Scam of the day – March 17, 2016 – Political donation scams

The 2016 presidential campaigns are in full swing and scammers are taking advantage of interest in the various candidates by making telephone calls posing as campaign workers seeking political donations from their unsuspecting victims who are lured into providing their credit card information over the phone.  This particular scam can easily seem legitimate.  Caller ID can be tricked through a technique called “spoofing” to make it appear that the call is coming from a candidate and recordings of the candidate can also be used as a part of the scam.  Furthermore, calls from political candidates are exempt even from the federal Do-Not-Call List, so it would be legal for someone to get a call from a political campaign seeking donations.

TIPS

Whenever you receive a telephone call, you can never be sure as to who is really contacting you, so you should never give personal or financial information to anyone over the phone who you have not called.  If you do wish to contribute to a political candidate’s campaign, the best way to do this is by going to the candidate’s official website and make your contribution.  Even then, make sure that when you are giving your donation online that the website address begins with https instead of just http.  Https indicates that your communication is being encrypted for better security.

 

Scam of the day – December 4, 2014 – Which online shopping websites are the safest?

Shopping online is not limited to Cyber Monday.  Many of us are fond of the ease and convenience of online shopping, not to mention the considerable savings we sometimes achieve.  However, there is always a question about the safety of the online shopping experience.  Recently, the password management company, LastPass did a security comparison of ten popular online retailers and rated them for security considering the following factors:

1.  Password requirement

2.  Assistance in setting up a strong password

3.  Use of a security question

4.  Simplicity of security question

5.  Automatic encryption of data

6.  Storage of  personal data

The optimum score would be by a company that required a password, provided assistance in evaluating the strength of your password, required a security question asking for information not readily available to an identity thief, automatically used encryption for transfer of data and stored the least information necessary.  At the top of LastPass’ list was the Apple App Store, eBay and Macy’s.  At the bottom of their list was JC Penny and Sears.

TIPS

The best place to find a helping hand is, as always, at the end of your own arm.  When shopping online, you should always make sure that a password is necessary and that you use a strong password.  You can find information about setting up a strong password in the archives of Scamicide.  Security questions are always a good idea and an even better idea is to make a nonsensical answer to your security question which will turn a weak security question, such as your mother’s maiden name into a strong security question.  For example, if your mother’s maiden name is “Smith,” make the answer to the question “Grapefruit.”  No one will find that answer by doing research.  Never provide credit card information unless the transaction is encrypted which you can determine by looking for “https” rather than merely “http” at the beginning of the website address line.  Finally, regardless of how convenient it may be, don’t leave your credit card stored with the retailer for future use. Insert the credit card anew each time you purchase something.  Leaving your credit card information with the retailer just makes you more vulnerable in the event of a data breach of the retailer.

Scam of the day – October 30, 2014 – Gallup poll shows hacking of retail stores is the crime most feared

A recent Gallup poll shows that the hacking of retail stores and the resulting theft of credit and debit card information is the crime that is feared most by Americans – and with good reason.  Identity theft, including the fraudulent use of credit cards by identity stealing hackers accounts for more dollars lost than all other property crimes combined.  Soon we will be heading into the holiday shopping season when credit card shopping both at brick and mortar stores and online will dramatically increase as will the attempts by hackers to steal credit card and debit card information so it is particularly important for everyone to be vigilant when using their credit and debit cards.  The bad news is that there is nothing that we, as individuals can do to reduce the chances of a major data breach at large and small retailers with which we do business, however, the good news is that there is a lot we can do to minimize our exposure.

TIPS

First and foremost, do not use your debit card for any purchases.  Limit its use to ATMs.  The consumer protection laws regarding fraudulent debit card use are not as strong as the laws pertaining to fraudulent use of credit cards.  Potentially, you could lose the entire bank account tied to your debit card if you are not carefully monitoring its use.  In addition, even if you do notify your bank immediately upon promptly noticing fraudulent use of your debit card, your access to your bank account will be frozen while your bank investigates the crime.

Also, when shopping in brick and mortar stores, you may wish to patronize those stores, such as Wall Mart which are ahead of the pack when it comes to transitioning from the old magnetic strip credit cards to the new smart cards with computer chips that would eliminate the risk of your credit card number being captured by a hacker and used for fraudulent purchases.  You also may wish to consider using the new Apple iPay system which also provides greater protection from hackers.

When shopping on line, limit your shopping to the websites of stores that you know are legitimate and make sure that your communications with the website including the providing of your credit card number is encrypted. You can confirm this by looking at the website address and making sure that it begins with “https” rather than merely “http.”  It is important to note that even if you are using a smart card with a computer chip you are not protected from hackers when shopping online because in this instance you are not generating a new number each time you shop.

As we get closer to the holiday season, I will providing you with more tips to avoid holiday scams and identity theft schemes.

