Scam of the day – November 4, 2012 – Military payroll scam

Recently there has been an upsurge of identity theft involving military payroll payments.  These payments are handled by the Defense Finance and Accounting Service, often referred to as DFAS, which processes payments for more than six million military personnel.  What is occurring is that identity thieves are stealing the login information used by military personnel who go to the military payroll’s website myPay.  Once the identity thieves have this information, they are able to access the accounts of individual military personnel and change where the funds are to be deposited electronically by DFAS, causing the payments to be diverted to bank accounts and prepaid credit cards of the scammers.  Recently there have been a number of these cases occurring at Fort Bragg in North Carolina.  The case of one soldier in particular, that of Stephen Redmon is an example of how difficult it can be for soldiers to fix the problem after they have become victimized by identity thieves.  Redmon’s September 14th check was diverted to Bancorp Bank where it was converted into prepaid debit cards.  To date, federal investigators have still not determined whether or not the federal government will reimburse Redmon for the money lost.

TIPS

Captain Redmon’s identity was stolen when he accessed his myPay account at either his home computer, his smart phone or a computer he used at the library at Fort Bragg.  All of these present security issues.  Home computers are often infiltrated, as I have warned you, by family members downloading dangerous keystroke logging malware that once downloaded can steal all of the information from your computer including, in this case, login information and the password for Captain Redmon’s myPay account.  This malware often is downloaded unwittingly when someone clicks on a link in an email or a website that may promise free games, free music or other lures to get you click on phony and dangerous links.  The use of Wifi without proper software security programs also presents serious danger of having your information stolen.  Many people do not protect their smart phones or other portable devices with proper security software despite the fact that they use them for private financial matters. This is an important thing to do.  Finally, public computers, such as library computers should never be used for personal financial transactions as these computers are often targeted by identity thieves for downloading keystroke logging programs to capture the information of people who use these computers.

Scam of the day – November 1, 2012 – Phony Amazon email scam

A new scam has recently emerged that begins when you receive an email purportedly from Amazon informing you that “Your acount has been closed because of too many failed login attempts.  Please download and fill out the form below to reactivate your account.”  If you download the form and provide the personal information requested you will have turned over your information to an identity thief who can then use this information to make you a victim of identity theft.  Unlike many phony emails that contain exact replicas of logos for the companies that the email is purportedly to be from, this scam email does not contain anything except text.

TIPS

Do not respond to this email by providing any information or clicking on any links.  Amazon does not ask for you password, bank account information, credit card information, PIN, Social Security number, mother’s maiden name or any other identifying information.  If you are asked for any of this information in an email, you cn be sure that the email is not from Amazon.  If you ever receive a similar email and have any doubts as to its authenticity, merely call the company to find out if the email was legitimate.  Providing information or clicking on links that can download keystroke logging malware can put you in great danger of identity theft.

Scam of the day – October 29, 2012 – New IRS scam

The IRS is warning people about a new scam that uses a website that appears to be the IRS’ e-Services online registration page.  The real IRS e-Services website does not provide anything for taxpayers, but does provide web-based products and information for professional tax preparers.  Many people are fooled by phony IRS websites that have URLs that are close to the IRS’ URL of www.irs.gov.  Some may have IRS in the URL, but end in .com, .net or .org.  The only official IRS website is www.irs.gov, but even there if you get an email that appears to be from the IRS you should disregard it because the IRS does not contact taxpayers by email and under no circumstances will the the IRS contact you by email, social media or text messages requesting personal information such as your bank account information or your Social Security number.

TIPS

Never click on links in emails, texts or  social media messages unless you area absolutely sure that the link is legitimate.  And even then you should consider not clicking on a link until you have verified that indeed it was sent by a legitimate sender and even then you cannot be sure that the link is being sent to you by someone who is passing on a tainted link.  The link may take you  to a legitimate website that requests personal data from you, however, if the communication is from a scammer, the information you provide can lead to identity theft.  Remember, if it is the IRS contacting you, they would already have your Social Security number and they don’t need or ask for you bank account information.  By clicking on links from scammers, you also risk downloading dangerous keystroke logging malware programs that can steal all of the information from your computer and lead to you becoming a victim of identity theft.

