Posts Tagged: ‘Identity Theft’

Scam of the day – July 26, 2016 – Real estate closing scam

July 26, 2016 Posted by Steven Weisman, Esq.

On January 20th’s Scam of the day, I first told you about an intricate email scam targeting people involved in the sales of residential real estate that has increased over the past year both in the United States and the UK.  I mention it again today because of recent reports of this scam occurring in the small town of Dewey Oklahoma where Lacey Monday became a victim of the scam.  The scam begins with the hacking into the email account of one of the parties involved with a residential real estate conveyance.  This can be either the buyer, seller, lawyers, title company, real estate agent or banker.  In Lacey Monday’s case it was her title company whose email was hacked.  Unfortunately, hacking into email accounts is a relatively easy thing for a skilled identity thief to do.  The hackers then monitor the communications regarding the progress of the sale of a particular piece of real estate and when the time is right,  generally posing as one of the lawyers, title company or bank mortgage officer, the scammer will email the buyer, telling him or her that funds necessary to complete the sale need to be wired to the phony lawyer’s, title company’s or banker’s account provided in the email.  Everything appears normal so unsuspecting buyers too often are wiring the money to the cyberthieves who then move the funds from account to account to make it difficult to trace the funds.  In Lacey Monday’s case, she lost $25,000 to this scam.  The fact that this scam can occur in small towns as well as large cities show how these types of scams are a threat to you regardless of where you live.


Even if you are not involved in buying or selling a home, it is always a good idea to protect your email account from being hacked.  This means having a strong password and security question.  You can find information about how to pick strong passwords and security questions here in the Scamicide archives as well as in my book “Identity Theft Alert.”  Maintain good anti-virus and anti-malware software on all of your electronic devices including your computer as well as your smartphone and keep your security software up to date with the latest security patches as soon as they are made available.  Don’t click on links in emails or text messages that may contain malware that can steal your personal information from your electronic devices and remember, your security software is always at least thirty days behind the latest malware.

Don’t use public wifi for any financial or business purposes.  Use a virtual private network to encrypt your data when using your electronic devices in public.  Never provide personal information in response to an email regardless of how legitimate it may appear until you have independently confirmed that the email is legitimate.  Finally, whenever you are asked through an email or text message to wire funds as a part of a real estate or other business transaction, don’t do so until you have confirmed that the request and the account to which you are being asked to wire the funds are legitimate.  Appearances can be deceiving so always confirm.  It may seem a bit paranoid, but remember, even paranoids have enemies.

Scam of the day – July 4, 2016 – Steve Weisman’s latest column from USA Today

July 4, 2016 Posted by Steven Weisman, Esq.

Sometimes the job of protecting ourselves from identity theft can seem to be overwhelming, which is why I wrote this column for USA Today that provides you with some simple and easy to take steps to reduce your chances of becoming a victim of identity theft.  Here is a link to that column.

June 18, 2016 – Steve Weisman’s latest column from USA Today

June 18, 2016 Posted by Steven Weisman, Esq.

Even intelligent, tech-savvy people like Mark Zuckerberg can be hacked if they don’t take essential precautions to protect themselves from hacking and identity theft.  Here is a link to my latest column from USA Today with tips about how you can protect yourself from being hacked or becoming a victim of identity theft.

May 21, 2016 – Steve Weisman’s latest column from USA Today

May 21, 2016 Posted by Steven Weisman, Esq.

Here is a link to Steve Weisman’s latest column from USA Today.  As if there isn’t enough to worry  about, this column deals with the very real problems that arise when a criminal who has stolen your identity commits crime in your name.

Scam of the day – April 22, 2016 – Epidemic of ATM skimmers

April 22, 2016 Posted by Steven Weisman, Esq.

As regular readers of Scamicide know, skimmers are small electronic devices that are easily installed by an identity thief on ATMs and other card reading devices, such as at gas pumps.  The skimmer steals all of the information from the credit card or debit card used which then permits the identity thief to use that information to access the victim’s bank account when the skimmer is used on a debit card.  If a credit card is used, the identity thief can use the stolen information to access the victim’s credit card account.  Each skimmer can hold information on as many as 2,400 cards.  Recently, FICO Card Alert Service, a company that monitors ATM activity on behalf of banks issued a report indicating that last year the use of skimmers on ATMs increased by 600% over the previous year.


