Scam of the day – February 10, 2017 – Valentine’s day scams

Valentine’s day is rapidly approaching.  Valentine’s day is a very important day to many people including scammers and identity thieves who always manage to find an opportunity in whatever is going on to scam you out of your money.  There are many Valentine’s day scams, but the most prevalent are phony florists, online dating scams, phony Valentine’s day electronic greeting cards and delivery scams.

Scammers set up phony florist websites or send you an email purporting to be from a local florist with a great deal you merely have to click on in order to save a great deal of money on flowers.

Online dating scams are plentiful with most revolving around scammers quickly professing true love for you and then asking for money.

Electronic greeting cards are a great way to send a Valentine’s day card at the last minute when you forgot to get one ahead of time, but phony electronic greeting cards can be filled with malware and if you click on the link to open the card, you will infect your computer or other electronic device with malware that will steal your personal information and use it to make you a victim of identity theft.

A common delivery scam operating on Valentine’s day involves a delivery of a gift basket of wine and flowers to you, however the person delivering the gift basket requests a small payment, generally five dollars or less, as a delivery fee because alcohol is being delivered.  The person delivering the basket will only accept a credit card as payment.  When you turn over your credit card, the scammer then takes down the information and runs up charges on your credit card.

TIPS

Never trust an online florist or other retailer until you have checked them out to make sure that they are valid.  Otherwise, you might be turning over your credit card information to a scammer.  It is also important to remember, as I constantly warn you, that you can never be confident when you receive an email, particularly one with a link in it or an attachment to download, if the person sending you the email is who they claim to be.  Clicking on links sent by scammers can download keystroke logging malware on to your computer or other electronic device that will, in turn, enable the identity thief to steal personal information from your computer and use it to make you a victim of identity theft.  Always confirm the legitimacy of an email or text message before clicking on links contained in the message.

As for online dating scams, of course you should be wary of anyone who immediately indicates he or she is in love with you and then asks for money.  Some other telltale signs of an online romance scam include wanting to communicate with you right away on an email account outside of the dating site, claiming to be working abroad, asking for your address and poor grammar which is often a sign of a foreign romance scammer.  Many romance scams originate in Eastern Europe.

Never trust an online greeting card, particularly if it does not indicate from whom it is being sent.  Be very wary of a card sent by “an admirer.”  Even if you recognize the name, confirm that it was really sent from that person before you click on the link and open the card.

In regard to the delivery scam, there is no special delivery charge for alcohol so if someone requires a payment for such a delivery and on top of that won’t accept cash, merely decline the gift.

Scam of the day – February 5, 2017 – Whats app phishing scam

WhatsApp is a mobile messaging app for your smartphone that allows you to send text messages, photographs, videos and audio.  With more than a billion people using WhatsApp, it is not surprising that it has become attractive to scammers seeking to use its popularity to lure people into becoming scam victims.   I have reported to you for years about the various scams targeting WhatsApp users.    The most recent WhatsApp scam starts with an email reproduced below that appears to be from WhatsApp requiring you to click on a link to receive a message. DON’T CLICK ON THE LINK.   Although it looks legitimate, it is a scam with the first indication of this being the email address sending the message is an address that has nothing to do with WhatsApp.  Most likely it is from an innocent victim whose computer has been hacked and made a part of a botnet to send out malware.   If you click on the link you will end up downloading keystroke logging malware that can steal the information from your smartphone to be used to make you a victim of identity theft.

WhatsApp
New voice mail.
Information
Feb 2 10:01 PM
05 sec
Listen

TIPS

Never click on a link in an email or text message until you have independently confirmed that it is legitimate.  The risk of downloading malware is too great.  Even if your computer or other electronic device is protected with anti-virus and anti-malware security software, the best security software is always at least thirty days behind the latest malware. Trust me, you can’t trust anyone when it comes to clicking on links.  Even if the link is contained in a communication that appears to come from a person or company you trust, you should always verify that it is legitimate before clicking on the link.

Scam of the day – January 31, 2017 – Apple phishing scam

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which download malware or  trick you into providing personal information that will be used to make you a victim of identity theft, are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work.

