Posts Tagged: ‘identity thief’

Scam of the day – May 26, 2014 – Memorial Day scam

May 26, 2014 Posted by Steven Weisman, Esq.

As we honor our veterans today on Memorial Day, scammers take Memorial Day as just another opportunity to scam veterans and others.  A common scam used against veterans starts with a telephone call in which the veteran is told that in order to continue to receive various benefits, it is necessary to verify personal information such as the veteran’s birth date, Social Security number or bank account information.  Of course, the call is not from the Veterans Administration and the call is not to verify information, but rather to gain information to be used to make the veteran a victim of identity theft.

TIPS

The Veterans Administration is not going to call someone on the phone to verify information.  If you receive such a call, you can never be sure from whom the call comes because clever identity thieves are able to use a technique called “spoofing” to make it appear on your Caller ID as if the call from the identity thief is coming from the VA.  Since you cannot ever be sure who is calling you when you receive a call asking for personal information, you should never give that information out in response to a phone call, text message or email.  Instead if you have the slightest thought that the communication may be legitimate, you should contact the real entity, in this case, the VA at a phone number that you know is accurate to inquire and learn that the initial contact was a scam.

Scam of the day – March 12, 2014 – More AOL scams

March 12, 2014 Posted by Steven Weisman, Esq.

Although it is nowhere near as popular as it once was, America Online (AOL) is still used for email by more than 2.5 million people and that means that it will be a target for identity thieves and hackers who are constantly sending out new “phishing” emails attempting to lure people into clicking on tainted links that are infected with malware.  When the unwary receiver of the email clicks on the link, he or she unwittingly downloads keystroke logging malware on to his or her computer or other device that will steal personal information from the victim’s device and use it to make the person a victim of identity theft.   Phishing is the name for the tactic when an identity thief sends a message that looks like it is from a legitimate source and persuades the victim to respond by either clicking on a link that will download malware or into providing requested personal information that will be used to make the person a victim of identity theft.  Here are a couple of examples of AOL phishing emails presently being circulated.  DO NOT CLICK ON THE LINKS.

Dear Valid User,

Your account was accessed from a device we did not recognize 69.80.22.206 at (Ireland )  09:00 Irish Standard Time). If you did not check it from another device, please CLICK HERE to your account.

Sincerely, Aol Service.”

and

“User,
Click here now to confirm the validity of your account.

 Thanks again for choosing our Service.
Sincerely, America Online Team”
TIPS
You will notice that the first example had a good reproduction of the AOL logo and what appears to be a legitimate reason to contact you.  The second example is pretty shoddy and does not appear terribly official.  It is also important to note that in both instances, these emails are being sent from email addresses that were stolen by hackers who hacked into and took control of the email accounts of legitimate AOL users.  However, the addresses do not indicate anything to make you think that it is an official address for AOL as a company.  The key lesson to remember, however, is that regardless of how legitimate an email looks that contains an email or an attachment, you should never click on the link or download the attachment until you have confirmed that it is legitimate.  You can never be sure when you receive an email or text message as to who is really sending it.  The best course of action is to always confirm that it is legitimate before clicking on any link or downloading any attachment.  In this case a call or email to the real AOL should have been done by anyone who had the slightest thought that the emails might have been legitimate.

Scam of the day – November 30, 2013 – Holiday shopping scams

November 30, 2013 Posted by Steven Weisman, Esq.

As the holiday shopping season is in full swing, over the next month I will be warning you about the latest scams and identity theft schemes related to holiday shopping, both in brick and mortar stores and online.  Today, I will start with shopping in a store.  Most of us use either a debit card or a credit card when shopping in a store.  The biggest risk when using either card occurs when a criminal clerk takes your card of either variety and swipes it through a small device, no bigger than the palm of your hand, called a skimmer.  This device will steal all of the information from your card and store it for the identity thief behind this scam to use either for purchases online using your credit or debit card number or by actually taking the information and imbedding it on a phony credit card.

TIPS

The first thing you should do is retire your debit card to use only as an ATM card.  While federal law limits the amount that you are liable for when fraudulent charges are made using your credit card to no more than $50, with a debit card, if you do not recognize that your account has been compromised right away, potentially the identity thief could empty the entire bank account tied to your debit card.  In addition, even if you do notice the fraudulent use immediately, your account will be frozen while the bank does its investigation into the matter, thereby limiting your access to your funds.  As for the danger of skimmers, you should watch your credit card every minute that the clerk has it in his or her possession to make sure that he or she only swipes it through the store’s credit card processor and doesn’t do that extra swipe through a skimmer.

