Posts Tagged: ‘Identity Theft’

Scam of the day – December 8, 2016 – Holiday online shopping scams

December 8, 2016 Posted by Steven Weisman, Esq.

Imagine Andy Williams singing, “It’s the Most Wonderful Time of the Year” and it may indeed be the most wonderful time of the year for many people, but it is not so wonderful if you have been scammed by cybercriminals who really do find the holiday shopping season to be the most wonderful time of the year – for them.   I received an email today showing me how I could get iPads and iPhones at 90% discounts by clicking on links and ordering them online.  If I had clicked on the links, all I would have succeeded in doing would have been paying electronically for goods that I never would have received.  Meanwhile, by clicking on the links, I also would have run the risk of unknowingly downloading keystroke logging malware that could have stolen all of the information from my computer, such as my Social Security number, credit card number and other financial data and made me a victim of identity theft.

People also get in trouble when they go to phony websites that appear to be those of legitimate retailers and turn over their credit card information to a scammer and never get the goods they think they are purchasing.

TIPS

If an offer sounds too good to be true, it usually is.  Scammers always pick the most popular and expensive items to lure people into sending them money for goods that never are delivered.  Never click on links in emails, tweets or text messages unless you are sure the communications are legitimate and it is hard to do so without calling the legitimate company because even if it truly appears to be coming from a legitimate person or entity, their email, twitter, or smart phone may have been hacked into and the communication you receive is from a scammer.  Only deal with companies that you know are legitimate and confirm that you are actually on a legitimate website because phony websites can look quite good.

As for online shopping websites, there are a few ways you can determine whether or not a shopping website is legitimate or not.  First, find out who actually owns the website. Websites such as http://lookwhois.net/ will enable you to merely put in the URL and see who actually owns the website you are considering using for shopping.  If it doesn’t match the  legitimate company that you think you are doing business with, you will know to stay away.  Also, call the company at a telephone number you know is legitimate to confirm the precise website URL that they use.

Scam of the day – November 29, 2016 – Giving Tuesday scams

November 29, 2016 Posted by Steven Weisman, Esq.

Following the major shopping days referred to as Black Friday and Cyber Monday now comes Giving Tuesday which was first designated as a special day to focus on helping out people in need through charitable gifts in 2012.  This is a time of the year when many people are receptive to solicitations from charities.  Unfortunately, not all of those solicitations will be from legitimate charities.  Many of those calls, letters and emails will be from scammers posing as charities.

Even if you are on the federal Do-Not-Call List, which I strongly recommend unless you want to talk to telemarketers, the law permits charities to contact you by phone.  Unfortunately, whenever you receive a telephone call, you can never be sure who is really calling you.  Even if your Caller ID indicates that the call you are getting is coming from a charity whose name you recognize, the call actually may be from a scammer using a technique called Spoofing to make it appear that the call is legitimate when it is not.  The truth is that the call you receive may or may not be from a legitimate charity or a telemarketer on behalf of a legitimate charity and you have no way of knowing who is really on the other end of the line.

TIPS

When you receive such a call from a telemarketer or someone purporting to represent a charity, if you are interested in the particular charity, the best thing you can do is just to ask them to send you written material.  Do not provide your credit card number over the phone to anyone who calls you because you cannot be sure that they are legitimate.   Also, as I have warned you in the past, many phony charities have names that are similar to real charities so it is always a good idea to investigate a charity before you make a charitable contribution.  In addition, when you receive a charitable solicitation telephone call from a telemarketer, the telemarketer is generally being paid a commission for the money he or she collects.  Thus, your contribution to the charity is diluted by the amount that goes to the telemarketer although as Jerry Seinfeld would say, “not that there is anything wrong with that.”    However, if you really want to make your charitable contribution go farther, you will  be  better served by first checking out the particular charity at www.charitynavigator.org where you can find out not only if the particular charity is legitimate, but also how much of your contribution goes toward administrative costs and how much actually goes toward the charity’s charitable work.  Charitynavigator.org will also show you the best address to send your contribution.  Then you can make your contribution directly to the charity without any amount being deducted for fund raising expenses.

Scam of the day – November 27, 2016 – Holiday package delivery scams

November 27, 2016 Posted by Steven Weisman, Esq.

