Posts Tagged: ‘keystroke logging malware’

Scam of the day – April 14, 2014 – The last income tax scam of the season

April 14, 2014 Posted by Steven Weisman, Esq.

Tomorrow is April 15th which is the last day for filing your federal income tax return unless you are a procrastinator who has filed an extension.  Identity thieves and scammers love income tax season as it provides them with an opportunity for a wide variety of scams to steal your money.  I have described these scams in numerous Scams of the day.  As the income tax season comes to an end, scammers and identity thieves are busy with one last scam about which I want to warn you.  It starts with you receiving an email that appears to come from the IRS Taxpayer Advocate Service in which you are told that there is a problem with your recently filed federal income tax return and that IRS computers have found errors in your return.  In order to resolve the problem, you are told to click on a link in the email that purports to take you to the IRS Taxpayer Advocate Service website where you are told you will find information about the problem and the name of the taxpayer advocate assigned to your case.  If you click on the link, you will not go to the IRS Taxpayer Advocate Service, which is a real organization.  Instead you will be sent to a legitimate looking, but phony website that will solicit you to provide information that will enable the identity thief behind this scam to make you a victim of identity theft.

TIPS

The easy way to avoid this scam is to remember that the IRS will never initiate contact with taxpayers by email.  If you get an email, text message or phone call purporting to be from the IRS initiating contact about anything, you can be sure that it is a scam.  As a general rule, however, it is important to recognize that whenever you get an email, phone call or text message, you can never be sure of who is contacting you and whether or not they are legitimate.   Therefore never provide information to anyone who contacts you in this manner and do not click on links or attachments in unsolicited text messages or emails which may either be seeking personal information from you to be used to make you a victim of identity theft or will automatically when you click on the link download keystroke logging malware on to your computer that will steal the information from your computer and again use it to make you a victim of identity theft.

Scam of the day – April 7, 2014 – Multi-million dollar bank hacking conspiracy broken

April 7, 2014 Posted by Steven Weisman, Esq.

A few days ago, Robert Dubuc and Oleg Pidtergerya pleaded guilty to a number of criminal counts in charges brought against them in federal court.  The conspiracy of which they were a part is very telling of the danger that threatens the international banking system.  The scheme began before the two defendants ever got involved.  Ukrainian hackers gained illegal access to the bank accounts of more than a dozen large financial institutions and companies, including Automatic Data Processing, Inc (ADP), Citibank, E-Trade, JP Morgan Chase Bank, Pay Pal, TD Ameritrade and TIAA-CREF.  Once the hackers gained access to the accounts, they transferred funds stolen electronically from these accounts to bank accounts and pre-paid debit cards that they controlled.  At this point they then progressed to the cashing out phase of the scam by which people known as “cashers” would withdraw the funds from the new accounts through ATM withdrawals and bank withdrawals after which the funds were sent to the two Ukranian hackers behind the scam.  Dubuc and Pidtergerya were cashers.

TIPS

Banks and other financial institutions have not been particularly forthright when it comes to disclosing the successful hacking of their accounts.  Nor has their security been as good as it has to be.  Where this leaves us as customers is that we need to be particularly vigilant in monitoring our accounts at all times for signs of fraudulent purchases.  Sometimes we are our own worst enemy such as when we unwittingly download keystroke logging malware through clicking on tainted links or downloading dangerous malware that steals the information from our computers, smartphones, tablets and other portable electronic devices and then uses this information to make us victims of identity theft and access our accounts.  It is important to monitor all of your financial accounts more often than monthly.  It is also important to maintain the most up to date security software on all of our electronic devices and finally, it is up to us to use caution whenever we are online and not to click on links unless we are absolutely sure they are legitimate.

Scam of the day – March 19, 2014 – Missing Malaysian airline scam

March 19, 2014 Posted by Steven Weisman, Esq.

