Posts Tagged: ‘keystroke logging malware’

Scam of the day – January 10, 2016 – Bethpage federal credit union phishing scam

January 10, 2016 Posted by Steven Weisman, Esq.

Today’s Scam of the day comes from my own email account and I am sure it, or something similar, has turned up in yours.  It appears to be a notice from Bethpage federal credit union that a new payee has been added to my online banking account.  It is common when you do add a new payee to your online banking account to receive a notice from your bank confirming that indeed you did add the new payee and it is not a scam.  In this case, particularly because I do not have an account with Bethpage federal credit union, it was clear to me that this was a scam.  Had I been concerned that the email was legitimate and clicked on the links provided in this phishing email, I would have either been prompted to provide personal information that would have led to my identity being stolen or, even worse, I would have automatically downloaded keystroke logging malware that would have stolen my personal information directly and made me a victim of identity theft.

Here is a copy of the email I received.  DO NOT CLICK ON ANY OF THE LINKS.

Greetings from Bethpage Bill Pay!
The following payee was added to your Bethpage Bill Pay account.

Payee Information
Payee name: Ashlyn a Prato
Account number: *3480

If you did not add this payee on your account, please Logon immediately.

If you have any questions, please contact us at bethpagefcu@billsupport.com or call us at 855-358-8264.

Sincerely,
Bethpage Bill Pay
Alert: (1154293202)
Document Reference: (309351382)

TIPS

This particular phishing email is filled with flaws.  First and most notably, the email address from which it was sent is a private email account, most likely that of someone whose email had been hacked and used as a part of a botnet to send out phishing emails such as this.  The email address from which it was sent had absolutely no relationship with the Bethpage federal credit union.  In addition, the email salutation is merely “Greetings from Bethpage Bill Pay” rather than being addressed to me by name.  Finally, no logo of the bank appears in the email as well.  If you ever do receive this or a similar email that you think might be legitimate,  you still should not click on the links in the email or call the phone numbers that appear in the email.   Rather you should call the bank at a telephone number that you know is correct in order to find out what the truth is.

Scam of the day – December 31, 2015 – American Express phishing email scam

December 30, 2015 Posted by Steven Weisman, Esq.

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links  or downloading attachmentscontained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.  They are a staple of identity thieves and scammers and with good reason because they work.  Here is a copy of a new phishing email that appears to come from American Express that is presently circulating.  This particular one is not particularly convincing.   It does not address the person receiving the phishing email by name, but rather by the generic “Dear American Express User.”  In addition, as is common with many scams which often originate out of the country where English may not be the first language of the scammer, the grammar is not good.

“Dear American Express User,

During our server routine  update we noticed you enter wrong detail. We implore you

to download the attached file  to re-verify your details.

NOTE: You are strictly advised to match your information correctly to avoid service suspension.

Thank you for your continued Card Membership

Sincerely,

American Express Customer Care”

TIPS

An indication that this is a phishing email is that the email address from which it was sent had nothing to do with American Express, but most likely was from a computer that was part of a botnet of computers controlled remotely by the scammer.   As with all phishing emails, two things can happen if you click on the links or download the attachments provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call American Express at the telephone number found on the back of your card and you will be able to confirm that it is a scam.

Scam of the day – December 8, 2015 – USAA phishing email

December 8, 2015 Posted by Steven Weisman, Esq.

People are reporting a new scam in which you receive a phishing email that purports to be from USAA, the insurer of millions of members of the military as well as many veterans, telling you that you need to click on links in the email in order to view important documents.   Like many phishing emails, the scammer tries to convince you into thinking you must click on a link and provide personal information or suffer dire consequences when the truth is that if you click on the link or provide personal information, you will become a victim of identity theft as the identity thief will use the information you provide to make you a victim of identity theft.  Alternatively, merely by clicking on the link provided in the email, you may download keystroke logging malware that will enable the identity thief to steal all of the information in your computer, laptop or other device and use that information to make you a victim of identity theft.  Here is a copy of the new email that is presently circulating.  DO NOT CLICK ON THE LINKS.  As phishing emails go, this one is pretty convincing and includes a copy of the USAA logo which is easy to copy and include in an email.

 

 

Image result for usaa logo

“View Accounts | Privacy Promise | Contact Us

Dear User,

You have new documents on usaa.com. Log on to view your documents.  If you don’t want to receive this e-mail notification when your new documents are posted to usaa.com, you can change your preferences.
View Your Documents

Thank you,
USAA
P.S. Texting and driving … it can wait. Take the pledge to never text and drive.”

