Scam of the day – January 29, 2015 – Major security flaw discovered in Linux operating system

Linux is a popular and free computer operating system.  Recently researchers at the cloud security company Qualys discovered a major security flaw in the Linux operating system which they have named GHOST that would enable hackers to remotely take total control of a Linux user’s computer or other device without having to even know a password.  The GHOST security flaw could be exploited merely though an email from a Linux-based system to the victim’s computer or other device.  Fortunately, there is a patch for this security problem.  A link to the patch can be found below.


If you are a Linux user it is imperative that you download the security patch immediately.  Here is a link that will take you to the necessary patches.

This is just another example of how important it is to keep up to date with the latest security patches and updates and install them as soon as possible.  Hackers and identity thieves constantly are taking advantage of people who do not update the software they use on their computers and other devices with the latest security patches.  Here at Scamicide we inform you whenever there are important security patches and updates about which you should be aware.  Make sure that you check out Scamicide every day and let your friends know to do the same.

Scam of the day – January 16, 2015 – Airlines frequent flier accounts hacked

American Airlines and United Airlines both have recently announced that last month frequent flier accounts for thousands of their customers were hacked by identity thieves stealing miles to book free trips and upgrades.  Although the hacking occurred in December, the airlines are just now notifying affected customers.  Both affected airlines have informed the victims of the hackings that their stolen miles will be restored to their accounts.   It is important to note the important distinction that the computers of American Airlines and United Airlines were not hacked, but rather individual accounts of customers whose usernames and passwords has somehow been obtained by the identity thieves to gain access to their frequent flier accounts.


The lesson of this scam is one that I have previously mentioned many times, namely, you should use complex usernames and passwords and, most importantly, have different usernames and certainly different passwords for all of your accounts.  Otherwise you are at risk for all of your online activities from banking to retail purchases if someone manages to steal just one account’s username and password.  I have written extensively about how to pick a difficult to steal, but easy to remember password many times before, but one tip is definitely worth remembering.  Pick a phrase, such as “IDon’tLikePasswords” and you can use this complex and strong password which has symbols, small letters and capital letters and then strengthen it further by adding a couple of exclamation points at the end to read “IDon’tLikePasswords!!” and then use it as a base password that you distinguish with a few letters for each account.  So, for example, if the password were to be for your American Airlines frequent flier account, you could make the password “IDon’tLikePasswords!!AM.”

Scam of the day – November 8, 2014 – Latest Home Depot hacking developments

Home Depot has announced that in addition to the information on millions of debit cards and credit cards that were stolen by hackers in its recent data breach which had gone undetected for months before being discovered in early September, the hackers also stole the email addresses of 53 million of its customers.

So what does this mean to you and me?

It means that we can expect to receive phishing emails that appear to come from Home Depot, some of which may even be directed to us by name.  This type of precise phishing is called spear phishing and it is an effective tool of identity thieves in luring us to provide personal information or to click on links or download attachments in official looking emails.  Unfortunately, if you provide the personal information requested under some guise in the email, this information will be used to make you a victim of identity theft and if you click on the link or download attachments in the emails, you will download keystroke logging malware that will steal your personal information from your computer and use it to make you a victim of identity theft.

Home Depot also disclosed for the first time that the way their computers were hacked was by initially hacking into third party vendors with lax security and using their usernames and passwords to gain access to the computers and data of Home Depot.  This was the same tactic used in the Target hacking and many other data breaches.  In fact, in a column I wrote for USA Today in September I described the techniques used by hackers to infiltrate the computers of targeted companies through such third party vendors or others using offsite access to the computers of the targeted companies.  I mention this not to toot my own horn, but to tell you that the problem has not been solved and we will be seeing this pattern followed in future major data breaches time and time again.


The takeaway from Home Depot’s announcement that identity thieves may have your email address is to be even more vigilant in regard to not clicking on links or downloading attachments in emails regardless of how legitimate they may look.  The risk is too great.  You can well expect that you may receive an email that appears to come from Home Depot and it may have a link for you to click on for either more information about the risk to you of the data breach or even to gain you access to free credit monitoring.  Such a legitimate email was sent by Target to its affected customers after its major data breach.  However, you cannot be sure that the email is legitimate so don’t click on the link or download any attachments.  Rather, if the message appears to you to be legitimate, merely go directly to Home Depot’s real website where you will find the real information.  When Target sent an email with a link to free credit monitoring, I ignored the email, went to the Target website and enrolled there for the free credit monitoring.

