Posts Tagged: ‘Identity Theft’

Scam of the day – November 23, 2014 – New Drupal security threat

November 23, 2014 Posted by Steven Weisman, Esq.

In my Scam of the day for for November 3rd I warned you about a major security flaw in Drupal software.  Many of you may not be familiar with Drupal, but website developers certainly are.  Drupal is a software company whose software is used by a billion websites to manage images, text and video on websites.  On October 15th, Drupal announced that it had discovered a major security flaw that could be exploited by hackers to not only steal data from targeted websites, but also to set up a backdoor application that would permit the hacker to return to retrieve more data.  All of this could be done without any indication that a hacking had occurred.  Most companies responded to Drupal’s announcement and its security update, however, according to Drupal, any website that did not download the Drupal security patch within seven hours of its October 15th announcement should assume that they have been hacked and their sensitive information compromised.  Drupal estimates that about 5% of the billion websites that use Dropal software did not install the necessary security patch in a timely fashion and although this number may seem small, this means that the number of affected websites that may have personal information on you and me is as high as twelve million websites.   Among the websites that did not promptly update their security was the website of the Indiana Department of Education which was hacked twice after failing to update its Drupal software.

TIPS

Part of the problem is that unlike many software companies that provide automatic updates for you to install, Drupal does not do so.  Many companies, to their own detriment are slow to install important security updates and this delay puts them and their customers in serious danger of identity theft and being scammed.  This is why here at Scamicide we provide security updates as they are announced.  The Drupal security problem is also a warning again to us all that we are only as secure as the companies and governmental agencies with which we do business with the least effective security.  Drupal has issued a new security warning with instructions as to how to correct security flaws in their software.  Here is a link you can trust to Drupal’s security warning https://www.drupal.org/SA-CORE-2014-006

Scam of the day – November 5, 2014 – Latest security updates from the Department of Homeland Security

November 5, 2014 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates includes many important updates and security patches to prevent serious problems including important security updates for the popular website design software WordPress.

TIPS

Here is the link to the latest Department of Homeland Security software updates and security patches https://www.us-cert.gov/ncas/bulletins/SB14-307

Scam of the day – November 4, 2014 – Instagram counterfeit check scam

November 4, 2014 Posted by Steven Weisman, Esq.

Many years ago there was a popular cartoon character named Pogo, who transformed the famous words, “We have met the enemy and he is ours” spoken by Admiral Oliver Hazard Perry following a naval battle into “We have met the enemy and he is us.”  Pogo’s version may well apply to the many of us who don’t realize that whenever we put too much information online through social media we are providing information that can be used against us in a multitude of ways.  Postings on Facebook and other social media can be used by identity thieves and scammers to learn the answers to your security questions and also provide information to make you a target of spear phishing where you receive an email that appears to come from someone you know or a company with which you do business.  Putting personal information such as your birthdate and address on social media makes it easier for an identity thief to steal your identity.

Recently federal prosecutors in Minnesota brought counterfeiting and other charges against 28 people who created counterfeit checks using the banking information contained on checks that have turned up on Instagram photos with the hashtag #myfirstpaycheck.  It is a simple matter today to create checks with the account number and bank routing information contained on a check.  It is also just as simple for counterfeiters to search Instagram for the popular hashtag #myfirstpaycheck put up by naive new employees.

TIPS

Certainly no one should take a photo of any check and put it up online or on any social media website.  However, you should also limit, as much as possible the personal information you provide online and through social media that in the hands of an identity thief can be used to make you a victim of identity theft.  Don’t include your birth date, mother’s maiden name or other personal information on social media that can be used to make you a victim of identity theft.  Don’t make an identity thief’s work easy.

Scam of the day – November 3, 2014 – 12 million websites hacked in Drupal attack

November 3, 2014 Posted by Steven Weisman, Esq.

Many of you may not be familiar with Drupal, but website developers certainly are.  Drupal is a software company whose software is used by a billion websites to manage images, text and video on websites.  On October 15th, Drupal announced that it had discovered a major security flaw that could be exploited by hackers to not only steal data from targeted websites, but also to set up a backdoor application that would permit the hacker to return to retrieve more data.  All of this could be done without any indication that a hacking had occurred.  Most companies responded to Drupal’s announcement and its security update, however, according to Drupal, any website that did not download the Drupal security patch within seven hours of its October 15th announcement should assume that they have been hacked and their sensitive information compromised.  Drupal estimates that about 5% of the billion websites that use Dropal software did not install the necessary security patch in a timely fashion and although this number may seem small, this means that the number of affected websites that may have personal information on you and me is as high as twelve million websites.

