam of the Day for October 8th, I reported to you about the recent announcement that Equifax, the company responsible through its own negligence for 145 million Americans becoming in serious danger of identity theft for the rest of their lives, was awarded a 7.25 million dollar contract to provide security and fraud detection services to the IRS.  Making the problem even worse was the fact that the contract was a no-bid contract.

Now under pressure from numerous members of Congress the IRS has temporarily suspended the contract while the IRS investigates Equifax’s systems and security.  The suspension of the contract means that taxpayers wishing to set up accounts with the IRS through its Secure Access program which enables taxpayers to access certain online services will be unable to do so.  Taxpayers who already had set up accounts with the IRS to use the Secure Access program, however,  will still be able to use their accounts.



Relying on the IRS to protect the security of our data is somewhat problematic because the IRS itself has had a number of instances where its security practices have been lacking.  When it comes to protecting ourselves from identity theft there are numerous simple steps we should all take in order to protect ourselves.  I provide them in great detail in my book “Identity Theft Alert.”  However, here are a few of the things we all should do:  Freeze your credit, monitor your credit reports and all of your accounts, use complex passwords, use nonsensical security questions, use dual factor authentication, use security software on all of your devices and keep the software updated with the latest security patches,  never click on links or download attachments unless you have verified that they are legitimate and limit the places you provide your Social Security number as much as possible.  Your doctor, for instance,  may ask for it, but he or she doesn’t need it.

Scam of the day – September 23, 2017 – Massachusetts Attorney General sues Equifax

Massachusetts Attorney General Maura Healey became the first state attorney general to sue Equifax in regard to the recent massive data breach.  Specifically, the lawsuit accuses Equifax of not properly updating its Apache Struts software with security patches for vulnerabilities that were exploited by the hackers although the patches were available months before the data breach.  The lawsuit also accuses Equifax with a failure to promptly notify victims of the data breach in a timely fashion and failing to encrypt data.

The lawsuit seeks civil penalties and other financial penalties.   I expect numerous other state attorneys general to also sue Equifax in the days ahead.


I will keep you informed as to developments in this case as well as the multiple class actions that have been filed privately against Equifax in regard to the data breach and let you know what you may need to do to obtain compensation related to the data breach.  In the meantime, if you have not already done so you should freeze your credit at each of the three credit reporting agencies and sign up for Equifax’s free identity protection services which are being offered for one year.

Scam of the day – September 20, 2017 – Freedom from Equifax Exploitation Act introduced in the Senate

In the wake of the Equifax data breach, Senators Elizabeth Warren of Massachusetts and Brian Schatz of Hawaii have introduced legislation in the United States Senate entitled the Freedom from Equifax Exploitation Act or FREE Act.  Someone was obviously pretty adept when coming up with this acronym.

If passed, the bill would create a federal standard for credit freezes and require that they be able to be done and lifted at no cost to consumers at any time.  It also would require consumers to be refunded any charges incurred in freezing their credit reports at the other credit reporting agencies in response to the Equifax breach.  In addition it provides for consumers to receive more free copies of their credit reports.


Here is a link to the full bill.

If you support this bill, you should contact your Senators.    Here is a link for doing so.

Presently this bill stands little chance of passage, however if the public is heard, hopefully the laws will change to better protect our privacy and security in regard to credit reports.

Scam of the day – September 17, 2017 – Scammers attempting to exploit Equifax data breach

As I often say, things aren’t as bad as you think – they are far worse.  It is not bad enough that 143 million Americans are at heightened danger of identity theft due to the massive data breach at credit reporting agency, Equifax, but now scammers are seeing the concern of people about the data breach as an opportunity to scam them out of their money.

Scammers are contacting people by phone, email and text messages posing as Equifax claiming that they are there to help the victims of the data breach, when the truth is that the scammers merely want to lure you into providing personal information and use it to make you a victim of identity theft.   You can’t trust your Caller ID because through a technique called “spoofing” it can be manipulated to make a call from a scammer appear to be coming from Equifax.


It is a good rule to never provide personal information of any kind to someone who calls you on the phone.  If the call appears legitimate, call the person, company or agency back at a telephone number that you know is accurate.

The same rule applies to emails and text messages you receive.  Never provide personal information until you have confirmed that the communication is legitimate.

In this case, Equifax is not contacting victims by email, phone or text messages asking for personal information or credit card information.

Scam of the day – September 15, 2017 – The importance of updating your software

I am constantly preaching about the importance of not using outdated software which is not updated with the latest security patches, such as we saw as the basis for the WannaCry ransomware attack which exploited vulnerabilities in the Windows XP operating system, which Micosoft had long ago stopped supporting with security updates.

It is important to update all of your software with security patches as soon as they become available.  Equifax has recently confirmed that the vulnerability exploited by hackers in its recent massive data breach was in the Apache Struts software used for developing apps.  The specific vulnerability was designated as CVE-2017-5768.  The problem is that this vulnerability was first exploited by hackers against Equifax in May while a security patch was made available as shown here this security update in March.