Today’s scam of the day is one that is with us throughout the year, but becomes much more common during the holiday shopping season.  It involves package deliveries from UPS, Federal Express or other delivery services and has a number of different variations.  In one variation, you receive an email that looks quite official and may even carry the logo for UPS, Federal Express or some other courier service.  The email tells you that there is a package for you, but you need to make delivery arrangements.  You then are instructed to either provide personal information, such as your credit card number or merely to click on a link.  If you provide personal information, you have just turned over that information to an identity thief.  If you click on the link, you will be downloading keystroke logging malware that will steal the information from your computer and use it to make you a victim of identity theft.

In another variation of the scam, a notice of attempted delivery is left on your door with a telephone number for you to call and arrange for delivery of the package.  Once you call, the person answering requires you to provide personal information in order to confirm the order.  Of course, no delivery service needs any personal information from someone to whom they are delivering a package.  If they ask for such information, it is a scam.  And think about it.  Why would a deliver service need your Social Security number or credit card number if you are receiving a package?

TIPS

As I have told you many times, you cannot trust any link in an email until you have confirmed that the email is legitimate.  In this case, you should call the delivery service at a number that you know is accurate to confirm whether or not the email was legitimate.  You will then find that the email was a scam.  Delivery services do not send emails to the people receiving packages.  They don’t even know your email.  As for a telephone call from someone purporting to be a delivery service employee, you can never be sure whether someone really is who they say they are on the phone, so once again, you should call the delivery company at a number that you know is accurate to confirm whether or not the call was legitimate.  Finally, remember, no delivery service ever needs your personal information such as credit card number, Social Security number or birth date.  Anytime anyone asks for that information on a phone call to you, you should just hang up.

Scam of the day – November 26, 2016 – Naval records at Hewlett Packard hacked

November 25, 2016 Posted by Steven Weisman, Esq.

In an all too familiar story, it has just been disclosed that personal information including names and Social Security numbers of 134, 386 present and former Navy employees was compromised in a hacking of a laptop of a Hewlett Packard employee.  Hewlett Packard had this information through a contract on which it was working for the U.S. Navy.  Further details of the hacking have not been released, but the fact that such a hacking occurred leads to concerns that the pattern established years ago in hacking of NASA laptops in which the laptops were not password protected and the data contained therein was unencrypted is repeating itself.

TIPS

The continuing negligence of many companies and government agencies in not properly protecting sensitive personal data that can readily be used for purposes of identity theft is disappointing and startling.  There are many simple security steps that are easily taken, such as password protecting laptops and other electronic devices as well as encrypting sensitive data and the use and updating of security software that should be done by all companies and government agencies without exception.

The lesson, however, is one that we should also practice in our own lives.  We as individuals are regularly targeted by identity thieves so al of us should protect each of our electronic devices with a unique password, sensitive data should be encrypted and stored in the cloud or in a portable hard drive, dual factor authentication should be used whenever possible, install and update security software on all of your electronic devices and don’t click on links in emails or text messages unless you have absolutely confirmed that they are legitimate.  These are just a few of the simple protocols we should all follow to decrease the chances of our becoming victims of identity theft.

Scam of the day – November 18, 2016 – Yet another Chase phishing scam

November 18, 2016 Posted by Steven Weisman, Esq.

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which  download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work.  Reproduced below is a copy of a new phishing email presently circulating that appears to come from Chase Bank.  I have taken out the name of the addressee, but it was directed to the email address of the person receiving the email.  I also have removed the link directing the person to click on to receive an important security message.  Chase is a popular target for this type of phishing email because it is one of the largest banks in the United States.  Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond. As phishing emails go, this one is pretty good.  It looks legitimate.  However, the email address from which it was sent is that of an individual totally unrelated to Chase and is most likely the address of an email account of someone whose email account was hacked and made a part of a botnet of computers used by scammers to send out phishing emails.   As so often is the case with these type of phishing emails, it does not contain your account number in the email.  It carries a legitimate looking Chase logo, but that is easy to counterfeit.

Chase logo

Dear ******************

You have 1 new Security message From Chase Online Bank.

