Posts Tagged: ‘Identity Theft’

Scam of the day – July 8, 2015 – Harvard hacked: what does it mean to you?

July 8, 2015 Posted by Steven Weisman, Esq.

Harvard University recently announced that it had been hacked for the second time in just four months.  The data breach appears to be limited to the Faculty of Arts and Sciences and Central Administration information technology networks and, fortunately, does not appear to have compromised either research data or personal information of students and faculty, such as Social Security numbers.  More and more colleges and universities are targets of hackers, as I described to you most recently in May 16th’s Scam of the day regarding the major data breach at Penn State.  American engineering schools, including MIT, and Carnegie Mellon, have been targets of Chinese state sponsored hacking for many years.  The goal of these hackings have been to gain information for both commercial and national defense purposes.  However, colleges in general are targeted by hackers seeking personal information for purposes of identity theft.  One reason that colleges and universities are such a tempting target for identity thieves is that they gather and retain so much personal information on applicants, students, faculty and alumni.  Making the problem worse is that college and university computer networks are generally readily accessible by so many people that it becomes difficult to secure these networks.

TIPS

I have written many times of the extreme vulnerability of colleges and universities, which gather and keep much personal information for which they have no real need, such as the Social Security numbers of applicants to the schools or Social Security numbers of alumni.  Coupled with lax security at many colleges and universities, this gathering and keeping of personal information for which the schools have no need puts the people whose information is affected in great danger of identity theft.  It is important for all of us to always inquire as to any company or agency that has personal information of ours as to what they do to keep this information secure.

For those people who may have been affected by the Harvard data breach, here is a link to Harvard’s official announcement of the data breach with details of the breach as well as suggestions for action by those affected.  http://security.harvard.edu/cyber-alert/faqs

Scam of the day – July 6, 2015 – Windows 10 update scams

July 5, 2015 Posted by Steven Weisman, Esq.

The new Windows 10 operating system is coming.  It is scheduled to start being released on July 29th.  However, if you are a user of Windows 7 or Windows 8.1 you are eligible to receive the new Windows 10 operating system for free.  Microsoft is letting these customers reserve the new operating system now.  Microsoft is notifying customers through a new icon on your taskbar or a popup message as indicated in the screen photo below.  Clicking on the message will take you to a page where you can sign up by merely providing your email address.  Once Windows 10 is available Microsoft will then download it to your computer. Over the years Microsoft has issued new operating systems after years of patches and updates of the previous operating systems.  When it became too cumbersome and difficult to patch the old operating systems, new ones were released.  Unfortunately, many individuals and companies still use the old operating systems, such as Windows XP although they were warned for years that new security update would no longer be issued after a specific date.  People and companies continuing to use the old operating systems, particularly Windows XP have become easy targets for hackers exploiting the vulnerabilities of the older operating systems.

W10_Laptop_AUX_Build_16x9_en-US_070115-01

TIPS

The release of Windows 10 will be exploited by scammers and identity thieves.  In particular you may receive emails or text messages with links or downloads that purport to be of Windows 10.  Don’t trust them.  Microsoft is not contacting people by emails or text messages regarding Windows 10.  Any email or text message, regardless of how legitimate it may look, that purports to be from Microsoft asking you to download an attachment or click on a link to install your Windows 10 is a scam.  If you click on those links or download those attachments all you will succeed in doing is downloading keystroke logging malware that will steal the information from your computer and use it to make you a victim of identity theft.  Microsoft will  also not be calling you on the phone to install Windows 10 either, so if you get a telephone call in which the caller represents that he or she is from tech support at Microsoft to help you download Windows 10, just hang up.  The call is from an identity thief only seeking to get access to your computer and its data.

Scam of the day – June 8, 2015 – Woman steals identity of 83 year old man to pay for breast augmentation

June 8, 2015 Posted by Steven Weisman, Esq.

Just when you think you have heard everything, something new comes along and that is just what happened recently when 39 year old Brandie Bloor was convicted of fraud and identity theft stemming from her theft of the identity of an 83 year old man, taking out a loan in his name and then using the proceeds to pay for a tummy tuck, liposuction and breast implants.  The crime came to light when the identity theft victim started receiving notices that he was behind in his loan repayments.  At first, Bloor said that she too was a victim of identity theft and that she was not the person who received the cosmetic surgery, however, an identifying rose tattoo on her abdomen gave her away.  She then said that she earned the money as an escort for the senior citizen, but this lie too was soon disproved.  This is not Ms Bloor’s first brush with the law.  Among her convictions are fifteen for forgery alone.  She has pleaded guilty and is now awaiting sentencing.

