Posts Tagged: ‘Malware’

Scam of the day – October 2, 2015 – Update on data breach at Trump hotels

October 2, 2015 Posted by Steven Weisman, Esq.

It has just been disclosed by the Trump Hotel Collection, which includes hotels in Chicago, Honolulu, Las Vegas, Los Angeles, Miami and New York that its hotels had been hit with a Target-like credit card and debit card data breach that appears to have occurred between May 19, 2014 and June 2, 2015.  Although the Trump Hotel Collection is just announcing this now and much of the media is reporting this as a new story, here at Scamicide, we reported to you about this data breach in our Scam of the day on July 5, 2015.  As with so many data breaches, it was discovered not by the company hacked, but by credit and debit card processing banks that noticed a pattern of fraudulent use and traced the cards back to the Trump hotels.    The malware used to perform this data breach was installed on computers at Trump hotels front desk terminals as well as as payment card terminals in the hotels’ restaurants and gift shops.  This type of hacking and data breach could have been prevented had the Trump Hotel Collection switched to the modern EMV smart chip credit cards now being required to be used according to credit card regulations that just went to effect yesterday.  Instead the Trump Hotel Collection, as many companies still do, used the old fashioned credit and debit cards with magnetic strips which are so susceptible to hacking.


If you used your credit and debit card at one of the affected Trump hotels between May 19, 2014 and June 2, 2015, you should obtain your credit report from each of the three major credit reporting agencies and look for indications of identity theft.  You should also carefully monitor your credit card account and bank accounts for unusual activity.  You should also consider putting a credit freeze on your credit reports, which is always a good idea.  The Trump Hotel Collection is offering free credit monitoring for people who used their cards at their hotels during the time period indicated above.  For more information about this offer, call them at 877-803-8586.  Here also is a link to the statement of the Trump Hotel Collection about this data breach.

As for the rest of us, there is little that we as credit and debit card users can do to protect ourselves from the security vulnerabilities of the companies with which we do business.  One important thing to do is to refrain from using your debit card except at ATMs.  Using your debit card at retail establishments puts you at a much greater risk of expensive identity theft in the event of a data breach at the company with which you are doing business because of weaker consumer protection laws regarding liability for fraudulent use of your debit card.  Also, if you have not yet received a new EMV smart chip credit card from your credit card company, you should ask your credit card company for a replacement credit card with a computer chip now.

Scam of the day – September 27, 2015 – Facebook dislike button scam reappears

September 26, 2015 Posted by Steven Weisman, Esq.

It has been more than three years since I first reported to you about the Facebook dislike button scam.  The scam involves a link on your wall informing you that Facebook now has a dislike button and you can take advantage of this new feature by clicking on a link.   This is a scam.  There is no dislike button on Facebook.  If you click on the link,  a number of things may happen, all of which are bad.  You may be prompted to provide personal information that will be used to make you a victim of identity theft or you may unwittingly be signing up for expensive monthly services on your smartphone or you may automatically download malware that gives the identity thieves access to the personal information in your computer or smartphone which identity thieves then use to make you a victim of identity theft.  Additionally, clicking on the link may give the scammer access to your profile and the ability to send out malware and spam to all of your friends and make it appear that the material is coming from you.

This scam is experiencing a resurgence because last week, Facebook CEO Mark Zuckerberg  spoke about Facebook considering a feature similar to a dislike button.  However, such a feature is a long way from becoming a reality.


There is no dislike button so if you see a link to one, you can be sure that it is a scam.  If you unwittingly have downloaded this, you should delete it from your Facebook account as soon as possible and report it to Facebook.

Scam of the day – September 14, 2015 – Federal government unveils new cybersecurity plan

September 13, 2015 Posted by Steven Weisman, Esq.

It is no secret that the federal government, as evidenced by the recent hacking of the Office of Personnel Management (OPM) in which personnel data on 22 million people was stolen, is a target of hackers, both nation-state and ordinary (or perhaps not so ordinary) criminals.  The OPM data breach was initiated as was the Target data breach and 90% of all data breaches through a phishing email.  A phishing email is an email sent by the hacker that appears to be legitimate and lures the victim at the targeted company or agency to click on a link or download an attachment that contain malware that enables the hacker to steal the information contained in the victim’s computer system.  It is fascinating in almost all major data breaches, the most complex and sophisticated malware is downloaded on to the victim’s computer through the simple trickery of phishing.  Here is a link to a column I wrote about this last year.

