Posts Tagged: ‘Malware’

Scam of the day – April 3, 2014 – AT&T phishing scam

April 3, 2014 Posted by Steven Weisman, Esq.

Many people use AT&T for their phone service so when identity thieves indiscriminately call people and tell them that for merely completing a survey on AT&T’s website, sums of money ranging from $100 to $350, depending upon the particular scammer calling, would be credited to the person’s AT&T account, the identity thieves stand a good chance of finding AT&T customers among their calls.  The websites to which the potential victim is directed are, of course, phony.  This type of scam where you are directed to a phony website is called phishing.  When you go to the phony website, many of which have names that appear to resemble that of the real AT&T website, such as att620.com or goatt320.com, you will be directed to provide personal information, which will then be used to make you a victim of identity theft.  Alternatively you may be prompted to click on links that will download keystroke logging malware on your phone, which will gather information from your smartphone and use it to make you a victim of identity theft.

TIPS

Never provide information to anyone over the phone or in response to a text message or email that you have not contacted because you can never be certain that they are who they purport to be.  Never click on links that purport to take you to a website because when you click on the link, you may be downloading keystroke logging malware or other malware.  Instead, if you believe that the initial communication has a chance of being legitimate, merely contact by phone or online the company at an email address, phone number or website that you know is legitimate.  In the case of this particular scam, a quick call to AT&T would let you know that this is a scam call to avoid.

Scam of the day – March 12, 2014 – More AOL scams

March 12, 2014 Posted by Steven Weisman, Esq.

Although it is nowhere near as popular as it once was, America Online (AOL) is still used for email by more than 2.5 million people and that means that it will be a target for identity thieves and hackers who are constantly sending out new “phishing” emails attempting to lure people into clicking on tainted links that are infected with malware.  When the unwary receiver of the email clicks on the link, he or she unwittingly downloads keystroke logging malware on to his or her computer or other device that will steal personal information from the victim’s device and use it to make the person a victim of identity theft.   Phishing is the name for the tactic when an identity thief sends a message that looks like it is from a legitimate source and persuades the victim to respond by either clicking on a link that will download malware or into providing requested personal information that will be used to make the person a victim of identity theft.  Here are a couple of examples of AOL phishing emails presently being circulated.  DO NOT CLICK ON THE LINKS.

Dear Valid User,

Your account was accessed from a device we did not recognize 69.80.22.206 at (Ireland )  09:00 Irish Standard Time). If you did not check it from another device, please CLICK HERE to your account.

Sincerely, Aol Service.”

and

“User,
Click here now to confirm the validity of your account.

 Thanks again for choosing our Service.
Sincerely, America Online Team”
TIPS
You will notice that the first example had a good reproduction of the AOL logo and what appears to be a legitimate reason to contact you.  The second example is pretty shoddy and does not appear terribly official.  It is also important to note that in both instances, these emails are being sent from email addresses that were stolen by hackers who hacked into and took control of the email accounts of legitimate AOL users.  However, the addresses do not indicate anything to make you think that it is an official address for AOL as a company.  The key lesson to remember, however, is that regardless of how legitimate an email looks that contains an email or an attachment, you should never click on the link or download the attachment until you have confirmed that it is legitimate.  You can never be sure when you receive an email or text message as to who is really sending it.  The best course of action is to always confirm that it is legitimate before clicking on any link or downloading any attachment.  In this case a call or email to the real AOL should have been done by anyone who had the slightest thought that the emails might have been legitimate.

Scam of the day – March 8, 2014 – Latest critical software security updates

March 8, 2014 Posted by Steven Weisman, Esq.

Today’s scam of the day is another edition of the latest of software patches and security updates as provided by the United States Department of Homeland Security.  It is of critical importance to update the software programs that you use on all of your electronic devices as soon as new patches and security updates become available to help protect you from the malware and other security threats posed by identity thieves and other criminals who are constantly working to exploit newly discovered vulnerabilities in the various programs we use.  Today’s list of security patches includes some for popular Apple, Google and Cisco software.  Often, identity thieves will try to trick you into downloading malware by representing what they are providing are security patches so it is important to only download patches and updates in which you have total confidence which is why I provide only links to updates that have been verified by the Department of Homeland Security as being legitimate.

TIPS

Here is a link to the latest security patches and updates as gathered  by the Department of Homeland Security.  I urge you to check out the list and download the patches and updates that relate to programs that you use.

https://www.us-cert.gov/ncas/bulletins/SB14-062

Scam of the day – February 19, 2014 – Syrian Electronic Army hacks Forbes.com

February 19, 2014 Posted by Steven Weisman, Esq.

