Posts Tagged: ‘Identity Theft’

Scam of the day – January 24, 2015 – Parking lots becoming hotbeds of identity theft

January 24, 2015 Posted by Steven Weisman, Esq.

Maine police are indicating that a series of automobile break-ins occurring in parking lots in various cities throughout the state may be the work of a national gang called the Felony Lane Gang.  The Felony Lane Gang originated in Florida, but is now operating throughout the country.  Their pattern is to break into automobiles and steal purses, wallets and other personal property not for the cash contained, but for the credit cards, checkbooks, driver’s licenses and other forms of personal information and identification that they use for purposes of identity theft.  They will often target parking lots at gyms and fitness centers where the car owner will both be out of the car for an extended period of time and may also leave purses, wallets and other property in the car for the very purpose of what they perceive as enhanced security rather than bring these items with them to the gym or fitness center, where locker break-ins are a constant threat.  Although the most recent reports of the activities of the Felony Lane Gang have been in Maine, this problem is by no means limited to Maine, but is found everywhere.


There is nothing you can do that will guarantee that you will not become a victim of identity theft, but there are simple steps you can take to reduce the risk.  When parking your car, don’t leave purses, wallets or any personal items in plain view and certainly lock the car.  Also either lock your valuables and personal documents in the trunk of your car or take them with you.  Identity thieves are looking for low hanging fruit, which in this instance means unlocked cars or cars with visible purses or other items that can be used for purposes of identity theft.

Scam of the day – January 22, 2015 – Tarrish Tellis convicted of income tax identity theft

January 22, 2015 Posted by Steven Weisman, Esq.

We are just at the start of the income tax identity theft season;  income tax identity thieves file early (and often) in order to get their fraudulent income tax returns to the IRS before the victim files his own legitimate income tax return.  The theory behind income tax identity theft is simple and effective.  The identity thief steals someone’s Social Security number and then files a phony income tax return using that Social Security number with phony W-2s or 1099s that can fool the IRS into sending a large, fraudulent refund.  It doesn’t help matters that the IRS still does not match the legitimate W-2s and 1099s sent by employers with those filed by tax filers until late in the summer, long after theirs has sent refunds, but that is another story.

Tarrish Tellis was recently convicted of filing fraudulent income tax returns and stealing more than $700,000 from the IRS through fraudulent refunds obtained as a result of the phony tax returns.  Tellis obtained the Social Security numbers and names of 700 victims from an employee of the Alabama Medicaid State Agency.  Tellis is scheduled for sentencing on April 15th.


The two best things you can do to protect yourself from income tax identity theft are to keep your Social Security number as safe, secure and private as possible and file your income tax return as early as possible to beat the identity thief to the punch.  As shown by the fact that the victims in this case became victims through no fault of their own, but due to the criminal acts of an employee of an agency that had access to their personal information, it is once again abundantly clear that we are only as safe as the places that hold our personal information with the worst security.

Scam of the day – January 21, 2015 – Mailbox identity theft

January 20, 2015 Posted by Steven Weisman, Esq.

Identity theft can be high tech, low tech or, as in the case of Tulsa, Oklahoma native Peter Thomas, distinctly no tech.  Thomas had personal and financial information stolen from mail contained in his mailbox at the apartment complex where he lives.  I have often warned people about the danger of having your mail, such as credit card bills or bank statements stolen from your personal mailbox.  In addition, many people put themselves in great danger of identity theft by putting their outgoing mail in their mailbox and put up the red flag to alert the postman that there is mail to be picked up.  Unfortunately, that is also an alert to identity thieves cruising the neighborhood of mail to be easily stolen.

In the case of Peter Thomas, his mailbox should have been secured as it was locked, however, the locking systems of mailboxes in apartment complexes are often not particularly secure.


In order to avoid becoming a victim of identity theft through your mailbox, you should make sure that it is securely locked so that it is not easily accessed by your friendly neighborhood identity thief and when it comes to outgoing mail, don’t put it in your mailbox for your postal carrier to pick up regardless of how convenient it may be to do so.  In fact, identity thieves have been known to steal mail from the U.S. Postal Service mailboxes found on the corners of major streets so, in order to be safe, you should mail your outgoing mail at the post office.   It may seem like this is being a bit excessive when it comes to protecting your mail, but remember, even paranoids have enemies.

Scam of the day – January 19, 2015 – University employee payroll scam

January 19, 2015 Posted by Steven Weisman, Esq.

The Internet Crime Complaint Center, known as IC3 has issued an alert warning about a spear phishing scam aimed at university employees around the country.  It starts with an email addressed specifically with the name of the intended victim.  The email looks official and appears to have been sent by the Human Resources Department of the college or university where the intended victim works.  The email informs the potential victim that there has been a change of the employee’s status and that the employee is required to click on a link contained in the email that takes the employee to a website that appears to be that of the Human Resource Department for the college or university where the victim works where the employee is prompted to input information.  The website is  counterfeit.  The scam is a ruse intended to obtain the login information of the potential victim.  Once this information is provided to the scammer, he or she then logs on to the real Human Resources Department page and changes the bank account information for where the employee’s check is deposited so that the school sends the victim’s check to a bank account controlled by the identity thief.  In addition, since many people use the same user name and password for all of their accounts, the scammers may also attack other accounts of the victim.