In response to the OPM and other data breaches, William Evanina, the Director of the National Counterintelligence and Security Center has announced a new campaign to raise the awareness of federal workers to the dangers of phishing and specifically targeted phishing emails referred to as spear phishing.


Phishing and spear phishing represent threats not just to companies and governmental agencies, but to all of us as individuals as well.  Identity theft is often accomplished through individuals being targeted by phishing or spear phishing emails who unwittingly click on links or download attachments that contain keystroke logging malware that enables the identity thief to steal all of the information including passwords, credit card numbers, Social Security numbers and other personal information from the victim’s computer and use that information to make that person a victim of identity theft.  Other types of malware, such as ransomware, which encrypts and locks all of the data in your computer, followed by a threat to destroy your data unless you pay a ransom, is generally downloaded through clicking on a link or downloading an attachment from a phishing email.

The key to avoiding becoming a victim is to never click on a link or download any attachment unless you have absolutely confirmed that the link or attachment is legitimate.  Even if the link is contained in an email from someone you know and trust, it is possible that their email may have been hijacked so you must always be a bit skeptical.  It may seem a bit paranoid, but remember that even paranoids have enemies.

Scam of the day – September 13, 2015 – Another major health care data breach

September 13, 2015 Posted by Steven Weisman, Esq.

Health insurer Excellus Blue Cross/Blue Shield became the latest major health insurer to disclose that it had suffered a data breach affecting 10.5 million people.  The compromised information may include names, birth dates, Social Security numbers, mailing addresses, telephone numbers, member identification numbers, financial account information and claims information.  This hacking, which was just announced, but has been going on since December of 2013 is the fourth major health care data breach this year with anthem Blue Cross/Blue Shield being the largest, having affected upwards to 80 million people.  As I warned everyone in my USA Today column in which I made my cyberpredictions for 2015, the health care industry is tremendously vulnerable to data breaches and we can expect these data breaches to continue.  Here is a link to that column.

A recent audit of health care companies and insurers showed that more than 81% of these companies have suffered a data breach in the last two years alone and that number only relates to the data breaches that have been discovered.  There may have been more that remain undiscovered.

The potential consequences of medical company data breaches can be tremendous to affected individuals.  The medical records of an identity thief accessing your medical insurance can become intermingled with your medical records such that you can mistakenly receive improper treatment, such as a potentially deadly blood transfusion of the wrong blood type.


Excellus will be sending out snail mail letters to those people affected by the data breach shortly.  If you receive an email purportedly from Excellus asking you to click on links for information about the data breach, it is a phishing email aimed at getting you to download malware on to your computer and make you a victim of identity theft.  As many hacked companies do, Excellus is offering two years of free credit monitoring, however these services will do nothing to protect you from identity theft.  In order to do that, I suggest that you put a credit freeze on your credit report at each of the three major credit reporting agencies in order to prevent someone who already has your personal information such as your Social Security number from accessing your credit report to run up debts in your name.  You can find information about how to do a credit freeze in the Scamicide Archives.  For more information about the Excellus data breach, you can either call their toll free hotline number of 877-589-3331 or got their website by clicking on this link.

Scam of the day – September 11, 2015 – University of Colorado warns students about sextortion

September 11, 2015 Posted by Steven Weisman, Esq.

Back in the March 31st Scam of the day I warned you about the dangers of sextortion.  Sex extortion or sextortion has been around for years on the Internet with criminals tricking people into performing sexual acts online that are recorded and then used to blackmail the victims.  Now the University of Colorado Boulder Police Department is warning students about overseas criminals luring students into performing sexually acts on Skype that the criminal records and then threatens to make the videos public unless a ransom is paid.  In this latest incarnation of the scam, the criminal initially friends the victim on Facebook and gains the trust of the victim before luring him or her into compromising videos.  Investigators in Colorado have traced the particular criminal involved with their campus to someone based in Singapore.

In a twist on this scam found in the actions of other cyberextortionists, the cybercriminals  pretend that they are having audio difficulties and convince their victims into downloading a specific Android app on to their Android smartphone which they represent will remedy the problem.  However, instead of fixing the problem, the app is malware that steals all of the contact information stored on the victim’s smartphone.  The cybercriminal then threatens to send the videos to everyone on the victim’s contact list unless the victim pays a ransom.


