Scam of the day – June 17, 2017 – Father’s Day scams

Tomorrow is Father’s Day which for many people is an opportunity to show our fathers how much we love and appreciate them, for scam artists, it is yet another opportunity to scam people.

One of the most common Father’s Day scams involves e-cards which are great, particularly for those of us who forget to send a Father’s Day card until the last minute.  Identity thieves send emails purporting to contain a link to an electronic Father’s Day card, but instead send malware that becomes downloaded when the victim clicks on the link. This keystroke logging malware enables an identity thief to steal personal information from the victim’s computer that can be used for purposes of identity theft.

TIPS

Never click on a link to open an e card unless the e card specifically indicates who sent the card. Phony e cards will not indicate the name of the sender.  Even if the sender is someone you recognize, you should independently confirm with that person that they indeed sent you an e card before clicking on the link.

Scam of the day – June 9, 2017 – Ukranian hacker sentenced to prison

I have been reporting to you for two years about developments in this ingenious and massive stock fraud since the story first broke.   Forty-three people were charged both civilly and criminally in the largest hacking and securities fraud enterprise in American history.  The defendants were made up of rogue stock traders including hedge fund manager and former Morgan Stanley employee Vitaly Korchevsky along with computer hackers based in the Ukraine.  Now Ukranian hacker Vadym Iermolovych was sentenced to thirty months in prison and ordered to pay more than 3 million dollars in restitution for his role in this scheme.

The hackers used simple phishing tactics to gain access to more than 150,000 press releases issued by Marketwired, PR Newswire in New York and Business Wire of San Francisco on behalf of numerous American companies including Panera, Caterpillar, Inc and Align Technology that contained earnings and other corporate information prior to their public release.  This enabled the rogue stock traders to make trades based on this inside information before it became known to the public.  Trades using this stolen information were made by traders in Russia, Ukraine, Malta, Cyprus, France and here in the United States in Georgia, New York and Pennsylvania  It is estimated that between 2010 and 2015, the defendants made profits of as much as 100 million dollars on 800 trades during this time.  A number of the defendants have already pleaded guilty to charges related to this scam.

The cornerstone of this scam as so many cyberscams was the ability to hack into the company computers of Marketwired, PR Newswire and Business Wire by hacking into social media sites where they stole the passwords of employees of these companies who used the same passwords at work.  The scammers also used spear phishing emails to gain the further access they needed to infiltrate the computers of the targeted companies.

TIPS

One of the biggest takeaways from this case is how easy it is to still use spear phishing emails to lure people into clicking on links tainted with malware that permits hackers to steal a person’s or company’s data. Apparently corporations still have not learned to sufficiently train their employees to recognize phishing emails nor have they learned to encrypt and segregate sensitive data from hackers.   This is important to all of us as individuals because identity thieves and hackers use the same phishing techniques to hack into the computers of us as individuals and steal our personal information.  Never click on links in emails regardless of from whom they appear to come unless you are absolutely sure that the link is legitimate.  It well could contain keystroke logging malware that will steal all of the information from your computer.  Also, it is important to remember that you cannot rely on your anti-malware software to protect you because the best anti-malware software is always at least a month behind the latest malware.  However, it is still important to have security software on all of your electronic devices and keep that software up to date with the latest security patches because many scammers use older versions of malware for which there are defenses.

Finally, this case also reminds us to use unique passwords for all of our accounts so that if our password is compromised at a company with lax security, our own security at other places where we use passwords is not threatened.   Although it may seem difficult to have to remember so many different password, an easy way to deal with this is to have a strong base password that contains capital letters, small letters and symbols and adapt that base password for each of your accounts.  Using an easily remembered phrase as the base password such as IDon’tLikePasswords is effective.  Make it even better by adding a couple of symbols at the end such as IDon’tLikePasswords!!! and then adapt it for each of your accounts so, for instance, your Amazon account password would be IDon’tLikePasswords!!!AMA.

