Posts Tagged: ‘keystroke logging malware’

Scam of the day – May 2, 2016 – Another new USAA phishing scam

May 2, 2016 Posted by Steven Weisman, Esq.

Yet another phishing email is turning up purporting  to be from USAA, the insurer of millions of members of the military as well as many veterans, telling you that you need to click on links in the email in order to resolve security issues.  Like many phishing emails,this one tries to convince you into thinking you must click on a link and provide personal information or suffer dire consequences when the truth is that if you click on the link or provide personal information, you will become a victim of identity theft as the criminal will use the information you provide to make you a victim of identity theft.  Alternatively, merely by clicking on the link provided in the email, you may download keystroke logging malware that will enable the identity thief to steal all of the information in your computer, laptop or other device and use that information to make you a victim of identity theft.  Here is a copy of the newest phishing email that is presently circulating.  DO NOT CLICK ON THE CONTINUE BUTTON.  As phishing emails go, the graphics are pretty impressive, however there are several grammatical errors including the word “temporal” being used instead of “temporary”.  It also  should be noted that the email is directed to “Dear Valued Customer” rather than your name and no account number is provided.  These are further indications that this is a scam.  Finally, this email was sent by an email address that had nothing to do with USAA, but was undoubtedly part of a botnet of computers using email addresses of hacked email accounts to send out the phishing email.

TIPS

Frankly, whenever you get an email, you can never be sure who is really sending it to you.  Obviously if you receive this email and you do not have an account with USAA, you know it is a scam, however, if you receive something like this that appears to come from a company with which you do business, you should still not click on any links contained in the email unless you have independently confirmed with the company that the email is legitimate.  Remember, even paranoids have enemies.

Scam of the day – April 20, 2016 – DocuSign phishing scam

April 20, 2016 Posted by Steven Weisman, Esq.

DocuSign is a company that provides technology for the transmission of contracts and other documents with features for electronic signatures.  The company is used by many companies.  Recently I received a phishing email, reproduced below that purported to be from an attorney that I know and with whom I do business asking me to click on a link to open a document that needed my signature.  The phishing email looked very professional and contained the DocuSign logo and appeared legitimate.  In the copy of the email below, I have blocked out the name and other personal information used to identify the attorney who was purported to have sent me the document.  DO NOT CLICK ON THE LINK TO VIEW DOCUMENTS.

This is a spear phishing email designed to lure the person receiving the email to click on the link and either provide personal information that could be used for identity theft, or, as more likely in this particular phishing attempt, merely by clicking on the link would have downloaded keystroke logging malware into the computer of the person clicking on the link.  This malware would have enabled the cybercriminal to steal all of the personal information from the computer and make that person a victim of identity theft.  This email was particularly dangerous because it came from someone with whom I do business whose email account was hacked and used to send out the spear phishing email.

Here is the email without the logo.

Please review and sign your document
 

From: XXXXXXXXX (XXX@aol.com)

Hello

Thomas has sent you a new DocuSign document to view and sign. Please click on the ‘View Documents’ link below to begin signing.

View Documents
XXXXXXXX
Law Office of XXXXXXXXX
XXXXXXXXXXX
XXXXXXXXXX
Fax: XXXXXXXXX
Email: XXX@aol.com

__________________________________________________________________________
CONFIDENTIALITY NOTICE: This email message contains confidential information intended only for the person(s) or entity to whom it is addressed and is subject to attorney-client privilege. If you have received this email message in error, please destroy the original message.

CIRCULAR 230 DISCLOSURE: Pursuant to U.S. Treasury Regulations, we are now required to advise you that, unless otherwise indicated, any federal tax advice contained in this communication, including attachments and enclosures, is not intended and may not be used for the purpose of (1) avoiding tax related penalties under the IRC or (2) promoting, or recommending to another party any tax related matters addressed herein.

TIPS

In this case, I actually followed my own advice as to never click on a link regardless of how legitimate the email or text message may appear until confirming that the message is legitimate.  I emailed back to the attorney and asked him to confirm that it was legitimate and answer a question which I knew only he would know the answer to.  The response I got from him was that he had been hacked and I should not click on the link.

