Posts Tagged: ‘identity thieves’

Scam of the day – November 8, 2014 – Latest Home Depot hacking developments

November 8, 2014 Posted by Steven Weisman, Esq.

Home Depot has announced that in addition to the information on millions of debit cards and credit cards that were stolen by hackers in its recent data breach which had gone undetected for months before being discovered in early September, the hackers also stole the email addresses of 53 million of its customers.

So what does this mean to you and me?

It means that we can expect to receive phishing emails that appear to come from Home Depot, some of which may even be directed to us by name.  This type of precise phishing is called spear phishing and it is an effective tool of identity thieves in luring us to provide personal information or to click on links or download attachments in official looking emails.  Unfortunately, if you provide the personal information requested under some guise in the email, this information will be used to make you a victim of identity theft and if you click on the link or download attachments in the emails, you will download keystroke logging malware that will steal your personal information from your computer and use it to make you a victim of identity theft.

Home Depot also disclosed for the first time that the way their computers were hacked was by initially hacking into third party vendors with lax security and using their usernames and passwords to gain access to the computers and data of Home Depot.  This was the same tactic used in the Target hacking and many other data breaches.  In fact, in a column I wrote for USA Today in September http://www.usatoday.com/story/money/personalfinance/2014/09/27/hacking-target-home-depot-credit-card/16221427/ I described the techniques used by hackers to infiltrate the computers of targeted companies through such third party vendors or others using offsite access to the computers of the targeted companies.  I mention this not to toot my own horn, but to tell you that the problem has not been solved and we will be seeing this pattern followed in future major data breaches time and time again.

TIPS

The takeaway from Home Depot’s announcement that identity thieves may have your email address is to be even more vigilant in regard to not clicking on links or downloading attachments in emails regardless of how legitimate they may look.  The risk is too great.  You can well expect that you may receive an email that appears to come from Home Depot and it may have a link for you to click on for either more information about the risk to you of the data breach or even to gain you access to free credit monitoring.  Such a legitimate email was sent by Target to its affected customers after its major data breach.  However, you cannot be sure that the email is legitimate so don’t click on the link or download any attachments.  Rather, if the message appears to you to be legitimate, merely go directly to Home Depot’s real website where you will find the real information.  When Target sent an email with a link to free credit monitoring, I ignored the email, went to the Target website and enrolled there for the free credit monitoring.

Scam of the day – June 26, 2014 – Hedge funds hacked

June 26, 2014 Posted by Steven Weisman, Esq.

Hedge funds are aggressively managed investment portfolios that are largely unregulated.   They generally are used by only the wealthiest of people.  They also have become a ripe target for hackers who, according to a recent report by computer security firm BAE System, have been hacking into the computers of these funds and causing financial harm in a multitude of ways.  According to BAE, one unnamed hedge fund lost millions of dollars after hackers managed to infiltrate their computers through simple spear phishing tactics by which the hackers tricked hedge fund employees into clicking on links in infected emails that downloaded malware into the hedge fund’s computers that enabled the hackers to learn about impending trades and then delay the trades while the hackers traded first based upon the stolen information.   Another way that the hedge funds have been attacked is through the ransomware  program Cryptolocker, about which I warned you repeatedly since November of 2013.  Cryptolocker is a type of malware that infects the computer of the unwary victim and encrypts all of the victim’s data making it unusable unless they pay a ransom to the criminal hacker.

TIPS

The financial industry as a whole has not taken sufficient security precautions and steps to protect themselves and our economy from the attacks of scammers, hackers and identity thieves.  Just because you have not heard of many of these hackings as much as with high profile hackings of Target and other companies is very much because quite often the companies do not disclose that they have been hacked.  The hedge fund industry’s sophisticated digital trading systems have become attractive targets to hackers and the hedge fund industry has not taken the necessary security steps to protect the integrity of their business from attack.  Unfortunately, this type of crime is something that is going to get worse before it gets better.  Whenever you are investing your money with a company, you should first inquire as to the security steps taken by the company.

Scam of the day – June 24, 2014 – Japanese app accounts hacked

June 24, 2014 Posted by Steven Weisman, Esq.

