Scam of the day – June 2, 2017 – Trump gift card scam

It is hard to win any lottery. It is impossible to win one that you have not even entered and yet scam artists, the only criminals we refer to as artists have found that it is extremely lucrative to scam people by convincing them that they have won various lotteries.   Reproduced below is a unique lottery scam using President Trump as the hook.

As with many effective scams, the pitch of the scammer seems legitimate. Income taxes are due on lottery winnings, but with legitimate lotteries they are either deducted from the lottery winnings before you receive your prize or you are responsible for paying the taxes directly to the IRS. No legitimate lottery collects taxes on behalf of the IRS from lottery winners.  Other times, the scammer tell the “winners” that in order to collect their prizes, they need to pay administrative fees. No legitimate lottery requires you to pay administrative fees in order to claim your prize.   Additionally, some phony lotteries ask for personal information which is then used for purposes of identity theft.

This particular phony lottery scam is filled with indications that it is not legitimate.  It is sent by email, but not addressed to you personally in any salutation.  It also proclaims “congratulation” rather than “congratulations.”  Finally, it is being circulated now although it refers to the “autumn competition.”

TIPS

As I have often told you, it is difficult to win a lottery you have entered.  It is impossible to win one that you have not even entered.  You should always be skeptical about being told that you have won a lottery you never entered.    In regard to taxes, while it is true that income taxes are owed on lottery winnings, legal lotteries never collect tax money from winners.  They either deduct the taxes from the winnings or leave it up to the winners to pay their taxes directly to the IRS.  You also should never pay a fee to collect a legal lottery prize and you certainly should never click on links unless you have confirmed that the communication is legitimate in order to avoid downloading malware.

Scam of the day – May 30, 2017 – Apple iTunes phishing scam

Phishing emails, and the more personally tailored spear phishing emails are the most common way that people and companies are tricked into downloading malware such as ransomware or keystroke logging malware used to steal information from the victim for purposes of identity theft. Effective phishing emails will appear to be legitimate and lure victims into downloading malware filled attachments or clicking on links tainted with malware.

Reproduced below is a new phishing email presently being circulated that is one of the worst examples of a phishing email.   It purports to be from the Apple Store informing the recipient that his or her account has been used to make a purchase and urges the targeted victim to download an attachment if they did not make the purchase.

As regular readers of Scamicide have seen, many of the phishing emails we have shown you over the years are quite convincing, however this particular email is so filled with indications that it is phony, it is hard to imagine someone falling for the scam although I am sure some people will do so.

The email address of the sender has nothing to do with Apple which is an early indication that this is a scam.  There is no logo that appears on the email and the email is not addressed to anyone in particular nor does it indicate an account number.  Finally, their are spelling errors and horrible grammatical errors throughout the email.

Here is a copy of the email that is presently circulating.

“[ApplePay] – iTunes was used to purchase in App Store on Macbook Pro 13
Date and time: 27 May 2017 10.32 hrs
Transaction: 7BA6818XL0333C2U
Order number: MQ3N7F0G8Q
OS: OS X 10.12.4
Browser: Safari
Location: New York, United States of America
If the information looks familiar, you can ignore this email.
If you have not recently purchased an article or in-apps apps on a MacBook Pro 13 “
With its appIe lD and thinking that your account has been accessed,
Please read our binding and follow the instuction to back up your account.
Best regards,
AppIe account department
Copyright @ 1998-2017. 2211 N 1st St, San Jose, CA 95131, USA. All rights reserved.”
TIPS
Whenever you get any email that attempts to lure you into downloading an attachment or clicking on a link, you should be skeptical and never consider doing so unless you have absolutely confirmed that the email is legitimate.  Also, look for telltale signs that the email is a phishing email by examining the address of the sender, the spelling and grammar and a lack of your account number or name appearing although in more professionally done spear phishing emails real account numbers and your name might be used which is why it is always imperative to never click on links or download attachments unless you are totally convinced that the email is not phony.

