Scam of the day – December 18, 2012 – Newtown charity scams and similar charity scams

As I warned you, the very day after the horrible shootings at the Sandy Hook Elementary School in Newtown, Connecticut, scammers and identity thieves will be preying upon both our best and worst instincts in response to the tragedy.  People seeking videos and photographs of the event may find themselves clicking on links that purport to provide you with such material, but may only end up downloading keystroke logging malware that will steal all of the information from the computers of the curious people who will find themselves becoming victims of identity theft.  Go back to Saturday, December 15ths “Scam of the Day” for more particulars.  The next step in scams stemming from the murders will be the pleas for charitable contributions for the victims and others similarly situated.  You should always be wary when anyone asks you for a charitable donation, but particularly when a charitable solicitation quickly follows an emotional event such as the killings in Connecticut.  You will want to make sure that you are giving to legitimate charities that will use your contribution wisely rather than giving your money to a scammer or a “legitimate” charity that misuses your donations by paying its administrator inordinately large salaries.  Particularly during this time of the year, you will likely find yourself being solicited by various police and firefighter charities.  Many of these are scams and it is important to know the difference between a legitimate charity and a phony one.


Whenever you are contacted by a charity whether by text, phone, email or otherwise, you can never be sure that the person contacting you legitimately represents the charity or that the charity itself is legitimate.  If you are charitably inclined, you should not respond directly to the person or entity soliciting you, but rather first, confirm that the charity itself is legitimate.  At this time of year there are many charities that contact you, particularly those purporting to represent firefighters and local police that are scams.  Many phony charities have similar names to legitimate charities, particularly those purporting to collect for local fire and police departments. You should always check out the legitimacy of the charity first before considering making a contribution.  A good place to find out if a charity is legitimate or merely has a name that sounds legitimate is  This website also will provide you with information as to how much of the charity’s collected donations actually are applied to its charitable works and how much goes to administrative fees and salaries.  As a general rule of thumb if a charity spends more than 25% of its donations on salaries and administrative costs, you may wish to contribute to another charity.

Scam of the day – December 15, 2012 – Sandy Hook Elementary School shooting identity theft threat

Yesterday’s horrible news of the tremendous loss of life as a result of the actions of  deranged gunman Adam Lanza killing adults and children at the Sandy Hook Elementary School in Newtown, Connecticut is, unfortunately, just the type of story that often leads to people becoming victims of identity theft.  As some people search for information to help them better understand what happened while others scour media for exclusive photographs or videos of the events out of a macabre curiosity, both groups of people can become easy victims of identity theft schemes quickly constructed by media savvy identity thieves who will use all forms of media from text messages, emails, social media postings and search engine directed phony websites to entice people to click on links contained within these various forms of communication that will purport to provide information, photographs or videos about the shootings, but instead will only result in the people who click on these links unknowingly downloading dangerous keystroke logging malware that can read all of the information contained on the computers of those people clicking on the tainted links.  The information stolen in this manner can include passwords, Social Security numbers, credit card numbers, bank account numbers and other information that will lead to the identity theft of these people.


First and foremost, it is important to have good firewalls and security software installed and kept up to date on all of your electronic devices including your computers, smart phones, iPads and other portable devices that you use.  Many people may think to protect their home computers, but fail to protect their portable devices even though they may use these devices as much and even more than their home computers.  Second, you should not click on any link unless you are sure that it is legitimate and even if the link is contained in what appears to be a text message or social media posting of a friend, you can’t be sure that your friend has not had his or her account hacked into by an identity thief in order to make you more trusting than you should be of the message being sent.  Additionally, even if you receive a test, email or social media posting that actually is from a friend of yours, it may merely be passing on to you a tainted link that your friend does not realize they are helping to spread after receiving it themselves from a source that they should not have trusted.  Frankly, the safest course of action is not to click on any links from anyone that try to appeal to your curiosity about major public events such as this, but rather limit your search for information to legitimate news websites that you can be confident are not likely to contain tainted or inaccurate information.  As for those people who lust after disturbing videos and photographs that they think they will only be able to access from “special” sources, those special sources are usually phony as are the videos and photographs that they provide, however, the malware that you get from them is very real and dangerous.

Scam of the day – December 12, 2012 – PayPal holiday scams

Many people use PayPal for safe online holiday shopping which is why scammers and identity thieves often pose as PayPal in an effort to steal money or the identity of their victims.  The scam generally begins with an email that purports to acknowledge payment by you for something that you have obviously not purchase.  A link in the email, however, is provided if you wish to dispute the charge.  Don’t click on the link.  As I have told you many times before clicking on links which you are not sure are secure places you in danger of identity theft by taking you to a website where you are prompted to provide information that can make you a victim of identity theft or even worse, clicking on the link can result in your downloading a keystroke logging malware program that will steal all of the information from your computer including passwords, credit card numbers, bank account information and your Social Security number.


If you receive such an email, remember that you can never be sure when you receive an email whether it is legitmate or not.  If you have any questions, you should contact the company, such as PayPal directly through their official website, an email directed to an address that you know is correct or by phone at a number that you know is correct.  It is also important to remember that PayPal and other legitimate companies will not ask for your Social Security number or PINs.