The Syrian Electronic Army (SEA) , about whom I have reported to you many times (you can go to the archives of Scamicide to see these stories) has struck again.  This time its victim is Forbes.com, the website of Forbes Magazine.  For those of you unfamiliar with the Syrian Electronic Army, it is a group of hackers sympathetic to Syrian President Bashar al-Assad.  Forbes was targeted by the SEA because of what it called Forbes’ hatred for Syria.  Along with planting a false story on the Forbes website, the SEA also stole user names and email addresses of Forbes.com customers, raising the possibility of “spear phishing” attacks against Forbes.com’s customers.  The SEA has threatened to make the information available on the Internet to identity thieves.  Identity thieves who send phishing emails and texts often do so in large numbers without knowing the names of the people to whom the phony messages corrupted with keystroke logging malware are sent.  However, in spear phishing the identiy thief knows the name of the intended victim and can make the communication look more legitimate by containing the victim’s name.  In addition, the spear phishing text or email can be made to look as if it comes from Forbes.com or some other entity that is trusted and used by the victim which also can lead the victim to be less skeptical of the message and make the victim more likely to click on links in the message or download attachments to the message corrupted with malware.

TIPS

Again, the lesson is that you are only as secure as the places with the weakest security that hold your personal information.  If you are a subscriber to Forbes.com, you should change your password.  If you use the same password elsewhere, change it too.  For convenience many people make the mistake of using the same password for all of their accounts, which means that when your password is stolen from one place, all of your accounts using that password are in jeopardy.  This is a good lesson for all of us regardless of whether or not you were a victim in this particular data breach.  This hacking once again raises the question as to why major corporate websites, such as the many who have been hacked by the SEA are not doing more to keep their computers secure.  Finally, as I always remind you, never click on links in emails or text messages or download attachments unless you are absolutely sure that they a legitimate and have confirmed this to be so.

Scam of the day – February 16, 2014 – Latest Target information – what it means to you

February 16, 2014 Posted by Steven Weisman, Esq.

Although we have known for some time that the hacking of Target was accomplished through the initial hacking of Fazio Mechanical, a heating and air conditioning company that does business with Target and  had access to Target’s computers for billing and ordering purposes, it was not until recently that we learned that the way that Fazio was hacked was through a common technique called “spear phishing” where the victim receives an email directed to them by name that appears legitimate or promises something enticing, such as free pornography or videos of a newsworthy or otherwise intriguing event. Once the victim clicks on the link in the email or downloads the attachment in the email, malware is downloaded on to the victims’ computer that provides access to the all of the information in the victim’s computer, which in this case included the information necessary to access the Target computer system.  Even though Fazio’s computers were protected by anti-malware programs, either its program was not as good as necessary or it was merely not current with the latest malware threats.  Anti-malware software programs are generally at least thirty days behind the latest malware threats.

Also criticism is now being made of Target’s offer of one year’s worth of free credit monitoring service through Protect MyID.  The problem is twofold.  First, credit monitoring merely helps to inform you that you have already become a victim of identity theft.  It does nothing to prevent identity theft.  But even further Target’s program which is done through the credit reporting bureau Experian only provides you with credit monitoring of your Experian file.  It does not provide you with monitoring of your file with the other two credit reporting agencies, Equifax and Transunion, which makes the monitoring incomplete.  Experian does offer you the additional monitoring for a year, but for a fee that can be as much as $75.

TIPS

The first lesson is that you should never click on links or download attachments unless you are absolutely sure that the links or downloads are legitimate.  Always confirm before you download.  Second, you cannot rely on your anti-malware software to be 100% effective.  Ultimately it is up to you not to download questionable material.  All of that being said, you should make sure that you have anti-malware and anti-virus software on all of your electronic devices and make sure that you keep the software up to date with the latest security patches and updates.

Finally although credit monitoring does offer some benefits, preventing identity theft through pro-active steps such as putting a credit freeze on your credit reports at each of the three major credit reporting agencies is a better way to protect yourself from identity theft in the event your personal information is compromised.  You can find how to put a credit freeze on your credit report by going to the section on “credit freezes” on the right hand side of this page.

 

Scam of the day – February 8, 2014 – Olympic scams

February 8, 2014 Posted by Steven Weisman, Esq.

Many people are excited about the start of the Winter Olympics including scam artists and identity thieves who see every event that captures the public’s interest as an opportunity to scam you or steal your identity. Many people will be receiving emails purporting to contain updates, photos and videos of Olympic events.  Unfortunately, if you click on the links or download the attachments in these emails, you will end up downloading keystroke logging malware that will steal your personal information from your computer, laptop, tablet or smartphone and use that information to make you a victim of identity theft.  If you are shopping for Olympic merchandise, you should be wary of the large amount of counterfeit and poor value fake Olympic merchandise that is being sold on the Internet.

