Posts Tagged: ‘keystroke logging malware’

Scam of the day – September 13, 2014 – Iggy Azalea sex tape

September 13, 2014 Posted by Steven Weisman, Esq.

Iggy Azalea, the popular, young Australian rapper is at the center of a controversy regarding the existence or non-existence of a sex tape.  Steven Hirsch of the adult film company Vivid Entertainment which has released numerous other celebrity sex tapes says that he has obtained such a video, while Azalea now admits that the video may indeed be legitimate after initially denying that it was genuine.  Meanwhile, to no one’s surprise supposed leaks of the tape are purportedly turning up on the Internet where the curious can put themselves in serious risk of identity theft by clicking on links in emails, text messages or social media postings promising to take you to the purported tape.  Other times, you may find yourself being prompted online to update your video capabilities on your computer or other electronic in order to view the video.  Again, this is just a ruse to lure you into downloading dangerous keystroke logging malware that will steal information from your computer and use it to turn you into a victim of identity theft.

TIPS

Without even getting into the question of the morality and ethics of looking for material such as this or the stolen videos of Jennifer Lawrence, Kate Upton and other celebrities, the truth is that you cannot trust any text message, email, social media posting that promises you such tantalizing material.  The chances are just too great that by clicking on any of these links or downloading attachments you will be downloading malware that will be used to steal your identity.  As for websites that turn up on Google and other search engines promising to provide you with these videos, scammers are adept at manipulating the algorithms used by search engines to rank websites so that although you may think you are looking at a legitimate website, you are not.  It is also important to remember that even if you have kept your anti-malware and anti-virus software up to date, that is of little consolation since these security software programs are always at least a month behind the latest malware and viruses.  If you need to satisfy your curiosity for gossipy material, stick to legitimate websites such as www.tmz.com.

Scam of the day – August 30, 2014 – New scam threats springing from J.P. Morgan data breach

August 30, 2014 Posted by Steven Weisman, Esq.

As I have told you so many times, whenever something catches the attention of the public, it catches the attention of scammers and identity thieves who use it as a hook to turn that public’s interest in something into making the public victims of scams.  The recent death of Robin Williams and the Ice Bucket Challenge are two examples of things that have fascinated the public that were used to turn people into scam victims.  You can find the details about both of these scams in previous Scams of the day.  Now, the J.P. Morgan bank hacking is a big news story and it should be.  The data breach at J.P. Morgan and a number of other banks poses a serious threat to the financial well being of many people.  Scammers and identity thieves are now capitalizing on this concern and fear in the public to send emails and text messages to people in which the identity thieves pose as J.P. Morgan or other banks.  In the emails and text messages, you are told about problems with your account that require your immediate attention and you are directed to click on a link for further information.  If you click on this link, however, you will end up downloading keystroke logging malware that will steal the personal information from your computer and use it to make you a victim of identity theft.  In another variation of this scam, you are directed to provide your personal banking account information in response to the email for verification purposes.  Of course, if you do this, all you will succeed in doing is providing an identity thief with the information he or she needs to steal money from your accounts.

TIPS

Whenever you receive an email or a text message you cannot be sure of who sent it to you.  Even if the address of the sender appears to be legitimate, it is easy for a scam artist (remember, they are called artists) to “spoof” or counterfeit a legitimate address to make the message appear to be legitimate.  Never provide personal information in response to an email or text message.  Never click on links in emails or text messages unless you are absolutely sure that the message is legitimate.  If you have think that the email or text message may be legitimate, you should call the bank or other purported sender at a phone number that you independently have confirmed is legitimate to inquire.  Don’t call the number provided to you by the scammer.

Scam of the day – August 24, 2014 – Ice Bucket Challenge scams

August 24, 2014 Posted by Steven Weisman, Esq.

According to the old saying, “no good deed goes unpunished” and this phrase could apply to the ALS Bucket Challenge, which has been taking the country by storm.  As everyone knows by now, people are dousing themselves with buckets of icy water as part of a national fund raising effort to support the fight against amyotrophic lateral sclerosis or ALS, which is also commonly known as Lou Gehrig’s disease.  We have all seen videos online and on television showing various people doing the challenge in entertaining and unusual ways.  Many celebrities and politicians have also been caught up in this viral campaign.  Unfortunately, as with anything that captures the public’s imagination, the Ice Bucket Challenge has also captured the imagination of scam artists, the only criminals we refer to as artists who are sending emails and text messages that purport to provide links to videos of particularly enticing and entertaining examples of the Ice Bucket Challenge, such as purported videos of popular celebrities, politicians, or athletes being dowsed, but, in fact are links that when clicked upon will download keystroke logging malware that will steal all of the personal information from your computer and use it to make you a victim of identity theft.