Scam of the day – June 26, 2014 – Hedge funds hacked

Hedge funds are aggressively managed investment portfolios that are largely unregulated.   They generally are used by only the wealthiest of people.  They also have become a ripe target for hackers who, according to a recent report by computer security firm BAE System, have been hacking into the computers of these funds and causing financial harm in a multitude of ways.  According to BAE, one unnamed hedge fund lost millions of dollars after hackers managed to infiltrate their computers through simple spear phishing tactics by which the hackers tricked hedge fund employees into clicking on links in infected emails that downloaded malware into the hedge fund’s computers that enabled the hackers to learn about impending trades and then delay the trades while the hackers traded first based upon the stolen information.   Another way that the hedge funds have been attacked is through the ransomware  program Cryptolocker, about which I warned you repeatedly since November of 2013.  Cryptolocker is a type of malware that infects the computer of the unwary victim and encrypts all of the victim’s data making it unusable unless they pay a ransom to the criminal hacker.


The financial industry as a whole has not taken sufficient security precautions and steps to protect themselves and our economy from the attacks of scammers, hackers and identity thieves.  Just because you have not heard of many of these hackings as much as with high profile hackings of Target and other companies is very much because quite often the companies do not disclose that they have been hacked.  The hedge fund industry’s sophisticated digital trading systems have become attractive targets to hackers and the hedge fund industry has not taken the necessary security steps to protect the integrity of their business from attack.  Unfortunately, this type of crime is something that is going to get worse before it gets better.  Whenever you are investing your money with a company, you should first inquire as to the security steps taken by the company.

Scam of the day – June 24, 2014 – Japanese app accounts hacked

Line is a popular phone messenger app in Asia where four hundred million people, mostly in Japan, use it to make free phone calls, send instant message, post photos or post videos.  Between May and June there were hundreds of hackings into the accounts of Line users, however, it does not appear that there was a security breach at Line.  Rather, it seems that hackers managed to steal the passwords of Line users from other online services and, where those passwords were also used for Line, were able to access their victims’ Line accounts.  This case strongly indicates why it is so important to have a different and complex password for all of your accounts.  Identity thieves rely on the fact that so many people use the same password for all of their accounts so if they are able to hack into a company with lax security and obtain customers’ passwords, they can use those passwords elsewhere, such as for online banking where the harm can be significant.


It is important to have distinct, separate passwords for all of your online accounts.  It is also important to make sure that they are complex and that they combine capital letters, small cap letters, digits and symbols in order to make them able to withstand the password deciphering programs used by identity thieves.  To make them easy to remember, you may wish to use a phrase, such as “EasyToRemember1***.”  You can also adapt this password to each of your accounts, such as making “EasyToRemember1Amazon***” your password for your Amazon account.

Scam of the day – December 3, 2013 – Latest software vulnerability alert

The Department of Homeland Security through the National Institute of Standards and Technology and the National Vulnerability Database regularly issue Cyber Security Bulletins to alert you to vulnerabilities in regularly used software as well as provide links to security patches and updates to correct these problems.  The vulnerabilities are rated, High, Medium and Low with High, of course, being the highest priority.  Scammers and identity thieves exploit these vulnerabilities to cause us all harm so it is critical that you download and install the necessary patches as soon as they are available.  Some people are wary when they receive notices of security patches because they are not sure whether the notices are legitimate or are from scammers.  The links provided here at Scamicide are links you can trust.


Here is a link to the latest Cyber Security Bulletin, which I urge you to look at and click on the links to download and install the patches for the software programs that apply to you.

Scam of the day – December 1, 2013 – Important Microsoft security alert

Identity thieves and scammers constantly are exposing vulnerabilities in the software programs that we use for their criminal purposes, which is why it is critical that you update your software programs as soon as possible when security patches and updates become available.  Recently Microsoft issued a security advisory in which the company indicated that it had discovered a serious vulnerability in the Windows XP and Windows Server 2003, two of the older Windows software programs.  At the moment Microsoft has not developed a sufficient update or patch to remedy this problem, however, Microsoft does recommend a Workaround, which is a setting or configuration change that will not remedy the vulnerability, but will block attacks until a patch can be developed.


