April 22, 2017 – Steve Weisman’s latest column for USA Today

We all know that identity theft is a huge problem, but do identity theft protection services really help protect you?  That was the subject of a recent GAO study as well as my column from today’s edition of USA Today.

https://www.usatoday.com/story/money/columnist/2017/04/22/identity-theft-protection-worth/100554362/

Scam of the day – April 19, 2017 – Phony Nintendo Switch emulator scam

The recently launched Nintendo Switch is the latest video game console released by Nintendo.  Software emulators for the Nintendo Switch are being offered online in many places including YouTube where thousands of videos can be found offering Nintendo Switch emulators.  Emulators permit someone to play console-only games on their portable devices such as their smartphones or tablets.  Nintendo does not make such an emulator.  People going to one of these phony Nintendo Switch emulator websites are generally directed to a survey that they must complete in order to receive the code necessary to use the offered emulator, however, this is a scam and while completing the survey provides the scammers with rewards because they are paid by marketers for each completed survey they supply, the person trying to get the emulator ends up with nothing.  Even worse is the very real possibility that someone downloading attachments for what they think is a Nintendo Switch emulator will be downloading malware that can either lead to identity theft or ransomware malware.

The phony Nintendo Switch emulator scam was uncovered by Symantec, a security company.

TIPS

There presently is no emulator for the Nintendo Switch, so any online offer of one at this time is a scam.  Being directed to a survey when you are attempting to locate something free on the Internet is always a source of concern for while there are legitimate surveys that will provide you something in return, such as a chance at winning a gift card, many of these surveys are scams providing nothing in return.  Finally, as always never click on links or download attachments unless you have absolutely confirmed that the link or download is legitimate.  The risk of downloading dangerous malware is too great.

Scam of the day – April 16, 2017 – Federal Express phishing email

Shown below is a copy of an email that I received recently that purports to be from Federal Express urging me to click on a link to the oddly worded “message with the required information” without any indication as to to what the “required information” relates.  This is just another clever, legitimate appearing phishing email attempting to lure me into clicking on the link.  DO NOT CLICK ON THE LINK.  Clicking on the link either in an email that you might receive or the one shown below  would either take you to another legitimate looking page where you would be prompted to input personal information that would be used to make you a victim of identity theft or would download on to your computer a keystroke logging program that will steal all of the information from your computer including passwords, credit card numbers, your Social Security number and other personal information that would be used to make you a victim of identity theft.   Phishing emails like this are also used to trick people into unwittingly downloading ransomware. If you look closely at the email, you will note that even though it has the Federal Express logo and looks quite official, there are a number of tip offs that this is indeed a phishing scam.  What is not shown on the email as copied below is that it is sent from an address that is not that of Federal Express.  The email of the sender is that of a private individual who, most likely, had his or her email account hacked and used as a part of a botnet to send out these types of phishing emails.  The email also never refers to me by name.only refers to me as customer rather than by my name.  It is also important not to click on the “unsubscribe” link because that too may be loaded with malware.

FedEx Express

We have sent you a message with the required information.
Click here to open this email in your browser.

Thanks for choosing FedEx®.

More details
This message was sent to **************. Please click unsubscribe if you don’t want to receive these messages from FedEx Express in the future.
©2017 FedEx. The content of this message is protected by copyright and trademark laws under U.S. and international law.
Review our privacy policy. All rights reserved

TIPS

If you receive on any email from a company that asks you to click on a link, you should hesitate to do so, particularly if it appears bogus as this one does.  If you have the slightest thought that the email may be legitimate, rather than click on the link, go to the website of the company, which in this case is www.fedex.com or call them directly at 1-800-463-3339.

Scam of the day – April 7, 2017 – Criminal identity theft victim sues police deparment

The problems encountered by someone whose identity has been stolen by a criminal who then commits crimes in the name of the identity theft victim are tremendous.   Victims of criminal identity theft have been arrested for crimes they never committed and often have had difficulty having the crimes, committed by someone who stole their identity, removed from their records.  John Ganley is suing the Albuquerque police department after being arrested for crimes committed by someone who had stolen his identity.  Ganley, who has no criminal record alleges the police were negligent in prosecuting him and that the entire matter caused him great distress and a worsening of his Crohn’s disease which can be affected by stress.

TIPS

If you find that you are a victim of criminal identity theft, you should hire a lawyer and contact the police as well as the District Attorney’s office to straighten out the matter.  File a report indicating that you are the victim of identity theft.  It will be necessary for you to confirm your true identity through photographs and fingerprints. In addition, show law enforcement authorities your driver’s license, passport or any other identification that you might have that contains your photograph.

Get a letter from the District Attorney explaining the situation to have available if you are ever stopped for a traffic violation and your record is checked.  A few states have Identity Theft Passport programs through which anyone whose identity has been stolen by someone who uses it to commit crimes can, upon proving their identity, receive an Identity Theft Passport that protects them and confirms their true identity .  Even if your state does not have an Identity Theft Passport program, get a letter from the law enforcement agency that arrested the person using your name known as a “clearance letter” which indicates that you have not committed the crimes which were done by the identity thief who used your name.  Keep this document with you at all times.