Reproduced below is a copy of an Apple phishing email that uses the common ploy of indicating that there is a security problem that requires you to verify personal information for security purposes.   There are a number of telltale flaws in this particular   Although the email address from which it was sent appears to be legitimate, upon closer examination you can determine it is not an official email address of Apple.  Also, although the email is quite short, it contains numerous grammatical errors.  In addition, the salutation reads “Dears” rather than “Dear” and the email concludes with “Worm regards” rather than “Warm regards.”   Most telling, the email is not directed to you by name and does not contain your account number in the email.  It is important to remember that merely because the email contains an Apple logo, which is not reproduced below, the exact logo of Apple does not mean that the communication is legitimate.  It is easy to obtain a copy of the logo on the Internet.

“Dears,
Your AppIe id was used in from an unauthorized computer.
As the new protection policy has been followed, we have no choice but to put your id on hold.We advise you to update your id soon to avoid permanent account closing.                                                                                     your code is 4M7801DLLA16A                                                                                       Update Now >
Wondering why you got this email?
It’s sent when someone adds or changes a contact email address for an AppIe ID . If you didn’t do this, don’t worry. Your email address cannot be used as a contact address for an AppIe ID without your verification.
Worm Regards,
AppIe Team”

TIPS

Obviously if you do not have an account with Apple you know that this is a phishing scam, but even if you do have an account with Apple, as I indicated above there are a number of indications that this is not a legitimate email from Apple, but instead is a phishing email. Legitimate companies would refer to your specific account number in the email.  They also would specifically direct the email to you by your name.  This email’s salutation is a generic “Dears” without an “s” that should not be there.

As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or smartphone and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the customer service number  for Apple where you can confirm that it is a scam.

Scam of the day – January 24, 2017 – Utility bill scams

Scams regarding payments of utility bills are occurring with greater frequency now that Winter has arrived.  The Nebraska Public Service Commission is warning consumers about a number of these scams, but these scams are certainly not limited to Nebraska.

In one version of the scam, potential victims receive telephone calls purportedly from their utility company informing them of a special company promotion for which they are eligible.  They just need to provide some personal information.

In another version, potential victims are called on the phone and told that their utility service will be terminated for non-payment unless they pay by credit card over the phone.

In a third version of this scam, potential victims receive an email that has a link to take them to their bill.

All of these are scams.  In the first, there is no special promotion and the victim ends up providing personal information that leads to identity theft.  In the second, the victim is coerced into giving their credit card information to a scammer and in the third, merely by clicking on the link to go to the phony bill, the victim ends up downloading keystroke logging malware or ransomware that can lead to identity theft or worse.

TIPS

You can never be sure when you get an email or a telephone call if it is really from a legitimate source.  Email addresses can be hacked to appear legitimate and even if you have Caller ID, a scammer can use a technique called “spoofing” to make it appear that the call is from a legitimate caller.

Trust me, you can’t trust anyone.  Never provide personal or financial information to anyone in response to a telephone call, text message or email until you have independently confirmed that the communication was legitimate.  In the case of a utility bill, merely call the number on the back of your bill and you will be able to confirm whether or not the communication was legitimate.  Also, never click on links unless you have confirmed that they are legitimate.  The risk is too great.

Scam of the day – October 7, 2016 – Kim Kardashian robbery leads to 2,400% increase in scams

It was only four days ago that I warned you about scams linked to popular celebrities listed in security software company McAfee’s list of the ten most dangerous celebrities on the Internet.  These are people whose popularity is exploited by identity thieves and hackers who lure unsuspecting people through links in emails, social media and text messages relating to these celebrities to malware filled websites where they unknowingly download ransomware or keystroke logging malware that enables the identity thieves to steal all of the personal information from the victim’s computer, laptop, smartphone or other electronic device and use that information to make the person a victim of identity theft.  Whenever something or someone is of great interest to the public, scammers promptly capitalize on that interest to lure people into falling prey to online scams that promise to provide photos or information about the person or event and so it has been with the ten million dollar Paris jewel robbery of Kim Kardashian.  According to security software company, Norton, online scams related to Kim Kardashian increased by a startling 2,400% in just the first twenty-four hours following the robbery.  Emails, text messages and social media posting promising news about the robbery have been used to lure people into clicking on malware infested links. As an indication of the wide popularity of Kim Kardashian, these scams are appearing in English, French and German.