Click your email here to view the message *****************

As this e-mail is an automated message, we can’t reply to any e-mails sent by return.

JPMorgan Chase Bank, N.A. Member FDIC
©2016 JPMorgan Chase & Co

TIPS

There are a number of indications that this is not a legitimate email from Chase, but instead is a phishing email. Legitimate credit card companies would refer to your specific account number in the email.  They also would direct the email to you by name rather than directing it to your email address.   As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or smartphone and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the customer service number where you can confirm that it is a scam, but make sure that you dial the telephone number correctly because scammers have been known to buy phone numbers that are just a digit off of the legitimate numbers for financial companies, such as Chase to trap you if you make a mistake in dialing the real number.

Scam of the day – November 15, 2016 – Post election scams

November 15, 2016 Posted by Steven Weisman, Esq.

Merely because the presidential election is over doesn’t mean that scammers are not using the election as a further opportunity to scam people out of their money.  Scammers are always exploiting whatever is foremost in the minds of people and with a close election exposing how deep the divide is between many Americans, scammers are utilizing new scams designed around the election.

Both President Elect Trump supporters as well as his detractors will legitimately be doing fund raising at this time for their respective causes while emotions are running high.  You can expect to be contacted by phone, text messages, social media and email about contributing to various organizations claiming to advance your cause, whatever it may be.  Many of these people contacting you will be scammers.  Trust me, you can’t trust anyone.

You also may be contacted by scammers posing as people either taking a political survey or petitioning about current issues, such as the electoral college.  The danger here is that the scammers lure people into trusting them and then ask for personal information, such as birth dates and Social Security numbers that can be used for purposes of identity theft.

TIPS

Whenever, you are contacted by phone, text message, email or through social media, you cannot be sure who is really contacting you so you should never give out personal information including credit card information to anyone contacting you in those ways unless you have independently verified that the contact is legitimate.

No legitimate pollster and no one asking you to sign a legitimate petition needs your Social Security number so never give it to anyone asking you to sign a petition.

Scam of the day – November 13, 2016 – Important update for victims of the OPM data breach

November 12, 2016 Posted by Steven Weisman, Esq.

I initially reported to you in 2014  that  the federal Office of Personnel Management (OPM) was hacked by Chinese hackers who stole personal information of  what was initially thought to be the personal information of about four million present and former federal employees as well as non-employees whose information was gathered by the OPM during the course of background investigations of federal employees.  At that time, the OPM offered free credit restoration services and credit monitoring to the victims through Winvale/CSID.  Then in 2015,  the OPM discovered a much larger data breach affecting more than twenty-one million people and again offered free credit restoration services and credit monitoring services.   Now the contract of  OPM with Winvale/CSID to supply those free credit restoration and monitoring services will end on December 1st.  If you were affected by the initial breach and had availed yourself of the free services offered by OPM, you will need to re-register with the new company, ID Experts.  You can do so by clicking on this link. https://www.opm.gov/cybersecurity

Victims of the second OPM data breach who applied for free credit restoration and monitoring services were already covered by ID Experts so they need not reapply.

TIPS

If you were a victim of the first  OPM data breach,  you should click on the link above and sign up for the free services.

It is important to remember that no identity theft protection company can prevent you from becoming a victim of identity theft.  The best they can do is notify you earlier that you have become a victim.    In fact, the OPM offered these services a year after the data breach actually occurred so the danger of identity theft is significant.   None of the identity theft protection companies help you with the one best step you can take to protect yourself from identity theft which is to put a credit freeze on your credit report.  With a credit freeze on your credit report, even if someone has your personal information including your Social Security number, they cannot access your credit report for purposes of gaining credit or loans in your name.  You can find information about how to put a credit freeze on your credit reports at each of the three major credit reporting agencies by going to the Archives section of Scamicide and putting in the words “credit freeze.”

Scam of the day – November 8, 2016 – PayPal email phishing scam

November 8, 2016 Posted by Steven Weisman, Esq.

PayPal is a popular payment service used by many people particularly with eBay.  Therefore it can seem plausible when you receive an email that purports to come from PayPal asking you to clear up an undisclosed problem with your account.  However, anyone responding to the email copied below would either end up providing personal information to an identity thief or merely by clicking on the link could download keystroke logging malware that will steal the information from your computer and use it to make you a victim of identity theft.  DO NOT CLICK ON THE LINK.

