Scam of the day – May 10, 2014 – Mothers’ Day scams

Although for many of us, Mothers’ Day is an opportunity to show our mothers how much we love and appreciate them, for scam artists, the only criminals we refer to as artists, it is yet another opportunity to scam people.  One common Mothers’ Day scam involves an email that you get offering Mothers’ Day gifts such as flowers, jewelry, shoes or clothing at tremendously discounted prices.  All you need to do is to click on a link to order online.  The problem is that many of these offers are indeed scams.  If you click on the link, one of two things can happen and both are bad.  Sometimes the link will take you to an order form where you provide your credit card information, but never get anything in return.  Instead your credit card information is used to make you a victim of identity theft.  Even worse is the other possibility which is by clicking on the link, you will unwittingly download a keystroke logging malware program that will steal all of the personal information stored on your computer and use that information to make you a victim of identity theft.  Another Mothers’ Day scam involves e-cards which are great, particularly for those of us who forget to get a Mother’s Day card until the last minute.  Again, however, identity thieves will send emails purporting to contain a link to an electronic Mothers’ Day card, but if Mom clicks on the link, she will download that dangerous keystroke logging malware that I just described.

TIPS

It is always dangerous to buy anything online from any store or company with which you are not familiar.  Check out the company with the Better Business Bureau, your state’s Attorney General, the Federal Trade Commission or just on Google to see if the company is legitimate.  Even then you are better going directly to the company rather than dealing with a company through an email that may just be a forgery of an email from a legitimate company.  As always, if  the offer you receive sounds too good to be true, it usually is.  As for e-cards, never open an e card unless it specifically indicates who sent the card.  Phony e cards will not indicate the name of the sender.  If the email card states that it is from “your son” or “your daughter,” don’t open it until you have confirmed with your child that they indeed did send that particular e-card.  You can’t trust an e-card that indicates it comes from someone where only the first name is used because that too may be a scam.  The best course of action is to always confirm with the purported sender that they have sent you an e-card before you open it.

Scam of the day – March 10, 2014 – Netflix phishing scam

Phishing is the term for a scam where you are lured to a phony website and either induced into providing personal information to what you think is a legitimate company or even a government agency or persuaded to click on what appears to be a legitimate link only to learn that by clicking on the link, you unwittingly download keystroke logging malware that will steal all of the information from your computer, smartphone, tablet or other device.  In either situation, the end result is the same.  You end up a victim of identity theft.  Recently a phony, but very good looking copy of a Netflix website was found on the Internet.  The URL for the website did have the word “Netflix” in it, but it also had a number of apparently random characters also in the URL which to a careful viewer would have been a sufficient tip off that this is a scam.  On the website was a message to call an 800 support telephone number.  If you call the number, you are told that your Netflix account has been shut down because it had been illegally accessed by hackers.  You are then told to enable the “support” team to have access to your computer or other device in in order to remotely download necessary security software to protect your account in the future.  Instead of security software, what is installed remotely is a keystroke logging malware program that enables the scammers to steal all of the information from your device and use it to make you a victim of identity theft.  In addition, the support team also asks for a photo of the customer’s identification and a credit card, which is readily able to be done using the victim’s computer or phone camera, which was actually able to be enabled through software already downloaded unwittingly by the customer.  In closing, the phony support team tells the customer that the customer will be charged as much as $400 for the security update, however, in his or her case, they will offer a discounted rate.

TIPS

This particular scam is no longer being done.  The phony website has been taken down.  However, it is a typical type of phishing scam that you must take great care to avoid.  Identity thieves are quite adept at creating legitimate looking websites that appear to be those of legitimate companies or even governmental agencies.  Whenever you go to a website for a company or agency with which you do business, make sure that you have the correct URL.  Double check it.  In this case, a savvy consumer would also know that Netflix does not supply security software.  In any event, never provide personal information, click on links or download attachments unless you are absolutely sure that you are dealing with a legitimate company that has a real reason for your information.  Although this particular scam is now down, you can expect the same pattern to repeat itself time and time again.

Scam of the day – May 19, 2013 – Fidelity phishing scam

Phishing, as I have described on Scamicide and in my book “50 Ways to Protect Your Identity in a Digital Age” is the name for the tactic used by identity thieves by which you are lured to a phony website to provide information used to make you a victim of identity theft.  Phishing often starts with an email from a company with you do business or a federal or state agency.  The email indicates that there is some problem or other matter to which you must give your immediate attention and a link is provided for you to purportedly go to the website of the company or agency, however, in fact, you are either sent to a phony website for the company or agency where information is solicited that will be used to make you a victim of identity theft or, even worse, by clicking on the link you download a keystroke logging malware program that steals all of the information from your computer including your Social Security number, credit card number, passwords and other information used to also make you a victim of identity theft.

Recently, I received an email purportedly from Fidelity Investments.  As phishing attempts go, this one was pretty flawed.  The email address from which it came was not an email address of Fidelity Investments.  In fact, it was that of a private person who most likely was a part of a botnet by which his computer was being manipulated by an identity thief.  If you want more information about botnets, you can check out the archives of Scamicide or read about them in my book “50 Ways to Protect Your Identity in a Digital Age.”  Other flaws in the phishing email were the lack of my name appearing anywhere which indicates that it is just a general phishing email sent out to many people by the identity thief, and the lack of a Fidelity logo.

Here is a copy of the email I received.  DO NOT CLICK ON THE LINK.