TIPS

Frankly, whenever you get an email, you can never be sure who is really sending it to you.  Obviously if you receive this email and you do not have an account with USAA, you know it is a scam, however, if you receive something like this that appears to come from a company with which you do business, you should still not click on any links contained in the email unless you have independently confirmed with the company that the email is legitimate.  Remember, even paranoids have enemies.

 

 

Scam of the day – November 15, 2015 – Bank of America phishing email

November 15, 2015 Posted by Steven Weisman, Esq.

Here is another good example of a phishing email.   It makes for compelling reading, but it is a scam.  Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.  They are a staple of identity thieves and scammers and with good reason because they work.  As always, they lure you by making it appear that there is an emergency that requires your immediate attention or else dire consequences will occur.  Here is a copy of a new phishing email that appears to come from Bank of America that is presently circulating.  This particular one came with particularly good looking graphics and a Bank of America logo, but it is a scam.

Security Alert
BankAmerica account ending in ****
Unusual account activity detected
Dear Customer,
We detected unusual activity on your Bank of America account on 11/07/2015. For your protection, please verify this activity so you can continue making transactions without interruption.
Please sign in to Online Banking or visit Online Banking at www.bankofamerica.com to review and verify your account activity, or you can call us immediately at 1.800.383.0618in the U.S.; international customers please call collect via the international operator at757.677.4701. After verifying your credit card transactions, we’ll take the necessary steps to protect your account from fraud.
If we don’t hear from you, unfortunately certain limitations may be placed on your account.
Please disregard this notice if you have already taken the required action.

Security Icon Your last sign-in was 11/07/2015
To verify that this email is from Bank of America, confirm your last sign-in date is correct. To access Online or Mobile Banking, go directly to bankofamerica.com or use our Mobile Banking App.
Remember: We never ask for private information such as an account number, card PIN, or Social Security or Tax ID number in email messages. If you think an email is suspicious, don’t click on any links. Instead, forward it to abusee@bankofamerica.com and delete it.

This is a service email from Bank of America. Please note that you may receive service emails in accordance with your Bank of America service agreements, whether or not you elect to receive promotional email.
Read our Privacy Notice.
Please don’t reply directly to this automatically generated email message.
Bank of America Email, NC1-028-09-01, 150 N College St., Charlotte, NC 28255
Bank of America, N.A. Member FDIC. Equal Housing Lender http://www.bankofamerica.com/help/equalhousing.cfm
В© 2015 Bank of America Corporation. All rights reserved

TIPS

Some indications that this is a phishing email is that the email address from which it was sent had nothing to do with Bank of America, but most likely was from a computer that was part of a botnet of computers controlled remotely by the scammer.  In addition, legitimate emails from your bank would include the last four digits of your account rather than just **** as appears in this email.  They also would not use the generic “Dear Customer,” but would rather specifically direct the email to you by your name.  As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call your bank at a telephone number that you know is accurate and you will be able to confirm that it is a scam.

Scam of the day – October 23, 2015 – Sun Trust phishing email

October 23, 2015 Posted by Steven Weisman, Esq.

As phishing emails go, the email reproduced below is very legitimate looking.  This email comes directly from my own email account. DO NOT CLICK ON THE LINK.    The email is a scam and if you click on the link, you will either be prompted to provide personal information that will be used to make you a victim of identity theft or alternatively, merely by clicking on the link, you will download keystroke logging malware that will steal your personal information from your computer or smartphone and use it to make you a victim of identity theft.  The email address from which it was sent is close enough to the real email address of Sun Trust to make it appear genuine.  The logo which was on the email I received also was a good copy, but it is important to remember that it is a simple matter to counterfeit a logo.  One indication that it is a scam is that it is addressed to me as a Sun Trust Client rather than by name, however, for all intents and purposes, this is a well constructed phishing email tailored to induce the person receiving it to click on the link and provide the requested information.

Here is a copy of the email.

Image result for suntrust logo

“Dear SunTrust Client:
SunTrust has developed a number of online and offline security measures to help protect you and your identity. In addition to using advanced security technologies, such as encryption, firewalls and virus protection, we employ teams of security experts focused solely on fraud protection and identity theft prevention.
SunTrust is committed to helping you keep your online transactions safe and secure. By following our recommended best practices, you can help mitigate the risk of fraud and unauthorized access. Use this checklist to verify that you are following our recommended security standards and best practices.
Authentication/Computer Security
Click on Sign on to confirm your personal and account information.
Install and keep anti-virus and security software up to date on your computer.
Security software helps protect your personal and account information from unauthorized access.
Consider using a personal firewall as it can help prevent attacks against your computer.
Install software patches, operating system updates, legitimate third party application updates, and hotfixes.
Secure your home or office wireless network.
 
