Posts Tagged: ‘Identity Theft’

Scam of the day – September 14, 2014 – Gmail passwords being sold on the blackmarket

September 13, 2014 Posted by Steven Weisman, Esq.

Reports have surfaced that hackers have made available approximately five million Gmail passwords along with associated Gmail addresses on black market websites used by identity thieves.  This may be related to the recent disclosure of the greatest data theft in history which I reported to you about on August 7th in which a Russian gang stole 1.2 billion user names and passwords along with 500 million email addresses.  If you are a user of Gmail, this news can appear to be extremely threatening, but the truth is not quite so bad.  In fact, the passwords in many instances have turned out to be passwords for other accounts of the Gmail account holders and that these passwords were obtained, not from hacking Gmail, but by hacking other accounts.  As a result of their investigation, Google has determined that less than 2% were working Gmail passwords.  Google has already acted to secure those affected accounts and contacting those people affected and advised them to change their passwords.  In response to this situation, Google has set up a new service called Account Checkup by which you can check to see if someone has logged on to your account.

TIPS

The good news is that if you have a Gmail account, it is unlikely that your Gmail password has been compromised, however the bad news is that some other password of yours has been compromised and you are in danger of identity theft.  The important thing for everyone is to have separate complex passwords for all of your accounts and to change them on a regular basis, such as every six months.  For more information about how to create complex, but easy to remember passwords, I suggest that you pick up a copy of my new book, “Identity Theft Alert.”  On the right side of this page is a link to the book on Amazon.  Where possible, you should also consider two-factor authentication for additional protection.

Scam of the day – September 11, 2014 – Important Home Depot update

September 11, 2014 Posted by Steven Weisman, Esq.

Home Depot has not confirmed what we knew all along, namely that they had been hit by a massive data breach that may involve as many as sixty million Home Depot customers going back to April 1, 2014.  The hacking of Home Depot followed the same pattern that we first saw in the hacking of Target last year, which was the first in what is already a long line of data breaches including, but not limited to Neiman Marcus, P.F. Chang’s, Goodwill and U.P.S.  As usual, due to the effectiveness of the malware used by what is probably the same Eastern European hackers, it was not Home Depot that first discovered the data breach, but rather banks monitoring credit card usage that were able to find a common denominator in fraudulent use of credit cards and trace it back to Home Depot.  The hackers who accomplished the Home Depot data breach are now selling the stolen credit and debit card information on black market websites in large batches.  Interestingly, along with the credit card numbers and debit card numbers, the hackers also are selling the state and zip code for the particular cards.  This enables the hackers to defeat some fraud detection programs that pick up charges made from areas far from the home of the card holder.   The identity thieves buying the card information can either buy card information for cards in their area and use them there or use them online.

Home Depot has announced that it is providing a year’s free credit monitoring through All Clear ID.  The offer is being made to Home Depot customers who used their credit or debit cards at Home Depot between April 1, 2014 and September 9, 2014.  If you wish to enroll, you can either go to Home Depot’s website www.HomeDepot.com or All Clear ID’s special website www.homedepot.allclearid.com.   It is very important to note that many people will be receiving emails, texts and phone messages purporting to be from Home Depot providing links to supposedly help you apply for the credit monitoring.  Many people will also be called on the phone and asked  by purported representatives of Home Depot for personal information including credit card information in order to enroll in the credit monitoring program.   These emails and text messages are scams designed to get you to download keystroke logging malware that will steal all of your information from your computer to make you a victim of identity theft while the calls are from scammers seeking to have you provide them the information they need to make you a victim of identity theft.

TIPS

Don’t click on links in emails or text messages promising to help you enroll in the free credit monitoring program.  You can’t be sure that the emails or text messages are legitimate.  Don’t provide personal information including credit card information over the phone to anyone you have not called unless you are absolutely sure that they are legitimate.  Instead go directly to the Home Depot website, www.homedepot.com or All Clear ID’s special website for Home Depot hacking victims, www.homedepot.allclearid.com where you can sign up for the credit monitoring service.  The malware used by the Home Depot hackers is still being used against many other companies and we can expect more and more data breaches in the future.  To protect yourself, do not use your debit card for purchases.  Use a credit card  for purchases and monitor your card usage regularly for indications of fraud.

Scam of the day – September 10, 2014 – Latest software security updates from the Department of Homeland Security

September 10, 2014 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates include important security patches for Windows and Internet Explorer.

