Posts Tagged: ‘hacking’

Scam of the day – August 23, 2015 – Ashley Madison class actions

August 22, 2015 Posted by Steven Weisman, Esq.

A lawsuit has been filed in Canada against Ashley Madison seeking class action status on behalf of Canadian members of Ashley Madison whose personal information was divulged by hackers recently.  The action is being brought against Ashley Madison for failing to protect the privacy of the data that they compiled and retained regarding its members.  Meanwhile in the United States, the Oklahoma law firm of Abington, Cole & Ellery is also considering filing a class action against Ashley Madison on similar grounds on behalf of American victims of the data breach.


For more information about the Canadian class action, you can go to the website of Charney Lawyers, one of the law firms that filed the action by clicking on this link.

For more information about the possible American class action, you can go to the website of Abington, Cole & Ellery by clicking on this link.

As for the rest of us who never had any involvement with Ashley Madison, this data breach should serve as a cautionary lesson that every company or governmental agency is susceptible to data breaches and that we all should try to limit as much as possible the amounts of personal information provided to any entity with which we do business. In addition, because of the likelihood of a data breach, never provide information to a company that you would be embarrassed to be associated with.

Scam of the day – October 12, 2014 – Dairy Queen latest data breach victim

October 12, 2014 Posted by Steven Weisman, Esq.

Dairy Queen announced a few days ago that it had become the latest company to become a victim of a major data breach at 395 of its stores by way of the infamous “Backoff” malware downloaded on to the computer systems of the affected stores by first hacking into a third-party vendor of Dairy Queen that had access to the Dairy Queen computers.  Although the data breach was only recently discovered, the actual breach occurred in August and September.  The information stolen as a result of this data breach included the names of customers, their credit card and debit card numbers as well as the expiration dates of their cards.  This is the same malware and same method of implanting the malware that was first used on a large scale in the Target data breach and repeated in numerous other data breaches since then.  In fact, I wrote a column for USA Today on September 27th entitled “Coming soon:  Another major retailer hacked” in which I provided a fill-in-the-blank format for the stories of future data breaches in which I predicted exactly how they would occur in the future which is precisely what happened at Dairy Queen.  Here is a link to that column:


As I so often say, you are only as safe as the places you do business with who have the weakest security.  Despite government warnings last July to retailers about the dangers of the “Backoff” malware, thousands of retailers have still not taken the necessary steps to protect their computer systems.  All that we can do is to refrain from using debit cards for retail purchases and only use credit cards.  The laws protecting you from fraudulent use of debit cards are not as strong as those that pertain to fraudulent use of credit cards.  Also, since there is always a time lag from the time that the data breach actually occurs and when the company realizes that it has been hacked, it is important to regularly monitor your credit card statements for fraudulent purchases.

Scam of the day – August 11, 2014 – Identity thief sentenced – what it means to you

August 11, 2014 Posted by Steven Weisman, Esq.

Recently, Turkish citizen Alper Erdogan was sentenced to more than nine years in prison and ordered to pay more than a million dollars in restitution after being convicted of aggravated identity theft, conspiracy to commit computer hacking and conspiracy to commit credit card fraud.  Erdogan did not do the actual hacking, but did sell the credit card numbers to other identity thieves.  Often the people who do the hacking of major companies such as Target do not use the stolen credit card numbers themselves, but rather sell them through the Internet to other identity thieves on black market websites.  One such website is called McDumpals, which humorously has a McDonald’s restaurant theme and shows a caricature of Ronald McDonald pointing a gun at the viewer of the screen next to the words “I’m swipin it”   Often payment on these illegal websites is made by bitcoins so that the payments cannot be traced.


One good element of this case is the international cooperation involved in the investigation and prosecution of Erdogan who was extradited by the Republic of Georgia to stand trial in the United States, although it should be noted that it did take almost two years after Erdogan was indicted in Florida for the extradition to occur.  The bigger lesson is that once again, people became victims of identity theft because the United States still is lagging behind the rest of the world in issuing and using smart credit cards with computer chips that create a new number each time the card is used.  The United States largely continues to use outdated magnetic strip credit card technology that is extremely susceptible to identity theft.  It is not expected that retailers and others who process credit cards will switch over to the smart cards until October of 2015 when new regulations will prompt the switch.  In addition, it is important to remember that you are only as safe as the places with the weakest security that hold your personal information, such as a credit card so, don’t leave your credit card on record with an online retailer for convenience sake and monitor your credit card usage regularly so you can report any fraudulent charges as soon as possible in order to avoid problems.

Scam of the day – July 24, 2014 – StubHub hacking – what it means to you

July 24, 2014 Posted by Steven Weisman, Esq.

Six people including both Russian and American citizens were indicted yesterday in New York for hacking into 1,600 StubHub accounts and stealing more than 1.6 million dollars in tickets.  StubHub is a website where people can buy and sell sports and entertainment tickets.  Although the accounts hacked were StubHub accounts, it appears the fault was not that of StubHub, but rather of individual StubHub customers whose passwords and user names were obtained through hacking of other companies or through the use of keystroke logging malware programs unwittingly downloaded, most likely through phishing emails to the victimized consumers.