TIPS

Never click on links or download attachments unless you are absolutely sure that they are legitimate.  Merely because it appears that a friend is passing them on to you does not make them legitimate.  Your friend’s email or smartphone could have been hacked or your friend could unwittingly be passing on malware.  As for celebrity news, you should have a healthy mistrust of websites with which you are not entirely familiar.  If the information promised is legitimate, it will be able to be found in trustworthy news websites.  Finally make sure that you keep all of your electronic devices secure with anti-malware and anti-virus software and keep your security software current with the latest security patches.

Scam of the day – October 3, 2016 – Latest edition of most dangerous celebrities on the Internet

Each year, computer security company, McAfee releases a list of the most dangerous celebrities on the Internet.  These are people whose popularity is exploited by identity thieves and hackers who lure unsuspecting people through links in emails, social media and text messages relating to these celebrities to malware filled websites where they unknowingly download ransomware or keystroke logging malware that enables the identity thieves to steal all of the personal information from the victim’s computer, laptop, smartphone or other electronic device and use that information to make the person a victim of identity theft.  This year comedian Amy Schumer tops the list followed by Justin Bieber, Carson Daly, Will Smith, Rihanna, Miley Cyrus, Chris Hardwick, Daniel Tosh, Selena Gomez and Kesha.

TIPS

It is important to remember that merely because a website turns up high on a Google search does not mean that it is legitimate.  Google doesn’t check out websites for legitimacy in ranking sites.  The ranking is done by secret algorithms that some identity thieves are adept at manipulating.  Also, as I constantly warn you, never click on links or download attachments unless you are absolutely sure that they are legitimate.  Merely because it appears that a friend is passing them on to you does not make them legitimate.  As for celebrity videos and photos, you should have a healthy mistrust of websites with which you are not entirely familiar.  For gossip, www.tmz.com is a good place to go.  They always have the latest gossip and they are legitimate.  Finally make sure that you keep all of your electronic devices secure with anti-malware and anti-virus software and keep your security software current with the latest security patches.

Scam of the day – September 30, 2016 – New Chase Bank phishing email

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which  download malware or  trick you into providing personal information that will be used to make you a victim of identity theft, are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work.  Reproduced below is a copy of a new phishing email presently circulating that appears to come from Chase Bank. It comes with the heading, “Chase Bank detected suspicious activity.”  DO NOT CLICK ON THE LINK.  Chase is a popular target for this type of phishing email because it is one of the largest banks in the United States.  Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond. As phishing emails go, this one is not particularly convincing. The email address from which it was sent is that of an individual totally unrelated to Chase and is most likely the address of an email account of someone whose email account was hacked and made a part of a botnet of computers used by scammers to send out phishing emails.  Also, the word “now” is incorrectly capitalized.  No logo for Chase Bank appears anywhere in the email and,  most telling, the email is not directed to you by name and does not contain your account number in the email.

Confirm Transaction

Your online account has been suspended (Reason: the violation of terms of service).
Update and Restore your online account Now
Log On
Thank you for using Chase Bank.
Member FDIC © 2016 Chase Bank Financial Corporation. All Rights reserved.

 
TIPS

There are a number of indications that this is not a legitimate email from Chase, but instead is a phishing email. Legitimate credit card companies would refer to your specific account number in the email.  They also would specifically direct the email to you by your name.  This email has no salutation whatsoever.  As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or smartphone and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the customer service number where you can confirm that it is a scam, but make sure that you dial the telephone number correctly because scammers have been known to purchase phone numbers that are just a digit off of the legitimate numbers for financial companies, such as Chase to trap you if you make a mistake in dialing the real number.

