Posts Tagged: ‘Identity Theft’

Scam of the day – July 25, 2014 – Important security updates for Java and other software

July 24, 2014 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always identifying and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates provide critical security updates for a number of important software programs which we all use which if not used will put you in serious jeopardy of identity theft and being hacked.  In particular, this round of security updates provides important security updates for Java software.  Java has been a favorite target of scammers and identity thieves so much that the Department of Homeland Security has even advised people who don’t have to use Java, to disable it.  For more information about Java software I suggest you check out earlier Scams of the day that dealt with Java problems.  You can find these in the Scamicide archives.

TIPS

Here is a link to the latest security alert and updates as issued by the United States Department of Homeland Security: https://www.us-cert.gov/ncas/bulletins/SB14-202

Scam of the day – July 22, 2014 – Malaysian Airliner Flight MH 17 scams

July 22, 2014 Posted by Steven Weisman, Esq.

With the world’s attention focused on the recent  shooting down of Malaysian Airlines Flight MH 17 over the Ukraine, it was inevitable that identity thieves and scammers would soon be exploiting this event toward their own criminal goals and that is just what is already happening.  There are a variety of scams that have sprung up that are using the shooting down of the airplane as a hook to scam members of the public.  One scam involves phony charities that are asking for donations for the benefit of the victims of the missile attack only to steal all of the donations.  Another scam involves emails, text messages or communications on social media, such as Facebook that promise startling video of the event.  One message reads “Video Camera Caught the moment plane MH17 Crash over Ukraine.  Watch here the video of Crash.”  If your curiosity gets the better of you and you click on the link to view the video, you may unwittingly download a keystroke logging malware program that will steal all of your personal information from your computer and make you a victim of identity theft.

TIPS

You should never give to a charity until you  have confirmed that it is legitimate.  Go to www.charitynavigator.org where you can not only find out whether or not the charity is legitimate, but also how much of your donation goes toward charitable purposes and how much goes to administrative costs and salaries.

As I always warn you, you should never click on any link in any email, text message, social media or other communication unless you are absolutely sure that it is legitimate.  In this case, the particular language that I reported above that is used to lure people to download malware is written in broken English and could be an indication that the source is a foreign scammer or identity thief.  If you must search for such video, stay with legitimate new sources such as CNN, ABC, CBS, NBC, Fox or other sources that can be trusted.

Scam of the day – July 20, 2014 – Cisco corrects router vulnerability

July 20, 2014 Posted by Steven Weisman, Esq.

Everyone is aware of our vulnerability to having our computers hacked through unwittingly downloading malware that often comes as an attachment to or a link in a phishing email that appears to be legitimate, but whose sole purpose is to lure us into downloading the malware that can steal the information from our computer and make us victims of identity theft.  However, few people are aware that hackers and identity thieves are now targeting the computers of individuals and businesses through their routers.   Cisco, one of the makers of home wireless routers has issued a security patch to remedy this problem.  As always, when security updates and patches are released, it is very important to make sure that you download and install the patches as soon as possible.

TIPS

Here is the link to the Cisco security patch as provided by the Department of Homeland Security: https://www.us-cert.gov/ncas/current-activity/2014/07/16/Cisco-Addresses-Wireless-Residential-Gateway-Vulnerability

It is important to note that other routers are also vulnerable to hackers so if you have one that is not made by Cisco, you should contact the maker of your router to learn what you can do to make its use safer.

Scam of the day – July 14, 2014 – Chinese hackers steal information from Federal Office of Personnel Management

July 14, 2014 Posted by Steven Weisman, Esq.

Hacking of American companies by Chinese hackers is not particularly startling as it is going on all of the time, however the federal government is now admitting that back in March Chinese hackers were able to hack into the data bases of the Office of Personnel Management and gain access to personal information on thousands of government workers.  What is particularly troublesome is that the Office of Personnel Management manages a program called e-QIP where federal employees who are seeking security clearances must provide much personal information including personal financial data.  It is not known what the purpose of the hacking was and whether or not it was government sanctioned or not.  What is known is that, just as the hacking into the computers of the United States Department of Energy last week, showed, government databases are just as vulnerable as those of private companies.

TIPS

So what does this mean to you?