Scam of the day – December 6, 2012 – Gift card scam followup

On November 26, 2012 I warned you about a gift card scam by which you reeive a text message informing you that you have won a gift card worth $1,000 or more from Target, Best Buy, Apple or WalMart.  Other companies’ names are also being misused, but these are the major companies that are presently being used to lure unsuspecting victims into clicking on a link in the email which takes them to websites where they fill in the requested information and promptly become in danger of becoming a victim of identity theft through the misuse of the personal information provided.  I am writing about this scam now because it appears to be increasing in frequencey as the holiday shopping season gets into full swing.  I also want to provide you with some additional tips on how to deal with this scam.


My first tip is the same as always.  Don’t click on any link in  a text message or email unless you are absolutely sure that it is legitimate.  In any communication that purports to be from a business, you cannot be sure that the message and email is legitimate.  Scammers and identity thieves can make their messages and email look very official.  The risk of clicking on a link from a scammer is too great to take the chance .  In addition to luring you into providing information that can be used against you that leads to your becoming a victim of identity theft, clicking on the link may also cause a keystroke logging malware program to be downloaded on to your computer, laptop, tablet or smartphone that can steal all of the information from your device and lead to your becoming a victim of an even more devastating identity theft.  If you have any thought that the message might be legitimate, call the company at a telephone number that you know is correct to find out if the message or email you received was a scam.   Do not respond to the text by declining the message or asking to be taken off of their list because all this does is alert the identity thief that your address is active.  If you do receive such an email, forward the message to your phone service provider by sending it to 7726 on your keypad.  This spells out “Spam” and your provider will block future messages from that number.

Scam of the day – November 19, 2012 – Holiday shopping scams part 1

Imagine Andy Williams singing, “It’s the Most Wonderful Time of the Year” and it may be for many people, but it is not so wonderful if you have been scammed by scammers who really do find the holiday shopping season to be the most wonderful time of the year – for them.  Today’s scam of the day will be the first of many that I will be doing that deal with holiday shopping scams.  I received an email today showing me how I could get iPad 2s and iPhones at 90% discounts by clicking on links and ordering them online.  If I had clicked on the links, all I would have succeeded in doing would have been paying electronically for goods that I never would have received.  Meanwhile, by clicking on the links, I also would have run the risk of unknowingly downloading keystroke logging malware that could have stolen all of the information from my computer, such as my Social Security number, credit card number and other financial data and made me a victim of identity theft.


If an offer sounds too good to be true, it usually is.  Scammers always pick the most popular and expensive items to lure people into sending them money for goods that never are delivered.  Never click on links in emails, tweets or text messages unless you are sure the communications are legitimate and it is hard to do so without calling the legitimate company because even if it truly appears to be coming from a legitimate person or entity, their email, twitter, or smart phone may have been hacked into and the communication you receive is from a scammer.  Only deal with companies that you know are legitimate and confirm that you are actually on a website that you know is legitmate because phony websites can look quite good.

Scam of the day – November 18, 2012 – New IRS scam

The latest IRS scam to be wary of involves an email that you receive purportedly from the IRS informing you “After the last annual calculation of your fiscal activity we have determined that you are eligible to receive a tax return of $253.04.  To receive your return, you need to register for an e-Services account:  Click here to register.  If you already have an e-Services account click her to login.”  If you are knowledgeable, you will know that a tax refund is not referred to as a “return.”   However, if you fall for the bait, you will not get any money from the IRS, but clicking on either link will result in your unwittingly downloading dangerous keystroke logging malware onto your computer which enables the identity thief to steal all of the information from your computer such as your credit card numbers, Social Security number, passwords and financial account information which will ultimately result in your becoming a victim of identity theft.


If you receive an email from the IRS, you can immediately ignore and delete it because the IRS does not communicate with taxpayers through email.  They only use regular mail to communicate with taxpayers.  It is also important to remember that you never should click on links in emails, tweets, or text messages because even if the source appears legitimate, you cannot be sure that they indeed are legitimate.  It is also possible that the legitimate source of the email, tweet or text message may have had their account hacked into so that you would trust the communication and click on the link.  If you have any concerns about the legitimacy of a forwarded link, contact the person or entity sending it to you by phone to confirm its accuracy.  Finally, as a last line of protection, you should make sure that you not only have a good firewall and computer security software, but that it is constantly updated in order to protect you from the latest viruses and other malware.

Scam of the day – November 13, 2012 – Online greeting card scams

As we begin our descent into the holiday season there will be many holiday season related scams which we will be discussing over the next few weeks.  One that has been very prevalent of late is that of online greeting cards.  They are easy to send.  Many are free.  Many are very entertaining and they offer a chance to send a timely greeting even if you have forgotten an important holiday, birthday or anniversary until the last minute.  However, they also are fraught with scams and dangers.  Clicking on a phony online greeting card sent to you can result in your downloading a keystroke logging program that will steal all of the information from your computer and make you a victim of identity theft.


