Scam of the day – October 7, 2017 – Accused Russian hacker to be extradited to the United States

Earlier this week, Spain’s highest court agreed to extradite Peter Levashov who was indicted last April by a federal grand jury on charges of fraud, identity theft and conspiracy.  Levashov who formerly served in the Russian army and also had  worked for Russian President Vladimir Putin’s United Russia Party is accused of operating a massive botnet of thousands of infected computers that he would rent out to other criminals to send computer viruses and malware.

A botnet is a network of computers that have been infected with malware that enables criminals to surreptitiously use these computers to send out all manner of malware including ransomware.  People whose computers become part of a botnet often unwittingly download the malware necessary to make their computer part of the botnet by clicking on a link in an infected phishing email.

TIPS

Many people are a part of botnets without even knowing it.  If you use Windows 10 you can find out if you are a part of a botnet by opening the Task Manager and see what programs are using your network.  If there is something you don’t recognize, you may be a part of a botnet.

Of course, the best course of action is to avoid ever becoming part of a botnet and the best way to do that is to avoid clicking on any links in any emails unless you have absolutely confirmed that the email is legitimate.  In addition, installing security software and keeping it up to date with the latest security patches is also a good practice and if your router is more than ten years old, it may not be providing sufficient protection from botnets.  Updating old routers can help avoid becoming a part of a botnet.

Scam of the day – September 29, 2017 – Incredibly poor Wells Fargo phishing email

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which download malware or providing personal information that will be used to make you a victim of identity theft are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work. Reproduced below is a copy of a new phishing email presently circulating that appears to come from Wells Fargo.   Wells Fargo is a popular target for this type of phishing email because it is one of the largest banks in the United States.  Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond. As phishing emails go, this one is embarrassingly poor. Despite having a legitimate appearing Wells Fargo logo, the grammar is atrocious.  In addition, the email address from which it was sent is that of an individual totally unrelated to Wells Fargo and is most likely the address of an email account of someone whose email account was hacked and made a part of a botnet of computers used by scammers to send out phishing emails.   As so often is the case with these type of phishing emails, it does not contain your account number in the email or address you by name.  I have removed the links contained in the original email as sent.

Wells Fargo

Wells Fargo Account

® Security Re-identify

Your Wells Fargo online access need’s to be re-identify on our server. Because we are having difficulty to contact you with the email address on file with us do to this reason’s you are advised to perform account security identification process by confirming your email account with us also to make your  account 100% secured, sign on to continue. xxxxxxxxxxxxxxx

To avoid your Account from being Permanently BLOCKED.
Go to xxxxxxxxxxxxxx  For all other Online Banking related inquiries, please call  Wells Fargo Online Customer Service at xxxxxxxxxxxx.

TIPS

There are a number of indications that this is not a legitimate email from Wells Fargo, but instead is a phishing email. Legitimate credit card companies would refer to your specific account number in the email.  They also would direct the email to you by name rather than directing it to your email address.   As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or smartphone and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the customer service number where you can confirm that it is a scam, but make sure that you dial the telephone number correctly because scammers have been known to buy phone numbers that are just a digit off of the legitimate numbers for financial companies, such as Wells Fargo to trap you if you make a mistake in dialing the real number.

Scam of the day – September 24, 2017 – New Netflix phishing scam

The popularity of Netflix makes it a preferred subject for phishing emails sent to people appearing to come from Netflix in which you are told you need to update your credit card information or asking for other personal information.  Reproduced below is a copy of an email presently being circulated.  It looks legitimate, but it is easy to counterfeit the Netflix logo and make the email appear to be legitimate when it is not.  Two things can happen if you click on the link in the email.  Either you will be directed to a phony but legitimate looking website where you will be prompted to input your credit card information and thereby turn it over to an identity thief or, even worse, merely by clicking on the link, you will download keystroke logging malware that can steal all of the information from your computer and use it to make you a victim of identity theft.

netflix phising.jpg

TIPS

As I always say, “trust me, you can’t trust anyone.”  You can never be truly sure when you receive an email seeking personal information such as your credit card number whether or not the email is a scam.  The risk of clicking on a link or providing the requested information is just too high. Instead, if you think that the email might be legitimate, you should contact the company at a telephone number that you know is legitimate and find out whether or not the email was a scam.

Often telltale signs of a phishing email scam is when the email address of the sender is that of a private individual rather than the company purporting to be sending the email. This is due to the email being sent through a botnet of hijacked computers.  Poor grammar is another indication of a phishing email.  This often occurs because the scam may originate in a country where English is not the primary lanugage.