TIPS

The first inkling that the victim got that he was a victim of identity theft was letters from the loan company about a loan he had never taken out.  Whenever you receive any communication about a debt that you have not incurred, you should not delay in contacting the creditor to dispute the bill and then check your credit report for other indications that your identity has been stolen and your credit affected.  In my book “50 Ways to Protect Your Identity and Your Credit” I describe the steps you need to take to correct mistakes in your credit report.

Scam of the day – May 4, 2015 – Hacking group threatens Cape Coral, Florida police

May 4, 2015 Posted by Steven Weisman, Esq.

Just three days ago I told you about an FBI warning to police departments around the country that hackers are actively attempting to not only hack into the computers of the police departments, but also searching the Internet for personal information on police officers and then making this information public, which can put the officer in danger of identity theft or worse.  This tactic which is called “doxing” has now been used against the Cape Coral, Florida Police Department.  Hackers claiming to be in the notorious hacking group, Anonymous posted videos online threatening members of the Cape Coral, Florida Police Department with doxing in response to a recent conviction of Travis Robey on charges of violently resisting a police officer stemming from an incident last June.  Hackers, claiming to be part of Anonymous posted personal information about members of the Cape Coral Police Department including their names, addresses and phone numbers, which they said they obtained by hacking into the computers of the Cape Coral Police Department.  The Cape Coral Police Department denies that their computers have been hacked and are conjecturing that Anonymous managed to get this information from public sources.

TIPS

There are many lessons to be learned from this.  As I have reported in the past, police departments have become a frequent target for hackers including those who have used Ransomware to prevent police departments from being able to access their data unless they pay a ransom as well as malicious hackers who use doxing to put officers in jeopardy.  In many instances, the information obtained is information that can be found through social media or public data sources and this should serve as a stern warning to all of us to be more careful about the personal information that we put on social media or share with other public sources.  The less information that is available about you on line, the safer you are from identity theft and other personal threats.

Scam of the day – April 17, 2015 – Mass email service hacked

April 16, 2015 Posted by Steven Weisman, Esq.

Many people may not be aware of SendGrid, but there is a good chance that you have received an email from them.  SendGrid is a mass email service that is used by 180,000 companies worldwide including Uber, Pinterest, Spotify and Foursquare when companies wish to send mass email messages to their customers, such as when a company wants to alert customers to a service update. When you receive an email from SendGrid or other such mass email services, it appears that the message is being sent by the company with which you have an account, but it actually comes from SendGrid or other mass email services.  Last week one of the companies that uses SendGrid had its SendGrid account hacked in an attempt to hack into the company’s account with Coinbase, a Bitcoin exchange.  Although the company, unnamed by SendGrid, had its account with Coinbase hacked,  according to SendGrid no Bitcoins were stolen.  Last year a similar attack aimed at stealing Bitcoins from another SendGrid client, ChunkHost was foiled because, Chunkhost used dual factor authentication, preventing the hacker from accessing the Bitcoins in Chunkhost’s account even after the hackers had managed to steal ChunkHost’s password.  More and more hackers are trying to hack into the accounts of users of mass email services such as SendGrid because it enables the hacker to make his or malware containing message appear to come from a trusted source.

TIPS

Remember my motto, “trust me, you can’t trust anyone.”  Merely because an email or text message appears legitimate or appears to come from a trusted email address is no reason to trust the message and click on links contained in the email or text message or download attachments to such emails or text messages.  The risk is too great.  Never click on links or download attachments unless you are absolutely sure that they are safe and legitimate.  Even if you are protected by the latest security software, you are still not safe because the most updated anti-malware and anti-virus software is always at least a month behind the latest malware.

Scam of the day – March 14, 2015 – Latest Security updates from the Department of Homeland Security

March 13, 2015 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  The recent discovery and then patching of the FREAK vulnerability is a good example of how important it is to update your software with the latest security patches as soon as possible.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  Users of the affected programs should make sure that they update their software with these latest security patches as soon as possible.

