Posts Tagged: ‘keystroke logging malware’

Scam of the day – January 10, 2015 – Scam videos of the Charlie Hebdo terrorist attacks

January 10, 2015 Posted by Steven Weisman, Esq.

The fear and concern following the attack by terrorists that attacked the offices of the satirical magazine Charlie Hebdo and a Jewish supermarket in Paris is finally over after 53 hours.  The aftermath of the attacks include the deaths of twelve people at Charlie Hebdo’s offices and four more innocent people at the supermarket.  All three terrorists whose attacks were coordinated are also dead.  Much of the public around the world have been glued to their televisions and computers watching the events unfold.  Among the people whose attention has been focused on these events were scammers who are always looking to capitalize on events that capture the public’s interest.  If patterns follow, you can expect that you will be receiving emails, text messages or social media communications promising “shocking video” of these attacks.  Again, the familiar pattern is that you are told that these are exclusive videos that you can see nowhere else.  We have seen this type of scam following major natural and unnatural disasters in including Tsunamis and plane crashes.  Once you click on the links in the various communications, you end up downloading keystroke logging malware that will steal the information from your computer and use it to make you a victim of identity theft.

TIPS

Regardless of the purported source of any email, text message or social media communication, you can never be sure that the source is indeed who it says it is or that it is legitimate.  Never ever click on links in any form of communication unless you have absolutely confirmed that it is legitimate.  The risk is too high.  Even if your electronic devices are protected by anti-virus and anti-malware software, the best security software is always at least a month  behind the latest viruses and malware.  If your curiosity gets the best of you, limit your search to legitimate news websites and, even then, make sure that you type in the website address correctly so you don’t get misdirected to a phony phishing website that appears to be the legitimate website that you seek, but actually is a scam website that will try to lure you into clicking on tainted links.  Google searches are also a dangerous way to look for “shocking video” due to the fact that merely because a website may turn up high on a Google or other search engine search, does not mean that the website is legitimate.  All it means is that the person creating that website was good at Search Engine Optimization (SEO) which is knowing how to adapt the makeup of a website to place high in the algorithms used by search engines to rank websites for searches.

Scam of the day – January 9, 2015 – Post holiday delivery scam

January 9, 2015 Posted by Steven Weisman, Esq.

Although the holiday shopping season is essentially over, there are still many people who may have ordered gifts at the last minute that are just starting to arrive and scammers are taking advantage of this situation.  Reports are surfacing of people receiving communications purporting to be from national retailers either by email or social media messages in which the people receiving the messages are told that their delivery is ready for pickup or delivery.  The messages and emails often look quite legitimate and carry the logo of the particular retailer from whom the message appears to be sent.  As is an essential part of this type of scam, the email or social media message contains a link which you are advised to click on for more delivery information and that is where the problem starts.  Clicking on the link either will take you to a website that asks for personal information used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will have unwittingly downloaded keystroke logging malware that will steal all of the information from your computer and use it to make you a victim of identity theft.

TIPS

Just as the IRS does not initiate contact with taxpayers by telephone so that if you get a call purporting to be from the IRS you know it is a scam, so do retailers not communicate about deliveries with customers by way of Facebook and other social media.  It certainly is important to keep track of all of your legitimate orders from retailers so if you get such an email message, you can ignore it, knowing you do not have a delivery, but even if you have any question that it may be a legitimate message, you still shouldn’t click on any link without confirming that it is legitimate and the best way to do that is to call or go to the website of the company directly at a telephone number or website address that you know is correct.  Don’t use the phone number or website address provided in the email. Remember, “trust me, you can’t trust anyone.”

Scam of the day – January 1, 2015 – Sun Trust phishing email

January 1, 2015 Posted by Steven Weisman, Esq.

Happy new year!  Today’s first scam of 2015 is one that appeared in my own email.  The email is reproduced below and was accompanied by an accurate depiction of the Sun Trust logo.  This is an example of a not very sophisticated phishing email.  Phishing emails or text messages appear to be legitimate and lure you into clicking on a link under various pretexts.  DO NOT CLICK ON THE LINK.  Clicking on the link will bring about one of two things.  In the first scenario, you will be prompted to provide personal information that will be used to make you a victim of identity theft.  The second scenario is even worse.  By clicking on the link, you will download keystroke logging malware that will steal all of the information from your computer and use it to make you a victim of identity theft and provide the identity thief with access to your banking information and all the other sensitive personal information contained on your computer.  The email I received is indicated below.

