Posts Tagged: ‘Identity Theft’

Scam of the day – May 19, 2013 – Fidelity phishing scam

May 19, 2013 Posted by Steven Weisman, Esq.

Phishing, as I have described on Scamicide and in my book “50 Ways to Protect Your Identity in a Digital Age” is the name for the tactic used by identity thieves by which you are lured to a phony website to provide information used to make you a victim of identity theft.  Phishing often starts with an email from a company with you do business or a federal or state agency.  The email indicates that there is some problem or other matter to which you must give your immediate attention and a link is provided for you to purportedly go to the website of the company or agency, however, in fact, you are either sent to a phony website for the company or agency where information is solicited that will be used to make you a victim of identity theft or, even worse, by clicking on the link you download a keystroke logging malware program that steals all of the information from your computer including your Social Security number, credit card number, passwords and other information used to also make you a victim of identity theft.

Recently, I received an email purportedly from Fidelity Investments.  As phishing attempts go, this one was pretty flawed.  The email address from which it came was not an email address of Fidelity Investments.  In fact, it was that of a private person who most likely was a part of a botnet by which his computer was being manipulated by an identity thief.  If you want more information about botnets, you can check out the archives of Scamicide or read about them in my book “50 Ways to Protect Your Identity in a Digital Age.”  Other flaws in the phishing email were the lack of my name appearing anywhere which indicates that it is just a general phishing email sent out to many people by the identity thief, and the lack of a Fidelity logo.

Here is a copy of the email I received.  DO NOT CLICK ON THE LINK.

“Account Status NotificationWe have noticed unusual activity on your account. Due to this, we need you to verify your account information for more efficient use of our Banking system: Please confirm your account information today by clicking on the link below: https://fidelity.secure.com/Logon.aspx?LOB=RBGLogon=user=&email&Security Adviser
©

Fidelity Brokerage Services LLC. All rights reserved”

TIPS
Never click on links in emails unless you are sure they are legitimate.  Unfortunately, you can never be sure when you receive an email if the email is legitimate so you should always be skeptical and make it a habit not to click on links until you have verified that they are legitimate by contacting the company or agency that is indicated as having sent the email to confirm whether or not the email and link are legitimate.  Look for the telltale signs that it is a phony, such as an email address for the sender that is not that of the real company or agency and the failure to direct the email to you directly by name.  You can contact the company or agency by phone or email directly to confirm whether or not the email you receive was legitimate.  Finally keep your Firewall and security software up to date to help protect you from viruses and malware.  Security software is certainly not perfect, but it does help.
Read full article |Leave a comment
Tags: , , , , , , , , , ,
Categories: Site Related

Scam of the day – May 12, 2013 – Bank text message scam

May 12, 2013 Posted by Steven Weisman, Esq.

Everyone texts including scammers and identity thieves.  A recent text message scam that has resurfaced involves a text message from “Credit Card Services Alert” and it informs you that your debit card has been deactivated.  The text message provides you with a telephone number to contact.  If you respond by calling the number, you will reach an automated service informing you that you have reached the card activation center.  It then asks you for you credit card number, expiration date and security code.  Anyone providing this information is sure to become a victim of identity theft.  Your bank or credit card issuer will not contact you in regard to problems by a text message so if you do receive such a text message, you should immediately delete it.

TIPS

Whenever you receive a text message, email, letter or telephone call, you can never be sure of who is communicating with you.  If you have even the slightest thought that the message may be real, you should not respond to the text, email, or caller directly, but rather contact the bank or other organization that they pretend to represent at a telephone number that you know is accurate in order to inquire about the legitimacy of the communication, whereupon you will promptly be informed that it was a scam.  Remember, texts and email messages or phone calls can appear to come from legitimate companies, but that does not mean that it is not a fake.  I received a very real looking email message about a problem with my bank account, however, there was only one problem.  I didn’t have an account at that bank so I merely deleted the email.  You should too.

Read full article |Leave a comment
Tags: , , , , , , , ,
Categories: Site Related

Scam of the day – May 6, 2013 – Hotel telephone call scam

May 6, 2013 Posted by Steven Weisman, Esq.

Some of the most simple scams are also the most effective.  Earlier this week a woman staying at a Double Tree Hotel in Skokie, Illinois received a telephone call purportedly from a clerk at the front desk of the hotel informing her that they needed her credit card information again because of a computer error in processing her card.  She obliged and provided the information over the phone and the identity thief who had really called her promptly ran up $5,000 of charges.  This is a common scam that occurs when a hotel guest gets called from someone who says they are a hotel employee and then requests credit card information under any of a number of different pretexts.

TIPS

Whenever you get a telephone call, you can never be sure that the person calling you is who he or she represents himself or herself to be.  If you are in a hotel and receive such a call, you should hang up and either go to the front desk in person or call the front desk at a telephone number that you know is accurate.  Whenever you get a telephone call requesting personal information such as a credit card number for whatever reason, do not give the information to the caller.  Rather, call the company or agency that purported to call you at a number that you know is correct and not a number that the caller gives you.

