Scam of the day – March 12, 2017 – Massive credit card identity theft fraud ring busted

Earlier this week law enforcement officials in Queens, New York arrested thirty people accused of operating a credit card identity theft fraud ring in which they are accused of using the fraudulent credit cards to purchase more than 3.5 million dollars of costly electronics and fashion merchandise that would then be sold and turned into cash.  The indictments name Muhammad Rana and Inderjeet Singh as the kingpins of the scam.

The  primary manner by which they are accused of accomplishing the fraud was through identity theft of personal information of their victims that was then used to set up new credit card accounts.  Particularly in the last year since the implementation of EMV chip credit cards, new account fraud, as indicated by research company Javelin in its 2016 Identity Fraud study, has increased 113% over the previous year.

In this case, the Queens District Attorney is alleging that the criminals obtained the personal information of their victims necessary to establish new accounts  such as their names, dates of birth, current and past addresses, Social Security numbers, bank account information and credit information from one of their co-conspirators who worked at a car dealership where he had access to this information provided by potential car buyers.

TIPS

You are only as secure as the places that have your personal information with the weakest security.  Whenever you provide personal information to any entity, you should inquire as to who has access to this information, how it is stored, how it is protected and the policy for deleting such information when it is no longer needed.

In addition, you should regularly monitor your credit reports to identify incidents of identity theft as early as possible.

Scam of the day – February 16, 2017 – New twist on mail theft

Identity theft is a high tech, low tech and no tech crime and while we often tend to focus our attention on high tech identity theft tactics such as spear phishing, no tech tactics such as fishing for mail with a plastic bottle covered in glue that is lowered into blue public mailboxes to capture mail being sent with checks is making a comeback.  In the Bronx, New York just in the last year police and postal inspectors have made about 150 arrests according to Donna Harris of the U.S. Postal Inspection Service.

I have warned you for years about leaving mail with checks or credit card information in your personal mailbox outside of your home with the flag raised to alert your postal carrier that there is mail in your box to be retrieved is a bad idea because it also alerts identity thieves who can easily steal the mail.  Once they have the checks, they can “wash” the name or even the amount of the check and make the check payable to the thief. They also can use the account number of your check to create counterfeit checks to access your checking account.

TIPS

This is an easy crime to avoid.  The best course of action is to pay your bills electronically and avoid the problem altogether.  However, if you cannot do so or prefer to send a paper check by mail, you should use a gel pen that is not easily “washed” to write your checks and you should mail envelopes with checks in them directly from inside the post office.

Scam of the day – February 10, 2017 – Valentine’s day scams

Valentine’s day is rapidly approaching.  Valentine’s day is a very important day to many people including scammers and identity thieves who always manage to find an opportunity in whatever is going on to scam you out of your money.  There are many Valentine’s day scams, but the most prevalent are phony florists, online dating scams, phony Valentine’s day electronic greeting cards and delivery scams.

Scammers set up phony florist websites or send you an email purporting to be from a local florist with a great deal you merely have to click on in order to save a great deal of money on flowers.

Online dating scams are plentiful with most revolving around scammers quickly professing true love for you and then asking for money.

Electronic greeting cards are a great way to send a Valentine’s day card at the last minute when you forgot to get one ahead of time, but phony electronic greeting cards can be filled with malware and if you click on the link to open the card, you will infect your computer or other electronic device with malware that will steal your personal information and use it to make you a victim of identity theft.

A common delivery scam operating on Valentine’s day involves a delivery of a gift basket of wine and flowers to you, however the person delivering the gift basket requests a small payment, generally five dollars or less, as a delivery fee because alcohol is being delivered.  The person delivering the basket will only accept a credit card as payment.  When you turn over your credit card, the scammer then takes down the information and runs up charges on your credit card.

TIPS

Never trust an online florist or other retailer until you have checked them out to make sure that they are valid.  Otherwise, you might be turning over your credit card information to a scammer.  It is also important to remember, as I constantly warn you, that you can never be confident when you receive an email, particularly one with a link in it or an attachment to download, if the person sending you the email is who they claim to be.  Clicking on links sent by scammers can download keystroke logging malware on to your computer or other electronic device that will, in turn, enable the identity thief to steal personal information from your computer and use it to make you a victim of identity theft.  Always confirm the legitimacy of an email or text message before clicking on links contained in the message.

As for online dating scams, of course you should be wary of anyone who immediately indicates he or she is in love with you and then asks for money.  Some other telltale signs of an online romance scam include wanting to communicate with you right away on an email account outside of the dating site, claiming to be working abroad, asking for your address and poor grammar which is often a sign of a foreign romance scammer.  Many romance scams originate in Eastern Europe.

Never trust an online greeting card, particularly if it does not indicate from whom it is being sent.  Be very wary of a card sent by “an admirer.”  Even if you recognize the name, confirm that it was really sent from that person before you click on the link and open the card.

In regard to the delivery scam, there is no special delivery charge for alcohol so if someone requires a payment for such a delivery and on top of that won’t accept cash, merely decline the gift.