As for Netflix in particular, it will never ask in an email for any of your personal information so anytime you get an email purportedly from Netflix asking for your credit card number, Social Security number or any other personal information, it is a scam.  Here is a link to Netflix’s security page for information about staying secure in regard to your Netflix account.  https://help.netflix.com/en/node/13243

Scam of the day – June 17, 2017 – Father’s Day scams

Tomorrow is Father’s Day which for many people is an opportunity to show our fathers how much we love and appreciate them, for scam artists, it is yet another opportunity to scam people.

One of the most common Father’s Day scams involves e-cards which are great, particularly for those of us who forget to send a Father’s Day card until the last minute.  Identity thieves send emails purporting to contain a link to an electronic Father’s Day card, but instead send malware that becomes downloaded when the victim clicks on the link. This keystroke logging malware enables an identity thief to steal personal information from the victim’s computer that can be used for purposes of identity theft.

TIPS

Never click on a link to open an e card unless the e card specifically indicates who sent the card. Phony e cards will not indicate the name of the sender.  Even if the sender is someone you recognize, you should independently confirm with that person that they indeed sent you an e card before clicking on the link.

Scam of the day – June 9, 2017 – Ukranian hacker sentenced to prison

I have been reporting to you for two years about developments in this ingenious and massive stock fraud since the story first broke.   Forty-three people were charged both civilly and criminally in the largest hacking and securities fraud enterprise in American history.  The defendants were made up of rogue stock traders including hedge fund manager and former Morgan Stanley employee Vitaly Korchevsky along with computer hackers based in the Ukraine.  Now Ukranian hacker Vadym Iermolovych was sentenced to thirty months in prison and ordered to pay more than 3 million dollars in restitution for his role in this scheme.

The hackers used simple phishing tactics to gain access to more than 150,000 press releases issued by Marketwired, PR Newswire in New York and Business Wire of San Francisco on behalf of numerous American companies including Panera, Caterpillar, Inc and Align Technology that contained earnings and other corporate information prior to their public release.  This enabled the rogue stock traders to make trades based on this inside information before it became known to the public.  Trades using this stolen information were made by traders in Russia, Ukraine, Malta, Cyprus, France and here in the United States in Georgia, New York and Pennsylvania  It is estimated that between 2010 and 2015, the defendants made profits of as much as 100 million dollars on 800 trades during this time.  A number of the defendants have already pleaded guilty to charges related to this scam.

The cornerstone of this scam as so many cyberscams was the ability to hack into the company computers of Marketwired, PR Newswire and Business Wire by hacking into social media sites where they stole the passwords of employees of these companies who used the same passwords at work.  The scammers also used spear phishing emails to gain the further access they needed to infiltrate the computers of the targeted companies.

TIPS

One of the biggest takeaways from this case is how easy it is to still use spear phishing emails to lure people into clicking on links tainted with malware that permits hackers to steal a person’s or company’s data. Apparently corporations still have not learned to sufficiently train their employees to recognize phishing emails nor have they learned to encrypt and segregate sensitive data from hackers.   This is important to all of us as individuals because identity thieves and hackers use the same phishing techniques to hack into the computers of us as individuals and steal our personal information.  Never click on links in emails regardless of from whom they appear to come unless you are absolutely sure that the link is legitimate.  It well could contain keystroke logging malware that will steal all of the information from your computer.  Also, it is important to remember that you cannot rely on your anti-malware software to protect you because the best anti-malware software is always at least a month behind the latest malware.  However, it is still important to have security software on all of your electronic devices and keep that software up to date with the latest security patches because many scammers use older versions of malware for which there are defenses.

Finally, this case also reminds us to use unique passwords for all of our accounts so that if our password is compromised at a company with lax security, our own security at other places where we use passwords is not threatened.   Although it may seem difficult to have to remember so many different password, an easy way to deal with this is to have a strong base password that contains capital letters, small letters and symbols and adapt that base password for each of your accounts.  Using an easily remembered phrase as the base password such as IDon’tLikePasswords is effective.  Make it even better by adding a couple of symbols at the end such as IDon’tLikePasswords!!! and then adapt it for each of your accounts so, for instance, your Amazon account password would be IDon’tLikePasswords!!!AMA.

Scam of the day – June 8, 2017 – Steve Harvey’s new show hacked

In the last month I have told you about the hacking exploits of a group of hackers who call themselves thedarkoverlord.  In May, nine episodes of the popular Netflix original series, “Orange is the New Black” were posted by them on a publicly available file when their extortion attempt failed. They also claimed to have stolen the most recent  sequel in the successful Pirates of the Caribbean movie series, but this turned out to be a hoax. This type of extortion can only be expected to grow as hackers attack the weakest links in movie and television program development.  In the case of Orange is the New Black and other television shows, the weakest link was a post production studio, Larson Studios.

Now they have released eight episodes of what they say are stolen episodes of the new Steve Harvey show “Steve Harvey’s Funderdome” which will be premiering on ABC on June 11th.

