Scam of the day – August 16, 2017 – Hackers targeting hotel Wi-Fi

The security company Bitdefender has identified new tactics being used by a notorious hacking group known as DarkHotel to hack into the computers of hotel guests.  DarkHotel has been operating for about ten years now and until recently had been specifically targeting business travelers in order to gain access to their companies’ computers and the data contained therein. Recently , however, DarkHotel has expanded its targets to include political figures, as well.  DarkHotel has exploited vulnerabilities in hotel Wi-Fi to achieve its attacks.

A key element in the success of DarkHotel has been their successful use of spear phishing emails that have been used to lure unsuspecting victims into clicking on links and downloading malware.

TIPS

Whether you are a high profile business person, a politician or a regular citizen, spear phishing is one of the biggest threats to your security and well being.  Spear phishing emails or text messages are personally crafted emails or text messages that have been created using information about you, your job, your interests and other aspects of your life to lure you into clicking on a link and downloading malware.  Most of the major data breaches as well as personal data breaches have been initiated through phishing so the lesson is clear.  Trust me, you can’t trust anyone.  Never click on links in emails or text messages unless you have absolutely confirmed that they are legitimate.

Scam of the day – July 30. 2017 – AOL phishing scam

Millions of people still use AOL.  One reason is that you get greater email privacy when compared to some other email carriers. Due to its popularity, scammers and identity thieves often send out phishing emails that appear to come from AOL, such as the one reproduced below.  The logo and format of this particular email that is presently circulating is quite poor.  Compare it to the excellent counterfeit phishing email I included in the Scam of the Day for May 31, 2014.  This one comes from an email address that has no relation to the company, AOL.  Further, it is not directed to the recipient specifically by name.  Like many similar scams, this one works by luring you into clicking on a link in the email in order to resolve a problem.  However, if you click on the link, one of two things will happen.  You either will be prompted to provide information that will be used to make you a victim of identity theft or by clicking on the link you will unwittingly download a keystroke logging malware program that will steal all of the information from your computer and use it to make you a victim of identity theft.   Here is how the email appears.  DO NOT CLICK ON THE LINK:
“Dear Aol User
You can not send or receive new messages until you re-validate your mailbox.
To renew the mailbox,
Click below: Login&Complete
Thank you!
Webmail Administrator.”
TIPS
When AOL communicates with its customers about their accounts, they do so by AOL Certified Mail, which will appear as a blue envelope in your inbox and will have an official AOL Mail seal on the border of the email.  This particular email had neither and only had an easy to counterfeit AOL logo appear on the email.  Whenever you get an email, you cannot be sure of from whom it really comes.  Never click on a link unless you are absolutely sure that it is legitimate.  If you think the email might be legitimate, The best thing to do is to contact the real company that the email purports to be from at an address or phone number that you know is accurate in order to find out if the communication was legitimate or not. Remember, never click on links in emails unless you have confirmed that they are legitimate.

Scam of the day – July 17, 2017 – WWE data breach puts millions at risk of identity theft

The World Wrestling Entertainment (WWE) formerly known as the World Wrestling Federation (WWF) until it lost an intellectual property dispute with the World Wide Fund For Nature (WWF), is the popular company that promotes professional wrestling around the globe.  Recently it was disclosed that databases filled with personal information of users of its website were stored in an unprotected server making them accessible to anyone who came upon them.

The good news is that the compromised information did not include credit card information or passwords, which would have posed a tremendous threat of identity theft to the people whose information was stored in the unprotected servers.  However the bad news is that the type of information that was compromised included names, email addresses, ages and other information that could be used to formulate spear phishing emails that could be used to attack the victims of the data breach.

Spear phishing occurs when you receive an email or a text message intended to lure you into clicking on a malware infected link that can be used for purposes of identity theft, ransomware or other sinister purposes. What distinguishes spear phishing from mere phishing is that with spear phishing, the communications to you have been specifically tailored with personal information to trick you into trusting it.

TIPS

One lesson from this data breach is to remember that you are only as secure as the places that have your personal information with the weakest security.  Therefore limit the places to which you provide your personal information as best you can.  In addition, there is no law that requires you to provide accurate and truthful information when going to a website asking for your age or other personal information so you can make up information to provide in order to gain access to a particular website.

Another important lesson is to always be skeptical of any email or text message that you receive that asks you to click on a link.  You can never be sure it is legitimate so never click on a link until you have confirmed that the communication is legitimate.

Finally, remember to keep all of your electronic devices updated with the latest security software recognizing that even the newest updates will not protect you from new zero day defects that have not been seen previously.

Scam of the day – July 11, 2017 – Another Delta Airlines Facebook scam

It was just eight days ago that I warned you about a scam involving Delta Airlines’ Skymiles program where people were being tricked into providing personal information about their Skymile accounts that is then used for purposes of identity theft.