Line is a popular phone messenger app in Asia where four hundred million people, mostly in Japan, use it to make free phone calls, send instant message, post photos or post videos.  Between May and June there were hundreds of hackings into the accounts of Line users, however, it does not appear that there was a security breach at Line.  Rather, it seems that hackers managed to steal the passwords of Line users from other online services and, where those passwords were also used for Line, were able to access their victims’ Line accounts.  This case strongly indicates why it is so important to have a different and complex password for all of your accounts.  Identity thieves rely on the fact that so many people use the same password for all of their accounts so if they are able to hack into a company with lax security and obtain customers’ passwords, they can use those passwords elsewhere, such as for online banking where the harm can be significant.

TIPS

It is important to have distinct, separate passwords for all of your online accounts.  It is also important to make sure that they are complex and that they combine capital letters, small cap letters, digits and symbols in order to make them able to withstand the password deciphering programs used by identity thieves.  To make them easy to remember, you may wish to use a phrase, such as “EasyToRemember1***.”  You can also adapt this password to each of your accounts, such as making “EasyToRemember1Amazon***” your password for your Amazon account.

Scam of the day – December 3, 2013 – Latest software vulnerability alert

December 3, 2013 Posted by Steven Weisman, Esq.

The Department of Homeland Security through the National Institute of Standards and Technology and the National Vulnerability Database regularly issue Cyber Security Bulletins to alert you to vulnerabilities in regularly used software as well as provide links to security patches and updates to correct these problems.  The vulnerabilities are rated, High, Medium and Low with High, of course, being the highest priority.  Scammers and identity thieves exploit these vulnerabilities to cause us all harm so it is critical that you download and install the necessary patches as soon as they are available.  Some people are wary when they receive notices of security patches because they are not sure whether the notices are legitimate or are from scammers.  The links provided here at Scamicide are links you can trust.

TIPS

Here is a link to the latest Cyber Security Bulletin, which I urge you to look at and click on the links to download and install the patches for the software programs that apply to you.

https://www.us-cert.gov/ncas/bulletins/SB13-336

Scam of the day – December 1, 2013 – Important Microsoft security alert

December 1, 2013 Posted by Steven Weisman, Esq.

Identity thieves and scammers constantly are exposing vulnerabilities in the software programs that we use for their criminal purposes, which is why it is critical that you update your software programs as soon as possible when security patches and updates become available.  Recently Microsoft issued a security advisory in which the company indicated that it had discovered a serious vulnerability in the Windows XP and Windows Server 2003, two of the older Windows software programs.  At the moment Microsoft has not developed a sufficient update or patch to remedy this problem, however, Microsoft does recommend a Workaround, which is a setting or configuration change that will not remedy the vulnerability, but will block attacks until a patch can be developed.

TIPS

The full Microsoft Security Advisory including instructions as to how to construct a Workaround that will block attacks attempting to take advantage of the identified vulnerability in the affected software programs can be found by clicking on the following link and going to the Microsoft Security Advisory.  If you use either of these programs, it is critical that you take this preventive action.

https://www.us-cert.gov/ncas/current-activity/2013/11/28/Microsoft-Releases-Security-Advisory-Microsoft-Windows-Kernel

Scam of the day – October 17, 2013 – Important list of security updates

October 17, 2013 Posted by Steven Weisman, Esq.

The Department of Homeland Security’s United States Computer Emergency Readiness Team regularly compiles a list of vulnerable computer software and the security patches necessary to correct these vulnerabilities.  These vulnerabilities are ranked High, Medium and Low.  Obviously the vulnerabilities ranked high pose the greatest threat to your security.  Below you will find a link to the latest Vulnerability summary which includes patches for the latest exposed flaws in Adobe software which are quite significant and which, deservedly, have been the subject of a number of recent Scams of the day as these vulnerabilities pose a significant threat to you of identity theft.  I urge you to not only install the new security patches, but to go to the Scamicide Archives and read all of the recent Adobe Scams of the day to determine if you want to continue to use Adobe products.  You may wish to consider alternatives which I suggest in the Scams of the day.

It is always important to update your software with the latest security patches and updates because identity thieves exploit these vulnerabilities and count on you not to be timely in downloading important security patches.  Remember, the good guys are always at least a month behind the bad guys in identifying these vulnerabilities so it is important to remedy the problem as soon as possible.  Make sure you read Scamicide every day to keep track of the latest security patches and updates.

TIPS

Here is  a link to the Department of Homeland Security’s latest Vulnerability Summary with links to security patches for many different software programs. https://www.us-cert.gov/ncas/bulletins/SB13-287

Scam of the day – August 18, 2013 – Urgent Microsoft security updates – How to prevent identity theft

August 17, 2013 Posted by Steven Weisman, Esq.