 

Read full article |Leave a comment
Tags: , , , ,
Categories: Site Related

Scam of the day – April 30, 2013 – Wells Fargo bank email scam

April 29, 2013 Posted by Steven Weisman, Esq.

Once again, I had to go no further than my own email to find today’s scam of the day.  Recently I received an email which purported to be from Wells Fargo Bank indicating there was a problem with my bank account and that my account was being blocked.  In order to unblock my account, I was instructed to click on a link.  If I had done so,  I would have downloaded keystroke logging malware that would have stolen all of the information contained on my computer and made me a victim of identity theft.  A copy of the email appears below.  DO NOT CLICK ON THE LINK.  The email did not carry any Wells Fargo logo, did not refer to me by name and did not reference an account number.  These are all indications that this email was a fake.  Identity thieves depend on people reacting emotionally when they receive such an email by clicking on the link.  Never click on links in emails that you are not absolutely sure are legitimate.

“We noticed some irregular online banking activities on your account. Due to this reason, we blocked it. Unlock it now.

Wells Fargo Online Security”

TIPS

If you ever get such an email, immediately delete it.  I knew immediately that the email was a scam because I don’t have a Wells Fargo account, however, if you ever have the slightest thought that the email may be legitimate, do not click on the link, but rather call the company at a number that you know is legitimate to inform them that you received the email and to inquire as to whether it was legitimate.  You will promptly find out that it was a scam.

Read full article |Leave a comment
Tags: , , , ,
Categories: Site Related

Scam of the day – April 27, 2013 – Do Not Call list scam

April 27, 2013 Posted by Steven Weisman, Esq.

The federal Do Not Call Registry was created in 2003 and permits people to register their landline or cell phone number on a list of telephone numbers that telemarketers are not permitted to call.  For many of us who have found telemarketing calls to be a great nuisance, this was a great development although there are a few things to keep in mind.  Although legitimate telemarketers by and large honor the list, phony telemarketers may still call you.  If you receive a call from a telemarketer after registering your telephone number, you should therefore be particularly skeptical of the caller and hang up immediately.    The Do Not Call Registry also does not ban calls to you on behalf of political candidates, who may be seeking contributions or from charities seeking donations.  In either case, it is dangerous to respond to a solicitation on behalf of a candidate or a charity on the phone because you can never be sure that the person on the other end of the line is who they say they are.  If you are inclined to contribute either to a candidate or a charity that calls you, I suggest that you hang up and send your contribution to an address for the candidate or charity that you know is accurate and legitimate.  Recently a new Do Not Call Registry scam has been going on around the country by which you receive a call from someone who tells you that he is with the Federal Trade Commission, the federal agency that sponsors the Do Not Call list.  You are told that you need to either confirm information to remain on the list or that you need to renew your registration.  Both of these claims are false.  You do not need to confirm information or renew your registration in order to remain on the Do Not Call List.  Do not give any information to anyone who says this to you because the information can be used to make you a victim of identity theft.

TIPS

Trust me, you can’t trust anyone.  Phone calls from scammers and identity thieves can be very convincing.  You can never be sure when you receive a phone call as to the true identity as to the person on the other end of the line.  Even if you have caller ID, the criminals can “spoof” the phone number and their identity so it appears that they are legitimate.  You can’t trust your caller ID.  Never give personal information to anyone who calls you on the phone unless you are absolutely sure that the call is legitimate.  The better course of action is to call the company or agency they purport to be at a number that you know is correct so you can confirm if the call is legitimate.

Read full article |Leave a comment
Tags: , , , , , , , ,
Categories: Site Related

Scam of the day – April 26, 2013 – Latest Apple Safari 6.0.4 updates

April 26, 2013 Posted by Steven Weisman, Esq.

I make it a practice to constantly keep you advised about the latest security patches issued by computer software companies.  Identity thieves and scammers are constantly discovering and exploiting vulnerabilities in the software that we all use in order to make us victims of identity theft or other scams.  Software companies are just as constantly trying to keep up with these threats by developing security patches.  Unfortunately, many people do not keep their computer software up to date with the latest security patches and this makes them particularly vulnerable to becoming a scam or identity theft victim.  Apple the maker of the Safari browser has issued a new security alert and patch for its latest Safari 6.0.4 software and you should download it and install it immediately if you use this browser.

TIPS

The link for accessing the new Apple Safari security updates is http://support.apple.com/kb/HT5701

Read full article |Leave a comment
Tags: , , , , , ,
Categories: Site Related

April 25, 2013 – Associated Press hack attack – what it means to you

April 25, 2013 Posted by Steven Weisman, Esq.