The lesson here is clear.  You can never be sure when you receive an email as to who is really contacting you.  Although sometimes it is obvious when the email address of the sender does not correspond to who is represented as sending the email, but other times, such as in this case, the email account of someone or some company you trust could have been hacked and used to send you the malware.  Therefore you should never click on a link or download an attachment in an email until you have absolutely and independently confirmed that it is legitimate.

 

Scam of the day – March 19, 2016 – TurboTax phishing email

March 19, 2016 Posted by Steven Weisman, Esq.

Turbo Tax is a popular online tax preparation company used by many people so it should come as no surprise, particularly at this time of year, that a phishing email is presently being circulated that appears to come from Turbo Tax with the title “Important Privacy Changes” in an attempt to get people to click on the link contained in the email purportedly to opt out of having their personal information shared with others.  The email is not sent by Turbo Tax.  It is a phishing scam intended to lure people into clicking on the link which will download keystroke logging malware that will steal your personal information from your computer, smart phone or other electronic device and use it to make you a victim of identity theft.

Here is a copy of the email presently being circulated, DO NOT CLICK ON THE LINK:

TIPS

The first line of defense against phishing emails is to have good anti-virus and anti-malware software installed on all of your electronic devices as well as to take advantage of anti-phishing features in your web browser.  Also, keep all of your security software up to date with the latest security patches as soon as they are available.  However, even if you have the most up to date security software, it will not protect you from the latest malware.  Security software is always at least thirty days behind the newest “zero day” malware.

Never click on links in any text message or email unless you have absolutely confirmed that the link is legitimate and safe.  In a case such as this, the safest route is to avoid the email entirely and go directly to the website of the company, in this case Turbo Tax to find out if the email was legitimate or not.  When going to the company website, don’t go by clicking on links or typing in addresses contained in the text message or email.  Instead, independently type in the name of the website in your browser.

Scam of the day – March 7, 2016 – Bank of America phishing scam

March 7, 2016 Posted by Steven Weisman, Esq.

Here is another good example of a phishing email that is presently being circulated.   It makes for compelling reading, but it is a scam.  Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.  They are a staple of identity thieves and scammers and with good reason because they work.  As always, they lure you by making it appear that there is an emergency that requires your immediate attention or else dire consequences will occur.  Here is a copy of a new phishing email that appears to come from Bank of America that is presently circulating.  This particular one came with particularly good looking graphics and a Bank of America logo, but it is a scam.  DO NOT CLICK ON THE LINK.

http://
Online Banking Alert
Unauthorized Sign-In
As part of our security measures, during our system regularly scheduled account maintenance and verification procedures, we have detected a slight error in your online banking information. Our system requires account verification for more security and protection to your account.

To confirm this verification log into Online Banking and update your information.

Once you have verified your records, your Account Services will not be interrupted and will continue as normal.
Security Checkpoint: This email includes a Security Checkpoint. The information in this sectionnlets you know this is an authentic communication from Bank of America.
Bank of America, N.A. Member FDIC. Equal Housing Lenderhttp://
© 2016 Bank of America Corporation. All rights reserved.

TIPS

An indication that this is a phishing email is that the email address from which it was sent had nothing to do with Bank of America, but most likely was from a computer that was part of a botnet of computers hacked into and controlled remotely by the scammer.  In addition, legitimate emails from your bank would include the last four digits of your account.  This email does not use the customer’s name or account number anywhere in the email.  As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call your bank at a telephone number that you know is accurate and you will be able to confirm that it is a scam.

Scam of the day – March 3, 2016 – Identity thieves stealing W-2s

March 2, 2016 Posted by Steven Weisman, Esq.

Income tax identity theft is a multi billion dollar problem that costs the government and, by extension,  we the taxpayers billions of dollars each year while tremendously inconveniencing the individual taxpayers whose identities are stolen as it generally takes the IRS months to fully investigate each instance of identity theft and send to the victimized taxpayer his or her legitimately owed tax refund.  Armed with a potential victim’s name and Social Security number, it is a simple matter for an income tax identity thief to file a phony return with a counterfeit W-2 to obtain a fraudulent income tax refund.

