Scam of the day – June 4, 2017 – New Medicare card scam

Medicare has used a person’s Social Security number as his or her Medicare number since the inception of Medicare and despite the rest of the country recognizing that this puts Medicare recipients in serious danger of identity theft, Medicare resisted changing the Medicare number to a safer random number for many years.  In the Scam of the day for April 23, 2015 I first reported to you about a new law requiring Medicare to start using randomly generated numbers for Medicare identification.  The effective date for that law, however was pushed into the future.   Now we are approaching the effective date of the law and scammers are springing up to take advantage of confusion about the switch to new Medicare numbers to make people victims of identity theft.

Starting in 2018, new cards will be sent by regular mail to all 60 million Americans enrolled in Medicare.  Between April 2018 and December 31, 2019 a Medicare recipient can use either his or her old number or the new, more secure Medicare number.  Starting in 2020 only the new numbers will be used.

Scammers are already taking confusion about this transition to the new Medicare numbers by pretending to be Medicare employees, calling Medicare recipients and telling them that they need to register on the phone to get their new card or they will lose benefits.  They then ask for their intended victim’s Medicare number which is the same as their Social Security number and use that information to make them a victim of identity theft.  In another variation of the scam, targeted victims are told they need to pay for the new card through a credit card or by giving the caller their bank account number.  The truth is that there is no charge for the new card, but anyone providing this information to a scammer will quickly become a victim of identity theft.

TIPS

If you are a Medicare recipient, you will get your new card in the mail. There is nothing you need to do and nothing you need to pay to get your new card with your new number in the mail.  As for phone calls purporting to be from Medicare, you should never provide your Social Security number, credit card number or any other personal information to anyone who calls you on the phone because you can never be sure they are legitimate.  Even if your Caller ID indicates the call is from Medicare, the IRS or some other legitimate organization, through a technique called “spoofing” your Caller ID can be tricked into making it appear that the call is legitimate.  If you get a call asking for personal information that appears legitimate, merely hang up and call the company or agency at a number that you independently know is legitimate to find out the truth.

Scam of the day – May 17, 2017 – Pirates held for ransom

Although the headline may seem a little odd, what it is referring to is another data breach at a major Hollywood movie studio, in this case Disney, where the latest sequel in the successful Pirates of the Caribbean movie series has apparently been stolen through a data breach and the hacker is demanding a ransom which Disney is refusing to pay.  If the ransom is not paid, the hacker has indicated he will release the movie online in advance of the Theatrical release date of May 26th.

This latest incident comes on the heels of the hacker known as thedarkoverlord,  posting nine episodes of the popular Netflix original series, “Orange is the New Black on a publicly available file a few weeks ago as I reported to you on Scamicide at the time.  This type of extortion can only be expected to grow as hackers attack the weakest links in movie and television program development.

TIPS

If the movie is posted online I strongly urge you not to download it.  In addition to the morality and ethics of not participating and encouraging this type of crime, you also run the risk of downloading various types of malware including ransomware and keystroke logging malware that can lead to your becoming a victim of identity theft if you go to these rogue websites.

Scam of the day – May 5, 2017 – 10 Concerts I’ve been to Facebook scam

Facebook is very popular with the general public and anything popular with the general public becomes a popular platform for scammers.  I have written about many Facebook scams over the years, but the latest one is particularly dangerous because it appears so innocuous.  It comes up on your Facebook page under the headline “10 Concerts, but there is one act that I haven’t seen live.  Which is it?”  While this may appear harmless, the information you provide may tell more about you than the person who appears to be posting it.  It may provide information about your approximate age and preferences in music which can then be used by a scammer to send you a phishing email tailored to appeal to your particular interests that you may trust and click on a link contained in the email that contains either keystroke logging malware that can be used to steal your identity or ransomware.

TIPS

We all tend to put too much personal information on social media that can be exploited by scammers and identity thieves to our detriment.  However, if you, as many people do, find this game and other similar games to be fun to play, you may want to just adjust your privacy setting to “friends only” so that you limit who gets to see your answers.

