Posts Tagged: ‘firewall’

Scam of the day – May 28, 2013 – KFC phony coupon scam

May 28, 2013 Posted by Steven Weisman, Esq.

Just as the band, Dire Straits sang about “money for nothing and chicks for free,” many scammers appeal to our desire of something for nothing by offering free phony on-line coupons for products or services in the hope that we will fall for their promises of something for nothing and click on a link that will not take us to a link for a free product or service, but rather will result in us downloading dangerous malware, such as keystroke logging malware programs that can steal all of the information in your computer and make you a victim of identity theft.  There are many indications of the illegitimacy of these coupons, but one common one is poor grammar.  Particularly, because many of these scams originate in foreign countries where English is not the primary language, it is quite common for these phony on-line coupon offers to have poor grammar.  However, recently I received a phony offer regarding a coupon for Kentucky Fried Chicken that was laughingly amateurish.  A copy of the email is reproduced below.  Note that instead of a reference to the “Colonel,” it refers to the “Kernel.”  I know it is corny (sorry about that), but I had to share it with you.  DO NOT CLICK ON THE LINK.

“Subject: Enjoy our new crispy chicken

KFC
It’s Finger Lickin’ Good

Celebrate with the Kernel this Spring

- your personal voucher enclosed -

Use For Lunch Or Dinner ANYTIME

EXPIRES: 5/31/2013
VOUCHER ID: 1714669500684339988″

TIP

Remember, anytime you receive an email with a link, you should be wary of clicking on the link unless you are absolutely positive that the email is legitimate and the link is safe to click on.  You can never be sure who or what company is sending you an email because it is easy to either pose as someone else or to hack their email.  Certainly, this particular email with its grammatical error and its lack of a corporate logo as well as an email address from which it was sent that does not appear to come from KFC are all good indicators that the email is not to be trusted.  If you ever receive an email containing a link and you are tempted to click on the link, first contact the real company or person directly to confirm whether or not the email is legitimate and remember, despite what Dire Straits say, you don’t get anything for nothing.

Also, make sure your Firewall, security software and anti-malware software are current at all times.

 

Scam of the day – May 19, 2013 – Fidelity phishing scam

May 19, 2013 Posted by Steven Weisman, Esq.

Phishing, as I have described on Scamicide and in my book “50 Ways to Protect Your Identity in a Digital Age” is the name for the tactic used by identity thieves by which you are lured to a phony website to provide information used to make you a victim of identity theft.  Phishing often starts with an email from a company with you do business or a federal or state agency.  The email indicates that there is some problem or other matter to which you must give your immediate attention and a link is provided for you to purportedly go to the website of the company or agency, however, in fact, you are either sent to a phony website for the company or agency where information is solicited that will be used to make you a victim of identity theft or, even worse, by clicking on the link you download a keystroke logging malware program that steals all of the information from your computer including your Social Security number, credit card number, passwords and other information used to also make you a victim of identity theft.

Recently, I received an email purportedly from Fidelity Investments.  As phishing attempts go, this one was pretty flawed.  The email address from which it came was not an email address of Fidelity Investments.  In fact, it was that of a private person who most likely was a part of a botnet by which his computer was being manipulated by an identity thief.  If you want more information about botnets, you can check out the archives of Scamicide or read about them in my book “50 Ways to Protect Your Identity in a Digital Age.”  Other flaws in the phishing email were the lack of my name appearing anywhere which indicates that it is just a general phishing email sent out to many people by the identity thief, and the lack of a Fidelity logo.

Here is a copy of the email I received.  DO NOT CLICK ON THE LINK.

“Account Status NotificationWe have noticed unusual activity on your account. Due to this, we need you to verify your account information for more efficient use of our Banking system: Please confirm your account information today by clicking on the link below: https://fidelity.secure.com/Logon.aspx?LOB=RBGLogon=user=&email&Security Adviser
© Fidelity Brokerage Services LLC. All rights reserved”

TIPS
Never click on links in emails unless you are sure they are legitimate.  Unfortunately, you can never be sure when you receive an email if the email is legitimate so you should always be skeptical and make it a habit not to click on links until you have verified that they are legitimate by contacting the company or agency that is indicated as having sent the email to confirm whether or not the email and link are legitimate.  Look for the telltale signs that it is a phony, such as an email address for the sender that is not that of the real company or agency and the failure to direct the email to you directly by name.  You can contact the company or agency by phone or email directly to confirm whether or not the email you receive was legitimate.  Finally keep your Firewall and security software up to date to help protect you from viruses and malware.  Security software is certainly not perfect, but it does help.

Scam of the day – May 7, 2013 – Ransomware update

May 7, 2013 Posted by Steven Weisman, Esq.

