Scam of the day – April 19, 2017 – Phony Nintendo Switch emulator scam

The recently launched Nintendo Switch is the latest video game console released by Nintendo.  Software emulators for the Nintendo Switch are being offered online in many places including YouTube where thousands of videos can be found offering Nintendo Switch emulators.  Emulators permit someone to play console-only games on their portable devices such as their smartphones or tablets.  Nintendo does not make such an emulator.  People going to one of these phony Nintendo Switch emulator websites are generally directed to a survey that they must complete in order to receive the code necessary to use the offered emulator, however, this is a scam and while completing the survey provides the scammers with rewards because they are paid by marketers for each completed survey they supply, the person trying to get the emulator ends up with nothing.  Even worse is the very real possibility that someone downloading attachments for what they think is a Nintendo Switch emulator will be downloading malware that can either lead to identity theft or ransomware malware.

The phony Nintendo Switch emulator scam was uncovered by Symantec, a security company.

TIPS

There presently is no emulator for the Nintendo Switch, so any online offer of one at this time is a scam.  Being directed to a survey when you are attempting to locate something free on the Internet is always a source of concern for while there are legitimate surveys that will provide you something in return, such as a chance at winning a gift card, many of these surveys are scams providing nothing in return.  Finally, as always never click on links or download attachments unless you have absolutely confirmed that the link or download is legitimate.  The risk of downloading dangerous malware is too great.

Scam of the day – March 27, 2017 – eFax phishing scam

Phishing scams in which you are lured to click on links or download attachments full of malware rely on your trusting the initial communication.  Reproduced below is an email I recently received that appeared to come from eFax a real company that sends faxes digitally formatted as PDF files.  Don’t click where it says “View your document” because if you do you will end up downloading malware.

You have got a 3 page fax at Thu, 24 March 2017 8:17:28

Your personal new Fax reference ID is vnj-48956824

View your document!

Take your faxes online with eFax®, the world's #1 internet fax service.

While the email appears to be legitimate, the email address sending the email had no relation to eFax which was an immediate indication that this was a scam.

TIPS

The risk of downloading malware by clicking on unverified links or downloading unverified attachments is too great.  Never click on any links or download any attachments regardless of where they may appear to originate until you have independently confirmed that the communication is legitimate.  In this case it would have been simple to determine that this was not a true communication from eFax.

Also, as often is the case, the grammar of scammers is not always the best as where this phishing email states “You have got.”

Scam of the day – January 24, 2017 – Utility bill scams

Scams regarding payments of utility bills are occurring with greater frequency now that Winter has arrived.  The Nebraska Public Service Commission is warning consumers about a number of these scams, but these scams are certainly not limited to Nebraska.

In one version of the scam, potential victims receive telephone calls purportedly from their utility company informing them of a special company promotion for which they are eligible.  They just need to provide some personal information.

In another version, potential victims are called on the phone and told that their utility service will be terminated for non-payment unless they pay by credit card over the phone.

In a third version of this scam, potential victims receive an email that has a link to take them to their bill.

All of these are scams.  In the first, there is no special promotion and the victim ends up providing personal information that leads to identity theft.  In the second, the victim is coerced into giving their credit card information to a scammer and in the third, merely by clicking on the link to go to the phony bill, the victim ends up downloading keystroke logging malware or ransomware that can lead to identity theft or worse.

TIPS

You can never be sure when you get an email or a telephone call if it is really from a legitimate source.  Email addresses can be hacked to appear legitimate and even if you have Caller ID, a scammer can use a technique called “spoofing” to make it appear that the call is from a legitimate caller.

Trust me, you can’t trust anyone.  Never provide personal or financial information to anyone in response to a telephone call, text message or email until you have independently confirmed that the communication was legitimate.  In the case of a utility bill, merely call the number on the back of your bill and you will be able to confirm whether or not the communication was legitimate.  Also, never click on links unless you have confirmed that they are legitimate.  The risk is too great.

Scam of the day – November 26, 2016 – Naval records at Hewlett Packard hacked

In an all too familiar story, it has just been disclosed that personal information including names and Social Security numbers of 134, 386 present and former Navy employees was compromised in a hacking of a laptop of a Hewlett Packard employee.  Hewlett Packard had this information through a contract on which it was working for the U.S. Navy.  Further details of the hacking have not been released, but the fact that such a hacking occurred leads to concerns that the pattern established years ago in hacking of NASA laptops in which the laptops were not password protected and the data contained therein was unencrypted is repeating itself.

TIPS

The continuing negligence of many companies and government agencies in not properly protecting sensitive personal data that can readily be used for purposes of identity theft is disappointing and startling.  There are many simple security steps that are easily taken, such as password protecting laptops and other electronic devices as well as encrypting sensitive data and the use and updating of security software that should be done by all companies and government agencies without exception.