Always look for signs of tampering on any machine you use to swipe your credit card or debit card.  If the card inserting mechanism appears loose or in any other way tampered, don’t use it.   Debit cards, when compromised through a skimmer put the customers at risk of having the bank accounts tied to their cards entirely emptied if they do not report the theft promptly and even if they report the theft immediately, they will lose access to their bank account while the matter is investigated by the bank.  Skimmers at ATMs are often coupled with a thin, clear electronic device that goes on top of the keyboard to capture the victim’s PIN to enable the identity thief to access the account of the victim whose account number was captured through the skimmer.  Debit cards should not be used for purchases at gas pumps or for other retail purchases because the legal liability laws related to stolen debit card information are not as protective as the laws relating to fraudulent credit card use.  The FICO Card Alert Service report noted that 60% of the skimmer attacks were done on private, non-bank ATMS so you may wish to avoid those ATMS when possible.

Credit card rules required the use of new EMV smart chip credit card equipment by retailers to process these cards by October 1, 2015 in order for the retailer to avoid liability.   These rules, however, do not apply to the use of credit or debit cards at ATMs and gas pumps where the deadline to switch to the EMV smart cards is not until October 1, 2017 so you can expect identity thieves to continue to focus their attention on gas pumps and ATMs.

Scam of the day – March 27, 2016 – Anonymous non-hacking of Donald Trump

March 27, 2016 Posted by Steven Weisman, Esq.

Following the recent terrorist attacks in Paris by ISIS, the hacktivist group Anonymous declared war on ISIS and claimed to have taken down thousands of its Twitter accounts as well as a number of its websites including a recruitment website.  Now, in the wake of the ISIS terrorist attack in Belgium, Anonymous just posted a video in which it again promised that it would be doing cyberattacks against ISIS Twitter accounts as well as threatening to steal the bitcoins of ISIS.

However, Anonymous has many targets of its wrath and on March 18th, it released what it said, at that time, was personal information of another of its enemies, namely Donald Trump.  In its March 18th posting Anonymous released what it claimed was personal information of Trump including his cell phone number and Social Security number.  The response of Trump, the FBI and the Secret Service  was swift but now appears to be misguided because in another video just posted by Anonymous, it revealed that it did not hack Trump’s various accounts to gain the personal information it previously posted, but merely went to online sources available to everyone from public records and online search engines such as Google.  As for Trump’s cell phone number, the number that was posted by Anonymous was actually one Trump himself had posted in a tweet.


Perhaps the biggest lesson from all of this to everyone is recognizing just how much personal information is available about us all from public records, websites and data banks readily available to anyone.  However, it is also important to note that often we are our own worst enemies by posting too much personal information on various social media sites which can be gathered and used by cybercriminals for purposes of identity theft.  It gives us all something to think about when you post your birth date or other personal information on Facebook or other social media.

Scam of the day – March 19, 2016 – TurboTax phishing email

March 19, 2016 Posted by Steven Weisman, Esq.

Turbo Tax is a popular online tax preparation company used by many people so it should come as no surprise, particularly at this time of year, that a phishing email is presently being circulated that appears to come from Turbo Tax with the title “Important Privacy Changes” in an attempt to get people to click on the link contained in the email purportedly to opt out of having their personal information shared with others.  The email is not sent by Turbo Tax.  It is a phishing scam intended to lure people into clicking on the link which will download keystroke logging malware that will steal your personal information from your computer, smart phone or other electronic device and use it to make you a victim of identity theft.

Here is a copy of the email presently being circulated, DO NOT CLICK ON THE LINK:


The first line of defense against phishing emails is to have good anti-virus and anti-malware software installed on all of your electronic devices as well as to take advantage of anti-phishing features in your web browser.  Also, keep all of your security software up to date with the latest security patches as soon as they are available.  However, even if you have the most up to date security software, it will not protect you from the latest malware.  Security software is always at least thirty days behind the newest “zero day” malware.

