Scam of the day – May 21, 2017 – HSBC text scam

British based HSBC is the world’s sixth largest bank and has branches around the world.  Recently scammers have been randomly sending out text messages, such as the one reproduced below in order to scare people into clicking on the link in order to verify their account and avoid a threatened suspension of the account.  If you click on the link it will take you to a phony HSBC website that looks legitimate, but is merely a scam to lure you into providing your username and password for your HSBC account (if you have one) which the scammer will use to steal money from your account.  If you receive this text message and don’t have an account with HSBC, you know immediately it is a scam, but it can look frighteningly legitimate if you have an account with HSBC.

HSBC banking scam text (Image: loveMONEY_

TIPS

This message can be particularly problematic if you are an HSBC customer and have signed up to receive text message alerts from the bank. However, whenever you receive a text message you can never be sure who is really sending it to you, so you should never click on links in such text messages which may either download ransomware malware on to your phone or keystroke logging malware that can lead to your becoming a victim of identity theft.  In other instances, such as with this particular text message scam, you are in danger of providing your personal information directly to the scammer that can be used to access your accounts.  The best course of action when you receive such a text message if you have a concern that it may be legitimate is to merely independently contact your bank to determine whether or not the text message was a scam.

Scam of the day – May 1, 2017 – Hackers leak “Orange is the New Black”episodes and more

After Netflix refused to pay a ransom to a hacker known as thedarkoverlord, the hacker posted nine episodes of the popular Netflix original series, “Orange is the New Black on a publicly available file sharing website on Saturday.  The hacker had already posted the season 5 opening episode on Friday as an indication he was serious in his threat.

The stolen episodes were obtained through hacking of Larson Studios, a post production digital mixing company that worked on “Orange is the New Black.”  This is just the latest example of a trend of hackers going after bigger targets through vulnerable companies working with the bigger company.  The 2013 massive data breach of retailer Target was achieved through accessing Target by initially hacking an HVAC company that worked with Target and had access to Target computers to monitor heating and air conditioning systems at Target stores.

Thedarkoverlord has performed a number of other ransomware attacks including one in which it hacked a small Indiana charity from which it demanded a ransomware of 50 bitcoins that the charity refused to pay and had its data destroyed.

This story is far from over with thedarkoverlord already claiming to have stolen unreleased shows of ABC, Fox, National Geographic and IFC.

TIPS

Ransomware continues to be a growing threat to individuals, large and small companies as well as government agencies, all of which have been targeted by ransomware.  Ransomware malware is readily available for unsophisticated cybercriminals to purchase on the Dark Web.  While in the past, the typical manner in which it has been used was to encrypt the data of the target and refuse to release the data back to the victim unless a ransom was paid, the scam has evolved to also include threats of making stolen data public as was done in this instance.

Some older strains of ransomware can be defeated through software that can recover data encrypted by older ransomware programs.  In 2016 through the efforts of international law enforcement organizations and private security companies, the website No More Ransom was launched on which victims of ransomware can go to get decryption tools for many strains of ransomware for free.  Thousands of people have utilized this tool to decrypt their files after a cyber attack  without having to pay a ransom.  Unfortunately, however, there are some newer forms of ransomware for which there are no known decrypting tools developed yet.

The key to not becoming a victim of a ransomware attack is to prevent it in the first place.  Generally, the malware is installed unwittingly by victims when they are lured through phishing and spear phishing emails to click on links infected with the malware.  Never click on links in emails or text messages regardless of how legitimate they may appear until you have verified that it is legitimate.  You should also install anti-phishing software.

It is also important to not only have anti-malware software installed on all of your electronic devices, but to make sure that you update the security software with the latest security patches and updates.  Many victims of ransomware have fallen victim to strains of ransomware for which there are already security software available to thwart it.   Finally, always back up your computer’s data daily, preferably in two different ways in order to protect your data in the event you do become a victim of ransomware.

Finally, it is important to note that a recent study done by Spiceworks found that of small to medium businesses who paid a ransom after being hacked, 45% did not get their data restored.  Apparently there is no honor among some thieves.

Scam of the day – January 23, 2017 – Latest Gmail phishing scam

An effective new phishing email scam is presently circulating that is targeting users of Gmail.  It starts when you receive an email that appears to be sent from the email address of one of your real friends and, in fact, the email may have been sent from a friend’s email account that unfortunately has been hacked and taken over in order to send out phishing emails that victims will trust because it appears to come from a trusted source.  The email has an attachment and when you click on the attachment, a sign-in page for your Gmail account appears requiring you to type in your email address and password.  Unfortunately, if you do so, you have just turned over this information to a cybercriminal who can wreak havoc with this information.

