Scam of the day – May 12, 2017 – Mother’s Day scams

Every day is Scam Day and Mother’s Day is no exception.  Although for many of us, Mother’s Day is an opportunity to show our mothers how much we love and appreciate them, for scam artists, the only criminals we refer to as artists, it is yet another opportunity to scam people.  One common Mother’s Day scam involves an email that you get offering Mother’s Day gifts such as flowers, jewelry, shoes or clothing at tremendously discounted prices.  All you need to do is to click on a link to order online.  The problem is that many of these offers are indeed scams.  If you click on the link, one of two things can happen and both are bad.  Sometimes the link will take you to an order form where you provide your credit card information, but never get anything in return.  Instead your credit card information is used to make you a victim of identity theft.  Even worse is the other possibility which is by clicking on the link, you will unwittingly download a keystroke logging malware program that will steal all of the personal information stored on your computer and use that information to make you a victim of identity theft.

Also, be careful when making online purchases.  Merely because a website offering great prices may be highly listed on Google or other search engines does not mean that it is legitimate.  All it means is that the scammers know how to manipulate the positioning of their website in a Google search.  Check out any company with which you may not be familiar with the Better Business Bureau or even Google the company’s name with the word “scam” added to the search and see what you come up with.  Even if you are dealing with a legitimate online company, make sure that your communications are encrypted when you are sending personal information or credit card information.  The easy way to do this is to look to see if the beginning of the web address of the company changes when you go to the page to input this information from “http” to “https” indicating that your data is being encrypted.  And of course, don’t use your debit card for retail purchases either online or in a brick and mortar store because you have less protection from fraud with a debit card than a credit card.

Finally, another Mother’s Day involves e-cards which are great, particularly for those of us who forget to get a Mother’s Day card until the last minute.  However, identity thieves will send emails purporting to contain a link to an electronic Mother’s Day card, but instead download that dangerous keystroke logging malware that I described above.

TIPS

It is always dangerous to buy anything online from any store or company with which you are not familiar.  Check out the company with the Better Business Bureau, your state’s Attorney General, the Federal Trade Commission or just do a Google search to see if the company is legitimate.  Even then you are better off going directly to the company rather than dealing with a company through an email that may just be a forgery of an email from a legitimate company.  As always, if  the offer you receive sounds too good to be true, it usually is.  As for e-cards, never open an e card unless it specifically indicates who sent the card.  Phony e cards will not indicate the name of the sender.

Scam of the day – May 6, 2017 – Google Docs phishing scam

A phishing email is presently being sent to unsuspecting victims that urges you to click on a Google Docs link.  A copy of one version of the email is reproduced below. Clicking on the link will turn over your Gmail account to the scammer which not only will give the hacker access to all of your emails, but also your contact list which will enable the hacker to contact your friends with emails that appear to come from you and will be used to lure your trusting friends into clicking on links that can download keystroke logging malware that can lead to identity theft or ransomware.

TIPS

Never click on links or download attachments regardless of from where they may appear to originate unless you have verified that the email is legitimate.  In addition, even people who fell for this scam, would be safe if they used dual factor authentication for their Gmail account which would prevent someone who had your password from accessing your account.  With dual factor authentication, when you go to access your account a special code is sent to your cell phone if the request to access your account comes from a different computer or device that you generally use.  You can sign up for Google’s dual factor authentication by clicking on this link:  https://www.google.com/landing/2step/

Scam of the day – May 3, 2017 – New USAA phishing scam

USAA is the insurer of millions of members of the military as well as many veterans so it is no surprise that it is the basis for a new phishing email presently being circulated.  As with so many phishing emails, this one tells you  that you need to click on links in the email in order to resolve security issues.  The truth is that if you click on the link or provide personal information, you will become a victim of identity theft as the criminal will use the information you provide to make you a victim of identity theft.  Alternatively, merely by clicking on the link provided in the email, you may download keystroke logging malware that will enable the identity thief to steal all of the information in your computer, laptop or other device and use that information to make you a victim of identity theft.   In another scenario, clicking on the link will download dangerous ransomware.

Here is a copy of the new phishing email that is presently circulating.  DO NOT CLICK ON THE LINKS.  As phishing emails go, the graphics are pretty impressive, however there are grammatical errors including the word “has” being used instead of “have”.  It also  should be noted that the email is directed to “Dear Customer” rather than your name and no account number is provided.  These are further indications that this is a scam.  Finally, this email was sent by an email address that had nothing to do with USAA, but was undoubtedly part of a botnet of computers using email addresses of hacked email accounts to send out the phishing email.