Scam of the day – June 8, 2017 – Steve Harvey’s new show hacked

In the last month I have told you about the hacking exploits of a group of hackers who call themselves thedarkoverlord.  In May, nine episodes of the popular Netflix original series, “Orange is the New Black” were posted by them on a publicly available file when their extortion attempt failed. They also claimed to have stolen the most recent  sequel in the successful Pirates of the Caribbean movie series, but this turned out to be a hoax. This type of extortion can only be expected to grow as hackers attack the weakest links in movie and television program development.  In the case of Orange is the New Black and other television shows, the weakest link was a post production studio, Larson Studios.

Now they have released eight episodes of what they say are stolen episodes of the new Steve Harvey show “Steve Harvey’s Funderdome” which will be premiering on ABC on June 11th.

TIPS

If a bootleg movie or television show is posted online I strongly urge you not to download it.  In addition to the morality and ethics of not participating and encouraging this type of crime, you also run the risk of downloading various types of malware including ransomware and keystroke logging malware that can lead to your becoming a victim of identity theft if you go to the rogue websites where you can find this material.

Scam of the day – May 30, 2017 – Apple iTunes phishing scam

Phishing emails, and the more personally tailored spear phishing emails are the most common way that people and companies are tricked into downloading malware such as ransomware or keystroke logging malware used to steal information from the victim for purposes of identity theft. Effective phishing emails will appear to be legitimate and lure victims into downloading malware filled attachments or clicking on links tainted with malware.

Reproduced below is a new phishing email presently being circulated that is one of the worst examples of a phishing email.   It purports to be from the Apple Store informing the recipient that his or her account has been used to make a purchase and urges the targeted victim to download an attachment if they did not make the purchase.

As regular readers of Scamicide have seen, many of the phishing emails we have shown you over the years are quite convincing, however this particular email is so filled with indications that it is phony, it is hard to imagine someone falling for the scam although I am sure some people will do so.

The email address of the sender has nothing to do with Apple which is an early indication that this is a scam.  There is no logo that appears on the email and the email is not addressed to anyone in particular nor does it indicate an account number.  Finally, their are spelling errors and horrible grammatical errors throughout the email.

Here is a copy of the email that is presently circulating.

“[ApplePay] – iTunes was used to purchase in App Store on Macbook Pro 13
Date and time: 27 May 2017 10.32 hrs
Transaction: 7BA6818XL0333C2U
Order number: MQ3N7F0G8Q
OS: OS X 10.12.4
Browser: Safari
Location: New York, United States of America
If the information looks familiar, you can ignore this email.
If you have not recently purchased an article or in-apps apps on a MacBook Pro 13 “
With its appIe lD and thinking that your account has been accessed,
Please read our binding and follow the instuction to back up your account.
Best regards,
AppIe account department
Copyright @ 1998-2017. 2211 N 1st St, San Jose, CA 95131, USA. All rights reserved.”
TIPS
Whenever you get any email that attempts to lure you into downloading an attachment or clicking on a link, you should be skeptical and never consider doing so unless you have absolutely confirmed that the email is legitimate.  Also, look for telltale signs that the email is a phishing email by examining the address of the sender, the spelling and grammar and a lack of your account number or name appearing although in more professionally done spear phishing emails real account numbers and your name might be used which is why it is always imperative to never click on links or download attachments unless you are totally convinced that the email is not phony.

Scam of the day – May 21, 2017 – HSBC text scam

British based HSBC is the world’s sixth largest bank and has branches around the world.  Recently scammers have been randomly sending out text messages, such as the one reproduced below in order to scare people into clicking on the link in order to verify their account and avoid a threatened suspension of the account.  If you click on the link it will take you to a phony HSBC website that looks legitimate, but is merely a scam to lure you into providing your username and password for your HSBC account (if you have one) which the scammer will use to steal money from your account.  If you receive this text message and don’t have an account with HSBC, you know immediately it is a scam, but it can look frighteningly legitimate if you have an account with HSBC.