“Account Status NotificationWe have noticed unusual activity on your account. Due to this, we need you to verify your account information for more efficient use of our Banking system: Please confirm your account information today by clicking on the link below: https://fidelity.secure.com/Logon.aspx?LOB=RBGLogon=user=&email&Security Adviser
© Fidelity Brokerage Services LLC. All rights reserved”

TIPS
Never click on links in emails unless you are sure they are legitimate.  Unfortunately, you can never be sure when you receive an email if the email is legitimate so you should always be skeptical and make it a habit not to click on links until you have verified that they are legitimate by contacting the company or agency that is indicated as having sent the email to confirm whether or not the email and link are legitimate.  Look for the telltale signs that it is a phony, such as an email address for the sender that is not that of the real company or agency and the failure to direct the email to you directly by name.  You can contact the company or agency by phone or email directly to confirm whether or not the email you receive was legitimate.  Finally keep your Firewall and security software up to date to help protect you from viruses and malware.  Security software is certainly not perfect, but it does help.

Scam of the day – March 10, 2013 – Phony ADP email scam

A common scam involves an email that you get that purports to be from a company with which you do business.  Under various pretexts the email requires you to either click on a link or download material.  In either case, what will happen is that unwittingly you will download a keystroke logging malware program that will steal all of the information from your computer including passwords, bank account numbers, credit card numbers, passwords, your Social Security number and more, all of which will be used to make you a victim of identity theft.  Shown below is an email that I received that purported to be from the popular payroll processor ADP.  If you get such an email you should be particularly skeptical because my name is not used anywhere in the email and no logo for the company appears.  This is definitely a low level scammer at work.  A copy of the email is copied below.  ADP is a popular company for such scams because so many people use them, however this email is quite obviously a scam.

TIPS

You can never be sure when you receive an email if it is sent from whom it purports to be sent so never click on links or download material unless you have confirmed with the company, preferably by phone call at a number that you know to be accurate, whether or not the email is legitimate.  In this case, you don’t even have to do that in order to know that it is a scam.  Here is a copy of the email that I received

 

"Your ADP Payroll invoice for last week is attached for your review. If you have
any questions regarding this invoice, please contact your ADP service team at
the number provided on the invoice for assistance.

Thank you for choosing ADP Payroll.
Important: Please do not respond to this message. It comes from an unattended
mailbox.”

Scam of the day – November 10, 2012 – Latest Twitter hacking

A common technique used by scammers and identity thieves is to send you an email or text message purporting to be from companies with which many people do business, such as large national banks, Facebook, Twitter or Ebay telling you that there has been a security breach of your account and that it is necessary for you to take particular steps to protect your data and your account.  The email or text then requires you to provide confirming personal information, which then is used by the identity thief to make you a victim of identity theft or requires you to click on a link to take you to a page where you will be assisted in protecting your account when in actuality what you do by clicking on the link is download keystroke logging malware that will steal all of the information on your computer and make you a victim of identity theft.  However, a similar email that many Twitter users are receiving is actually legitimate, however, there is more to the story.  The legitimate email from Twitter reads “Twitter believes that your account may have been compromised by a website or service not associated with Twitter.  We’ve reset your password to prevent others from accessing your account.”  The email then instructs people as to how they can change their passwords to the password they now wish to use.  The number of Twitter users receiving the email actually is more than the number of Twitter users that were actually in danger of having their accounts hijacked, but Twitter affirmatively decided to err on the side of caution and change more account passwords than might have been necessary and it is hard to criticize that decision although it is possible that the broad resetting of passwords may also have represented a mere mistake by Twitter in determining what accounts were in jeopardy.  But there is another scam of which you should be aware.  Knowing that the word is getting out that the email from Twitter is legitimate, scammers will be emailing and texting their phony versions of this email representing themselves as Twitter. In the scammers emails they will be either asking for personal information or directing you to link to a page to reset your password that will download that keystroke logging malware program I warned you about.  Don’t provide such information and don’t click on any links unless you are sure they are legitimate.

TIPS

The real email from Twitter does contain a link to go to change your password, namely https://twitter.com.  However, you are better protected by not clicking on the link, but typing the real address directly into your address line.  The real email from Twitter does not ask for personal information. If you are asked for personal information, the email you got is from a scammer.   Also check out the address from which you your email is coming and if it isn’t the real email address of twitter as indicated above, don’t trust it.  Don’t even trust an email from an address that contains the word “twitter” in it because that may be from a scammer who just used the name in the phony address.

Scam of the day – October 24, 2012 – Lady Gaga death scam

Similar to the scam I told you about a few days ago regarding identity thieves luring you by purporting to provide you with a link to a Miley Cyrus sex tape that doesn’t exist, the latest incarnation of this same scam is occuring on Facebook where you may find a notice about breaking news that Lady Gaga has been found dead in her hotel room.   A link is provided to take you to a British Broadcasting Company (BBC) website where the story is supposed to appear.  Of course, the story does not appear if you click on the link because it is not true.  Unfortunately however, what will happen is that by clicking on the link you will download  a keystroke logging malware program that can steal all of the information from your computer and make you a victim of identity theft.

TIPS

As I have told you time and time again.  Never click on links of which your are not absolutely sure are legitimate.  And frankly links of which you are absolutely sure are few and far between.  The better course of action in a situation like this is to go to legitimate news websites directly at addresses you type into your browser and that you know are accurate to check out the truth of such stories.  It may be tempting to click on the link, but that is why scammers use stories like this to make you a victim of identity theft.  The safer course of action is not to click, but go to a real news website directly.