The mysterious disappearance of Malaysian Airlines Flight 370 has captured the attention of people around the world so it should come as no surprise that scammers and identity thieves are using this event as an opportunity to steal people’s identity through malware infected phony news reports, photos and videos.  In 2011 similar scams tied to the Japanese Tsunami were common.  Throughout the Internet and on social media including Facebook and Twitter links to phony stories, photos and videos are appearing with tantalizing headlines such as “Shocking video, Malaysian Airlines missing flight MH 370 found in Sea,” “Malaysian Airlines missing flight MH 370 found in Sea – 50 people alive saved” and “CNN UPDATE Breaking – Malaysian Airplane MH 370 Already Found.  Shocking Video.”    Some phony links even promise videos of the plane in the Bermuda Triangle.  Unfortunately, if you click on these links, all you will succeed in doing is unwittingly downloading keystroke logging malware that will steal your personal information from your computer, laptop, tablet or smartphone and use that information to make you a victim of identity theft.

TIPS

Never click on links unless you are absolutely sure that they are legitimate because they may well be just a lure to get you to unknowingly install malware on your computer, laptop or smartphone.  When looking for information upon which you can rely in regard to anything, stay with websites that you know are legitimate news sites.  Also, make sure that you have proper anti-malware and anti-virus software on all of your electronic devices and keep that software up to date with the latest security patches and updates.  The creators of malware and viruses are often ahead of the makers of anti-malware and anti-virus software, but it is important to keep your devices as safe as possible.

Scam of the day – March 14, 2014 – New Citibank email scam

March 14, 2014 Posted by Steven Weisman, Esq.

Today’s Scam of the day comes from my own email.  Citibank is a popular bank with more than 200 million customers throughout the world, therefore identity thieves can feel pretty confident that when they send out an email blast that many of the people receiving the email will, in fact, be Citibank customers.  This particular scam email follows a familiar pattern.   It presents what would be a reasonable reason for responding by clicking on the link; in this case it is to add security features to your account to help prevent the very types of identity theft that this scam is actually attempting to perpetrate.  It looks pretty official and the message doesn’t even have grammatical or spelling errors.  However it is a total scam.  If you click on the link in these types of scams one of two things will happen.  Either you will be sent to a phony but official looking website where you will be prompted to provide personal information that will end up being used to make you a victim of identity theft or merely by clicking on the link, you will download keystroke logging malware programs that will steal the information from your computer or other device and use that information to make you a victim of identity theft.  This identity theft tactic is called phishing.

Here is the email that I received.  DO NOT CLICK ON THE LINK.

“Dear Esteemed Customer,
We have added extra security to your Citi account to prevent identity   theft on your account.To secure your Citi account, click the link below:
http://cstr-grasses.erdi.or.th/Myaccount_Citibank_login
Note: You need to login using your email address and password to access   before you can access the secured Citi network.
Best regards,   Citi Customer Service”

TIPS

Regardless of how official an email or a text message may appear, you should never click on any links or download any attachments unless you are absolutely sure that it is legitimate.  In the case of this particular email, it was sent from an address that was not an email address of Citibank which was a sure indication that it was a scam.  Rather, it was sent from a computer address hacked into a botnet of compromised computers so that the identity thieves can send out phony emails that are difficult to trace back to the criminals.  However, even an email originating from a legitimate looking email address, can be merely a phony email.  In this particular case, if you have any thought that it might be legitimate, you should call or email Citibank at a telephone number or email address that you know is legitimate to confirm that it is a scam.  Also, make sure that you keep your anti-malware and anti-virus software up to date on all of your electronic devices.

 

Scam of the day – February 8, 2014 – Olympic scams

February 8, 2014 Posted by Steven Weisman, Esq.

Many people are excited about the start of the Winter Olympics including scam artists and identity thieves who see every event that captures the public’s interest as an opportunity to scam you or steal your identity. Many people will be receiving emails purporting to contain updates, photos and videos of Olympic events.  Unfortunately, if you click on the links or download the attachments in these emails, you will end up downloading keystroke logging malware that will steal your personal information from your computer, laptop, tablet or smartphone and use that information to make you a victim of identity theft.  If you are shopping for Olympic merchandise, you should be wary of the large amount of counterfeit and poor value fake Olympic merchandise that is being sold on the Internet.

TIPS

As I have warned you many times, never click on a link or download an attachment unless you are absolutely sure that it is legitimate.  In regard to Olympic email or text messaged updates you are better off not downloading or clicking on links in any emails or text messages you may receive even if they appear to be from a legitimate source because the URL may appear to be legitimate, but it may merely be “spoofed” or copied from a legitimate site so it appears legitimate, but in truth is not.  You are better off going directly on your own to sources such as www.espn.com that you know are legitimate.  Also, make sure that your anti-malware and anti-virus software is installed and up to date on all of your electronic devices.