TIPS

Here are the links to the latest security updates as issued by the Department of Homeland Security: https://www.us-cert.gov/ncas/current-activity/2014/09/09/Microsoft-Releases-September-2014-Security-Bulletin

Scam of the day – September 5, 2014 – Latest security updates from the Department of Homeland Security

September 5, 2014 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates include an important security patch for Google Chrome and Mozilla Firefox and Thunderbird.

TIPS

Here are the links to the latest security updates as issued by the Department of Homeland Security: https://www.us-cert.gov/ncas/bulletins/SB14-244 and https://www.us-cert.gov/ncas/current-activity/2014/09/03/Mozilla-Releases-Security-Updates-Firefox-and-Thunderbird

Scam of the day – August 30, 2014 – New scam threats springing from J.P. Morgan data breach

August 30, 2014 Posted by Steven Weisman, Esq.

As I have told you so many times, whenever something catches the attention of the public, it catches the attention of scammers and identity thieves who use it as a hook to turn that public’s interest in something into making the public victims of scams.  The recent death of Robin Williams and the Ice Bucket Challenge are two examples of things that have fascinated the public that were used to turn people into scam victims.  You can find the details about both of these scams in previous Scams of the day.  Now, the J.P. Morgan bank hacking is a big news story and it should be.  The data breach at J.P. Morgan and a number of other banks poses a serious threat to the financial well being of many people.  Scammers and identity thieves are now capitalizing on this concern and fear in the public to send emails and text messages to people in which the identity thieves pose as J.P. Morgan or other banks.  In the emails and text messages, you are told about problems with your account that require your immediate attention and you are directed to click on a link for further information.  If you click on this link, however, you will end up downloading keystroke logging malware that will steal the personal information from your computer and use it to make you a victim of identity theft.  In another variation of this scam, you are directed to provide your personal banking account information in response to the email for verification purposes.  Of course, if you do this, all you will succeed in doing is providing an identity thief with the information he or she needs to steal money from your accounts.

TIPS

Whenever you receive an email or a text message you cannot be sure of who sent it to you.  Even if the address of the sender appears to be legitimate, it is easy for a scam artist (remember, they are called artists) to “spoof” or counterfeit a legitimate address to make the message appear to be legitimate.  Never provide personal information in response to an email or text message.  Never click on links in emails or text messages unless you are absolutely sure that the message is legitimate.  If you have think that the email or text message may be legitimate, you should call the bank or other purported sender at a phone number that you independently have confirmed is legitimate to inquire.  Don’t call the number provided to you by the scammer.

Scam of the day – August 19, 2014 – Major data breach at hospital group

August 18, 2014 Posted by Steven Weisman, Esq.

In a filing yesterday with the Securities and Exchange Commission, Community Health Systems, Inc. a major hospital group company with 206 hospitals in 29 states disclosed that it had suffered a major data breach in which the names, addresses, birth dates, Telephone numbers and Social Security numbers of 4.5 million of its patients who had done business with Community Health Systems during the past five years.  The hacking originated in China and followed a familiar pattern whereby information gathering malware was surreptitiously installed on the computers of Community Health Systems.  This information places the affected individuals in serious danger of identity theft.  The health care industry has increasingly in the last six months become a frequent target for large scale hacking and data breaches as the security in general for many of the companies that make up this industry is extremely lax.  In fact, in April, the FBI warned the health care industry specifically that its cybersecurity was not sufficient to protect the personal information it stores.

TIPS

If you were a patient at any of the hospitals of Community Health Systems during the past five years, you should be particularly concerned, but even if you have not, your turn will come as more and more companies and industries continue to suffer major data breaches.  So what can you do?  The first thing is to limit, as much as possible, the information that you provide to the companies with which you do business.  Don’t store your credit card number with an online merchant merely for convenience because it puts you in danger of identity theft if the company is hacked.  You also should monitor all of your financial accounts closely for fraudulent activities.  You also may wish to consider putting a credit freeze on your credit report to block an identity thief from accessing your credit report and your credit even if he or she has your personal information.  For more specific tips on what you can do to protect yourself, I urge you to get a copy of my new book, “Identity Theft Alert” which can be purchased from Amazon by clicking on the link on the right hand side of this page.

Scam of the day – August 6, 2014 – Mickey Mouse becomes an identity theft victim

August 6, 2014 Posted by Steven Weisman, Esq.

