Scam of the day – June 13, 2017 – Russian gang accused of hacking slot machines

Last week federal indictments against members of a Russian gang  alleged to be led by Razhden Shulaya were unsealed in New York.  While many of the indictments were for common racketeering crimes you would expect, the defendants were also accused of developing devices to hack into particular models of slot machines to predict the machine’s behavior thereby enabling the criminal to steal money from particular slot machines.

Long gone are the days of the old-styled one arm bandit slot machines. Today’s slot machines are operated by sophisticated computers and programmed to make pay offs of specific amounts.  This is actually a good thing as all states regulate slot machines  and require that casinos that have slot machines pay a statutorily set minimum pay off for the entire casino.

TIPS

Just about everything we do is computerized and often connected to the Internet in some fashion.  This is what we refer to as the Internet of Things and whether it is a talking doll, a car, a medical device or a smart television, anything that is computerized and connected to the Internet is a potential target for hackers.  This is important for all of us to remember when we use items that are a part of the Internet of Things.  We should make sure that passwords and security settings for these devices are not left on default and are as secure as we can make them.  It only takes a little time to do so and it is well worth it.

Scam of the day – June 5, 2017 – Hackers extort cosmetic surgery clinic

As I have warned people for years, your data is only as safe as the security at the places  with the weakest security holding your data.  Many times we have seen private information stolen and publicly released, as in the case of stolen nude photos, used for extortion purposes or sold to others on the Dark Web.

Cybercriminals recently hacked into the Grozio Chirurgija cosmetic surgery clinic in Lithuania and release 25,000 private photographs including nude photographs along with other personal information of patients of the clinic from more than sixty countries around the world. The hackers, who call themselves the “Tsar Team” contacted the clinic itself and individuals whose data had been stolen demanding bitcoin ransoms.  The clinic has refused to pay a ransom.

TIPS

In addition to doing the things we are constantly reminding people to do to protect themselves from data breaches, including, but not limited to the use of dual factor authentication, encryption and constantly updating security software, we should all be asking any company or entity that holds our personal information about what steps they are taking to protect that data and if their answers are not satisfactory, you should refrain from dealing with them.

Scam of the day – August 12, 2016 – Important Microsoft security patches and updates

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.    Microsoft recently issued a large number of security patches necessary to fix critical vulnerabilities in software such as Internet Explorer, Edge and Office. The particular vulnerabilities being patched with these updates will protect users from being hacked when they merely visit a tainted website.  Other of the patches will fix  problems with how Windows, Office and Skype handle specific types of fonts such that hackers could exploit this vulnerability to take control of the victim’s computer if the victim views files with certain fonts or by visiting a malicious website.

TIPS

Here is the link to the recent Microsoft security updates: https://www.us-cert.gov/ncas/current-activity/2016/08/09/Microsoft-Releases-August-2016-Security-Bulletin

Scam of the day – February 26, 2015 – Lenovo issues automatic fix for Superfish adware

Computer company Lenovo recently disclosed that computers that it was selling came with a software called Superfish that posed huge potential problems for the users of those computers.  Superfish is the name of a type of adware that was bundled on to their computers when sold.  This software did not provide any benefit to the computer user, but rather was a source of revenue for the Lenovo because the makers of Superfish pay Lenovo to have the software installed.   Superfish would inject ads on to websites visited by the computer user as well as track the websites searched by the computer user unbeknownst by the computer user.  This type of software installed on computers before sale is known by such colorful and pejorative terms such as “crapware,” “bloatware,” or “junkware.”  Unfortunately, it was discovered that Superfish was easily exploited by hackers to steal user information of the computer user thereby endangering the user’s security.  Fortunately, Lenovo has come up with an automatic fix that will remove Superfish from your computer.