The lesson, however, is one that we should also practice in our own lives.  We as individuals are regularly targeted by identity thieves so al of us should protect each of our electronic devices with a unique password, sensitive data should be encrypted and stored in the cloud or in a portable hard drive, dual factor authentication should be used whenever possible, install and update security software on all of your electronic devices and don’t click on links in emails or text messages unless you have absolutely confirmed that they are legitimate.  These are just a few of the simple protocols we should all follow to decrease the chances of our becoming victims of identity theft.

Scam of the day – November 20, 2016 – Sex or cybersecurity? That is the question.

Although the question of whether you would give up sex for a year in return for total cybersecurity seems like an odd question, it is one that was posed to 2,000 adults in a poll taken by the Harris pollsters.  The response to the question might be startling to many people.  According to the poll, 39% of Americans are so fearful of their cybersecurity that they would willingly give up sex for an entire year in return for a lifetime of cybersecurity.

Unfortunately, you can never totally control your own cybersecurity because often people become victims of identity theft and other cybercrimes due to the neglect and failure of companies and government agencies to properly secure our personal information.  However, fortunately, the good news is that there are a number of relatively simple steps you can take to dramatically increase your personal cybersecurity and you don’t have to give up sex for a year in order to implement these steps.

TIPS

Here are a few of the more important steps you can take.  You can find even more things you can do to protect your cybersecurity in my book “Identity Theft Alert,” which you can order from Amazon by merely clicking on the icon on the right hand side of this page.

  1.  Use strong unique passwords for each of your online accounts so that even if there is a data breach at one account, all of your accounts will not be in jeopardy.  A strong password contains capital letters, small letters and symbols.  A password base made up of a phrase such as “IDon’tLike Passwords!!!” is strong and can be personally adapted for each  of your accounts by merely adding a few letters at the end to distinguish the particular account, such as  adding “Ama” to the base password to become your Amazon password.
  2. Install security software on your computer, smartphone and all of your electronic devices.
  3. Use dual factor authentication whenever possible.
  4. Don’t click on links or download attachments without confirming that the links or attachments are legitimate.  They may contain malware.
  5. Trust me, you can’t trust anyone.  Don’t provide personal information to anyone who contacts you by email, phone or text message unless you have confirmed both the legitimacy of the communication and the need for the information.
  6. Limit, as much as possible, the places that have your personal information.  Your doctor doesn’t need your Social Security number.
  7. Put a credit freeze on your reports at each of the three major credit reporting agencies.
  8. Only download apps from legitimate app stores and check the reviews and the privacy rules regarding the app before downloading them.
  9. Protect your smartphone with a password.
  10. Store important data on a portable hard drive to reduce the danger of ransomware.
  11. Avoid public WIFI for anything requiring personal information.  Use a Virtual Private Network (VPN).
  12. Monitor all of your accounts online regularly.

Scam of the day – November 18, 2016 – Yet another Chase phishing scam

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which  download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work.  Reproduced below is a copy of a new phishing email presently circulating that appears to come from Chase Bank.  I have taken out the name of the addressee, but it was directed to the email address of the person receiving the email.  I also have removed the link directing the person to click on to receive an important security message.  Chase is a popular target for this type of phishing email because it is one of the largest banks in the United States.  Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond. As phishing emails go, this one is pretty good.  It looks legitimate.  However, the email address from which it was sent is that of an individual totally unrelated to Chase and is most likely the address of an email account of someone whose email account was hacked and made a part of a botnet of computers used by scammers to send out phishing emails.   As so often is the case with these type of phishing emails, it does not contain your account number in the email.  It carries a legitimate looking Chase logo, but that is easy to counterfeit.

Chase logo

Dear ******************

You have 1 new Security message From Chase Online Bank.

Click your email here to view the message *****************

As this e-mail is an automated message, we can’t reply to any e-mails sent by return.

JPMorgan Chase Bank, N.A. Member FDIC
©2016 JPMorgan Chase & Co

TIPS

There are a number of indications that this is not a legitimate email from Chase, but instead is a phishing email. Legitimate credit card companies would refer to your specific account number in the email.  They also would direct the email to you by name rather than directing it to your email address.   As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or smartphone and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the customer service number where you can confirm that it is a scam, but make sure that you dial the telephone number correctly because scammers have been known to buy phone numbers that are just a digit off of the legitimate numbers for financial companies, such as Chase to trap you if you make a mistake in dialing the real number.

Scam of the day – November 8, 2016 – PayPal email phishing scam

PayPal is a popular payment service used by many people particularly with eBay.  Therefore it can seem plausible when you receive an email that purports to come from PayPal asking you to clear up an undisclosed problem with your account.  However, anyone responding to the email copied below would either end up providing personal information to an identity thief or merely by clicking on the link could download keystroke logging malware that will steal the information from your computer and use it to make you a victim of identity theft.  DO NOT CLICK ON THE LINK.