Recently, the Bellevue, Washington police broke up an identity theft ring that was counterfeiting phony credit cards, forged checks, phony identification cards and drivers’ licenses.  In fact, among the phony drivers licenses confiscated by the police was one that must have been done as a test of their counterfeiting equipment because it was a phony driver’s license for Mickey Mouse or as the license read, Mick E. Mouse.  The identity thief obviously knew his Disney history because for the birth date of Mick, it listed November 18, 1928 which was the date of the first Mickey Mouse cartoon, “Steamboat Willie.”  The license also listed Mick as five feet two inches tall, and 119 pounds.  Being a socially responsible mouse, Mick was also listed as an organ donor on his license.  The picture on the license is unmistakeably that of Mickey Mouse.

TIPS

Although the identity theft of Mickey Mouse is humorous, identity theft is far from humorous when it comes to real people having their identities stolen. In this case, the identity theft ring in Bellevue obtained the information necessary to steal people’s identities in two primary ways.  They stole mail from people’s mailboxes that often had credit card bills and checks in envelopes meant for creditors as well as stealing personal information from documents and materials that people left in their cars.  Breaking into cars to steal wallets, IDs or other personal information that can be used for identity theft purposes is a common tactic of identity thieves. The lesson is to mail your bill payments from the post office if you are not paying your bills on line which is actually the safer choice.  You also should never leave anything in your car, even if it is locked, that could be used by a criminal to steal your identity.

Scam of the day – July 25, 2014 – Important security updates for Java and other software

July 24, 2014 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always identifying and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates provide critical security updates for a number of important software programs which we all use which if not used will put you in serious jeopardy of identity theft and being hacked.  In particular, this round of security updates provides important security updates for Java software.  Java has been a favorite target of scammers and identity thieves so much that the Department of Homeland Security has even advised people who don’t have to use Java, to disable it.  For more information about Java software I suggest you check out earlier Scams of the day that dealt with Java problems.  You can find these in the Scamicide archives.

TIPS

Here is a link to the latest security alert and updates as issued by the United States Department of Homeland Security: https://www.us-cert.gov/ncas/bulletins/SB14-202

Scam of the day – July 22, 2014 – Malaysian Airliner Flight MH 17 scams

July 22, 2014 Posted by Steven Weisman, Esq.

With the world’s attention focused on the recent  shooting down of Malaysian Airlines Flight MH 17 over the Ukraine, it was inevitable that identity thieves and scammers would soon be exploiting this event toward their own criminal goals and that is just what is already happening.  There are a variety of scams that have sprung up that are using the shooting down of the airplane as a hook to scam members of the public.  One scam involves phony charities that are asking for donations for the benefit of the victims of the missile attack only to steal all of the donations.  Another scam involves emails, text messages or communications on social media, such as Facebook that promise startling video of the event.  One message reads “Video Camera Caught the moment plane MH17 Crash over Ukraine.  Watch here the video of Crash.”  If your curiosity gets the better of you and you click on the link to view the video, you may unwittingly download a keystroke logging malware program that will steal all of your personal information from your computer and make you a victim of identity theft.

TIPS

You should never give to a charity until you  have confirmed that it is legitimate.  Go to www.charitynavigator.org where you can not only find out whether or not the charity is legitimate, but also how much of your donation goes toward charitable purposes and how much goes to administrative costs and salaries.

As I always warn you, you should never click on any link in any email, text message, social media or other communication unless you are absolutely sure that it is legitimate.  In this case, the particular language that I reported above that is used to lure people to download malware is written in broken English and could be an indication that the source is a foreign scammer or identity thief.  If you must search for such video, stay with legitimate new sources such as CNN, ABC, CBS, NBC, Fox or other sources that can be trusted.

Scam of the day – July 20, 2014 – Cisco corrects router vulnerability

July 20, 2014 Posted by Steven Weisman, Esq.

Everyone is aware of our vulnerability to having our computers hacked through unwittingly downloading malware that often comes as an attachment to or a link in a phishing email that appears to be legitimate, but whose sole purpose is to lure us into downloading the malware that can steal the information from our computer and make us victims of identity theft.  However, few people are aware that hackers and identity thieves are now targeting the computers of individuals and businesses through their routers.   Cisco, one of the makers of home wireless routers has issued a security patch to remedy this problem.  As always, when security updates and patches are released, it is very important to make sure that you download and install the patches as soon as possible.

TIPS

Here is the link to the Cisco security patch as provided by the Department of Homeland Security: https://www.us-cert.gov/ncas/current-activity/2014/07/16/Cisco-Addresses-Wireless-Residential-Gateway-Vulnerability

It is important to note that other routers are also vulnerable to hackers so if you have one that is not made by Cisco, you should contact the maker of your router to learn what you can do to make its use safer.