Another Ice Bucket Challenge related scam relates to websites or links for you to click on in order to make a charitable contribution.  Scammers have been busy setting up phony ALS charities and soliciting online and through telemarketing for phony ALS charities where your contribution will not go to ALS research and prevention, but rather to line the pockets of a scammer.

TIPS

In regard to avoiding the Ice Bucket Challenge video scams, my advice is the same as always, which is to never click on links in emails or in text messages unless you are absolutely sure that they are legitimate.  Even if they appear to come from a real friend of yours, you cannot be sure that your friend’s email account had not been hacked by a scammer sending you a tainted text or email.

As for avoiding the ALS charitable contribution scams, my advice is the same in regard to all charitable solicitations which is that whenever you are contacted by phone, mail, email, text message or any other form of communication, you can never be sure that the sender is actually from a legitimate charity.  In addition, many phony charities have names that are quite similar to legitimate charities and you can be fooled into giving a contribution to a scammer.  The first thing you should do before making any charitable contribution is to first check out the charity at www.charitynavigator.org where you first can find out whether or not the charity is actually legitimate.  Charitynavigator.org also provides information as to how much of the particular charities contributions go toward its charitable purposes and how much goes toward its salaries and administrative costs.  Once you have ascertained that a charity is legitimate, you should go online to the charity’s website to make your contribution directly.  In the case of the ALS Association, its website is http://www.alsa.org/

Scam of the day – August 13, 2014 – Robin Williams death scams

August 13, 2014 Posted by Steven Weisman, Esq.

You can always count on scammers and identity thieves to capitalize on every tragic event that captures the public’s imagination.  Celebrity deaths seem to be of particular interest to many people.  Following the deaths of celebrities in recent years such as Whitney Houston, Amy Winehouse and Paul Walker, scammers and identity thieves set up scams and identity theft schemes to take advantage of the curiosity of the public about the deaths of these celebrities.  The sad passing of Robin Williams by suicide is bringing new scams and identity theft schemes.   Some of these scams  start with a post on your Facebook page, which often can appear to come from someone you know, when in fact, it is really from an identity thief who hacked into the Facebook account of a friend of yours.  The post provides a link to be able to view photographs of Robin Williams purported to be police photographs that have not appeared in the news.  Unfortunately, if you fall for this bait by clicking on the link, one of two things can happen, both of which are bad.  In one scam, you are led to a survey that you need to complete before you can view the video. In fact, there is no such video and by providing the survey information, you have enabled the scammer to get paid by advertisers for collecting completed surveys.  However, the problem is worse because by completing the survey, you have turned over valuable information to a scammer who can use that information to target you for phishing and identity theft threats.  Even worse though in another variation of this scam is when click on the link and unwittingly download a keystroke logging malware program that will steal all of the information from your computer including credit card numbers, passwords and bank account information and use that information to make you a victim of identity theft.

TIPS

Remember my mantra, “trust me, you can’t trust anyone.”  Merely because a post on your Facebook page appears to come from someone you trust is no reason to consider it reliable.    The posting could be merely from someone who has hacked your friend’s Facebook account.  Other times, the posting may indeed be from your real friend, however, that real friend may unwittingly be passing on tainted links that they have received.    For news matters, you should only rely on legitimate news sources, such as the websites of the major network news stations such as CNN.  In matters such as rare celebrity footage, you should limit your sources to only those that you know are legitimate and can trust such as www.tmz.com.  If it isn’t on TMZ, then it doesn’t really exist.  It is a scam.  Also, make sure that you keep your anti-malware software up to date with the latest security patches.

Scam of the day – August 7, 2014 – Russian gang steals 1.2 billion user names and passwords

August 6, 2014 Posted by Steven Weisman, Esq.