Scam of the day – February 5, 2017 – Whats app phishing scam

WhatsApp is a mobile messaging app for your smartphone that allows you to send text messages, photographs, videos and audio.  With more than a billion people using WhatsApp, it is not surprising that it has become attractive to scammers seeking to use its popularity to lure people into becoming scam victims.   I have reported to you for years about the various scams targeting WhatsApp users.    The most recent WhatsApp scam starts with an email reproduced below that appears to be from WhatsApp requiring you to click on a link to receive a message. DON’T CLICK ON THE LINK.   Although it looks legitimate, it is a scam with the first indication of this being the email address sending the message is an address that has nothing to do with WhatsApp.  Most likely it is from an innocent victim whose computer has been hacked and made a part of a botnet to send out malware.   If you click on the link you will end up downloading keystroke logging malware that can steal the information from your smartphone to be used to make you a victim of identity theft.

WhatsApp
New voice mail.
Information
Feb 2 10:01 PM
05 sec
Listen

TIPS

Never click on a link in an email or text message until you have independently confirmed that it is legitimate.  The risk of downloading malware is too great.  Even if your computer or other electronic device is protected with anti-virus and anti-malware security software, the best security software is always at least thirty days behind the latest malware. Trust me, you can’t trust anyone when it comes to clicking on links.  Even if the link is contained in a communication that appears to come from a person or company you trust, you should always verify that it is legitimate before clicking on the link.

Scam of the day – January 31, 2017 – Apple phishing scam

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which download malware or  trick you into providing personal information that will be used to make you a victim of identity theft, are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work.

Reproduced below is a copy of an Apple phishing email that uses the common ploy of indicating that there is a security problem that requires you to verify personal information for security purposes.   There are a number of telltale flaws in this particular   Although the email address from which it was sent appears to be legitimate, upon closer examination you can determine it is not an official email address of Apple.  Also, although the email is quite short, it contains numerous grammatical errors.  In addition, the salutation reads “Dears” rather than “Dear” and the email concludes with “Worm regards” rather than “Warm regards.”   Most telling, the email is not directed to you by name and does not contain your account number in the email.  It is important to remember that merely because the email contains an Apple logo, which is not reproduced below, the exact logo of Apple does not mean that the communication is legitimate.  It is easy to obtain a copy of the logo on the Internet.

“Dears,
Your AppIe id was used in from an unauthorized computer.
As the new protection policy has been followed, we have no choice but to put your id on hold.We advise you to update your id soon to avoid permanent account closing.                                                                                     your code is 4M7801DLLA16A                                                                                       Update Now >
Wondering why you got this email?
It’s sent when someone adds or changes a contact email address for an AppIe ID . If you didn’t do this, don’t worry. Your email address cannot be used as a contact address for an AppIe ID without your verification.
Worm Regards,
AppIe Team”

TIPS

Obviously if you do not have an account with Apple you know that this is a phishing scam, but even if you do have an account with Apple, as I indicated above there are a number of indications that this is not a legitimate email from Apple, but instead is a phishing email. Legitimate companies would refer to your specific account number in the email.  They also would specifically direct the email to you by your name.  This email’s salutation is a generic “Dears” without an “s” that should not be there.

As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or smartphone and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the customer service number  for Apple where you can confirm that it is a scam.

Scam of the day – January 23, 2017 – Latest Gmail phishing scam

An effective new phishing email scam is presently circulating that is targeting users of Gmail.  It starts when you receive an email that appears to be sent from the email address of one of your real friends and, in fact, the email may have been sent from a friend’s email account that unfortunately has been hacked and taken over in order to send out phishing emails that victims will trust because it appears to come from a trusted source.  The email has an attachment and when you click on the attachment, a sign-in page for your Gmail account appears requiring you to type in your email address and password.  Unfortunately, if you do so, you have just turned over this information to a cybercriminal who can wreak havoc with this information.

TIPS

Although this particular spear phishing email scam is quite sophisticated, there are a number of simple steps you can take to prevent yourself from becoming a victim of the scam.  Primarily, you should follow my rule and never click on any link or download any attachment unless you have absolutely confirmed that the communication sending the link or attachment is legitimate.  Even if the email address from which the communication is sent appears legitimate, your friend’s email may have been hacked and it is a cybercriminal sending you the email.

It is also a good idea to use dual factor authentication when possible for your email account.  If you use dual factor authentication, such as where a one time code is sent to your smartphone each time you want to access your email, you are protected from having your email account taken over even if the cybercriminal has your password and username.  Finally, it is a good idea not to store sensitive information in your email account.

Scam of the day – January 6, 2017 – Yahoo customer service scam

Yahoo is warning its customers about a scam involving Yahoo customer service.  Certainly with the disclosure over the last couple of months that a billion people had their personal information stolen from Yahoo, there may be many people with a need for customer service from Yahoo, however the scam involves a Yahoo customer service phone line.    Scammers are posting telephone numbers for Yahoo customer service and charging people for their services where, at best, they do nothing for you and, at worse, they steal the information you provide when you speak with them to make you a victim of identity theft.

Yahoo only provides customer services through email, chat, social media, help articles or its Yahoo Help Community forums.  They do not provide customer service by phone and they never charge for customer service.