 

TIPS

Frankly, whenever you get an email, you can never be sure who is really sending it to you.  Obviously if you receive this email and you do not have an account with USAA, you know it is a scam, however, if you receive something like this that appears to come from a company with which you do business, you should still not click on any links contained in the email unless you have independently confirmed with the company that the email is legitimate.  Remember, even paranoids have enemies.

Scam of the day – April 17, 2017 – PayPal phishing scam

PayPal is a popular payment service used by many people particularly with eBay.  Therefore it can seem plausible when you receive an email that purports to come from PayPal asking you to clear up an undisclosed problem with your account.  However, anyone responding to the email copied below would either end up providing personal information to an identity thief or merely by clicking on the link could download keystroke logging malware that will steal the information from your computer and use it to make you a victim of identity theft.  DO NOT CLICK ON THE LINK.

This particular phishing email is not particularly sophisticated. Although it came with what appears to be a legitimate PayPal logo, that logo is easy to counterfeit.  More importantly It came from an email address of a private person rather than that of PayPal.  The address used, most likely, is that of someone whose email account and computer was hacked in order for the identity thief to send out these phishing emails in mass quantities through a botnet. It also is not directed to you personally as PayPal would do with all of its legitimate communications which is an indication that this is a phishing scam.   Additionally, the salutation is spelled incorrectly where it reads “Dear Costumer.”

TIPS

The primary question we all face when we receive such an email asking for personal information or urging us to click on a link is how do we know whether to trust the email or not.  The answer is, as I always say, trust me, you can’t trust anyone.  Regardless of how legitimate such emails appear, you should not provide any personal information or click on any links until you have independently verified by phone call or email to an email address that you know is accurate that the request for personal information is legitimate.  In the case of PayPal, if you have a question about your account, you can contact PayPal online here https://www.paypal.com/re/selfhelp/home

Scam of the day – April 16, 2017 – Federal Express phishing email

Shown below is a copy of an email that I received recently that purports to be from Federal Express urging me to click on a link to the oddly worded “message with the required information” without any indication as to to what the “required information” relates.  This is just another clever, legitimate appearing phishing email attempting to lure me into clicking on the link.  DO NOT CLICK ON THE LINK.  Clicking on the link either in an email that you might receive or the one shown below  would either take you to another legitimate looking page where you would be prompted to input personal information that would be used to make you a victim of identity theft or would download on to your computer a keystroke logging program that will steal all of the information from your computer including passwords, credit card numbers, your Social Security number and other personal information that would be used to make you a victim of identity theft.   Phishing emails like this are also used to trick people into unwittingly downloading ransomware. If you look closely at the email, you will note that even though it has the Federal Express logo and looks quite official, there are a number of tip offs that this is indeed a phishing scam.  What is not shown on the email as copied below is that it is sent from an address that is not that of Federal Express.  The email of the sender is that of a private individual who, most likely, had his or her email account hacked and used as a part of a botnet to send out these types of phishing emails.  The email also never refers to me by name.only refers to me as customer rather than by my name.  It is also important not to click on the “unsubscribe” link because that too may be loaded with malware.

FedEx Express

We have sent you a message with the required information.
Click here to open this email in your browser.

Thanks for choosing FedEx®.

More details
This message was sent to **************. Please click unsubscribe if you don’t want to receive these messages from FedEx Express in the future.
©2017 FedEx. The content of this message is protected by copyright and trademark laws under U.S. and international law.
Review our privacy policy. All rights reserved

TIPS

If you receive on any email from a company that asks you to click on a link, you should hesitate to do so, particularly if it appears bogus as this one does.  If you have the slightest thought that the email may be legitimate, rather than click on the link, go to the website of the company, which in this case is www.fedex.com or call them directly at 1-800-463-3339.

Scam of the day – April 14, 2017 – Easter scams

With Easter approaching on Sunday, this is a good time to warn people about Easter scams.  Whatever is of interest to the public is of interest to scammers who are always looking to turn the public’s interest in anything into a scam.  One of the Easter related scams about which the Department of Homeland Security’s National Cyberawareness System involves phony shipping notifications from the U.S. Postal Service, UPS, FedEx or any other delivery company that are merely attempts to trick people into providing personal information that can be used to make the person a victim of identity theft.  Another common Easter scam is electronic greeting cards which download malware such as keystroke logging malware used to make you a victim of identity theft or ransomware used to encrypt your data and destroy it if you do not pay a ransom.

