Posts Tagged: ‘Identity Theft’

Scam of the day – October 29, 2014 – World Health Organization Ebola scam

October 29, 2014 Posted by Steven Weisman, Esq.

I warned you about a number of Ebola scams in my Scam of the day for October 16th, however, a new one is now appearing that requires a specific warning.    This scam starts with an email that appears to come from the World Health Organization that contains a link for you to click on in order to download an attachment purported to contain tips to protect you from the Ebola virus.   It is preying upon the public’s fear and concern regarding Ebola.  However, if you download the attachment, you will not get Ebola information, but will download a keystroke logging malware program that will steal your personal information from your computer and use it to make you a victim of identity theft.


Never click on links or download attachments in emails, text messages or social media postings unless you have confirmed that the links or downloads are legitimate.  Trust me, you can’t trust anyone.  It is easy to make a counterfeit message that carries the logo of a real organization and appears to be legitimate.  If you even have the slightest thought that the message may indeed be legitimate, you should merely go to the website at an address that you know is correct or call the entity at a telephone number you have confirmed is correct to verify whether or not the original message to you was phony or not.  In this particular case, the World Health Organization never sends messages to the general public, so you should immediately know it is a scam.


Scam of the day – October 26, 2014 – scam

October 26, 2014 Posted by Steven Weisman, Esq.

This scam is a slight variation of the scam I reported to you about on March 6, 2014 in the Scam of the day. “Spoofing” is the name for the tactic used by identity thieves to make a call that you receive appear to come from a legitimate source, when, in truth it is from a scammer who has merely managed to make it look like the call is legitimate.  Many people are reporting receiving calls on their smart phones or landlines that on Caller ID appear to be from “Technical Support” and carrying a telephone number that is a real number for Verizon Wireless technical support.  The call received is an automated robocall that informs you that you have are eligible for a $38 reward and then directs you to the website  This website is a phony website which lures you into providing personal information that is then used to make you a victim of identity theft.  In other variations of this scam, merely by clicking on a link on the phony website, you will unwittingly download keystroke logging malware that will steal the personal information from your computer and use this information to make you a victim of identity theft.   This type of scam by which a legitimate-looking, phony website tricks you into providing personal information or clicking on tainted links is called “phishing.”  Back when I first reported on this scam to you, the phony website was and the amount of the phony reward was $54.


You can never trust a phone call to actually be from whom the caller says.  Spoofing is easy to accomplish by identity thieves.  Don’t be tricked into trusting a telephone call.  In addition, robocalls are illegal so you should never trust a prerecorded call.  Nor should you click on links that you are not sure are legitimate.  If you have any thought that the original contact might be legitimate, contact the company directly at a website address or telephone number that you know is accurate to inquire about the particular matter.

Scam of the day – October 24, 2014 – President Obama’s Executive Order regarding credit card security and identity theft

October 24, 2014 Posted by Steven Weisman, Esq.

President Obama has signed an Executive Order leading the way for greater protection for Americans from data breaches and identity theft.   He also announced that a number of companies including Home Depot Target,  Walgreen and Walmart are accelerating their move to more secure chip and PIN credit card use at their stores. Although regulations that would encourage retailers to switch to these smart cards no later than October of 2015, these companies are planning on completing the move to smart card readers by January of 2015 with Walmart already leading the way.  Also starting in January Citi and FICO are joining together to make credit scores available free to Citi Bank credit cards.  Already providing free credit scores are Discover, Barclaycard, Pentagon Credit Union and First National Bank of Omaha.  It is hoped that more banks will follow this example.  Under the President’s order the reporting of credit card fraud will be made quicker and easier within two years.  Finally, the President announced that the Department of Justice and the FBI are working to improve greater information sharing between hacked companies and affected consumers with the National Cyber-Forensics and Training Alliance’s Internet Fraud Alert System.


The President’s actions are a good first step and they do indicate a greater willingness of businesses to work with the government in order to better protect consumer data.  However, much remains to be done and Congressional action is definitely required to improve the laws necessary to protect consumers from data breaches and identity theft.  However, it is good to see the President taking the lead on this important issue. Meanwhile, the primary responsibility for protecting ourselves from identity theft still rests with all of us as individuals.  I urge you to pick up a copy of my new book “Identity Theft Alert” which provides simple steps you can take to dramatically improve your chances of avoiding identity theft.  You can order the book from Amazon by clicking on the link on the right hand side of this page.  I also urge you to read every day so you can become aware of the latest scams and identity theft schemes.

Scam of the day – October 15, 2014 – Medicare open enrollment scams

October 15, 2014 Posted by Steven Weisman, Esq.

