Posts Tagged: ‘keystroke logging malware’

Scam of the day – July 24, 2014 – StubHub hacking – what it means to you

July 24, 2014 Posted by Steven Weisman, Esq.

Six people including both Russian and American citizens were indicted yesterday in New York for hacking into 1,600 StubHub accounts and stealing more than 1.6 million dollars in tickets.  StubHub is a website where people can buy and sell sports and entertainment tickets.  Although the accounts hacked were StubHub accounts, it appears the fault was not that of StubHub, but rather of individual StubHub customers whose passwords and user names were obtained through hacking of other companies or through the use of keystroke logging malware programs unwittingly downloaded, most likely through phishing emails to the victimized consumers.

TIPS

For those people who used the same user name and password for all of their accounts, this hacking is another example of why you should not do so.  Using the same user name and password puts you in danger in all of your online accounts if merely one of your online accounts is hacked.  The better course of action is to use a different user name and password for every account that you use.  Although this may seem like a complicated thing to do, it need not be so.  Just adding a couple of letters describing the account to your password can provide you with much added security.  So for example if you used the basic, safe password of “IHatePasswords123!” which is a strong password and then added a few letters to describe the particular account such as a StubHub password of “IHatePasswords123!StubHb” you would have a difficult to break, but easy to remember password. As for protecting yourself from downloading keystroke logging malware by which you unknowingly download malware that provides access to all of the personal information on your computer the key thing to remember is to never click on a link or download an attachment unless you are absolutely positive that it is legitimate and you have independently confirmed its legitimacy.  Also, you should maintain your anti-malware and anti-virus software up to date with the latest security patches.

Scam of the day – July 22, 2014 – Malaysian Airliner Flight MH 17 scams

July 22, 2014 Posted by Steven Weisman, Esq.

With the world’s attention focused on the recent  shooting down of Malaysian Airlines Flight MH 17 over the Ukraine, it was inevitable that identity thieves and scammers would soon be exploiting this event toward their own criminal goals and that is just what is already happening.  There are a variety of scams that have sprung up that are using the shooting down of the airplane as a hook to scam members of the public.  One scam involves phony charities that are asking for donations for the benefit of the victims of the missile attack only to steal all of the donations.  Another scam involves emails, text messages or communications on social media, such as Facebook that promise startling video of the event.  One message reads “Video Camera Caught the moment plane MH17 Crash over Ukraine.  Watch here the video of Crash.”  If your curiosity gets the better of you and you click on the link to view the video, you may unwittingly download a keystroke logging malware program that will steal all of your personal information from your computer and make you a victim of identity theft.

TIPS

You should never give to a charity until you  have confirmed that it is legitimate.  Go to www.charitynavigator.org where you can not only find out whether or not the charity is legitimate, but also how much of your donation goes toward charitable purposes and how much goes to administrative costs and salaries.

As I always warn you, you should never click on any link in any email, text message, social media or other communication unless you are absolutely sure that it is legitimate.  In this case, the particular language that I reported above that is used to lure people to download malware is written in broken English and could be an indication that the source is a foreign scammer or identity thief.  If you must search for such video, stay with legitimate new sources such as CNN, ABC, CBS, NBC, Fox or other sources that can be trusted.

Scam of the day – July 6, 2014 – Another AOL phishing scam

July 6, 2014 Posted by Steven Weisman, Esq.

Millions of people still use AOL and so scammers and identity thieves often send out phishing emails that appear to come from AOL, such as the one reproduced below.  The logo and format of this particular email that is presently circulating is quite poor.  Compare it to the excellent counterfeit phishing email I included in the Scam of the Day for Mary 31, 2014.  This one comes from an email address that has no relation to the company, AOL.  It does not contain any logo and it is not directed to the recipient specifically by name.  Like many similar scams, this one works by luring you into clicking on a link in the email in order to resolve an problem.  However, if you click on the link, one of two things will happen.  You either will be prompted to provide information that will be used to make you a victim of identity theft or by clicking on the link you will unwittingly download a keystroke logging malware program that will steal all of the information from your computer and use it to make you a victim of identity theft.   Here is how the email appears.  DO NOT CLICK ON THE LINK:

“Dear User,

Verify, to update your Premium Acc today

Service Team.