Never click on links in any text message or email unless you have absolutely confirmed that the link is legitimate and safe.  In a case such as this, the safest route is to avoid the email entirely and go directly to the website of the company, in this case Turbo Tax to find out if the email was legitimate or not.  When going to the company website, don’t go by clicking on links or typing in addresses contained in the text message or email.  Instead, independently type in the name of the website in your browser.

Scam of the day – March 3, 2016 – Identity thieves stealing W-2s

March 2, 2016 Posted by Steven Weisman, Esq.

Income tax identity theft is a multi billion dollar problem that costs the government and, by extension,  we the taxpayers billions of dollars each year while tremendously inconveniencing the individual taxpayers whose identities are stolen as it generally takes the IRS months to fully investigate each instance of identity theft and send to the victimized taxpayer his or her legitimately owed tax refund.  Armed with a potential victim’s name and Social Security number, it is a simple matter for an income tax identity thief to file a phony return with a counterfeit W-2 to obtain a fraudulent income tax refund.

Now, it appears sophisticated income tax identity thieves are stealing large numbers of legitimate W-2s containing all of the information the identity thieves need to file a fraudulent income tax return by sending phishing emails to HR and accounting departments within companies often posing as the CEO of the company or someone else in upper management requesting copies of all employee W-2s under various guises.  Other times, payroll management companies have been targeted using the same type of phishing emails.  In some instances, the phishing emails have been recognized as scams, but in other instances, companies have unwittingly handed over thousands of W-2s to clever identity thieves.


All companies have got to do a better job of training employees to recognize phishing emails and installing anti-phishing software programs.  In addition, dual factor authentication should be used before transmitting sensitive data to make sure that the person to whom the material is being sent is really who they represent they are.  These same lessons that apply to companies also apply to all of us as individuals, as well.  Phishing is done to steal the identities and information of unwary individuals every day and the best way to protect yourself is to start with remembering my motto, “trust me, you can’t trust anyone.”  Never provide personal information to anyone who asks for it by phone, text message or email unless you have absolutely confirmed that the request is legitimate and the person or company requesting the information has a legitimate need for the information.  Never click on links or download attachments from emails or text messages unless you have confirmed they are legitimate because those links and attachments could contain keystroke logging malware that can steal all of the information from your computer and use it to make you a victim of identity theft.  Finally, keep all of your electronic devices including your smartphone up to date with the latest security software patches.

Scam of the day – February 5, 2016 – Data breach at the University of Central Florida

February 5, 2016 Posted by Steven Weisman, Esq.

The University of Central Florida has announced that its computer system had been hacked and data on as many as 63,000 present and former students, faculty and staff was taken.  The stolen data includes data on employees of the University going back as far as the 1980s  Included in the compromised data were names and Social Security numbers which can be used by hackers for purposes of identity theft.  Although the data breach was discovered last month, it was only announced yesterday in order to give the University time to conduct an investigation into the matter. Everyone affected by the data breach will receive a letter in the mail with information about how to sign up for free credit monitoring and identity theft protection services.  The University will not be contacting people by email or text messages, so if you do receive such a communication related to this data breach, it is a scam.


The initial letters to those affected by the data breach will be going out today, but you can also call a special hot line set up by the University for more information at 877-752-5527 or go to the website set up by the University to provide information and assistance to those involved in the data breach.  The website is

Although in this instance, the Social Security numbers of those affected by the data breach legitimately needed to be obtained by the University because the bulk of those whose data was compromised were employees of the University including students involved in work-study programs, colleges and and universities are notorious for both gathering personal information that they often do not need as well as storing and maintaining that information long after the need for that information no longer exists.  So long as colleges and universities continue to both gather large amounts of personal information and fail to adequately protect that information, they will continue to be targets of hackers and identity thieves.

January 16, 2016 – Steve Weisman’s latest column from USA Today

January 16, 2016 Posted by Steven Weisman, Esq.

Here is a link to Steve Weisman’s latest column from USA Today which contains more important tips to help protect you from identity theft in the new year.