Posts Tagged: ‘keystroke logging malware’

Scam of the day – May 21, 2013 – Eminem stabbing scam

May 21, 2013 Posted by Steven Weisman, Esq.

People are always interested in gossip, photos, videos, stories and news about celebrities.  Unfortunately, scam artists know this and take advantage of our curiosity to lure us to click on links that promise to provide photographs and videos as well as interest grabbing stories about the celebrities who fascinate the public.  It is for this reason that former Harry Potter actress Emma Watson is the most dangerous woman on the Internet.  One out of every eight searches for photographs of Emma Watson will end up downloading malware that can be used to make you a victim of identity theft.  The most recent manifestation of our fascination with celebrities to scam us is a scam that is presently circulating on the Internet involves rapper Eminem.  Many people are finding on their Facebook page a photograph of a stabbed person’s back along with a message that states “Rapper Eminem left nearly DEAD after being stabbed 4 times in NYC!  Warning, 18+!  It was all caught on surveillance video! Click the pic to play the video!”  The truth is that Eminem was not stabbed.  In fact, the same photograph was used in 2011 as a part of a scam in which the photograph was purported to be a shot of the back of Justin Beiber following a stabbing attack.  If you click on the video, one of two things may happen, both of which are not good.  The most benign result is that you will be directed to a website where you are promised prizes if you complete a survey.  The truth is that you won’t get any prizes, but the scammer gets paid for everyone who takes the surveys.  The second, more dangerous result is that when you click on the link, you will unwittingly download keystroke logging malware that can steal all of the data from your computer and use it to make you a victim of identity theft.

TIPS

Do not click on links or download attachments unless you are absolutely sure that the source is legitimate.  The risk is too great.  Stick to legitimate websites with which you are familiar and don’t fall for the lures of emails with attachments that promise you stories, photos or videos of famous people.   For celebrity gossip, stick to websites that you know are legitimate such as TMZ.   It is also important to make sure that you keep all of your computers, smart phones, tablets and other portable devices protected by security software that is up to date.

Read full article |Leave a comment
Tags: , , , , , , ,
Categories: Site Related

Scam of the day – May 8, 2013 – Iron Man 3 scam

May 8, 2013 Posted by Steven Weisman, Esq.

The movie Iron Man 3 is already a huge hit with early box office figures setting records around the world.  Pirated versions of movies being distributed on the Internet is a major problem for the movie industry, but it is also a major problem for consumers.  I don’t condone buying cheap bootlegs of movies over the Internet; that is a crime.  However, I understand that many people will be tempted to purchase or even get for free what they think are pirated versions of popular movies.  Scammers understand this too, which is why there are already more than a hundred websites, not connected with the studio that produced Iron Man 3, claiming that they have copies of Iron Man 3 for purchase or free in some instances.  These sites require you to download a file containing a video player.  The problem is that by downloading this video player, you may be downloading keystroke logging malware along with or instead of the promised video player.  This malware can steal all of your personal information from your computer including credit card numbers, bank account numbers and passwords and turn you into a victim of identity theft.  Facebook is also being used by the identity thieves to spread links for free copies of Iron Man 3 that indeed may well be tainted with malware.  Many of these links ask for your credit card, which you should not provide and end up giving you nothing.  Other links lure you in with the promise of a free streaming of Iron Man 3, but then take you through a survey for which the scammer gets paid and at the end you still do not get a copy of Iron Man 3.

TIPS

Never click on links or download files unless you know what you are clicking on or downloading is legitimate.  Obviously you cannot trust someone who is promising to provide you with a pirated product.  The risk of downloading malware is just too great.  Pay your money and go to the movie in the theater or if you want a home version, it won’t be too long before the movie is legitimately available online.

Read full article |Leave a comment
Tags: , , , , , , ,
Categories: Site Related

Scam of the day – May 7, 2013 – Ransomware update

May 7, 2013 Posted by Steven Weisman, Esq.

I have previously warned you about this type of  scam on December 3, 2012, January 19, 2013 and as recently as March 26, 2013, but today’s update is because now it is personal.  When I went to turn on my computer today I was locked out and a Ransomware scam was facing me on my computer.  Ransomware scams occur when you find that you are unable to use your computer and you receive an email message or a notice on your screen, as I received, indicating that your use of your computer has been frozen due to illegal activity being detected on your computer.  A common variation of this scam being done now purports to be from the Department of Homeland Security and its National Cyber Security Division.  The version I got purported to be from the FBI.  Even scarier was the fact that it had control of my computer camera and a photograph of me appeared at the top of the phony notice.   In the notice I was told that I needed to pay a fine before my computer would be unfrozen and I would be able to have access to it again.  In fact, the freezing of my computer has not been done by the Department of Homeland Security, the FBI or any other governmental agency.  It was done by a scammer who installed malware on my computer either through a tainted website, download or link that I had gone to  It is for this reason, that I am always reminding you never to click on links and download attachments unless you are absolutely positive that they are legitimate.  And even though I follow my own advice, somewhere I got caught.