America Online”

TIPS

There are numerous reasons not to trust this email.  The email address from which it was sent has no relation to AOL.  It is not addressed to you personally.  It does not contain an AOL logo and the email is far too short and curt.  It is an obvious phishing email and its only purpose is to lure you into either providing personal information or downloading malware.  As I have warned you many times, never click on links or download attachments unless you are absolutely sure that the email is legitimate.  In this case, if you even had a slight thought that it might be legitimate, all you would have to do is to call the real AOL to learn that this was a phishing scam.

Scam of the day – May 24, 2014 – iTunes phishing scam

May 24, 2014 Posted by Steven Weisman, Esq.

Phishing is a common start to many scams.  Phishing occurs when you respond to an email that appears to be from a legitimate company with which you do business only to learn that the official looking communication was a counterfeit, the sole purpose of which was to lure you into clicking on a link that in turn either, unknown to you, downloaded a keystroke logging malware program on to your computer by which the scammer is able to steal all of the information from your computer and use that information to make you a victim of identity theft or to lure you into providing personal information that also is used to make you a victim of identity theft.  Many large scale scams, including the Target hacking often start when employees are victimized by phishing scams that in turn give the scammers access to the information in their companies’ computers.

A recent phishing scam that is going on at this time involves a phony email that appears to be from Apple telling the victim that his or her iTunes account has been improperly accessed and that the account is now locked.  In order to access the account the victim is told, he or she is required to provide information that ends up being used to make the phishing victim a victim of identity theft as well.

TIPS

Remember my motto, “Trust me, you can’t trust anyone.”  Never provide information in response to an email, text message or telephone call you receive unless you have absolutely confirmed that the communication to you is legitimate and there is a legitimate need for providing that information.  If you receive such an email, do not click on any links contained within it, but rather call the company at a telephone number that you know is accurate to find out whether or not the original communication to you is legitimate or not.

Scam of the day – May 23, 2014 – Pirated movies can lead to identity theft

May 23, 2014 Posted by Steven Weisman, Esq.

Finding bootleg versions of popular movies on the Internet is an easy task, but as a recent study by Intelligent Content Protection, an anti-piracy consulting service found, it comes with a risk and that risk is identity theft.  In its study of thirty of the top pirate websites for downloading pirated versions of popular movies, it found twenty-nine of them contained malware of some sort.  Although not all contained the kind of keystroke logging malware that, when installed on your computer, will permit an identity thief to steal all of the information on your computer and make you a victim of identity theft, the risk of such malware is high.

TIPS

Besides the fact that it is both illegal and morally wrong to steal intellectual property such as movies without paying for them, the risk of unwittingly downloading dangerous keystroke logging malware when you go to an illegal pirate site is just too high.  Even if you have anti-malware software and anti virus software on your computer, these programs are only about 5% effective in protecting you from the very latest strains of malware.  So the lesson is clear.  Avoid these pirate websites not just because it is the right thing to do, but also to protect yourself from identity theft.

Scam of the day – May 22, 2014 – The real danger in the hacking of eBay

May 21, 2014 Posted by Steven Weisman, Esq.

The online auction website eBay just announced yesterday that it had been hacked and customer’s names, encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth of as many as 112 million customers were stolen.  At this time, it does not appear that credit card information was taken, but that is only of minor consolation.  eBay is urging its customers to change their passwords for eBay and, if you are one of the many people who use the same user name and password for all of your accounts, you should change your user name and password for those accounts as well.  If you are an eBay user, it is very important that you do this right away because it is already quite late.  Although eBay only discovered this hacking within the last couple of days, the hacking went on between late February and early March so hackers already have this information which they may be using themselves or selling on the black market to identity thieves.  eBay is already notifying its customers by email to change their passwords, but if you get such an email and it contains a link to change your password, I urge you not to click on the link because it may be an email from an identity thief posing as eBay through a counterfeit phishing email that appears to come from eBay and if you click on a link in the email, you may end up downloading keystroke logging malware that will steal the information from your computer and use it to make you a victim of identity theft.  Instead, I suggest you go directly to the eBay website on your own and not through a link in order to change your password.