 
Please do not reply to this email. You received this email because you signed up for SunTrust Online Delivery Service. You can update your online preferences anytime within Online Banking.By replying to this email, you consent to SunTrust’s monitoring activities of all communication that occurs on SunTrust’s systems.  This is a service email sent by SunTrust Bank. If you no longer wish to receive messages of this type, please unsubscribe here.SunTrust Bank, Member FDIC. ©2015 SunTrust Banks, Inc. SunTrust is a federally registered service mark of SunTrust Banks, Inc. How can we help you shine? is a registered service mark of SunTrust Banks, Inc.
 This email was sent on behalf of SunTrust Customer Care, 1575 Lemon Farris Road, Cookeville, TN 38506″
TIPS
Although this email looks legitimate it is important to remember that your bank is not going to ask you to confirm your personal and account information, however an identity thief will.  In addition, emails from your bank directed to you will come addressed to you by name rather than generically as “Dear Customer.”  Finally, you should never click on any link in an email or text message or provide information in response to an email, phone call or text message until you have confirmed that it is legitimate and the only way to do this if you receive such an email is to contact the company by phone at a number that you know is accurate to find out for yourself whether or not the communication is a scam.  In this case, because I am not a customer of Sun Trust, I already knew it could not be anything but a scam. Trust me, you can’t trust anyone.

 

Scam of the day – October 9, 2015 – Smartphone banking phishing scam

October 8, 2015 Posted by Steven Weisman, Esq.

People use their smartphones for just about everything today including banking.  It can be very simple and convenient to deposit checks and transfer money between accounts merely by using your phone.  It also can be very simple and convenient for scammers to get at your bank accounts if you are not careful.  Recently there has been a surge in smartphone banking scams that start when you receive a text message that appears to come from your bank telling you, under some pretext, that you need to click on a link to update your information.  Two things can happen if you click on this link and neither is good.  In one form of this scam, you are sent to an official looking page where you are prompted to enter your name, user ID, password and bank account number.  Unfortunately, if you do so, you will end up becoming a victim of identity theft by providing an identity thief with all the information needed to loot your account.  Under another scenario, merely by clicking on the link in the text message, you will end up downloading keystroke logging malware that will steal the information from your computer and use it to make you a victim of identity theft.

TIPS

Trust me, you can’t trust anyone.  Even if the text appears to be legitimate, you can never be sure.  Never click on links unless you have absolutely confirmed that it is legitimate and never provide personal information in regard to a text message.  If you have even the slightest thought that the text message might be legitimate, merely ignore it and call you bank at a telephone number that you know is correct.

Scam of the day – October 1, 2015 – EMV smart chip card scams

October 1, 2015 Posted by Steven Weisman, Esq.

Scammers always are taking advantage of whatever current events are going on.  Today is the deadline for retailers and credit card issuing companies to switch over to using the new EMV credit cards containing a computer chip that creates and encrypts a new number every time the card is used.  Unlike credit cards in other parts of the world, American credit cards still mostly use magnetic strip technology that has been around since the 1960s in which personal information is contained on a magnetic strip on the back of the card.  When the information on this strip is stolen as through a hacking, the identity thief has access to the credit of the victim.  However in more than 80 other countries around the world, the magnetic strip card technology has been replaced with cards embedded with a microchip.  This technology is often referred to as EMV which stands for Europay, MasterCard and Visa, the originators of the card.  With EMV cards, the chip creates and encrypts a new number every time the card is used.  Thus hacking into the credit and debit card processing terminals used by the cardholder is a worthless exercise in trying to access the credit card or debit card.  For cost reasons, credit card companies and retailers have resisted updating the credit card system in the United States although changes in regulations in regard to liability for fraudulent credit card use will prompt credit card companies and retailers to switch to this technology.   Under these new rules, after October 1st if a retailer does not switch its card processing machines over to EMV card processing of sales, in the event of a data breach, the retailer will be held financially responsible for any losses incurred.  Previously, in the event of data breaches, it has generally been the credit card issuing banks that have been held responsible for such credit card fraud.