On Tuesday, the Twitter account of the Associated Press (AP) was hacked into and a phony message describing a terrorist attack on the White House was sent out to the close to two million followers of AP’s Twitter account.  Immediately thereafter the Dow Jones Industrial Average lost 140 points as computerized program trading reacted automatically to the news without any verification of the truth of the report.  The phony tweet was corrected within minutes and the market recovered just as quickly as it went down, however the problem exposed by this hacking still remains.  In May of 2010 the Dow Jones Industrial average quickly lost almost 1,000 points due to a glitch in the computerized trading programs used on Wall Street.  Problems with computerized programmed trading which automatically order trades in response to perceived information are quite significant.  However, another problem is the hacking into the sources of our information.  The AP hacking is only the most recent hacking of a major provider of information.  Just last week the CBS news programs “60 Minutes” and “48 Hours” were hacked.  Also recently NPR and the BBC had their Twitter accounts hacked.   But it is not just the media that is being hacked.   Hacking is a major problem for all companies.  A recent study by Verizon indicated that 75% of the hacks were done last year by criminals seeking financial gain.  Sometimes it is to gain trade secrets, but other times it is to steal information about customers to make them victims of identity theft.  In 76% of the data breaches, according to the Verizon report, the hackers were able to exploit weak passwords.  In 29% of the hacks, tactics such as “spear phishing” were used to install keystroke logging malware on to the hacked companies’ computers to steal their data.   Spear phishing is a targeted phishing attack, often done through phony emails purporting to be from employees’ friends or business partners of the companies that contain the malware.

TIPS

Both government entities and companies are not doing what they need to do to properly protect their data from hacking.  The Associated Press Twitter account should have been protected by two-factor authentication when logging in so that even if a password is obtained by a hacker, he still would not be able to access the account.  Two-factor authentication requires not just a password, but also a code that is sent to a person’s cell phone.  Some companies such as Apple already use this technique.  The problem is that even if you and I do all we can to protect ourselves from identity theft, we are only as safe as the company or governmental agency with the worse security holding information about us.  Therefore you should try to limit as much as possible the places that hold your personal information and we all should impress upon the government and private industry the absolute necessity for better data protection.  The technology is available.  It just has to be used.

Read full article |Leave a comment
Tags: , , , , , , , , , , ,
Categories: Site Related

Scam of the day – April 19, 2013 – Some help with income tax identity theft

April 19, 2013 Posted by Steven Weisman, Esq.

The deadline for the filing of your 2012 federal income tax return is only four days past, but the deadline for income tax identity theft never comes.  Identity theft, by which identity thieves use your Social Security number and name to file a phony income tax return in your name along with a forged 1099 or W-2 that provides them with a huge refund is a major problem costing the federal government billions of dollars and tying up the legitimate refunds for the victims of income tax identity theft for as long as a year.  A  key part of protecting yourself from income tax identity theft is protecting the privacy of your Social Security number which is the key to many forms of identity theft.

TIPS

However, there is another thing you can do that can offer you some measure of protection from income tax identity theft.  File an IRS Form 8821 with the IRS.  This form is like a power of attorney in that it authorizes the IRS to send to a third party, such as your accountant or lawyer, any information regarding your income tax return.  Traditionally, this form has been used when someone is being audited or is having health issues such that an accountant or lawyer is acting on behalf of the taxpayer with the IRS.  However, you can use this form to help combat identity theft.  Name yourself as the third party to receive information about your income tax return so that if there are any issues with the phony income tax return filed by the identity thief, you will be contacted.  This can help serve as an early alert system if an identity thief has filed an income tax return on your behalf and the tax return has any issues that arouses IRS interest.

Read full article |Leave a comment
Tags: , , , , ,
Categories: Site Related

Scam of the day – April 17, 2013 – Smartphone credit card scam

April 17, 2013 Posted by Steven Weisman, Esq.

Many scams are merely updates of older scams.  The Nigerian letter of today is actually just the most recent incarnation of a scam that was being done in the 1500s when it was referred to as the “Spanish Prisoner Scam.”  Smartphones and other portable devices have made our lives easier and we all depend on them, however, they have also made the lives of identity thieves and scammers easier too as they use them to foist old scams on you by way of new technology.  The FBI has recently issued a new warning about a text message that people are receiving that purports to be from the issuer of your credit card telling you that your card has been deactivated.  You are then told to call a specific telephone number and provide your personal information including your name, credit card number and other personal information in order to reactivate your card.  Although this scam is being used by identity thieves around the country, the FBI warning dealt with calls coming from the 907 area code which is Alaska.  But even if you don’t live in Alaska, you may well be receiving a text message from your own local area.  This impersonation of your credit card issuer in order to get you to provide the identity thief with information that the identity thief can use to make you a victim of identity theft is called “phishing.”

TIPS

Never, and I do mean never, respond to a text requesting personal information unless you have confirmed that the message to you is legitimate.  In this case, if you have even the slightest concern that the text message may be from your credit card issuer, you should call your credit card issuer at the number indicated on the back of your credit card to confirm whether or not the text message you received was legitimate.  Then you will find out for sure that it was a scam.  You can never be sure when you receive a telephone call, email or text message who is sending you the message.  The risk of providing personal information to an identity thief is too high for you to trust any such communication.

I also urge you to pick up a copy of my book “50 Ways to Protect Your Identity in a Digital Age” which provides you with a wealth of specific steps you can take to make yourself safer on your smartphone, tablet or other portable devices.  You can click on the picture of the book on the right hand side of this page to go to Amazon where you can purchase the book at a discount.

Read full article |Leave a comment
Tags: , , , , , , ,
Categories: Site Related
« Older Entries