Now, it appears sophisticated income tax identity thieves are stealing large numbers of legitimate W-2s containing all of the information the identity thieves need to file a fraudulent income tax return by sending phishing emails to HR and accounting departments within companies often posing as the CEO of the company or someone else in upper management requesting copies of all employee W-2s under various guises.  Other times, payroll management companies have been targeted using the same type of phishing emails.  In some instances, the phishing emails have been recognized as scams, but in other instances, companies have unwittingly handed over thousands of W-2s to clever identity thieves.

TIPS

All companies have got to do a better job of training employees to recognize phishing emails and installing anti-phishing software programs.  In addition, dual factor authentication should be used before transmitting sensitive data to make sure that the person to whom the material is being sent is really who they represent they are.  These same lessons that apply to companies also apply to all of us as individuals, as well.  Phishing is done to steal the identities and information of unwary individuals every day and the best way to protect yourself is to start with remembering my motto, “trust me, you can’t trust anyone.”  Never provide personal information to anyone who asks for it by phone, text message or email unless you have absolutely confirmed that the request is legitimate and the person or company requesting the information has a legitimate need for the information.  Never click on links or download attachments from emails or text messages unless you have confirmed they are legitimate because those links and attachments could contain keystroke logging malware that can steal all of the information from your computer and use it to make you a victim of identity theft.  Finally, keep all of your electronic devices including your smartphone up to date with the latest security software patches.

Scam of the day – March 1, 2016 – Kohl’s cash loyalty program scam

March 1, 2016 Posted by Steven Weisman, Esq.

Many of you are probably familiar with Kohl’s, a national department store chain.  Like many companies, it has a loyalty program.  Kohl’s loyalty program which is called “Kohl’s Cash” credits registered Kohl’s customers with ten dollars for every fifty dollars that customers spend at the store which can then be used for subsequent Kohl’s purchases.  Recently a number of Kohl’s customers Kohl’s Cash accounts were hacked and the hackers used the customers’ credit cards which were also registered with Kohl’s Cash to order large and expensive items that were then delivered to the Kohl’s customers whose accounts were hacked.  Although this might initially seem puzzling as to how a hacker could profit from the scheme, the effectiveness of the scheme becomes more apparent when you realize that what the hackers are really after is the Kohl’s cash generated by the purchases.  The Kohl’s cash is emailed to the hacker who has changed the account’s email address when he or she hacked into the account and upon receiving the Kohl’s cash credits use them to buy other products which he or she can then sell on the black market.  The reason the hackers initially order large sized items is to make it more inconvenient for the hacked customers to return the unordered merchandise to the store, which would cancel the corresponding issuance of Kohl’s cash on the transaction.

It does not appear that Kohl’s as a company has suffered a data breach as much as it appears that it is the accounts of individual Kohl’s customers whose accounts were hacked because the hacker had access to or was able to guess the customers’ passwords.

TIPS

This scam again highlights the importance of having strong, unique passwords for each of your online accounts.  Often companies with weak security are hacked and the hackers steal passwords accessed in the data breach to access other accounts of the victims of the data breach when the same passwords are used.  Other times it is the victims themselves who have had their data stolen directly from their computer, laptop, smartphone or other electronic device when they have unwittingly downloaded keystroke logging malware, most often as a result of phishing that lured the unsuspecting victim into clicking on a link containing the malware.  Thus it is important to use strong, unique passwords for each of your accounts as well as maintain up to date security software on all of your devices as well as refrain from clicking on links in emails or text messages unless you have absolutely confirmed that the email or text message is legitimate.

Scam of the day – January 10, 2016 – Bethpage federal credit union phishing scam

January 10, 2016 Posted by Steven Weisman, Esq.

Today’s Scam of the day comes from my own email account and I am sure it, or something similar, has turned up in yours.  It appears to be a notice from Bethpage federal credit union that a new payee has been added to my online banking account.  It is common when you do add a new payee to your online banking account to receive a notice from your bank confirming that indeed you did add the new payee and it is not a scam.  In this case, particularly because I do not have an account with Bethpage federal credit union, it was clear to me that this was a scam.  Had I been concerned that the email was legitimate and clicked on the links provided in this phishing email, I would have either been prompted to provide personal information that would have led to my identity being stolen or, even worse, I would have automatically downloaded keystroke logging malware that would have stolen my personal information directly and made me a victim of identity theft.