Scam of the day – March 12, 2017 – Massive credit card identity theft fraud ring busted

Earlier this week law enforcement officials in Queens, New York arrested thirty people accused of operating a credit card identity theft fraud ring in which they are accused of using the fraudulent credit cards to purchase more than 3.5 million dollars of costly electronics and fashion merchandise that would then be sold and turned into cash.  The indictments name Muhammad Rana and Inderjeet Singh as the kingpins of the scam.

The  primary manner by which they are accused of accomplishing the fraud was through identity theft of personal information of their victims that was then used to set up new credit card accounts.  Particularly in the last year since the implementation of EMV chip credit cards, new account fraud, as indicated by research company Javelin in its 2016 Identity Fraud study, has increased 113% over the previous year.

In this case, the Queens District Attorney is alleging that the criminals obtained the personal information of their victims necessary to establish new accounts  such as their names, dates of birth, current and past addresses, Social Security numbers, bank account information and credit information from one of their co-conspirators who worked at a car dealership where he had access to this information provided by potential car buyers.

TIPS

You are only as secure as the places that have your personal information with the weakest security.  Whenever you provide personal information to any entity, you should inquire as to who has access to this information, how it is stored, how it is protected and the policy for deleting such information when it is no longer needed.

In addition, you should regularly monitor your credit reports to identify incidents of identity theft as early as possible.

Scam of the day – February 16, 2017 – New twist on mail theft

Identity theft is a high tech, low tech and no tech crime and while we often tend to focus our attention on high tech identity theft tactics such as spear phishing, no tech tactics such as fishing for mail with a plastic bottle covered in glue that is lowered into blue public mailboxes to capture mail being sent with checks is making a comeback.  In the Bronx, New York just in the last year police and postal inspectors have made about 150 arrests according to Donna Harris of the U.S. Postal Inspection Service.

I have warned you for years about leaving mail with checks or credit card information in your personal mailbox outside of your home with the flag raised to alert your postal carrier that there is mail in your box to be retrieved is a bad idea because it also alerts identity thieves who can easily steal the mail.  Once they have the checks, they can “wash” the name or even the amount of the check and make the check payable to the thief. They also can use the account number of your check to create counterfeit checks to access your checking account.

TIPS

This is an easy crime to avoid.  The best course of action is to pay your bills electronically and avoid the problem altogether.  However, if you cannot do so or prefer to send a paper check by mail, you should use a gel pen that is not easily “washed” to write your checks and you should mail envelopes with checks in them directly from inside the post office.

Scam of the day – February 10, 2017 – Valentine’s day scams

Valentine’s day is rapidly approaching.  Valentine’s day is a very important day to many people including scammers and identity thieves who always manage to find an opportunity in whatever is going on to scam you out of your money.  There are many Valentine’s day scams, but the most prevalent are phony florists, online dating scams, phony Valentine’s day electronic greeting cards and delivery scams.

Scammers set up phony florist websites or send you an email purporting to be from a local florist with a great deal you merely have to click on in order to save a great deal of money on flowers.

Online dating scams are plentiful with most revolving around scammers quickly professing true love for you and then asking for money.

Electronic greeting cards are a great way to send a Valentine’s day card at the last minute when you forgot to get one ahead of time, but phony electronic greeting cards can be filled with malware and if you click on the link to open the card, you will infect your computer or other electronic device with malware that will steal your personal information and use it to make you a victim of identity theft.

A common delivery scam operating on Valentine’s day involves a delivery of a gift basket of wine and flowers to you, however the person delivering the gift basket requests a small payment, generally five dollars or less, as a delivery fee because alcohol is being delivered.  The person delivering the basket will only accept a credit card as payment.  When you turn over your credit card, the scammer then takes down the information and runs up charges on your credit card.

TIPS

Never trust an online florist or other retailer until you have checked them out to make sure that they are valid.  Otherwise, you might be turning over your credit card information to a scammer.  It is also important to remember, as I constantly warn you, that you can never be confident when you receive an email, particularly one with a link in it or an attachment to download, if the person sending you the email is who they claim to be.  Clicking on links sent by scammers can download keystroke logging malware on to your computer or other electronic device that will, in turn, enable the identity thief to steal personal information from your computer and use it to make you a victim of identity theft.  Always confirm the legitimacy of an email or text message before clicking on links contained in the message.

As for online dating scams, of course you should be wary of anyone who immediately indicates he or she is in love with you and then asks for money.  Some other telltale signs of an online romance scam include wanting to communicate with you right away on an email account outside of the dating site, claiming to be working abroad, asking for your address and poor grammar which is often a sign of a foreign romance scammer.  Many romance scams originate in Eastern Europe.