The October 1st deadline, however,  has not been met by many credit card issuers and retailers.  More than a billion credit and debit cards will have to be switched to the new EMV cards and only 120 million people have already received a new EMV card.  That number is expected to reach 600 million by the end of 2015.  Meanwhile, many retailers have not yet converted their card processing devices to accept the new EMV cards.  Since under the new regulation regarding liability in the event of credit card fraud, the liability passes to the party that is the least EMV compliant, there is much incentive for the credit card companies to issue new EMV cards and for retailers to convert their credit card processing equipment as soon as possible.

Ingenious scam artists, the only criminals we refer to as artists are taking advantage of the situation by contacting people by email posing as your credit card company and prompting you to either provide personal information in response to the email or click on a link in the email in order to update your account to get a new smart EMV chip card.  If you provide personal information to the scammer, you will end up becoming a victim of identity theft.  If you click on the link, you may also download keystroke logging malware that will steal your information from your computer or smartphone and use it to make you a victim of identity theft.

TIPS

So how do you know if you receive an email purporting to be from your credit card company if it is legitimate?

First check the address of the email sender.  If it appears to come from someone or some company wholly unrelated to your credit card issuer, it is a scam.  Many scammers use hijacked email accounts that become a part of a network of controlled computers referred to as a botnet to send out their emails so that it is difficult to trace the scams back to the scammer.

Merely because the email appears legitimate, is written in proper English and even carries the logo of your credit card company does not mean that it is legitimate.  It is easy to copy the logo of a company on to an email.  If you get an email from your real credit card company it will generally be addressed to you specifically by name rather than a generic greeting of “Dear Cardholder.”  In addition, the email to you will generally reference your account by including the last four digits of your account.  However, even paranoids have enemies so if you do get an email that appears legitimate, but you still have concerns, merely call the company at the number found on the back of your credit card to confirm that the email is legitimate.

Scam of the day – September 30, 2015 – New Dropbox scam

September 30, 2015 Posted by Steven Weisman, Esq.

Dropbox is a popular service that enables you to store photos, documents and other information in the cloud.  In a phishing scam similar to what I wrote about recently, many people are receiving an email purporting to be from Dropbox telling them that Dropbox is doing an update in order to make their service more secure from hacking and that the user needs to click on a link in order to update his or her account.  Of course, this is just a phishing scam intended to lure the victim into clicking on the link in which event the victim will either be told to provide personal information including passwords that will be used by the scammer to make the person a victim of identity theft or merely by clicking on the link, the victim will unwittingly download keystroke logging malware that will enable the identity thief to steal all of the personal information on the victim’s computer or smartphone and use it to make the person a victim of identity theft.

TIPS

The particular phishing email presently being circulated appears to be legitimate, however, it is not sent by a email address used by Dropbox.  If the email does not appear to originate with dropbox.com, dropboxmail.com or other legitimate Dropbox email addresses, which you can find  by going to this link https://www.dropbox.com/help/217#email you can immediately dismiss the email as a phishing scam.  However, even if the email address appears legitimate you should still be skeptical and contact the company at a phone number or email address that you know is legitimate to find out if the email is legitimate.  Here is a link you can use to contact Dropbox about issues with your account.  https://www.dropbox.com/supportChances are with this type of email, it is a scam.  Dropbox is also a company that allows you to use dual factor identification, which dramatically increases your personal safety because even if someone gets your password, they cannot access your account.  If you use Dropbox, I heartily advise you to protect your account by using dual factor authentication.  Here is a link from Dropbox to help set up dual factor authentication. https://www.dropbox.com/help/363

This is another example of why it is a good practice to have separate distinct passwords and usernames for all of your accounts so that if one company where you have your information is hacked, your other accounts are not endangered.  In addition, as always, if the company with which you are dealing provides for dual factor identification, you should take advantage of this to provide added security so that you would not be in danger of having your account taken over even if someone managed to get your username and password.  Dropbox provides for dual factor identification.  If you use Dropbox and haven’t yet added dual factor identification, here is a link to enable you to set it up for your account. https://blog.dropbox.com/2014/10/have-you-enabled-two-step-verification/

Scam of the day – September 28, 2015 – New iTunes phishing scam

September 28, 2015 Posted by Steven Weisman, Esq.