TIPS

The affected computers include Lenovo’s G Series, U Series, YSeries, Z Series, S Series, Flex, Miix, Yoga and E Series computers.  Here is the link to remove Superfish from your computer if you have one of the affected computers:  http://support.lenovo.com/us/en/product_security/superfish_uninstall

Lenovo is not alone in installing such programs without informing its customers.  It is incumbent upon all computer purchases to inquire as to specifically what programs are installed on our computers when we purchase them and what the software does.

Jessica Bennett, a Lenovo user has just filed a proposed class action lawsuit against Lenovo on behalf of herself and other affected customers.  I will keep you informed as to the progress of this lawsuit.

Scam of the day – February 15, 2015 – President Obama’s Executive Order on cybersecurity

In an effort to help combat cybercrime, President Barack Obama has issued an Executive Order encouraging and promoting information sharing both within the private sector as well as between the private sector and the government.  It has long been known that such information sharing about cyberthreats is an important step in the battle against cybercrime, data breaches and hackers.  The Department of Homeland Security will take the lead in establishing Information Sharing and Analysis Organizations (ISAOs) including setting up voluntary standards for these organizations.

TIPS

Although this is a very promising first step that will undoubtedly aid in the battle against cybercrime, data breaches and hackers, it is only a first step.  When looking for a helping hand to protect yourself from cybercrime and hackings, the best place to look is still at the end of your own arm.  We all must recognize that each of us is responsible for following best practices to protect ourselves as best we can from cybercrime and hackings.  We cannot rely on either government or private industry to do the job for us.  One of the reasons I write Scamicide each day is to arm you with the knowledge you need to protect yourself as best you can from threat of cybercrime and hackings.

Scam of the day – February 1, 2015 – Important security patches for Apple OS X, Safari, iOS, Apple TV and Adobe Flash Player

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  Today’s updates are critical updates from Apple for OS X, Safari, iOS and Apple TV users.  In particular, one of vulnerabilities if left unpatched could enable a remote attacker to take complete control of the victim’s system. Users of the affected programs should make sure that they update their software with these latest security patches as soon as possible.  In addition, today’s security updates provides new security patches for the popular Adobe Flash Player which is a constant target of hackers.  Although it has just been a couple of weeks since I last provided you with Adobe Flash Player security updates, there are new security patches you should install now.

TIPS

Here is a  link to the necessary  Apple updates as provided by the Department of Homeland Security:  https://www.us-cert.gov/ncas/current-activity/2015/01/27/Apple-Releases-Security-Updates-OS-X-Safari-iOS-and-Apple-TV

Here is a link to the security updates for the Adobe Flash Player: http://helpx.adobe.com/security.html

Scam of the day – January 29, 2015 – Major security flaw discovered in Linux operating system

Linux is a popular and free computer operating system.  Recently researchers at the cloud security company Qualys discovered a major security flaw in the Linux operating system which they have named GHOST that would enable hackers to remotely take total control of a Linux user’s computer or other device without having to even know a password.  The GHOST security flaw could be exploited merely though an email from a Linux-based system to the victim’s computer or other device.  Fortunately, there is a patch for this security problem.  A link to the patch can be found below.

TIPS

If you are a Linux user it is imperative that you download the security patch immediately.  Here is a link that will take you to the necessary patches.  https://www.us-cert.gov/ncas/current-activity/2015/01/27/Linux-Ghost-Remote-Code-Execution-Vulnerability

This is just another example of how important it is to keep up to date with the latest security patches and updates and install them as soon as possible.  Hackers and identity thieves constantly are taking advantage of people who do not update the software they use on their computers and other devices with the latest security patches.  Here at Scamicide we inform you whenever there are important security patches and updates about which you should be aware.  Make sure that you check out Scamicide every day and let your friends know to do the same.