First and foremost if you are someone whose information was maintained by the Office of Personnel Management you should be on heightened alert for identity theft.  You should check your credit report with each of the three major credit reporting agencies, Equifax, TransUnion and Experian.  You also would be wise to put a credit freeze on your credit reports at each of the three major credit bureaus to prevent someone with personal information about you from gaining access to your credit report and utilizing your credit.  You can find a detailed explanation of credit freezes along with instructions for getting one in the right hand column of the first page of Scamicide.  As for the rest of us, this is yet another lesson that you are only as safe from identity theft as the places with the weakest security that hold personal information about you.  Whenever possible limit the amount of personal information held by companies and governmental agencies with which you do business.  Also, do not leave your credit card number on file with any retailer with which you do business regularly.  It may be convenient to do so, but it increases your risk of identity theft if the company is hacked and your data is compromised.

Scam of the day – July 13, 2014 – Bank of Hawaii text message scam

July 13, 2014 Posted by Steven Weisman, Esq.

Recently many residents of Hawaii have been receiving a text message that appears to come from the Bank of Hawaii informing them that their accounts have been blocked or suspended or their lines of credit have been reduced.  They are also told in the text message to call 857-453-3714 and enter their account number and PIN in order to rectify the situation.  This is a  phishing scam and anyone providing that information to the scammer would end up becoming a victim of identity theft and having their accounts emptied.

TIPS

Regardless of how official such a text message may appear, you should never provide personal information to anyone in response to a telephone call, email or text message because in none of those situations can you be sure that the person contacting you is legitimate.  If you do receive a communication from a bank, government agency or any other person or entity that you think might have a legitimate need for personal information from you, you should call the real entity at a telephone number that you know is legitimate in order to ascertain the truth.  Banks do not call, text or email their customers asking for personal information.  You should always be skeptical of anyone asking for such information.  As  I always say, “trust me, you can’t trust anyone.”  This particular scam involved the Bank of Hawaii, but this scam is constantly being done around the country using the names of other banks.  As for those of you in Hawaii who may have fallen for this scam.  You should contact the real Bank of Hawaii at 888-643-3888 or by email at icare@boh.com for help.

Scam of the day – July 11, 2014 – Latest critical software security patches

July 11, 2014 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always identifying and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates provide critical security updates for a number of important software programs which we all use which if not used will put you in serious jeopardy of identity theft and being hacked.

TIPS

Here is a link to the latest security update from the Department of Homeland Security that contains links to many important software programs including various Apple products: https://www.us-cert.gov/ncas/bulletins/SB14-188

Here is a link to a recently released security update from Adobe.  Adobe products have been frequent targets of identity thieves and hackers so it is important to maintain your Adobe software up to date with the latest security patches: https://www.us-cert.gov/ncas/current-activity/2014/07/08/Adobe-Releases-Security-Updates-Flash-Player-and-Air

Here is a link to the latest Microsoft security update which includes patches for a number of important programs including Internet Explorer: https://www.us-cert.gov/ncas/current-activity/2014/07/08/Microsoft-Releases-July-2014-Security-Bulletin

Here is a link to the latest Cisco updates: https://www.us-cert.gov/ncas/current-activity/2014/07/09/CISCO-Addresses-Apache-Struts-2-Vulnerability

 

Scam of the day – July 10, 2014 – Indiana passes law to protect children from identity theft

July 10, 2014 Posted by Steven Weisman, Esq.

Children have become a ripe target of identity thieves and with good reason.  Armed with a Social Security number of a child, an identity thief can establish credit in the name of the child, abuse that credit with little chance that the child or his or her parents will become aware of the identity theft until the child reaches an age where they may be applying for financial aid for college or applying for a car loan.  It is only then that the child and his or her family become aware that the child’s credit report has been corrupted which can create substantial problems for that child, not only in obtaining a loan, but in getting a job, insurance, renting an apartment, getting a loan or in the many other areas where a credit report is used.  For adults, credit reports can be frozen such that even if someone has that person’s Social Security number and other identifying information, the person’s credit report cannot be accessed and used for fraudulent purposes, however except in a handful of states, the credit reports of children cannot be frozen.  Now Indiana has joined this small number of states that permit the credit reports of children to be frozen.  If your state does not have such a law, you should lobby your legislators to pass such legislation.

TIPS

Freezing a credit report is one of the most effective ways to prevent identity theft.  Unlike costly credit monitoring, which is often offered for free to victims of a data breach by the company whose data has been stolen, a credit freeze can actually stop forms of identity theft.  Credit monitoring merely tells you after the fact that you have been a victim.  It offers the same protection as someone who has just been hit by a truck while crossing the street and someone comes over to the victim lying in the road and informs him or her that he or she has been just been hit by a truck.  For instructions as to how to put a credit freeze on your credit report, go to the archives of Scamicide at the top of this page and type in “credit freeze.”

