Scam of the day – July 5, 2016 – Wegmans Facebook scam

Wegmans, the popular supermarket chain is warning people about a scam involving phony Facebook postings that appear to be from Wegmans containing the company logo (which is easy to copy) and promising a free $100 voucher as a way to celebrate Wegmans 100th anniversary.  Phony coupon scams, which turn up regularly on Facebook,  often require you to provide information in order to claim your coupon. Unfortunately, this information, which may include your credit card number or Social Security number, will be used to make you a victim of identity theft.  Even worse, however, is what happens when merely by clicking on the link to claim your coupon you unwittingly download keystroke logging malware software that harvests all of your computer’s information and makes you a victim of identity theft.


As always, if the offer looks too good to be true, it probably is, so a bit of skepticism is in order.  In this particular case, offering free $100 vouchers to every customer definitely is too good to be true.  If you are routed to a survey, don’t take it and make sure that you do not enter personal information that could lead to your identity being stolen.  Also, a bit of prevention is worth a pound of cure, so make sure that your computer security software is up to date.  Finally, the best course is to never click on links promising coupons unless you are absolutely sure that the coupon is legitimate.  Instead, merely go to the real website of the real company and if there are coupons to be had, you will find them there.

Scam of the day – June 17, 2016 – Scams springing up following the Orlando nightclub shootings

Today’s Scam of the day, unfortunately is very much a repeat of warnings I have had to make after tragedies such as the school shootings at the Sandy Hill Elementary School in Newtown, Connecticut. Today,’s warning, of course, relates to the tragic shootings of innocent people at an Orlando nightclub this past week.  Scammers and identity thieves will be preying upon both our best and worst instincts in response to this tragedy.  People seeking videos and photographs of the event may find themselves clicking on links that purport to provide you with such material, but may only end up downloading keystroke logging malware that will steal all of the information from the computers of these curious people who will find themselves becoming victims of identity theft.

Another group of scams stemming from the murders will be the pleas for charitable contributions for the victims and their families.  You should always be wary when anyone asks you for a charitable donation, but particularly when a charitable solicitation quickly follows an emotional event such as the killings in Orlando.  You will want to make sure that you are giving to legitimate charities that will use your contribution wisely rather than giving your money to a scammer or a “legitimate” charity that misuses your donations by paying its administrator inordinately large salaries.  It is important to know the difference between a legitimate charity and a phony one.


Whenever you are contacted by a charity whether by text, phone, email or otherwise, you can never be sure that the person contacting you legitimately represents the charity or that the charity itself is legitimate.  If you are charitably inclined, you should not respond directly to the person or entity soliciting you, but rather first, confirm that the charity itself is legitimate.  Many phony charities have similar names to legitimate charities. You should always check out the legitimacy of the charity first before considering making a contribution.  A good place to find out if a charity is legitimate or merely has a name that sounds legitimate is  This website also will provide you with information as to how much of the charity’s collected donations actually are applied to its charitable works and how much goes to administrative fees and salaries.  As a general rule of thumb if a charity spends more than 25% of its donations on salaries and administrative costs, you may wish to contribute to another charity.

As for looking for videos and other “inside” information about the Orlando shootings,  many of the sources for that “exclusive” information will be infected with malware that will attack your computer and lead to your becoming a victim of identity theft.  So first and foremost, it is important to have good firewalls and security software installed and kept up to date on all of your electronic devices including your computers, smart phones, iPads and other portable devices that you use.  Many people may think to protect their home computers, but fail to protect their portable devices even though they may use these devices as much and even more than their home computers.  Second, you should not click on any link unless you are sure that it is legitimate and even if the link is contained in what appears to be a text message or social media posting of a friend, you can’t be sure that your friend has not had his or her account hacked into by an identity thief in order to make you more trusting than you should be of the message being sent.  Additionally, even if you receive a text, email or social media posting that actually is from a friend of yours, it may merely be passing on to you a tainted link that your friend does not realize they are helping to spread after receiving it themselves from a source that they should not have trusted.  Frankly, the safest course of action is not to click on any links from anyone that try to appeal to your curiosity about major public events such as this, but rather limit your search for information to legitimate news websites that you can be confident are not likely to contain tainted or provide  inaccurate information.  As for those people who lust after disturbing videos and photographs that they think they will only be able to access from “special” sources, those special sources are usually phony as are the videos and photographs that they provide, however, the malware that you get from them is very real and dangerous.