TIPS

Part of the problem is that unlike many software companies that provide automatic updates for you to install, Drupal does not do so.  Many companies, to their own detriment are slow to install important security updates and this delay puts them and their customers in serious danger of identity theft and being scammed.  This is why here at Scamicide we provide security updates as, in turn, provided by the U.S. Department of Homeland Security as they are announced.  The Drupal security problem is also a warning again to us all that we are only as secure as the companies and governmental agencies with which we do business with the least effective security.

Here are links to Drupal’s original warning as well as a security update that instructs Drupal users how to remedy the problem.

https://www.drupal.org/SA-CORE-2014-005

https://www.drupal.org/PSA-2014-003

Scam of the day – October 31, 2014 – Free credit score scams

October 31, 2014 Posted by Steven Weisman, Esq.

Based on the information contained in your credit reports, your credit score can have a significant effect on whether you are granted a loan and at what interest rate, whether you will be hired for a job, whether you will be sold insurance, whether you can rent an apartment or many other purposes.  We all have a right to an annual free credit report from each of the three major credit reporting agencies, however, your free credit report will not provide you with your credit score.  Recently many people are receiving emails with offers to provide a free copy of your credit score.  Unfortunately, as with any other email or text message that requires you to provide personal information such as your Social Security number which is required to obtain your credit report or credit score, you cannot be sure that the offer is legitimate.  In some instances, companies offering to provide “free” credit reports or scores are actually signing you up for a continuing service that you may not either desire or need.  These sites generally ask for your credit card number, but tell you that they only need the credit card number for verification purposes.  Of course, that it is a lie.  If you were getting something free, you would not need to provide a credit card number.   They are getting your number to use it to charge you monthly fees for services that you may not have thought you ordered.  Even worse however, are scams in which the company offering to provide you with your free credit score is actually just scamming you in order to get your Social Security number which they will use to make you a victim of identity theft.

TIPS

As I always say, you cannot trust any email or text message to be legitimate.  Never click on links, download attachments or provide personal information in response to unsolicited emails or text messages.  The risk is too great.  If you want your free credit reports from each of the three major credit reporting agencies, Equifax, Transunion and Experian, the only place to go is the website www.annualcreditreport.com.  It is important to monitor your credit report not just to find evidence of identity theft, but also to find mistakes that may appear on your report that can adversely affect your credit score.  As for your credit score, the website www.creditkarma.com is a legitimate website that you can trust, that encrypts your data and provides your credit score for free.

Scam of the day – October 29, 2014 – World Health Organization Ebola scam

October 29, 2014 Posted by Steven Weisman, Esq.

I warned you about a number of Ebola scams in my Scam of the day for October 16th, however, a new one is now appearing that requires a specific warning.    This scam starts with an email that appears to come from the World Health Organization that contains a link for you to click on in order to download an attachment purported to contain tips to protect you from the Ebola virus.   It is preying upon the public’s fear and concern regarding Ebola.  However, if you download the attachment, you will not get Ebola information, but will download a keystroke logging malware program that will steal your personal information from your computer and use it to make you a victim of identity theft.

TIPS

Never click on links or download attachments in emails, text messages or social media postings unless you have confirmed that the links or downloads are legitimate.  Trust me, you can’t trust anyone.  It is easy to make a counterfeit message that carries the logo of a real organization and appears to be legitimate.  If you even have the slightest thought that the message may indeed be legitimate, you should merely go to the website at an address that you know is correct or call the entity at a telephone number you have confirmed is correct to verify whether or not the original message to you was phony or not.  In this particular case, the World Health Organization never sends messages to the general public, so you should immediately know it is a scam.

 

Scam of the day – October 26, 2014 – Myverizon38.com scam

October 26, 2014 Posted by Steven Weisman, Esq.

This scam is a slight variation of the scam I reported to you about on March 6, 2014 in the Scam of the day. “Spoofing” is the name for the tactic used by identity thieves to make a call that you receive appear to come from a legitimate source, when, in truth it is from a scammer who has merely managed to make it look like the call is legitimate.  Many people are reporting receiving calls on their smart phones or landlines that on Caller ID appear to be from “Technical Support” and carrying a telephone number that is a real number for Verizon Wireless technical support.  The call received is an automated robocall that informs you that you have are eligible for a $38 reward and then directs you to the website www.myverizon.38.com.  This website is a phony website which lures you into providing personal information that is then used to make you a victim of identity theft.  In other variations of this scam, merely by clicking on a link on the phony website, you will unwittingly download keystroke logging malware that will steal the personal information from your computer and use this information to make you a victim of identity theft.   This type of scam by which a legitimate-looking, phony website tricks you into providing personal information or clicking on tainted links is called “phishing.”  Back when I first reported on this scam to you, the phony website was www.verizon54.com and the amount of the phony reward was $54.

