Scam of the day – December 6, 2012 – Gift card scam followup

On November 26, 2012 I warned you about a gift card scam by which you reeive a text message informing you that you have won a gift card worth $1,000 or more from Target, Best Buy, Apple or WalMart.  Other companies’ names are also being misused, but these are the major companies that are presently being used to lure unsuspecting victims into clicking on a link in the email which takes them to websites where they fill in the requested information and promptly become in danger of becoming a victim of identity theft through the misuse of the personal information provided.  I am writing about this scam now because it appears to be increasing in frequencey as the holiday shopping season gets into full swing.  I also want to provide you with some additional tips on how to deal with this scam.


My first tip is the same as always.  Don’t click on any link in  a text message or email unless you are absolutely sure that it is legitimate.  In any communication that purports to be from a business, you cannot be sure that the message and email is legitimate.  Scammers and identity thieves can make their messages and email look very official.  The risk of clicking on a link from a scammer is too great to take the chance .  In addition to luring you into providing information that can be used against you that leads to your becoming a victim of identity theft, clicking on the link may also cause a keystroke logging malware program to be downloaded on to your computer, laptop, tablet or smartphone that can steal all of the information from your device and lead to your becoming a victim of an even more devastating identity theft.  If you have any thought that the message might be legitimate, call the company at a telephone number that you know is correct to find out if the message or email you received was a scam.   Do not respond to the text by declining the message or asking to be taken off of their list because all this does is alert the identity thief that your address is active.  If you do receive such an email, forward the message to your phone service provider by sending it to 7726 on your keypad.  This spells out “Spam” and your provider will block future messages from that number.

Scam of the day – November 19, 2012 – Holiday shopping scams part 1

Imagine Andy Williams singing, “It’s the Most Wonderful Time of the Year” and it may be for many people, but it is not so wonderful if you have been scammed by scammers who really do find the holiday shopping season to be the most wonderful time of the year – for them.  Today’s scam of the day will be the first of many that I will be doing that deal with holiday shopping scams.  I received an email today showing me how I could get iPad 2s and iPhones at 90% discounts by clicking on links and ordering them online.  If I had clicked on the links, all I would have succeeded in doing would have been paying electronically for goods that I never would have received.  Meanwhile, by clicking on the links, I also would have run the risk of unknowingly downloading keystroke logging malware that could have stolen all of the information from my computer, such as my Social Security number, credit card number and other financial data and made me a victim of identity theft.


If an offer sounds too good to be true, it usually is.  Scammers always pick the most popular and expensive items to lure people into sending them money for goods that never are delivered.  Never click on links in emails, tweets or text messages unless you are sure the communications are legitimate and it is hard to do so without calling the legitimate company because even if it truly appears to be coming from a legitimate person or entity, their email, twitter, or smart phone may have been hacked into and the communication you receive is from a scammer.  Only deal with companies that you know are legitimate and confirm that you are actually on a website that you know is legitmate because phony websites can look quite good.

Scam of the day – November 18, 2012 – New IRS scam

The latest IRS scam to be wary of involves an email that you receive purportedly from the IRS informing you “After the last annual calculation of your fiscal activity we have determined that you are eligible to receive a tax return of $253.04.  To receive your return, you need to register for an e-Services account:  Click here to register.  If you already have an e-Services account click her to login.”  If you are knowledgeable, you will know that a tax refund is not referred to as a “return.”   However, if you fall for the bait, you will not get any money from the IRS, but clicking on either link will result in your unwittingly downloading dangerous keystroke logging malware onto your computer which enables the identity thief to steal all of the information from your computer such as your credit card numbers, Social Security number, passwords and financial account information which will ultimately result in your becoming a victim of identity theft.


If you receive an email from the IRS, you can immediately ignore and delete it because the IRS does not communicate with taxpayers through email.  They only use regular mail to communicate with taxpayers.  It is also important to remember that you never should click on links in emails, tweets, or text messages because even if the source appears legitimate, you cannot be sure that they indeed are legitimate.  It is also possible that the legitimate source of the email, tweet or text message may have had their account hacked into so that you would trust the communication and click on the link.  If you have any concerns about the legitimacy of a forwarded link, contact the person or entity sending it to you by phone to confirm its accuracy.  Finally, as a last line of protection, you should make sure that you not only have a good firewall and computer security software, but that it is constantly updated in order to protect you from the latest viruses and other malware.

