Posts Tagged: ‘Identity Theft’

Scam of the day – September 13, 2016 – Phony Hillary Clinton video contains malware

September 12, 2016 Posted by Steven Weisman, Esq.

A common way that hackers manage to trick people into downloading malware used to steal the information from your computer or smartphone and enable them to make you a victim of identity theft is to send the malware disguised as an attachment for a video of something of great interest to many people.  It may be something related to a celebrity, such as purported nude videos or it may be of an event in the news, such as a video purporting to show formerly unavailable footage of, for instance, the shootings in the Orlando nightclub.  The presidential election is tremendous fodder for people seeking videos of candidates in compromising situations and scammers are taking advantage of this with malware attached to emails promising to provide newsworthy events. Such is the situation, as reported by computer security company Symantec, with an email presently circulation promising that the attached video shows Hillary Clinton accepting money from an ISIS leader in 2013.  In addition to being a totally outrageous accusation not based in any fact, the email is fraught with poor grammar.  However, that is not stopping some people who are clicking on the link and unwittingly downloading malware that can result in their becoming a victim of identity theft.


Regardless of who sends you an email or a text message with a link attached, you should never click on the link until you have confirmed that the communication is legitimate.  Even if the message appears to come in the email or text message from a trusted friend, you can’t be sure that your friend has not had his email or smartphone hacked and used by a scammer to spread malware.  You should have security software on all of your electronic devices including your computer and smartphone and make sure that you keep your security software up to date with the latest security patches, but you cannot totally rely on that software to protect you from all malware dangers because it generally takes the software security companies about a month to catch up with the latest strains of malware.  Finally, in regard to communications promising startling videos or pictures of celebrities or newsworthy events, you should be particularly skeptical as to their authenticity.   Instead, it is better to rely on legitimate news sources that you can trust to be safer and more accurate.

Scam of the day – August 13, 2016 – Healthcare worker convicted of identity theft

August 13, 2016 Posted by Steven Weisman, Esq.

Data breaches at hospitals and other health care providers are a major problem.  The Ponemon Institute’s study of the health care industry this year found 90% of health care organizations suffered data breaches during the last two years including the massive data breach at Anthem.  However, often overlooked is the fact that not all data breaches are caused by outside attacks.  Many of them are caused by rogue employees with access to data that they steal and then sell to others or use themselves for purposes of identity theft.  Recently Alana Wells a health care worker in Alabama pleaded guilty to stealing patients’ names, dates of birth and Social Security numbers and then using them with her co-conspirators for purposes of income tax identity theft by which they filed phony tax returns using the names and Social Security numbers of their victims’ seeking fraudulent tax refunds.  Sentencing will occur later this year and she faces a sentence of up to seven years in prison.


Apart from the lesson that employers must do a better job of protecting the data they hold from rogue employees, which admittedly is a difficult job, one thing we as consumers should do is recognize that this problem occurs everywhere and consequently, whenever possible, we should limit the amount of personal information we give any company or institution with which we do business to the minimum amount necessary.  When it comes to hospitals and health care institutions, despite the fact that they routinely ask for your Social Security number, they have no true reason to use it as an identifier. When asked, suggest another number such as your driver’s license.

Scam of the day – August 12, 2016 – Important Microsoft security patches and updates

August 12, 2016 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.    Microsoft recently issued a large number of security patches necessary to fix critical vulnerabilities in software such as Internet Explorer, Edge and Office. The particular vulnerabilities being patched with these updates will protect users from being hacked when they merely visit a tainted website.  Other of the patches will fix  problems with how Windows, Office and Skype handle specific types of fonts such that hackers could exploit this vulnerability to take control of the victim’s computer if the victim views files with certain fonts or by visiting a malicious website.


Here is the link to the recent Microsoft security updates:

Scam of the day – July 26, 2016 – Real estate closing scam

July 26, 2016 Posted by Steven Weisman, Esq.

On January 20th’s Scam of the day, I first told you about an intricate email scam targeting people involved in the sales of residential real estate that has increased over the past year both in the United States and the UK.  I mention it again today because of recent reports of this scam occurring in the small town of Dewey Oklahoma where Lacey Monday became a victim of the scam.  The scam begins with the hacking into the email account of one of the parties involved with a residential real estate conveyance.  This can be either the buyer, seller, lawyers, title company, real estate agent or banker.  In Lacey Monday’s case it was her title company whose email was hacked.  Unfortunately, hacking into email accounts is a relatively easy thing for a skilled identity thief to do.  The hackers then monitor the communications regarding the progress of the sale of a particular piece of real estate and when the time is right,  generally posing as one of the lawyers, title company or bank mortgage officer, the scammer will email the buyer, telling him or her that funds necessary to complete the sale need to be wired to the phony lawyer’s, title company’s or banker’s account provided in the email.  Everything appears normal so unsuspecting buyers too often are wiring the money to the cyberthieves who then move the funds from account to account to make it difficult to trace the funds.  In Lacey Monday’s case, she lost $25,000 to this scam.  The fact that this scam can occur in small towns as well as large cities show how these types of scams are a threat to you regardless of where you live.


Even if you are not involved in buying or selling a home, it is always a good idea to protect your email account from being hacked.  This means having a strong password and security question.  You can find information about how to pick strong passwords and security questions here in the Scamicide archives as well as in my book “Identity Theft Alert.”  Maintain good anti-virus and anti-malware software on all of your electronic devices including your computer as well as your smartphone and keep your security software up to date with the latest security patches as soon as they are made available.  Don’t click on links in emails or text messages that may contain malware that can steal your personal information from your electronic devices and remember, your security software is always at least thirty days behind the latest malware.

