Posts Tagged: ‘keystroke logging malware’

Scam of the day – September 10, 2016 – A new Chase phishing email

September 10, 2016 Posted by Steven Weisman, Esq.

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which  download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work.  Reproduced below is a copy of a new phishing email presently circulating that appears to come from Chase Bank.  DO NOT CLICK ON THE LINK.  Chase is a popular target for this type of phishing email because it is one of the largest banks in the United States.  Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond. As phishing emails go, this one is pretty good.  It looks legitimate.  However, the email address from which it was sent is that of an individual totally unrelated to Chase and is most likely the address of an email account of someone whose email account was hacked and made a part of a botnet of computers used by scammers to send out phishing emails.   The grammar and spelling is good, but a minor flaw is the inconsistent capitalization in the phrase, “All Rights reserved.” Also, as so often is the case, the email is not directed to you by name and does not contain your account number in the email.  It carries a legitimate looking Chase logo, but that is easy to counterfeit.

Chase logo

Chase Bank Online® Department Notice:

Your online account has been suspended (Reason: the violation of terms of service).
Update and Restore your online account Now
Log On
Thank you for using Chase Bank.
Member FDIC © 2016 Chase Bank Financial Corporation. All Rights reserved.
TIPS

There are a number of indications that this is not a legitimate email from Chase, but instead is a phishing email. Legitimate credit card companies would refer to your specific account number in the email.  They also would specifically direct the email to you by your name.  This email has no salutation whatsoever.  As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or smartphone and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the customer service number where you can confirm that it is a scam, but make sure that you dial the telephone number correctly because scammers have been known to buy phone numbers that are just a digit off of the legitimate numbers for financial companies, such as Chase to trap you if you make a mistake in dialing the real number.

Scam of the day – July 16, 2016 – Google warning Gmail users about foreign hackers

July 16, 2016 Posted by Steven Weisman, Esq.

State sponsored hacking from countries such as China, North Korea and Russia pose a threat to everyone, but Google, which has for years been monitoring hacking attempts by foreign governments, is notifying Gmail customers when Google has reason to believe that their Gmail accounts are being targeted.  If Google finds that you have been targeted you will receive the following message that takes up your entire screen warning you of the danger and urging you to use the more security dual factor authentication.  In its warning, Google indicates that less than 0.1% of all Gmail accounts are targeted, however, it is important to note that this percentage translates into more than a million people who are in jeopardy.

Screen Shot 2016-04-01 at 3.52.40 PM

TIPS

As I have suggested many times, whenever you have the opportunity to use dual factor authentication, it is a wise choice to make because even if someone manages to steal your password or even trick you into providing it, as was the case with Jennifer Lawrence when she was convinced by a phishing email to provide her password to a cybercriminal who used it to access nude photos of her that she stored in the cloud, the hacker will not be able to access your email or other account because a special code provided to you through your cell phone is required whenever you wish to gain access to your account.

Finally, as I so often say, even paranoids have enemies so I urge you to err on the side of caution if you receive this type of notice and not necessarily trust it.  It could be a phishing communication from a cybercriminal luring you into clicking on a link which will either get you to provide personal information that can be used to make you a victim of identity theft or will download keystroke logging malware or ransomware.  The best course of action would be to merely go to Google directly from your browser without clicking on the link contained in the notification.  Here is a link you can trust that will take you to instructions for enabling dual factor authentication for Gmail  https://support.google.com/accounts/answer/185839?hl=en

Scam of the day – July 5, 2016 – Wegmans Facebook scam

July 5, 2016 Posted by Steven Weisman, Esq.

Wegmans, the popular supermarket chain is warning people about a scam involving phony Facebook postings that appear to be from Wegmans containing the company logo (which is easy to copy) and promising a free $100 voucher as a way to celebrate Wegmans 100th anniversary.  Phony coupon scams, which turn up regularly on Facebook,  often require you to provide information in order to claim your coupon. Unfortunately, this information, which may include your credit card number or Social Security number, will be used to make you a victim of identity theft.  Even worse, however, is what happens when merely by clicking on the link to claim your coupon you unwittingly download keystroke logging malware software that harvests all of your computer’s information and makes you a victim of identity theft.