Scam of the day – October 23, 2012 – eFax Scam

It is relatively easy to make an email appear to come from a legitimate company, copying their logo and other material that will make an email from a scammer/identity thief appear to come from the legitimate company.  Phony emails purporting to be from companies such as UPS, the United States Postal Service, FedEx and Western Union have been a standard way that identity thieves and scammers lure people into clicking on a link in the email and downloading a keystroke logging malware program that will steal all of the information from your computer including passwords, credit card numbers and more that will be used to make you a victim of identity theft.  The latest version of this scam is one that purports to come from the legitimate company eFax, but in fact is from a scammer who copies an eFax communication.

TIPS

Never click on links that you are not sure are in legitimate emails.  If in doubt, call the company to confirm whether or not the email is legitimate.  Many of these emails are addressed not to you by name but rather to “Dear Customer,” which is an indication that it is not legitimate.  You can also pass your mouse over the link to see where it is sending you, but even then the URL that it shows may have been spoofed or copied from one that appears to be legitimate.  It is also important to keep your computer security software up to date.  The present eFax phony email is coming from Australia, which is not where eFax is located.

Scam of the day – October 20, 2012 – Miley Cyrus sex tape scam

Curiosity killed the cat, but for we humans, it can too often lead to identity theft, which although certainly not as bad as death, can be pretty devastating.  The latest scam appealing to our curiosity is now appearing on Facebook pages where you will find an announcement about a breaking news story regarding a secret sex tape of Miley Cyrus.  If you click on the link in order to view the tape, a request for you to prove that you are over 18 appears.  When you fill in the information requested, it can not only lead to your identity theft, but can also allow the identity thief to steal your Facebook information so that Facebook messages from the scammer/identity thief will appear to be coming from you which will make your friends more likely to trust the message and end up becoming victims of identity theft themselves.  By the way, there is no such sex tape.

TIPS

Never trust links provided by anyone on your Facebook page or anywhere else without checking out their validity first.  Links luring you with promises of sex tapes of Miley Cyrus or nude pictures of princess Kate Middleton, the wife of Prince William (which do actually exist) or anything else that would tempt you to click on the link are an effective way for identity thieves and scammers to trick you into downloading viruses or keystroke logging malware that can steal all of the information from your computer and make you a victim of identity theft.  If you want to check out the veracity of a gossip, a safe place to go is www.tmz.com.  And of course, as I always say, “trust me, you can’t trust anyone;”  even if you receive an email, text or Facebook message from someone you trust, you can’t be sure that either they have been hacked and the message is coming from a scammer or they are inadvertently passing on tainted links that they don’t realize contains a virus.

Scam of the day – October 19, 2012 – New IRS scam

Many of us pay our taxes online and many of us have a refund deposited electronically into our bank accounts.  It is a quick and efficient way to pay your taxes and get your refund safely.  However, scam artists are aware of this and are sending out phony emails purporting to be from the IRS telling their victims that their refund deposit failed and asking the potential victim to click on a link for the details of how to remedy the situation.  Of course, if you click on the link, what you will end up doing is downloading keystroke logging malware that will enable the scammer to steal all of the information from your computer.  Some of the notices are even followed up with another email telling you that it is a second notice and that your refund is being cancelled unless you click on the link to remedy the situation.  Don’t click on the link.

TIPS

Never click on links unless you are positive that it is legitimate and even then you cannot be sure, if it is something being sent by a friend that they are not passing on something to you that they do not realize is infected.  In regard to this particular phishing scam, although the email looks legitimate, it does not include your name and the address line on the email  and indicates it was sent from an email address other than the IRS.  However, even if the email address appears to be from the IRS, it is easy to spoof or copy the address to make it appear that it is from the IRS.   The safe thing to do if you have any questions as to the legitimacy of such an email is to call or email the IRS.