TIPS

Here is the link to the Department of Homeland Security software updates: https://www.us-cert.gov/ncas/bulletins/SB15-069

Scam of the day – February 23, 2015 – Chase Online bill pay scam

February 23, 2015 Posted by Steven Weisman, Esq.

Today’s Scam of the day comes from my own email, however, I am sure many of you have received this, as well.  It is a phishing email that is intended to lure the recipient into providing personal information that will be used to make that person a victim of identity theft.  As typical with this type of phishing email, it is intended to make you think there is an emergency to which you must respond.  It looks pretty official, but there are some telltale signs that it is a scam.  First, is that although I did not include the email address of the sender, the email address is that of a private individual, not Chase although often identity thieves will use email addresses that appear to be official.  In this case, undoubtedly the email address used is part of a botnet whereby identity thieves have infiltrated the computers of innocent victims and then use their computers and email accounts to send out the fraudulent email.  Another telltale sign is that the email is directed to me, not by name, but rather as “Dear Customer.”   However, even if the email was directed to you by name, you couldn’t trust it because when JP Morgan Chase was hacked in the last year, the hackers stole names and email addresses.   Finally, the email appears to have been sent by Christopher Polumbo.  Christopher Palumbo is a Vice President at Chase, however, the email to me misspells his name.  However, it is easy to see how people would fall for this scam and provide the information that would enable an identity thief to gain access to your account.

Here  is a copy of the email I received.

“Dear Customer, 
We are writing to let you know that the service(s) listed below will be deactivated and deleted if your profile is not verified within 7 business days. Previous notifications have been sent to the Billing Contact assigned to your account.
As the Primary Contact, you must renew the service(s) listed below:

SERVICE: Chase Online and Bill Pay services. 
What you need to do:

1. Log in to your account through our enhanced security server www.Chase.comby clicking the URL.
2. 
Enter your user ID and Password (that you selected during the online enrollment process). 
3. 
Enter the requested information and your Chase Online and Bill Pay services will be renewed. 
If you have not signed up for online access, you can enroll easily by clicking “Enroll” at the bottom of the Login page. 
Please do not reply to this message directly but click on the URL. For questions, please call Customer Service at the number on the back of your card. We are available 24 hours a day, 7 days a week.

Sincerely,

Christopher Polumbo
Chase Online(SM)
Fraud Prevention Team

This site is directed at persons in the United States only. Persons outside the United States may visit International Banking . 
Links to third party sites are provided for your convenience by JPMorgan Chase. JPMorgan Chase neither endorses nor guarantees any offerings of the third party providers, nor does JPMorgan Chase make any representation or warranty of any kind about the content, use of or inability to use, the third party sites.

© JPMorgan Chase Bank, N.A. Member FDIC ©2015 JPMorgan Chase & Co.; Co”

TIPS

As I have warned you many times, you should never click on links in emails or text messages or provide information in response to such emails or text messages unless you have absolutely confirmed that the communication is legitimate, which is easy to do by merely contacting the company.  In this case, you could just contact Chase at the telephone number on your credit card or bank statement.  Providing information without confirming that the communication is legitimate gives the identity thief all that they need to make you a victim of identity theft.  In other variations of this phishing email, merely by clicking on the links provided will result in keystroke logging malware being downloaded on to your computer which can steal your personal information from your computer and then enable its use for purposes of identity theft.  Even if you have good security software installed on your computer or other electronic device, as you should, this may not protect you from keystroke logging malware because the latest malware is always at least a month ahead of the latest security software updates.  Remember my motto, “Trust me, you can’t trust anyone.”

As for this particular Chase phishing email, if you receive it, Chase requests that you forward it to them at abuse@chase.com.

Scam of the day – February 6, 2015 – Massive data breach at health insurer Anthem, Inc.

February 5, 2015 Posted by Steven Weisman, Esq.

Anthem, Inc, the country’s second largest health insurance company has announced that it has suffered a massive data breach in which personal information on up to 80 million of its customers and staff were stolen including personal information of its President and CEO, Joseph R. Swedish.  Included in the compromised personal information was names, birthdates, medical IDs, Social Security numbers, street addresses and email addresses.  This is a veritable treasure trove of data for identity thieves.  According to Anthem, no credit card data was stolen, however, this is of little consolation to those people who the victims of this data breach as the amount of information that was stolen on each victim is quite sufficient to be translated into making them victims of identity theft.  Once again, this shows that you are only as safe as the places that hold your personal information.