Scam of the day – May 18, 2017 – DocuSign phishing scam

DocuSign is a company that provides technology for the transmission of contracts and other documents with features for electronic signatures used by many businesses.  Recently DocuSign suffered a data breach in which its customer email data base was hacked.  Shortly thereafter, many DocuSign customers received phishing emails designed to appear as if they were legitimate DocuSign communications and requests the person receiving the email to download an attached Word document.    However, anyone downloading the attachment would also have unwittingly downloaded malware.

TIPS

Never click on a link or download an attachment regardless of how legitimate the email or text message may appear until you have confirmed that the message is legitimate.

You can never be sure when you receive an email as to who is really contacting you.  Although sometimes it is obvious when the email address of the sender does not correspond to who is represented as sending the email, but other times, such as in this case, the email account of someone or some company you trust could have been hacked and used to send you the malware.  Therefore you should never click on a link or download an attachment in an email until you have absolutely and independently confirmed that it is legitimate.

Scam of the day – April 19, 2017 – Phony Nintendo Switch emulator scam

The recently launched Nintendo Switch is the latest video game console released by Nintendo.  Software emulators for the Nintendo Switch are being offered online in many places including YouTube where thousands of videos can be found offering Nintendo Switch emulators.  Emulators permit someone to play console-only games on their portable devices such as their smartphones or tablets.  Nintendo does not make such an emulator.  People going to one of these phony Nintendo Switch emulator websites are generally directed to a survey that they must complete in order to receive the code necessary to use the offered emulator, however, this is a scam and while completing the survey provides the scammers with rewards because they are paid by marketers for each completed survey they supply, the person trying to get the emulator ends up with nothing.  Even worse is the very real possibility that someone downloading attachments for what they think is a Nintendo Switch emulator will be downloading malware that can either lead to identity theft or ransomware malware.

The phony Nintendo Switch emulator scam was uncovered by Symantec, a security company.

TIPS

There presently is no emulator for the Nintendo Switch, so any online offer of one at this time is a scam.  Being directed to a survey when you are attempting to locate something free on the Internet is always a source of concern for while there are legitimate surveys that will provide you something in return, such as a chance at winning a gift card, many of these surveys are scams providing nothing in return.  Finally, as always never click on links or download attachments unless you have absolutely confirmed that the link or download is legitimate.  The risk of downloading dangerous malware is too great.

Scam of the day – March 27, 2017 – eFax phishing scam

Phishing scams in which you are lured to click on links or download attachments full of malware rely on your trusting the initial communication.  Reproduced below is an email I recently received that appeared to come from eFax a real company that sends faxes digitally formatted as PDF files.  Don’t click where it says “View your document” because if you do you will end up downloading malware.

You have got a 3 page fax at Thu, 24 March 2017 8:17:28

Your personal new Fax reference ID is vnj-48956824

View your document!

Take your faxes online with eFax®, the world's #1 internet fax service.

While the email appears to be legitimate, the email address sending the email had no relation to eFax which was an immediate indication that this was a scam.

TIPS

The risk of downloading malware by clicking on unverified links or downloading unverified attachments is too great.  Never click on any links or download any attachments regardless of where they may appear to originate until you have independently confirmed that the communication is legitimate.  In this case it would have been simple to determine that this was not a true communication from eFax.

Also, as often is the case, the grammar of scammers is not always the best as where this phishing email states “You have got.”

Scam of the day – January 24, 2017 – Utility bill scams

Scams regarding payments of utility bills are occurring with greater frequency now that Winter has arrived.  The Nebraska Public Service Commission is warning consumers about a number of these scams, but these scams are certainly not limited to Nebraska.

In one version of the scam, potential victims receive telephone calls purportedly from their utility company informing them of a special company promotion for which they are eligible.  They just need to provide some personal information.