Never trust an online greeting card, particularly if it does not indicate from whom it is being sent.  Be very wary of a card sent by “an admirer.”  Even if you recognize the name, confirm that it was really sent from that person before you click on the link and open the card.

In regard to the delivery scam, there is no special delivery charge for alcohol so if someone requires a payment for such a delivery and on top of that won’t accept cash, merely decline the gift.

Scam of the day – February 5, 2017 – Whats app phishing scam

WhatsApp is a mobile messaging app for your smartphone that allows you to send text messages, photographs, videos and audio.  With more than a billion people using WhatsApp, it is not surprising that it has become attractive to scammers seeking to use its popularity to lure people into becoming scam victims.   I have reported to you for years about the various scams targeting WhatsApp users.    The most recent WhatsApp scam starts with an email reproduced below that appears to be from WhatsApp requiring you to click on a link to receive a message. DON’T CLICK ON THE LINK.   Although it looks legitimate, it is a scam with the first indication of this being the email address sending the message is an address that has nothing to do with WhatsApp.  Most likely it is from an innocent victim whose computer has been hacked and made a part of a botnet to send out malware.   If you click on the link you will end up downloading keystroke logging malware that can steal the information from your smartphone to be used to make you a victim of identity theft.

WhatsApp
New voice mail.
Information
Feb 2 10:01 PM
05 sec
Listen

TIPS

Never click on a link in an email or text message until you have independently confirmed that it is legitimate.  The risk of downloading malware is too great.  Even if your computer or other electronic device is protected with anti-virus and anti-malware security software, the best security software is always at least thirty days behind the latest malware. Trust me, you can’t trust anyone when it comes to clicking on links.  Even if the link is contained in a communication that appears to come from a person or company you trust, you should always verify that it is legitimate before clicking on the link.

Scam of the day – January 31, 2017 – Apple phishing scam

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which download malware or  trick you into providing personal information that will be used to make you a victim of identity theft, are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work.

Reproduced below is a copy of an Apple phishing email that uses the common ploy of indicating that there is a security problem that requires you to verify personal information for security purposes.   There are a number of telltale flaws in this particular   Although the email address from which it was sent appears to be legitimate, upon closer examination you can determine it is not an official email address of Apple.  Also, although the email is quite short, it contains numerous grammatical errors.  In addition, the salutation reads “Dears” rather than “Dear” and the email concludes with “Worm regards” rather than “Warm regards.”   Most telling, the email is not directed to you by name and does not contain your account number in the email.  It is important to remember that merely because the email contains an Apple logo, which is not reproduced below, the exact logo of Apple does not mean that the communication is legitimate.  It is easy to obtain a copy of the logo on the Internet.

“Dears,
Your AppIe id was used in from an unauthorized computer.
As the new protection policy has been followed, we have no choice but to put your id on hold.We advise you to update your id soon to avoid permanent account closing.                                                                                     your code is 4M7801DLLA16A                                                                                       Update Now >
Wondering why you got this email?
It’s sent when someone adds or changes a contact email address for an AppIe ID . If you didn’t do this, don’t worry. Your email address cannot be used as a contact address for an AppIe ID without your verification.
Worm Regards,
AppIe Team”

TIPS

Obviously if you do not have an account with Apple you know that this is a phishing scam, but even if you do have an account with Apple, as I indicated above there are a number of indications that this is not a legitimate email from Apple, but instead is a phishing email. Legitimate companies would refer to your specific account number in the email.  They also would specifically direct the email to you by your name.  This email’s salutation is a generic “Dears” without an “s” that should not be there.

As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or smartphone and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the customer service number  for Apple where you can confirm that it is a scam.

Scam of the day – January 23, 2017 – Latest Gmail phishing scam

An effective new phishing email scam is presently circulating that is targeting users of Gmail.  It starts when you receive an email that appears to be sent from the email address of one of your real friends and, in fact, the email may have been sent from a friend’s email account that unfortunately has been hacked and taken over in order to send out phishing emails that victims will trust because it appears to come from a trusted source.  The email has an attachment and when you click on the attachment, a sign-in page for your Gmail account appears requiring you to type in your email address and password.  Unfortunately, if you do so, you have just turned over this information to a cybercriminal who can wreak havoc with this information.

TIPS

Although this particular spear phishing email scam is quite sophisticated, there are a number of simple steps you can take to prevent yourself from becoming a victim of the scam.  Primarily, you should follow my rule and never click on any link or download any attachment unless you have absolutely confirmed that the communication sending the link or attachment is legitimate.  Even if the email address from which the communication is sent appears legitimate, your friend’s email may have been hacked and it is a cybercriminal sending you the email.

It is also a good idea to use dual factor authentication when possible for your email account.  If you use dual factor authentication, such as where a one time code is sent to your smartphone each time you want to access your email, you are protected from having your email account taken over even if the cybercriminal has your password and username.  Finally, it is a good idea not to store sensitive information in your email account.