TIPS

The best way to deal with ransomware is to avoid it in the first place.  Maintain a good firewall on your computer and install and maintain up-to-date security software.  Also, never click on links or download attachments unless you are absolutely sure that they are legitimate.  Even if the link or download is in an email or a Facebook posting that appears to come from a friend of yours, their account may have been hacked and the communication may be from a scammer.  Never pay a ransom to regain control of your computer.  There is no guarantee that the criminal who froze your computer will let you off the hook.  Rather, have a computer professional go through your computer to find the source of the problem and resolve it.  It is also important to remember that no legitimate agency will freeze your computer and make you pay a fine to unfreeze it.  In my case, my security software was not able to stop the malware from initially freezing my computer, but when, through the use of free software from Malwarebytes, I was unable to unfreeze my computer, I was able to do a security scan and find that my security software had stopped the keystroke logging malware that the scammer had attempted to download to my computer.  Had I not had such software, my computer’s information would have been at the mercy of the scammer.

If you are a victim of ransomware, here are a couple of free links that can help you.   The first  is a link to Microsoft’s Malware Protection Center with links and instructions for removing ransomware infections from your computer: http://www.microsoft.com/security/portal/shared/ransomware.aspx#recover.  The second is to Malwarebytes Anti-Malware which will detect and remove malware such as trojans and spyware.  This was what I used to get rid of the malware freezing my computer.  The link is www.malwarebytes.org.  It is free although there is also an updated version, which I use.

Read full article |Leave a comment
Tags: , , , , , , , , , , ,
Categories: Site Related

Scam of the day – April 30, 2013 – Wells Fargo bank email scam

April 29, 2013 Posted by Steven Weisman, Esq.

Once again, I had to go no further than my own email to find today’s scam of the day.  Recently I received an email which purported to be from Wells Fargo Bank indicating there was a problem with my bank account and that my account was being blocked.  In order to unblock my account, I was instructed to click on a link.  If I had done so,  I would have downloaded keystroke logging malware that would have stolen all of the information contained on my computer and made me a victim of identity theft.  A copy of the email appears below.  DO NOT CLICK ON THE LINK.  The email did not carry any Wells Fargo logo, did not refer to me by name and did not reference an account number.  These are all indications that this email was a fake.  Identity thieves depend on people reacting emotionally when they receive such an email by clicking on the link.  Never click on links in emails that you are not absolutely sure are legitimate.

“We noticed some irregular online banking activities on your account. Due to this reason, we blocked it. Unlock it now.

Wells Fargo Online Security”

TIPS

If you ever get such an email, immediately delete it.  I knew immediately that the email was a scam because I don’t have a Wells Fargo account, however, if you ever have the slightest thought that the email may be legitimate, do not click on the link, but rather call the company at a number that you know is legitimate to inform them that you received the email and to inquire as to whether it was legitimate.  You will promptly find out that it was a scam.

Read full article |Leave a comment
Tags: , , , ,
Categories: Site Related

Scam of the day – April 28, 2013 – LivingSocial hacked, data on 50 million customers stolen – what it means to you

April 28, 2013 Posted by Steven Weisman, Esq.

LivingSocial, which is an online company that provides an assortment of deals on all types of goods and services just announced that it had been hacked and data on 50 million of its customers was stolen.  The good news is that the hackers did not get customers’ credit card numbers.  The bad news is that they did get their names, email addresses, dates of birth and encrypted passwords.  It is important to remember that even though the passwords were encrypted, due to the manner of the encryption of the passwords, it is still possible, albeit difficult, for the hackers to crack the encryption and gain access to the passwords.  The danger to LivingSocial customers cannot be overestimated.  Identity thieves and scam artists can use the email addresses and names to enable them to do a type of scam called “spear phishing” through which you will get a phony email from the scammer posing as a company or agency with which you have a relationship in which you are lured to click on a link or download a document that contains malware such as a keystroke logging malware program that can steal all of the information on your computer, such as passwords, credit card numbers, your Social Security number and other information that can be used to make you a victim of identity theft.  People are more likely to fall for a spear phishing scam because the email uses your name and is directed to you personally.  Having your email address also makes it easier for a scammer or identity thief to take control of your email account and send phony emails to friends of yours that may contain malware.  Finally, since many people use the same password for multiple accounts, if your LivingSocial password is cracked, you are in danger on any account where you use that password.