Scam of the day – November 13, 2012 – Online greeting card scams

As we begin our descent into the holiday season there will be many holiday season related scams which we will be discussing over the next few weeks.  One that has been very prevalent of late is that of online greeting cards.  They are easy to send.  Many are free.  Many are very entertaining and they offer a chance to send a timely greeting even if you have forgotten an important holiday, birthday or anniversary until the last minute.  However, they also are fraught with scams and dangers.  Clicking on a phony online greeting card sent to you can result in your downloading a keystroke logging program that will steal all of the information from your computer and make you a victim of identity theft.


When a legitimate card is sent to you, the email message will state the name of the person who is sending you the card.  When the message states that it is from “a friend” or a “secret admirer” you should not click on the link because if you do so, you will download a dangerous keystroke logging program.  As an additional precaution you should also make sure that your Firewall and security software are constantly kept current and up to date.  Finally, if you get an online greeting card from a name that is a common name, you should contact that person before opening the card to make sure that the card is legitimate.

Scam of the day – November 9, 2012 – Image stealing malware

Regular visitors to this website/blog have read about keystroke logging malware that can be unwittingly downloaded on to your computer when you think you are downloading free music, free games, or are persuaded to click on a link in a tainted email.  Once installed on your computer, this type of malware, which is often called a Trojan Horse for obvious reasons, can read everything in your computer that is contained in documents or text.  Now, however, a new type of malware is appearing that steals the images that are stored on your computer in formats such as .jpg, .jpeg or .dmp.  While you might wonder what problem would be presented by the stealing of your photographs or scans, you should consider what files you do have in such formats.  Many people will scan financial documents into their computers, which can provide an identity thief using this type of malware which is called a Pixsteal Trojan, with all of the information he or she needs to make you a victim of serious identity theft.  In addition, many people may keep photographs of a private nature on their computer, which, if they fall into the wrong hands can result in blackmail.


You should take the same precautions to avoid Pixsteal Trojans as you do any other Trojan Horse malware.  Never click on links unless you are sure that they are not risky.  As I always say, trust me, you can’t trust anyone.  Even if you get an email or a Facebook message that appears to be from a friend, it may actually be from someone who has hacked into their account so you can’t trust it.  And even if it really is from your friend, they may unwittingly be passing on the malware that they unknowingly downloaded on to their own computer and are now passing on to you.  Also, maintain your security software up to date on all of your electronic devices including smart phones and other portable devices.

Scam of the day – November 5, 2012 – Free iPad mini scam

Scammers always take advantage of whatever is new and exciting in the news so it is not a surprise that scams surrounding the introduction by Apple of the new iPad mini are being used to steal money from unwary victims.  You may receive a message on your Facebook page that you have been chosen to receive a free iPad mini.  All you need to do is click on a link that leads you to a “Request for Permission” page on Facebook.  Unfortunately, if you give permission, you won’t get a free iPad mini, but will succeed in downloading an app that will enable the scammer to use your Facebook account to send out more phony messages to all of your friends who are likely to trust the message because it appears to come from you.  If they, in turn, click on the link provided to them to get a free iPad mini, they will end up either providing information that will be used to make them victims of identity theft or unwittingly, they will download a keystroke logging malware program that can steal the information from their computers such as passwords, credit card numbers and Social Security numbers.


As I always say, “Trust me, you can’t trust anyone.”  No one is giving out free iPad minis and why should you have been selected when you never even entered a contest?  If it looks too good to be true, it generally is.  Don’t trust messages on your Facebook page or in your email that contain links.  You can never be sure when you first see such a message that it is indeed from your friend instead of a hacker nor can you be sure that even if the message is from your friend that your friend is not unknowingly passing on malware or a scam.  Never click on a link until you have confirmed it is legitimate.  If you do manage to install a malicious app, remove the message from your timeline, revoke the app’s publishing rights and report the scam to Facebook and make sure that you have revoked access to your Facebook account.

Scam of the day – November 4, 2012 – Military payroll scam

Recently there has been an upsurge of identity theft involving military payroll payments.  These payments are handled by the Defense Finance and Accounting Service, often referred to as DFAS, which processes payments for more than six million military personnel.  What is occurring is that identity thieves are stealing the login information used by military personnel who go to the military payroll’s website myPay.  Once the identity thieves have this information, they are able to access the accounts of individual military personnel and change where the funds are to be deposited electronically by DFAS, causing the payments to be diverted to bank accounts and prepaid credit cards of the scammers.  Recently there have been a number of these cases occurring at Fort Bragg in North Carolina.  The case of one soldier in particular, that of Stephen Redmon is an example of how difficult it can be for soldiers to fix the problem after they have become victimized by identity thieves.  Redmon’s September 14th check was diverted to Bancorp Bank where it was converted into prepaid debit cards.  To date, federal investigators have still not determined whether or not the federal government will reimburse Redmon for the money lost.


