Posts Tagged: ‘identity thief’

Scam of the day – August 6, 2014 – Mickey Mouse becomes an identity theft victim

August 6, 2014 Posted by Steven Weisman, Esq.

Recently, the Bellevue, Washington police broke up an identity theft ring that was counterfeiting phony credit cards, forged checks, phony identification cards and drivers’ licenses.  In fact, among the phony drivers licenses confiscated by the police was one that must have been done as a test of their counterfeiting equipment because it was a phony driver’s license for Mickey Mouse or as the license read, Mick E. Mouse.  The identity thief obviously knew his Disney history because for the birth date of Mick, it listed November 18, 1928 which was the date of the first Mickey Mouse cartoon, “Steamboat Willie.”  The license also listed Mick as five feet two inches tall, and 119 pounds.  Being a socially responsible mouse, Mick was also listed as an organ donor on his license.  The picture on the license is unmistakeably that of Mickey Mouse.

TIPS

Although the identity theft of Mickey Mouse is humorous, identity theft is far from humorous when it comes to real people having their identities stolen. In this case, the identity theft ring in Bellevue obtained the information necessary to steal people’s identities in two primary ways.  They stole mail from people’s mailboxes that often had credit card bills and checks in envelopes meant for creditors as well as stealing personal information from documents and materials that people left in their cars.  Breaking into cars to steal wallets, IDs or other personal information that can be used for identity theft purposes is a common tactic of identity thieves. The lesson is to mail your bill payments from the post office if you are not paying your bills on line which is actually the safer choice.  You also should never leave anything in your car, even if it is locked, that could be used by a criminal to steal your identity.

Scam of the day – July 30, 2014 – European Central bank hacked and extorted

July 30, 2014 Posted by Steven Weisman, Esq.

The European Central Bank has announced that hackers had hacked into its computers and stole information about people who had registered for some bank events which included news conferences.  Many of the people whose information was stolen were journalists who attended bank events including news conferences.  The information stolen included names, email addresses and telephone numbers.  Shortly after the information was stolen, the bank received an extortion email demanding money and threatening to release the information if the hackers were not paid.  It is important to note that although the hacking was of the European Central Bank which has much confidential and sensitive information within its computers, the hacking was from a public website of the bank that is not connected to the bank’s computers and data banks of sensitive information.  The hacking is, however, embarrassing for an institution that prides itself on its security.

TIPS

This incident is another reminder that your personal information is only as safe as the places with the weakest security that hold your information.   As much as you can, you should limit the information you provide companies and governmental agencies.  It is also important to note that when apparently innocuous information such as this is compromised it makes those people affected more vulnerable to spear phishing which occurs when you receive a phony email that is directed to you personally and appears to come from a trusted source with which you have done business.  It is for this reason that I advise people never to click on links in emails or download attachments from emails unless you are absolutely sure that they are legitimate.  Too often the email that appears legitimate may actually be coming from an identity thief who has personal information about you and who may put malware into these links and attachments.

Scam of the day – May 26, 2014 – Memorial Day scam

May 26, 2014 Posted by Steven Weisman, Esq.

As we honor our veterans today on Memorial Day, scammers take Memorial Day as just another opportunity to scam veterans and others.  A common scam used against veterans starts with a telephone call in which the veteran is told that in order to continue to receive various benefits, it is necessary to verify personal information such as the veteran’s birth date, Social Security number or bank account information.  Of course, the call is not from the Veterans Administration and the call is not to verify information, but rather to gain information to be used to make the veteran a victim of identity theft.

TIPS

The Veterans Administration is not going to call someone on the phone to verify information.  If you receive such a call, you can never be sure from whom the call comes because clever identity thieves are able to use a technique called “spoofing” to make it appear on your Caller ID as if the call from the identity thief is coming from the VA.  Since you cannot ever be sure who is calling you when you receive a call asking for personal information, you should never give that information out in response to a phone call, text message or email.  Instead if you have the slightest thought that the communication may be legitimate, you should contact the real entity, in this case, the VA at a phone number that you know is accurate to inquire and learn that the initial contact was a scam.

Scam of the day – March 12, 2014 – More AOL scams

March 12, 2014 Posted by Steven Weisman, Esq.

