Scam of the day – December 23, 2012 – Federal Express Phishing scam

Shown below is a copy of an email that I received recently that purports to be from Federal Express informing me that a delivery was attempted to be made to me of a package someone had sent to me, but that the attempt was unsuccessful.  The email instructs me to click on a link to print out a postal receipt to take to the nearest Federal Express office in order to retrieve the package.  Don’t click on the link either in an email that you might receive or the one shown below because to do so would only download on to your computer a keystroke logging program that will steal all of the information from your computer including passwords, credit card numbers, your Social Security number and other personal information that would end up making you a victim of identity theft.  If you look closely at the email, you will note that even though it has the Federal Express logo and looks quite official, there are a number of tip offs that this is indeed a phishing scam intended to look like a legitimate email, but actually intended to get you to download malware.  What is not shown on the email as copied below is that it is sent from an address that is not that of Federal Express.  The email also only refers to me as customer rather than by my name.  It is also important to note that the communication came to my email address which is not information that Federal Express has for the receiver of a delivery.  The email also refers to “the post office” while Federal Express deliveries are not made to post office.  Finally, you should note the poor grammar where it reads, “go to the nearest our office.”  Poor English grammar is often an indication of a scam that has not originated in the United States or an English speaking country.

TIPS

If you receive on any email from a company that asks you to click on a link, you should hesitate to do so, particularly if it appears bogus as this one does.  If you have the slightest thought that the email may be legitimate, rather than click on the link, go to the website of the company, which in this case is www.fedex.com.  If you had done so in this particular case you would have found a holiday email scam alert informing you that the email is a scam.

Here is the copy of the email I received.

FedEx  
   
Order: VGH-5698-0841660613  
Order Date: Friday, 14 December 2012, 01:21 PM<*+++/td>

Dear Customer,

Your parcel has arrived at the post office at December 20.Our courier was unable to deliver the parcel to you.

To receive a parcel, please, go to the nearest our office and show this receipt.

 

     

DOWNLOAD POSTAL RECEIPT

    Best Regards, The FedEx Team.  

Scam of the day – December 15, 2012 – Sandy Hook Elementary School shooting identity theft threat

Yesterday’s horrible news of the tremendous loss of life as a result of the actions of  deranged gunman Adam Lanza killing adults and children at the Sandy Hook Elementary School in Newtown, Connecticut is, unfortunately, just the type of story that often leads to people becoming victims of identity theft.  As some people search for information to help them better understand what happened while others scour media for exclusive photographs or videos of the events out of a macabre curiosity, both groups of people can become easy victims of identity theft schemes quickly constructed by media savvy identity thieves who will use all forms of media from text messages, emails, social media postings and search engine directed phony websites to entice people to click on links contained within these various forms of communication that will purport to provide information, photographs or videos about the shootings, but instead will only result in the people who click on these links unknowingly downloading dangerous keystroke logging malware that can read all of the information contained on the computers of those people clicking on the tainted links.  The information stolen in this manner can include passwords, Social Security numbers, credit card numbers, bank account numbers and other information that will lead to the identity theft of these people.

TIPS

First and foremost, it is important to have good firewalls and security software installed and kept up to date on all of your electronic devices including your computers, smart phones, iPads and other portable devices that you use.  Many people may think to protect their home computers, but fail to protect their portable devices even though they may use these devices as much and even more than their home computers.  Second, you should not click on any link unless you are sure that it is legitimate and even if the link is contained in what appears to be a text message or social media posting of a friend, you can’t be sure that your friend has not had his or her account hacked into by an identity thief in order to make you more trusting than you should be of the message being sent.  Additionally, even if you receive a test, email or social media posting that actually is from a friend of yours, it may merely be passing on to you a tainted link that your friend does not realize they are helping to spread after receiving it themselves from a source that they should not have trusted.  Frankly, the safest course of action is not to click on any links from anyone that try to appeal to your curiosity about major public events such as this, but rather limit your search for information to legitimate news websites that you can be confident are not likely to contain tainted or inaccurate information.  As for those people who lust after disturbing videos and photographs that they think they will only be able to access from “special” sources, those special sources are usually phony as are the videos and photographs that they provide, however, the malware that you get from them is very real and dangerous.

Scam of the day – November 27, 2012 – AOL deactivation scam

AOL customers have been receiving an email that purports to be from the “AOL Verification Team,” the first sentence of which reads exactly as follows: “This E-mail been sent to you by the AOL Verification Team to inform you that your account will be deactivated within the next 24 hours due to several unsuccessful log in attempt on your account.”  The email then sends you to a link to click on in order to prevent this from happening.  This email message is a scam and if you click on the link you will download a keystroke logging malware program that will steal all of the personal information from your computer and make you a victim of identity theft.

TIPS

This email scam is extemely amateurish.  It is addressed to “Dear Customer” rather than the recipient’s name.  Although it purports to be from AOL Account Services, the email address from which it comes is a person’s name at earthlink.net.  It is certainly doubtful that AOL would use Earthlink for emails. In addition, the grammar is atrocious.  Finally, when AOL contacts you on official matters it uses what it calls AOL Certified Mail which comes in the form of a blue envelope in your inbox and will have an AOL seal on the border of the email.  Whenever in doubt about a message that asks you to click on a link, call who the sender purports to be and confirm whether or not it is a scam.  Finally, remember to keep your firewall and security software up to date.