Scam of the day – October 18, 2012 – Capital One scam

Today’s scam of the day is another that comes right from my email.  Earlier this week I received an eamil that appeared to come from Capital One with a short message that read “There is a new document available online for your account” and instructed me to click on a link to get to the document.  If I had done so I would have downloaded a virus, possibly a keystroke logging malware program that could steal all of the information from my computer.

TIPS

Although the forged email looked quite legitimate and carried the logo of Capital One, at closer look there were some clues that this was a scam starting with the fact that it addressed me as “Dear Customer.”  Any email from a company that does not use your name should immediately make you skeptical.  In addtion, the scammer who copied the four paragraphs of fine print found at the bottom of legitimate emails from Capital One neglected to take out the email address to which the original email was sent so the email to me indicates that it was being sent to a different address than mine which was another tell tale clue.  The bottom line is that you should never click on links regardless of from whom they come unless you are absolutely sure they are legitimate.  Just to be extra sure I sent a copy of the email to Capital One who promptly responded to me that the email I had been sent was a scam.

Scam of the day – October 7, 2012 – Hulk Hogan sex tape scams

Celebrity sex tapes are nothing new.  From Pamela Anderson to Paris Hilton to Kim Kardashian and others, the public’s thirst for sex tapes sometimes made without and almost always distributed without the knowledge of the celebrity is always great.  The latest of the sex tapes to hit the Internet is a sex tape that apparently was done surreptitiously of former WWE wrestling champion Hulk Hogan who is shown in a thirty minute tape having sex with a woman who has been identified by some as the ex-wife of Hogan’s best friend.  A number of legitimate websites are showing a one minute portion of the tape, but you can probably expect soon that the full thirty minute tape will be appearing on the Internet.  But beware.  Scammers, as they have done with other celebrity nude shots or sex tapes,  most recently with the topless shots of Kate, the Duchess of Windsor will be sending out emails, Facebook messages and tweets that lure you to phony websites that when you click on the link necessary to watch the tape will download dangerous keystroke logging malware on your computer that can steal your information and make you a victim of identity theft.

TIPS

Never trust links that come in emails, tweets or Facebook messages.  Even if they come from friends who you trust, you must remember my motto, “trust me you can’t trust anyone.”  Your friends may have had their email account, Twitter account or Facebook account hacked into by an identity thief and the message that you are getting may be from the identity thief, not your friend.  And that message may well contain keystroke logging malware.  In addition, even if your real friends pass on a link, they may be unwittingly passing on a link that they do not realize will cause you to become a victim of identity theft.  The best course of action, if you are intent upon seeing the video is to go only to websites that you know are legitimate.

Scam of the day – October 2, 2012 – White House spearphishing hack

Yesterday, a White House spokesman confirmed that a computer network used by the White House Military Office that deals with military support for various White House functions was hacked into last month purportedly by Chinese hackers through the common scammers technique called “spearphishing.”  You can read in more detail about spearphishing in my “scam of the day” of September 11, 2012, which can be accessed in the scamicide archives.  Phishing occurs when you receive an email message or other communication that takes you to a phony website or link that automatically will download malware, such as a keystroke logging program called Trojan Horse that will steal all of the information from your computer and can help make you a victim of identity theft.  Spearphishing is a particularly insidious variation of phishing.  It occurs when you get an email message or other communication that appears to be from someone you know that contains a link or an attachment that when you download it automatically downloads the malware I previously described.  People often let their guard down when they receive an email or other communication from someone that they know even though it is easy to hack into someone’s email and steal their identity to send out these kinds of specially targeted spearphishing emails.  Too often they trust that the email is genuine and either click on the link or download the attachment without being sure that it is legitimate.  Often this can bring terrible results.

TIPS

Remember my motto:  Trust me, you can’t trust anyone.  Never download attachments or click on links unless you are absolutely are sure that the email or other message is absolutely legitimate.  When in doubt (and you should always have some doubt) you should confirm with the person that you think sent you the email that it is legitimate.  It may seem a bit paranoid, but remember, even paranoids have enemies.  If the White House can fall for this scam, so can you, so be extra careful.