Scam of the day – May 31, 2016 – New WhatsApp scam

WhatsApp is a mobile messaging app for your smartphone that allows you to send text messages, photographs, videos and audio.  With more than a billion people using WhatsApp, it is not surprising that it has become attractive to scammers seeking to use its popularity to lure people into becoming scam victims.   I have reported to you for years about the various scams targeting WhatsApp users.    The most recent WhatsApp scam starts with a message that purports to be from WhatsApp offering an upgrade to a golden version of WhatsApp that it says will let you  make video calls, send up to a hundred pictures at one time and delete messages after you have sent them.   However, there is no golden version of WhatsApp and if you click on the link to upgrade your WhatsApp subscription you will end up downloading keystroke logging malware that can steal the information from your smartphone to be used to make you a victim of identity theft.


Never click on a link in an email or text message until you have independently confirmed that it is legitimate.  The risk of downloading malware is too great.  Even if your computer or other electronic device is protected with anti-virus and anti-malware security software, the best security software is always at least thirty days behind the latest malware.  Trust me, you can’t trust anyone when it comes to clicking on links.  Even if the link is contained in a communication that appears to come from a person or company you trust, you should always verify that it is legitimate before clicking on the link.

Scam of the day – May 2, 2016 – Another new USAA phishing scam

Yet another phishing email is turning up purporting  to be from USAA, the insurer of millions of members of the military as well as many veterans, telling you that you need to click on links in the email in order to resolve security issues.  Like many phishing emails,this one tries to convince you into thinking you must click on a link and provide personal information or suffer dire consequences when the truth is that if you click on the link or provide personal information, you will become a victim of identity theft as the criminal will use the information you provide to make you a victim of identity theft.  Alternatively, merely by clicking on the link provided in the email, you may download keystroke logging malware that will enable the identity thief to steal all of the information in your computer, laptop or other device and use that information to make you a victim of identity theft.  Here is a copy of the newest phishing email that is presently circulating.  DO NOT CLICK ON THE CONTINUE BUTTON.  As phishing emails go, the graphics are pretty impressive, however there are several grammatical errors including the word “temporal” being used instead of “temporary”.  It also  should be noted that the email is directed to “Dear Valued Customer” rather than your name and no account number is provided.  These are further indications that this is a scam.  Finally, this email was sent by an email address that had nothing to do with USAA, but was undoubtedly part of a botnet of computers using email addresses of hacked email accounts to send out the phishing email.


Frankly, whenever you get an email, you can never be sure who is really sending it to you.  Obviously if you receive this email and you do not have an account with USAA, you know it is a scam, however, if you receive something like this that appears to come from a company with which you do business, you should still not click on any links contained in the email unless you have independently confirmed with the company that the email is legitimate.  Remember, even paranoids have enemies.

Scam of the day – April 20, 2016 – DocuSign phishing scam

DocuSign is a company that provides technology for the transmission of contracts and other documents with features for electronic signatures.  The company is used by many companies.  Recently I received a phishing email, reproduced below that purported to be from an attorney that I know and with whom I do business asking me to click on a link to open a document that needed my signature.  The phishing email looked very professional and contained the DocuSign logo and appeared legitimate.  In the copy of the email below, I have blocked out the name and other personal information used to identify the attorney who was purported to have sent me the document.  DO NOT CLICK ON THE LINK TO VIEW DOCUMENTS.

This is a spear phishing email designed to lure the person receiving the email to click on the link and either provide personal information that could be used for identity theft, or, as more likely in this particular phishing attempt, merely by clicking on the link would have downloaded keystroke logging malware into the computer of the person clicking on the link.  This malware would have enabled the cybercriminal to steal all of the personal information from the computer and make that person a victim of identity theft.  This email was particularly dangerous because it came from someone with whom I do business whose email account was hacked and used to send out the spear phishing email.

Here is the email without the logo.