Scam of the day – June 16, 2013 – Ameriprise phishing scam

June 16, 2013 Posted by Steven Weisman, Esq.

Once again, I had to go no further than my own email box to find today’s “scam of the day.”  In my email today was an email that purported to be from Ameriprise, the online brokerage and financial planning company.  As you can see in the email which is reproduced below, I was invited to click on a link to receive a “secured message” about an important matter supposedly affecting my account.  This is a scam.   DO NOT CLICK ON THE LINKS IN THE EMAIL COPIED BELOW.   Phishing is the name for the scam in which you receive an email that appears to be legitimate and attempts to lure you to a tainted website or to download a tainted link.  The email is not from Ameriprise and if you click on the links you will either be taken to a phony Ameriprise website and prompted to provide personal information that will lead to your becoming a victim of identity theft or you will, when you click on the link, unknowingly download a keystroke logging malware program that will steal information from your computer and make you a victim of identity theft.  This particular email is not a very professional attempt, however, to scam me.  The email address from which it came is from a personal aol account and probably not the account of the identity thief, but an account that had been hijacked as a part of a botnet by the identity thief.  For more information about botnets and how they work, you can either check out my book “50 Ways to Protect Your Identity in a Digital Age” or go to the list of topics on the right side of the scamicide opening page and scroll down to the topic of botnets for some cursory information about how they work and how to avoid them.  In addition, the email salutation reads “Dear Customer.”  It does not even use my name.  Finally there is no logo or other appearance that the email is from the real Ameriprise.

“Dear Customer,
There is an important message regarding your account with www.ameriprise.com, please sign in to our secured message center at our website www.ameriprise.com, sign in and view the secured message we have for you, the message will be stored in the secured message center for 48hours after which it will no longer be available. We bring you messages like this to bring to your attention to updates, to protect your account from unauthorized usage and secure your account anytime we notice usual activities in your account. so please take a few minutes to log into your account at www.ameriprise.com and read  the messages .
Thank you.

www.ameriprise.com”

TIPS

Never click on links unless you are absolutely sure that they are legitimate.  Unfortunately, anytime you receive an email with a link, you cannot trust it because even if it is from someone whom you trust, their email account may have been hacked and the email is actually being sent by an identity thief posing as a friend or a company with which you do business.  The best course of action if you think the email may be legitimate is to call the real person or company to confirm whether or not the email is legitimate.  Also, make sure that your security software and anti-malware software are installed and kept up to date on all of your electronic devices.

If you receive any phishing emails, please send copies of them to me and we will feature them in Scamicide to warn others.  Remember, we are all in this together.

Scam of the day – May 24, 2013 – Memorial Day scams

May 24, 2013 Posted by Steven Weisman, Esq.

As we enter the Memorial Day weekend, it is a good time to honor and remember all our veterans and active duty members of the military as well as thank them for their service.  Unfortunately, not everyone feels this way and scam artists look upon veterans as well as active duty members of the military as just potential victims.  There are a number of present scams that specifically target veterans as well as present members of the military.  Often military members serving overseas are targeted for identity theft because the identity thieves recognize that they may not be in a good position to monitor their finances and credit while serving overseas.  In another scam aimed at the military, a flier on a bulletin board at a VA hospital or other facility provides information for new VA benefits and a telephone number for the veteran or serviceman to call to file for these financial benefits.  Unfortunately, this is a scam.

TIPS

Any serviceman going overseas should put an Active Duty Alert on his or her credit report.  There is no cost to do this and it provides protection from the security of your credit report being breached by an identity thief who may get your Social Security number.  You can put an Active Duty Alert on your credit report by going to any of the three credit reporting bureaus as follows:

How to Request an Active Duty Alert
Equifax
Experian
TransUnion
(No Online Form)
1-800-525-6285
(No telephone number
for Active Duty Alerts.)
1-800-680-7289
(After entering your zip code
select option 1 then select option 3.)

As for the phony benefits flier.  Never trust any flier promising benefits while it asks for personal information from you that can be used to make you a victim of identity theft.  Instead contact the VA at a number that you know is correct to inquire as to any potential benefits for which you might be eligible.

Scam of the day – May 6, 2013 – Hotel telephone call scam

May 6, 2013 Posted by Steven Weisman, Esq.