In regard to purchasing official Olympic merchandise, go directly to the official Olympic website of www.sochi2014.com.  If you want Team USA merchandise, go the official Team USA website of wwwteamusa.org.  Both of these websites are safe and secure places to purchase official Olympic merchandise and apparel.

Scam of the day – January 12, 2014 – Phony court summons scam

January 12, 2014 Posted by Steven Weisman, Esq.

Reports are coming from around the country of people receiving phony emailed court summons from courts in various major cities such as New York, Houston, St. Louis, Washington DC and others in which the person receiving the email is prompted to click on an attachment to obtain further details.  This scam, like many, is a phishing attempt to get people to click on a link or download an attachment that will result in the person receiving the email either providing personal information that can be used by the scammer for purposes of identity theft or will cause the person downloading the attachment to unwittingly download a keystroke logging malware program that will provide the identity theft with all of the information in the victim’s computer which would also be used to make the person a victim of identity theft.  In either case, nothing good can come from downloading the attachment.

Here is a copy of one of the recent emails currently being circulated:

“Notice of appearance,

Hereby you are informed that you are due in the court of Houston

on the 19 of January, 2014 at 09:00 am for the hearing of your case.

You are kindly asked to prepare and bring the documents relating to the case to Court on the specified date.

Please, download the copy of the court notice attached herewith to read the details.

Note: The case may be heard by the judge in your absence if you do not come.”

TIPS

Many people are comfortable ignoring these emails merely because they provide no precise information about a particular case or court.  In addition, if they refer to a city or state where you have never been, you can also be pretty sure that it is a scam.  However, as I constantly advise you, under no circumstances should you ever download an attachment or click on a link unless you are sure that it is legitimate.  If you have any thought that the email might be legitimate, you should call the court for further information.  In addition, it is important not to provide personal information online unless you are sure that it is legitimate and required.  Finally, make sure that your security software is maintained up to date with the latest patches.

Scam of the day – January 11, 2014 – AOL password reset scam

January 11, 2014 Posted by Steven Weisman, Esq.

Although, America Online (AOL) has decreased in popularity somewhat in recent years, about 2.5 million people still use it and with numbers that high, AOL users are a large target for scammers and identity thieves.  A recent scam that has surfaced is an email that purports to be from AOL informing the receiver of the email that a request had been made to reset the password and the person receiving the email is provided two links upon which to click to either agree that the password change was legitimate or to cancel the requests because it was a scam.  The problem is that the email does not come from AOL, it comes from a scammer, and not a very good one.  If you click on either link, you will either be prompted to provide personal information that can make you a victim of identity theft or merely by clicking on either link you will download a keystroke logging malware program on to your computer, laptop, tablet or smartphone that will steal all of the personal information from your device lead to your becoming a victim of identity theft.  This particular scam was not a very convincing one because the address from which it comes is not an official AOL address, nor does it contain AOL logos.  Here is a copy of the email presently being circulated.  DO NOT CLICK ON EITHER LINK.

 

“Dear AOL Customer,

 

The AOL Team

We received a request on 1/10/14 to reset the password for your AOL Online Account. Please confirm this request to complete the password reset:

Yes, I would like to reset my password

I did not make this request, cancel the password reset
To make additional edits to your account, sign in to aol.com
Thankyou,                                                                                                                                                                                                             The AOL team”

TIPS

Never click on links or download attachments unless you are absolutely sure that they are legitimate.  If you have any concerns that the email might be legitimate, contact the company, in this case AOL, at a telephone number or online through a phone number or an address that you know is correct to inquire about the email.  Also, make sure that all of your electronic devices are protected by security software against viruses and malware and keep your security software updated with the latest patches.

 

Scam of the day – January 10, 2014 – Important Target update

January 11, 2014 Posted by Steven Weisman, Esq.

