Scam of the day – January 6, 2017 – Yahoo customer service scam

Yahoo is warning its customers about a scam involving Yahoo customer service.  Certainly with the disclosure over the last couple of months that a billion people had their personal information stolen from Yahoo, there may be many people with a need for customer service from Yahoo, however the scam involves a Yahoo customer service phone line.    Scammers are posting telephone numbers for Yahoo customer service and charging people for their services where, at best, they do nothing for you and, at worse, they steal the information you provide when you speak with them to make you a victim of identity theft.

Yahoo only provides customer services through email, chat, social media, help articles or its Yahoo Help Community forums.  They do not provide customer service by phone and they never charge for customer service.

TIPS

For information about Yahoo customer service you can learn where to get help by going to this Yahoo link.

https://help.yahoo.com/kb/SLN26180.html

If you are in need of customer service in regard to your Yahoo account and want to access its Help Community forums, you can do so by clicking on this link.

https://forums.yahoo.net/

 

Scam of the day – December 14, 2016 – Amazon phishing email

A phishing email that appears to be from Amazon is presently circulating and luring unsuspecting victims into providing personal information that results in identity theft.  A copy is reproduced below.

The email looks legitimate and with so many people shopping online through Amazon it is likely to trick many people into thinking it is legitimate.  As with many phishing emails, it falsely indicates that there is a problem that requires your immediate attention.  In this case it is a shipping problem that requires you to resubmit your information including your credit card information.  If you do so you will end up becoming a victim of identity theft.

TIPS

If you receive such an email and have any concern that it may be legitimate, you should contact Amazon by phone or online at a telephone number that you know is correct or at its website.  Do not click on links in such emails or text messages to establish contact with Amazon. Doing so will only put you in touch with the scammers.  Also, be careful when you call Amazon because scammers sometimes obtain telephone numbers that are only a digit off from the real telephone number to catch unsuspecting victims who call the wrong number by mistake.

Scam of the day – December 8, 2016 – Holiday online shopping scams

Imagine Andy Williams singing, “It’s the Most Wonderful Time of the Year” and it may indeed be the most wonderful time of the year for many people, but it is not so wonderful if you have been scammed by cybercriminals who really do find the holiday shopping season to be the most wonderful time of the year – for them.   I received an email today showing me how I could get iPads and iPhones at 90% discounts by clicking on links and ordering them online.  If I had clicked on the links, all I would have succeeded in doing would have been paying electronically for goods that I never would have received.  Meanwhile, by clicking on the links, I also would have run the risk of unknowingly downloading keystroke logging malware that could have stolen all of the information from my computer, such as my Social Security number, credit card number and other financial data and made me a victim of identity theft.

People also get in trouble when they go to phony websites that appear to be those of legitimate retailers and turn over their credit card information to a scammer and never get the goods they think they are purchasing.

TIPS

If an offer sounds too good to be true, it usually is.  Scammers always pick the most popular and expensive items to lure people into sending them money for goods that never are delivered.  Never click on links in emails, tweets or text messages unless you are sure the communications are legitimate and it is hard to do so without calling the legitimate company because even if it truly appears to be coming from a legitimate person or entity, their email, twitter, or smart phone may have been hacked into and the communication you receive is from a scammer.  Only deal with companies that you know are legitimate and confirm that you are actually on a legitimate website because phony websites can look quite good.

As for online shopping websites, there are a few ways you can determine whether or not a shopping website is legitimate or not.  First, find out who actually owns the website. Websites such as http://lookwhois.net/ will enable you to merely put in the URL and see who actually owns the website you are considering using for shopping.  If it doesn’t match the  legitimate company that you think you are doing business with, you will know to stay away.  Also, call the company at a telephone number you know is legitimate to confirm the precise website URL that they use.

Scam of the day – November 29, 2016 – Giving Tuesday scams

Following the major shopping days referred to as Black Friday and Cyber Monday now comes Giving Tuesday which was first designated as a special day to focus on helping out people in need through charitable gifts in 2012.  This is a time of the year when many people are receptive to solicitations from charities.  Unfortunately, not all of those solicitations will be from legitimate charities.  Many of those calls, letters and emails will be from scammers posing as charities.

Even if you are on the federal Do-Not-Call List, which I strongly recommend unless you want to talk to telemarketers, the law permits charities to contact you by phone.  Unfortunately, whenever you receive a telephone call, you can never be sure who is really calling you.  Even if your Caller ID indicates that the call you are getting is coming from a charity whose name you recognize, the call actually may be from a scammer using a technique called Spoofing to make it appear that the call is legitimate when it is not.  The truth is that the call you receive may or may not be from a legitimate charity or a telemarketer on behalf of a legitimate charity and you have no way of knowing who is really on the other end of the line.

