Scam of the day – June 2, 2016 – Why the massive Myspace data breach is relevant

Many younger readers of Scamicide may not even remember Myspace, but at one time Myspace was the biggest social networking website.  By 2009, however, it was overtaken by Facebook and its users have continued to decline in the years since then.  In 2013, it was bought by Time, Inc which is attempting to revitalize it.  When it was announced earlier this week that more than 360 million usernames and passwords from Myspace were being sold on the Dark Web to cybercriminals interested in turning that information into ammunition for identity thieves, many people were not very disturbed by the news.  But they should be.  Even though the usernames and passwords go back to prior to 2013 and, in many instances, much earlier, the problem is that because a lot of people use the same username and password for all of their accounts, this information could put present and former Myspace users in jeopardy of this information being used to gain access to the victims’ other accounts, such as online banking.

TIPS

A great resource to find out if you have been affected by a data breach is “Have I Been Pawned” which compiles information on data breaches that allows you to find out if your information was contained in particular data breaches.  Here is a link to its website which you can use to find out if the Myspace data breach or other data breaches affect you.  https://haveibeenpwned.com/

Myspace is notifying users and has cancelled the passwords of affected accounts, however, if you do get an email purporting to be from Myspace asking you to input personal information such as passwords or other information, you have probably been contacted by a scammer merely trying to steal your information through spear phishing.  If you do receive and email from Myspace there is no way to be absolutely sure that it is legitimate, so if you believe you may have been affected by the data breach, you should go directly to Myspace’s website to change your username or password. Here is a link to the applicable portion of the Myspace website.  https://help.myspace.com/hc/en-us

Finally, for all of us, this data breach is just another reminder that you should use a distinct and unique password for all of your accounts so that in the event of a data breach at one online service you use all of your online accounts will not be in jeopardy.

Scam of the day – June 2, 2014 – Facebook privacy checkup

One of the major causes of identity theft is the fact that many of us share too much personal information on social media.  Identity thieves are able to harvest this information which may include, addresses, employer, email address, phone number, birth date and names of family members to use to make us victims of identity theft.  Too many people don’t even give any thought to the amount of personal information about themselves that they make available online through social media and the danger of identity theft it poses.  Recently Facebook announced that in order to remedy this situation it was offering a privacy checkup to each of its 1.28 billion users.  As a part of Facebook’s new privacy policy it will also change the default setting of new posts by adjusting initial posts to be seen only by friends rather than the public.  A public setting which was formerly the default setting permits anyone on the Internet to see posted photographs and messages.  Soon when people go to post something on Facebook they will see a cartoon blue dinosaur that pops up with the message “We just wanted to make sure you’re sharing with the right people.”  The dinosaur will then guide you through your privacy settings for status updates, remind them of teh apps that they have given permission to use their Facebook data and review the privacy settings for their profile information.

TIPS

Many of us are not aware of the personal information available about us in various social media and how we have, often unwittingly, allowed this information to be broadly available, which can pose a danger to us of identity theft or worse.  Now is a good time to not only review the privacy of your data on Facebook, but on all of your social media.  It might surprise you to learn how widely disseminated your personal information is and that you have agreed for it to be available by not taking the time to better understand the privacy rules in effect on each of the social media sites you use.

Scam of the day – April 10, 2014 – Serious security danger on the Internet of Heartbleed

The term “Heartbleed” sounds serious and it is.  Heartbleed is the name of the recently discovered security flaw in the Open SSL encryption security technology that is used by up to 2/3 of websites on the Internet.  An indication that the website you are communicating with uses Open SSL is the presence of the tiny padlock icon next to the website address.  Another indication of the use of Open SSL being used is the letter “s” appearing after the initial “http” at the beginning of a website address.  The padlock and the “s” indicated to people communicating with websites that your communications were encrypted and safe from hackers.  Now we have discovered that this encryption technology had been cracked by attackers as long as two years ago.  This means that your communications online with your bank and retailers may have been compromised.  Many websites that have used the Open SSL encryption technology including Amazon and Facebook have fixed the problem or are working on it.  There are patches available.

TIPS

The first thing that you should do is to change your passwords at websites you have used that utilized the Open SSL encryption because your password may be in the possession of hackers.   However, do not change your password until you have confirmed with the Website that it has patched the security flaw.   Heartbleed is a good reminder to us all that we should change our passwords on a regular basis as well as have different passwords for every website where we use a password so that if one gets hacked, identity thieves would not have the passwords for all of our other accounts.  It doesn’t have to be a difficult task as just adding or changing a letter or two can do the trick if you have a good, complex password with letters both capital and small as well as figures and signs.  Also, again as we all should be doing, monitor all of your accounts regularly for evidence of fraudulent use.