Yesterday, Target announced that it had just become aware that its recent hacking went beyond the credit card and debit card data including PINs of 40 million of its customers to also include names, mailing addresses and phone numbers of up to 70 million of its customers.  This disclosure means that unlike previously thought, the hacking was not limited to hacking of the point of sale credit card processing devices found at the checkout stations, but was far more extensive into the data systems of Target.  It also opens up a new avenue of scams where Target customers can expect to get contacted by phone, email or text messages from scammers posing as Target representatives who will be seeking personal information which they will use to make the Target customer a victim of identity theft.  These emails and text messages will be directly addressed to the customer by name prompting the customer to click on links or download attachments for further assistance, however, if the customer does so, he or she will only succeed in downloading a keystroke logging malware program that can steal all of the information from the victim’s computer that will also lead to the customer becoming a victim of identity theft.  Phone calls will also be directed to the customer by name and you should be wary there, as well.  This type of scam is called spear phishing.

TIPS

You can never be sure when you receive a telephone call, email or text message if the person communicating with you is who he or she represents himself to be.  Therefore, never click on links or download attachments in emails or text messages unless you are absolutely positive that the communication is legitimate and because in this case ,as in others, the identity thief has your name, the communication may appear to be directed personally to you, you cannot trust the communication merely because it appears to be legitimate.  In this case, as in others, if you think the communication may not be a scam, check it out by calling or going to the  real website of the person or company purporting to send the communication at a phone number or website that you know is correct to find out whether or not the original communication was legitimate or not.  The same goes for telephone calls.  You can never be sure who is calling, so never give personal information over the phone to anyone whom you have not called.  Instead call them back at a number you know is accurate.

Scam of the day – December 22, 2013 – Phony Amazon invoice scam

December 22, 2013 Posted by Steven Weisman, Esq.

With just a couple of days to go before Christmas, the holiday shopping season is in full swing.  Unfortunately, it is also full swing for scam season as scammers continue to take advantage of people who may be too distracted by their shopping to follow proper scam avoidance.  A case in point involves an email which many people, including myself, recently received.  The email purports to be from Amazon and it relates to a recent order of mine.  The email itself does not provide much detail, but there is an attached invoice.  Unfortunately, if you download the attached invoice, you will not be downloading a legitimate Amazon invoice, but instead, you will be downloading a keystroke logging malware program that the identity thief who sent you the email will use to steal all of the information from your computer and make you a victim of identity theft.

TIPS

As legitimate as the email appears to be, what you do not see which is a tell-tale sign that this is a scam is that the email was not only addressed to me, but to thirteen other people whose email began with the same first name as mine.  If you click on “details” in the email heading you can see the other people to whom it was also sent.  Obviously this is a scam.  However, as I have often warned you, downloading attachments or clicking on links unless you are absolutely sure that they are legitimate is a dangerous practice because unwittingly you may be downloading keystroke logging malware.  If you did order something from Amazon or anyone else, you should confirm the invoice number with Amazon before considering downloading the invoice.

Scam of the day – December 19, 2013 – Playstation 4 and Xbox One targeted by hackers

December 18, 2013 Posted by Steven Weisman, Esq.

Computer security company Kaspersky Lab recently disclosed that it had found that hackers have been targeting the new Playstation 4 and Xbox One gaming consoles in large numbers.  However, owners of these two systems are not alone.  According to Kaspersky, there are an estimated  34,000 cyber attacks on gaming systems each day through the world.  The country with the largest number of gaming cyber attacks is Spain wtih Poland a relatively close second.  The hackers are after gamers’ usernames and password which they then sell on the black market.  This also poses a larger problem of identity theft for hacked gamers due to the fact that too many people use the same usernames and passwords for multiple accounts, putting their security in jeopardy if that information falls into the hands of an adept identity thief.

TIPS

As with so many  instances of hacking, the way that hackers gain access to your smartphone, computer, laptop or gaming console is through phishing techniques that lure people into downloading tainted attachments or clicking on infected links.  As I constantly remind you, never click on links or download attachments unless you are absolutely sure that they are legitimate and even if they appear to come in a text or an email from someone you trust, your friend’s smartphone or email account could have been hacked so it appears a message containing a link or an attachment is coming from someone you trust when in fact, it is coming from an identity thief or hacker who has infected the link or attachment with keystroke logging malware that will steal the information from your computer, smartphone or other device and make you a victim of identity theft.