When a legitimate card is sent to you, the email message will state the name of the person who is sending you the card.  When the message states that it is from “a friend” or a “secret admirer” you should not click on the link because if you do so, you will download a dangerous keystroke logging program.  As an additional precaution you should also make sure that your Firewall and security software are constantly kept current and up to date.  Finally, if you get an online greeting card from a name that is a common name, you should contact that person before opening the card to make sure that the card is legitimate.

Scam of the day – November 9, 2012 – Image stealing malware

Regular visitors to this website/blog have read about keystroke logging malware that can be unwittingly downloaded on to your computer when you think you are downloading free music, free games, or are persuaded to click on a link in a tainted email.  Once installed on your computer, this type of malware, which is often called a Trojan Horse for obvious reasons, can read everything in your computer that is contained in documents or text.  Now, however, a new type of malware is appearing that steals the images that are stored on your computer in formats such as .jpg, .jpeg or .dmp.  While you might wonder what problem would be presented by the stealing of your photographs or scans, you should consider what files you do have in such formats.  Many people will scan financial documents into their computers, which can provide an identity thief using this type of malware which is called a Pixsteal Trojan, with all of the information he or she needs to make you a victim of serious identity theft.  In addition, many people may keep photographs of a private nature on their computer, which, if they fall into the wrong hands can result in blackmail.


You should take the same precautions to avoid Pixsteal Trojans as you do any other Trojan Horse malware.  Never click on links unless you are sure that they are not risky.  As I always say, trust me, you can’t trust anyone.  Even if you get an email or a Facebook message that appears to be from a friend, it may actually be from someone who has hacked into their account so you can’t trust it.  And even if it really is from your friend, they may unwittingly be passing on the malware that they unknowingly downloaded on to their own computer and are now passing on to you.  Also, maintain your security software up to date on all of your electronic devices including smart phones and other portable devices.

Scam of the day – November 5, 2012 – Free iPad mini scam

Scammers always take advantage of whatever is new and exciting in the news so it is not a surprise that scams surrounding the introduction by Apple of the new iPad mini are being used to steal money from unwary victims.  You may receive a message on your Facebook page that you have been chosen to receive a free iPad mini.  All you need to do is click on a link that leads you to a “Request for Permission” page on Facebook.  Unfortunately, if you give permission, you won’t get a free iPad mini, but will succeed in downloading an app that will enable the scammer to use your Facebook account to send out more phony messages to all of your friends who are likely to trust the message because it appears to come from you.  If they, in turn, click on the link provided to them to get a free iPad mini, they will end up either providing information that will be used to make them victims of identity theft or unwittingly, they will download a keystroke logging malware program that can steal the information from their computers such as passwords, credit card numbers and Social Security numbers.


As I always say, “Trust me, you can’t trust anyone.”  No one is giving out free iPad minis and why should you have been selected when you never even entered a contest?  If it looks too good to be true, it generally is.  Don’t trust messages on your Facebook page or in your email that contain links.  You can never be sure when you first see such a message that it is indeed from your friend instead of a hacker nor can you be sure that even if the message is from your friend that your friend is not unknowingly passing on malware or a scam.  Never click on a link until you have confirmed it is legitimate.  If you do manage to install a malicious app, remove the message from your timeline, revoke the app’s publishing rights and report the scam to Facebook and make sure that you have revoked access to your Facebook account.

Scam of the day – November 4, 2012 – Military payroll scam

Recently there has been an upsurge of identity theft involving military payroll payments.  These payments are handled by the Defense Finance and Accounting Service, often referred to as DFAS, which processes payments for more than six million military personnel.  What is occurring is that identity thieves are stealing the login information used by military personnel who go to the military payroll’s website myPay.  Once the identity thieves have this information, they are able to access the accounts of individual military personnel and change where the funds are to be deposited electronically by DFAS, causing the payments to be diverted to bank accounts and prepaid credit cards of the scammers.  Recently there have been a number of these cases occurring at Fort Bragg in North Carolina.  The case of one soldier in particular, that of Stephen Redmon is an example of how difficult it can be for soldiers to fix the problem after they have become victimized by identity thieves.  Redmon’s September 14th check was diverted to Bancorp Bank where it was converted into prepaid debit cards.  To date, federal investigators have still not determined whether or not the federal government will reimburse Redmon for the money lost.


Captain Redmon’s identity was stolen when he accessed his myPay account at either his home computer, his smart phone or a computer he used at the library at Fort Bragg.  All of these present security issues.  Home computers are often infiltrated, as I have warned you, by family members downloading dangerous keystroke logging malware that once downloaded can steal all of the information from your computer including, in this case, login information and the password for Captain Redmon’s myPay account.  This malware often is downloaded unwittingly when someone clicks on a link in an email or a website that may promise free games, free music or other lures to get you click on phony and dangerous links.  The use of Wifi without proper software security programs also presents serious danger of having your information stolen.  Many people do not protect their smart phones or other portable devices with proper security software despite the fact that they use them for private financial matters. This is an important thing to do.  Finally, public computers, such as library computers should never be used for personal financial transactions as these computers are often targeted by identity thieves for downloading keystroke logging programs to capture the information of people who use these computers.