For those people who used the same user name and password for all of their accounts, this hacking is another example of why you should not do so.  Using the same user name and password puts you in danger in all of your online accounts if merely one of your online accounts is hacked.  The better course of action is to use a different user name and password for every account that you use.  Although this may seem like a complicated thing to do, it need not be so.  Just adding a couple of letters describing the account to your password can provide you with much added security.  So for example if you used the basic, safe password of “IHatePasswords123!” which is a strong password and then added a few letters to describe the particular account such as a StubHub password of “IHatePasswords123!StubHb” you would have a difficult to break, but easy to remember password. As for protecting yourself from downloading keystroke logging malware by which you unknowingly download malware that provides access to all of the personal information on your computer the key thing to remember is to never click on a link or download an attachment unless you are absolutely positive that it is legitimate and you have independently confirmed its legitimacy.  Also, you should maintain your anti-malware and anti-virus software up to date with the latest security patches.

Scam of the day – June 23, 2014 – Duke University Press data breach

June 23, 2014 Posted by Steven Weisman, Esq.

Duke University has announced that its Duke University Press has suffered a data breach.  Although no financial information was stolen, usernames and encrypted passwords were stolen.  However even though the passwords were encrypted, it is not uncommon for sophisticated hackers to use software programs to decipher passwords that are not particularly strong.  This is just the latest hacking of an institution of higher learning.  In just the last four months, personal information on more than 750,000 students was stolen in data breaches at Iowa State University, University of Maryland, North Dakota University and Indiana University.


Again, the advice to follow, if you were a victim of the Duke University Press hacking is to change your passwords immediately.  It also is a good time to consider changing your passwords for all of your password protected accounts and making them strong enough to withstand hackers’ decryption software.  A good password will be a combination of lower case letters and higher case letters, figures and symbols.  In order to make the passwords memorable, you can use a phrase, such as “IDon’tLikePasswords**” you can also adapt the password to different accounts, such that you make your Amazon password “IDon’tLikePasswordsAMA**.”  In this way you can establish easy to remember, but difficult to decipher passwords.

Scam of the day – June 14, 2014 – FAA orders Boeing to install computer security on all 737s

June 14, 2014 Posted by Steven Weisman, Esq.

On March 22nd in my Scam of the day I told you about the possibility that the missing Malaysian airliner may have had its computers hacked.   During the flight, two essential communication and location systems were turned off while the aircraft continued to fly.  Investigators appear to be focusing on the pilots or someone else on board physically turning off these systems.  But the systems could have been turned off by a hacker remotely sabotaging the plane.  In 2012, Boeing, the manufacturer of the Boeing 777 which was used on Flight 370 applied to the Federal Aviation Administration to make modifications to its onboard data systems because, according to federal records, “data network and design integration may result in security vulnerabilities from intentional or unintentional corruption of data systems critical to the safety and maintenance of the airplane… This may enable the exploitation of network security vulnerabilities and increased risks potentially resulting in unsafe conditions for the airplanes and occupants.”

Now the Federal Aviation Administration is ordering Boeing to make modifications to the computers on its 737 aircraft to prevent hackers from taking over control of the important inflight computers.  The order of the FAA requires Boeing to “ensure that the airplanes’ electronic systems are protected from access by unauthorized sources external to the plane.”


Computers are more and more imbedded in almost everything we use including cars, aircraft, refrigerators, thermostats, ovens and many other devices that make up what is now referred to as the Internet of things.  It is important to remember that once a computer is linked to the Internet, it is capable of being hacked and exploited unless proper security systems are in place.  This problem is likely to get worse until it gets better so it is up to all of us to look into the security of the computerized devices that we use that make up the Internet of things.

Scam of the day – May 29, 2014 – Car hacking

May 28, 2014 Posted by Steven Weisman, Esq.

I have been warning you about the danger of the Internet of Things which refers to the increasing use of computer technology in things that formerly did not involve computers or communication through the Internet, such as refrigerators, thermostats and cars.  Too often the developers of these cutting edge computer programs used to make these various products more intelligent and useful have neglected to sufficiently concern themselves with the security of these programs resulting in new vulnerabilities that are now and will even more in the future be exploited by hackers.

Cars are more and more computerized and this has resulted in an increasing number of car thefts due to exploiting of the electronic key systems of the cars.  In London, for example almost half of the cars stolen last year were hacked by car thieves using cheap electronic devices that will open a locked car in less than ten seconds.  Other electronic devices can even take over the car’s diagnostic unit, permitting hackers to control the car’s lights, locks, steering and braking systems.