I have previously warned you about this type of  scam on December 3, 2012, January 19, 2013 and as recently as March 26, 2013, but today’s update is because now it is personal.  When I went to turn on my computer today I was locked out and a Ransomware scam was facing me on my computer.  Ransomware scams occur when you find that you are unable to use your computer and you receive an email message or a notice on your screen, as I received, indicating that your use of your computer has been frozen due to illegal activity being detected on your computer.  A common variation of this scam being done now purports to be from the Department of Homeland Security and its National Cyber Security Division.  The version I got purported to be from the FBI.  Even scarier was the fact that it had control of my computer camera and a photograph of me appeared at the top of the phony notice.   In the notice I was told that I needed to pay a fine before my computer would be unfrozen and I would be able to have access to it again.  In fact, the freezing of my computer has not been done by the Department of Homeland Security, the FBI or any other governmental agency.  It was done by a scammer who installed malware on my computer either through a tainted website, download or link that I had gone to  It is for this reason, that I am always reminding you never to click on links and download attachments unless you are absolutely positive that they are legitimate.  And even though I follow my own advice, somewhere I got caught.

TIPS

The best way to deal with ransomware is to avoid it in the first place.  Maintain a good firewall on your computer and install and maintain up-to-date security software.  Also, never click on links or download attachments unless you are absolutely sure that they are legitimate.  Even if the link or download is in an email or a Facebook posting that appears to come from a friend of yours, their account may have been hacked and the communication may be from a scammer.  Never pay a ransom to regain control of your computer.  There is no guarantee that the criminal who froze your computer will let you off the hook.  Rather, have a computer professional go through your computer to find the source of the problem and resolve it.  It is also important to remember that no legitimate agency will freeze your computer and make you pay a fine to unfreeze it.  In my case, my security software was not able to stop the malware from initially freezing my computer, but when, through the use of free software from Malwarebytes, I was unable to unfreeze my computer, I was able to do a security scan and find that my security software had stopped the keystroke logging malware that the scammer had attempted to download to my computer.  Had I not had such software, my computer’s information would have been at the mercy of the scammer.

If you are a victim of ransomware, here are a couple of free links that can help you.   The first  is a link to Microsoft’s Malware Protection Center with links and instructions for removing ransomware infections from your computer: http://www.microsoft.com/security/portal/shared/ransomware.aspx#recover.  The second is to Malwarebytes Anti-Malware which will detect and remove malware such as trojans and spyware.  This was what I used to get rid of the malware freezing my computer.  The link is www.malwarebytes.org.  It is free although there is also an updated version, which I use.

Scam of the day – February 26, 2013 – Microsoft hacked – what it means to you

February 25, 2013 Posted by Steven Weisman, Esq.

A few days ago, Microsoft announced that it, like Apple, Facebook, Twitter and hundreds of other prominent companies had been hacked.  The Microsoft hacking is still being investigated and it has not yet been determined if sensitive information was compromised or taken by the hackers, but the lesson is clear for us all.  You are only as secure from identity theft as the security of the weakest place that holds personal information about you.  In the Microsoft and other company hackings in recent days, it appears that, once again, it was a vulnerability in Java that was exploited by the hackers and since anti-virus security software is always playing catch-up when responding to the latest viruses created by the hackers and identity thieves, people should ask themselves whether or not they need to use Java software on their computer.  It has been estimated that half of the major computer hacking last year was done by exploiting vulnerabilities in Java.  It would appear that as soon as Java plugs a hole in their software, the hackers find another to exploit.

TIPS

You should consider whether or not you need Java software since it is such a target for hackers who may hack into your computer just as they have done with hundreds of businesses that use Java.  If you need Java, you should install the latest security patch.  Here is the link to information about both installing the latest Java security patch as well as information about deactivating Java from your computer.  http://www.us-cert.gov/cas/techalerts/TA13-051A.html

Here at scamicide, I will continue to promptly update you with the latest information about security patches you should use to make sure your computer is protected as well as possible.

You should also make sure that your Firewall is operating, use a complex password, maintain constantly updated security software and be prudent when downloading anything or clicking on a link as I have described in my book “50 Ways to Protect Your Identity in a Digital Age” because, as I have told you before, security software is only about 5% effective against the latest viruses.  It takes generally about a month before the software is updated.  Also, in order to limit your exposure to identity theft, limit the amount of information that you provide to companies and websites that store that information because if they are hacked, your security is compromised.

Scam of the day – March 25, 2012 – Botnets

March 25, 2012 Posted by Steven Weisman, Esq.

Recently the Federal Trade Commission announced a new effort to combat botnets.  Botnets occur when a scammer is able to install malware on your computer turning it into a robot that can steal your information or use your computer to send out spam emails or spread viruses and other malware.  The malware that turns your computer into a botnet is installed on your computer when you unwittingly download the malware.

TIP

Never click on links for “free” music or games from a source that you are not absolutely sure is secure.  This is a common source of the malware that turns your computer into a botnet.  Keep your security software up to date, use strong passwords, never turn off your firewall and be very cautious when using thumbdrives.  This is another area where infections occur.