It was revealed yesterday that a Russian gang of about 20 hackers committed what may be the largest data theft in history by stealing 1.2 billion user names and passwords along with 500 million email addresses.  This particular gang has been operating since 2011, but this is their largest data theft.  The data breach was discovered by a computer security company, Hold Security who indicated that the data breach involved more than 420,000 websites around the world including those of large companies as well as small websites.  The companies hacked included companies involved in the auto industry, real estate, oil industry, consulting firms, care rental businesses, hotels, computer hardware companies, software companies and the food industry.  The gang used a technique to hack these websites that I have warned you about for two years.  They exploited security vulnerabilities in the software used to create websites, such as Adobe Cold Fusion, which has proven to be vulnerable in the past (although at this point in time, it is still too soon to know exactly which vulnerable programs were exploited) that permit a type of hacking called an SQL injection in which the hacker is able to inject his data collection software into the targeted website which can often go undetected for long periods of time.  The hacker then retrieves the collected information and then either uses it themselves for identity theft and fraudulent purposes or sell the information on black market websites to other criminals.

TIPS

The first thing to remember is that you are only as safe as the security of the weakest company or website that holds your personal information including your user name and password.  Although it is an inconvenience, it is important to maintain separate, unique passwords and user names for all of your accounts and to change them somewhat frequently.  If you use the same password for a small retailer and your online banking, you become extremely vulnerable to having your bank account hacked if the retailer with which you do business is hacked.  Also, do not store your user name, password or credit card information on any website.  It may be convenient for you, but it is also extremely convenient for identity thieves as well.  You can expect a wave of “spear phishing” by which you will receive emails that appear to come from someone you know and trust when in reality it is coming from an identity thief.  Many of these spear phishing emails will have links and attachment that contain keystroke logging malware that, when downloaded, will permit the identity thief to steal all of your personal information from your computer and use it to make you a victim of identity theft.  It is for this reason that I always advise you  not to download an attachment or click on a link unless you have confirmed and are absolutely positive that the email is legitimate.  This is an important story and I will update you as more information becomes known.

Scam of the day – July 24, 2014 – StubHub hacking – what it means to you

July 24, 2014 Posted by Steven Weisman, Esq.

Six people including both Russian and American citizens were indicted yesterday in New York for hacking into 1,600 StubHub accounts and stealing more than 1.6 million dollars in tickets.  StubHub is a website where people can buy and sell sports and entertainment tickets.  Although the accounts hacked were StubHub accounts, it appears the fault was not that of StubHub, but rather of individual StubHub customers whose passwords and user names were obtained through hacking of other companies or through the use of keystroke logging malware programs unwittingly downloaded, most likely through phishing emails to the victimized consumers.

TIPS

For those people who used the same user name and password for all of their accounts, this hacking is another example of why you should not do so.  Using the same user name and password puts you in danger in all of your online accounts if merely one of your online accounts is hacked.  The better course of action is to use a different user name and password for every account that you use.  Although this may seem like a complicated thing to do, it need not be so.  Just adding a couple of letters describing the account to your password can provide you with much added security.  So for example if you used the basic, safe password of “IHatePasswords123!” which is a strong password and then added a few letters to describe the particular account such as a StubHub password of “IHatePasswords123!StubHb” you would have a difficult to break, but easy to remember password. As for protecting yourself from downloading keystroke logging malware by which you unknowingly download malware that provides access to all of the personal information on your computer the key thing to remember is to never click on a link or download an attachment unless you are absolutely positive that it is legitimate and you have independently confirmed its legitimacy.  Also, you should maintain your anti-malware and anti-virus software up to date with the latest security patches.

Scam of the day – July 22, 2014 – Malaysian Airliner Flight MH 17 scams

July 22, 2014 Posted by Steven Weisman, Esq.

With the world’s attention focused on the recent  shooting down of Malaysian Airlines Flight MH 17 over the Ukraine, it was inevitable that identity thieves and scammers would soon be exploiting this event toward their own criminal goals and that is just what is already happening.  There are a variety of scams that have sprung up that are using the shooting down of the airplane as a hook to scam members of the public.  One scam involves phony charities that are asking for donations for the benefit of the victims of the missile attack only to steal all of the donations.  Another scam involves emails, text messages or communications on social media, such as Facebook that promise startling video of the event.  One message reads “Video Camera Caught the moment plane MH17 Crash over Ukraine.  Watch here the video of Crash.”  If your curiosity gets the better of you and you click on the link to view the video, you may unwittingly download a keystroke logging malware program that will steal all of your personal information from your computer and make you a victim of identity theft.

TIPS

You should never give to a charity until you  have confirmed that it is legitimate.  Go to www.charitynavigator.org where you can not only find out whether or not the charity is legitimate, but also how much of your donation goes toward charitable purposes and how much goes to administrative costs and salaries.