The best solution to any problem is to avoid the problem altogether.  If you are going to indulge in cybersex or phone sex, it should only be done with people whom you totally trust.  Engaging in such activities with strangers or people you do not know well is asking for trouble.  Also, make sure that all of your electronic devices including your smartphone and computer are protected with the latest updated security software.  Even then, however, no security software is 100% effective against the latest viruses and malware so you should never click on links or download attachments unless you have absolutely confirmed that they are legitimate and you should never download apps from anywhere other than legitimate app stores.  The risk of malware is just too high.

Scam of the day – September 3, 2015 – 225,000 Apple iPhones hacked

September 3, 2015 Posted by Steven Weisman, Esq.

In the largest hacking of iPhone accounts in history, more than 225,000 iPhones have been hacked by Chinese hackers using a malware called KeyRaider that steals the passwords, private keys and certificates of its victims.  The hacked phones are spread around 18 countries including the United States, China, United Kingdom, Australia, Canada, France, Germany, Japan, Italy, Israel, Russia, Singapore, South Korea and Spain.  Only iPhones that have been jailbroken are affected by this malware.  Jailbreaking is the name for the term that describes when iPhone owners remove the Apple installed security settings of the phone, often done by the phone’s owner in order to be able to install  apps that are not approved by Apple.  Armed with the information stolen through the malware, the hacker can access the victim’s data from the Cloud including photographs and documents.  The hackers can also order non-free apps from the App Store  using the victim’s account and in perhaps the worst result of the hacking, the hacker can lock the victim’s phone and cloud account until a ransom is paid.


If you have jailbroken your iPhone, you should have the phone checked to see if your phone was one of them hacked through KeyRaider.  If your phone was affected, obviously you should have the malware removed, however, you should then change your Apple account password.  You also would be wise to enable two-factor identification, which Apple provides and which will dramatically improve the security of your Apple devices.  Had the celebrities whose nude photos were hacked and leaked last year been using dual-factor authentication, there photos would never have been stolen.  Using dual-factor authentication is a good idea for everyone whenever possible.

Scam of the day – August 5, 2015 – Free scan for Hacking Team vulnerabilities

August 5, 2015 Posted by Steven Weisman, Esq.

Following the embarrassing hacking and data breach at the Italian spyware company Hacking Team which sells spyware to governments, it has been learned that the release of the 400 gigabytes of files, source code and emails stolen and made public has enabled hackers and identity thieves to use that information to construct malware to exploit the vulnerabilities uncovered by creating zero day exploits which are malware for which there are no known security patches yet developed.  These zero day exploit kits are presently being sold on the black market to hackers and identity thieves around the world.

Now Rook Security, a computer security company is offering a free scan that can identify if your computer has already been infected by one of these new malware programs.  Here is the link to their website and the free scan.


Everyone should make sure that they have all of their computers, smartphones and electronic devices protected by anti-malware and anti-virus software and that your security software is constantly and automatically updated with the latest security updates.  The failure to update security software when new vulnerabilities are discovered and patched is a major factor in many data breaches and identity thefts.  In addition, the primary way that most data breaches and identity thefts are accomplished with malware is through phishing where victims are lured into clicking on links in emails and text messages containing malware.  The lesson is clear.  Don’t click on links unless you are absolutely sure that they are legitimate.

Scam of the day – July 28, 2015 – Lottery security chief convicted of rigging lottery

July 28, 2015 Posted by Steven Weisman, Esq.

Last week, Eddie Tipton, the former security director of the Multi-State Lottery Association was convicted of electronically rigging the Iowa Hot Lotto game enabling him to buy the winning 16.5 million dollar ticket.  The jury believed the evidence that indicated that Tipton used a  portable USB drive to install malware on to the computer that picked the winning number.  The computer is not accessible to the Internet in order to prevent tampering and only four people including Tipton had access to the room where the computer was housed.  The closed circuit camera that recorded activity in the room had been wiped clean.  In addition, the sophisticated malware used by Tipton was self-deleting and left utterly no trace on the lottery computer.  However, despite the lack of either photographic evidence showing Tipton actually tampering with the computer or evidence of the precise malware used, after a week’s deliberations, the jury found Tipton guilty of two counts of fraud and he is facing a potential prison sentence of ten years.