TIPS

You do not have to provide sensitive personal information in order to receive a package delivered by the U.S. Postal Service or a private carrier. If you receive such a notice about a delivery you were not expecting, you can check with the U.S. Postal Service, or the private carrier at a telephone number that you know is accurate in order to determine if the original communication to you was a scam.

Electronic greeting cards are tremendously easy to use and can be particularly helpful if you are late remembering to send a card on a particular occasion, however, you should never click on a link in a notification that you have received an electronic greeting card unless you have confirmed that the person you know actually sent you the card. Never click on links in electronic greeting cards from “an admirer” or any other term designating someone without a name.

Scam of the day – April 8, 2017 – Apple phishing email

Today I received an email from Apple Tech Support or at least that is from where the email represented it was being sent even though the email address from which the email was actually sent was the email address of a private individual who most likely had his email account hacked and used by a scammer to send out the phishing email.

The email I received is copied below.  DO NOT CLICK ON THE LINK.

The email  purported to inform me that for security reasons I needed to confirm my identity and provided a link for me to click on to provide the necessary information to regain use of my Apple account.  This is a phishing scam.  If you click on the link contained in the email, you will either download keystroke logging malware that can steal your personal information from your computer and lead to your becoming a victim of identity theft or be taken to a legitimate appearing page where you are lured into providing your personal information that will also result in your becoming a victim of identity theft.  Other times by clicking on the link you will unwittingly download dangerous ransomware.

TIPS

This particular phishing email has many signs that is a a scam.  It is addressed to “Dear Client” rather than to me by name.  In addition, the first sentence is grammatically incorrect.  Often these scams originate in countries where English is not the primary language and this is reflected in these phishing scams.  While the Apple logo looks legitimate, this is easy to copy.  The key thing to remember is, as I always am saying, “trust me, you can’t trust anyone.”  Never click on links in emails unless you have absolutely confirmed that the communication is legitimate.  If you received an email such as this and you had the slightest thought that it might be legitimate, you should merely contact the real company, in this case, Apple, at a phone number or online independently of the email and at a telephone number or email address that you know is correct.

Dear Client,

Your AppleID  was suspended until we’ve response from you.

We are temporarily restricting modifications to this account as a security precaution. Please go to (https://appleid.apple.com) and confirm your identity to regain access to your account.

Your account will have restricted functionality until we hear from you.

Thanks,
Apple Customer Support

Terms of Service • Privacy Policy
Copyright © 2017 Apple Inc. 1 Infinite Loop, Cupertino, CA 95014. • All Rights Reserved

Scam of the day – March 14, 2017 – Email phishing scam

As I have mentioned many times before, email phishing scams start when you receive an email that purports to be sent from your email server informing you that there is some problem with your account which requires you to click on a link in order to remedy the problem.  Many times the email purports to come from your specific provider; sometimes from a provider you do not even use.   Today’s phishing email scam, however, is generic in that it doesn’t even indicate the name of your email server.

Here is a copy of an email that is presently finding its way into many people’s email boxes.  This is a phishing scam.  DO NOT CLICK ON THE LINK.  Clicking on the link will result in either your downloading a keystroke logging malware program that will steal all of the information from your computer such as your Social Security number, credit card numbers and banking information that will then be used to make you a victim of identity theft or when you click on the link you will be prompted to provide personal information that will also be used to make you a victim of identity theft.

“Your mailbox has exceeded the storage limit 1 GB, which is defined by the administrator, you are running at 99.8 gigabytes, you can not send or receive new messages until you re-validate your mailbox.
To renew the mailbox,

Click Here
WARNING! Protect your privacy. Logout when you are done and completely exit your browser.”

Some phishing emails are better than others and this one was not very convincing.  The email address from which it was sent was not from an email provider.  Instead, the address of someone whose email had been hacked and made a part of a botnet of computers used by identity thieves to send out their phishing emails was used  In addition, this email is not directed to you by name.    As with many of these scams that often originate in foreign countries where English is a second language, the grammar is suspect as where in the email commas are used improperly.