TIPS

As I have warned you many times, never click on a link or download an attachment unless you are absolutely sure that it is legitimate.  In regard to Olympic email or text messaged updates you are better off not downloading or clicking on links in any emails or text messages you may receive even if they appear to be from a legitimate source because the URL may appear to be legitimate, but it may merely be “spoofed” or copied from a legitimate site so it appears legitimate, but in truth is not.  You are better off going directly on your own to sources such as www.espn.com that you know are legitimate.  Also, make sure that your anti-malware and anti-virus software is installed and up to date on all of your electronic devices.

In regard to purchasing official Olympic merchandise, go directly to the official Olympic website of www.sochi2014.com.  If you want Team USA merchandise, go the official Team USA website of wwwteamusa.org.  Both of these websites are safe and secure places to purchase official Olympic merchandise and apparel.

Scam of the day – February 4, 2014 – What does the Yahoo email breach mean to you?

February 4, 2014 Posted by Steven Weisman, Esq.

A few days ago, Yahoo announced that its email security had been breached.  Yahoo is the second largest email provider with approximately 273 million users.  The actual breach which involved the theft of both usernames and passwords was accomplished not by hacking Yahoo directly, but rather by hacking a third party website’s database that allowed the use of Yahoo email addresses to establish customer accounts.  Similarly, the recent breach of Target also appears to have been accomplished by hacking into a Target vendor’s systems to obtain the credentials necessary to, in turn breach the security of Target.  Many people may not be particularly alarmed that all was taken in the Yahoo hacking were usernames an passwords, however, because people often use the same user name and passwords for multiple accounts, including online banking, the threat posed by this hacking could be quite serious.  In addition, these usernames and passwords could be used by identity thieves for “spear phishing” a technique by which identity thieves are able to send specifically targeted messages to potential victims that appear to come from trusted sources thereby making the potential victim more likely to click on a link or download an attachment in the email that would be riddled with malware that will steal all of the information from a person’s computer or other electronic device and use that information to make the person a victim of identity theft.

TIPS

If you haven;t already done so, change your username and password for Yahoo email if you are a user of Yahoo email.  Even if you are not a Yahoo email user, you should make sure that all of your online accounts have different user names and passwords because the risk of your being a future victim of a similar type of data breach is very high.  It is a good idea to change your passwords every few months and make sure that the password is at least eight characters long and is a mixture of letters and symbols.  For tips on how to pick a good password, check out my book “50 Ways to Protect Your Identity in a Digital Age.”

Scam of the day – January 28, 2014 – The untold story of the hacking of Michaels

January 28, 2014 Posted by Steven Weisman, Esq.

This past weekend, Chuck Rubin, the CEO of Michaels, the country’s biggest arts and crafts stores issued the following statement: “We are concerned there may have been a data security attack on Michaels that may have affected our customers’ payment card information and we are taking aggressive action to determine the nature and scope of the issue.” Thus Michaels becomes the third large national retail store chain to become involved with a major hacking of its credit and debit card data following Target and Neiman Marcus.  What Michaels’ short statement did not indicate is that the company is still not even sure that it has been hacked although every indication is that it has been.   As in the case of the hackings of both Target and Neiman Marcus, it was not the company that discovered that its security had been breached, but rather the banking industry which discovered a pattern of fraudulent purchases using credit and debit cards recently used at Michaels.  So although the evidence is pretty strong that Michaels has been hacked, security experts and Michaels have still not been able to identify how the hacking occurred, which is indeed troubling because it means that newer and even more advanced malware was likely used to perpetrate the hacking.  As I told you just a couple of days ago, you can expect to hear this story again and again in the new year.

TIPS

Once again, I want to advise you that you should limit your debit card’s use to ATM machines.  Do not use it for retail purchases because the consumer protections provided to you by law just are not as great as they are for fraudulent use of your credit card.  Also, as I advised you previously, you may wish to consider putting a credit freeze on your credit report at each of the three major credit reporting agencies to protect you from an identity thief getting access to your credit report in order to use your credit to make large purchases in your name.  you can find detailed instructions as to how to put a credit freeze on your credit report by clicking on the link designated as “credit freezes” on the right hand side of this page.  Finally, for your own protection of your computer, smart phone and other electronic devices, you should make sure that you have installed anti-virus software and anti-malware software.  You should also make sure that you keep this software current with the latest updates as soon as they are available, however, as the situation with Michaels illustrates, new strains of malware are always at least thirty days ahead of anti-malware software to protect you from those malware programs so you should always be wary of phishing and other techniques used to lure you into unwittingly downloading malware.  You can learn in detail how to protect yourself from phishing and other threats by reading my book “50 Ways to Protect Your Identity in a Digital Age” which can be ordered by clicking on the icon of the book on the right hand side of this page.