The open enrollment period for Medicare begins today on October 15th and goes until December 7th.  This is the only time during the year that people enrolled in Medicare can change their Medicare health plans, supplemental or Medigap plans and their prescription drug plans.  By now, people already enrolled in Medicare should have received an Annual Notice of Change from their health insurance providers describing any changes to their plans such as the dropping of particular drugs from your prescription drug plan.  If you are satisfied with your plans, you do not need to do anything.

Scammers and identity thieves view the open enrollment period as senior citizen hunting season as myriads of Medicare scams are common during this time.  Among the scams are phone calls or emails purporting to be from Medicare informing you that Medicare is issuing new Medicare cards and that in order to continue to receive benefits, you need to obtain a new card which can be done by providing the person contacting you with your Medicare number which is your Social Security number.  If you provide this number, you will end up becoming a victim of identity theft.  Other times you may be contacting by someone purporting to be from your insurance company asking to verify information.  Again, this is a common tactic of identity thieves trying to trick you into providing information.  You also may be contacted by people claiming to have supplemental insurance programs that will save you thousands of dollars.  Here too, you cannot be sure that they are legitimate when they contact you by phone, text message, email or even regular mail.


Medicare is not issuing new cards and they will never contact you by phone and ask for your Medicare number.  Never give personal information to anyone who calls you on the phone because you can never be sure who is actually on the other end of the line.  Through a technique called “spoofing” a scammer can fool your Caller ID and make it appear that the call is from the government or some legitimate company when in fact, it is from an identity thief who is eager to steal your money.  If you want to get information you can trust about what insurance plans are available to you and at what cost, merely go to the “Plan Finder” section of Medicare’s website  If you want to speak with someone on the phone, call Medicare at its 24 hour hotline 1-800-MEDICARE.

Scam of the day – October 13, 2014 – Attention Kmart shoppers: You have been hacked

October 13, 2014 Posted by Steven Weisman, Esq.

Yesterday, I told you about Dairy Queen becoming the most recent company to announce that it had been hacked.  Today, it is my duty to tell you that Dairy Queen has lost that honor to Kmart, which, in a filing with the SEC announced that it too had been hacked and suffered a data breach in which debit card numbers and credit card numbers had been compromised through the same type of “Backoff” malware that I have been warning you about for months.  The data breach began in early September and was discovered by Kmart on October 9th.   Required filings with the SEC have become the most common way for the public to learn that they have been involved with a data breach at the companies where they shop.  The pattern of this data breach again follows what I described in my column for USA Today on September 27th entitled “Coming soon:  Another major retailer hacked” in which I provided a fill-in-the-blank format for the stories of future data breaches in which I predicted exactly how they would occur in the future which is precisely what happened at Kmart.  Here is a link to that column:

Kmart has assured its customers that no debit card PINs were compromised, but this is of little consolation since as I described in my Scam of they day of January 1, 2014, identity thieves can often decipher PINs using computer programs that easily crack the many common PINs that people use.  To make things worse, even if you have a very secure PIN, as I described in my Scam of the day for September 12, 2014, identity thieves are exploiting vulnerabilities in bank security systems to merely change the PINs of the stolen cards and thereby bypass the need to know the PINs of the cards they steal.  Heads they win, tails you lose.


As I so often say, you are only as safe as the places you do business with who have the weakest security.  Despite government warnings last July to retailers about the dangers of the “Backoff” malware, thousands of retailers have still not taken the necessary steps to protect their computer systems.  All that we can do is to refrain from using debit cards for retail purchases and only use credit cards.  The laws protecting you from fraudulent use of debit cards are not as strong as those that pertain to fraudulent use of credit cards.  Also, since there is always a time lag from the time that the data breach actually occurs and when the company realizes that it has been hacked, it is important to regularly monitor your credit card statements for fraudulent purchases.

These kind of retail hackings will continue to happen and provide tremendous profits to hackers and identity thieves until retailers in the United States join the rest of the world and implement the smart card with chip technology used throughout the rest of the world.

Kmart will be offering free credit monitoring to affected customers.  For more information, go to their website or call them at 888-488-5978.

Scam of the day – October 11, 2014 – Nude photos of Emily Watson scam

October 11, 2014 Posted by Steven Weisman, Esq.

Emma Watson is a popular, young actress who is best known for her role as Hermione in the Harry Potter movies.  She is one of the most well searched celebrities on the Internet.  This intelligent Brown University graduate also may be one of the few celebrities who did not have nude photos of her stolen from the cloud.  It may even because she has not taken such pictures.  Regardless, there are many people who would very much like to see nude photographs of her which is why a new scam first reported by the security firm Bitdefender comes as no surprise.  This scam starts with a Facebook posting that promises nude videos of Emma Watson for free, merely by clicking on a link.  If you click on the link the image reproduced below appears on your screen.  Unfortunately, if you download the attachment in order to view the promised video, you will not succeed in seeing a video of Emma Watson, but you will succeed in downloading malware called Trojan.Agent.BFQZ which will steal the information from your computer or other electronic device and use it to make you a victim of identity theft, make postings using your name on Facebook and sign you up for expensive text message services for which you will be billed through your cellular service.