TIP

As always, if the offer looks too good to be true, it probably is, so a bit of skepticism is in order.  In this particular case, offering free $100 vouchers to every customer definitely is too good to be true.  If you are routed to a survey, don’t take it and make sure that you do not enter personal information that could lead to your identity being stolen.  Also, a bit of prevention is worth a pound of cure, so make sure that your computer security software is up to date.  Finally, the best course is to never click on links promising coupons unless you are absolutely sure that the coupon is legitimate.  Instead, merely go to the real website of the real company and if there are coupons to be had, you will find them there.

Scam of the day – June 17, 2016 – Scams springing up following the Orlando nightclub shootings

June 17, 2016 Posted by Steven Weisman, Esq.

Today’s Scam of the day, unfortunately is very much a repeat of warnings I have had to make after tragedies such as the school shootings at the Sandy Hill Elementary School in Newtown, Connecticut. Today,’s warning, of course, relates to the tragic shootings of innocent people at an Orlando nightclub this past week.  Scammers and identity thieves will be preying upon both our best and worst instincts in response to this tragedy.  People seeking videos and photographs of the event may find themselves clicking on links that purport to provide you with such material, but may only end up downloading keystroke logging malware that will steal all of the information from the computers of these curious people who will find themselves becoming victims of identity theft.

Another group of scams stemming from the murders will be the pleas for charitable contributions for the victims and their families.  You should always be wary when anyone asks you for a charitable donation, but particularly when a charitable solicitation quickly follows an emotional event such as the killings in Orlando.  You will want to make sure that you are giving to legitimate charities that will use your contribution wisely rather than giving your money to a scammer or a “legitimate” charity that misuses your donations by paying its administrator inordinately large salaries.  It is important to know the difference between a legitimate charity and a phony one.

TIP

Whenever you are contacted by a charity whether by text, phone, email or otherwise, you can never be sure that the person contacting you legitimately represents the charity or that the charity itself is legitimate.  If you are charitably inclined, you should not respond directly to the person or entity soliciting you, but rather first, confirm that the charity itself is legitimate.  Many phony charities have similar names to legitimate charities. You should always check out the legitimacy of the charity first before considering making a contribution.  A good place to find out if a charity is legitimate or merely has a name that sounds legitimate is www.charitynavigator.org.  This website also will provide you with information as to how much of the charity’s collected donations actually are applied to its charitable works and how much goes to administrative fees and salaries.  As a general rule of thumb if a charity spends more than 25% of its donations on salaries and administrative costs, you may wish to contribute to another charity.

As for looking for videos and other “inside” information about the Orlando shootings,  many of the sources for that “exclusive” information will be infected with malware that will attack your computer and lead to your becoming a victim of identity theft.  So first and foremost, it is important to have good firewalls and security software installed and kept up to date on all of your electronic devices including your computers, smart phones, iPads and other portable devices that you use.  Many people may think to protect their home computers, but fail to protect their portable devices even though they may use these devices as much and even more than their home computers.  Second, you should not click on any link unless you are sure that it is legitimate and even if the link is contained in what appears to be a text message or social media posting of a friend, you can’t be sure that your friend has not had his or her account hacked into by an identity thief in order to make you more trusting than you should be of the message being sent.  Additionally, even if you receive a text, email or social media posting that actually is from a friend of yours, it may merely be passing on to you a tainted link that your friend does not realize they are helping to spread after receiving it themselves from a source that they should not have trusted.  Frankly, the safest course of action is not to click on any links from anyone that try to appeal to your curiosity about major public events such as this, but rather limit your search for information to legitimate news websites that you can be confident are not likely to contain tainted or provide  inaccurate information.  As for those people who lust after disturbing videos and photographs that they think they will only be able to access from “special” sources, those special sources are usually phony as are the videos and photographs that they provide, however, the malware that you get from them is very real and dangerous.

Scam of the day – May 31, 2016 – New WhatsApp scam

May 30, 2016 Posted by Steven Weisman, Esq.