This particular phishing email is not particularly sophisticated. Although it came with what appears to be a legitimate PayPal logo, that logo is easy to counterfeit.  More importantly It came from an email address of a private person rather than that of PayPal.  The address used, most likely is that of someone whose email account and computer was hacked in order for the identity thief to send out these phishing emails in mass quantities. It also is not directed to you personally as PayPal would do with all of its legitimate communications which is an indication that this is a phishing scam.  Finally, the words “recent” and “activity” improperly appear as “Recentactivity” without a space between the two words.

TIPS

The primary question we all face when we receive such an email asking for personal information or urging us to click on a link is how do we know whether to trust the email or not.  The answer is, as I always say, trust me, you can’t trust anyone.  Regardless of how legitimate such emails appear, you should not provide any personal information or click on any links until you have independently verified by phone call or email to an email address that you know is accurate that the request for personal information is legitimate.

 

.

Scam of the day – November 7, 2016 – Regions Bank phishing email

November 7, 2016 Posted by Steven Weisman, Esq.

Regions Bank is a large bank based in Alabama with more than 1,700 branches throughout the South, Midwest and even into Texas. Recently, I received a phishing email  that appeared to come from Regions Bank.  Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which  download malware or  trick you into providing personal information that will be used to make you a victim of identity theft, are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work.   The Regions Bank phishing email uses the common ploy of indicating that the bank needs you to verify personal information for security purposes.   As phishing emails go, this one is pretty good, but it does have some telltale flaws.   Although the email address from which it was sent appears to be legitimate, upon closer examination you can determine it is not an official email address of Regions Bank.  Also, although the email is quite short, it contains numerous grammatical errors and the word “Sincerely” is spelled wrong.  Most telling, the email is not directed to you by name and does not contain your account number in the email.  It is important to remember that merely because the email contains the exact logo of the bank does not mean that the communication is legitimate.  It is easy to obtain a copy of the logo on the Internet.

TIPS

Obviously if you do not have an account with Regions bank, you know that this is a phishing scam, but even if you do have an account with this bank, there are a number of indications that this is not a legitimate email from Regions Bank, but instead is a phishing email. Legitimate banks would refer to your specific account number in the email.  They also would specifically direct the email to you by your name.  This email’s salutation is a generic “Dear customer” without even capitalizing the word “customer.”  As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or smartphone and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the customer service number  for your bank where you can confirm that it is a scam, but make sure that you dial the telephone number correctly because scammers have been known to purchase phone numbers that are just a digit off of the legitimate numbers for financial companies, such as Regions to trap you if you make a mistake in dialing the real number.

 

Scam of the day – October 31, 2016 – Amazon phishing email

October 30, 2016 Posted by Steven Weisman, Esq.

A new phishing email is presently being circulated that attempts to lure you into clicking on links and provide personal information that can be used to make you a victim of identity theft.  Alternatively, merely by clicking on the links in some phishing emails, you may unwittingly download malware that will steal personal information from your computer or other device and use it to make you a victim of identity theft.  Even if you have the most updated versions of security software protecting your computer, laptop or smartphone you may not be protected from zero day exploits which is the name for the latest malware targeting vulnerabilities that have not yet been protected against by your security software.  It generally takes up to a month for the security software companies to provide patches for the latest strains of malware.

TIPS

In regard to this particular phishing email, there are a number of telltale signs that indicate that it is a scam.  Although the graphics are excellent, the email is not directed to you personally, but rather uses the generic salutation of “Dear Amazon.com Customer.”  In addition, there are numerous grammatical errors that could be attributable to the scammer possibly not having English as his or her primary language.  Also, the email address from which the email was sent was not from Amazon, but from an unrelated individual.  Most likely the email address used was that of another victim whose computer was hijacked and used as a part of a botnet to spread the phishing emails.  Of course, the best course of action is to never click on links or provide information in response to emails or text messages unless you have absolutely confirmed that the request is legitimate.  In this case, a quick telephone call to Amazon would have resulted in your quickly learning that the email was a scam.