Particularly troubling is the theft of the medical IDs which brings up the possibility of medical identity theft which occurs when someone uses your information to gain access to your medical insurance and which can cause the identity thief’s medical information to be included on the victim’s medical record.  This can result in someone receiving a transfusion of the wrong blood type or other potentially deadly results.  Correcting medical records tainted by medical identity theft is quite difficult.  You can go to the archives of Scamicide for more information about medical identity theft and what you can do about it.

TIPS

At the moment, we do not know how the breach was accomplished, but the FBI and Mandiant a private cybersecurity firm are investigating the breach.  As soon as it is determined how the breach occurred, I will report it to you.  Meanwhile, if you are an Anthem customer, you should assume that you may be affected.  Anthem has set up a website to which you can go for the latest information about the breach.  it is www.AnthemFacts.com.  Anthem has also set up a toll free number for present and past Anthem customers to call for further information.  That number is 1-877-263-7995.   It is important to remember that you may be contacted by an email or text message that appears to come from Anthem asking you for information or to click on links.  Do not do so.  The communications may be from other identity thieves seeking information.  If you have any questions after receiving such an email, you should go directly to the Anthem website www.AnthemFacts.com or call them at the toll free number indicated above.  Also, this is a good time, if you have not done so, to consider putting a credit freeze on your credit report.  You can find out how to do this in the Archives of Scamicide.  Finally, if you are a Anthem customer, you should also start monitoring all of your financial accounts more regularly for any evidence of fraud.

Scam of the day – January 29, 2015 – Major security flaw discovered in Linux operating system

January 29, 2015 Posted by Steven Weisman, Esq.

Linux is a popular and free computer operating system.  Recently researchers at the cloud security company Qualys discovered a major security flaw in the Linux operating system which they have named GHOST that would enable hackers to remotely take total control of a Linux user’s computer or other device without having to even know a password.  The GHOST security flaw could be exploited merely though an email from a Linux-based system to the victim’s computer or other device.  Fortunately, there is a patch for this security problem.  A link to the patch can be found below.

TIPS

If you are a Linux user it is imperative that you download the security patch immediately.  Here is a link that will take you to the necessary patches.  https://www.us-cert.gov/ncas/current-activity/2015/01/27/Linux-Ghost-Remote-Code-Execution-Vulnerability

This is just another example of how important it is to keep up to date with the latest security patches and updates and install them as soon as possible.  Hackers and identity thieves constantly are taking advantage of people who do not update the software they use on their computers and other devices with the latest security patches.  Here at Scamicide we inform you whenever there are important security patches and updates about which you should be aware.  Make sure that you check out Scamicide every day and let your friends know to do the same.

Scam of the day – January 24, 2015 – Parking lots becoming hotbeds of identity theft

January 24, 2015 Posted by Steven Weisman, Esq.

Maine police are indicating that a series of automobile break-ins occurring in parking lots in various cities throughout the state may be the work of a national gang called the Felony Lane Gang.  The Felony Lane Gang originated in Florida, but is now operating throughout the country.  Their pattern is to break into automobiles and steal purses, wallets and other personal property not for the cash contained, but for the credit cards, checkbooks, driver’s licenses and other forms of personal information and identification that they use for purposes of identity theft.  They will often target parking lots at gyms and fitness centers where the car owner will both be out of the car for an extended period of time and may also leave purses, wallets and other property in the car for the very purpose of what they perceive as enhanced security rather than bring these items with them to the gym or fitness center, where locker break-ins are a constant threat.  Although the most recent reports of the activities of the Felony Lane Gang have been in Maine, this problem is by no means limited to Maine, but is found everywhere.

TIPS

There is nothing you can do that will guarantee that you will not become a victim of identity theft, but there are simple steps you can take to reduce the risk.  When parking your car, don’t leave purses, wallets or any personal items in plain view and certainly lock the car.  Also either lock your valuables and personal documents in the trunk of your car or take them with you.  Identity thieves are looking for low hanging fruit, which in this instance means unlocked cars or cars with visible purses or other items that can be used for purposes of identity theft.