The full Microsoft Security Advisory including instructions as to how to construct a Workaround that will block attacks attempting to take advantage of the identified vulnerability in the affected software programs can be found by clicking on the following link and going to the Microsoft Security Advisory.  If you use either of these programs, it is critical that you take this preventive action.

Scam of the day – October 17, 2013 – Important list of security updates

The Department of Homeland Security’s United States Computer Emergency Readiness Team regularly compiles a list of vulnerable computer software and the security patches necessary to correct these vulnerabilities.  These vulnerabilities are ranked High, Medium and Low.  Obviously the vulnerabilities ranked high pose the greatest threat to your security.  Below you will find a link to the latest Vulnerability summary which includes patches for the latest exposed flaws in Adobe software which are quite significant and which, deservedly, have been the subject of a number of recent Scams of the day as these vulnerabilities pose a significant threat to you of identity theft.  I urge you to not only install the new security patches, but to go to the Scamicide Archives and read all of the recent Adobe Scams of the day to determine if you want to continue to use Adobe products.  You may wish to consider alternatives which I suggest in the Scams of the day.

It is always important to update your software with the latest security patches and updates because identity thieves exploit these vulnerabilities and count on you not to be timely in downloading important security patches.  Remember, the good guys are always at least a month behind the bad guys in identifying these vulnerabilities so it is important to remedy the problem as soon as possible.  Make sure you read Scamicide every day to keep track of the latest security patches and updates.


Here is  a link to the Department of Homeland Security’s latest Vulnerability Summary with links to security patches for many different software programs.

Scam of the day – August 18, 2013 – Urgent Microsoft security updates – How to prevent identity theft

Identity thieves and hackers are constantly working to discover and exploit vulnerabilities in the various computer software that we use in our computers, laptops, tablets, smartphones and other portable devices  to make you a victim of online identity theft therefore it is extremely important that as flaws are discovered and patches for these flaws issued that you download the necessary security patches as soon as possible.  Identity thieves and hackers rely on the fact that many people do not keep their security software up to date and exploit this fact.  Recently Microsoft has issued new security patches for discovered vulnerabilities in various Windows programs that millions of people use.  The United States Computer Emergency Readiness Team, which is a part of the Department of Homeland Security regularly issues alerts regarding software patches you need to install and recently they issued such an alert for Windows software.


Here is a link to the Security Advisory issued by the United States Computer Emergency Readiness Team which, in turn, provides secure links that you can trust that will take you to the necessary Microsoft security downloads.

Scam of the day – June 21, 2013 – Critical Java Updates

Regular readers of Scamicide (which I hope you all will be) are familiar with the many problems that have come with the use of Java software.  Java is a very popular software made by Oracle.  Unfortunately, it is also a software that has proven to be very vulnerable to being hacked and exploited for purposes of identity theft and stealing information by knowledgeable hackers and identity thieves.  In one of  the more interesting facts about identity theft, Kaspersky Lab, a security firm has stated that flaws in Java software were responsible for almost half of all cyber attacks by identity thieves and hackers last year.  The Department of Homeland Security has even gone so far as to advise people to disable Java or prevent Java apps from running on their computers.  However, many people still use Java for their work and personal computer use.  If you are one of these people it is imperative that you update your Java software with the latest security patches as soon as their are released.  Recently Java announced a new security patch, which you should install on your computer as soon as possible if you use Java software to help protect you from hacking and identity thieves.  Identity theft statistics show that if you install the security patch, you will lower, although not eliminate, your chances of becoming a victim of identity theft.


Here is a link to the latest Java security patch information:

Unless you absolutely must use Java, my advice is to disable it.  You can find a link with instructions as to how to disable Java in my Scam of the Day for April 22, 2013 which can be found in the archives of Scamicide which you can access at the top right hand corner of this blog.

If you still wish to use Java software, make sure that you download the latest Java security patch at the link indicated above.  It will help provide identity theft protection.