WhatsApp is a mobile messaging app for your smartphone that allows you to send text messages, photographs, videos and audio.  With more than a billion people using WhatsApp, it is not surprising that it has become attractive to scammers seeking to use its popularity to lure people into becoming scam victims.   I have reported to you for years about the various scams targeting WhatsApp users.    The most recent WhatsApp scam starts with a message that purports to be from WhatsApp offering an upgrade to a golden version of WhatsApp that it says will let you  make video calls, send up to a hundred pictures at one time and delete messages after you have sent them.   However, there is no golden version of WhatsApp and if you click on the link to upgrade your WhatsApp subscription you will end up downloading keystroke logging malware that can steal the information from your smartphone to be used to make you a victim of identity theft.

TIPS

Never click on a link in an email or text message until you have independently confirmed that it is legitimate.  The risk of downloading malware is too great.  Even if your computer or other electronic device is protected with anti-virus and anti-malware security software, the best security software is always at least thirty days behind the latest malware.  Trust me, you can’t trust anyone when it comes to clicking on links.  Even if the link is contained in a communication that appears to come from a person or company you trust, you should always verify that it is legitimate before clicking on the link.

Scam of the day – May 2, 2016 – Another new USAA phishing scam

May 2, 2016 Posted by Steven Weisman, Esq.

Yet another phishing email is turning up purporting  to be from USAA, the insurer of millions of members of the military as well as many veterans, telling you that you need to click on links in the email in order to resolve security issues.  Like many phishing emails,this one tries to convince you into thinking you must click on a link and provide personal information or suffer dire consequences when the truth is that if you click on the link or provide personal information, you will become a victim of identity theft as the criminal will use the information you provide to make you a victim of identity theft.  Alternatively, merely by clicking on the link provided in the email, you may download keystroke logging malware that will enable the identity thief to steal all of the information in your computer, laptop or other device and use that information to make you a victim of identity theft.  Here is a copy of the newest phishing email that is presently circulating.  DO NOT CLICK ON THE CONTINUE BUTTON.  As phishing emails go, the graphics are pretty impressive, however there are several grammatical errors including the word “temporal” being used instead of “temporary”.  It also  should be noted that the email is directed to “Dear Valued Customer” rather than your name and no account number is provided.  These are further indications that this is a scam.  Finally, this email was sent by an email address that had nothing to do with USAA, but was undoubtedly part of a botnet of computers using email addresses of hacked email accounts to send out the phishing email.

TIPS

Frankly, whenever you get an email, you can never be sure who is really sending it to you.  Obviously if you receive this email and you do not have an account with USAA, you know it is a scam, however, if you receive something like this that appears to come from a company with which you do business, you should still not click on any links contained in the email unless you have independently confirmed with the company that the email is legitimate.  Remember, even paranoids have enemies.

Scam of the day – April 20, 2016 – DocuSign phishing scam

April 20, 2016 Posted by Steven Weisman, Esq.

DocuSign is a company that provides technology for the transmission of contracts and other documents with features for electronic signatures.  The company is used by many companies.  Recently I received a phishing email, reproduced below that purported to be from an attorney that I know and with whom I do business asking me to click on a link to open a document that needed my signature.  The phishing email looked very professional and contained the DocuSign logo and appeared legitimate.  In the copy of the email below, I have blocked out the name and other personal information used to identify the attorney who was purported to have sent me the document.  DO NOT CLICK ON THE LINK TO VIEW DOCUMENTS.

This is a spear phishing email designed to lure the person receiving the email to click on the link and either provide personal information that could be used for identity theft, or, as more likely in this particular phishing attempt, merely by clicking on the link would have downloaded keystroke logging malware into the computer of the person clicking on the link.  This malware would have enabled the cybercriminal to steal all of the personal information from the computer and make that person a victim of identity theft.  This email was particularly dangerous because it came from someone with whom I do business whose email account was hacked and used to send out the spear phishing email.

Here is the email without the logo.

Please review and sign your document
 

From: XXXXXXXXX (XXX@aol.com)

Hello

Thomas has sent you a new DocuSign document to view and sign. Please click on the ‘View Documents’ link below to begin signing.

View Documents
XXXXXXXX
Law Office of XXXXXXXXX
XXXXXXXXXXX
XXXXXXXXXX
Fax: XXXXXXXXX
Email: XXX@aol.com

__________________________________________________________________________
CONFIDENTIALITY NOTICE: This email message contains confidential information intended only for the person(s) or entity to whom it is addressed and is subject to attorney-client privilege. If you have received this email message in error, please destroy the original message.