HSBC banking scam text (Image: loveMONEY_

TIPS

This message can be particularly problematic if you are an HSBC customer and have signed up to receive text message alerts from the bank. However, whenever you receive a text message you can never be sure who is really sending it to you, so you should never click on links in such text messages which may either download ransomware malware on to your phone or keystroke logging malware that can lead to your becoming a victim of identity theft.  In other instances, such as with this particular text message scam, you are in danger of providing your personal information directly to the scammer that can be used to access your accounts.  The best course of action when you receive such a text message if you have a concern that it may be legitimate is to merely independently contact your bank to determine whether or not the text message was a scam.

Scam of the day – May 17, 2017 – Pirates held for ransom

Although the headline may seem a little odd, what it is referring to is another data breach at a major Hollywood movie studio, in this case Disney, where the latest sequel in the successful Pirates of the Caribbean movie series has apparently been stolen through a data breach and the hacker is demanding a ransom which Disney is refusing to pay.  If the ransom is not paid, the hacker has indicated he will release the movie online in advance of the Theatrical release date of May 26th.

This latest incident comes on the heels of the hacker known as thedarkoverlord,  posting nine episodes of the popular Netflix original series, “Orange is the New Black on a publicly available file a few weeks ago as I reported to you on Scamicide at the time.  This type of extortion can only be expected to grow as hackers attack the weakest links in movie and television program development.

TIPS

If the movie is posted online I strongly urge you not to download it.  In addition to the morality and ethics of not participating and encouraging this type of crime, you also run the risk of downloading various types of malware including ransomware and keystroke logging malware that can lead to your becoming a victim of identity theft if you go to these rogue websites.

Scam of the day – May 12, 2017 – Mother’s Day scams

Every day is Scam Day and Mother’s Day is no exception.  Although for many of us, Mother’s Day is an opportunity to show our mothers how much we love and appreciate them, for scam artists, the only criminals we refer to as artists, it is yet another opportunity to scam people.  One common Mother’s Day scam involves an email that you get offering Mother’s Day gifts such as flowers, jewelry, shoes or clothing at tremendously discounted prices.  All you need to do is to click on a link to order online.  The problem is that many of these offers are indeed scams.  If you click on the link, one of two things can happen and both are bad.  Sometimes the link will take you to an order form where you provide your credit card information, but never get anything in return.  Instead your credit card information is used to make you a victim of identity theft.  Even worse is the other possibility which is by clicking on the link, you will unwittingly download a keystroke logging malware program that will steal all of the personal information stored on your computer and use that information to make you a victim of identity theft.

Also, be careful when making online purchases.  Merely because a website offering great prices may be highly listed on Google or other search engines does not mean that it is legitimate.  All it means is that the scammers know how to manipulate the positioning of their website in a Google search.  Check out any company with which you may not be familiar with the Better Business Bureau or even Google the company’s name with the word “scam” added to the search and see what you come up with.  Even if you are dealing with a legitimate online company, make sure that your communications are encrypted when you are sending personal information or credit card information.  The easy way to do this is to look to see if the beginning of the web address of the company changes when you go to the page to input this information from “http” to “https” indicating that your data is being encrypted.  And of course, don’t use your debit card for retail purchases either online or in a brick and mortar store because you have less protection from fraud with a debit card than a credit card.

Finally, another Mother’s Day involves e-cards which are great, particularly for those of us who forget to get a Mother’s Day card until the last minute.  However, identity thieves will send emails purporting to contain a link to an electronic Mother’s Day card, but instead download that dangerous keystroke logging malware that I described above.

TIPS

It is always dangerous to buy anything online from any store or company with which you are not familiar.  Check out the company with the Better Business Bureau, your state’s Attorney General, the Federal Trade Commission or just do a Google search to see if the company is legitimate.  Even then you are better off going directly to the company rather than dealing with a company through an email that may just be a forgery of an email from a legitimate company.  As always, if  the offer you receive sounds too good to be true, it usually is.  As for e-cards, never open an e card unless it specifically indicates who sent the card.  Phony e cards will not indicate the name of the sender.