Some of the most simple scams are also the most effective.  Earlier this week a woman staying at a Double Tree Hotel in Skokie, Illinois received a telephone call purportedly from a clerk at the front desk of the hotel informing her that they needed her credit card information again because of a computer error in processing her card.  She obliged and provided the information over the phone and the identity thief who had really called her promptly ran up $5,000 of charges.  This is a common scam that occurs when a hotel guest gets called from someone who says they are a hotel employee and then requests credit card information under any of a number of different pretexts.

TIPS

Whenever you get a telephone call, you can never be sure that the person calling you is who he or she represents himself or herself to be.  If you are in a hotel and receive such a call, you should hang up and either go to the front desk in person or call the front desk at a telephone number that you know is accurate.  Whenever you get a telephone call requesting personal information such as a credit card number for whatever reason, do not give the information to the caller.  Rather, call the company or agency that purported to call you at a number that you know is correct and not a number that the caller gives you.

 

Scam of the day – April 17, 2013 – Smartphone credit card scam

April 17, 2013 Posted by Steven Weisman, Esq.

Many scams are merely updates of older scams.  The Nigerian letter of today is actually just the most recent incarnation of a scam that was being done in the 1500s when it was referred to as the “Spanish Prisoner Scam.”  Smartphones and other portable devices have made our lives easier and we all depend on them, however, they have also made the lives of identity thieves and scammers easier too as they use them to foist old scams on you by way of new technology.  The FBI has recently issued a new warning about a text message that people are receiving that purports to be from the issuer of your credit card telling you that your card has been deactivated.  You are then told to call a specific telephone number and provide your personal information including your name, credit card number and other personal information in order to reactivate your card.  Although this scam is being used by identity thieves around the country, the FBI warning dealt with calls coming from the 907 area code which is Alaska.  But even if you don’t live in Alaska, you may well be receiving a text message from your own local area.  This impersonation of your credit card issuer in order to get you to provide the identity thief with information that the identity thief can use to make you a victim of identity theft is called “phishing.”

TIPS

Never, and I do mean never, respond to a text requesting personal information unless you have confirmed that the message to you is legitimate.  In this case, if you have even the slightest concern that the text message may be from your credit card issuer, you should call your credit card issuer at the number indicated on the back of your credit card to confirm whether or not the text message you received was legitimate.  Then you will find out for sure that it was a scam.  You can never be sure when you receive a telephone call, email or text message who is sending you the message.  The risk of providing personal information to an identity thief is too high for you to trust any such communication.

I also urge you to pick up a copy of my book “50 Ways to Protect Your Identity in a Digital Age” which provides you with a wealth of specific steps you can take to make yourself safer on your smartphone, tablet or other portable devices.  You can click on the picture of the book on the right hand side of this page to go to Amazon where you can purchase the book at a discount.

Scam of the day – March 8, 2013 – Dangerous links

March 8, 2013 Posted by Steven Weisman, Esq.

Once again I had to go no farther than my own email box for today’s scam of the day f0r two examples of scams that operate by getting you to click on tainted links.  Never click on links in an email unless you are absolutely positive that they are legitimate.  When they come, as did the emails copies below, it is easy to see that they are just an attempt to get you and me to click on the links using whatever bait they think will work.  However, other times the email may appear to come from a friend of yours.  The problem is that you cannot be sure that your friend’s email account has not been hacked and that it is an identity thief who is sending you the link.  Other times, even if you independently confirm that it actually is your friend who sent you the link, you can’t be sure that the link he or she sent is not one that is tainted and that he or she is unwittingly passing along.  It is always important to confirm that not just the sender, but the link itself is legitimate before clicking on any links.  The problem with clicking on the tainted link is that by clicking on the link, you unwittingly download a keystroke logging malware program that steals all of the information from your computer and ends up making you a victim of identity theft.

Here are two examples of emails I got today with tainted links.   DO NOT CLICK ON THESE LINKS.

“Couldnt believe this in our area.. Click here to read it.”

“Read this please. Click this link.”

Interestingly enough, the first email came under the heading of “Safety First” while the second came under the heading of “smoking.”

TIPS

As I have indicated above, do not click on any link in an email until you have verified both the identity of the real sender and the legitimacy of the link itself.  Also make sure that you have a Firewall and good security software installed on your computer and always kept up to date.  It is also important to keep the same kind of security software in place and up to date on your tablet, smartphone and other portable devices where you might download material.  Too many people neglect security software for their portable devices.  For more information, check out my book “50 Ways to Protect Your Identity in a Digital Age.”