Posts Tagged: ‘hacking’

Scam of the day – February 23, 2014 – Serious threat to Apple iPhones, iPads and iPods

February 23, 2014 Posted by Steven Weisman, Esq.

A major security defect has been discovered by Apple that if exploited would permit an identity thief to hack into the emails and other communications sent from iPhones, iPads and iPods even if they were encrypted.  This is a potentially devastating flaw as users would believe that their communications were safe because they were using Secure Sockets Layer encryption security to protect their communications.  However, hackers who might gain access through sharing the same wireless network in a public place, such as a coffee shop could exploit this flaw to the extreme detriment of iPhone, iPad, or iPod users who falsely believed that they had taken proper precautions to protect the privacy of their communications and data.  The good news, however is that Apple has come up with a security patch which I provide you with below.  The bad news is that some security experts are now saying that the flaw is also present in Mac OSX, running Apple laptop and desktop computers and as I write this Scam of the day, Apple has not yet come up with a patch for the Mac OSX operating system.


If you are an iPhone, iPad or iPod user you should immediately install the critical patch just released to remedy the situation.  Here is the link:

Identity thieves and hackers count on people not promptly taking identity theft protection steps necessary to keep themselves safe.   Don’t be a victim.  If you use any of these devices, install the patches as soon as possible.  It is also important to remember that the battle with hackers and identity thieves is ongoing.  At the same time that you are installing a security patch, hackers and identity thieves are busy studying the new patches trying to find flaws.  I will always report to you as soon as new developments occur, so make it a point to check out each day.

Scam of the day – May 10, 2013 – Hackers attack on banks and credit unions fails – this time

May 10, 2013 Posted by Steven Weisman, Esq.

The hacking group Anonymous had reportedly targeted 130 banks and credit unions for a disruptive Distributed Denial of Service  (DDoS) attack on Tuesday, May 7th, but the attack failed to substantially materialize.  In a DDoS attack, large numbers of computers, remotely controlled by hackers as a BotNet, flood the websites of particular businesses or governmental agencies and shut them down because the websites are unable to handle the huge number of hits on the website.  Tuesday’s attack pretty much failed to materialize.  Although approximately 600 sites were shut down, few of these were inside the United States and if such an attack was indeed made against American governmental agencies, banks and credit unions, the attack was successfully defended.  But this is not to say that business and government have found a way to stop hacking into their computers.  In fact, the attack may not have occurred at all.  It may have merely been a subterfuge to see what the response would be by governmental agencies and businesses.  Additionally, although DDoS attacks are a nuisance, they are rarely more than that, however, larger more insidious attacks may occur while efforts are being focused against repelling the DDoS attack.


Large and small businesses are and will continue to be targets for hackers.  If you operate such a business you must take necessary security steps to protect your business from hackers.  As for we, the public, we should do what we can to protect ourselves.  Limit the information available about you at companies with which you do business so if they are hacked, you are not in danger of having your personal information used to make you a victim of identity theft.  Also make sure that you have backup records for all financial dealings and accounts that you have with companies with which you do business so that if an attack either accesses your account or deletes data, you have records that show what you have.  For more information about how to protect yourself, I urge you to consider purchasing my book “50 Ways to Protect Your Identity in a Digital Age” which you can get from Amazon at a reduced price merely by clicking on the link of the book on the right hand side of the front page of Scamicide.

Scam of the day – February 24, 2013 – More income tax identity theft scams

February 23, 2013 Posted by Steven Weisman, Esq.

Every season is scam season and income tax season is a huge time for income tax identity thefts by which identity thieves access your name and Social Security number and the file a phony income tax return in your name and claim a phony income tax refund based on false information they include in the return.  The Treasury Department Inspector General issued a report last summer that predicted the IRS will lose as much as 21 billion dollars to income tax identity theft over the next five years.  However, it is not just the IRS that loses, but it is also the person whose name and Social Security number has been stolen who is harmed.  If you file your legitimate return after the identity thief has filed a return using your name and Social Security number, it can take up to a year for you to get your legitimately owed refund from the IRS.


The key to protecting yourself from this kind of identity theft is to protect your Social Security number as much as possible.  Don’t carry your Social Security card with you.  Shred any documents that may contain personal information, such as your Social Security number so dumpster diving identity thieves cannot go through your trash and turn it into their gold.  Limit the places that have your Social Security number.  Don’t give it to companies that ask for it to use it as an identifier of you unless they legally need it, such as when you apply for a loan from a bank.  My eye doctor wanted my Social Security number and I refused to give it.  Remember, the security of your personal information is only as secure as the security of the weakest place that holds your information.  Keep your computer and other electronic devices protected with the latest security software to prevent hacking into your devices and stealing your information.  Finally, file your income tax return as early as possible to prevent an identity thief from filing before you do.

Scam of the day – February 21, 2013 – The threat to you of the recent hacking of hundreds of companies

February 21, 2013 Posted by Steven Weisman, Esq.

