Scam of the day – April 16, 2015 – Airline hacking danger

As more and more devices that we use, such as everything from refrigerators to cars become connected to the Internet for convenience, the threat of these devices being hacked has become a significant problem.  I wrote about this recently in my USA Today column dealing with the danger of what has come to be known as the Internet of Things.  Here is a link to that column.  In that column, I referred to a previous GAO study that indicated security threats involving the FAA’s air traffic control system and its vulnerability to hackers.

Earlier this week the General Accountability Office (GAO) issued a new report detailing the security threat posed to commercial airplanes due to the extensive connection of many of its systems to the Internet.  According to the GAO, “Modern aircraft are increasingly connected to the internet.  This interconnectedness can potentially provide unauthorized remote access to aircraft avionics systems.”  The WiFi used by passengers on an airplane is part of the same IP network used for the cockpit controls.    The GAO went on to note that “According to cybersecurity experts we interviewed, internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors.”  Even though firewalls separate these functions, as we have seen in numerous hacking of the computer systems of major companies, firewalls certainly do not guarantee security from sophisticated hackers.   As a part of its report, the GAO made three recommendations for the FAA to follow in order to increase the safety and security of air travel.


There is little that we as individuals can do to insure our safety while flying, however, as consumers we can demand of the companies with which we do business that they build safety and security into their products that are a part of the Internet of Things.  And while we have little control over our security while flying, we can protect our security elsewhere on the Internet of Things in regard to webcams, heating systems and elsewhere by taking some elementary steps, such as:

1. Don’t store personal identifying information on any device. Don’t even use your real name.
2. Use a unique and complex password for all of your devices so that if one is hacked, all of your devices are not jeopardized.
3. Read the fine print and find out what information is gathered and stored by your devices as well as how that information is used by the manufacturer.
4. Your smartphone is the entrance way to your car’s connectivity. Keep your smartphone protected with a strong and unique password as well as anti-virus and anti-malware security software.
5. Change the default usernames and passwords on all of your home network devices.
6. Use and update anti-virus and anti-malware software on your home computer network.

Scam of the day – January 26, 2015 – 7 Year old child hacks into public WiFi in under 11 minutes

The famous comic, Groucho Marx once remarked that a four year old child could understand a report he started to look at, but as he read further and found he couldn’t understand it, he said, “run out and find me  four year old child.”  Well, Betsy Davis isn’t four.  She is seven, but it is still pretty impressive that a computer savvy seven year old could find the instructional information she needed to hack into a Wi-Fi system and then hack into a public Wi-Fi system all in a mere ten minutes and fifty-four seconds.  Fortunately, Betsy is not a criminal hacker, but was enlisted as a part of a security experiment to see how easy it was to hack into a public Wi-Fi network and steal information from people using the network.  All of this begs the question as to how safe are you when you use public Wi-Fi?  The bad news is that most people are not pretty safe.  The good news is that by following a few precautions, you can enhance your safety significantly.


Whatever electronic device you are using connect to a Wi-Fi network, whether it is a computer, laptop, tablet or smartphone should be equipped with security software.  In addition, you should have encryption software so that your communications are encoded.  You also should go to your settings and turn off sharing.  In addition, you should make sure that your firewall is current and turned on.  Finally, you may wish to consider using a Virtual Private Network (VPN) which enables you to send your communications through a separate and secure private network while you are on a public network.  A good VPN that you can use for free is CyberGhost which you can go to by clicking on this link.

Scam of the day – May 28, 2013 – KFC phony coupon scam

Just as the band, Dire Straits sang about “money for nothing and chicks for free,” many scammers appeal to our desire of something for nothing by offering free phony on-line coupons for products or services in the hope that we will fall for their promises of something for nothing and click on a link that will not take us to a link for a free product or service, but rather will result in us downloading dangerous malware, such as keystroke logging malware programs that can steal all of the information in your computer and make you a victim of identity theft.  There are many indications of the illegitimacy of these coupons, but one common one is poor grammar.  Particularly, because many of these scams originate in foreign countries where English is not the primary language, it is quite common for these phony on-line coupon offers to have poor grammar.  However, recently I received a phony offer regarding a coupon for Kentucky Fried Chicken that was laughingly amateurish.  A copy of the email is reproduced below.  Note that instead of a reference to the “Colonel,” it refers to the “Kernel.”  I know it is corny (sorry about that), but I had to share it with you.  DO NOT CLICK ON THE LINK.

