Posts Tagged: ‘hackers’

Scam of the day – March 29, 2014 – Microsoft warns of danger in .rtf files

March 29, 2014 Posted by Steven Weisman, Esq.

Microsoft has issued a warning to people not to open files with the rtf extension due to a vulnerability that Microsoft has just discovered that could enable a hacker to send you an email with an .rtf file attached that if you download will enable the hacker to take control of your computer.  At the moment, although Microsoft has discovered the problem, they do not have a solution so they are advising people not to open such files and to consider disabling the opening of .rtf files.  RTF is an acronym for rich text format files which is a file format Microsoft developed for use with Word software.

TIPS

Microsoft has released a security advisory with more details about this threat and what you can do to reduce the danger. Here is a link to Microsoft’s security advisory about this problem: http://technet.microsoft.com/en-us/security/advisory/2953095.  For now, the best course of action is to totally avoid rtf files.

Scam of the day – March 10, 2014 – Netflix phishing scam

March 9, 2014 Posted by Steven Weisman, Esq.

Phishing is the term for a scam where you are lured to a phony website and either induced into providing personal information to what you think is a legitimate company or even a government agency or persuaded to click on what appears to be a legitimate link only to learn that by clicking on the link, you unwittingly download keystroke logging malware that will steal all of the information from your computer, smartphone, tablet or other device.  In either situation, the end result is the same.  You end up a victim of identity theft.  Recently a phony, but very good looking copy of a Netflix website was found on the Internet.  The URL for the website did have the word “Netflix” in it, but it also had a number of apparently random characters also in the URL which to a careful viewer would have been a sufficient tip off that this is a scam.  On the website was a message to call an 800 support telephone number.  If you call the number, you are told that your Netflix account has been shut down because it had been illegally accessed by hackers.  You are then told to enable the “support” team to have access to your computer or other device in in order to remotely download necessary security software to protect your account in the future.  Instead of security software, what is installed remotely is a keystroke logging malware program that enables the scammers to steal all of the information from your device and use it to make you a victim of identity theft.  In addition, the support team also asks for a photo of the customer’s identification and a credit card, which is readily able to be done using the victim’s computer or phone camera, which was actually able to be enabled through software already downloaded unwittingly by the customer.  In closing, the phony support team tells the customer that the customer will be charged as much as $400 for the security update, however, in his or her case, they will offer a discounted rate.

TIPS

This particular scam is no longer being done.  The phony website has been taken down.  However, it is a typical type of phishing scam that you must take great care to avoid.  Identity thieves are quite adept at creating legitimate looking websites that appear to be those of legitimate companies or even governmental agencies.  Whenever you go to a website for a company or agency with which you do business, make sure that you have the correct URL.  Double check it.  In this case, a savvy consumer would also know that Netflix does not supply security software.  In any event, never provide personal information, click on links or download attachments unless you are absolutely sure that you are dealing with a legitimate company that has a real reason for your information.  Although this particular scam is now down, you can expect the same pattern to repeat itself time and time again.

Scam of the day – February 24, 2014 – University of Maryland data breach

February 24, 2014 Posted by Steven Weisman, Esq.

A few days ago the University of Maryland disclosed that personal information of more than 300,000 students, faculty and other university employees connected with the university since 1998 was stolen by computer hackers.  In a statement disclosing the data theft, the university said that computer and data security was “a very high priority” the university which is hard to understand because of the lax security that led to the data theft.  Included in the compromised data were names, Social Security numbers, birth dates and other information for all faculty, staff, students and university personnel issued a university identification since 1998.  This information is a veritable treasure trove for hackers who, armed with this information, use it to for purposes of identity theft.  The University of Maryland is by no means alone when it comes to being hacked.  Harvard, Stanford, Cornell, Princeton, Johns Hopkins, the University of Rhode Island,  the University of Arizona, Marquette and more than 50 other colleges and universities have been the victims of data breaches in the last couple of years.  The reason for targeting universities and colleges is simple.  Generally they maintain tremendous amounts of personal information and their record for data security is not good.  Colleges and universities have much personal information that is often easily accessible within the school’s computer systems.  Too often schools have permitted the information to be on unencrypted laptops and flash drives.   In addition many schools do not have sufficient security programs in place to limit access to personal information, which the universities keep in their computers long after it is necessary to be kept, such as Social Security numbers for students who have long since graduated.

TIPS

The schools have got to start giving more than lip service to their commitment to data security. Data breach prevention systems should be implemented that include, but not be limited to updated firewalls, limited access to personal information, purging of unnecessary information  and encryption.  Personal information should not be as open and available as they presently are at this time at many universities.  if you are someone who is a victim of the University of Maryland’s data breach, you should contact the University and accept its offer of a year’s free credit monitoring.  You also should consider putting a credit freeze on your credit report because monitoring only tells you that you have become a victim of identity theft after the fact, a credit freeze can protect you from becoming a victim in many instances.  For information about credit freezes, click on the link on the right hand side of the page where it indicates, “credit freezes.”