Don’t use public wifi for any financial or business purposes.  Use a virtual private network to encrypt your data when using your electronic devices in public.  Never provide personal information in response to an email regardless of how legitimate it may appear until you have independently confirmed that the email is legitimate.  Finally, whenever you are asked through an email or text message to wire funds as a part of a real estate or other business transaction, don’t do so until you have confirmed that the request and the account to which you are being asked to wire the funds are legitimate.  Appearances can be deceiving so always confirm.  It may seem a bit paranoid, but remember, even paranoids have enemies.

Scam of the day – July 4, 2016 – Steve Weisman’s latest column from USA Today

July 4, 2016 Posted by Steven Weisman, Esq.

Sometimes the job of protecting ourselves from identity theft can seem to be overwhelming, which is why I wrote this column for USA Today that provides you with some simple and easy to take steps to reduce your chances of becoming a victim of identity theft.  Here is a link to that column.

June 18, 2016 – Steve Weisman’s latest column from USA Today

June 18, 2016 Posted by Steven Weisman, Esq.

Even intelligent, tech-savvy people like Mark Zuckerberg can be hacked if they don’t take essential precautions to protect themselves from hacking and identity theft.  Here is a link to my latest column from USA Today with tips about how you can protect yourself from being hacked or becoming a victim of identity theft.

May 21, 2016 – Steve Weisman’s latest column from USA Today

May 21, 2016 Posted by Steven Weisman, Esq.

Here is a link to Steve Weisman’s latest column from USA Today.  As if there isn’t enough to worry  about, this column deals with the very real problems that arise when a criminal who has stolen your identity commits crime in your name.

Scam of the day – April 22, 2016 – Epidemic of ATM skimmers

April 22, 2016 Posted by Steven Weisman, Esq.

As regular readers of Scamicide know, skimmers are small electronic devices that are easily installed by an identity thief on ATMs and other card reading devices, such as at gas pumps.  The skimmer steals all of the information from the credit card or debit card used which then permits the identity thief to use that information to access the victim’s bank account when the skimmer is used on a debit card.  If a credit card is used, the identity thief can use the stolen information to access the victim’s credit card account.  Each skimmer can hold information on as many as 2,400 cards.  Recently, FICO Card Alert Service, a company that monitors ATM activity on behalf of banks issued a report indicating that last year the use of skimmers on ATMs increased by 600% over the previous year.


Always look for signs of tampering on any machine you use to swipe your credit card or debit card.  If the card inserting mechanism appears loose or in any other way tampered, don’t use it.   Debit cards, when compromised through a skimmer put the customers at risk of having the bank accounts tied to their cards entirely emptied if they do not report the theft promptly and even if they report the theft immediately, they will lose access to their bank account while the matter is investigated by the bank.  Skimmers at ATMs are often coupled with a thin, clear electronic device that goes on top of the keyboard to capture the victim’s PIN to enable the identity thief to access the account of the victim whose account number was captured through the skimmer.  Debit cards should not be used for purchases at gas pumps or for other retail purchases because the legal liability laws related to stolen debit card information are not as protective as the laws relating to fraudulent credit card use.  The FICO Card Alert Service report noted that 60% of the skimmer attacks were done on private, non-bank ATMS so you may wish to avoid those ATMS when possible.

Credit card rules required the use of new EMV smart chip credit card equipment by retailers to process these cards by October 1, 2015 in order for the retailer to avoid liability.   These rules, however, do not apply to the use of credit or debit cards at ATMs and gas pumps where the deadline to switch to the EMV smart cards is not until October 1, 2017 so you can expect identity thieves to continue to focus their attention on gas pumps and ATMs.

Scam of the day – March 27, 2016 – Anonymous non-hacking of Donald Trump

March 27, 2016 Posted by Steven Weisman, Esq.

Following the recent terrorist attacks in Paris by ISIS, the hacktivist group Anonymous declared war on ISIS and claimed to have taken down thousands of its Twitter accounts as well as a number of its websites including a recruitment website.  Now, in the wake of the ISIS terrorist attack in Belgium, Anonymous just posted a video in which it again promised that it would be doing cyberattacks against ISIS Twitter accounts as well as threatening to steal the bitcoins of ISIS.

However, Anonymous has many targets of its wrath and on March 18th, it released what it said, at that time, was personal information of another of its enemies, namely Donald Trump.  In its March 18th posting Anonymous released what it claimed was personal information of Trump including his cell phone number and Social Security number.  The response of Trump, the FBI and the Secret Service  was swift but now appears to be misguided because in another video just posted by Anonymous, it revealed that it did not hack Trump’s various accounts to gain the personal information it previously posted, but merely went to online sources available to everyone from public records and online search engines such as Google.  As for Trump’s cell phone number, the number that was posted by Anonymous was actually one Trump himself had posted in a tweet.


Perhaps the biggest lesson from all of this to everyone is recognizing just how much personal information is available about us all from public records, websites and data banks readily available to anyone.  However, it is also important to note that often we are our own worst enemies by posting too much personal information on various social media sites which can be gathered and used by cybercriminals for purposes of identity theft.  It gives us all something to think about when you post your birth date or other personal information on Facebook or other social media.