The Emma Watson Trojan virus being shared on Facebook


Without even getting into the morality and ethics of viewing what appear to be privacy invading, stolen nude videos of public figures, the plain, hard truth is that many of these solicitations to view these videos are just bait by scammers and identity thieves to lure you into clicking on links and downloading attachments that will install malware on your computer or other electronic device that will end up costing you money and making you a victim of identity theft.  Trust me, you can’t trust anyone.  Never click on links or download attachments unless you are absolutely sure that they are legitimate.


Scam of the day – October 7, 2014 – Latest security updates from Department of Homeland Security

October 7, 2014 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates include a number of important security patches related to the Bash virus.


Here are the links to the latest security updates as issued by the Department of Homeland Security:

Scam of the day – October 5, 2014 – More banks hacked by suspected hackers of J.P. Morgan Chase

October 4, 2014 Posted by Steven Weisman, Esq.

With news of the massive data breach at J.P. Morgan Chase in which names, addresses, phone numbers and email addresses of 76 million households and 7 million small businesses were stolen by what appears to be Russian hackers who may or may not be affiliated with the Russian government dominating the news, it seems perfectly appropriate to wish you a happy National Cybersecurity Awareness month.  As frightening as the spectre of a major American bank being vulnerable to vulnerable to such a massive data breach, you may remember that when the story broke last August of the possible data breach at J.P. Morgan Chase, reports were that there were as many as four other banks that had similarly been hacked.  Now, according to a report in the New York Times, that number is actually risen to nine other major financial institutions that may have suffered data breaches at the hands of the same hackers.  Therefore even if you are not a customer of J.P. Morgan Chase, you should be extra vigilant in regard to all of your financial accounts.


Now is the time to implement a eight step approach to protecting yourself from identity theft and data breaches.  The first step is to change your password regularly, such as every six months.  A good password has a mixture of capital letters, small letters, symbols and digits.  Don’t use any word in the dictionary because hackers have computer programs that can guess your password. Instead use a phrase, such as IHate2UsePasswords!!.  This is a very secure password.  You should also have a separate and distinct password for each of your accounts, but you can merely adapt this basic password by adding a couple of distinguishing letters for each account.  For example, you could make this your Amazon password by adding the letters “Am” at the end of your basic password so it reads IHate2UsePasswords!!Am.  This is easy to remember.

You should also use dual factor authentication on your accounts when available.  Dual factor identification provides you with an extra level of security by which more than a password is necessary to gain access to your account.  Generally, when you log in through your password to an account a code is then sent to your smartphone which you then must input in order to access your account.

You also should change the answer to your security question to something completely nonsensical.  Answering a security question is required if you forget your password or if you want to change your password.  Unfortunately the answers to common security questions, such as your mother’s maiden name can be found with a little effort by an identity thief in the many places on the Internet that store personal information.  So instead of the answer to your mother’s maiden name being “Jones,” change it to “Grapefruit.”  No identity thief will find it or guess it and it is silly enough for you to remember.

Don’t click on links or download attachments in any email, text message or social media posting unless you have absolutely confirmed that it is legitimate.  Identity thieves and hackers lure people into clicking on links in such communications that results in the victims downloading keystroke logging malware that can steal all of the information from your computer.

Don’t provide personal information over the phone to anyone whom you have not called.  You can never be sure if the person calling you is legitimate regardless of how compelling the reason he or she gives for you to provide personal information.  Don’t rely on your Caller ID because through a technique called “spoofing” an identity thief can make it appear that his or her call is from the IRS, your bank or some other legitimate entity.  If you think the call may be legitimate, hang up and call the company or agency at a number that you know is real, not the number the caller gives you.

Review all of your accounts regularly and carefully to note the smallest charge that should not be there.  Sometimes identity thieves will put regular reoccurring charges on your credit card or phone bill in the hope that you will not bother to look further into it because the charge is so small.  The earlier you catch identity theft, the easier it is to deal with.

Check your credit report from each of the three major credit reporting agencies every year for evidence of fraud or even mistakes that need to be corrected.  Here is the link to the only official place to get your free credit report

Put a credit freeze on your credit report so that even if an identity thief obtains your Social Security number, he or she cannot gain access to your credit report.  Yesterday’s Scam of the day contains the links to the credit reporting agencies to use to freeze your credit.

Scam of the day – October 4, 2014 – J.P. Morgan update and credit freeze information

October 4, 2014 Posted by Steven Weisman, Esq.