TIPS

You can never trust a phone call to actually be from whom the caller says.  Spoofing is easy to accomplish by identity thieves.  Don’t be tricked into trusting a telephone call.  In addition, robocalls are illegal so you should never trust a prerecorded call.  Nor should you click on links that you are not sure are legitimate.  If you have any thought that the original contact might be legitimate, contact the company directly at a website address or telephone number that you know is accurate to inquire about the particular matter.

Scam of the day – October 24, 2014 – President Obama’s Executive Order regarding credit card security and identity theft

October 24, 2014 Posted by Steven Weisman, Esq.

President Obama has signed an Executive Order leading the way for greater protection for Americans from data breaches and identity theft.   He also announced that a number of companies including Home Depot Target,  Walgreen and Walmart are accelerating their move to more secure chip and PIN credit card use at their stores. Although regulations that would encourage retailers to switch to these smart cards no later than October of 2015, these companies are planning on completing the move to smart card readers by January of 2015 with Walmart already leading the way.  Also starting in January Citi and FICO are joining together to make credit scores available free to Citi Bank credit cards.  Already providing free credit scores are Discover, Barclaycard, Pentagon Credit Union and First National Bank of Omaha.  It is hoped that more banks will follow this example.  Under the President’s order the reporting of credit card fraud will be made quicker and easier within two years.  Finally, the President announced that the Department of Justice and the FBI are working to improve greater information sharing between hacked companies and affected consumers with the National Cyber-Forensics and Training Alliance’s Internet Fraud Alert System.

TIPS

The President’s actions are a good first step and they do indicate a greater willingness of businesses to work with the government in order to better protect consumer data.  However, much remains to be done and Congressional action is definitely required to improve the laws necessary to protect consumers from data breaches and identity theft.  However, it is good to see the President taking the lead on this important issue. Meanwhile, the primary responsibility for protecting ourselves from identity theft still rests with all of us as individuals.  I urge you to pick up a copy of my new book “Identity Theft Alert” which provides simple steps you can take to dramatically improve your chances of avoiding identity theft.  You can order the book from Amazon by clicking on the link on the right hand side of this page.  I also urge you to read scamicide.com every day so you can become aware of the latest scams and identity theft schemes.

Scam of the day – October 15, 2014 – Medicare open enrollment scams

October 15, 2014 Posted by Steven Weisman, Esq.

The open enrollment period for Medicare begins today on October 15th and goes until December 7th.  This is the only time during the year that people enrolled in Medicare can change their Medicare health plans, supplemental or Medigap plans and their prescription drug plans.  By now, people already enrolled in Medicare should have received an Annual Notice of Change from their health insurance providers describing any changes to their plans such as the dropping of particular drugs from your prescription drug plan.  If you are satisfied with your plans, you do not need to do anything.

Scammers and identity thieves view the open enrollment period as senior citizen hunting season as myriads of Medicare scams are common during this time.  Among the scams are phone calls or emails purporting to be from Medicare informing you that Medicare is issuing new Medicare cards and that in order to continue to receive benefits, you need to obtain a new card which can be done by providing the person contacting you with your Medicare number which is your Social Security number.  If you provide this number, you will end up becoming a victim of identity theft.  Other times you may be contacting by someone purporting to be from your insurance company asking to verify information.  Again, this is a common tactic of identity thieves trying to trick you into providing information.  You also may be contacted by people claiming to have supplemental insurance programs that will save you thousands of dollars.  Here too, you cannot be sure that they are legitimate when they contact you by phone, text message, email or even regular mail.

TIPS

Medicare is not issuing new cards and they will never contact you by phone and ask for your Medicare number.  Never give personal information to anyone who calls you on the phone because you can never be sure who is actually on the other end of the line.  Through a technique called “spoofing” a scammer can fool your Caller ID and make it appear that the call is from the government or some legitimate company when in fact, it is from an identity thief who is eager to steal your money.  If you want to get information you can trust about what insurance plans are available to you and at what cost, merely go to the “Plan Finder” section of Medicare’s website www.medicare.gov.  If you want to speak with someone on the phone, call Medicare at its 24 hour hotline 1-800-MEDICARE.