Scam of the day – August 4, 2014 – Instagram hacking threat

Instagram is a great app for sharing photographs and videos, however, it has recently been discovered that it can be easily hacked when it is used with public WiFi.  The core of the problem is that Instagram accounts do not communicate over an encrypted program.  An easy way to see if you are communicating by way of an encrypted program is to look at the web address and see if it starts with “https.”  If it starts with “http” without the “s,” your communication is not being encrypted and is not protected.  Hackers can obtain personal information such as your username, password and photos by hacking into public WiFi, which is easily done.  Perhaps the most disturbing part of the recent revelation that this security flaw exists is that  Facebook, the owner of Instagram has been aware of this problem for two years.  Facebook officials say that they are still working on moving to “https,” but frankly this process should not take this long.

TIPS

Never communicate anything of importance online unless the data is encrypted.  Look for the “https” when communicating with any website with which you are sending personal information, particularly financial information such as a credit card.  You should avoid using Public WiFi for anything of a confidential nature since you cannot be sure if you are using the real Public WiFi or one that is set up by a hacker sitting close by who is capturing all of your data.  In addition, even if you are using the real Public WiFi, that system is easily hacked so, unless your communications are encrypted, you are in danger of identity theft.

Scam of the day – April 10, 2014 – Serious security danger on the Internet of Heartbleed

The term “Heartbleed” sounds serious and it is.  Heartbleed is the name of the recently discovered security flaw in the Open SSL encryption security technology that is used by up to 2/3 of websites on the Internet.  An indication that the website you are communicating with uses Open SSL is the presence of the tiny padlock icon next to the website address.  Another indication of the use of Open SSL being used is the letter “s” appearing after the initial “http” at the beginning of a website address.  The padlock and the “s” indicated to people communicating with websites that your communications were encrypted and safe from hackers.  Now we have discovered that this encryption technology had been cracked by attackers as long as two years ago.  This means that your communications online with your bank and retailers may have been compromised.  Many websites that have used the Open SSL encryption technology including Amazon and Facebook have fixed the problem or are working on it.  There are patches available.

TIPS

The first thing that you should do is to change your passwords at websites you have used that utilized the Open SSL encryption because your password may be in the possession of hackers.   However, do not change your password until you have confirmed with the Website that it has patched the security flaw.   Heartbleed is a good reminder to us all that we should change our passwords on a regular basis as well as have different passwords for every website where we use a password so that if one gets hacked, identity thieves would not have the passwords for all of our other accounts.  It doesn’t have to be a difficult task as just adding or changing a letter or two can do the trick if you have a good, complex password with letters both capital and small as well as figures and signs.  Also, again as we all should be doing, monitor all of your accounts regularly for evidence of fraudulent use.

Here is a helpful link you can go to in order to check and see if the websites you go to were among those affected by Heartbleed.  One word of caution, this is not guaranteed by its creator to be 100% accurate: http://filippo.io/Heartbleed/

For people who have websites that use Open SSL, here is a link to the notice from the Department of Homeland Security with the links to rectify the situation.https://www.us-cert.gov/ncas/alerts/TA14-098A

Scam of the day – August 4, 2012 – Online job scams

The convenience of looking for a job online is somewhat balanced by the ease with which scammers can exploit this process to steal money from you or make you a victim of identity theft.  Merely because you find a job listing on a legitimate job site, such as Monster.com does not meant that the company is legitimate.  Despite the best efforts of employment websites, scammers do get through.

TIPS

If a company doesn’t even list its name, don’t even bother to respond to the advertisement.  Real companies are not afraid of using their names in their ads.  Stick to legitimate sites, such as Monster.com  which at least make an effort to try to weed out the scammers.  The key to identity theft is your Social Security number so do not provide your Social Security number on any initial job application.   A problem, however, is that companies may do a background check on prospective employees and to do that effectively they will need your Social Security number.  If you get to that point in the process call the HR department of the company at a telephone number that you know is accurate to confirm that indeed the job offer is a legitimate one and not just someone posing as that company.  Finally, whenever you provide personal information online, make sure that the URL begins with “https” rather than just “http.”  That letter “s” indicates that the information is being encrypted

Security while shopping online

Shopping on line can be a tremendous convenience.  It also can be an easy opportunity for a scammer to steal your identity or your money.  Here are some simple tips to keep in mind when shopping on line.

TIPS

Never shop on a website unless its domain name starts with “https.”  The extra “s” is the key letter because it means that the site is secure and the data is encrypted for your safety.

Consider using a temporary credit card number for online purchases.  Purchases will be charged to your regular credit card number, but even if the temporary number falls into the hands of identity thieves, it cannot be used to access your credit card.  You can get a temporary card number from your credit card issuer.

Don’t shop on your computer in public places where you cannot be sure of the security of the Wifi.

Keep your computer security software up to date

Don’t let websites where you shop store your credit card and other information because in the event of a breach of their security, your security also gets breached.