TIPS

When you receive such a call from a telemarketer or someone purporting to represent a charity, if you are interested in the particular charity, the best thing you can do is just to ask them to send you written material.  Do not provide your credit card number over the phone to anyone who calls you because you cannot be sure that they are legitimate.   Also, as I have warned you in the past, many phony charities have names that are similar to real charities so it is always a good idea to investigate a charity before you make a charitable contribution.  In addition, when you receive a charitable solicitation telephone call from a telemarketer, the telemarketer is generally being paid a commission for the money he or she collects.  Thus, your contribution to the charity is diluted by the amount that goes to the telemarketer although as Jerry Seinfeld would say, “not that there is anything wrong with that.”    However, if you really want to make your charitable contribution go farther, you will  be  better served by first checking out the particular charity at www.charitynavigator.org where you can find out not only if the particular charity is legitimate, but also how much of your contribution goes toward administrative costs and how much actually goes toward the charity’s charitable work.  Charitynavigator.org will also show you the best address to send your contribution.  Then you can make your contribution directly to the charity without any amount being deducted for fund raising expenses.

Scam of the day – November 27, 2016 – Holiday package delivery scams

Today’s scam of the day is one that is with us throughout the year, but becomes much more common during the holiday shopping season.  It involves package deliveries from UPS, Federal Express or other delivery services and has a number of different variations.  In one variation, you receive an email that looks quite official and may even carry the logo for UPS, Federal Express or some other courier service.  The email tells you that there is a package for you, but you need to make delivery arrangements.  You then are instructed to either provide personal information, such as your credit card number or merely to click on a link.  If you provide personal information, you have just turned over that information to an identity thief.  If you click on the link, you will be downloading keystroke logging malware that will steal the information from your computer and use it to make you a victim of identity theft.

In another variation of the scam, a notice of attempted delivery is left on your door with a telephone number for you to call and arrange for delivery of the package.  Once you call, the person answering requires you to provide personal information in order to confirm the order.  Of course, no delivery service needs any personal information from someone to whom they are delivering a package.  If they ask for such information, it is a scam.  And think about it.  Why would a deliver service need your Social Security number or credit card number if you are receiving a package?

TIPS

As I have told you many times, you cannot trust any link in an email until you have confirmed that the email is legitimate.  In this case, you should call the delivery service at a number that you know is accurate to confirm whether or not the email was legitimate.  You will then find that the email was a scam.  Delivery services do not send emails to the people receiving packages.  They don’t even know your email.  As for a telephone call from someone purporting to be a delivery service employee, you can never be sure whether someone really is who they say they are on the phone, so once again, you should call the delivery company at a number that you know is accurate to confirm whether or not the call was legitimate.  Finally, remember, no delivery service ever needs your personal information such as credit card number, Social Security number or birth date.  Anytime anyone asks for that information on a phone call to you, you should just hang up.

Scam of the day – November 26, 2016 – Naval records at Hewlett Packard hacked

In an all too familiar story, it has just been disclosed that personal information including names and Social Security numbers of 134, 386 present and former Navy employees was compromised in a hacking of a laptop of a Hewlett Packard employee.  Hewlett Packard had this information through a contract on which it was working for the U.S. Navy.  Further details of the hacking have not been released, but the fact that such a hacking occurred leads to concerns that the pattern established years ago in hacking of NASA laptops in which the laptops were not password protected and the data contained therein was unencrypted is repeating itself.

TIPS

The continuing negligence of many companies and government agencies in not properly protecting sensitive personal data that can readily be used for purposes of identity theft is disappointing and startling.  There are many simple security steps that are easily taken, such as password protecting laptops and other electronic devices as well as encrypting sensitive data and the use and updating of security software that should be done by all companies and government agencies without exception.

The lesson, however, is one that we should also practice in our own lives.  We as individuals are regularly targeted by identity thieves so al of us should protect each of our electronic devices with a unique password, sensitive data should be encrypted and stored in the cloud or in a portable hard drive, dual factor authentication should be used whenever possible, install and update security software on all of your electronic devices and don’t click on links in emails or text messages unless you have absolutely confirmed that they are legitimate.  These are just a few of the simple protocols we should all follow to decrease the chances of our becoming victims of identity theft.

Scam of the day – November 18, 2016 – Yet another Chase phishing scam

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which  download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work.  Reproduced below is a copy of a new phishing email presently circulating that appears to come from Chase Bank.  I have taken out the name of the addressee, but it was directed to the email address of the person receiving the email.  I also have removed the link directing the person to click on to receive an important security message.  Chase is a popular target for this type of phishing email because it is one of the largest banks in the United States.  Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond. As phishing emails go, this one is pretty good.  It looks legitimate.  However, the email address from which it was sent is that of an individual totally unrelated to Chase and is most likely the address of an email account of someone whose email account was hacked and made a part of a botnet of computers used by scammers to send out phishing emails.   As so often is the case with these type of phishing emails, it does not contain your account number in the email.  It carries a legitimate looking Chase logo, but that is easy to counterfeit.

Chase logo

Dear ******************

You have 1 new Security message From Chase Online Bank.

Click your email here to view the message *****************

As this e-mail is an automated message, we can’t reply to any e-mails sent by return.