“Dear Customer,

Your incoming messages were placed on pending due to our recent upgrade.
You have 1 new Security message From SUN TRUST BANK. Click the secure link below to confirm your account.

https://www.suntrust.com/confirmation/suntrustcenter

Security Adviser, ATM/debit card
—————————————–
Copyright © 1999 – 2014 SUN TRUST. All rights reserved.
NMLSR ID7780101″

TIPS

Obviously if you do not have an account with Sun Trust or the purported sender of the email, it is easy to know that the email is a phishing scam.  However, even if you did have an account with the sender this email had a number of other tell tale signs that it is a scam.  First, the email of the sender was a personal email rather than an email indicating that it was from Sun Trust.  Most likely the email was sent, as many of these are, from the computer of an innocent person whose computer had been hacked by an identity thief and made a part of a botnet or network of zombie computers used to send out spam and scam emails.  A second indication that this is a scam is that the salutation was “Dear Customer” rather than using my real name, however, it is important to note that in spear phishing, your name and contact information may have been stolen in a data breach such that your real name could appear on a phishing email.  Remember my motto, “trust me, you can’t trust anyone.”  The risk of clicking on a link infected with malware is too great to take.  Never click on a link in an email or text message regardless of how legitimate it looks until you have independently verified that it is indeed legitimate.  In this case, you would need to call Sun Trust to confirm that indeed this was a scam.

 

 

Scam of the day – December 28, 2014 – Hackers release personal information of 13,000 people

December 28, 2014 Posted by Steven Weisman, Esq.

Yesterday a group of hackers posted personal information including usernames, passwords and credit card information of 13,000 people on its Twitter account @AnonymousGlobo.  The hackers indicated that they had stolen the information from a large number of popular websites that they listed.  Among the websites listed by the hackers were Amazon, Walmart, PlayStation Network, Xbox Live and a large number of popular pornography sites including Brazzers.  The hackers later wrote “We did it for the Lulz” which is slang for doing it just for their own personal enjoyment and satisfaction.  While we do that much personal information was made public and thus putting the victims in danger of identity theft, we do not know if, indeed, the hackers actually did, as they stated, steal the information by hacking into the particular websites they stated or, alternatively, if they used phishing emails to their thousands of victims luring them to click on links in the emails and download keystroke logging malware that provided through which the victims’ own computers supplied the information to the hackers.  Either alternative is a source for concern.

TIPS

There are a number of lessons to be learned from this hacking.  One is to never leave your credit card information on file with an online retailer with which you do business for the sake of convenience.  It may save you a few seconds the next time you make a purchase with the particular retailer, but it also makes your credit card information vulnerable in the event that the retailer is hacked.  A second lesson is to use different usernames and passwords for each of your online accounts because if you do, as many people do, use the same username and password for all of your online accounts, in the event of a data breach at one company with which you do business, the hackers would be able to get your user name and password for all of your accounts, thereby putting you in greater jeopardy of serious identity theft.  Finally, it is important never to click on links in emails or text messages unless you are absolutely sure that the communication is legitimate and you have confirmed that fact.  Identity thieves are adept at tricking people into clicking on links that contain malware by making the communications look legitimate or even by hijacking the email account of someone you trust.

Scam of the day – December 20, 2014 – Latest phishing emails

December 20, 2014 Posted by Steven Weisman, Esq.

Phishing emails by which an identity thief sends you an email that purports to be from a trusted source, such as your email provider or bank in which you are instructed to click on a link in order to resolve a major problem is a common and effective way for identity thieves to get you to unwittingly install keystroke logging malware on to your computer that will steal your personal information from your computer and use it to make you a victim of identity theft.  In a more advanced form of phishing called “spear phishing” the email may be directed to you by name and have other information that can fool you into believing that the email is legitimate.  Spear phishing has resulted in many of the major data breaches in the past year including Target and possibly Sony.