CIRCULAR 230 DISCLOSURE: Pursuant to U.S. Treasury Regulations, we are now required to advise you that, unless otherwise indicated, any federal tax advice contained in this communication, including attachments and enclosures, is not intended and may not be used for the purpose of (1) avoiding tax related penalties under the IRC or (2) promoting, or recommending to another party any tax related matters addressed herein.

TIPS

In this case, I actually followed my own advice as to never click on a link regardless of how legitimate the email or text message may appear until confirming that the message is legitimate.  I emailed back to the attorney and asked him to confirm that it was legitimate and answer a question which I knew only he would know the answer to.  The response I got from him was that he had been hacked and I should not click on the link.

The lesson here is clear.  You can never be sure when you receive an email as to who is really contacting you.  Although sometimes it is obvious when the email address of the sender does not correspond to who is represented as sending the email, but other times, such as in this case, the email account of someone or some company you trust could have been hacked and used to send you the malware.  Therefore you should never click on a link or download an attachment in an email until you have absolutely and independently confirmed that it is legitimate.

 

Scam of the day – March 19, 2016 – TurboTax phishing email

March 19, 2016 Posted by Steven Weisman, Esq.

Turbo Tax is a popular online tax preparation company used by many people so it should come as no surprise, particularly at this time of year, that a phishing email is presently being circulated that appears to come from Turbo Tax with the title “Important Privacy Changes” in an attempt to get people to click on the link contained in the email purportedly to opt out of having their personal information shared with others.  The email is not sent by Turbo Tax.  It is a phishing scam intended to lure people into clicking on the link which will download keystroke logging malware that will steal your personal information from your computer, smart phone or other electronic device and use it to make you a victim of identity theft.

Here is a copy of the email presently being circulated, DO NOT CLICK ON THE LINK:

TIPS

The first line of defense against phishing emails is to have good anti-virus and anti-malware software installed on all of your electronic devices as well as to take advantage of anti-phishing features in your web browser.  Also, keep all of your security software up to date with the latest security patches as soon as they are available.  However, even if you have the most up to date security software, it will not protect you from the latest malware.  Security software is always at least thirty days behind the newest “zero day” malware.

Never click on links in any text message or email unless you have absolutely confirmed that the link is legitimate and safe.  In a case such as this, the safest route is to avoid the email entirely and go directly to the website of the company, in this case Turbo Tax to find out if the email was legitimate or not.  When going to the company website, don’t go by clicking on links or typing in addresses contained in the text message or email.  Instead, independently type in the name of the website in your browser.

Scam of the day – March 7, 2016 – Bank of America phishing scam

March 7, 2016 Posted by Steven Weisman, Esq.

Here is another good example of a phishing email that is presently being circulated.   It makes for compelling reading, but it is a scam.  Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.  They are a staple of identity thieves and scammers and with good reason because they work.  As always, they lure you by making it appear that there is an emergency that requires your immediate attention or else dire consequences will occur.  Here is a copy of a new phishing email that appears to come from Bank of America that is presently circulating.  This particular one came with particularly good looking graphics and a Bank of America logo, but it is a scam.  DO NOT CLICK ON THE LINK.

http://
Online Banking Alert
Unauthorized Sign-In
As part of our security measures, during our system regularly scheduled account maintenance and verification procedures, we have detected a slight error in your online banking information. Our system requires account verification for more security and protection to your account.

To confirm this verification log into Online Banking and update your information.

Once you have verified your records, your Account Services will not be interrupted and will continue as normal.
Security Checkpoint: This email includes a Security Checkpoint. The information in this sectionnlets you know this is an authentic communication from Bank of America.
Bank of America, N.A. Member FDIC. Equal Housing Lenderhttp://
© 2016 Bank of America Corporation. All rights reserved.

TIPS

An indication that this is a phishing email is that the email address from which it was sent had nothing to do with Bank of America, but most likely was from a computer that was part of a botnet of computers hacked into and controlled remotely by the scammer.  In addition, legitimate emails from your bank would include the last four digits of your account.  This email does not use the customer’s name or account number anywhere in the email.  As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call your bank at a telephone number that you know is accurate and you will be able to confirm that it is a scam.