JPMorgan Chase Bank, N.A. Member FDIC
©2016 JPMorgan Chase & Co

TIPS

There are a number of indications that this is not a legitimate email from Chase, but instead is a phishing email. Legitimate credit card companies would refer to your specific account number in the email.  They also would direct the email to you by name rather than directing it to your email address.   As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or smartphone and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the customer service number where you can confirm that it is a scam, but make sure that you dial the telephone number correctly because scammers have been known to buy phone numbers that are just a digit off of the legitimate numbers for financial companies, such as Chase to trap you if you make a mistake in dialing the real number.

Scam of the day – November 15, 2016 – Post election scams

Merely because the presidential election is over doesn’t mean that scammers are not using the election as a further opportunity to scam people out of their money.  Scammers are always exploiting whatever is foremost in the minds of people and with a close election exposing how deep the divide is between many Americans, scammers are utilizing new scams designed around the election.

Both President Elect Trump supporters as well as his detractors will legitimately be doing fund raising at this time for their respective causes while emotions are running high.  You can expect to be contacted by phone, text messages, social media and email about contributing to various organizations claiming to advance your cause, whatever it may be.  Many of these people contacting you will be scammers.  Trust me, you can’t trust anyone.

You also may be contacted by scammers posing as people either taking a political survey or petitioning about current issues, such as the electoral college.  The danger here is that the scammers lure people into trusting them and then ask for personal information, such as birth dates and Social Security numbers that can be used for purposes of identity theft.

TIPS

Whenever, you are contacted by phone, text message, email or through social media, you cannot be sure who is really contacting you so you should never give out personal information including credit card information to anyone contacting you in those ways unless you have independently verified that the contact is legitimate.

No legitimate pollster and no one asking you to sign a legitimate petition needs your Social Security number so never give it to anyone asking you to sign a petition.

Scam of the day – November 13, 2016 – Important update for victims of the OPM data breach

I initially reported to you in 2014  that  the federal Office of Personnel Management (OPM) was hacked by Chinese hackers who stole personal information of  what was initially thought to be the personal information of about four million present and former federal employees as well as non-employees whose information was gathered by the OPM during the course of background investigations of federal employees.  At that time, the OPM offered free credit restoration services and credit monitoring to the victims through Winvale/CSID.  Then in 2015,  the OPM discovered a much larger data breach affecting more than twenty-one million people and again offered free credit restoration services and credit monitoring services.   Now the contract of  OPM with Winvale/CSID to supply those free credit restoration and monitoring services will end on December 1st.  If you were affected by the initial breach and had availed yourself of the free services offered by OPM, you will need to re-register with the new company, ID Experts.  You can do so by clicking on this link. https://www.opm.gov/cybersecurity

Victims of the second OPM data breach who applied for free credit restoration and monitoring services were already covered by ID Experts so they need not reapply.

TIPS

If you were a victim of the first  OPM data breach,  you should click on the link above and sign up for the free services.

It is important to remember that no identity theft protection company can prevent you from becoming a victim of identity theft.  The best they can do is notify you earlier that you have become a victim.    In fact, the OPM offered these services a year after the data breach actually occurred so the danger of identity theft is significant.   None of the identity theft protection companies help you with the one best step you can take to protect yourself from identity theft which is to put a credit freeze on your credit report.  With a credit freeze on your credit report, even if someone has your personal information including your Social Security number, they cannot access your credit report for purposes of gaining credit or loans in your name.  You can find information about how to put a credit freeze on your credit reports at each of the three major credit reporting agencies by going to the Archives section of Scamicide and putting in the words “credit freeze.”

Scam of the day – November 8, 2016 – PayPal email phishing scam

PayPal is a popular payment service used by many people particularly with eBay.  Therefore it can seem plausible when you receive an email that purports to come from PayPal asking you to clear up an undisclosed problem with your account.  However, anyone responding to the email copied below would either end up providing personal information to an identity thief or merely by clicking on the link could download keystroke logging malware that will steal the information from your computer and use it to make you a victim of identity theft.  DO NOT CLICK ON THE LINK.

This particular phishing email is not particularly sophisticated. Although it came with what appears to be a legitimate PayPal logo, that logo is easy to counterfeit.  More importantly It came from an email address of a private person rather than that of PayPal.  The address used, most likely is that of someone whose email account and computer was hacked in order for the identity thief to send out these phishing emails in mass quantities. It also is not directed to you personally as PayPal would do with all of its legitimate communications which is an indication that this is a phishing scam.  Finally, the words “recent” and “activity” improperly appear as “Recentactivity” without a space between the two words.

TIPS

The primary question we all face when we receive such an email asking for personal information or urging us to click on a link is how do we know whether to trust the email or not.  The answer is, as I always say, trust me, you can’t trust anyone.  Regardless of how legitimate such emails appear, you should not provide any personal information or click on any links until you have independently verified by phone call or email to an email address that you know is accurate that the request for personal information is legitimate.

 

.