TIPS

The most important thing to remember is to never click on links in emails or download attachments unless you are absolutely sure that they are legitimate.  In this particular case, it is easy to see that it is a scam.  Additionally, you should make sure that your anti-malware and anti-virus software are installed and up to date with the latest security updates while remembering that you cannot totally rely on your security software to protect you because it generally takes about thirty days from the discovery of new malware for the security software companies to come up with new patches and updates.

Scam of the day – February 10, 2017 – Valentine’s day scams

Valentine’s day is rapidly approaching.  Valentine’s day is a very important day to many people including scammers and identity thieves who always manage to find an opportunity in whatever is going on to scam you out of your money.  There are many Valentine’s day scams, but the most prevalent are phony florists, online dating scams, phony Valentine’s day electronic greeting cards and delivery scams.

Scammers set up phony florist websites or send you an email purporting to be from a local florist with a great deal you merely have to click on in order to save a great deal of money on flowers.

Online dating scams are plentiful with most revolving around scammers quickly professing true love for you and then asking for money.

Electronic greeting cards are a great way to send a Valentine’s day card at the last minute when you forgot to get one ahead of time, but phony electronic greeting cards can be filled with malware and if you click on the link to open the card, you will infect your computer or other electronic device with malware that will steal your personal information and use it to make you a victim of identity theft.

A common delivery scam operating on Valentine’s day involves a delivery of a gift basket of wine and flowers to you, however the person delivering the gift basket requests a small payment, generally five dollars or less, as a delivery fee because alcohol is being delivered.  The person delivering the basket will only accept a credit card as payment.  When you turn over your credit card, the scammer then takes down the information and runs up charges on your credit card.

TIPS

Never trust an online florist or other retailer until you have checked them out to make sure that they are valid.  Otherwise, you might be turning over your credit card information to a scammer.  It is also important to remember, as I constantly warn you, that you can never be confident when you receive an email, particularly one with a link in it or an attachment to download, if the person sending you the email is who they claim to be.  Clicking on links sent by scammers can download keystroke logging malware on to your computer or other electronic device that will, in turn, enable the identity thief to steal personal information from your computer and use it to make you a victim of identity theft.  Always confirm the legitimacy of an email or text message before clicking on links contained in the message.

As for online dating scams, of course you should be wary of anyone who immediately indicates he or she is in love with you and then asks for money.  Some other telltale signs of an online romance scam include wanting to communicate with you right away on an email account outside of the dating site, claiming to be working abroad, asking for your address and poor grammar which is often a sign of a foreign romance scammer.  Many romance scams originate in Eastern Europe.

Never trust an online greeting card, particularly if it does not indicate from whom it is being sent.  Be very wary of a card sent by “an admirer.”  Even if you recognize the name, confirm that it was really sent from that person before you click on the link and open the card.

In regard to the delivery scam, there is no special delivery charge for alcohol so if someone requires a payment for such a delivery and on top of that won’t accept cash, merely decline the gift.

Scam of the day – February 5, 2017 – Whats app phishing scam

WhatsApp is a mobile messaging app for your smartphone that allows you to send text messages, photographs, videos and audio.  With more than a billion people using WhatsApp, it is not surprising that it has become attractive to scammers seeking to use its popularity to lure people into becoming scam victims.   I have reported to you for years about the various scams targeting WhatsApp users.    The most recent WhatsApp scam starts with an email reproduced below that appears to be from WhatsApp requiring you to click on a link to receive a message. DON’T CLICK ON THE LINK.   Although it looks legitimate, it is a scam with the first indication of this being the email address sending the message is an address that has nothing to do with WhatsApp.  Most likely it is from an innocent victim whose computer has been hacked and made a part of a botnet to send out malware.   If you click on the link you will end up downloading keystroke logging malware that can steal the information from your smartphone to be used to make you a victim of identity theft.

WhatsApp
New voice mail.
Information
Feb 2 10:01 PM
05 sec
Listen

TIPS

Never click on a link in an email or text message until you have independently confirmed that it is legitimate.  The risk of downloading malware is too great.  Even if your computer or other electronic device is protected with anti-virus and anti-malware security software, the best security software is always at least thirty days behind the latest malware. Trust me, you can’t trust anyone when it comes to clicking on links.  Even if the link is contained in a communication that appears to come from a person or company you trust, you should always verify that it is legitimate before clicking on the link.