Scam of the day – May 6, 2017 – Google Docs phishing scam

A phishing email is presently being sent to unsuspecting victims that urges you to click on a Google Docs link.  A copy of one version of the email is reproduced below. Clicking on the link will turn over your Gmail account to the scammer which not only will give the hacker access to all of your emails, but also your contact list which will enable the hacker to contact your friends with emails that appear to come from you and will be used to lure your trusting friends into clicking on links that can download keystroke logging malware that can lead to identity theft or ransomware.

TIPS

Never click on links or download attachments regardless of from where they may appear to originate unless you have verified that the email is legitimate.  In addition, even people who fell for this scam, would be safe if they used dual factor authentication for their Gmail account which would prevent someone who had your password from accessing your account.  With dual factor authentication, when you go to access your account a special code is sent to your cell phone if the request to access your account comes from a different computer or device that you generally use.  You can sign up for Google’s dual factor authentication by clicking on this link:  https://www.google.com/landing/2step/

Scam of the day – May 3, 2017 – New USAA phishing scam

USAA is the insurer of millions of members of the military as well as many veterans so it is no surprise that it is the basis for a new phishing email presently being circulated.  As with so many phishing emails, this one tells you  that you need to click on links in the email in order to resolve security issues.  The truth is that if you click on the link or provide personal information, you will become a victim of identity theft as the criminal will use the information you provide to make you a victim of identity theft.  Alternatively, merely by clicking on the link provided in the email, you may download keystroke logging malware that will enable the identity thief to steal all of the information in your computer, laptop or other device and use that information to make you a victim of identity theft.   In another scenario, clicking on the link will download dangerous ransomware.

Here is a copy of the new phishing email that is presently circulating.  DO NOT CLICK ON THE LINKS.  As phishing emails go, the graphics are pretty impressive, however there are grammatical errors including the word “has” being used instead of “have”.  It also  should be noted that the email is directed to “Dear Customer” rather than your name and no account number is provided.  These are further indications that this is a scam.  Finally, this email was sent by an email address that had nothing to do with USAA, but was undoubtedly part of a botnet of computers using email addresses of hacked email accounts to send out the phishing email.

 

TIPS

Frankly, whenever you get an email, you can never be sure who is really sending it to you.  Obviously if you receive this email and you do not have an account with USAA, you know it is a scam, however, if you receive something like this that appears to come from a company with which you do business, you should still not click on any links contained in the email unless you have independently confirmed with the company that the email is legitimate.  Remember, even paranoids have enemies.

Scam of the day – April 17, 2017 – PayPal phishing scam

PayPal is a popular payment service used by many people particularly with eBay.  Therefore it can seem plausible when you receive an email that purports to come from PayPal asking you to clear up an undisclosed problem with your account.  However, anyone responding to the email copied below would either end up providing personal information to an identity thief or merely by clicking on the link could download keystroke logging malware that will steal the information from your computer and use it to make you a victim of identity theft.  DO NOT CLICK ON THE LINK.

This particular phishing email is not particularly sophisticated. Although it came with what appears to be a legitimate PayPal logo, that logo is easy to counterfeit.  More importantly It came from an email address of a private person rather than that of PayPal.  The address used, most likely, is that of someone whose email account and computer was hacked in order for the identity thief to send out these phishing emails in mass quantities through a botnet. It also is not directed to you personally as PayPal would do with all of its legitimate communications which is an indication that this is a phishing scam.   Additionally, the salutation is spelled incorrectly where it reads “Dear Costumer.”

TIPS

The primary question we all face when we receive such an email asking for personal information or urging us to click on a link is how do we know whether to trust the email or not.  The answer is, as I always say, trust me, you can’t trust anyone.  Regardless of how legitimate such emails appear, you should not provide any personal information or click on any links until you have independently verified by phone call or email to an email address that you know is accurate that the request for personal information is legitimate.  In the case of PayPal, if you have a question about your account, you can contact PayPal online here https://www.paypal.com/re/selfhelp/home