Today’s Scam of the day comes right from my own email account although many people are reporting receiving the same email.  It appears to be from iTunes and indicates that in order to continue to use iTunes, I must verify information in my account.  The email is a scam and works in one of two ways, both of which are bad.  In one scenario if you click on the link to provide information, you will be turning over your personal information to an identity thief who will use the information to make you a victim of identity theft.  Even worse is the other possible scenario which is that when you click on the link, you will unwittingly download a keystroke logging malware account that will permit the identity thief to steal all of the information on your computer and use it to access your credit cards, bank accounts and other financial accounts and use that information to make you a victim of identity theft.  This particular email which is reproduced below contains a number of clues that it is a scam.  Often these emails come from botnet zombie computers that have been hacked into to send out these emails and so the email address from which it was sent will not have anything to do with Apple or iTunes, but will carry the address of the unfortunate person whose email was hacked and taken over.  In my case, the email was sent by a non-business account in the United Kingdom  Also, although it is easy to copy logos, identity thieves, particularly when they are from foreign countries do not use proper grammar or proper English.  For instance, in this email the word “cooperation” is spelled incorrectly.  Finally, the email is addressed merely to “Dear iTunes User” instead of using my name in the salutation thereby indicating that this is being sent out widely to many individuals rather than sent merely to people to whom it would apply if it were legitimate.

Here is a copy of the email I received.  DO NOT CLICK ON THE LINK.

“Dear iTunes User,

Your account requires verification due to our recent upgrade. It is mandatory that you confirm your details through our secure link below.

Connect

Thank you for your co-operation.

Sincerely Yours,

iTunes Admin
Copyright © 2015 Apple Inc. All rights reserved”

.

TIPS

Never click on a link unless you are absolutely sure that it is legitimate and unfortunately whenever you receive an email or a text message with a link, you cannot be sure that the message is legitimate.  Many times you will receive emails or texts such as this purporting to be from companies that you do not even do business with and you obviously can ignore these.  But if you have any concerns that the email might be legitimate, you still shouldn’t click on the link.  Instead you should call the particular agency or company at a telephone number that you know is accurate to inquire as to whether the email or text message was legitimate.  Chances are that you will find out that it is a scam.  Once, I received a large invoice from a company with which I do business for goods I did not order, but rather than click on the link provided in the email, I went directly to the company’s website to question the invoice.  When the website came up, the first thing I saw was a large announcement that the invoice was a scam and that many people had received these phony invoices.  If I had clicked on the link, I would have become a victim of identity theft.

Scam of the day – September 14, 2015 – Federal government unveils new cybersecurity plan

September 13, 2015 Posted by Steven Weisman, Esq.

It is no secret that the federal government, as evidenced by the recent hacking of the Office of Personnel Management (OPM) in which personnel data on 22 million people was stolen, is a target of hackers, both nation-state and ordinary (or perhaps not so ordinary) criminals.  The OPM data breach was initiated as was the Target data breach and 90% of all data breaches through a phishing email.  A phishing email is an email sent by the hacker that appears to be legitimate and lures the victim at the targeted company or agency to click on a link or download an attachment that contain malware that enables the hacker to steal the information contained in the victim’s computer system.  It is fascinating in almost all major data breaches, the most complex and sophisticated malware is downloaded on to the victim’s computer through the simple trickery of phishing.  Here is a link to a column I wrote about this last year.  http://www.usatoday.com/story/money/personalfinance/2014/10/18/malware-data-breach-phishing/17458411/

In response to the OPM and other data breaches, William Evanina, the Director of the National Counterintelligence and Security Center has announced a new campaign to raise the awareness of federal workers to the dangers of phishing and specifically targeted phishing emails referred to as spear phishing.

TIPS

Phishing and spear phishing represent threats not just to companies and governmental agencies, but to all of us as individuals as well.  Identity theft is often accomplished through individuals being targeted by phishing or spear phishing emails who unwittingly click on links or download attachments that contain keystroke logging malware that enables the identity thief to steal all of the information including passwords, credit card numbers, Social Security numbers and other personal information from the victim’s computer and use that information to make that person a victim of identity theft.  Other types of malware, such as ransomware, which encrypts and locks all of the data in your computer, followed by a threat to destroy your data unless you pay a ransom, is generally downloaded through clicking on a link or downloading an attachment from a phishing email.

The key to avoiding becoming a victim is to never click on a link or download any attachment unless you have absolutely confirmed that the link or attachment is legitimate.  Even if the link is contained in an email from someone you know and trust, it is possible that their email may have been hijacked so you must always be a bit skeptical.  It may seem a bit paranoid, but remember that even paranoids have enemies.