TIPS

If a bootleg movie or television show is posted online I strongly urge you not to download it.  In addition to the morality and ethics of not participating and encouraging this type of crime, you also run the risk of downloading various types of malware including ransomware and keystroke logging malware that can lead to your becoming a victim of identity theft if you go to the rogue websites where you can find this material.

Scam of the day – May 30, 2017 – Apple iTunes phishing scam

Phishing emails, and the more personally tailored spear phishing emails are the most common way that people and companies are tricked into downloading malware such as ransomware or keystroke logging malware used to steal information from the victim for purposes of identity theft. Effective phishing emails will appear to be legitimate and lure victims into downloading malware filled attachments or clicking on links tainted with malware.

Reproduced below is a new phishing email presently being circulated that is one of the worst examples of a phishing email.   It purports to be from the Apple Store informing the recipient that his or her account has been used to make a purchase and urges the targeted victim to download an attachment if they did not make the purchase.

As regular readers of Scamicide have seen, many of the phishing emails we have shown you over the years are quite convincing, however this particular email is so filled with indications that it is phony, it is hard to imagine someone falling for the scam although I am sure some people will do so.

The email address of the sender has nothing to do with Apple which is an early indication that this is a scam.  There is no logo that appears on the email and the email is not addressed to anyone in particular nor does it indicate an account number.  Finally, their are spelling errors and horrible grammatical errors throughout the email.

Here is a copy of the email that is presently circulating.

“[ApplePay] – iTunes was used to purchase in App Store on Macbook Pro 13
Date and time: 27 May 2017 10.32 hrs
Transaction: 7BA6818XL0333C2U
Order number: MQ3N7F0G8Q
OS: OS X 10.12.4
Browser: Safari
Location: New York, United States of America
If the information looks familiar, you can ignore this email.
If you have not recently purchased an article or in-apps apps on a MacBook Pro 13 “
With its appIe lD and thinking that your account has been accessed,
Please read our binding and follow the instuction to back up your account.
Best regards,
AppIe account department
Copyright @ 1998-2017. 2211 N 1st St, San Jose, CA 95131, USA. All rights reserved.”
TIPS
Whenever you get any email that attempts to lure you into downloading an attachment or clicking on a link, you should be skeptical and never consider doing so unless you have absolutely confirmed that the email is legitimate.  Also, look for telltale signs that the email is a phishing email by examining the address of the sender, the spelling and grammar and a lack of your account number or name appearing although in more professionally done spear phishing emails real account numbers and your name might be used which is why it is always imperative to never click on links or download attachments unless you are totally convinced that the email is not phony.

Scam of the day – May 21, 2017 – HSBC text scam

British based HSBC is the world’s sixth largest bank and has branches around the world.  Recently scammers have been randomly sending out text messages, such as the one reproduced below in order to scare people into clicking on the link in order to verify their account and avoid a threatened suspension of the account.  If you click on the link it will take you to a phony HSBC website that looks legitimate, but is merely a scam to lure you into providing your username and password for your HSBC account (if you have one) which the scammer will use to steal money from your account.  If you receive this text message and don’t have an account with HSBC, you know immediately it is a scam, but it can look frighteningly legitimate if you have an account with HSBC.

HSBC banking scam text (Image: loveMONEY_

TIPS

This message can be particularly problematic if you are an HSBC customer and have signed up to receive text message alerts from the bank. However, whenever you receive a text message you can never be sure who is really sending it to you, so you should never click on links in such text messages which may either download ransomware malware on to your phone or keystroke logging malware that can lead to your becoming a victim of identity theft.  In other instances, such as with this particular text message scam, you are in danger of providing your personal information directly to the scammer that can be used to access your accounts.  The best course of action when you receive such a text message if you have a concern that it may be legitimate is to merely independently contact your bank to determine whether or not the text message was a scam.

Scam of the day – May 17, 2017 – Pirates held for ransom

Although the headline may seem a little odd, what it is referring to is another data breach at a major Hollywood movie studio, in this case Disney, where the latest sequel in the successful Pirates of the Caribbean movie series has apparently been stolen through a data breach and the hacker is demanding a ransom which Disney is refusing to pay.  If the ransom is not paid, the hacker has indicated he will release the movie online in advance of the Theatrical release date of May 26th.

This latest incident comes on the heels of the hacker known as thedarkoverlord,  posting nine episodes of the popular Netflix original series, “Orange is the New Black on a publicly available file a few weeks ago as I reported to you on Scamicide at the time.  This type of extortion can only be expected to grow as hackers attack the weakest links in movie and television program development.

TIPS

If the movie is posted online I strongly urge you not to download it.  In addition to the morality and ethics of not participating and encouraging this type of crime, you also run the risk of downloading various types of malware including ransomware and keystroke logging malware that can lead to your becoming a victim of identity theft if you go to these rogue websites.