Posts Tagged: ‘Identity Theft’

Scam of the day – August 13, 2016 – Healthcare worker convicted of identity theft

August 13, 2016 Posted by Steven Weisman, Esq.

Data breaches at hospitals and other health care providers are a major problem.  The Ponemon Institute’s study of the health care industry this year found 90% of health care organizations suffered data breaches during the last two years including the massive data breach at Anthem.  However, often overlooked is the fact that not all data breaches are caused by outside attacks.  Many of them are caused by rogue employees with access to data that they steal and then sell to others or use themselves for purposes of identity theft.  Recently Alana Wells a health care worker in Alabama pleaded guilty to stealing patients’ names, dates of birth and Social Security numbers and then using them with her co-conspirators for purposes of income tax identity theft by which they filed phony tax returns using the names and Social Security numbers of their victims’ seeking fraudulent tax refunds.  Sentencing will occur later this year and she faces a sentence of up to seven years in prison.

TIPS

Apart from the lesson that employers must do a better job of protecting the data they hold from rogue employees, which admittedly is a difficult job, one thing we as consumers should do is recognize that this problem occurs everywhere and consequently, whenever possible, we should limit the amount of personal information we give any company or institution with which we do business to the minimum amount necessary.  When it comes to hospitals and health care institutions, despite the fact that they routinely ask for your Social Security number, they have no true reason to use it as an identifier. When asked, suggest another number such as your driver’s license.

Scam of the day – August 12, 2016 – Important Microsoft security patches and updates

August 12, 2016 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.    Microsoft recently issued a large number of security patches necessary to fix critical vulnerabilities in software such as Internet Explorer, Edge and Office. The particular vulnerabilities being patched with these updates will protect users from being hacked when they merely visit a tainted website.  Other of the patches will fix  problems with how Windows, Office and Skype handle specific types of fonts such that hackers could exploit this vulnerability to take control of the victim’s computer if the victim views files with certain fonts or by visiting a malicious website.

TIPS

Here is the link to the recent Microsoft security updates: https://www.us-cert.gov/ncas/current-activity/2016/08/09/Microsoft-Releases-August-2016-Security-Bulletin

Scam of the day – July 26, 2016 – Real estate closing scam

July 26, 2016 Posted by Steven Weisman, Esq.

On January 20th’s Scam of the day, I first told you about an intricate email scam targeting people involved in the sales of residential real estate that has increased over the past year both in the United States and the UK.  I mention it again today because of recent reports of this scam occurring in the small town of Dewey Oklahoma where Lacey Monday became a victim of the scam.  The scam begins with the hacking into the email account of one of the parties involved with a residential real estate conveyance.  This can be either the buyer, seller, lawyers, title company, real estate agent or banker.  In Lacey Monday’s case it was her title company whose email was hacked.  Unfortunately, hacking into email accounts is a relatively easy thing for a skilled identity thief to do.  The hackers then monitor the communications regarding the progress of the sale of a particular piece of real estate and when the time is right,  generally posing as one of the lawyers, title company or bank mortgage officer, the scammer will email the buyer, telling him or her that funds necessary to complete the sale need to be wired to the phony lawyer’s, title company’s or banker’s account provided in the email.  Everything appears normal so unsuspecting buyers too often are wiring the money to the cyberthieves who then move the funds from account to account to make it difficult to trace the funds.  In Lacey Monday’s case, she lost $25,000 to this scam.  The fact that this scam can occur in small towns as well as large cities show how these types of scams are a threat to you regardless of where you live.

TIPS

Even if you are not involved in buying or selling a home, it is always a good idea to protect your email account from being hacked.  This means having a strong password and security question.  You can find information about how to pick strong passwords and security questions here in the Scamicide archives as well as in my book “Identity Theft Alert.”  Maintain good anti-virus and anti-malware software on all of your electronic devices including your computer as well as your smartphone and keep your security software up to date with the latest security patches as soon as they are made available.  Don’t click on links in emails or text messages that may contain malware that can steal your personal information from your electronic devices and remember, your security software is always at least thirty days behind the latest malware.

Don’t use public wifi for any financial or business purposes.  Use a virtual private network to encrypt your data when using your electronic devices in public.  Never provide personal information in response to an email regardless of how legitimate it may appear until you have independently confirmed that the email is legitimate.  Finally, whenever you are asked through an email or text message to wire funds as a part of a real estate or other business transaction, don’t do so until you have confirmed that the request and the account to which you are being asked to wire the funds are legitimate.  Appearances can be deceiving so always confirm.  It may seem a bit paranoid, but remember, even paranoids have enemies.

Scam of the day – July 4, 2016 – Steve Weisman’s latest column from USA Today

July 4, 2016 Posted by Steven Weisman, Esq.

Sometimes the job of protecting ourselves from identity theft can seem to be overwhelming, which is why I wrote this column for USA Today that provides you with some simple and easy to take steps to reduce your chances of becoming a victim of identity theft.  Here is a link to that column.

http://www.usatoday.com/story/money/columnist/2016/07/02/simple-steps-avoid-identity-theft/85697192/

June 18, 2016 – Steve Weisman’s latest column from USA Today

June 18, 2016 Posted by Steven Weisman, Esq.

Even intelligent, tech-savvy people like Mark Zuckerberg can be hacked if they don’t take essential precautions to protect themselves from hacking and identity theft.  Here is a link to my latest column from USA Today with tips about how you can protect yourself from being hacked or becoming a victim of identity theft.

http://www.usatoday.com/story/money/columnist/2016/06/18/hacking-prevention-101-where-zuckerberg-went-wrong/85893732/

May 21, 2016 – Steve Weisman’s latest column from USA Today

May 21, 2016 Posted by Steven Weisman, Esq.