Scam of the day – May 3, 2017 – New USAA phishing scam

USAA is the insurer of millions of members of the military as well as many veterans so it is no surprise that it is the basis for a new phishing email presently being circulated.  As with so many phishing emails, this one tells you  that you need to click on links in the email in order to resolve security issues.  The truth is that if you click on the link or provide personal information, you will become a victim of identity theft as the criminal will use the information you provide to make you a victim of identity theft.  Alternatively, merely by clicking on the link provided in the email, you may download keystroke logging malware that will enable the identity thief to steal all of the information in your computer, laptop or other device and use that information to make you a victim of identity theft.   In another scenario, clicking on the link will download dangerous ransomware.

Here is a copy of the new phishing email that is presently circulating.  DO NOT CLICK ON THE LINKS.  As phishing emails go, the graphics are pretty impressive, however there are grammatical errors including the word “has” being used instead of “have”.  It also  should be noted that the email is directed to “Dear Customer” rather than your name and no account number is provided.  These are further indications that this is a scam.  Finally, this email was sent by an email address that had nothing to do with USAA, but was undoubtedly part of a botnet of computers using email addresses of hacked email accounts to send out the phishing email.

 

TIPS

Frankly, whenever you get an email, you can never be sure who is really sending it to you.  Obviously if you receive this email and you do not have an account with USAA, you know it is a scam, however, if you receive something like this that appears to come from a company with which you do business, you should still not click on any links contained in the email unless you have independently confirmed with the company that the email is legitimate.  Remember, even paranoids have enemies.

Scam of the day – April 30, 2017 – Facebook Mother’s Day coupon scam

Mother’s Day is fast approaching and scammers are taking advantage of this with phony $50 Lowe’s coupons that are turning up on Facebook pages luring people with the promise of the free coupon into providing information to a phony survey where the only goal is to gather personal information that will be used by the scammers for purposes of identity theft. Here is a copy of the coupon as it is appearing on Facebook.

lowes coupon scam Lowes $50 Mothers Day Coupon Is A Scam

While this particular scam uses a free $50 coupon from Lowe’s as the basis of the scam, similar scams have used phony coupons for Home Depot, Target, Ikea and others.

TIPS

No company could cover the cost of giving away vast numbers of $50 coupons although sometimes participants in legitimate surveys are promised a chance to win a coupon in a drawing.  Facebook is a favorite venue for scammers to use for this type of scam because often unwary victims will unwittingly share the scam with their friends.  If you have doubts about the legitimacy of a coupon, the best place to go is to the company’s website to see what real coupons are being offered.

April 22, 2017 – Steve Weisman’s latest column for USA Today

We all know that identity theft is a huge problem, but do identity theft protection services really help protect you?  That was the subject of a recent GAO study as well as my column from today’s edition of USA Today.

https://www.usatoday.com/story/money/columnist/2017/04/22/identity-theft-protection-worth/100554362/

Scam of the day – April 19, 2017 – Phony Nintendo Switch emulator scam

The recently launched Nintendo Switch is the latest video game console released by Nintendo.  Software emulators for the Nintendo Switch are being offered online in many places including YouTube where thousands of videos can be found offering Nintendo Switch emulators.  Emulators permit someone to play console-only games on their portable devices such as their smartphones or tablets.  Nintendo does not make such an emulator.  People going to one of these phony Nintendo Switch emulator websites are generally directed to a survey that they must complete in order to receive the code necessary to use the offered emulator, however, this is a scam and while completing the survey provides the scammers with rewards because they are paid by marketers for each completed survey they supply, the person trying to get the emulator ends up with nothing.  Even worse is the very real possibility that someone downloading attachments for what they think is a Nintendo Switch emulator will be downloading malware that can either lead to identity theft or ransomware malware.

The phony Nintendo Switch emulator scam was uncovered by Symantec, a security company.

TIPS

There presently is no emulator for the Nintendo Switch, so any online offer of one at this time is a scam.  Being directed to a survey when you are attempting to locate something free on the Internet is always a source of concern for while there are legitimate surveys that will provide you something in return, such as a chance at winning a gift card, many of these surveys are scams providing nothing in return.  Finally, as always never click on links or download attachments unless you have absolutely confirmed that the link or download is legitimate.  The risk of downloading dangerous malware is too great.