Please review and sign your document



Thomas has sent you a new DocuSign document to view and sign. Please click on the ‘View Documents’ link below to begin signing.

View Documents
Law Office of XXXXXXXXX

CONFIDENTIALITY NOTICE: This email message contains confidential information intended only for the person(s) or entity to whom it is addressed and is subject to attorney-client privilege. If you have received this email message in error, please destroy the original message.

CIRCULAR 230 DISCLOSURE: Pursuant to U.S. Treasury Regulations, we are now required to advise you that, unless otherwise indicated, any federal tax advice contained in this communication, including attachments and enclosures, is not intended and may not be used for the purpose of (1) avoiding tax related penalties under the IRC or (2) promoting, or recommending to another party any tax related matters addressed herein.


In this case, I actually followed my own advice as to never click on a link regardless of how legitimate the email or text message may appear until confirming that the message is legitimate.  I emailed back to the attorney and asked him to confirm that it was legitimate and answer a question which I knew only he would know the answer to.  The response I got from him was that he had been hacked and I should not click on the link.

The lesson here is clear.  You can never be sure when you receive an email as to who is really contacting you.  Although sometimes it is obvious when the email address of the sender does not correspond to who is represented as sending the email, but other times, such as in this case, the email account of someone or some company you trust could have been hacked and used to send you the malware.  Therefore you should never click on a link or download an attachment in an email until you have absolutely and independently confirmed that it is legitimate.


Scam of the day – March 19, 2016 – TurboTax phishing email

Turbo Tax is a popular online tax preparation company used by many people so it should come as no surprise, particularly at this time of year, that a phishing email is presently being circulated that appears to come from Turbo Tax with the title “Important Privacy Changes” in an attempt to get people to click on the link contained in the email purportedly to opt out of having their personal information shared with others.  The email is not sent by Turbo Tax.  It is a phishing scam intended to lure people into clicking on the link which will download keystroke logging malware that will steal your personal information from your computer, smart phone or other electronic device and use it to make you a victim of identity theft.

Here is a copy of the email presently being circulated, DO NOT CLICK ON THE LINK:


The first line of defense against phishing emails is to have good anti-virus and anti-malware software installed on all of your electronic devices as well as to take advantage of anti-phishing features in your web browser.  Also, keep all of your security software up to date with the latest security patches as soon as they are available.  However, even if you have the most up to date security software, it will not protect you from the latest malware.  Security software is always at least thirty days behind the newest “zero day” malware.

Never click on links in any text message or email unless you have absolutely confirmed that the link is legitimate and safe.  In a case such as this, the safest route is to avoid the email entirely and go directly to the website of the company, in this case Turbo Tax to find out if the email was legitimate or not.  When going to the company website, don’t go by clicking on links or typing in addresses contained in the text message or email.  Instead, independently type in the name of the website in your browser.

Scam of the day – March 7, 2016 – Bank of America phishing scam

Here is another good example of a phishing email that is presently being circulated.   It makes for compelling reading, but it is a scam.  Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.  They are a staple of identity thieves and scammers and with good reason because they work.  As always, they lure you by making it appear that there is an emergency that requires your immediate attention or else dire consequences will occur.  Here is a copy of a new phishing email that appears to come from Bank of America that is presently circulating.  This particular one came with particularly good looking graphics and a Bank of America logo, but it is a scam.  DO NOT CLICK ON THE LINK.

Online Banking Alert
Unauthorized Sign-In
As part of our security measures, during our system regularly scheduled account maintenance and verification procedures, we have detected a slight error in your online banking information. Our system requires account verification for more security and protection to your account.

To confirm this verification log into Online Banking and update your information.

Once you have verified your records, your Account Services will not be interrupted and will continue as normal.
Security Checkpoint: This email includes a Security Checkpoint. The information in this sectionnlets you know this is an authentic communication from Bank of America.
Bank of America, N.A. Member FDIC. Equal Housing Lenderhttp://
© 2016 Bank of America Corporation. All rights reserved.


An indication that this is a phishing email is that the email address from which it was sent had nothing to do with Bank of America, but most likely was from a computer that was part of a botnet of computers hacked into and controlled remotely by the scammer.  In addition, legitimate emails from your bank would include the last four digits of your account.  This email does not use the customer’s name or account number anywhere in the email.  As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call your bank at a telephone number that you know is accurate and you will be able to confirm that it is a scam.