Here are some examples of some phishing email commonly circulating.  DO NOT CLICK ON THE LINKS.

“Your mailbox has exceeded the storage limit of 1 GB. You can not receive new messages until you update your mailbox. CLICK HERE to update.
Thank you
Aol Team!”

“Dear Aol User,

Your Account needs to be updated to enable your account work properly, Aol is doing upgrades to all users to keep there account safe from viruses and hacking.

Please CLICK HERE to upgrade now and continue to enjoy the benefits and services of Aol Mail.

Privacy Policy | Terms of Use | Security Tip
Copyright © in 2014 All rights reserved.”

“The Mail Team

Dear Customer,
Your incoming messages were placed on pending due to our recent upgrade.
You have 1 new Security message From Wells Fargo Bank.Click the secure link below to confirm your account.

https://www.wellsfargo.com/confirmation

Security Adviser, ATM/debit card number.
—————————————–
Copyright © 1999 – 2014 Wells Fargo. All rights reserved. NMLSR ID 399801.”

“We believe you have violated either the Terms of Service, product-specific Terms of Service (available on the product page),or product-specific policies.Please view all violated Terms below

Violated Terms Of Service”

TIPS

Trust me, you can’t trust anyone!  These particular phishing emails are pretty rudimentary.  Not only does your name not appear in the email, but the email addresses from where they were sent does not reflect that it was sent by AOL or Wells Fargo as represented in the email.  Rather, the email addresses from which these emails were sent are those of innocent people whose email accounts have been hijacked by the identity thieves and made a part of a botnet by which these phishing emails are sent.  Never click on a link or download an attachment from anyone unless your absolutely sure that it is legitimate. Even if the email appears to come from a legitimate company or someone you trust and even if the email addresses you by name, you should not click on the link until you have confirmed that the email and link are legitimate.  Identity thieves can hijack the email accounts of your friends or make the address of the sender appear to be legitimate.

 

Scam of the day – December 1, 2014 – How to protect yourself on CyberMonday

December 1, 2014 Posted by Steven Weisman, Esq.

Every year, the number of people shopping online and the money spent through online shopping grows significantly.  And why not?  The convenience alone of being able to shop from the comfort and privacy of your home is reason enough for many of us to shop online and when you couple that with often lower prices and, in many instances, the sales not being subject to sales taxes, online shopping is a winner.  But how safe is it?  We all know from last year’s data breach at Target, how risky shopping in brick and mortar stores is, but shopping online can also be risky.  However, if you follow a few simple rules, you can dramatically improve the safety and security of your online shopping.

TIPS
Here is a list of some online shopping tips:

1. Make sure that the computer, laptop, tablet or smartphone you use is equipped with the anti-virus and anti-malware software programs and that you have updated the programs with the latest security patches.

2.  As with shopping at brick and mortar stores, don’t use a debit card for online purchases, as well.  In the event of a data breach, the consumer protection laws in regard to fraudulent use of your debit card are not as protective as those that apply when your credit card is fraudulently used.

3.  Don’t supply your credit card number unless the address of the website is preceded by the letters “https.”  That additional letter “s” indicates that the transmission of your data is encrypted and secure.

4.  Don’t leave your credit card number on record with the online retailers you use for the sake of convenience.  Doing so only makes you more likely to become a victim of identity theft if the company suffers a data breach (and many of them will).

5.  Don’t click on coupons or ads that you may receive by way of an email or text message regardless of how good they appear.  They may be loaded with malware that will be downloaded on to your computer, tablet or smartphone if you click on the link.  That malware can steal all of your personal information and lead to your becoming a victim of identity theft.  Any legitimate coupon you might receive through an email or a text message will also be available on the website of the company where you want to shop.

6.  Limit your online shopping to companies that you know and trust.  Merely because a company comes up high on a Google search does not mean that the company is legitimate.  Any company offering a price that appears too good to be true, should be particularly suspect.

7.  Use distinct and complex passwords for each online company with which you shop and use dual factor authentication whenever possible.

Scam of the day – October 4, 2014 – J.P. Morgan update and credit freeze information

October 4, 2014 Posted by Steven Weisman, Esq.