Scam of the day – July 9, 2014 – Spoofing scam

July 9, 2014 Posted by Steven Weisman, Esq.

Spoofing is a funny sounding word, but there is nothing funny about spoofing, which is the name for the scam tactic used by scammers by which they are able to fool your caller ID such that when you receive a call, it appears to come from a legitimate company, governmental agency, such as the IRS or even your own telephone number.  Sometimes the spoofed calls are automated robocalls in which you are asked for financial information in order to assist you in obtaining a lower interest on your credit card or some tempting ruse.  Other times there will actually be someone on the line purporting to be from a legitimate company or governmental agency.  Using either the carrot or stick approach, they either try to instill fear in you in order to lure you into providing personal information in order to avoid a problem with your bank, the IRS or some other entity or they use the carrot and try to entice you to provide your personal information in order to receive a prize or some other financial benefit.  In all cases you risk identity theft when you provide personal information by phone in response to any telephone call you receive.

TIPS

There are some basic precepts to remember to help protect you from being scammed by spoofed calls.  First, remember that your caller ID is not fool proof.  You cannot trust your caller ID to accurately inform you as to who is really calling you.  Second, the IRS does not initiate contact with taxpayers by email, text messages or phone calls so if you receive such a communication, you can be sure that it is a scam.  Third, robocalls are illegal except from charities or politicians so whenever you receive a robocall that purports to be from a company or governmental agency, you can be sure it is a scam.  You should never provide personal information to anyone over the phone whom you have not called.  If you ever receive a communication requesting personal information and you think it might possibly be legitimate, merely hang up and call the entity back at a number that you know is accurate and even then do not provide personal information unless there is a real need for it.

Scam of the day – July 8, 2014 – Gift card scam

July 8, 2014 Posted by Steven Weisman, Esq.

Many people are finding a tempting offer appearing in their email or as a text message.  In the communication you are told that you will receive a $50 gift card from a major company if you merely complete a short survey.  The survey looks official and the page has the official logo of a familiar company, however often what the scammers are seeking is personal information that can be used to make you a victim of identity theft.

TIPS

As I always say, “trust me, you can’t trust anyone.”  Merely because the text message or email appears to be official and carries a company’s logo does not make the communication legitimate.  It is very easy to copy a logo on to a text message or email and make the communication look official and legitimate when, in fact, it is a counterfeit and a scam.  No legitimate survey will ever ask for banking information, passwords, Social Security numbers, credit card information or banking information.  The only reason for asking for that information is to make you a victim of identity theft.  Finally, no company is going to be in a position to give everyone who completes a customer satisfaction survey a $50 gift card.  A legitimate company may enter you into a drawing to win such a card by completing a survey, but no company is giving away $50 gift cards to everyone.

Scam of the day – July 6, 2014 – Another AOL phishing scam

July 6, 2014 Posted by Steven Weisman, Esq.

Millions of people still use AOL and so scammers and identity thieves often send out phishing emails that appear to come from AOL, such as the one reproduced below.  The logo and format of this particular email that is presently circulating is quite poor.  Compare it to the excellent counterfeit phishing email I included in the Scam of the Day for Mary 31, 2014.  This one comes from an email address that has no relation to the company, AOL.  It does not contain any logo and it is not directed to the recipient specifically by name.  Like many similar scams, this one works by luring you into clicking on a link in the email in order to resolve an problem.  However, if you click on the link, one of two things will happen.  You either will be prompted to provide information that will be used to make you a victim of identity theft or by clicking on the link you will unwittingly download a keystroke logging malware program that will steal all of the information from your computer and use it to make you a victim of identity theft.   Here is how the email appears.  DO NOT CLICK ON THE LINK:

“Dear User,

Verify, to update your Premium Acc today

Service Team.

America Online”

TIPS

There are numerous reasons not to trust this email.  The email address from which it was sent has no relation to AOL.  It is not addressed to you personally.  It does not contain an AOL logo and the email is far too short and curt.  It is an obvious phishing email and its only purpose is to lure you into either providing personal information or downloading malware.  As I have warned you many times, never click on links or download attachments unless you are absolutely sure that the email is legitimate.  In this case, if you even had a slight thought that it might be legitimate, all you would have to do is to call the real AOL to learn that this was a phishing scam.