Scam of the day – August 28, 2017 – Chinese national arrested on hacking charges

Last week the FBI arrested Chinese national Yu Pingan in Los Angeles where he came to attend a technology conference.  Yu was charged with distributing and using malware including the rarely used Sakula malware program used in the massive data breach against the Office of Personnel Management (OPM) in 2014 and 2015 that resulted in huge amounts of personal information including Social Security numbers and fingerprints of more than 20 million present and former government employees being stolen.

It is interesting to note that while the Sakula malware is quite sophisticated, to a great extent Yu’s arrest was as a result of his failing to do little to hide his name in communications regarding the use of the malware.  An indication of Yu’s hubris is that he felt confident enough in his anonymity to attend a conference in the United States, which ultimately led to his arrest.


This arrest  signals the continuing efforts the FBI is putting into apprehending cybercriminals.  It also serves again as a warning to all of us to remember that despite our best efforts to protect our personal data, we are only as secure as the places that hold our personal data with the weakest security, which is why, whenever possible, you should limit the amount of personal information you provide institutions and companies with which you do business.


Scam of the day – December 15, 2015 – A million OPM data breach victims still not notified

As you all know by now and as I first reported to you in 2014 and again last summer, the federal Office of Personnel Management (OPM) was hacked by Chinese hackers who stole personal information of more than 21 million present and former federal employees as well as non-employees whose information was gathered by the OPM during the course of background investigations of federal employees.  In October, the OPM began notifying victims of the massive data breach about the identity theft protection services the government will make available to them for the next three years.  The notification process is now completed, but unfortunately 1.5 million people who were affected by the data breach have not been contacted because the OPM no longer has current addresses for these people.     No email notices were sent or are planning to be sent by OPM so if you get an email that purports to be from the OPM, it is a scam.   The federal government has chosen Identity Theft Guard Solutions to provide  three years of identity theft protection to victims.


If you believe you were possibly a victim of the OPM data breach, but have not yet received a letter from the OPM informing you about your options, you can go to the OPM’s special website to verify that you were a victim and to obtain a PIN to use in order to apply for identity theft protection services offered by Identity Theft Guard Solutions.  You also can call the OPM at 866-408-4555 to find out if you were a victim.

It is important to remember that no identity theft protection company can prevent you from becoming a victim of identity theft.  The best they can do is notify you earlier that you have become a victim.    In fact, the OPM is offering these services a year after the data breach actually occurred so the danger of identity theft has increased.   None of the identity theft protection companies help you with the one best step you can take to protect yourself from identity theft which is to put a credit freeze on your credit report.  With a credit freeze on your credit report, even if someone has your personal information including your Social Security number, they cannot access your credit report for purposes of gaining credit or loans in your name.  You can find information about how to put a credit freeze on your credit reports at each of the three major credit reporting agencies by going to the Archives section of Scamicide and putting in the words “credit freeze.”