Last Thursday, in a required SEC filing,  J.P. Morgan Chase & Co. reported that the data breach, which we reported to you about when it was first discovered during the summer, was much larger than initially thought.  At the time, J.P. Morgan believed that only a million accounts were compromised, but now, J.P. Morgan is indicated that information on 76 million households and 7 million small businesses was stolen by hackers thought to be from Russia or another Eastern European country.  According to the SEC filing, J.P. Morgan says that the information stolen included names, addresses, phone numbers and email addresses.  At this time J.P. Morgan is saying that they are not aware of fraudulent activities tied to the data breach and that no account numbers, passwords, user IDs or Social Security numbers were stolen.  The data breach apparently began in June and went on until discovered in mid August, which is especially troubling because it provided time for the hackers to cover their tracks for what may have been their true goal.  The hackers did manage to gain access to the entire list of applications and programs used by J.P. Morgan Chase on its computers which could then be evaluated by the hackers for inevitable vulnerabilities that could be exploited at a later time.  Obviously J.P. Morgan is busy trying to protect against this threat.

TIPS

For customers of J.P. Morgan Chase, now is not the time to run and hide nor take your money out of the bank.  In fact, at the time that the FBI began its initial investigation of this data breach during the summer, it indicated that it was looking into possible data breaches of as many as four other banks as well.  It may well be that we are not yet aware of the breaches that occurred and may still be going on in other banks.  You can expect either the hackers, people who the hackers sell the information they gathered and even totally independent identity thieves to start contacting people through emails, text messages and phone calls purporting to be from J.P. Morgan Chase.  In these contacts, they will attempt to lure unsuspecting victims into providing personal information under various guises or clicking on links to obtain what may appear to be important information.  However, if you provide that personal information all you will do is end up a victim of identity thief.  If you click on the links in emails or text messages appearing to be from J.P. Morgan you may well end up downloading keystroke logging malware that will steal all of the information from your computer that will be used to make you a victim of identity theft.  Trust me, you can’t trust anyone.  Even if your Caller ID appears to show that the call you receive is form J. P. Morgan Chase, scammers are able to make their calls appear to be from J.P. Morgan Chase through a tactic called spoofing.  The best course of action if you receive any purported communication from the bank is to not respond directly, but instead contact the bank independently on your own to find out what the truth is.

This also may be a good time to consider putting a credit freeze on your credit report so that even if someone manages to obtain your Social Security number and other personal information, they will be unable to access your credit report and run up large debt in your name.  A separate credit freeze needs to be established at each of the three major credit reporting agencies to be effective.  Here are the links to the pages at Experian, TransUnion and Equifax where you can put a credit freeze on your report and get some peace of mind.

TransUnion http://www.transunion.com/personal-credit/credit-disputes/credit-freezes.page

Equifax https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp

Experian https://www.experian.com/freeze/center.html

Scam of the day – September 22, 2014 – College students and identity theft

September 21, 2014 Posted by Steven Weisman, Esq.

Identity theft is a major problem for everyone, however college students are five times more likely to become a victim of identity theft than the general public.  There are two primary reasons for their vulnerability.  They live in close quarters with lax security and they do not take sufficient precautions to protect themselves in their dorm rooms or online.  Identity theft can be high tech, low tech or no tech and college students are victimized in all three ways.  They become victims of identity theft because, too often, they fail to protect their smartphones with security software or even a proper password.  They click on links in emails, text messages and social media that promise to provide free music, video games, alluring photos or gossip without realizing that a large number of these communications are sent by identity thieves and that the links only download keystroke logging malware that steals their personal information from their computers, smartphones and other electronic devices and use this information to make them victims of identity theft.  They download free apps from questionable sites and again end up downloading malware.  They use free wifi in public locations without proper encryption and security software on their electronic devices not knowing that the free wifi they are using may be set up by an identity thief eavesdropping on their communications and stealing their information.  They leave the computers in their dorm rooms unprotected by a good password and they leave important documents with personal information unprotected in their room.

TIPS

On the low tech and no tech side of things, they should lock up all their important papers that contain personal information.  They should also shred papers with personal information that they do not need to keep.  They should install security software and encryption software on all of their electronic devices including their smartphones, computers and tablets.  They should use strong passwords and different passwords for all of their accounts and devices.  They should never click on links in emails, text messages or social media postings unless they have confirmed that the links are legitimate.  Be wary of wifi and don’t use it for financial transactions.