Here is a copy of the email I received.  DO NOT CLICK ON ANY OF THE LINKS.

Greetings from Bethpage Bill Pay!
The following payee was added to your Bethpage Bill Pay account.

Payee Information
Payee name: Ashlyn a Prato
Account number: *3480

If you did not add this payee on your account, please Logon immediately.

If you have any questions, please contact us at bethpagefcu@billsupport.com or call us at 855-358-8264.

Sincerely,
Bethpage Bill Pay
Alert: (1154293202)
Document Reference: (309351382)

TIPS

This particular phishing email is filled with flaws.  First and most notably, the email address from which it was sent is a private email account, most likely that of someone whose email had been hacked and used as a part of a botnet to send out phishing emails such as this.  The email address from which it was sent had absolutely no relationship with the Bethpage federal credit union.  In addition, the email salutation is merely “Greetings from Bethpage Bill Pay” rather than being addressed to me by name.  Finally, no logo of the bank appears in the email as well.  If you ever do receive this or a similar email that you think might be legitimate,  you still should not click on the links in the email or call the phone numbers that appear in the email.   Rather you should call the bank at a telephone number that you know is correct in order to find out what the truth is.

Scam of the day – December 31, 2015 – American Express phishing email scam

December 30, 2015 Posted by Steven Weisman, Esq.

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links  or downloading attachmentscontained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.  They are a staple of identity thieves and scammers and with good reason because they work.  Here is a copy of a new phishing email that appears to come from American Express that is presently circulating.  This particular one is not particularly convincing.   It does not address the person receiving the phishing email by name, but rather by the generic “Dear American Express User.”  In addition, as is common with many scams which often originate out of the country where English may not be the first language of the scammer, the grammar is not good.

“Dear American Express User,

During our server routine  update we noticed you enter wrong detail. We implore you

to download the attached file  to re-verify your details.

NOTE: You are strictly advised to match your information correctly to avoid service suspension.

Thank you for your continued Card Membership

Sincerely,

American Express Customer Care”

TIPS

An indication that this is a phishing email is that the email address from which it was sent had nothing to do with American Express, but most likely was from a computer that was part of a botnet of computers controlled remotely by the scammer.   As with all phishing emails, two things can happen if you click on the links or download the attachments provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call American Express at the telephone number found on the back of your card and you will be able to confirm that it is a scam.

Scam of the day – December 8, 2015 – USAA phishing email

December 8, 2015 Posted by Steven Weisman, Esq.

People are reporting a new scam in which you receive a phishing email that purports to be from USAA, the insurer of millions of members of the military as well as many veterans, telling you that you need to click on links in the email in order to view important documents.   Like many phishing emails, the scammer tries to convince you into thinking you must click on a link and provide personal information or suffer dire consequences when the truth is that if you click on the link or provide personal information, you will become a victim of identity theft as the identity thief will use the information you provide to make you a victim of identity theft.  Alternatively, merely by clicking on the link provided in the email, you may download keystroke logging malware that will enable the identity thief to steal all of the information in your computer, laptop or other device and use that information to make you a victim of identity theft.  Here is a copy of the new email that is presently circulating.  DO NOT CLICK ON THE LINKS.  As phishing emails go, this one is pretty convincing and includes a copy of the USAA logo which is easy to copy and include in an email.

 

 

Image result for usaa logo

“View Accounts | Privacy Promise | Contact Us

Dear User,

You have new documents on usaa.com. Log on to view your documents.  If you don’t want to receive this e-mail notification when your new documents are posted to usaa.com, you can change your preferences.
View Your Documents

Thank you,
USAA
P.S. Texting and driving … it can wait. Take the pledge to never text and drive.”

TIPS

Frankly, whenever you get an email, you can never be sure who is really sending it to you.  Obviously if you receive this email and you do not have an account with USAA, you know it is a scam, however, if you receive something like this that appears to come from a company with which you do business, you should still not click on any links contained in the email unless you have independently confirmed with the company that the email is legitimate.  Remember, even paranoids have enemies.