Now a new scam involving Delta Airlines is appearing on Facebook in which you are told that Delta is giving away free airline tickets to celebrate its 88th birthday.  However this is a scam.  The Facebook posting asks you to like and share the post as well as complete a survey in order to get your tickets.  However, there are no free tickets and if you complete the survey, you turn over information to a scammer who can use it to make you a victim of identity theft.

Here is a reproduction of what appears on your Facebook page.

TIPS

A good starting point for recognizing that this is a scam is the fact that Delta Airlines is 93 years old so it is a bit late to be celebrating its 88th birthday.  It is also important to know that Delta only makes legitimate offers on its own official websites.

These types of scams entice people to share and like the posting in order to take advantage of Facebook’s algorithms that value the popularity of postings measured by likes and shares which then appear on the Facebook pages of more people.  Scammers are able to change the content of what is shared or liked to something entirely different through a technique called “farming.”  This is often done in order to send advertising or gather marketing information, but it also can be done to send malware infected content that can steal personal information from your computer and use it to make you a victim of identity theft.

When you see one of these “too good to be true” offers, the best course of action is to check with the company’s legitimate website where you will learn whether or not the offer is indeed legitimate.

Scam of the day – June 18, 2017 – Identity thieves hack Federal Student Aid website

The Free Application for Federal Student Aid (FAFSA) is a part of the U.S. Department of Education used by college students to apply for much needed financial aid to assist them in furthering their education.  Some of the forms used in the application process require inserting information from past income tax returns.  To make the process more convenient, FAFSA provided for a data retrieval service directly to the IRS to obtain the necessary information, however scammers, such as two recently indicted men from Indiana and Georgia are alleged to have hacked into the data retrieval system of FAFSA applicants to get the tax information which they then used to commit income tax identity theft, attempting to steal approximately 12.7 million dollars in phony income tax refunds.

In response to these problems, FAFSA suspended its data retrieval system until two weeks ago when they reinstituted the Data Retrieval Tool with the IRS in a manner that the tax return information will be encrypted and hidden from view of even the borrower as well as someone hacking into the borrower’s account.

TIPS

Quite often, as Shakespeare said, the fault is not in the stars, the fault is in ourselves. Too often we become victims of identity theft when the security of particular websites, companies or government agencies that have our personal data is compromised because we provide our passwords and user names to identity thieves by falling prey to spear phishing emails or downloading malware.   It is important to never click on a link in an email or download an attachment unless you have confirmed that it is legitimate.  Also, never provide personal information to anyone unless you have confirmed that the request is legitimate.

As for students seeking to use the Data Retrieval Tool of the IRS for filing a FAFSA form, you can safely use this service by going to StudentLoans.gov.

Scam of the day – June 17, 2017 – Father’s Day scams

Tomorrow is Father’s Day which for many people is an opportunity to show our fathers how much we love and appreciate them, for scam artists, it is yet another opportunity to scam people.

One of the most common Father’s Day scams involves e-cards which are great, particularly for those of us who forget to send a Father’s Day card until the last minute.  Identity thieves send emails purporting to contain a link to an electronic Father’s Day card, but instead send malware that becomes downloaded when the victim clicks on the link. This keystroke logging malware enables an identity thief to steal personal information from the victim’s computer that can be used for purposes of identity theft.

TIPS

Never click on a link to open an e card unless the e card specifically indicates who sent the card. Phony e cards will not indicate the name of the sender.  Even if the sender is someone you recognize, you should independently confirm with that person that they indeed sent you an e card before clicking on the link.

Scam of the day – June 3, 2017 – Hackers and scammers turning to social media

Recent reports by various security companies are indicating that state-sponsored Russian hackers, such as those that managed to plant fake news stories in an effort to disrupt the 2016 presidential election are increasingly turning to targeting social media accounts to download malware and spread disinformation.  This is a complex story and one worth knowing more about, however, as an individual, you are also susceptible to scams, ransomware and malware downloaded through clicking on links in social media postings.

We have long known that phishing emails and the more personally targeted spear phishing emails are how most malware gets downloaded on to the computers of individuals, companies and government agencies. However, as successful as phishing is in spreading malware, postings on social media, according to cybersecurity firm ZeroFOX are twice as successful in spreading malware.

And it makes sense.

In my May 5, 2017 Scam of the day I warned you about the risks of the Facebook “10 concerts, but there is one act that I haven’t seen live” quiz.   I highlighted the fact that scammers use social media to gather personal information that can later be used to tailor a message sent through social media such as Facebook or Twitter that you are more likely to trust and click on links in the messages that will download malware.

TIPS

Trust me, you can’t trust anyone.  Always be skeptical when you receive any kind of electronic communication that requires you to click on a link in the message.  Always confirm it before clicking on the link regardless of how trustworthy it may seem.  Further, you may well consider limiting the amount of personal information that you post on social media that can be used to tailor spear phishing emails to lure you a victim of identity theft or some other scam by appealing to something in which you are known to be interested.