Identity thieves and hackers are constantly working to discover and exploit vulnerabilities in the various computer software that we use in our computers, laptops, tablets, smartphones and other portable devices  to make you a victim of online identity theft therefore it is extremely important that as flaws are discovered and patches for these flaws issued that you download the necessary security patches as soon as possible.  Identity thieves and hackers rely on the fact that many people do not keep their security software up to date and exploit this fact.  Recently Microsoft has issued new security patches for discovered vulnerabilities in various Windows programs that millions of people use.  The United States Computer Emergency Readiness Team, which is a part of the Department of Homeland Security regularly issues alerts regarding software patches you need to install and recently they issued such an alert for Windows software.

TIPS

Here is a link to the Security Advisory issued by the United States Computer Emergency Readiness Team which, in turn, provides secure links that you can trust that will take you to the necessary Microsoft security downloads.  https://www.us-cert.gov/ncas/current-activity/2013/08/15/Microsoft-Releases-Security-Advisory

Scam of the day – June 21, 2013 – Critical Java Updates

June 21, 2013 Posted by Steven Weisman, Esq.

Regular readers of Scamicide (which I hope you all will be) are familiar with the many problems that have come with the use of Java software.  Java is a very popular software made by Oracle.  Unfortunately, it is also a software that has proven to be very vulnerable to being hacked and exploited for purposes of identity theft and stealing information by knowledgeable hackers and identity thieves.  In one of  the more interesting facts about identity theft, Kaspersky Lab, a security firm has stated that flaws in Java software were responsible for almost half of all cyber attacks by identity thieves and hackers last year.  The Department of Homeland Security has even gone so far as to advise people to disable Java or prevent Java apps from running on their computers.  However, many people still use Java for their work and personal computer use.  If you are one of these people it is imperative that you update your Java software with the latest security patches as soon as their are released.  Recently Java announced a new security patch, which you should install on your computer as soon as possible if you use Java software to help protect you from hacking and identity thieves.  Identity theft statistics show that if you install the security patch, you will lower, although not eliminate, your chances of becoming a victim of identity theft.

TIPS

Here is a link to the latest Java security patch information: http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html

Unless you absolutely must use Java, my advice is to disable it.  You can find a link with instructions as to how to disable Java in my Scam of the Day for April 22, 2013 which can be found in the archives of Scamicide which you can access at the top right hand corner of this blog.

If you still wish to use Java software, make sure that you download the latest Java security patch at the link indicated above.  It will help provide identity theft protection.

Scam of the day – May 20, 2013 – Critical Microsoft updates

May 20, 2013 Posted by Steven Weisman, Esq.

As I often tell you, it is critical to keep your software programs updated with the latest security patches.  Identity thieves and scammers are constantly locating and exploiting flaws in the software we all use in an effort to steal from us, make us victims of identity theft or gain control of our computers to make them a part of a bot net of zombie computers that they can use to spread viruses and malware as well as attack companies.  Consequently I regularly report on the latest software security updates for you to download.  Microsoft recently announced new updates for Windows, Internet Explorer, NET Framework, Lync, Microsoft Office and Microsoft Windows Essential.  Since everyone uses at least one of these programs, it is important for you to update your programs.

TIPS

Here is a link you can trust to the official Microsoft updates that you should download as soon as possible:  https://www.us-cert.gov/ncas/alerts/TA13-134A

If you have not already done so, you should consider making future updates automatic.  Links to enable you to do this can be found on the page that I am linking you to above.

Scam of the day – April 8, 2013 – Mozilla Firefox updates

April 7, 2013 Posted by Steven Weisman, Esq.

It is very important to keep all of your software patched with the latest security patches to prevent scammers and identity thieves from exploiting vulnerabilities in your software.  Mozilla Firefox is an excellent web browser used by many people and recently it issued a security alert in regard to fixing security issues identified in the software.  Identity thieves and scammers are always taking advantage of people who neglect to promptly update their security software so it is critical if you use Mozilla Firefox that you update your software as soon as possible.

TIPS

Here is a link to the latest security bulletin from Mozilla Firefox with links that will enable you to download the security patches.

http://www.mozilla.org/security/known-vulnerabilities/firefox.html

I also invite you to check out the vast number of scams contained in the archives of scamicide.com which can be accessed directly from the bottom of the blog where it says “older entries.”