Even though the passwords stolen were encrypted, you should not feel too safe because if your password is not complex, there are computer programs that identity thieves use to break the encryption and gain access to your password.  Once they have that password and your user name, if you are one of the many people who use the same user name and password for all of your accounts, you are in serious jeopardy in regard to all of your online accounts including your online banking.

TIPS

If you are an eBay user, go to the eBay website and change your password to a complex, but easy to remember password that includes a  combination of capital and small letters as well as other signs.  Something like “Idon’tLikePasswords!!!” would actually be a great password and easy to remember.  Also, make sure you use different passwords for each of your accounts so that when, not if, your password information is a part of a data breach, all of your accounts are not in danger.  Again, a good way to remember your password is to take the basic password and adapt it to the particular account, such as “Idon’tLikePasswordsAmazon!!!”  If you are an eBay user, you should be particularly vigilant because hackers have your contact information such that you are now more likely to receive personally adapted phishing emails which is called spear phishing by which the email you receive purporting to be from a company with which you may do business may be directed to you by name rather than “Dear customer” or the like.  As always, remember my motto, “Trust me you can’t trust anyone” and never click on links in emails unless you have absolutely confirmed that they are legitimate.  Also make sure that you have anti-malware and anti-virus security software on all of your electronic devices and keep these programs up to date with the latest patches.

Scam of the day – May 17, 2014 – Google Docs scam

May 17, 2014 Posted by Steven Weisman, Esq.

Today’s Scam of the day comes, as so many do, directly from my own email.  I received an email today that is reproduced below.  DO NOT CLICK ON THE LINK.

“Please view the document I uploaded for you using Google doc CLICK HERE sign-in with your email to view the document, it’s important.”

The email was signed with the name of a real friend of mine although she was not the person that sent the email.  If I had clicked on the link in the email it would have downloaded keystroke logging malware that would have stolen all of the information from my computer and used that information including credit card numbers and bank account information to make me a victim of identity theft.

TIPS

The particular email that was sent me was particularly flawed in that the email address from which it came did not match the email address of my friend, whose name was signed in the email.  This was enough to let me know that the email was not legitimate.  However, a more savvy identity thief might hijack someone’s email account so that when they send out emails with the hijacked email address, people receiving the emails will be more willing to trust them and click on links contained in the email because they appear to be coming from a trusted source.  This is obviously a big mistake.  You should never click on any links in any emails unless you have confirmed that they are legitimate.  Merely because the email may appear legitimate and appear to come from a trusted source is not enough to trust the email.   Always confirm that the email is legitimate before considering clicking on any links.

Scam of the day – May 13, 2014 – Bank of America email phishing scam

May 12, 2014 Posted by Steven Weisman, Esq.

It was just last week that I provided you with the worst attempt at a phishing scam I had ever seen. In a phishing scam you are lured into clicking on a link or providing information to an identity thief who sends you an email that generally appears to be from a trusted source and tricks you into responding to a phony emergency.  Many phishing scams are not very well done, as was the case last week with a phishing letter that combined an email address that was obviously phony, poor grammar and no logo of the company purporting to be sending the email.  However, today I received an email which is copied below that may be one of the best phishing scams I have ever encountered.  The email address from which it was sent appears legitimate, it is written with proper grammar and spelling and it contains excellent counterfeit versions of the Bank of America logo.  As usual it describes a believable emergency to which I must respond and carries the tainted link for me to click on to proceed to remedy the situation.  DO NOT CLICK ON THE LINK in this copy or in a version you may receive because if you do, one of two things will happen and either is bad.  Either you will be prompted to provide personal information about your bank account which will lead to your account being emptied by the identity thief or, by clicking on the link, you will unwittingly download a keystroke logging malware program that will steal all of your personal information from your computer and use it to make you a victim of identity theft.