Although the IC3 warning deals specifically with university and college employees, this scam works just as well with any company that pays their employees through direct deposit so everyone who is paid through a direct deposit should be aware of this scam.  Remember my mantra, “trust me, you can’t trust anyone.”  Never click on links in emails unless you are sure they are legitimate.  In many instances, by clicking on the link, you are unwittingly downloading malware on to your computer or other electronic device.  You also should never provide personal information in a reply to an email.  Confirm whether or not the request for personal information is legitimate and even then, go directly to a website for the company or other institution that you know is legitimate to provide such information.  Finally, as I have warned you many times, (sorry to be a nag) use a unique password for all of your accounts so that if your password from a particular account is jeopardized, your other accounts are still safe.  This is not as difficult as it might seem.  In my book “Identity Theft Alert,” I provide instructions as to how to pick easy to remember, strong passwords.

Scam of the day – January 16, 2015 – Airlines frequent flier accounts hacked

January 16, 2015 Posted by Steven Weisman, Esq.

American Airlines and United Airlines both have recently announced that last month frequent flier accounts for thousands of their customers were hacked by identity thieves stealing miles to book free trips and upgrades.  Although the hacking occurred in December, the airlines are just now notifying affected customers.  Both affected airlines have informed the victims of the hackings that their stolen miles will be restored to their accounts.   It is important to note the important distinction that the computers of American Airlines and United Airlines were not hacked, but rather individual accounts of customers whose usernames and passwords has somehow been obtained by the identity thieves to gain access to their frequent flier accounts.


The lesson of this scam is one that I have previously mentioned many times, namely, you should use complex usernames and passwords and, most importantly, have different usernames and certainly different passwords for all of your accounts.  Otherwise you are at risk for all of your online activities from banking to retail purchases if someone manages to steal just one account’s username and password.  I have written extensively about how to pick a difficult to steal, but easy to remember password many times before, but one tip is definitely worth remembering.  Pick a phrase, such as “IDon’tLikePasswords” and you can use this complex and strong password which has symbols, small letters and capital letters and then strengthen it further by adding a couple of exclamation points at the end to read “IDon’tLikePasswords!!” and then use it as a base password that you distinguish with a few letters for each account.  So, for example, if the password were to be for your American Airlines frequent flier account, you could make the password “IDon’tLikePasswords!!AM.”

Scam of the day – January 15, 2015 – Identity thieves buy cars and breast implants

January 15, 2015 Posted by Steven Weisman, Esq.

As a result of a joint investigation by Houston police and federal postal inspectors, four people, Joel Cruz, Darion Wells, Devante Ruffin and Jamonte Booker have been arrested and charged with operating an identity theft ring and using the stolen identities to buy twelve luxury automobiles worth $485,136 as well as breast implants for two of the identity thieves, Devante Ruffin and Jamonte Booker.  According to police, the scam started when two of the accused while attempting to lease an apartment noticed a storage facility on the property that contained unsecured boxes of old paper leasing records for the complex.  Police say the accused identity thieves stole the boxes and used the personal information contained in the records to start their crime spree.  When they were apprehended, the accused identity thieves had information on as many as thousands more people from these stolen rental records that they had not yet used.


This is another example of the fact that regardless of how good you are at keeping your personal information safe and secure from identity thieves, you are only as safe as the places that have your information with the weakest security.  Companies should review their stored records and shred documents with personal information that is no longer needed.  We, as consumers should request that companies that have our personal information store it securely and destroy the records of our personal information when it is no longer needed.

Scam of the day – January 11, 2015 – Swiss bank rejects ransom demand after hacking

January 11, 2015 Posted by Steven Weisman, Esq.

Following a pattern I have warned you about in Scams of the Day for more than three years, yesterday the Swiss bank Banque Cantonale de Geneve became a victim of a hacking in which the hackers, a group called Rex Mundi, made public personal information of the bank’s customers including their names, email addresses, phone numbers and account numbers along with copies of customers’ emails to the bank when the bank refused to pay a ransom of ten thousand euros, which is equivalent to about twelve thousand dollars.  It should be emphasized that customers’ accounts were not hacked.  Access to those accounts requires multiple passwords and codes in order to gain access to the accounts and that information was not obtained in the hack of 30,000 emails.

Rex Mundi is a group of hackers from France, Austria and Germany who have hacked other companies in search of ransom, most notably Domino’s Pizza franchises in France and Belgium, which also refused to pay the ransom.


The good news is that the information obtained by the hackers did not represent a critical loss to either the bank or its customers and the fact that the hackers were not able to access customers’ accounts is a small testament to the value of the increased security that banks and other companies are employing in an effort to fight cybercrime.  The bad news is that those affected customers may well expect to receive spear phishing communications directed to them by name that appear to come from their bank and even will carry their account number that will be used by the hackers to lure the customers into revealing personal information or trick them into clicking on links to download malware to be used to make the customers victims of identity theft.  As always, you should never supply personal information or click on links unless you are absolutely sure and have confirmed that the communication is legitimate.