Last Thursday, in a required SEC filing,  J.P. Morgan Chase & Co. reported that the data breach, which we reported to you about when it was first discovered during the summer, was much larger than initially thought.  At the time, J.P. Morgan believed that only a million accounts were compromised, but now, J.P. Morgan is indicated that information on 76 million households and 7 million small businesses was stolen by hackers thought to be from Russia or another Eastern European country.  According to the SEC filing, J.P. Morgan says that the information stolen included names, addresses, phone numbers and email addresses.  At this time J.P. Morgan is saying that they are not aware of fraudulent activities tied to the data breach and that no account numbers, passwords, user IDs or Social Security numbers were stolen.  The data breach apparently began in June and went on until discovered in mid August, which is especially troubling because it provided time for the hackers to cover their tracks for what may have been their true goal.  The hackers did manage to gain access to the entire list of applications and programs used by J.P. Morgan Chase on its computers which could then be evaluated by the hackers for inevitable vulnerabilities that could be exploited at a later time.  Obviously J.P. Morgan is busy trying to protect against this threat.


For customers of J.P. Morgan Chase, now is not the time to run and hide nor take your money out of the bank.  In fact, at the time that the FBI began its initial investigation of this data breach during the summer, it indicated that it was looking into possible data breaches of as many as four other banks as well.  It may well be that we are not yet aware of the breaches that occurred and may still be going on in other banks.  You can expect either the hackers, people who the hackers sell the information they gathered and even totally independent identity thieves to start contacting people through emails, text messages and phone calls purporting to be from J.P. Morgan Chase.  In these contacts, they will attempt to lure unsuspecting victims into providing personal information under various guises or clicking on links to obtain what may appear to be important information.  However, if you provide that personal information all you will do is end up a victim of identity thief.  If you click on the links in emails or text messages appearing to be from J.P. Morgan you may well end up downloading keystroke logging malware that will steal all of the information from your computer that will be used to make you a victim of identity theft.  Trust me, you can’t trust anyone.  Even if your Caller ID appears to show that the call you receive is form J. P. Morgan Chase, scammers are able to make their calls appear to be from J.P. Morgan Chase through a tactic called spoofing.  The best course of action if you receive any purported communication from the bank is to not respond directly, but instead contact the bank independently on your own to find out what the truth is.

This also may be a good time to consider putting a credit freeze on your credit report so that even if someone manages to obtain your Social Security number and other personal information, they will be unable to access your credit report and run up large debt in your name.  A separate credit freeze needs to be established at each of the three major credit reporting agencies to be effective.  Here are the links to the pages at Experian, TransUnion and Equifax where you can put a credit freeze on your report and get some peace of mind.




Scam of the day – October 1, 2014 – Supervalu stores hacked for second time in two months

October 1, 2014 Posted by Steven Weisman, Esq.

Regular readers of may remember that it was just last August 17th that I told you about the hacking at grocery chain Supervalu.  Well, it has happened again.  Now the company is saying that a second, entirely different hacking and data breach occurred just a few weeks after the previous hacking was discovered that affected customers at some of its Shop ‘n Save, Shoppers Food & Pharmacy and Cub Foods stores as well as some of its liquor stores.  Although the company is saying that due to what it calls its “enhanced” security technology installed after the last data breach, it believes that no cardholder data was actually taken by the hackers, it is still too early in the investigation to definitively make that statement.  In last Saturday’s USA Today, I wrote a column about the commonality of the data breaches over the last year that you may find interesting.  Here is a link to that column:

You can well expect there to be continuing problems at retailers in the weeks and months ahead with data breaches.


Specifically for people who think they may have been affected by the most recent Supervalu data breach, you can go to Supervalu’s website for more detailed information.  Supervalu’s website is  They have also established a call center for information about free credit monitoring being offered through the company AllClear ID.  You can reach the call center at 855-731-6018.  If you receive an email or text message purporting to be from AllClearID or Supervalu asking you to click on a link to access the free credit monitoring services, don’t do so.  You can’t be sure that the email or text message is legitimate and all you may end up doing is downloading malware on to your own computer or other electronic device that will enable the identity thief to steal all of the personal information stored on your computer or other personal electronic device  and use it to make you a victim of identity theft.  Instead go directly to Suprevalu’s true website at

For the rest of us who may not be personally affected by this latest data breach, this serves as a reminder that we should not use debit cards when shopping in retail stores because of the greater harm that can come if your debit card is hacked.  It also is important to remember to regularly monitor your credit card statement, preferably online to look for fraudulent charges.  Remember, when it comes to data breaches, the retail merchants who get hacked are always months behind when the hacking occurred so you need to be monitoring your accounts for improper activity.