Posts Tagged: ‘Identity Theft’

Scam of the day – December 11, 2014 – Phony shipping phishing scam

December 10, 2014 Posted by Steven Weisman, Esq.

Phony shipping phishing scam.  Try saying that fast three times.  Most likely you will trip on your words, but that is nowhere near much of a problem when compared to what happens to you if you fall for this scam.  The holiday season is a time when people are ordering gifts from many retailers.  It is common for companies to send an email confirmation when you order something online.  Scammers are taking advantage of this practice to send vast amounts of phony shipping notices and confirmation from what appear to be legitimate companies, such as Amazon with which so many of us do business.  However in these phishing emails, in which the scammer poses as a legitimate company, you are prompted to click on a link or download an attachment under various guises, such as confirming the order.  These links and attachments are filled with malware that will enable the scammer to steal all of your personal information from your computer and use it to make you a victim of identity theft.

Here is a copy of a phony phishing notice purportedly from Amazon.

bogusemail.jpg

TIPS

Legitimate companies will not have attachments or links for you to click on in any real confirmation of your order.  If you receive an email that informs you of a problem with your order or anything else that appears to require action on your part, never click on any links or download any attachments that may appear in such emails.  Rather, contact the real company through its website or a telephone number that you know is accurate.  Don’t use the telephone number contained in the email and don’t click through the email to purportedly go to the website.  Taking these simple steps can save you a lot of grief.

Scam of the day – December 4, 2014 – Which online shopping websites are the safest?

December 4, 2014 Posted by Steven Weisman, Esq.

Shopping online is not limited to Cyber Monday.  Many of us are fond of the ease and convenience of online shopping, not to mention the considerable savings we sometimes achieve.  However, there is always a question about the safety of the online shopping experience.  Recently, the password management company, LastPass did a security comparison of ten popular online retailers and rated them for security considering the following factors:

1.  Password requirement

2.  Assistance in setting up a strong password

3.  Use of a security question

4.  Simplicity of security question

5.  Automatic encryption of data

6.  Storage of  personal data

The optimum score would be by a company that required a password, provided assistance in evaluating the strength of your password, required a security question asking for information not readily available to an identity thief, automatically used encryption for transfer of data and stored the least information necessary.  At the top of LastPass’ list was the Apple App Store, eBay and Macy’s.  At the bottom of their list was JC Penny and Sears.

TIPS

The best place to find a helping hand is, as always, at the end of your own arm.  When shopping online, you should always make sure that a password is necessary and that you use a strong password.  You can find information about setting up a strong password in the archives of Scamicide.  Security questions are always a good idea and an even better idea is to make a nonsensical answer to your security question which will turn a weak security question, such as your mother’s maiden name into a strong security question.  For example, if your mother’s maiden name is “Smith,” make the answer to the question “Grapefruit.”  No one will find that answer by doing research.  Never provide credit card information unless the transaction is encrypted which you can determine by looking for “https” rather than merely “http” at the beginning of the website address line.  Finally, regardless of how convenient it may be, don’t leave your credit card stored with the retailer for future use. Insert the credit card anew each time you purchase something.  Leaving your credit card information with the retailer just makes you more vulnerable in the event of a data breach of the retailer.

Scam of the day – December 2, 2014 – Latest security updates issued by the Department of Homeland Security

December 2, 2014 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates includes many important updates and security patches to prevent serious problems including important security updates for Adobe Flash.

TIPS

Here are the links to the latest Department of Homeland Security software updates and security patches: https: https://www.us-cert.gov/ncas/bulletins/SB14-335

Scam of the day – November 23, 2014 – New Drupal security threat

November 23, 2014 Posted by Steven Weisman, Esq.