Scam of the day – June 2, 2017 – Trump gift card scam

It is hard to win any lottery. It is impossible to win one that you have not even entered and yet scam artists, the only criminals we refer to as artists have found that it is extremely lucrative to scam people by convincing them that they have won various lotteries.   Reproduced below is a unique lottery scam using President Trump as the hook.

As with many effective scams, the pitch of the scammer seems legitimate. Income taxes are due on lottery winnings, but with legitimate lotteries they are either deducted from the lottery winnings before you receive your prize or you are responsible for paying the taxes directly to the IRS. No legitimate lottery collects taxes on behalf of the IRS from lottery winners.  Other times, the scammer tell the “winners” that in order to collect their prizes, they need to pay administrative fees. No legitimate lottery requires you to pay administrative fees in order to claim your prize.   Additionally, some phony lotteries ask for personal information which is then used for purposes of identity theft.

This particular phony lottery scam is filled with indications that it is not legitimate.  It is sent by email, but not addressed to you personally in any salutation.  It also proclaims “congratulation” rather than “congratulations.”  Finally, it is being circulated now although it refers to the “autumn competition.”

TIPS

As I have often told you, it is difficult to win a lottery you have entered.  It is impossible to win one that you have not even entered.  You should always be skeptical about being told that you have won a lottery you never entered.    In regard to taxes, while it is true that income taxes are owed on lottery winnings, legal lotteries never collect tax money from winners.  They either deduct the taxes from the winnings or leave it up to the winners to pay their taxes directly to the IRS.  You also should never pay a fee to collect a legal lottery prize and you certainly should never click on links unless you have confirmed that the communication is legitimate in order to avoid downloading malware.

Scam of the day – May 30, 2017 – Apple iTunes phishing scam

Phishing emails, and the more personally tailored spear phishing emails are the most common way that people and companies are tricked into downloading malware such as ransomware or keystroke logging malware used to steal information from the victim for purposes of identity theft. Effective phishing emails will appear to be legitimate and lure victims into downloading malware filled attachments or clicking on links tainted with malware.

Reproduced below is a new phishing email presently being circulated that is one of the worst examples of a phishing email.   It purports to be from the Apple Store informing the recipient that his or her account has been used to make a purchase and urges the targeted victim to download an attachment if they did not make the purchase.

As regular readers of Scamicide have seen, many of the phishing emails we have shown you over the years are quite convincing, however this particular email is so filled with indications that it is phony, it is hard to imagine someone falling for the scam although I am sure some people will do so.

The email address of the sender has nothing to do with Apple which is an early indication that this is a scam.  There is no logo that appears on the email and the email is not addressed to anyone in particular nor does it indicate an account number.  Finally, their are spelling errors and horrible grammatical errors throughout the email.

Here is a copy of the email that is presently circulating.

“[ApplePay] – iTunes was used to purchase in App Store on Macbook Pro 13
Date and time: 27 May 2017 10.32 hrs
Transaction: 7BA6818XL0333C2U
Order number: MQ3N7F0G8Q
OS: OS X 10.12.4
Browser: Safari
Location: New York, United States of America
If the information looks familiar, you can ignore this email.
If you have not recently purchased an article or in-apps apps on a MacBook Pro 13 “
With its appIe lD and thinking that your account has been accessed,
Please read our binding and follow the instuction to back up your account.
Best regards,
AppIe account department
Copyright @ 1998-2017. 2211 N 1st St, San Jose, CA 95131, USA. All rights reserved.”
TIPS
Whenever you get any email that attempts to lure you into downloading an attachment or clicking on a link, you should be skeptical and never consider doing so unless you have absolutely confirmed that the email is legitimate.  Also, look for telltale signs that the email is a phishing email by examining the address of the sender, the spelling and grammar and a lack of your account number or name appearing although in more professionally done spear phishing emails real account numbers and your name might be used which is why it is always imperative to never click on links or download attachments unless you are totally convinced that the email is not phony.

Scam of the day – May 18, 2017 – DocuSign phishing scam

DocuSign is a company that provides technology for the transmission of contracts and other documents with features for electronic signatures used by many businesses.  Recently DocuSign suffered a data breach in which its customer email data base was hacked.  Shortly thereafter, many DocuSign customers received phishing emails designed to appear as if they were legitimate DocuSign communications and requests the person receiving the email to download an attached Word document.    However, anyone downloading the attachment would also have unwittingly downloaded malware.

TIPS

Never click on a link or download an attachment regardless of how legitimate the email or text message may appear until you have confirmed that the message is legitimate.

You can never be sure when you receive an email as to who is really contacting you.  Although sometimes it is obvious when the email address of the sender does not correspond to who is represented as sending the email, but other times, such as in this case, the email account of someone or some company you trust could have been hacked and used to send you the malware.  Therefore you should never click on a link or download an attachment in an email until you have absolutely and independently confirmed that it is legitimate.