Scam of the day – December 26, 2013 – Debit card PINs may have been compromised in Target hacking

December 26, 2013 Posted by Steven Weisman, Esq.

Although at the present time, Target continues to maintain that although 40 million debit and credit card numbers were stolen in the recent second largest retail hacking in American history, the all important PINs for the debit cards that were part of the hacking were not stolen, reports continue to indicate that PINs were indeed among the information taken by the hackers, but that the PINs were encrypted.  Target may be playing semantics with the public by saying that “no unencrypted PIN data was accessed” and that there presently there is no evidence that PINs have been compromised for the hacked debit cards.  It may well be that encrypted PINs among the data stolen.  If so, there should be real concern on the part of debit card holders whose information was compromised because sophisticated hackers have shown the ability to crack encryption of PINs in the past.

TIPS

As I have often advised in the past, retail purchases are much safer when done with a credit card than with a debit card.  If fraudulent charges are made to a person’s credit card, federal law limits the amount of liability to the card holder to no more than $50 and most banks don’t even hold the card holder responsible for any fraudulent charges, however with debit cards, the amount of liability that attaches to the debit card user if he or she does not notice the fraud within two days rises to $500 and if the fraud goes undiscovered for 60 days, there is absolutely no limit on the amount of liability of the debit card holder.  A hacked debit card holder risks losing his or her entire bank account.  And even if he or she does notice the fraudulent activity immediately, the bank account to which the debit card is tied is frozen while the bank investigates the fraud.  Don’t use a debit card for any other use other than as an ATM card.  If you have used your debit card at Target during the affected period of November 27th and December 15th, you should check the activity on your bank account to which the card is tied daily online to look for unauthorized activity and if you find any, report it immediately to your bank.

Scam of the day – November 14, 2013 – Latest software security updates

November 14, 2013 Posted by Steven Weisman, Esq.

As a regular part of Scamicide, I make sure that you are informed as to the latest security updates and patches issued by the manufacturers of the software that we all use.  The Department of Homeland Security ranks the threats posed by the various vulnerabilities discovered in the software that we all use.  Obviously those vulnerabilities ranked high merit our immediate attention because scammers, hackers and identity thieves exploit these vulnerabilities to make us victims of their schemes.  However, even the threats ranked at lower levels still warrant our attention because these vulnerabilities also can be exploited by criminals to our detriment.  Time is of the essence because security patches and updates are always issued in response to vulnerabilities already discovered and taken advantage of by wrongdoers so it is important to download the necessary updates and patches as soon as possible.  Some people are rightly concerned when they learn about security patches and updates as to whether they are indeed legitimate, which is why I provide the links to security updates and patches upon which you can rely.

TIPS

Here is the link to the Department of Homeland Security’s latest list of important software security patches and updates.  Check it out and install those updates and patches that relate to the software that you use.  https://www.us-cert.gov/ncas/bulletins/SB13-315

Let your friends know about these important updates and urge them to read Scamicide on a regular basis in order to be kept up to date with all the latest developments regarding scams and identity theft.

Scam of the day – August 18, 2013 – Urgent Microsoft security updates – How to prevent identity theft

August 17, 2013 Posted by Steven Weisman, Esq.

Identity thieves and hackers are constantly working to discover and exploit vulnerabilities in the various computer software that we use in our computers, laptops, tablets, smartphones and other portable devices  to make you a victim of online identity theft therefore it is extremely important that as flaws are discovered and patches for these flaws issued that you download the necessary security patches as soon as possible.  Identity thieves and hackers rely on the fact that many people do not keep their security software up to date and exploit this fact.  Recently Microsoft has issued new security patches for discovered vulnerabilities in various Windows programs that millions of people use.  The United States Computer Emergency Readiness Team, which is a part of the Department of Homeland Security regularly issues alerts regarding software patches you need to install and recently they issued such an alert for Windows software.

TIPS

Here is a link to the Security Advisory issued by the United States Computer Emergency Readiness Team which, in turn, provides secure links that you can trust that will take you to the necessary Microsoft security downloads.  https://www.us-cert.gov/ncas/current-activity/2013/08/15/Microsoft-Releases-Security-Advisory

Scam of the day – July 30, 2013 – Microsoft tech support scam

July 30, 2013 Posted by Steven Weisman, Esq.

Recently there has been an upswing in a scam that has been with us for some time that involves a telephone call that you receive purportedly from technical support at Microsoft.  The caller informs you that Microsoft has diagnosed problems with your computer, such as viruses.  They then either ask for remote access so that they can fix the problem at no cost to you or they ask for personal information.   In both situations the caller is up to no good.  If you provide remote access to your computer you will have effectively turned over all of the information in your computer to the caller who can and will then use that information to make you a victim of identity theft.  If you provide personal information by phone, that information too will be used to make you a victim of identity theft.