As I always warn you, you should never click on any link in any email, text message, social media or other communication unless you are absolutely sure that it is legitimate.  In this case, the particular language that I reported above that is used to lure people to download malware is written in broken English and could be an indication that the source is a foreign scammer or identity thief.  If you must search for such video, stay with legitimate new sources such as CNN, ABC, CBS, NBC, Fox or other sources that can be trusted.

Scam of the day – July 6, 2014 – Another AOL phishing scam

July 6, 2014 Posted by Steven Weisman, Esq.

Millions of people still use AOL and so scammers and identity thieves often send out phishing emails that appear to come from AOL, such as the one reproduced below.  The logo and format of this particular email that is presently circulating is quite poor.  Compare it to the excellent counterfeit phishing email I included in the Scam of the Day for Mary 31, 2014.  This one comes from an email address that has no relation to the company, AOL.  It does not contain any logo and it is not directed to the recipient specifically by name.  Like many similar scams, this one works by luring you into clicking on a link in the email in order to resolve an problem.  However, if you click on the link, one of two things will happen.  You either will be prompted to provide information that will be used to make you a victim of identity theft or by clicking on the link you will unwittingly download a keystroke logging malware program that will steal all of the information from your computer and use it to make you a victim of identity theft.   Here is how the email appears.  DO NOT CLICK ON THE LINK:

“Dear User,

Verify, to update your Premium Acc today

Service Team.

America Online”

TIPS

There are numerous reasons not to trust this email.  The email address from which it was sent has no relation to AOL.  It is not addressed to you personally.  It does not contain an AOL logo and the email is far too short and curt.  It is an obvious phishing email and its only purpose is to lure you into either providing personal information or downloading malware.  As I have warned you many times, never click on links or download attachments unless you are absolutely sure that the email is legitimate.  In this case, if you even had a slight thought that it might be legitimate, all you would have to do is to call the real AOL to learn that this was a phishing scam.

Scam of the day – May 24, 2014 – iTunes phishing scam

May 24, 2014 Posted by Steven Weisman, Esq.

Phishing is a common start to many scams.  Phishing occurs when you respond to an email that appears to be from a legitimate company with which you do business only to learn that the official looking communication was a counterfeit, the sole purpose of which was to lure you into clicking on a link that in turn either, unknown to you, downloaded a keystroke logging malware program on to your computer by which the scammer is able to steal all of the information from your computer and use that information to make you a victim of identity theft or to lure you into providing personal information that also is used to make you a victim of identity theft.  Many large scale scams, including the Target hacking often start when employees are victimized by phishing scams that in turn give the scammers access to the information in their companies’ computers.

A recent phishing scam that is going on at this time involves a phony email that appears to be from Apple telling the victim that his or her iTunes account has been improperly accessed and that the account is now locked.  In order to access the account the victim is told, he or she is required to provide information that ends up being used to make the phishing victim a victim of identity theft as well.

TIPS

Remember my motto, “Trust me, you can’t trust anyone.”  Never provide information in response to an email, text message or telephone call you receive unless you have absolutely confirmed that the communication to you is legitimate and there is a legitimate need for providing that information.  If you receive such an email, do not click on any links contained within it, but rather call the company at a telephone number that you know is accurate to find out whether or not the original communication to you is legitimate or not.

Scam of the day – May 23, 2014 – Pirated movies can lead to identity theft

May 23, 2014 Posted by Steven Weisman, Esq.

Finding bootleg versions of popular movies on the Internet is an easy task, but as a recent study by Intelligent Content Protection, an anti-piracy consulting service found, it comes with a risk and that risk is identity theft.  In its study of thirty of the top pirate websites for downloading pirated versions of popular movies, it found twenty-nine of them contained malware of some sort.  Although not all contained the kind of keystroke logging malware that, when installed on your computer, will permit an identity thief to steal all of the information on your computer and make you a victim of identity theft, the risk of such malware is high.

TIPS

Besides the fact that it is both illegal and morally wrong to steal intellectual property such as movies without paying for them, the risk of unwittingly downloading dangerous keystroke logging malware when you go to an illegal pirate site is just too high.  Even if you have anti-malware software and anti virus software on your computer, these programs are only about 5% effective in protecting you from the very latest strains of malware.  So the lesson is clear.  Avoid these pirate websites not just because it is the right thing to do, but also to protect yourself from identity theft.