No computer system is foolproof, however this case does highlight vulnerabilities in the computer security systems used to protect the honesty of state sponsored lotteries.  Hopefully, not just Iowa, but other states using similar systems will revisit their own security systems to make sure that they are as strong as they can be.

Scam of the day – July 26, 2015 – Darkode cybercrime forum busted

July 26, 2015 Posted by Steven Weisman, Esq.

Hackers and identity thieves use underground Internet forums to buy, sell and trade malware, botnets, and information to commit cybercrimes around the globe.  Recently the Justice Department announced the dismantling of perhaps the most prominent of the approximately 800 criminal forums, Darkode and the arrest of twelve of its principals.  Among the charged defendants is the primary administrator of Darkode, 27 year old Johan Anders Gudmonds of Sweden.  An important aspect of this action against Darkode was that it represented the joint efforts of a coalition of law enforcement from 20 countries, which represents the largest coordinated international law enforcement effort ever brought against cybercriminals.

Darkode was a password-protected forum where cybercriminals would buy, sell, trade and share information, ideas and malware.  In order to become a member of Darkode, a criminal would first have to be recommended by a present member of Darkcode and would have to prove that he or she would bring new skills or products to the group.  In addition, prospective members  had to go through an extensive vetting process.


One of the key elements of Darkode and many other illegal cybercriminal enterprises is the use of botnets or infected zombie computers to spread the malware and avoid detection.  Cybercriminals would take over the computers of unwary individuals and use their computers to remotely send out their malware to their targets, such as banks or other commercial enterprises.  Many of you may actually be part of a botnet without knowing it.  Most people become part of a botnet when they unwittingly download the malware that permits the cybercriminal to remotely take over the victim’s computer.  Usually this is done through phishing emails in which the victim is lured into clicking on a link infected with the malware.  Even if you have the most up to date anti-malware software, you may be vulnerable because it generally takes the security software companies at least a month to catch up to the latest strains of malware.  So the lesson to us all is one I am constantly preaching, namely never click on any link or download any attachment until you have verified that it is legitimate.  Merely because it may be sent from a friend of yours does not mean that you can trust it.  Your friend’s email account may have been taken over by a hacker or your friend is unwittingly passing on malware without even knowing it.  Trust me, you can’t trust anyone.

Scam of the day – July 12, 2015 – New Amazon email scam

July 12, 2015 Posted by Steven Weisman, Esq.

Copied below is an email currently being circulated that is a good example of a social engineering phishing email designed to either get you to provide personal information or to click on a link that will download keystroke logging malware on your computer that will result in your data being stolen and used to make you a victim of identity theft.  The email appears to be an email from Amazon indicating that there is a problem with your account.  In order to remedy the problem, you are prompted to click on a link and either provide the requested personal information or just by clicking on the link you may unwittingly download the keystroke logging malware.  This type of phishing email is so effective because it looks so legitimate.  It also has a higher chance of being effective merely because so many people who receive it will indeed be Amazon customers.

Here is a copy of the email:  DO NOT CLICK ON THE LINK.


Confirm your Amazon account.

Hello ,

We were unable to process your most recent payment. Did you recently change your bank, phone number or credit card?.
To ensure that your service is not interrupted, please update your billing information today.

Or contact Amazon Member Services Team. We’re available 24 hours a day, 7 days a week.
If you have recently updated your billing information, please disregard this message as we are processing the changes you have made.

f you need further assistance with your order.


This email was sent by an automated system, so if you reply, nobody will see it. To get in touch with us, log in to your account and click “Contact Us” at the bottom of any page.

Copyright Å  2014 amzon, Inc. All rights reserved. amzon is located at 2211 N. First St., San Jose, CA 95131.


There are a number of telltale signs that this is a scam.  First and foremost, the email address from which it was sent has no relation to Amazon.  Also, the salutation does not refer to the person receiving the email by name.  Finally, there are some misspellings and typographical errors in the email.  However, the quality of this phishing email certainly is good, which is why it is so dangerous.  The key to avoiding becoming a victim of this type of social engineering phishing scam is to follow my motto, “trust me, you can’t trust anyone.”  Never click on a link or provide personal information unless you have absolutely confirmed that the email or text message received by you is legitimate.  In this case, if you had any thought that the email might be legitimate, you should contact Amazon directly at an email address or telephone number that you know is accurate.  Don’t respond to phone numbers or email addresses contained in the email itself.