TIPS

Microsoft will not and does not contact you by phone in regard to diagnosing or software problems.  If someone contacts you by phone unsolicited by you indicating that they are from Microsoft tech support and they are calling you to help you with a problem that you did not contact them about, you should immediately hang up.  You are talking to a scammer.  It should be noted, however, that Microsoft does regularly issue software security updates, but they do this in automated updates if you have provided for this service or on their website.  Installing the latest security software updates and patches is a critical part of fighting identity theft and scams because hackers exploit vulnerabilities that they discover in commonly used software to make you a victim of identity theft or scams.  Software companies are just as constantly coming up with software to correct these vulnerabilities so it is important to install the latest security patches as soon as possible.  It is for this reason that I regularly provide you with links to the latest security patches for the software that you use.  I assemble this information from the Department of Homeland Security.  It is therefore to check Scamicide each day to make sure that you do not miss important information.

Scam of the day – June 21, 2013 – Critical Java Updates

June 21, 2013 Posted by Steven Weisman, Esq.

Regular readers of Scamicide (which I hope you all will be) are familiar with the many problems that have come with the use of Java software.  Java is a very popular software made by Oracle.  Unfortunately, it is also a software that has proven to be very vulnerable to being hacked and exploited for purposes of identity theft and stealing information by knowledgeable hackers and identity thieves.  In one of  the more interesting facts about identity theft, Kaspersky Lab, a security firm has stated that flaws in Java software were responsible for almost half of all cyber attacks by identity thieves and hackers last year.  The Department of Homeland Security has even gone so far as to advise people to disable Java or prevent Java apps from running on their computers.  However, many people still use Java for their work and personal computer use.  If you are one of these people it is imperative that you update your Java software with the latest security patches as soon as their are released.  Recently Java announced a new security patch, which you should install on your computer as soon as possible if you use Java software to help protect you from hacking and identity thieves.  Identity theft statistics show that if you install the security patch, you will lower, although not eliminate, your chances of becoming a victim of identity theft.

TIPS

Here is a link to the latest Java security patch information: http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html

Unless you absolutely must use Java, my advice is to disable it.  You can find a link with instructions as to how to disable Java in my Scam of the Day for April 22, 2013 which can be found in the archives of Scamicide which you can access at the top right hand corner of this blog.

If you still wish to use Java software, make sure that you download the latest Java security patch at the link indicated above.  It will help provide identity theft protection.

Scam of the day – June 17, 2013 – Critical Adobe Flash security updates

June 17, 2013 Posted by Steven Weisman, Esq.

As I have warned you many times, hackers and identity thieves exploit vulnerabilities in the many software programs that we all use so it is very important when security patches for those vulnerabilities are released to install those patches as soon as possible.  Hackers and identity thieves take advantage of the fact that many people delay or don’t ever update the programs they use.  Delaying or failing to update your software with new security patches is a big mistake.  Here at Scamicide we make it our business to let you know about the latest software security patches as they become available.  Here is the most recent notice from the United States Computer Emergency Readiness Team which is a part of the Department of Homesland Security regarding patches for the Adobe Flash Player.

“Security Updates Available for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Security updates are available for the following versions of Adobe Flash Player:

  • Adobe Flash Player 11.7.700.202 and earlier versions for Windows
  • Adobe Flash Player 11.7.700.203 and earlier versions for Macintosh
  • Adobe Flash Player 11.2.202.285 and earlier versions for Linux
  • Adobe Flash Player 11.1.115.58 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.54 and earlier versions for Android 3.x and 2.x
  • Adobe AIR 3.7.0.1860 and earlier versions for Windows and Macintosh
  • Adobe AIR 3.7.0.1860 and earlier versions for Android
  • Adobe AIR 3.7.0.1860 SDK & Compiler and earlier versions

US-CERT encourages users and administrators to review Adobe Security Bulletin 13-16 and follow best practice security policies to determine if their organization is affected and the appropriate response.”

Here is a link to the Adobe Security Bulletin 13-16  http://www.adobe.com/support/security/bulletins/apsb13-16.html

TIPS

Always keep your software updated with the latest security patches and check with Scamicide daily to learn about not just the latest scams and identity theft schemes to avoid, but to learn where to go to update your software with the latest security patches.

 

Scam of the day – June 1, 2013 – Apple Security updates

June 1, 2013 Posted by Steven Weisman, Esq.

In keeping with our policy at Scamicide to keep you informed of the latest security patches to help you protect the safety and security of your computers, laptops and smartphones, I am informing you of the latest security patch just announced by Apple relating to vulnerabilities discovered in Apple’s Quick Time 7.7.4 used in Windows 7, Vista, XPSP2 and later versions.  As always it is important to keep your software as updated as possible as soon as possible in order to avoid scammers, hackers and identity thieves from utilizing exposed flaws in software to make you a victim of identity theft, a victim of a scam or hack into your computer.

TIPS

Here is a link to not only the latest Apple security update for QuickTime 7.74, but to other Apple security updates for the last two years so that you can download those security patches you may need.

http://support.apple.com/kb/HT1222