Scam of the day – September 20, 2014 – New nude photo scam

September 21, 2014 Posted by Steven Weisman, Esq.

On September 2nd I told you about stolen nude photos and videos of more than a hundred celebrities including Jennifer Lawrence, Kate Upton, Jenny McCarthy, Cat Deeley, Kayley Cuoco, Scarlet Johansson and others being posted on the Internet on websites such as 4Chan.  Now nude photos of Kim Kardashian, Vanessa Hudgens and Hope Solo were again put up on 4Chan and Reddit and becoming a prominent topic on Twitter.  In response to the tremendous amount of criticism that 4Chan received over the Labor Day posting of the celebrity nude photos, 4Chan changed its policy on copyright infringement and consistent with its new policy promptly had the new nude photos removed from the website.   Reddit has also removed the photos.  These new photos were probably obtained in the same manner and even, perhaps by the same hacker involved in the massive Labor Day release of celebrity nude photos.  Although the exact manner by which these photographs and videos were hacked and stolen has still not been definitively determined, Apple has strongly indicated that the problem was not a flaw in iCloud security and that is probably accurate.   Anyone who is able to get someone’s email address and password would find it easy to gain access to that person’s iCloud account and download the photographs and videos.  Obtaining an email address is a relatively easy task for any hacker and passwords can be obtained either from other hacked devices or by, as often is the case, by using the “forgot password” link on Apple’s iCloud, as with other accounts.  The answers to the security questions used to obtain the password through the “forgot password” function are generally easy to find for celebrities whose personal information, such as where they went to high school or other information used in security questions is easily found online.

So, I will again ask the question that I asked first on September 2nd, what does all of this mean to you?

This hacking presents two separate problems.  The first is that identity thieves will be taking advantage of the public’s interest in these photos and videos.  You will be receiving emails, text messages or social media postings with links that promise to bring you to these stolen photographs that will download keystroke logging malware when you click on the links.  Once this malware is installed on your computer, smartphone or other portable device, your personal information will be stolen and the information will be used to make you a victim of identity theft.

The second problem is the same problem faced by the celebrities whose accounts were hacked.  How do you keep your accounts secure?

TIPS

Don’t give in to the temptation to view these photos and videos online.  Ethically, it is the wrong thing to do.  However, it also is too risky an activity.  You cannot trust any email, text message or social media posting that promises access to these photos and videos.  Many of these will be laced with malware and you cannot know which one’s to trust.  Trust me, you can’t trust anyone.  In addition, identity thieves will be setting up phony websites that promise to provide these photos and videos, but again will only end up installing malware on your computer when you click on links in these websites.  Identity thieves are often adept at search engine optimizing so a phony website might appear high in a search from your web browser.  As for Kim Kardashian, if you believe you need to see nude photos of her, you can easily find photos she took for a Playboy Magazine spread a few years ago on the official Playboy website.

As for securing your own account, you should use a unique password for all of your accounts so if any of your accounts are hacked, all of your other accounts are not in jeopardy.  Make sure the password is a complex password that is not able to be guessed through a brute force attack.  Check out my book “Identity Theft Alert” for advice as to how to pick a secure and easy to remember password.    Also, even if you are not a celebrity, you would be surprised how much information is online about you that can be used to come up with the answer to your security questions.  It is for this reason that I advise you to use a nonsensical answer to your security question, such as the answer “Grapefruit” for the question of  what is your mother’s maiden name.  Also, take advantage of the two-factor identification protocols offered by Apple and many others.  With two-factor identification, your password is only the starting point for accessing your account.  After you have inputted your password, the site you are attempting to access will send a special one-time code to your smartphone for you to use to be able to access your account.  It is also important to note that merely because you think you have deleted a photograph or video from your smartphone, that may not be the truth.  Smartphones save deleted photographs and videos on their cloud servers such as the Google+service for Android phones and the iCloud for iPhones.  However, you can change the settings on your smartphone to prevent your photos from automatically being preserved in the cloud.