If Equifax had been prompt in its updating of its Apache Struts software, it could have avoided this data breach.


The lesson is clear.  Update all of your software programs as soon as security patches are available and whenever possible, make the updating of security patches automatic so you don’t even have to take any specific action yourself to make sure that you are operating the most safe and secure versions of your software.

Scam of the day – September 10, 2017 – Further important Equifax updates

It is unusual here at Scamicide to discuss the same scam for multiple consecutive days, however, the massive Equifax data breach story is continually evolving, affects you and warrants such coverage.

Under pressure from New York Attorney Eric Schneiderman and others, Equifax has removed the waiver of your rights to participate in a class action from the contract you must agree to in order to obtain free identity protection services from its TrustedID  program.  Therefore it makes sense to sign up for the program, which you can do here.

While Equifax also represented that you could find out from them whether or not you were specifically involved in the data breach, that representation is not accurate.  Numerous people have used fake names to test the system and in each instance were told that they probably were affected by the data breach.  This is mildly upsetting, but no more than that.  The sheer size of the data breach is so large and the potential harm so great that you should assume that you were affected.


The advice as to what to do is still the same.  You should put a credit freeze on your credit reports at all of the three major credit reporting agencies.  Fraud alerts are worthless.  In addition, you should get copies of your credit reports from each of the three major credit reporting agencies to look and see if you have already been a victim because it is important to remember that this data breach has gone on for months.  You have the right to a free copy of your credit report from each of the three credit reporting agencies once each year.  What many of us do is stagger the request among the TransUnion, Equifax and Experian by requesting one every four months.

You can get your free copies of your credit reports by using this link.

Here are links to each of the credit reporting agencies for information about how to put a credit freeze on your credit reports: 

Scam of the day – September 9, 2017 – Important update about the Equifax data breach

The massive data breach that occurred at credit reporting agency Equifax, between last May and July is a story that is continuing to evolve. If you are one of the approximately 143 million people whose personal information was compromised, you face a serious threat of identity theft. Equifax is offering credit monitoring and other services to the victims of the data breach through its identity protection company, Trusted ID, however, if you read the fine print in the agreement you will find that in order to get the free services you must  waive your rights to be a part of any class action against Equifax and must resort to binding arbitration for any claims against Equifax.  New York Attorney General Eric Schneiderman has already indicated that he believes that requiring such a waiver in this instance is illegal and he has demanded Equifax to remove the language from the agreement.  The agreement does also provide that if you notify Equifax within 30 days of accepting the terms that you wish to opt out of arbitration you can do so, but at the moment, your rights against Equifax are far from clear.


So what should you be doing?  It will certainly take some intense investigation, but there may well be cause for a class action against Equifax.  However, in the meantime your primary concern should be protecting yourself from identity theft and the first thing you should do is get copies of your credit report from each of the credit reporting agencies and review them to see if there is any evidence of identity theft. Regardless of whether you find any such indications, the next thing you should do is put a credit freeze on your credit reports at each of the three major credit reporting agencies.

You can get your free copies of your credit reports by using this link.

Here are links to each of the credit reporting agencies for information about how to put a credit freeze on your credit reports: 

Scam of the day – September 8, 2017 – Massive data breach at Equifax

Yesterday Equifax, one of three major credit reporting agencies announced that it had been victimized by a data breach between mid May and July that resulted in personal information of approximately 143 million Americans being stolen.  To put this number into perspective it accounts for nearly 44% of the entire population of the United States.  The compromised information included names, Social Security numbers, birth dates and more.  This information puts the victims of the data breach in serious danger of identity theft.  In the past when major data breaches such as this have occurred, the cybercriminals sell the information to other cybercriminals on the Dark Web.  To date, we have not yet seen this information being sold, but it will be.

Equifax is offering to affected customers a free year of credit monitoring and the ability to freeze your Equifax credit report.  To find out if your records were affected by the breach, click on this link provided by Equifax

Potential Impact


If you have been affected by the data breach, you should sign up for the free services offered by Equifax and definitely should freeze your credit report at all of the credit reporting agencies because the information stolen puts you in jeopardy of identity theft at all of the credit reporting agencies.

Even if you have not been a victim of the data breach, you should consider taking this as the opportunity to put a credit freeze on your credit reports. Credit freezes are the best thing you can do to protect yourself from becoming a victim of identity theft.

To get started, it’s best to first understand the laws and fees governing credit freezes in your state. The National Conference of State Legislatures describes the credit freeze laws for each state. 

To get the maximum protection from identity theft, it is important to freeze your credit at each of the three major credit reporting agencies. Here are links to each of them for information about how to get a credit freeze: 

Once you have frozen your credit, be sure to keep the PIN and information on how to unfreeze your credit report in a safe place.