TIPS

Although this particular spear phishing email scam is quite sophisticated, there are a number of simple steps you can take to prevent yourself from becoming a victim of the scam.  Primarily, you should follow my rule and never click on any link or download any attachment unless you have absolutely confirmed that the communication sending the link or attachment is legitimate.  Even if the email address from which the communication is sent appears legitimate, your friend’s email may have been hacked and it is a cybercriminal sending you the email.

It is also a good idea to use dual factor authentication when possible for your email account.  If you use dual factor authentication, such as where a one time code is sent to your smartphone each time you want to access your email, you are protected from having your email account taken over even if the cybercriminal has your password and username.  Finally, it is a good idea not to store sensitive information in your email account.

Scam of the day – January 19, 2017 – W-2 scam

We have just come out of the holiday season which is, perhaps, the biggest time of the year for scams and now we are entering the income tax season which probably runs a close second when it comes to scams.

Employers are now sending out W-2 forms to employees which are necessary for the employees to complete their income tax returns.  Many employers will send an email to employees about obtaining their W-2s online and scammers are taking advantage of this by sending emails that appear to come from the potential victim’s employee which contain a link to be used to view and then print the victim’s W-2.  However, when scammers send these phishing emails they are seeking the username and password of the victim which will be provided to the scammer when the victim clicks on the link and provides this information when prompted.  This can lead to identity theft.  In another variation of this scam, merely by clicking on the link, the victim downloads keystroke logging malware that will steal all the information in the victim’s computer and use it to make the person a victim of identity theft.  In yet another variation of the scam, clicking on the link will download dangerous ransomware.

TIPS

Employers will generally not include a link in legitimate emails to access their W-2 forms online.  Instead they will instruct the employee to go directly to this information at the appropriate department within the employer using their username and password separately.    Even if your employer were to provide a link in such a legitimate email, you could never be sure that the email was from your employer so you should not click on the link.  It is better to independently go to the department of your employer that has this information.

Scam of the day – December 20, 2016 – Hacker convicted of selling stolen bank accounts on the Dark Web

Recently, Aaron James Glende, a hacker known a IcyEagle was convicted of hacking into the bank accounts of eleven Sun Trust customers and selling their account information on the Dark Web for $229.99 per account.  Each of these accounts had balances of between $250,000 and $500,000.  He also stole thirty-two accounts with balances of between $100 and $300 which he sold for $9.99 for each account.  Glende was sentenced to four years and two months in prison.

The Dark Web is that part of the Internet where criminals buy and sell stolen goods and data as well as malware and other cybercriminal tools.

TIPS

The information stolen by Glende included usernames and passwords for online banking accounts.  In order to protect yourself from becoming a victim of a similar theft, you should use a complex password, a security question the answer to which cannot be guessed or obtained through research and use strong software security programs on all of your electronic devices.  It is also important to keep your security software updated with the latest security patches.  Also, never provide your personal information including passwords in response to emails unless you have absolutely confirmed that the email or text message is legitimate.  Too often, messages seeking this information are just phishing scams designed to trick you into turning over this information to an identity thief.

Here is an image of Glende’s account on the Dark Web site Alpha Bay.

AlphaBay portal

Scam of the day – November 23, 2016 – Increased threat to ATMs

For years I have been warning you about the dangers of skimmers, which are small devices installed at ATMs, gas pumps and other card readers that are used to steal the information from your credit card or debit card to gain access to your credit or your bank account respectively.  However, recently a new threat is emerging around the world that poses a greater threat to ATM security.  Cybercriminals including the Russian cybergang known as Buhtrap are using newly developed malware to target not just individual accounts, but the internal networks of banks and ATMs in order to program the ATMs to spit out huge amounts of cash at a specific time.  This technique has been used in Taiwan and Thailand earlier this year to deliver cash to the criminals who go to the infected ATMs at a specific time when the ATM’s programming has been altered  programmed to spit out cash to the awaiting criminals.  The threat to banks around the world is quite real and has been the subject of multiple FBI warnings to financial institutions in the United States since the summer.