Scam of the day December 24, 2014 – Beware of the Iggy Azalea sex tape

I have been reporting to you about a purported Iggy Azalea sex tape that may or may not exist for a few months now.  Discussion about the purported sex tape featuring Australian rapper Iggy Azalea has resurfaced due to a feud between Azalea and rapper Azealia Banks, which has, in turn, prompted a group of hackers to surface threatening to release photos taken from the purported video unless Azalea apologize to Banks.   Meanwhile, to no one’s surprise supposed leaks of the tape have purportedly turned up on the Internet where the curious can put themselves in serious risk of identity theft by clicking on links in emails, text messages or social media postings promising to take you to the purported tape.  Other times, you may find yourself being prompted online to update your video capabilities on your computer or other electronic devices in order to view the video.  Again, this is just a ruse to lure you into downloading dangerous keystroke logging malware that will steal information from your computer and use it to turn you into a victim of identity theft.

TIPS

Without even getting into the question of the morality and ethics of looking for material such as this or the stolen videos of Jennifer Lawrence, Kate Upton and other celebrities, the truth is that you cannot trust any text message, email, social media posting that promises you such tantalizing material.  The chances are just too great that by clicking on any of these links or downloading attachments you will be downloading malware that will be used to steal your identity.  As for websites that turn up on Google and other search engines promising to provide you with these videos, scammers are adept at manipulating the algorithms used by search engines to rank websites so that although you may think you are looking at a legitimate website, you are not.  It is also important to remember that even if you have kept your anti-malware and anti-virus software up to date, that is of little consolation since these security software programs are always at least a month behind the latest malware and viruses.  If you need to satisfy your curiosity for gossipy material, stick to legitimate websites such as www.tmz.com.

Scam of the day – November 8, 2014 – Latest Home Depot hacking developments

Home Depot has announced that in addition to the information on millions of debit cards and credit cards that were stolen by hackers in its recent data breach which had gone undetected for months before being discovered in early September, the hackers also stole the email addresses of 53 million of its customers.

So what does this mean to you and me?

It means that we can expect to receive phishing emails that appear to come from Home Depot, some of which may even be directed to us by name.  This type of precise phishing is called spear phishing and it is an effective tool of identity thieves in luring us to provide personal information or to click on links or download attachments in official looking emails.  Unfortunately, if you provide the personal information requested under some guise in the email, this information will be used to make you a victim of identity theft and if you click on the link or download attachments in the emails, you will download keystroke logging malware that will steal your personal information from your computer and use it to make you a victim of identity theft.

Home Depot also disclosed for the first time that the way their computers were hacked was by initially hacking into third party vendors with lax security and using their usernames and passwords to gain access to the computers and data of Home Depot.  This was the same tactic used in the Target hacking and many other data breaches.  In fact, in a column I wrote for USA Today in September http://www.usatoday.com/story/money/personalfinance/2014/09/27/hacking-target-home-depot-credit-card/16221427/ I described the techniques used by hackers to infiltrate the computers of targeted companies through such third party vendors or others using offsite access to the computers of the targeted companies.  I mention this not to toot my own horn, but to tell you that the problem has not been solved and we will be seeing this pattern followed in future major data breaches time and time again.

TIPS

The takeaway from Home Depot’s announcement that identity thieves may have your email address is to be even more vigilant in regard to not clicking on links or downloading attachments in emails regardless of how legitimate they may look.  The risk is too great.  You can well expect that you may receive an email that appears to come from Home Depot and it may have a link for you to click on for either more information about the risk to you of the data breach or even to gain you access to free credit monitoring.  Such a legitimate email was sent by Target to its affected customers after its major data breach.  However, you cannot be sure that the email is legitimate so don’t click on the link or download any attachments.  Rather, if the message appears to you to be legitimate, merely go directly to Home Depot’s real website where you will find the real information.  When Target sent an email with a link to free credit monitoring, I ignored the email, went to the Target website and enrolled there for the free credit monitoring.

Scam of the day – October 7, 2014 – Latest security updates from Department of Homeland Security

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates include a number of important security patches related to the Bash virus.

TIPS

Here are the links to the latest security updates as issued by the Department of Homeland Security: https://www.us-cert.gov/ncas/bulletins/SB14-279