As I have been reporting to you, there have been a recent wave of serious hacking into companies such as Facebook and now Apple, that were long thought to be secure and safe from cyberattacks and these two companies are only two of the hundreds  that have been hacked.  Often companies do not publicize it when a hacking occurs. There is initial evidence that suggests that in the recent Facebook and Apple attacks, it may be the same people and the same vulnerability that is being exploited, namely a vunerability with Java software.  The Department of Homeland Security and many computer security experts are advising people to disable Java on their computers.  As I have told you previously, the computer security company Kaspersky Lab has indicated that Java software  security flaws were responsible for almost half of all cyber attacks in the world last year.  There are conflicting reports as to the source of these most recent hacking, some say Russia, some sayChina, but whoever it is,  the result is the same.  You and I are in danger.  There are plenty of criminals and foreign enemies who can get access to the technology necessary to hack into the computers of the companies and intrastructure of our country.  We are in grave danger.


So what can you do?  President Obama spoke of the dangers of cyberwarfare in his State of the Union Address.  The President and Congress need to act now!  Email your Congressman and Senator and demand that they take action.  Their lack of action in the face of a problem of which they have been aware for a long time has made this problem worse.

As for you and I, as I have said before, our information is only as safe as the security of the weakest institution that holds it and we have seen that banks and other institutions are not secure.  Security begins at home so the first thing that you should do is to follow the security practices I describe in and in my book “50 Ways to Protect Your Identity in a Digital Age.”   Security software is important, but studies have shown it to be no more than 5% effective in protecting you from the latest viruses.  It generally takes about a month for the software security companies to catch up.  However, it is still important to have security software and make sure that it is current.   In addition, you need backup documentation in case records at your bank, brokerage house or any other place that holds your assets are hacked into and lost.  Copy them regularly to a thumb drive and keep the thumb drive in a secure place in your home.  You should also make paper copies on a regular basis of your bank accounts, brokerage accounts and all other financial accounts and keep them in a locked safe in your home.  Other personal documentation that you should copy and keep locked in a safe include birth certificates, Social Security cards, Deeds, Mortgages, credit card statements,insurance documents and evidence of all accounts that you may have.  This may seem a little over the top, but it really is necessary in case of a major cyberattack on this country.

Scam of the day – September 11, 2012 – Spearphishing

September 11, 2012 Posted by Steven Weisman, Esq.

By now, most people are aware of the scam tactic referred to as “phishing,” by which you receive an email purportedly from a legitimate company or government agency that has all of the appearances of being a true and legitimate communication from the company or agency, but in fact is from an identity thief who under the pretext of a problem with your account or some other such emergency lures you into clicking on a link contained in the email, which unbeknownst to you downloads harmful malware on to your computer, such as keystroke logging programs, sometimes called Trojan Horses that will steal all of the information from your computer and lead to your becoming a victim of identity theft.  Most often these phishing emails are not directed at you by name, but rather to you as “customer” or “consumer.”  They also may appear to come from companies with which you do not do business as from a bank where you have no accounts.  However, with the epidemic of hacking of large companies and governmental agencies, many identity thieves are able to use the hacked information to send you a personal phony email that contains your name and is definitely from a company or agency with which you do business making you more likely to respond to the urging to click on the dangerous link contained in the email.  This type of targeted phishing is called “spearphishing” and it is extremely dangerous.


Never click on links in emails unless you are absolutely sure they are legitimate.  If you get such an email from a company, you should always be skeptical and make sure that you call the company or federal agency before considering clicking on the link to confirm whether or not the email is legitimate.  Merely because the email uses your name and even your account number does not mean that the email is legitimate.

Scam of the day – September 10, 2012 – Smart Phone Scams

September 10, 2012 Posted by Steven Weisman, Esq.

Although many of us are very cognizant of protecting our computers from the slings and arrows of outrageous hackers and identity thieves many people do not take the same security precautions with our smart phone, tablets and other portable devices.  Many people use these devices for making purchases online, doing online banking and other financial transactions as well as storing sensitive personal information.  If your portable device is hacked, it can lead to a devastating identity theft.


Protect your portable device with a complex and unique password so that if your device is physically lost or stolen, the information contained in it will be secure.  Also get a good encryption app.  Google Play has many good encryption apps for androids.  The premium form of the app Lookout, which for only $29.99 a year, has a feature that continually scans your other apps for viruses or malware and can also lock your phone remotely or eliminate all of your stored data if your device is lost or stolen.

Scam of the day – September 6, 2012 – The truth about the hacking of 12 million Apple device records

September 6, 2012 Posted by Steven Weisman, Esq.

Earlier this week, AntiSec, a hacking group often associated with the larger, more familiar international hacking group Anonymous, posted on line a file that contained a million of what they said was twelve million U.D.I.D. numbers they said they had for various people’s Apple mobile devices such as iPads and iPhones.  They alleged they had obtained these by hacking into the laptop of FBI agent Christopher K. Stangl who is the supervisory agent of the F.B.I.’s Cyber Action Team.  As a part of his job, Agent Stangl has tried to recruit hackers to come and work with the F.B.I.  Apple’s U.D.I.D.s are forty character strings of letters and numbers that are uniquely assigned to each Apple mobile device.  AntiSec said that it was releasing this information to show the world that the F.B.I was using this information to track people.  Armed with a person’s U.D.I.D., someone could track the location of the device.  In the past app developers also used U.D.I.D.s to track customers as they went from one app to another.  However, Apple banned developers from doing this a year ago.  The truth is that the information being posted by AntiSec is accurate, however, Apple says that it did not provide this information to the F.B.I. and the F.B.I said that it had not collected the data.