In my Scam of the day for for November 3rd I warned you about a major security flaw in Drupal software.  Many of you may not be familiar with Drupal, but website developers certainly are.  Drupal is a software company whose software is used by a billion websites to manage images, text and video on websites.  On October 15th, Drupal announced that it had discovered a major security flaw that could be exploited by hackers to not only steal data from targeted websites, but also to set up a backdoor application that would permit the hacker to return to retrieve more data.  All of this could be done without any indication that a hacking had occurred.  Most companies responded to Drupal’s announcement and its security update, however, according to Drupal, any website that did not download the Drupal security patch within seven hours of its October 15th announcement should assume that they have been hacked and their sensitive information compromised.  Drupal estimates that about 5% of the billion websites that use Dropal software did not install the necessary security patch in a timely fashion and although this number may seem small, this means that the number of affected websites that may have personal information on you and me is as high as twelve million websites.   Among the websites that did not promptly update their security was the website of the Indiana Department of Education which was hacked twice after failing to update its Drupal software.

TIPS

Part of the problem is that unlike many software companies that provide automatic updates for you to install, Drupal does not do so.  Many companies, to their own detriment are slow to install important security updates and this delay puts them and their customers in serious danger of identity theft and being scammed.  This is why here at Scamicide we provide security updates as they are announced.  The Drupal security problem is also a warning again to us all that we are only as secure as the companies and governmental agencies with which we do business with the least effective security.  Drupal has issued a new security warning with instructions as to how to correct security flaws in their software.  Here is a link you can trust to Drupal’s security warning https://www.drupal.org/SA-CORE-2014-006

Scam of the day – November 5, 2014 – Latest security updates from the Department of Homeland Security

November 5, 2014 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates includes many important updates and security patches to prevent serious problems including important security updates for the popular website design software WordPress.

TIPS

Here is the link to the latest Department of Homeland Security software updates and security patches https://www.us-cert.gov/ncas/bulletins/SB14-307

Scam of the day – November 4, 2014 – Instagram counterfeit check scam

November 4, 2014 Posted by Steven Weisman, Esq.

Many years ago there was a popular cartoon character named Pogo, who transformed the famous words, “We have met the enemy and he is ours” spoken by Admiral Oliver Hazard Perry following a naval battle into “We have met the enemy and he is us.”  Pogo’s version may well apply to the many of us who don’t realize that whenever we put too much information online through social media we are providing information that can be used against us in a multitude of ways.  Postings on Facebook and other social media can be used by identity thieves and scammers to learn the answers to your security questions and also provide information to make you a target of spear phishing where you receive an email that appears to come from someone you know or a company with which you do business.  Putting personal information such as your birthdate and address on social media makes it easier for an identity thief to steal your identity.

Recently federal prosecutors in Minnesota brought counterfeiting and other charges against 28 people who created counterfeit checks using the banking information contained on checks that have turned up on Instagram photos with the hashtag #myfirstpaycheck.  It is a simple matter today to create checks with the account number and bank routing information contained on a check.  It is also just as simple for counterfeiters to search Instagram for the popular hashtag #myfirstpaycheck put up by naive new employees.

TIPS

Certainly no one should take a photo of any check and put it up online or on any social media website.  However, you should also limit, as much as possible the personal information you provide online and through social media that in the hands of an identity thief can be used to make you a victim of identity theft.  Don’t include your birth date, mother’s maiden name or other personal information on social media that can be used to make you a victim of identity theft.  Don’t make an identity thief’s work easy.

Scam of the day – November 3, 2014 – 12 million websites hacked in Drupal attack

November 3, 2014 Posted by Steven Weisman, Esq.

Many of you may not be familiar with Drupal, but website developers certainly are.  Drupal is a software company whose software is used by a billion websites to manage images, text and video on websites.  On October 15th, Drupal announced that it had discovered a major security flaw that could be exploited by hackers to not only steal data from targeted websites, but also to set up a backdoor application that would permit the hacker to return to retrieve more data.  All of this could be done without any indication that a hacking had occurred.  Most companies responded to Drupal’s announcement and its security update, however, according to Drupal, any website that did not download the Drupal security patch within seven hours of its October 15th announcement should assume that they have been hacked and their sensitive information compromised.  Drupal estimates that about 5% of the billion websites that use Dropal software did not install the necessary security patch in a timely fashion and although this number may seem small, this means that the number of affected websites that may have personal information on you and me is as high as twelve million websites.