Here is a helpful link you can go to in order to check and see if the websites you go to were among those affected by Heartbleed.  One word of caution, this is not guaranteed by its creator to be 100% accurate: http://filippo.io/Heartbleed/

For people who have websites that use Open SSL, here is a link to the notice from the Department of Homeland Security with the links to rectify the situation.https://www.us-cert.gov/ncas/alerts/TA14-098A

Scam of the day – May 25, 2013 – Email plea for help scam

Pleas for help that you receive through social media or emails are a common type of scam.  Recently I received such a plea in an email that I am reproducing below.  The particular email I received purported to be from Elliot Raphaelson.  I do not personally know anyone named Elliot Raphaelson, however, I am aware of an Elliot Raphaleson who is a a financial journalist.  Often such pleas for help will carry the name of someone who you actually know, however, usually this is because that person’s email or Facebook page has been hacked and hijacked so the message appears to come from your real friend, when, in fact, it is coming from a scammer who will be seeking you to wire money to him or her.

Here is a copy of the email that I received:

“Hi,
How are you doing, I originally didn’t want to tell you any of this (and I still haven’t told anybody, so please keep this as a secret) I just want to let you know about my sister’s surgery operation. we traveled for her operation, she has been having this chronic kidney and heart problem since, The doctor has placed her on a temporal treatment now, as we don’t have the deposit fee requested. We traveled with little cash as we didn’t know things would be this way. I don’t know your financial status right now but i will appreciate whatsoever you can lend me with. Please do mail me so that i can update you about position of things.
Thanks and Best Regards.
Elliot Raphaelson”
TIPS
As I so often tell you, “trust me, you can’t trust anyone.”  You should always be skeptical when you receive such a plea for assistance, particularly when you receive it through an email or social media.  If you have any thought that the communication may be legitimate, you should contact the person by phone to confirm that it is a scam.  Even if you are sure that the communication you receive is a scam, if the communication uses a real friend’s name, you should contact your real friend by phone to let them know that their social media or email account has been hacked.

Scam of the day – September 23, 2012 – Groupon scams

First, let’s get it straight, Groupon is not a scam.  In fact, it is a successful website where you can get great deals on all kinds of goods and services by buying heavily discounted online coupons.  You also can share these coupons with friends through email or social media, such as Facebook.  But Groupon’s appeal is also appealing to scammers and identity thieves  who are presently sending fake emails that look just like the email that Groupon uses when a friend shares a coupon deal with you.  The problem comes with an attachment that in the fake email is called a “gift coupon.zip” which you are required to click on in order to access the coupon.  Don’t do it.  This attachment will actually infect your computer with a keystroke logging software program that will steal all of your information from your computer and make you a victim of identity theft.

TIPS

Remember my motto – Trust me, you can’t trust anyone.  As always, make sure that your computer security software is kept up to date and also make sure that you have security software on all of your other mobile devices such as smartphones and tablets.  And never, ever, click on links unless you are absolutely sure that they are legitimate.  In a case like this, despite the fact that the email looks so legitimate, you can’t take the chance.  So before you click on such a link, go directly to Groupon’s customer support and inquire whether the email you received was legitimate or not.

Scam of the day – September 17, 2012 – iPhone 5 scams

Identity thieves take advantage of every major event to their illegal ends and the launching of Apple’s new iPhone 5 is sure to be no exception to this rule.  There will be numerous scams and identity theft schemes revolving around the iPhone 5.  You may receive phony emails, text messages or Facebook messages telling you that you should click on a link to get the new iPhone at a dramatically discounted price.  You may receive phony emails, text messages or Facebook messages to click on a link for special information about the iPhone.  You may go to a  “discounter” who will sell you a new iPhone 5 only to find out that your box is empty or contains a worthless or even dangerous knockoff.  You may even receive an email or text message telling you that you have been selected to test the new iPhone 5 and will receive one free for your services.   They give you a link to click on for further information and details.  All of these are scams.  If you click on any of these links, you will download keystroke logging malware that will steal the information from your computer or other electronic device and make you a victim of identity theft.

TIPS

Never click on links unless you are absolutely sure that they are legitimate.  If you don’t know the source, don’t click on the link and even if you do know the source, it is risky to click on the link because a friend may unwittingly be passing on the malware to you.  Remember even messages that appear to come from your friends may be coming from identity thieves who have hacked into your friend’s email account or Facebook account.  If you want information about the iPhone, go to Apple’s website and if you want to purchase one, go to legitimate, well-established brick and mortar stores.