TIPS

This hacking once again illustrates that you are only as safe as the companies with which you do business with the weakest security.  Never leave your credit card number to be stored by a company merely for convenience in making purchases in the future.  If you are a LivingSocial user, change your password for LivingSocial as well as every other company with which you do business.   In fact, it is a good idea to regularly change your passwords and make them different for each company.  Check your email for indications that it has been hacked into and if it is, follow the instructions for remedying the situation found elsewhere on Scamicide and in my book “50 Ways to Protect Your Identity in a Digital Age.”  Never click on links or downloads unless you are absolutely sure that they are legitimate and keep your security software up to date.

Read full article |Leave a comment
Tags: , , , , , ,
Categories: Site Related

April 25, 2013 – Associated Press hack attack – what it means to you

April 25, 2013 Posted by Steven Weisman, Esq.

On Tuesday, the Twitter account of the Associated Press (AP) was hacked into and a phony message describing a terrorist attack on the White House was sent out to the close to two million followers of AP’s Twitter account.  Immediately thereafter the Dow Jones Industrial Average lost 140 points as computerized program trading reacted automatically to the news without any verification of the truth of the report.  The phony tweet was corrected within minutes and the market recovered just as quickly as it went down, however the problem exposed by this hacking still remains.  In May of 2010 the Dow Jones Industrial average quickly lost almost 1,000 points due to a glitch in the computerized trading programs used on Wall Street.  Problems with computerized programmed trading which automatically order trades in response to perceived information are quite significant.  However, another problem is the hacking into the sources of our information.  The AP hacking is only the most recent hacking of a major provider of information.  Just last week the CBS news programs “60 Minutes” and “48 Hours” were hacked.  Also recently NPR and the BBC had their Twitter accounts hacked.   But it is not just the media that is being hacked.   Hacking is a major problem for all companies.  A recent study by Verizon indicated that 75% of the hacks were done last year by criminals seeking financial gain.  Sometimes it is to gain trade secrets, but other times it is to steal information about customers to make them victims of identity theft.  In 76% of the data breaches, according to the Verizon report, the hackers were able to exploit weak passwords.  In 29% of the hacks, tactics such as “spear phishing” were used to install keystroke logging malware on to the hacked companies’ computers to steal their data.   Spear phishing is a targeted phishing attack, often done through phony emails purporting to be from employees’ friends or business partners of the companies that contain the malware.

TIPS

Both government entities and companies are not doing what they need to do to properly protect their data from hacking.  The Associated Press Twitter account should have been protected by two-factor authentication when logging in so that even if a password is obtained by a hacker, he still would not be able to access the account.  Two-factor authentication requires not just a password, but also a code that is sent to a person’s cell phone.  Some companies such as Apple already use this technique.  The problem is that even if you and I do all we can to protect ourselves from identity theft, we are only as safe as the company or governmental agency with the worse security holding information about us.  Therefore you should try to limit as much as possible the places that hold your personal information and we all should impress upon the government and private industry the absolute necessity for better data protection.  The technology is available.  It just has to be used.

Read full article |Leave a comment
Tags: , , , , , , , , , , ,
Categories: Site Related

Scam of the day – April 16, 2013 – Boston Marathon attack scams

April 16, 2013 Posted by Steven Weisman, Esq.

The horrible events at yesterday’s Boston Marathon where two bombs were detonated, killing and maiming innocent people is bad enough, but now scammers will be taking advantage of the curiosity of people about the event to make them victims of identity theft.  Every disaster, whether it is a natural disaster, such as Hurricane Katrina or the Japanese Tsunami or unnatural horrible events such as the shootings in Newtown Connecticut bring out the scammers who will be looking to take advantage of both the public’s curiosity and its generosity to turn them into victims of identity theft and scams.  You can expect emails and Facebook messages that promise links to unique video footage of the events that will come laden with keystroke logging malware that can steal all of the information contained in your computer that will, in turn, make you a victim of identity theft.  Even if the emails or Facebook messages appear to come from someone you know, you can never be confident that someone has not merely hacked into your friend’s email account or Facebook account.  Phony charities will also be springing up to help the victims and once again, you can be sure that the scammers will be setting up many of these charities to play on your heartstrings and steal your money.

TIPS

Never click on links or download attachments unless you are absolutely sure that they are legitimate and even then, your friends and family may be unwittingly passing on links and attachments tainted with malware.  If you have any doubts as to the source of an email or a Facebook message, contact that person at a telephone number that you know is accurate to inquire if indeed they actually contacted you as well as to check on the source of the material that they, in turn, are passing on to you.  When it comes to videos of newsworthy events, stick  with well established, legitimate websites.  You can’t trust the other material found on the Internet.  As for charities, never give to a charity unless you have confirmed both that it is a legitimate charity and that it does not use too much of its contributions for payment of salaries of executives within the charities and fund raising activities.  You can find this critical information at www.charitynavigator.org.

Read full article |Leave a comment
Tags: , , , , , , , ,
Categories: Site Related
« Older Entries