Although it is nowhere near as popular as it once was, America Online (AOL) is still used for email by more than 2.5 million people and that means that it will be a target for identity thieves and hackers who are constantly sending out new “phishing” emails attempting to lure people into clicking on tainted links that are infected with malware.  When the unwary receiver of the email clicks on the link, he or she unwittingly downloads keystroke logging malware on to his or her computer or other device that will steal personal information from the victim’s device and use it to make the person a victim of identity theft.   Phishing is the name for the tactic when an identity thief sends a message that looks like it is from a legitimate source and persuades the victim to respond by either clicking on a link that will download malware or into providing requested personal information that will be used to make the person a victim of identity theft.  Here are a couple of examples of AOL phishing emails presently being circulated.  DO NOT CLICK ON THE LINKS.

Dear Valid User,

Your account was accessed from a device we did not recognize 69.80.22.206 at (Ireland )  09:00 Irish Standard Time). If you did not check it from another device, please CLICK HERE to your account.

Sincerely, Aol Service.”

and

“User,
Click here now to confirm the validity of your account.

 Thanks again for choosing our Service.
Sincerely, America Online Team”
TIPS
You will notice that the first example had a good reproduction of the AOL logo and what appears to be a legitimate reason to contact you.  The second example is pretty shoddy and does not appear terribly official.  It is also important to note that in both instances, these emails are being sent from email addresses that were stolen by hackers who hacked into and took control of the email accounts of legitimate AOL users.  However, the addresses do not indicate anything to make you think that it is an official address for AOL as a company.  The key lesson to remember, however, is that regardless of how legitimate an email looks that contains an email or an attachment, you should never click on the link or download the attachment until you have confirmed that it is legitimate.  You can never be sure when you receive an email or text message as to who is really sending it.  The best course of action is to always confirm that it is legitimate before clicking on any link or downloading any attachment.  In this case a call or email to the real AOL should have been done by anyone who had the slightest thought that the emails might have been legitimate.

Scam of the day – November 30, 2013 – Holiday shopping scams

November 30, 2013 Posted by Steven Weisman, Esq.

As the holiday shopping season is in full swing, over the next month I will be warning you about the latest scams and identity theft schemes related to holiday shopping, both in brick and mortar stores and online.  Today, I will start with shopping in a store.  Most of us use either a debit card or a credit card when shopping in a store.  The biggest risk when using either card occurs when a criminal clerk takes your card of either variety and swipes it through a small device, no bigger than the palm of your hand, called a skimmer.  This device will steal all of the information from your card and store it for the identity thief behind this scam to use either for purchases online using your credit or debit card number or by actually taking the information and imbedding it on a phony credit card.

TIPS

The first thing you should do is retire your debit card to use only as an ATM card.  While federal law limits the amount that you are liable for when fraudulent charges are made using your credit card to no more than $50, with a debit card, if you do not recognize that your account has been compromised right away, potentially the identity thief could empty the entire bank account tied to your debit card.  In addition, even if you do notice the fraudulent use immediately, your account will be frozen while the bank does its investigation into the matter, thereby limiting your access to your funds.  As for the danger of skimmers, you should watch your credit card every minute that the clerk has it in his or her possession to make sure that he or she only swipes it through the store’s credit card processor and doesn’t do that extra swipe through a skimmer.

Scam of the day – June 16, 2013 – Ameriprise phishing scam

June 16, 2013 Posted by Steven Weisman, Esq.

Once again, I had to go no further than my own email box to find today’s “scam of the day.”  In my email today was an email that purported to be from Ameriprise, the online brokerage and financial planning company.  As you can see in the email which is reproduced below, I was invited to click on a link to receive a “secured message” about an important matter supposedly affecting my account.  This is a scam.   DO NOT CLICK ON THE LINKS IN THE EMAIL COPIED BELOW.   Phishing is the name for the scam in which you receive an email that appears to be legitimate and attempts to lure you to a tainted website or to download a tainted link.  The email is not from Ameriprise and if you click on the links you will either be taken to a phony Ameriprise website and prompted to provide personal information that will lead to your becoming a victim of identity theft or you will, when you click on the link, unknowingly download a keystroke logging malware program that will steal information from your computer and make you a victim of identity theft.  This particular email is not a very professional attempt, however, to scam me.  The email address from which it came is from a personal aol account and probably not the account of the identity thief, but an account that had been hijacked as a part of a botnet by the identity thief.  For more information about botnets and how they work, you can either check out my book “50 Ways to Protect Your Identity in a Digital Age” or go to the list of topics on the right side of the scamicide opening page and scroll down to the topic of botnets for some cursory information about how they work and how to avoid them.  In addition, the email salutation reads “Dear Customer.”  It does not even use my name.  Finally there is no logo or other appearance that the email is from the real Ameriprise.