Scam of the day – September 15, 2012 – Nude pictures of Princess Kate scam

Although it was only recently that I warned you about the dangers of searching online for nude pictures of Prince Harry, it bears repeating in the light of the publishing of paparazzi pictures of Kate, the Duchess of Cambridge sunbathing topless at what she thought was a secluded villa in the French countryside.  Many people will be curious to see these photographs and identity thieves will take advantage of this curiosity to lure you into downloading keystroke logging malware programs on to your computer, laptop or smartphone and steal all of your personal information and make you a victim of identity theft.

TIPS

You may receive an email or a message on your Facebook page purportedly from a friend telling you to click on a link to get access to the pictures of Kate, but the emails are from identity thieves and even if the message appears to be from a true friend, their email or Facebook page may have been hacked into which is easy to do for an identity thief (or anyone else) to make you less suspicious.  NEVER click on links sending you to pictures such as this.  If you really want to see the pictures, go directly to legitimate websites that deal with this kind of material, such as www.tmz.com.

Scam of the day – September 5, 2012 – Latest Facebook scam

I recently received two, almost identical emails purportedly from the Chief Financial Officer of Facebook telling me that I had been lucky enough to win a free Apple MacBook Air as a part of an advertising promotion.  The emails each provided a link for me to click on to in order to complete a survey and receive my prize.  This is a scam.  If you receive one of these emails and click on the link you risk becoming a victim of identity theft through the downloading of a keystroke logging program that can steal the information from your computer or by providing the information requested in the “survey.”

TIPS

If you receive this type of email, delete it immediately.  In one email  that I received, the CFO was McKeighan Humberto.  In the other his name was Esposto Coy.  Both emails were very similar although not identical.  As with many scam emails, the grammar is sometimes poor.  In McKeighan Humberto’s email, I was told that I was “randomly elected” to receive the prize rather than “selected.”  If you are ever tempted to respond to such an email, do yourself a favor and contact the legitimate company, in this case Facebook, to determine whether or not the offer is a scam.  In every instance, you will learn that it is a scam.

Scam of the day – September 4, 2012 – College student identity theft threat

As the new semester starts for college students, a new batch of Freshmen get introduced not only to college life, but to identity theft.  College students are five times more likely to become victims of identity theft than the rest of the population and usually take longer to find out that they have been victimized.  Living in close quarters combined with a lack of proper precautions make college students easy pickings for identity thieves.

TIPS

Here are a list of things that college students should do to protect their identity: Lock their computers, smart phones and tablets when they are not in use;  use a strong password and use different passwords for each device; use encryption software on all their electronic devices; don’t use Wifi for financial transactions, it is too easy to be cracked; college mail boxes are not very secure, have sensitive mail sent to their home or sent to the student electronically; don’t trust messages with links from “friends” that appear on their Facebook page and don’t put too much personal information on their Facebook pages; it can lead to identity theft; shred papers with personal information before disposing of them; check their bank statement and credit card statements carefully each month to look for signs of identity theft and get their free credit report from each of the three credit reporting agencies annually.

Scam of the day – August 24, 2012 – Naked Prince Harry pictures scams

Today’s “scam of the day” is similar to warnings I have provided numerous times in the past.  Whenever there is a real or imagined intriguing newsworthy story, particularly about celebrities or natural disasters, people are drawn to the latest videos or photographs.  Natural disasters, such as the Tsunami in Japan or celebrity curiosity, such as purported photographs of the late Whitney Houston from the hotel room where her body  was found are great fodder for scammers and identity thieves who prey on the curiosity of people.  The latest example of this involves photographs of a naked British Prince Harry cavorting in a Las Vegas hotel suite playing “strip billiards” with a number of women.  In fact, the incident has been confirmed to be true.  Unfortunately, links to these photos that you may receive from “friends”on your Facebook account or through your Twitter account or an email from a “friend” quite often will not take you to these photographs, but instead will, unbeknownst to you, download keystroke logging malware on to your computer or smart phone that can steal all of the information from your computer or smart phone including personal information that can lead to identity theft.

TIPS

Even if the link appears to be from a “friend,” you should always be skeptical because, as I have indicated elsewhere in this website/blog, it is a relatively easy thing to hack into someone’s Facebook account, Twitter account or email account and send out messages that appear to come from a trusted friend, but instead come from an identity thief.  And even if the link that is sent to you really is from one of your real friends, you still may be in jeopardy because he or she may not be aware that he or she may have been hacked into and is passing on to you, without knowing, dangerous keystroke logging malware.  If your curiosity demands that you seek out this information, video or photograph, limit your searches to websites that you are absolutely sure are legitimate, such as, in the instance of the pictures of Prince Harry, the website TMZ.