Although this was a very real breach of security, AntiSec could have gotten this information from any number of sources by hacking into Apple itself, video game makers who had the information,  app developers, AT &T or even a file from the F.B.I who may have obtained such information in a legitimate investigation into data breaches.  The truth also is that if your U.D.I.D. was compromised, you are at very little risk of harm.  In order to use this information to make you a victim of identity theft would take additional information such as your email address and your date of birth.  Perhaps the primary lesson for us all to take from this incident is to guard our personal information as much as possible.  For instance, don’t include your birth date on your Facebook page.  Keep your personal information that is public as limited as possible so that identity thieves don’t have an easy time assembling the seemingly innocuous information about you and using it to turn you into a victim of identity theft.

Scam of the day – August 24, 2012 – Naked Prince Harry pictures scams

August 24, 2012 Posted by Steven Weisman, Esq.

Today’s “scam of the day” is similar to warnings I have provided numerous times in the past.  Whenever there is a real or imagined intriguing newsworthy story, particularly about celebrities or natural disasters, people are drawn to the latest videos or photographs.  Natural disasters, such as the Tsunami in Japan or celebrity curiosity, such as purported photographs of the late Whitney Houston from the hotel room where her body  was found are great fodder for scammers and identity thieves who prey on the curiosity of people.  The latest example of this involves photographs of a naked British Prince Harry cavorting in a Las Vegas hotel suite playing “strip billiards” with a number of women.  In fact, the incident has been confirmed to be true.  Unfortunately, links to these photos that you may receive from “friends”on your Facebook account or through your Twitter account or an email from a “friend” quite often will not take you to these photographs, but instead will, unbeknownst to you, download keystroke logging malware on to your computer or smart phone that can steal all of the information from your computer or smart phone including personal information that can lead to identity theft.


Even if the link appears to be from a “friend,” you should always be skeptical because, as I have indicated elsewhere in this website/blog, it is a relatively easy thing to hack into someone’s Facebook account, Twitter account or email account and send out messages that appear to come from a trusted friend, but instead come from an identity thief.  And even if the link that is sent to you really is from one of your real friends, you still may be in jeopardy because he or she may not be aware that he or she may have been hacked into and is passing on to you, without knowing, dangerous keystroke logging malware.  If your curiosity demands that you seek out this information, video or photograph, limit your searches to websites that you are absolutely sure are legitimate, such as, in the instance of the pictures of Prince Harry, the website TMZ.

Scam of the day – April 29, 2012 – Mobile device hacking

April 29, 2012 Posted by Steven Weisman, Esq.

Mobile device hacking whether it be your smart phone or iPad or other mobile device is turning into the new target of scammers and identity thieves and with good reason.  More and more people are using their mobile devices not just to store important personal information, but also to do financial transactions such as shopping and banking.  Unfortunately we have a perfect storm when it comes to hacking into portable devices.  They contain much information of value to scammers and identity thieves, they are easty to hack into and the owners of portable devices are not taking the steps to secure these devices as much as they would their computers.  Thus more and more people are having their information stolen and becoming victims of identity theft.


Make the physical security of your mobile device a priority.  Theft of the devices is an easy way to fall victim to identity theft.  Also protect your portable device with hard to guess passwords.  Also use encryption software and make sure that your device is kept up to date with the latest security software patches.  Finally, one of the biggest threats to your security on your portable device comes from downloading malware through corrupted apps.  Only download apps from legitimate sources and only download apps you are sure are safe.  Finally, whenever you download an app, pay attention to the permissions and services that are part of the app agreement and do not give access to transmit data that is not necessary for the operation of the app.

Scam of the day – April 12, 2012 – Utah Department of Health hacked

April 12, 2012 Posted by Steven Weisman, Esq.

The recent hacking into the personal records of up to 780,000 people from the computer records of the Utah Department of Health which has recently been disclosed highlights a number of important concerns regarding identity theft.  As banks have tightened their security, experienced hackers and identity thieves sucha s the Eastern European hackers that perpetrated the Utah information theft are turning to the weakest links with the most information to gather.  Two of the prime targets which have not been maintaining high security standards are health care providers and credit card processors, such as Global Payments, which was recently hacked.  Remember, you are only as secure as the places that have your information regardless of how much you protect yourself.


Regularly monitor your credit card and bank account activity to identify any breaches.  Get your free annual credit report from the three major credit reporting agencies, as is your right under federal law and make sure that you check on the credit reports of your children.  Many of the victims of the Utah hacking were children.  Children are particularly vulnerable to identity theft because often the theft does not get recognized until many years have passed, such as when a child applies for financial aid for college.