Scam of the day – November 25, 2012 – Pornography connection with identity theft

One of the biggest threats of identity theft occurs when  people unwittingly download keystroke logging programs that can read all of the information in their computers and use it to steal the identity of the victim.  Often this occurs when people go to websites or respond to emails that promise free music, free games or free pornography.  In addition, a recent study done by Dr. Christopher Ahlers, a German therapist found that about two thirds of the sixty million people who access free pornography websites each day do so at work which puts the data in their employers’ computers in danger of being hacked and used for identity theft.  This is no idle threat.    A few years ago free pornography was used as the lure to hack into the computers of the Port Orange, Florida police department that resulted in more than 300,000 people becoming victims of identity theft.

TIPS

Employers should follow the lead of the Department of Defense which has issued a prohibition against workers accessing pornography on their computers at work.  Companies should make sure they educate their employees about the dangers of identity theft in attempting to access free pornography, music or games.  In addition, care should be taken to make sure that business computers protect information through encryption and also that they are utilizing the latest firewall technology and security software as well as making sure that their security software is regularly and automatically update.

Scam of the day – November 23, 2012 – Division of Unemployment Assistance scam

Today’s scam of the day comes directly from my email box as well as that of many other people.  It indicates that it is from the “Division of Unemployment Assistance” which sounds official although in my home state there is no state agency that has that title.  The subject line of the email reads “Action Required – Time Sensitive Material” and certainly is an attention grabber.  It goes on to say that a former employee has filed a claim for benefits and requests certain information be sent electronically by clicking on links provided.  The email further carries a sense of urgency because it indicates that if the informaiton is not provided in a timely fashion, I would lose my right to appeal any decision made by the agency.  Certainly people who are not employers will recognize immediately that this is a scam, however, people who are employers may be tempted to respond to the email.  Don’t.  If you do you can end up a victim of identity theft.

TIPS

Some of the indications that the email is a scam include that it does not name either the employee seeking benefits or the name of the company to which the email is directed.  In addition, the email contains only text without any logo for a particular state agency.  Finally, in my case and perhaps in yours, the agency is misnamed.  In Massachusetts, for instance the agency is the “Department of Unemployment Assistance” not the “Division of Unemployment Assistance.”  Clicking on the link can result in your either downloading a dangerous keystroke logging program that can steal all of the information from your computer and making you a victim of identity theft or your providing personal information through a phony form page you are taken to when you click on the link whereby the information you provide can lead to your becoming a victim of identity theft.  If you have any concerns that the email may be legitimate, call your state agency at a telephone number that you know is accurate and inquire as to whether indeed the notice was legitimate.  You will find that it was not.

Scam of the day – November 19, 2012 – Holiday shopping scams part 1

Imagine Andy Williams singing, “It’s the Most Wonderful Time of the Year” and it may be for many people, but it is not so wonderful if you have been scammed by scammers who really do find the holiday shopping season to be the most wonderful time of the year – for them.  Today’s scam of the day will be the first of many that I will be doing that deal with holiday shopping scams.  I received an email today showing me how I could get iPad 2s and iPhones at 90% discounts by clicking on links and ordering them online.  If I had clicked on the links, all I would have succeeded in doing would have been paying electronically for goods that I never would have received.  Meanwhile, by clicking on the links, I also would have run the risk of unknowingly downloading keystroke logging malware that could have stolen all of the information from my computer, such as my Social Security number, credit card number and other financial data and made me a victim of identity theft.

TIPS

If an offer sounds too good to be true, it usually is.  Scammers always pick the most popular and expensive items to lure people into sending them money for goods that never are delivered.  Never click on links in emails, tweets or text messages unless you are sure the communications are legitimate and it is hard to do so without calling the legitimate company because even if it truly appears to be coming from a legitimate person or entity, their email, twitter, or smart phone may have been hacked into and the communication you receive is from a scammer.  Only deal with companies that you know are legitimate and confirm that you are actually on a website that you know is legitmate because phony websites can look quite good.

Scam of the day – November 13, 2012 – Online greeting card scams

As we begin our descent into the holiday season there will be many holiday season related scams which we will be discussing over the next few weeks.  One that has been very prevalent of late is that of online greeting cards.  They are easy to send.  Many are free.  Many are very entertaining and they offer a chance to send a timely greeting even if you have forgotten an important holiday, birthday or anniversary until the last minute.  However, they also are fraught with scams and dangers.  Clicking on a phony online greeting card sent to you can result in your downloading a keystroke logging program that will steal all of the information from your computer and make you a victim of identity theft.

TIPS

When a legitimate card is sent to you, the email message will state the name of the person who is sending you the card.  When the message states that it is from “a friend” or a “secret admirer” you should not click on the link because if you do so, you will download a dangerous keystroke logging program.  As an additional precaution you should also make sure that your Firewall and security software are constantly kept current and up to date.  Finally, if you get an online greeting card from a name that is a common name, you should contact that person before opening the card to make sure that the card is legitimate.