Here is a link to Steve Weisman’s latest column from USA Today.  As if there isn’t enough to worry  about, this column deals with the very real problems that arise when a criminal who has stolen your identity commits crime in your name.  http://www.usatoday.com/story/money/columnist/2016/05/21/when-identity-thieves-commit-crimes-your-name/84383670/

Scam of the day – April 22, 2016 – Epidemic of ATM skimmers

April 22, 2016 Posted by Steven Weisman, Esq.

As regular readers of Scamicide know, skimmers are small electronic devices that are easily installed by an identity thief on ATMs and other card reading devices, such as at gas pumps.  The skimmer steals all of the information from the credit card or debit card used which then permits the identity thief to use that information to access the victim’s bank account when the skimmer is used on a debit card.  If a credit card is used, the identity thief can use the stolen information to access the victim’s credit card account.  Each skimmer can hold information on as many as 2,400 cards.  Recently, FICO Card Alert Service, a company that monitors ATM activity on behalf of banks issued a report indicating that last year the use of skimmers on ATMs increased by 600% over the previous year.

TIPS

Always look for signs of tampering on any machine you use to swipe your credit card or debit card.  If the card inserting mechanism appears loose or in any other way tampered, don’t use it.   Debit cards, when compromised through a skimmer put the customers at risk of having the bank accounts tied to their cards entirely emptied if they do not report the theft promptly and even if they report the theft immediately, they will lose access to their bank account while the matter is investigated by the bank.  Skimmers at ATMs are often coupled with a thin, clear electronic device that goes on top of the keyboard to capture the victim’s PIN to enable the identity thief to access the account of the victim whose account number was captured through the skimmer.  Debit cards should not be used for purchases at gas pumps or for other retail purchases because the legal liability laws related to stolen debit card information are not as protective as the laws relating to fraudulent credit card use.  The FICO Card Alert Service report noted that 60% of the skimmer attacks were done on private, non-bank ATMS so you may wish to avoid those ATMS when possible.

Credit card rules required the use of new EMV smart chip credit card equipment by retailers to process these cards by October 1, 2015 in order for the retailer to avoid liability.   These rules, however, do not apply to the use of credit or debit cards at ATMs and gas pumps where the deadline to switch to the EMV smart cards is not until October 1, 2017 so you can expect identity thieves to continue to focus their attention on gas pumps and ATMs.

Scam of the day – March 27, 2016 – Anonymous non-hacking of Donald Trump

March 27, 2016 Posted by Steven Weisman, Esq.

Following the recent terrorist attacks in Paris by ISIS, the hacktivist group Anonymous declared war on ISIS and claimed to have taken down thousands of its Twitter accounts as well as a number of its websites including a recruitment website.  Now, in the wake of the ISIS terrorist attack in Belgium, Anonymous just posted a video in which it again promised that it would be doing cyberattacks against ISIS Twitter accounts as well as threatening to steal the bitcoins of ISIS.

However, Anonymous has many targets of its wrath and on March 18th, it released what it said, at that time, was personal information of another of its enemies, namely Donald Trump.  In its March 18th posting Anonymous released what it claimed was personal information of Trump including his cell phone number and Social Security number.  The response of Trump, the FBI and the Secret Service  was swift but now appears to be misguided because in another video just posted by Anonymous, it revealed that it did not hack Trump’s various accounts to gain the personal information it previously posted, but merely went to online sources available to everyone from public records and online search engines such as Google.  As for Trump’s cell phone number, the number that was posted by Anonymous was actually one Trump himself had posted in a tweet.

TIPS

Perhaps the biggest lesson from all of this to everyone is recognizing just how much personal information is available about us all from public records, websites and data banks readily available to anyone.  However, it is also important to note that often we are our own worst enemies by posting too much personal information on various social media sites which can be gathered and used by cybercriminals for purposes of identity theft.  It gives us all something to think about when you post your birth date or other personal information on Facebook or other social media.

Scam of the day – March 19, 2016 – TurboTax phishing email

March 19, 2016 Posted by Steven Weisman, Esq.

Turbo Tax is a popular online tax preparation company used by many people so it should come as no surprise, particularly at this time of year, that a phishing email is presently being circulated that appears to come from Turbo Tax with the title “Important Privacy Changes” in an attempt to get people to click on the link contained in the email purportedly to opt out of having their personal information shared with others.  The email is not sent by Turbo Tax.  It is a phishing scam intended to lure people into clicking on the link which will download keystroke logging malware that will steal your personal information from your computer, smart phone or other electronic device and use it to make you a victim of identity theft.

Here is a copy of the email presently being circulated, DO NOT CLICK ON THE LINK:

TIPS

The first line of defense against phishing emails is to have good anti-virus and anti-malware software installed on all of your electronic devices as well as to take advantage of anti-phishing features in your web browser.  Also, keep all of your security software up to date with the latest security patches as soon as they are available.  However, even if you have the most up to date security software, it will not protect you from the latest malware.  Security software is always at least thirty days behind the newest “zero day” malware.

Never click on links in any text message or email unless you have absolutely confirmed that the link is legitimate and safe.  In a case such as this, the safest route is to avoid the email entirely and go directly to the website of the company, in this case Turbo Tax to find out if the email was legitimate or not.  When going to the company website, don’t go by clicking on links or typing in addresses contained in the text message or email.  Instead, independently type in the name of the website in your browser.