In another version, potential victims are called on the phone and told that their utility service will be terminated for non-payment unless they pay by credit card over the phone.

In a third version of this scam, potential victims receive an email that has a link to take them to their bill.

All of these are scams.  In the first, there is no special promotion and the victim ends up providing personal information that leads to identity theft.  In the second, the victim is coerced into giving their credit card information to a scammer and in the third, merely by clicking on the link to go to the phony bill, the victim ends up downloading keystroke logging malware or ransomware that can lead to identity theft or worse.

TIPS

You can never be sure when you get an email or a telephone call if it is really from a legitimate source.  Email addresses can be hacked to appear legitimate and even if you have Caller ID, a scammer can use a technique called “spoofing” to make it appear that the call is from a legitimate caller.

Trust me, you can’t trust anyone.  Never provide personal or financial information to anyone in response to a telephone call, text message or email until you have independently confirmed that the communication was legitimate.  In the case of a utility bill, merely call the number on the back of your bill and you will be able to confirm whether or not the communication was legitimate.  Also, never click on links unless you have confirmed that they are legitimate.  The risk is too great.

Scam of the day – November 26, 2016 – Naval records at Hewlett Packard hacked

In an all too familiar story, it has just been disclosed that personal information including names and Social Security numbers of 134, 386 present and former Navy employees was compromised in a hacking of a laptop of a Hewlett Packard employee.  Hewlett Packard had this information through a contract on which it was working for the U.S. Navy.  Further details of the hacking have not been released, but the fact that such a hacking occurred leads to concerns that the pattern established years ago in hacking of NASA laptops in which the laptops were not password protected and the data contained therein was unencrypted is repeating itself.

TIPS

The continuing negligence of many companies and government agencies in not properly protecting sensitive personal data that can readily be used for purposes of identity theft is disappointing and startling.  There are many simple security steps that are easily taken, such as password protecting laptops and other electronic devices as well as encrypting sensitive data and the use and updating of security software that should be done by all companies and government agencies without exception.

The lesson, however, is one that we should also practice in our own lives.  We as individuals are regularly targeted by identity thieves so al of us should protect each of our electronic devices with a unique password, sensitive data should be encrypted and stored in the cloud or in a portable hard drive, dual factor authentication should be used whenever possible, install and update security software on all of your electronic devices and don’t click on links in emails or text messages unless you have absolutely confirmed that they are legitimate.  These are just a few of the simple protocols we should all follow to decrease the chances of our becoming victims of identity theft.

Scam of the day – November 20, 2016 – Sex or cybersecurity? That is the question.

Although the question of whether you would give up sex for a year in return for total cybersecurity seems like an odd question, it is one that was posed to 2,000 adults in a poll taken by the Harris pollsters.  The response to the question might be startling to many people.  According to the poll, 39% of Americans are so fearful of their cybersecurity that they would willingly give up sex for an entire year in return for a lifetime of cybersecurity.

Unfortunately, you can never totally control your own cybersecurity because often people become victims of identity theft and other cybercrimes due to the neglect and failure of companies and government agencies to properly secure our personal information.  However, fortunately, the good news is that there are a number of relatively simple steps you can take to dramatically increase your personal cybersecurity and you don’t have to give up sex for a year in order to implement these steps.

TIPS

Here are a few of the more important steps you can take.  You can find even more things you can do to protect your cybersecurity in my book “Identity Theft Alert,” which you can order from Amazon by merely clicking on the icon on the right hand side of this page.