This particular phishing email is not particularly sophisticated. Although it came with what appears to be a legitimate PayPal logo, that logo is easy to counterfeit.  More importantly It came from an email address of a private person rather than that of PayPal.  The address used, most likely is that of someone whose email account and computer was hacked in order for the identity thief to send out these phishing emails in mass quantities. It also is not directed to you personally as PayPal would do with all of its legitimate communications which is an indication that this is a phishing scam.  Finally, the words “recent” and “activity” improperly appear as “Recentactivity” without a space between the two words.

TIPS

The primary question we all face when we receive such an email asking for personal information or urging us to click on a link is how do we know whether to trust the email or not.  The answer is, as I always say, trust me, you can’t trust anyone.  Regardless of how legitimate such emails appear, you should not provide any personal information or click on any links until you have independently verified by phone call or email to an email address that you know is accurate that the request for personal information is legitimate.

 

.

Scam of the day – November 7, 2016 – Regions Bank phishing email

Regions Bank is a large bank based in Alabama with more than 1,700 branches throughout the South, Midwest and even into Texas. Recently, I received a phishing email  that appeared to come from Regions Bank.  Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which  download malware or  trick you into providing personal information that will be used to make you a victim of identity theft, are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work.   The Regions Bank phishing email uses the common ploy of indicating that the bank needs you to verify personal information for security purposes.   As phishing emails go, this one is pretty good, but it does have some telltale flaws.   Although the email address from which it was sent appears to be legitimate, upon closer examination you can determine it is not an official email address of Regions Bank.  Also, although the email is quite short, it contains numerous grammatical errors and the word “Sincerely” is spelled wrong.  Most telling, the email is not directed to you by name and does not contain your account number in the email.  It is important to remember that merely because the email contains the exact logo of the bank does not mean that the communication is legitimate.  It is easy to obtain a copy of the logo on the Internet.

TIPS

Obviously if you do not have an account with Regions bank, you know that this is a phishing scam, but even if you do have an account with this bank, there are a number of indications that this is not a legitimate email from Regions Bank, but instead is a phishing email. Legitimate banks would refer to your specific account number in the email.  They also would specifically direct the email to you by your name.  This email’s salutation is a generic “Dear customer” without even capitalizing the word “customer.”  As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or smartphone and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the customer service number  for your bank where you can confirm that it is a scam, but make sure that you dial the telephone number correctly because scammers have been known to purchase phone numbers that are just a digit off of the legitimate numbers for financial companies, such as Regions to trap you if you make a mistake in dialing the real number.

 

Scam of the day – November 6, 2016 – Scam vote by text advertisement on Twitter

With the Presidential election just two days away, there are still a number of scams related to the election that primarily are focused on tricking you into providing personal information that can be used to make you a victim of identity theft or steal you money.  I described a number of them in the Scam of the day for  August 1, 2016.  However the scam about which I am writing today is an advertisement that was appearing on Twitter encouraging people to vote for Hillary Clinton by way of a text message.  This is a purely political scam motivated by anti-Hillary forces to suppress her vote by tricking people into thinking that they can vote by text message which is not allowed in any state.  Here is a copy of the ad as it appeared until it was withdrawn by Twitter.

TIPS

Regardless of which candidate you prefer, it is important to remember that you cannot vote by text message or email.   As the election gets closer in time, it is important also to not give into the temptation to click on links in emails or text messages that appear to provide you with startling new information about the election.  These communications will be sent around by scammers attempting to lure people into downloading malware by clicking on infected links.  Never click on any link in an email or a text message unless you have absolutely confirmed that it is legitimate. As for news you can trust about the candidates, you are better off using respected, legitimate news sources rather than being lured into downloading possible malware merely because the subject line may promise some incredible news that most likely is untrue from a source that you cannot verify.

Scam of the day – November 4, 2016 – Security flaws exploited by Russian hackers

Earlier this week it was disclosed that an older version of Microsoft’s Windows software along with the much exploited Adobe Flash software had been exploited by Russian hackers to attack computer systems to gain access to information.  The group that had done these recent hacks appears to be the same Russian hackers responsible for hacking the Democratic National Committee earlier this year.  Adobe has already issued a security update to patch the vulnerability.  A link to the security update can be found in yesterday’s Scam of the day.  Microsoft has said that it will have a security patch available on November 8th.  As soon as it is available, I will let you know here at Scamicide.  Users of Windows 10, the latest version of Windows and the Microsoft’s Edge browser are protected from the attack.

Once again, the malware necessary to spread these computer hacks was spread, as so often is the case, by spear phishing emails luring unsuspecting victims into clicking on links that downloaded the malware.

TIPS

The best thing you can do to help protect yourself from being hacked is to never click on links in emails or text messages from anyone until you have absolutely verified that the messages and the links are legitimate.  Trust me, you can’t trust anyone.

It is also important to update your security software on all of your electronic devices as soon as security updates become available.  Hackers constantly exploit vulnerabilities in software for which there already exist security patches, but which have not been installed by consumers.