“Dear Customer,
There is an important message regarding your account with www.ameriprise.com, please sign in to our secured message center at our website www.ameriprise.com, sign in and view the secured message we have for you, the message will be stored in the secured message center for 48hours after which it will no longer be available. We bring you messages like this to bring to your attention to updates, to protect your account from unauthorized usage and secure your account anytime we notice usual activities in your account. so please take a few minutes to log into your account at www.ameriprise.com and read  the messages .
Thank you.

www.ameriprise.com”

TIPS

Never click on links unless you are absolutely sure that they are legitimate.  Unfortunately, anytime you receive an email with a link, you cannot trust it because even if it is from someone whom you trust, their email account may have been hacked and the email is actually being sent by an identity thief posing as a friend or a company with which you do business.  The best course of action if you think the email may be legitimate is to call the real person or company to confirm whether or not the email is legitimate.  Also, make sure that your security software and anti-malware software are installed and kept up to date on all of your electronic devices.

If you receive any phishing emails, please send copies of them to me and we will feature them in Scamicide to warn others.  Remember, we are all in this together.

Scam of the day – May 24, 2013 – Memorial Day scams

May 24, 2013 Posted by Steven Weisman, Esq.

As we enter the Memorial Day weekend, it is a good time to honor and remember all our veterans and active duty members of the military as well as thank them for their service.  Unfortunately, not everyone feels this way and scam artists look upon veterans as well as active duty members of the military as just potential victims.  There are a number of present scams that specifically target veterans as well as present members of the military.  Often military members serving overseas are targeted for identity theft because the identity thieves recognize that they may not be in a good position to monitor their finances and credit while serving overseas.  In another scam aimed at the military, a flier on a bulletin board at a VA hospital or other facility provides information for new VA benefits and a telephone number for the veteran or serviceman to call to file for these financial benefits.  Unfortunately, this is a scam.

TIPS

Any serviceman going overseas should put an Active Duty Alert on his or her credit report.  There is no cost to do this and it provides protection from the security of your credit report being breached by an identity thief who may get your Social Security number.  You can put an Active Duty Alert on your credit report by going to any of the three credit reporting bureaus as follows:

How to Request an Active Duty Alert
Equifax
Experian
TransUnion
(No Online Form)
1-800-525-6285
(No telephone number
for Active Duty Alerts.)
1-800-680-7289
(After entering your zip code
select option 1 then select option 3.)

As for the phony benefits flier.  Never trust any flier promising benefits while it asks for personal information from you that can be used to make you a victim of identity theft.  Instead contact the VA at a number that you know is correct to inquire as to any potential benefits for which you might be eligible.

Scam of the day – May 6, 2013 – Hotel telephone call scam

May 6, 2013 Posted by Steven Weisman, Esq.

Some of the most simple scams are also the most effective.  Earlier this week a woman staying at a Double Tree Hotel in Skokie, Illinois received a telephone call purportedly from a clerk at the front desk of the hotel informing her that they needed her credit card information again because of a computer error in processing her card.  She obliged and provided the information over the phone and the identity thief who had really called her promptly ran up $5,000 of charges.  This is a common scam that occurs when a hotel guest gets called from someone who says they are a hotel employee and then requests credit card information under any of a number of different pretexts.

TIPS

Whenever you get a telephone call, you can never be sure that the person calling you is who he or she represents himself or herself to be.  If you are in a hotel and receive such a call, you should hang up and either go to the front desk in person or call the front desk at a telephone number that you know is accurate.  Whenever you get a telephone call requesting personal information such as a credit card number for whatever reason, do not give the information to the caller.  Rather, call the company or agency that purported to call you at a number that you know is correct and not a number that the caller gives you.