At the moment car manufacturers have not installed security systems to prevent the opening and stealing of cars through remote entry by a hacker, however, this is something that we all should both be aware of as a potential problem and notify our car manufacturers as to our displeasure that they have not acted sufficiently to prevent this type of problem.  Certainly, no one should ever leave anything of value in a car feeling secure that the car is locked.

Scam of the day – February 23, 2014 – Serious threat to Apple iPhones, iPads and iPods

February 23, 2014 Posted by Steven Weisman, Esq.

A major security defect has been discovered by Apple that if exploited would permit an identity thief to hack into the emails and other communications sent from iPhones, iPads and iPods even if they were encrypted.  This is a potentially devastating flaw as users would believe that their communications were safe because they were using Secure Sockets Layer encryption security to protect their communications.  However, hackers who might gain access through sharing the same wireless network in a public place, such as a coffee shop could exploit this flaw to the extreme detriment of iPhone, iPad, or iPod users who falsely believed that they had taken proper precautions to protect the privacy of their communications and data.  The good news, however is that Apple has come up with a security patch which I provide you with below.  The bad news is that some security experts are now saying that the flaw is also present in Mac OSX, running Apple laptop and desktop computers and as I write this Scam of the day, Apple has not yet come up with a patch for the Mac OSX operating system.


If you are an iPhone, iPad or iPod user you should immediately install the critical patch just released to remedy the situation.  Here is the link:

Identity thieves and hackers count on people not promptly taking identity theft protection steps necessary to keep themselves safe.   Don’t be a victim.  If you use any of these devices, install the patches as soon as possible.  It is also important to remember that the battle with hackers and identity thieves is ongoing.  At the same time that you are installing a security patch, hackers and identity thieves are busy studying the new patches trying to find flaws.  I will always report to you as soon as new developments occur, so make it a point to check out each day.

Scam of the day – May 10, 2013 – Hackers attack on banks and credit unions fails – this time

May 10, 2013 Posted by Steven Weisman, Esq.

The hacking group Anonymous had reportedly targeted 130 banks and credit unions for a disruptive Distributed Denial of Service  (DDoS) attack on Tuesday, May 7th, but the attack failed to substantially materialize.  In a DDoS attack, large numbers of computers, remotely controlled by hackers as a BotNet, flood the websites of particular businesses or governmental agencies and shut them down because the websites are unable to handle the huge number of hits on the website.  Tuesday’s attack pretty much failed to materialize.  Although approximately 600 sites were shut down, few of these were inside the United States and if such an attack was indeed made against American governmental agencies, banks and credit unions, the attack was successfully defended.  But this is not to say that business and government have found a way to stop hacking into their computers.  In fact, the attack may not have occurred at all.  It may have merely been a subterfuge to see what the response would be by governmental agencies and businesses.  Additionally, although DDoS attacks are a nuisance, they are rarely more than that, however, larger more insidious attacks may occur while efforts are being focused against repelling the DDoS attack.


Large and small businesses are and will continue to be targets for hackers.  If you operate such a business you must take necessary security steps to protect your business from hackers.  As for we, the public, we should do what we can to protect ourselves.  Limit the information available about you at companies with which you do business so if they are hacked, you are not in danger of having your personal information used to make you a victim of identity theft.  Also make sure that you have backup records for all financial dealings and accounts that you have with companies with which you do business so that if an attack either accesses your account or deletes data, you have records that show what you have.  For more information about how to protect yourself, I urge you to consider purchasing my book “50 Ways to Protect Your Identity in a Digital Age” which you can get from Amazon at a reduced price merely by clicking on the link of the book on the right hand side of the front page of Scamicide.

Scam of the day – February 24, 2013 – More income tax identity theft scams

February 23, 2013 Posted by Steven Weisman, Esq.

Every season is scam season and income tax season is a huge time for income tax identity thefts by which identity thieves access your name and Social Security number and the file a phony income tax return in your name and claim a phony income tax refund based on false information they include in the return.  The Treasury Department Inspector General issued a report last summer that predicted the IRS will lose as much as 21 billion dollars to income tax identity theft over the next five years.  However, it is not just the IRS that loses, but it is also the person whose name and Social Security number has been stolen who is harmed.  If you file your legitimate return after the identity thief has filed a return using your name and Social Security number, it can take up to a year for you to get your legitimately owed refund from the IRS.


The key to protecting yourself from this kind of identity theft is to protect your Social Security number as much as possible.  Don’t carry your Social Security card with you.  Shred any documents that may contain personal information, such as your Social Security number so dumpster diving identity thieves cannot go through your trash and turn it into their gold.  Limit the places that have your Social Security number.  Don’t give it to companies that ask for it to use it as an identifier of you unless they legally need it, such as when you apply for a loan from a bank.  My eye doctor wanted my Social Security number and I refused to give it.  Remember, the security of your personal information is only as secure as the security of the weakest place that holds your information.  Keep your computer and other electronic devices protected with the latest security software to prevent hacking into your devices and stealing your information.  Finally, file your income tax return as early as possible to prevent an identity thief from filing before you do.