Captain Redmon’s identity was stolen when he accessed his myPay account at either his home computer, his smart phone or a computer he used at the library at Fort Bragg.  All of these present security issues.  Home computers are often infiltrated, as I have warned you, by family members downloading dangerous keystroke logging malware that once downloaded can steal all of the information from your computer including, in this case, login information and the password for Captain Redmon’s myPay account.  This malware often is downloaded unwittingly when someone clicks on a link in an email or a website that may promise free games, free music or other lures to get you click on phony and dangerous links.  The use of Wifi without proper software security programs also presents serious danger of having your information stolen.  Many people do not protect their smart phones or other portable devices with proper security software despite the fact that they use them for private financial matters. This is an important thing to do.  Finally, public computers, such as library computers should never be used for personal financial transactions as these computers are often targeted by identity thieves for downloading keystroke logging programs to capture the information of people who use these computers.

Scam of the day – November 1, 2012 – Phony Amazon email scam

A new scam has recently emerged that begins when you receive an email purportedly from Amazon informing you that “Your acount has been closed because of too many failed login attempts.  Please download and fill out the form below to reactivate your account.”  If you download the form and provide the personal information requested you will have turned over your information to an identity thief who can then use this information to make you a victim of identity theft.  Unlike many phony emails that contain exact replicas of logos for the companies that the email is purportedly to be from, this scam email does not contain anything except text.


Do not respond to this email by providing any information or clicking on any links.  Amazon does not ask for you password, bank account information, credit card information, PIN, Social Security number, mother’s maiden name or any other identifying information.  If you are asked for any of this information in an email, you cn be sure that the email is not from Amazon.  If you ever receive a similar email and have any doubts as to its authenticity, merely call the company to find out if the email was legitimate.  Providing information or clicking on links that can download keystroke logging malware can put you in great danger of identity theft.

Scam of the day – October 29, 2012 – New IRS scam

The IRS is warning people about a new scam that uses a website that appears to be the IRS’ e-Services online registration page.  The real IRS e-Services website does not provide anything for taxpayers, but does provide web-based products and information for professional tax preparers.  Many people are fooled by phony IRS websites that have URLs that are close to the IRS’ URL of  Some may have IRS in the URL, but end in .com, .net or .org.  The only official IRS website is, but even there if you get an email that appears to be from the IRS you should disregard it because the IRS does not contact taxpayers by email and under no circumstances will the the IRS contact you by email, social media or text messages requesting personal information such as your bank account information or your Social Security number.


Never click on links in emails, texts or  social media messages unless you area absolutely sure that the link is legitimate.  And even then you should consider not clicking on a link until you have verified that indeed it was sent by a legitimate sender and even then you cannot be sure that the link is being sent to you by someone who is passing on a tainted link.  The link may take you  to a legitimate website that requests personal data from you, however, if the communication is from a scammer, the information you provide can lead to identity theft.  Remember, if it is the IRS contacting you, they would already have your Social Security number and they don’t need or ask for you bank account information.  By clicking on links from scammers, you also risk downloading dangerous keystroke logging malware programs that can steal all of the information from your computer and lead to you becoming a victim of identity theft.

Scam of the day – October 23, 2012 – eFax Scam

It is relatively easy to make an email appear to come from a legitimate company, copying their logo and other material that will make an email from a scammer/identity thief appear to come from the legitimate company.  Phony emails purporting to be from companies such as UPS, the United States Postal Service, FedEx and Western Union have been a standard way that identity thieves and scammers lure people into clicking on a link in the email and downloading a keystroke logging malware program that will steal all of the information from your computer including passwords, credit card numbers and more that will be used to make you a victim of identity theft.  The latest version of this scam is one that purports to come from the legitimate company eFax, but in fact is from a scammer who copies an eFax communication.


Never click on links that you are not sure are in legitimate emails.  If in doubt, call the company to confirm whether or not the email is legitimate.  Many of these emails are addressed not to you by name but rather to “Dear Customer,” which is an indication that it is not legitimate.  You can also pass your mouse over the link to see where it is sending you, but even then the URL that it shows may have been spoofed or copied from one that appears to be legitimate.  It is also important to keep your computer security software up to date.  The present eFax phony email is coming from Australia, which is not where eFax is located.