Scam of the day – September 10, 2016 – A new Chase phishing email

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which  download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work.  Reproduced below is a copy of a new phishing email presently circulating that appears to come from Chase Bank.  DO NOT CLICK ON THE LINK.  Chase is a popular target for this type of phishing email because it is one of the largest banks in the United States.  Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond. As phishing emails go, this one is pretty good.  It looks legitimate.  However, the email address from which it was sent is that of an individual totally unrelated to Chase and is most likely the address of an email account of someone whose email account was hacked and made a part of a botnet of computers used by scammers to send out phishing emails.   The grammar and spelling is good, but a minor flaw is the inconsistent capitalization in the phrase, “All Rights reserved.” Also, as so often is the case, the email is not directed to you by name and does not contain your account number in the email.  It carries a legitimate looking Chase logo, but that is easy to counterfeit.

Chase logo

Chase Bank Online® Department Notice:

Your online account has been suspended (Reason: the violation of terms of service).
Update and Restore your online account Now
Log On
Thank you for using Chase Bank.
Member FDIC © 2016 Chase Bank Financial Corporation. All Rights reserved.
TIPS

There are a number of indications that this is not a legitimate email from Chase, but instead is a phishing email. Legitimate credit card companies would refer to your specific account number in the email.  They also would specifically direct the email to you by your name.  This email has no salutation whatsoever.  As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or smartphone and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the customer service number where you can confirm that it is a scam, but make sure that you dial the telephone number correctly because scammers have been known to buy phone numbers that are just a digit off of the legitimate numbers for financial companies, such as Chase to trap you if you make a mistake in dialing the real number.

Scam of the day – July 16, 2016 – Google warning Gmail users about foreign hackers

State sponsored hacking from countries such as China, North Korea and Russia pose a threat to everyone, but Google, which has for years been monitoring hacking attempts by foreign governments, is notifying Gmail customers when Google has reason to believe that their Gmail accounts are being targeted.  If Google finds that you have been targeted you will receive the following message that takes up your entire screen warning you of the danger and urging you to use the more security dual factor authentication.  In its warning, Google indicates that less than 0.1% of all Gmail accounts are targeted, however, it is important to note that this percentage translates into more than a million people who are in jeopardy.

Screen Shot 2016-04-01 at 3.52.40 PM

TIPS

As I have suggested many times, whenever you have the opportunity to use dual factor authentication, it is a wise choice to make because even if someone manages to steal your password or even trick you into providing it, as was the case with Jennifer Lawrence when she was convinced by a phishing email to provide her password to a cybercriminal who used it to access nude photos of her that she stored in the cloud, the hacker will not be able to access your email or other account because a special code provided to you through your cell phone is required whenever you wish to gain access to your account.

Finally, as I so often say, even paranoids have enemies so I urge you to err on the side of caution if you receive this type of notice and not necessarily trust it.  It could be a phishing communication from a cybercriminal luring you into clicking on a link which will either get you to provide personal information that can be used to make you a victim of identity theft or will download keystroke logging malware or ransomware.  The best course of action would be to merely go to Google directly from your browser without clicking on the link contained in the notification.  Here is a link you can trust that will take you to instructions for enabling dual factor authentication for Gmail  https://support.google.com/accounts/answer/185839?hl=en

Scam of the day – July 5, 2016 – Wegmans Facebook scam

Wegmans, the popular supermarket chain is warning people about a scam involving phony Facebook postings that appear to be from Wegmans containing the company logo (which is easy to copy) and promising a free $100 voucher as a way to celebrate Wegmans 100th anniversary.  Phony coupon scams, which turn up regularly on Facebook,  often require you to provide information in order to claim your coupon. Unfortunately, this information, which may include your credit card number or Social Security number, will be used to make you a victim of identity theft.  Even worse, however, is what happens when merely by clicking on the link to claim your coupon you unwittingly download keystroke logging malware software that harvests all of your computer’s information and makes you a victim of identity theft.

TIP

As always, if the offer looks too good to be true, it probably is, so a bit of skepticism is in order.  In this particular case, offering free $100 vouchers to every customer definitely is too good to be true.  If you are routed to a survey, don’t take it and make sure that you do not enter personal information that could lead to your identity being stolen.  Also, a bit of prevention is worth a pound of cure, so make sure that your computer security software is up to date.  Finally, the best course is to never click on links promising coupons unless you are absolutely sure that the coupon is legitimate.  Instead, merely go to the real website of the real company and if there are coupons to be had, you will find them there.