  1.  Use strong unique passwords for each of your online accounts so that even if there is a data breach at one account, all of your accounts will not be in jeopardy.  A strong password contains capital letters, small letters and symbols.  A password base made up of a phrase such as “IDon’tLike Passwords!!!” is strong and can be personally adapted for each  of your accounts by merely adding a few letters at the end to distinguish the particular account, such as  adding “Ama” to the base password to become your Amazon password.
  2. Install security software on your computer, smartphone and all of your electronic devices.
  3. Use dual factor authentication whenever possible.
  4. Don’t click on links or download attachments without confirming that the links or attachments are legitimate.  They may contain malware.
  5. Trust me, you can’t trust anyone.  Don’t provide personal information to anyone who contacts you by email, phone or text message unless you have confirmed both the legitimacy of the communication and the need for the information.
  6. Limit, as much as possible, the places that have your personal information.  Your doctor doesn’t need your Social Security number.
  7. Put a credit freeze on your reports at each of the three major credit reporting agencies.
  8. Only download apps from legitimate app stores and check the reviews and the privacy rules regarding the app before downloading them.
  9. Protect your smartphone with a password.
  10. Store important data on a portable hard drive to reduce the danger of ransomware.
  11. Avoid public WIFI for anything requiring personal information.  Use a Virtual Private Network (VPN).
  12. Monitor all of your accounts online regularly.

Scam of the day – November 18, 2016 – Yet another Chase phishing scam

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which  download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work.  Reproduced below is a copy of a new phishing email presently circulating that appears to come from Chase Bank.  I have taken out the name of the addressee, but it was directed to the email address of the person receiving the email.  I also have removed the link directing the person to click on to receive an important security message.  Chase is a popular target for this type of phishing email because it is one of the largest banks in the United States.  Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond. As phishing emails go, this one is pretty good.  It looks legitimate.  However, the email address from which it was sent is that of an individual totally unrelated to Chase and is most likely the address of an email account of someone whose email account was hacked and made a part of a botnet of computers used by scammers to send out phishing emails.   As so often is the case with these type of phishing emails, it does not contain your account number in the email.  It carries a legitimate looking Chase logo, but that is easy to counterfeit.

Chase logo

Dear ******************

You have 1 new Security message From Chase Online Bank.

Click your email here to view the message *****************

As this e-mail is an automated message, we can’t reply to any e-mails sent by return.

JPMorgan Chase Bank, N.A. Member FDIC
©2016 JPMorgan Chase & Co

TIPS

There are a number of indications that this is not a legitimate email from Chase, but instead is a phishing email. Legitimate credit card companies would refer to your specific account number in the email.  They also would direct the email to you by name rather than directing it to your email address.   As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or smartphone and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the customer service number where you can confirm that it is a scam, but make sure that you dial the telephone number correctly because scammers have been known to buy phone numbers that are just a digit off of the legitimate numbers for financial companies, such as Chase to trap you if you make a mistake in dialing the real number.

Scam of the day – November 8, 2016 – PayPal email phishing scam

PayPal is a popular payment service used by many people particularly with eBay.  Therefore it can seem plausible when you receive an email that purports to come from PayPal asking you to clear up an undisclosed problem with your account.  However, anyone responding to the email copied below would either end up providing personal information to an identity thief or merely by clicking on the link could download keystroke logging malware that will steal the information from your computer and use it to make you a victim of identity theft.  DO NOT CLICK ON THE LINK.

This particular phishing email is not particularly sophisticated. Although it came with what appears to be a legitimate PayPal logo, that logo is easy to counterfeit.  More importantly It came from an email address of a private person rather than that of PayPal.  The address used, most likely is that of someone whose email account and computer was hacked in order for the identity thief to send out these phishing emails in mass quantities. It also is not directed to you personally as PayPal would do with all of its legitimate communications which is an indication that this is a phishing scam.  Finally, the words “recent” and “activity” improperly appear as “Recentactivity” without a space between the two words.

TIPS

The primary question we all face when we receive such an email asking for personal information or urging us to click on a link is how do we know whether to trust the email or not.  The answer is, as I always say, trust me, you can’t trust anyone.  Regardless of how legitimate such emails appear, you should not provide any personal information or click on any links until you have independently verified by phone call or email to an email address that you know is accurate that the request for personal information is legitimate.

 

.