TIPS

Part of the problem is that unlike many software companies that provide automatic updates for you to install, Drupal does not do so.  Many companies, to their own detriment are slow to install important security updates and this delay puts them and their customers in serious danger of identity theft and being scammed.  This is why here at Scamicide we provide security updates as, in turn, provided by the U.S. Department of Homeland Security as they are announced.  The Drupal security problem is also a warning again to us all that we are only as secure as the companies and governmental agencies with which we do business with the least effective security.

Here are links to Drupal’s original warning as well as a security update that instructs Drupal users how to remedy the problem.

https://www.drupal.org/SA-CORE-2014-005

https://www.drupal.org/PSA-2014-003

Scam of the day – October 31, 2014 – Free credit score scams

October 31, 2014 Posted by Steven Weisman, Esq.

Based on the information contained in your credit reports, your credit score can have a significant effect on whether you are granted a loan and at what interest rate, whether you will be hired for a job, whether you will be sold insurance, whether you can rent an apartment or many other purposes.  We all have a right to an annual free credit report from each of the three major credit reporting agencies, however, your free credit report will not provide you with your credit score.  Recently many people are receiving emails with offers to provide a free copy of your credit score.  Unfortunately, as with any other email or text message that requires you to provide personal information such as your Social Security number which is required to obtain your credit report or credit score, you cannot be sure that the offer is legitimate.  In some instances, companies offering to provide “free” credit reports or scores are actually signing you up for a continuing service that you may not either desire or need.  These sites generally ask for your credit card number, but tell you that they only need the credit card number for verification purposes.  Of course, that it is a lie.  If you were getting something free, you would not need to provide a credit card number.   They are getting your number to use it to charge you monthly fees for services that you may not have thought you ordered.  Even worse however, are scams in which the company offering to provide you with your free credit score is actually just scamming you in order to get your Social Security number which they will use to make you a victim of identity theft.

TIPS

As I always say, you cannot trust any email or text message to be legitimate.  Never click on links, download attachments or provide personal information in response to unsolicited emails or text messages.  The risk is too great.  If you want your free credit reports from each of the three major credit reporting agencies, Equifax, Transunion and Experian, the only place to go is the website www.annualcreditreport.com.  It is important to monitor your credit report not just to find evidence of identity theft, but also to find mistakes that may appear on your report that can adversely affect your credit score.  As for your credit score, the website www.creditkarma.com is a legitimate website that you can trust, that encrypts your data and provides your credit score for free.

Scam of the day – October 29, 2014 – World Health Organization Ebola scam

October 29, 2014 Posted by Steven Weisman, Esq.

I warned you about a number of Ebola scams in my Scam of the day for October 16th, however, a new one is now appearing that requires a specific warning.    This scam starts with an email that appears to come from the World Health Organization that contains a link for you to click on in order to download an attachment purported to contain tips to protect you from the Ebola virus.   It is preying upon the public’s fear and concern regarding Ebola.  However, if you download the attachment, you will not get Ebola information, but will download a keystroke logging malware program that will steal your personal information from your computer and use it to make you a victim of identity theft.

TIPS

Never click on links or download attachments in emails, text messages or social media postings unless you have confirmed that the links or downloads are legitimate.  Trust me, you can’t trust anyone.  It is easy to make a counterfeit message that carries the logo of a real organization and appears to be legitimate.  If you even have the slightest thought that the message may indeed be legitimate, you should merely go to the website at an address that you know is correct or call the entity at a telephone number you have confirmed is correct to verify whether or not the original message to you was phony or not.  In this particular case, the World Health Organization never sends messages to the general public, so you should immediately know it is a scam.