“Subject: Enjoy our new crispy chicken

It’s Finger Lickin’ Good

Celebrate with the Kernel this Spring

– your personal voucher enclosed –

Use For Lunch Or Dinner ANYTIME

EXPIRES: 5/31/2013
VOUCHER ID: 1714669500684339988″


Remember, anytime you receive an email with a link, you should be wary of clicking on the link unless you are absolutely positive that the email is legitimate and the link is safe to click on.  You can never be sure who or what company is sending you an email because it is easy to either pose as someone else or to hack their email.  Certainly, this particular email with its grammatical error and its lack of a corporate logo as well as an email address from which it was sent that does not appear to come from KFC are all good indicators that the email is not to be trusted.  If you ever receive an email containing a link and you are tempted to click on the link, first contact the real company or person directly to confirm whether or not the email is legitimate and remember, despite what Dire Straits say, you don’t get anything for nothing.

Also, make sure your Firewall, security software and anti-malware software are current at all times.


Scam of the day – May 19, 2013 – Fidelity phishing scam

Phishing, as I have described on Scamicide and in my book “50 Ways to Protect Your Identity in a Digital Age” is the name for the tactic used by identity thieves by which you are lured to a phony website to provide information used to make you a victim of identity theft.  Phishing often starts with an email from a company with you do business or a federal or state agency.  The email indicates that there is some problem or other matter to which you must give your immediate attention and a link is provided for you to purportedly go to the website of the company or agency, however, in fact, you are either sent to a phony website for the company or agency where information is solicited that will be used to make you a victim of identity theft or, even worse, by clicking on the link you download a keystroke logging malware program that steals all of the information from your computer including your Social Security number, credit card number, passwords and other information used to also make you a victim of identity theft.

Recently, I received an email purportedly from Fidelity Investments.  As phishing attempts go, this one was pretty flawed.  The email address from which it came was not an email address of Fidelity Investments.  In fact, it was that of a private person who most likely was a part of a botnet by which his computer was being manipulated by an identity thief.  If you want more information about botnets, you can check out the archives of Scamicide or read about them in my book “50 Ways to Protect Your Identity in a Digital Age.”  Other flaws in the phishing email were the lack of my name appearing anywhere which indicates that it is just a general phishing email sent out to many people by the identity thief, and the lack of a Fidelity logo.

Here is a copy of the email I received.  DO NOT CLICK ON THE LINK.

“Account Status NotificationWe have noticed unusual activity on your account. Due to this, we need you to verify your account information for more efficient use of our Banking system: Please confirm your account information today by clicking on the link below: Adviser
© Fidelity Brokerage Services LLC. All rights reserved”

Never click on links in emails unless you are sure they are legitimate.  Unfortunately, you can never be sure when you receive an email if the email is legitimate so you should always be skeptical and make it a habit not to click on links until you have verified that they are legitimate by contacting the company or agency that is indicated as having sent the email to confirm whether or not the email and link are legitimate.  Look for the telltale signs that it is a phony, such as an email address for the sender that is not that of the real company or agency and the failure to direct the email to you directly by name.  You can contact the company or agency by phone or email directly to confirm whether or not the email you receive was legitimate.  Finally keep your Firewall and security software up to date to help protect you from viruses and malware.  Security software is certainly not perfect, but it does help.

Scam of the day – May 7, 2013 – Ransomware update

I have previously warned you about this type of  scam on December 3, 2012, January 19, 2013 and as recently as March 26, 2013, but today’s update is because now it is personal.  When I went to turn on my computer today I was locked out and a Ransomware scam was facing me on my computer.  Ransomware scams occur when you find that you are unable to use your computer and you receive an email message or a notice on your screen, as I received, indicating that your use of your computer has been frozen due to illegal activity being detected on your computer.  A common variation of this scam being done now purports to be from the Department of Homeland Security and its National Cyber Security Division.  The version I got purported to be from the FBI.  Even scarier was the fact that it had control of my computer camera and a photograph of me appeared at the top of the phony notice.   In the notice I was told that I needed to pay a fine before my computer would be unfrozen and I would be able to have access to it again.  In fact, the freezing of my computer has not been done by the Department of Homeland Security, the FBI or any other governmental agency.  It was done by a scammer who installed malware on my computer either through a tainted website, download or link that I had gone to  It is for this reason, that I am always reminding you never to click on links and download attachments unless you are absolutely positive that they are legitimate.  And even though I follow my own advice, somewhere I got caught.