TIPS

Never click on links or download attachments contained in emails or text messages because you can never be sure of whether they are legitimate or not and the risk of downloading malware is too great.  If you have any thought that the email or text message might be legitimate, you should call the real company, in this case, Bank of America at a telephone number that you know is accurate to confirm whether or not the communication was legitimate.  You should also make sure that all of your electronic devices including your computer, laptop, tablet and smartphone have current anti-virus and anti-malware software, but remember, you cannot totally rely on these security software programs because they are generally ineffective against the latest viruses and malware.

“To ensure delivery, add onlinebanking@ealerts.bankofamerica.com to your address book.
Exclusively for: |
Online Banking Alert
Your Account Security Check
Security Checkpoint:
You last signed in to Online Banking on 05/10/2014.
Remember: Always look for your SiteKey® before entering your Passcode.
To: Bank Of America Account Holders
Account: PERSONAL/BUSINESS CHECKING/SAVINGS ACCOUNT
Date: 05/11/2014
Because of unusual number of invalid login attempts on you account, we had to believe that, their might be some security problem on your account. So we have decided to put an extra verification process to ensure your identity and your account security. Please click on Sign in to Online Banking to continue to the verification process and ensure your account security. It is all about your security. Thank you.
Security Checkpoint: This email includes a Security Checkpoint. The information in this section lets you know this is an authentic communication from Bank of America. Remember to look for your SiteKey every time you sign in to Online Banking.
Email preferences
This is a service email from Bank of America. Please note that you may receive service email in accordance with your Bank of America service agreements, whether or not you elect to receive promotional email.
Privacy and security
Keeping your financial information secure is one of our most important responsibilities. For an explanation of how we manage customer information, please visit the Bank of America website to read our Privacy Policy. You can also learn how Bank of America keeps your personal information secure and how you can help protect yourself.Bank of America Email, 8th Floor-NC1-002-08-25, 101 South Tryon St., Charlotte, NC 28255-0001Bank of America, N.A. Member FDIC. Equal Housing Lenderhttp://www.bankofamerica.com/help/equalhousing.cfm?cm_mmc=Email-Specific-_-Email-_-Footer-_-equalhousing
© 2014 Bank of America Corporation. All rights reserved.”

Scam of the day – May 2, 2014 – First Premier Bank credit card scam

May 2, 2014 Posted by Steven Weisman, Esq.

Today’s scam comes directly from my email box and although I just received it, the scam it represents has been around for a few years.  It looks pretty legitimate, but it is not.  It is a scam.  If you click on the links, one of two things will happen.  Either you will be sent through this phishing scam to a website that looks legitimate and asks for personal information from you in order to complete the credit card application or you will unwittingly download keystroke logging malware.  In either case, the information gained by through this scam will be used to make you a victim of identity theft.

TIPS

In this particular case, a close look at the email address from which it was sent indicates that this is not from First Premier Bank.   However, even if the address from which it is sent appears to be legitimate, it is not.  First Premier Bank does not send email applications.  In any event, you can never be sure when you receive an email that requires you to click on a link or download an attachment whether it is legitimate or not merely by looking at it.  If you have any thought that the email might be legitimate, you should contact the real company it purports to be from to confirm whether or not this is a scam.  In this case, you will soon learn that it is a scam.  here is a copy of what I received.  DO NOT CLICK on either link.

First PREMIER Bank MasterCard – Complete an Application – Responses in 60 Seconds – Click Here!
http://tr.shapexnk.com/r/3313O27dd0O72f77aOa3O6feO1O198189aeOc3RldmVuamp3ZWlzbWFuQGFvbC5jb20