Scam of the day – April 16, 2017 – Federal Express phishing email

Shown below is a copy of an email that I received recently that purports to be from Federal Express urging me to click on a link to the oddly worded “message with the required information” without any indication as to to what the “required information” relates.  This is just another clever, legitimate appearing phishing email attempting to lure me into clicking on the link.  DO NOT CLICK ON THE LINK.  Clicking on the link either in an email that you might receive or the one shown below  would either take you to another legitimate looking page where you would be prompted to input personal information that would be used to make you a victim of identity theft or would download on to your computer a keystroke logging program that will steal all of the information from your computer including passwords, credit card numbers, your Social Security number and other personal information that would be used to make you a victim of identity theft.   Phishing emails like this are also used to trick people into unwittingly downloading ransomware. If you look closely at the email, you will note that even though it has the Federal Express logo and looks quite official, there are a number of tip offs that this is indeed a phishing scam.  What is not shown on the email as copied below is that it is sent from an address that is not that of Federal Express.  The email of the sender is that of a private individual who, most likely, had his or her email account hacked and used as a part of a botnet to send out these types of phishing emails.  The email also never refers to me by name.only refers to me as customer rather than by my name.  It is also important not to click on the “unsubscribe” link because that too may be loaded with malware.

FedEx Express

We have sent you a message with the required information.
Click here to open this email in your browser.

Thanks for choosing FedEx®.

More details
This message was sent to **************. Please click unsubscribe if you don’t want to receive these messages from FedEx Express in the future.
©2017 FedEx. The content of this message is protected by copyright and trademark laws under U.S. and international law.
Review our privacy policy. All rights reserved

TIPS

If you receive on any email from a company that asks you to click on a link, you should hesitate to do so, particularly if it appears bogus as this one does.  If you have the slightest thought that the email may be legitimate, rather than click on the link, go to the website of the company, which in this case is www.fedex.com or call them directly at 1-800-463-3339.

Scam of the day – April 7, 2017 – Criminal identity theft victim sues police deparment

The problems encountered by someone whose identity has been stolen by a criminal who then commits crimes in the name of the identity theft victim are tremendous.   Victims of criminal identity theft have been arrested for crimes they never committed and often have had difficulty having the crimes, committed by someone who stole their identity, removed from their records.  John Ganley is suing the Albuquerque police department after being arrested for crimes committed by someone who had stolen his identity.  Ganley, who has no criminal record alleges the police were negligent in prosecuting him and that the entire matter caused him great distress and a worsening of his Crohn’s disease which can be affected by stress.

TIPS

If you find that you are a victim of criminal identity theft, you should hire a lawyer and contact the police as well as the District Attorney’s office to straighten out the matter.  File a report indicating that you are the victim of identity theft.  It will be necessary for you to confirm your true identity through photographs and fingerprints. In addition, show law enforcement authorities your driver’s license, passport or any other identification that you might have that contains your photograph.

Get a letter from the District Attorney explaining the situation to have available if you are ever stopped for a traffic violation and your record is checked.  A few states have Identity Theft Passport programs through which anyone whose identity has been stolen by someone who uses it to commit crimes can, upon proving their identity, receive an Identity Theft Passport that protects them and confirms their true identity .  Even if your state does not have an Identity Theft Passport program, get a letter from the law enforcement agency that arrested the person using your name known as a “clearance letter” which indicates that you have not committed the crimes which were done by the identity thief who used your name.  Keep this document with you at all times.

Scam of the day – March 12, 2017 – Massive credit card identity theft fraud ring busted

Earlier this week law enforcement officials in Queens, New York arrested thirty people accused of operating a credit card identity theft fraud ring in which they are accused of using the fraudulent credit cards to purchase more than 3.5 million dollars of costly electronics and fashion merchandise that would then be sold and turned into cash.  The indictments name Muhammad Rana and Inderjeet Singh as the kingpins of the scam.

The  primary manner by which they are accused of accomplishing the fraud was through identity theft of personal information of their victims that was then used to set up new credit card accounts.  Particularly in the last year since the implementation of EMV chip credit cards, new account fraud, as indicated by research company Javelin in its 2016 Identity Fraud study, has increased 113% over the previous year.

In this case, the Queens District Attorney is alleging that the criminals obtained the personal information of their victims necessary to establish new accounts  such as their names, dates of birth, current and past addresses, Social Security numbers, bank account information and credit information from one of their co-conspirators who worked at a car dealership where he had access to this information provided by potential car buyers.

TIPS

You are only as secure as the places that have your personal information with the weakest security.  Whenever you provide personal information to any entity, you should inquire as to who has access to this information, how it is stored, how it is protected and the policy for deleting such information when it is no longer needed.

In addition, you should regularly monitor your credit reports to identify incidents of identity theft as early as possible.