Scam of the day – March 3, 2016 – Identity thieves stealing W-2s

Income tax identity theft is a multi billion dollar problem that costs the government and, by extension,  we the taxpayers billions of dollars each year while tremendously inconveniencing the individual taxpayers whose identities are stolen as it generally takes the IRS months to fully investigate each instance of identity theft and send to the victimized taxpayer his or her legitimately owed tax refund.  Armed with a potential victim’s name and Social Security number, it is a simple matter for an income tax identity thief to file a phony return with a counterfeit W-2 to obtain a fraudulent income tax refund.

Now, it appears sophisticated income tax identity thieves are stealing large numbers of legitimate W-2s containing all of the information the identity thieves need to file a fraudulent income tax return by sending phishing emails to HR and accounting departments within companies often posing as the CEO of the company or someone else in upper management requesting copies of all employee W-2s under various guises.  Other times, payroll management companies have been targeted using the same type of phishing emails.  In some instances, the phishing emails have been recognized as scams, but in other instances, companies have unwittingly handed over thousands of W-2s to clever identity thieves.


All companies have got to do a better job of training employees to recognize phishing emails and installing anti-phishing software programs.  In addition, dual factor authentication should be used before transmitting sensitive data to make sure that the person to whom the material is being sent is really who they represent they are.  These same lessons that apply to companies also apply to all of us as individuals, as well.  Phishing is done to steal the identities and information of unwary individuals every day and the best way to protect yourself is to start with remembering my motto, “trust me, you can’t trust anyone.”  Never provide personal information to anyone who asks for it by phone, text message or email unless you have absolutely confirmed that the request is legitimate and the person or company requesting the information has a legitimate need for the information.  Never click on links or download attachments from emails or text messages unless you have confirmed they are legitimate because those links and attachments could contain keystroke logging malware that can steal all of the information from your computer and use it to make you a victim of identity theft.  Finally, keep all of your electronic devices including your smartphone up to date with the latest security software patches.

Scam of the day – March 1, 2016 – Kohl’s cash loyalty program scam

Many of you are probably familiar with Kohl’s, a national department store chain.  Like many companies, it has a loyalty program.  Kohl’s loyalty program which is called “Kohl’s Cash” credits registered Kohl’s customers with ten dollars for every fifty dollars that customers spend at the store which can then be used for subsequent Kohl’s purchases.  Recently a number of Kohl’s customers Kohl’s Cash accounts were hacked and the hackers used the customers’ credit cards which were also registered with Kohl’s Cash to order large and expensive items that were then delivered to the Kohl’s customers whose accounts were hacked.  Although this might initially seem puzzling as to how a hacker could profit from the scheme, the effectiveness of the scheme becomes more apparent when you realize that what the hackers are really after is the Kohl’s cash generated by the purchases.  The Kohl’s cash is emailed to the hacker who has changed the account’s email address when he or she hacked into the account and upon receiving the Kohl’s cash credits use them to buy other products which he or she can then sell on the black market.  The reason the hackers initially order large sized items is to make it more inconvenient for the hacked customers to return the unordered merchandise to the store, which would cancel the corresponding issuance of Kohl’s cash on the transaction.

It does not appear that Kohl’s as a company has suffered a data breach as much as it appears that it is the accounts of individual Kohl’s customers whose accounts were hacked because the hacker had access to or was able to guess the customers’ passwords.


This scam again highlights the importance of having strong, unique passwords for each of your online accounts.  Often companies with weak security are hacked and the hackers steal passwords accessed in the data breach to access other accounts of the victims of the data breach when the same passwords are used.  Other times it is the victims themselves who have had their data stolen directly from their computer, laptop, smartphone or other electronic device when they have unwittingly downloaded keystroke logging malware, most often as a result of phishing that lured the unsuspecting victim into clicking on a link containing the malware.  Thus it is important to use strong, unique passwords for each of your accounts as well as maintain up to date security software on all of your devices as well as refrain from clicking on links in emails or text messages unless you have absolutely confirmed that the email or text message is legitimate.