Scam of the day – January 26, 2014 – FBI warns retailers of future hacks

January 26, 2014 Posted by Steven Weisman, Esq.

Recently the FBI issued a warning to retailers throughout the country warning them that the type of recent hacking of their credit and debit card payment systems that was used against Target and Neiman Marcus can be expected to be used against many more retailers in 2014.  The malware used in these attacks infects point of sale systems (POS) such as credit card swiping devices and, in some instances, cash registers at check-out counters.  This malware, referred to as a “RAM scraper” intercepts the information on the card’s magnetic stripe in the brief moment before the data is encrypted and then transmits the information to the hacker.  This type of malware is presently being sold to identity thieves on the black market for as little as $1,000 or as much as $6,000 for more advanced editions of the malware, which must then be downloaded on to the company’s computer system, most often through sophisticated phishing tactics or an insider co-conspirator.  Presently the retailers do not have security software capable of preventing such attacks.  At the present time they can only attempt to identify the attack as soon as possible in order to then take the steps to remove the malware.  Although Target has gotten most of the publicity for its attack, smaller retailers with less sophisticated systems are probably more at risk and, in fact, may already have had their security breached, but not yet recognized the attack.

So what does this mean to you?

TIPS

You may wish to discontinue using the self-swiping device present at many stores and instead ask the clerk to swipe your card directly through the cash register, which is somewhat more secure.  I say somewhat because the cash registers are also able to be hacked, but they are somewhat less vulnerable and more secure than the credit card self-swiping devices we use in stores.  Perhaps the most important thing you can do is, as I have advised you previously, refrain from using your debit card for shopping because the consumer protection laws regarding debit cards are much weaker than the laws regarding fraudulent use of your credit card.  Potentially the entire bank account to which you have tied your debit card is at risk if you are a victim of a Target-like hacking, not to mention the inconvenience even if you identify the breach immediately.

 

Scam of the day – January 6, 2014 – The threat to you of Yahoo hacking

January 6, 2014 Posted by Steven Weisman, Esq.

Fox IT, an Internet security firm has just uncovered a hacking of Yahoo’s ad network that appears to have started on December 30th, but may well have begun earlier.  Estimates are that about 27,000 people had their computers and other electronic devices infected each and every hour since the hacking began.  The vulnerability exploited by the hackers involves flaws in the security of Java software used in the online advertisements and by many individual computer users.  As I have warned you for more than a year, Java is a dangerous software program.  Java software which is popular software program made by Oracle has been a particularly successful target of hackers and identity thieves.  According to Kaspersky Lab, flaws in Java software was responsible for about half of all the cyber attacks by hackers in 2012.    Much of the recent wave of attacks against American companies by the hundreds involved Java software vulnerabilities.  The Department of Homeland Security earlier this year identified new and dangerous vulnerabilities in Java software that can lead to your identity being stolen and your computer being compromised by hackers.  The Department of Homeland Security even advised that people disable Java or prevent Java apps from running in their browsers.A recent study from Palo Alto Networks, a software security company found that only 6% of malware infections are coming from tainted email while 90% came from malware unwittingly downloaded when people went to legitimate websites that you had reason to trust, but had been infiltrated by hackers.  This type of identity theft has come to be known as a “drive by” identity theft.  To make things worse it usually takes as long as three weeks for anti-malware software makers to identify the latest malware threats.  Java software which is used on many legitimate websites has proven to be a rich target for identity thieves because of its continuing vulnerabilities to hackers.  It is for this reason that the Department of Homeland Security advised people to consider uninstalling Java software.The Yahoo hacking, which the company says has now been fixed enabled the hackers, while the hacking was active, to install various malware programs called ZeuS, Andromeda, Dorkbot, Tinb and Necurs, which enabled the hackers to steal personal information from people who unwittingly installed the malware by clicking on infected ads unless the computer user was protected by proper anti-malware security programs or was not using Java.  You can find out if your computer was infected by going to Microsoft’s safety scanner at http://www.microsoft.com/security/scanner/en-us/default.aspx

TIPS

Along with avoiding obvious scam emails, the best thing you can do is to make sure that your security software and anti-malware software are constantly kept up to date with the latest revisions, updates and patches.  You also may want to uninstall software programs, such as Java which have proven to be an Achilles heel for many legitimate websites.  Finally, if you want to be extra careful, you may even want to consider having a separate computer for your financial dealings and purchases while using a separate computer for surfing the Internet so that if you do go to a tainted website, there would be nothing of value on that computer for an identity thief to use.

I strongly advise people who do not need to use Java that they disable it.  Here is an important link from the Department of Homeland Security with information as to how to disable Java or to otherwise deal with its vulnerabilities: http://www.us-cert.gov/ncas/alerts/TA13-064A