The best way to deal with ransomware is to avoid it in the first place.  Maintain a good firewall on your computer and install and maintain up-to-date security software.  Also, never click on links or download attachments unless you are absolutely sure that they are legitimate.  Even if the link or download is in an email or a Facebook posting that appears to come from a friend of yours, their account may have been hacked and the communication may be from a scammer.  Never pay a ransom to regain control of your computer.  There is no guarantee that the criminal who froze your computer will let you off the hook.  Rather, have a computer professional go through your computer to find the source of the problem and resolve it.  It is also important to remember that no legitimate agency will freeze your computer and make you pay a fine to unfreeze it.  In my case, my security software was not able to stop the malware from initially freezing my computer, but when, through the use of free software from Malwarebytes, I was unable to unfreeze my computer, I was able to do a security scan and find that my security software had stopped the keystroke logging malware that the scammer had attempted to download to my computer.  Had I not had such software, my computer’s information would have been at the mercy of the scammer.

If you are a victim of ransomware, here are a couple of free links that can help you.   The first  is a link to Microsoft’s Malware Protection Center with links and instructions for removing ransomware infections from your computer:  The second is to Malwarebytes Anti-Malware which will detect and remove malware such as trojans and spyware.  This was what I used to get rid of the malware freezing my computer.  The link is  It is free although there is also an updated version, which I use.

Scam of the day – February 26, 2013 – Microsoft hacked – what it means to you

A few days ago, Microsoft announced that it, like Apple, Facebook, Twitter and hundreds of other prominent companies had been hacked.  The Microsoft hacking is still being investigated and it has not yet been determined if sensitive information was compromised or taken by the hackers, but the lesson is clear for us all.  You are only as secure from identity theft as the security of the weakest place that holds personal information about you.  In the Microsoft and other company hackings in recent days, it appears that, once again, it was a vulnerability in Java that was exploited by the hackers and since anti-virus security software is always playing catch-up when responding to the latest viruses created by the hackers and identity thieves, people should ask themselves whether or not they need to use Java software on their computer.  It has been estimated that half of the major computer hacking last year was done by exploiting vulnerabilities in Java.  It would appear that as soon as Java plugs a hole in their software, the hackers find another to exploit.


You should consider whether or not you need Java software since it is such a target for hackers who may hack into your computer just as they have done with hundreds of businesses that use Java.  If you need Java, you should install the latest security patch.  Here is the link to information about both installing the latest Java security patch as well as information about deactivating Java from your computer.

Here at scamicide, I will continue to promptly update you with the latest information about security patches you should use to make sure your computer is protected as well as possible.

You should also make sure that your Firewall is operating, use a complex password, maintain constantly updated security software and be prudent when downloading anything or clicking on a link as I have described in my book “50 Ways to Protect Your Identity in a Digital Age” because, as I have told you before, security software is only about 5% effective against the latest viruses.  It takes generally about a month before the software is updated.  Also, in order to limit your exposure to identity theft, limit the amount of information that you provide to companies and websites that store that information because if they are hacked, your security is compromised.

Scam of the day – March 25, 2012 – Botnets

Recently the Federal Trade Commission announced a new effort to combat botnets.  Botnets occur when a scammer is able to install malware on your computer turning it into a robot that can steal your information or use your computer to send out spam emails or spread viruses and other malware.  The malware that turns your computer into a botnet is installed on your computer when you unwittingly download the malware.


Never click on links for “free” music or games from a source that you are not absolutely sure is secure.  This is a common source of the malware that turns your computer into a botnet.  Keep your security software up to date, use strong passwords, never turn off your firewall and be very cautious when using thumbdrives.  This is another area where infections occur.