Scam of the day – June 20, 2016 – LinkedIn phishing email

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work.  Here is a copy of a new phishing email that appears to come from LinkedIn that is presently circulating.  DO NOT CLICK ON THE LINK.  Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond.  Because LinkedIn has been in the news regarding a massive data breach, many people might be more likely to trust this email.  Don’t trust it.

“Dear Linkedin User

Due to the recent upgrade in linkedin you have to upgrade your account to keep using linkedin  or your account will be terminated.
In order to login click the link below
http://www.marcospomar.eliti.com.br/li/j/sign.htm
to login and wait for responds from linkedin.
We apologies for any inconvenience and appreciate your understanding.
Regards
LINKEDIN.”

TIPS

There are a number of indications that this is not a legitimate email from LinkedIn, but instead is a phishing email.  The email address from which it was sent has nothing to do with LinkedIn, but most likely was from a hacked email account that is a part of a botnet of computers controlled remotely by the scammer.  In addition, they also would not use the generic greeting “Dear LinkedIn User,” but would rather specifically direct the email to you by your name. Another indication that this is a scam is the poor grammar where the email reads, “We apologies for any inconvenience.”  English is often not the primary language of many scammers based around the world and it shows in their grammar.

As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the company at a telephone number you know is accurate where you can confirm that it is a scam and make sure that you dial the telephone number correctly because scammers have been known to buy phone numbers that are just a digit off of the legitimate numbers for companies to trap you if you make a mistake in dialing the real number.

 

Scam of the day – July 21, 2012 – LinkedIn class action

Following up on the “scam of the day” of July 13th which dealt with data breaches at Yahoo, LinkedIn and others, you should be aware of a class action that has been filed in the U.S. District Court for the Northern District of California on behalf of all LinkedIn users.  According to the lawsui,t LinkedIn violated its own user agreement as well as industry standards by not fully encrypting its users’ personal information and by failing to store that information on separate servers from users’ passwords.  Additional allegations of lax security were also made.  I will keep you informed as to the progress of this class action.

TIPS

Don’t merely depend on the companies with which you do business to protect your personal information.  You should do the best you can to keep your information secure online.  Don’t store your credit card numbers on the websites of companies with which you do business online.  Put a credit freeze on your credit report to keep it safe even if a company with your information is hacked.  Don’t give out your Social Security number unless you absolutely must and use different and complex passwords for every company with which you do business online so that if one company is hacked, the identity thief does not have your password for everywhere else.

Scam of the day – July 14, 2012 – More Yahoo dangers

Data breaches such as occurred this week with Yahoo, which shockingly did not even encrypt the data of its users often lead to even more scams through the use of the email addresses of the hacked individuals to send out phishing emails to unsuspecting victims who see an email from a trusted source that may contain a link that they click on to and unwittingly download malware such as keystroke logging programs that can steal all of the information off of your computer, such as your Social Security number, passwords, credit card numbers and more.  The risk of these types of phishing scams always increases following a large data breach such as the recent Yahoo, Formspring and LinkedIn data breaches.

TIPS

Always check with any website or company that will have information about you as to their own security.  Also do not store credit card numbers with companies that you do business with online.  It may be convenient for you to do so, but it exposes you to greater risk if there is a data breach.  Finally, never click on any link in an email even one from a friend until you have confirmed that it is legitimate by contacting the friend directly to make sure that it was he or she that sent it.  And even then you may wish to consider where they got the link to make sure that they are not unwittingly passing on malware to you.

Scam of the day – July 13, 2012 – Yahoo data breach and how to protect yourself

Data breaches are a fact of modern digital life.  This week hundreds of thousands of Yahoo users had their usernames and passwords stolen from one of their databases and just within the past month social network sites Formspring and LinkedIn had their databases hacked into resulting in the loss of personal information of millions more people.  It is important to remember that your own personal security is only as safe as the company with the weakest security that holds your information.  But there are things you can do to protect yourself.

TIPS

Do not give your Social security number to companies that request it unless you truly legally must do so.  Your Social Security number is the key to identity theft and can provide access to to your credit report which in turn can provide an identity thief with access to your credit.  Use complex passwords and use different passwords for each of your accounts so that if a breach occurs, not all of your accounts are in jeopardy.  It is easy to pick  a passowrd with numbers and letters and just vary it slightly from account to account.  Put a credit freeze on your credit report so that even if someone gets your Social Security number and name, they cannot get access to your credit report. With a credit freeze, you credit report can only be accessed through a PIN that you keep private.