TIPS

For information about Yahoo customer service you can learn where to get help by going to this Yahoo link.

https://help.yahoo.com/kb/SLN26180.html

If you are in need of customer service in regard to your Yahoo account and want to access its Help Community forums, you can do so by clicking on this link.

https://forums.yahoo.net/

 

Scam of the day – December 14, 2016 – Amazon phishing email

A phishing email that appears to be from Amazon is presently circulating and luring unsuspecting victims into providing personal information that results in identity theft.  A copy is reproduced below.

The email looks legitimate and with so many people shopping online through Amazon it is likely to trick many people into thinking it is legitimate.  As with many phishing emails, it falsely indicates that there is a problem that requires your immediate attention.  In this case it is a shipping problem that requires you to resubmit your information including your credit card information.  If you do so you will end up becoming a victim of identity theft.

TIPS

If you receive such an email and have any concern that it may be legitimate, you should contact Amazon by phone or online at a telephone number that you know is correct or at its website.  Do not click on links in such emails or text messages to establish contact with Amazon. Doing so will only put you in touch with the scammers.  Also, be careful when you call Amazon because scammers sometimes obtain telephone numbers that are only a digit off from the real telephone number to catch unsuspecting victims who call the wrong number by mistake.

Scam of the day – December 8, 2016 – Holiday online shopping scams

Imagine Andy Williams singing, “It’s the Most Wonderful Time of the Year” and it may indeed be the most wonderful time of the year for many people, but it is not so wonderful if you have been scammed by cybercriminals who really do find the holiday shopping season to be the most wonderful time of the year – for them.   I received an email today showing me how I could get iPads and iPhones at 90% discounts by clicking on links and ordering them online.  If I had clicked on the links, all I would have succeeded in doing would have been paying electronically for goods that I never would have received.  Meanwhile, by clicking on the links, I also would have run the risk of unknowingly downloading keystroke logging malware that could have stolen all of the information from my computer, such as my Social Security number, credit card number and other financial data and made me a victim of identity theft.

People also get in trouble when they go to phony websites that appear to be those of legitimate retailers and turn over their credit card information to a scammer and never get the goods they think they are purchasing.

TIPS

If an offer sounds too good to be true, it usually is.  Scammers always pick the most popular and expensive items to lure people into sending them money for goods that never are delivered.  Never click on links in emails, tweets or text messages unless you are sure the communications are legitimate and it is hard to do so without calling the legitimate company because even if it truly appears to be coming from a legitimate person or entity, their email, twitter, or smart phone may have been hacked into and the communication you receive is from a scammer.  Only deal with companies that you know are legitimate and confirm that you are actually on a legitimate website because phony websites can look quite good.

As for online shopping websites, there are a few ways you can determine whether or not a shopping website is legitimate or not.  First, find out who actually owns the website. Websites such as http://lookwhois.net/ will enable you to merely put in the URL and see who actually owns the website you are considering using for shopping.  If it doesn’t match the  legitimate company that you think you are doing business with, you will know to stay away.  Also, call the company at a telephone number you know is legitimate to confirm the precise website URL that they use.

Scam of the day – November 29, 2016 – Giving Tuesday scams

Following the major shopping days referred to as Black Friday and Cyber Monday now comes Giving Tuesday which was first designated as a special day to focus on helping out people in need through charitable gifts in 2012.  This is a time of the year when many people are receptive to solicitations from charities.  Unfortunately, not all of those solicitations will be from legitimate charities.  Many of those calls, letters and emails will be from scammers posing as charities.

Even if you are on the federal Do-Not-Call List, which I strongly recommend unless you want to talk to telemarketers, the law permits charities to contact you by phone.  Unfortunately, whenever you receive a telephone call, you can never be sure who is really calling you.  Even if your Caller ID indicates that the call you are getting is coming from a charity whose name you recognize, the call actually may be from a scammer using a technique called Spoofing to make it appear that the call is legitimate when it is not.  The truth is that the call you receive may or may not be from a legitimate charity or a telemarketer on behalf of a legitimate charity and you have no way of knowing who is really on the other end of the line.

TIPS

When you receive such a call from a telemarketer or someone purporting to represent a charity, if you are interested in the particular charity, the best thing you can do is just to ask them to send you written material.  Do not provide your credit card number over the phone to anyone who calls you because you cannot be sure that they are legitimate.   Also, as I have warned you in the past, many phony charities have names that are similar to real charities so it is always a good idea to investigate a charity before you make a charitable contribution.  In addition, when you receive a charitable solicitation telephone call from a telemarketer, the telemarketer is generally being paid a commission for the money he or she collects.  Thus, your contribution to the charity is diluted by the amount that goes to the telemarketer although as Jerry Seinfeld would say, “not that there is anything wrong with that.”    However, if you really want to make your charitable contribution go farther, you will  be  better served by first checking out the particular charity at www.charitynavigator.org where you can find out not only if the particular charity is legitimate, but also how much of your contribution goes toward administrative costs and how much actually goes toward the charity’s charitable work.  Charitynavigator.org will also show you the best address to send your contribution.  Then you can make your contribution directly to the charity without any amount being deducted for fund raising expenses.