Scam of the day – January 9, 2015 – Post holiday delivery scam

January 9, 2015 Posted by Steven Weisman, Esq.

Although the holiday shopping season is essentially over, there are still many people who may have ordered gifts at the last minute that are just starting to arrive and scammers are taking advantage of this situation.  Reports are surfacing of people receiving communications purporting to be from national retailers either by email or social media messages in which the people receiving the messages are told that their delivery is ready for pickup or delivery.  The messages and emails often look quite legitimate and carry the logo of the particular retailer from whom the message appears to be sent.  As is an essential part of this type of scam, the email or social media message contains a link which you are advised to click on for more delivery information and that is where the problem starts.  Clicking on the link either will take you to a website that asks for personal information used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will have unwittingly downloaded keystroke logging malware that will steal all of the information from your computer and use it to make you a victim of identity theft.


Just as the IRS does not initiate contact with taxpayers by telephone so that if you get a call purporting to be from the IRS you know it is a scam, so do retailers not communicate about deliveries with customers by way of Facebook and other social media.  It certainly is important to keep track of all of your legitimate orders from retailers so if you get such an email message, you can ignore it, knowing you do not have a delivery, but even if you have any question that it may be a legitimate message, you still shouldn’t click on any link without confirming that it is legitimate and the best way to do that is to call or go to the website of the company directly at a telephone number or website address that you know is correct.  Don’t use the phone number or website address provided in the email. Remember, “trust me, you can’t trust anyone.”

Scam of the day – December 31, 2014 – ICANN suffers data breach

December 31, 2014 Posted by Steven Weisman, Esq.

Many of you may not be familiar with the acronym ICANN which stands for the Internet Corporation for Assigned Names and Numbers, however everyone is familiar with what they do.  ICANN is the international organization that administers all website domain names.  ICANN recently disclosed that it had been hacked since November.  Fortunately, the extent of the hacking and data breach was minimal and passwords were not stolen since they were maintained in an encrypted manner by ICANN.  The hackers did, however, manage to obtain the names, addresses, email addresses and phone numbers of ICANN customers.  ICANN is in the process of notifying those people whose data was compromised.  The danger posed by this information falling into the hands of scammers is that it can be exploited by a technique called “spear phishing” where specific people are targeted in emails that appear to be from legitimate sources and directed to them personally by name, such that the victim is more likely to trust that the email is legitimate and be lured into clicking on links contained in the email or text message that contain malware that will enable the scammer to steal the personal information of the victim and use that information to make the person a victim of identity theft.


Remember my motto, “trust me, you can’t trust anyone.”  Regardless of whether an email or text message appears to be legitimate, you should never click on links until you have absolutely confirmed that the message is legitimate and the link is legitimate.  Even if the email or text message is addressed to you personally and appears to come from someone or some business or agency with which you have a relationship, you can never be sure that the communication is legitimate and the risk of downloading keystroke logging malware is too great to trust such communications until you have absolutely confirmed that such communications are legitimate.  Additionally, it is important to keep your anti-malware and anti-virus software up to date remembering that your security software will always be at least a month behind the latest malware threats.

Scam of the day December 24, 2014 – Beware of the Iggy Azalea sex tape

December 24, 2014 Posted by Steven Weisman, Esq.

I have been reporting to you about a purported Iggy Azalea sex tape that may or may not exist for a few months now.  Discussion about the purported sex tape featuring Australian rapper Iggy Azalea has resurfaced due to a feud between Azalea and rapper Azealia Banks, which has, in turn, prompted a group of hackers to surface threatening to release photos taken from the purported video unless Azalea apologize to Banks.   Meanwhile, to no one’s surprise supposed leaks of the tape have purportedly turned up on the Internet where the curious can put themselves in serious risk of identity theft by clicking on links in emails, text messages or social media postings promising to take you to the purported tape.  Other times, you may find yourself being prompted online to update your video capabilities on your computer or other electronic devices in order to view the video.  Again, this is just a ruse to lure you into downloading dangerous keystroke logging malware that will steal information from your computer and use it to turn you into a victim of identity theft.


Without even getting into the question of the morality and ethics of looking for material such as this or the stolen videos of Jennifer Lawrence, Kate Upton and other celebrities, the truth is that you cannot trust any text message, email, social media posting that promises you such tantalizing material.  The chances are just too great that by clicking on any of these links or downloading attachments you will be downloading malware that will be used to steal your identity.  As for websites that turn up on Google and other search engines promising to provide you with these videos, scammers are adept at manipulating the algorithms used by search engines to rank websites so that although you may think you are looking at a legitimate website, you are not.  It is also important to remember that even if you have kept your anti-malware and anti-virus software up to date, that is of little consolation since these security software programs are always at least a month behind the latest malware and viruses.  If you need to satisfy your curiosity for gossipy material, stick to legitimate websites such as