TIPS

In the recent attacks against banks in Taiwan and Thailand, the malware infecting the banks’ internal networks and ATM systems was installed when bank employees clicked on links in phishing emails that appeared to come from other banks or ATM vendors and unwittingly downloaded the malware enabling the cybercriminals to take over the banks’ internal systems and ATM systems.    The danger of phishing cannot be overestimated.  According to Jeh Johnson, the Secretary of the Department of Homeland Security, “the most devastating attacks by the most sophisticated attackers almost always begin with the simple act of spear-phishing.”

This is a lesson to us all.  Whether at work or at home, the danger of phishing emails is tremendous, but it is easy to avoid.  Install anti-phishing security software on all of your electronic devices, however, you cannot depend on this software to keep you totally safe so the best rule to follow is to never click on any link or download any attachment in an email or text message unless you have absolutely confirmed that it is legitimate.

Scam of the day – November 21, 2016 – New IRS scam targets tax professionals

While many of the rest of us are still receiving phone calls from scammers posing as the IRS in order to fool us into sending them money, CPAs and other tax professional are being targeted by sophisticated identity thieves through emails that appear to come from the IRS with the subject line indicating “Security Awareness for Tax Professionals”   The email has a counterfeit IRS logo in the message and tells the intended victim that the IRS is updating its authentication procedures and requires the person receiving the email to log in to update their username and password.  Of course, anyone providing this information would have turned this data over to a scammer who will then use it to access sensitive information in that person’s e-services account with the IRS.

TIPS

Tax professionals receiving this email should already be protecting their security through strong passwords, dual factor authentication, when possible, regularly updated security software as well as using encryption programs for email.  Data should also be stored in the cloud or a portable hard drive.  If someone receiving this email has concerns that it might be legitimate due to the fact that the IRS is constantly trying to update its security, he or she should still not click on any links in the email or provide any information in response to the email, but rather contact the IRS directly at an email address of telephone number he or she knows is legitimate.

Scam of the day – November 8, 2016 – PayPal email phishing scam

PayPal is a popular payment service used by many people particularly with eBay.  Therefore it can seem plausible when you receive an email that purports to come from PayPal asking you to clear up an undisclosed problem with your account.  However, anyone responding to the email copied below would either end up providing personal information to an identity thief or merely by clicking on the link could download keystroke logging malware that will steal the information from your computer and use it to make you a victim of identity theft.  DO NOT CLICK ON THE LINK.

This particular phishing email is not particularly sophisticated. Although it came with what appears to be a legitimate PayPal logo, that logo is easy to counterfeit.  More importantly It came from an email address of a private person rather than that of PayPal.  The address used, most likely is that of someone whose email account and computer was hacked in order for the identity thief to send out these phishing emails in mass quantities. It also is not directed to you personally as PayPal would do with all of its legitimate communications which is an indication that this is a phishing scam.  Finally, the words “recent” and “activity” improperly appear as “Recentactivity” without a space between the two words.

TIPS

The primary question we all face when we receive such an email asking for personal information or urging us to click on a link is how do we know whether to trust the email or not.  The answer is, as I always say, trust me, you can’t trust anyone.  Regardless of how legitimate such emails appear, you should not provide any personal information or click on any links until you have independently verified by phone call or email to an email address that you know is accurate that the request for personal information is legitimate.

 

.

Scam of the day – November 7, 2016 – Regions Bank phishing email

Regions Bank is a large bank based in Alabama with more than 1,700 branches throughout the South, Midwest and even into Texas. Recently, I received a phishing email  that appeared to come from Regions Bank.  Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which  download malware or  trick you into providing personal information that will be used to make you a victim of identity theft, are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work.   The Regions Bank phishing email uses the common ploy of indicating that the bank needs you to verify personal information for security purposes.   As phishing emails go, this one is pretty good, but it does have some telltale flaws.   Although the email address from which it was sent appears to be legitimate, upon closer examination you can determine it is not an official email address of Regions Bank.  Also, although the email is quite short, it contains numerous grammatical errors and the word “Sincerely” is spelled wrong.  Most telling, the email is not directed to you by name and does not contain your account number in the email.  It is important to remember that merely because the email contains the exact logo of the bank does not mean that the communication is legitimate.  It is easy to obtain a copy of the logo on the Internet.

TIPS

Obviously if you do not have an account with Regions bank, you know that this is a phishing scam, but even if you do have an account with this bank, there are a number of indications that this is not a legitimate email from Regions Bank, but instead is a phishing email. Legitimate banks would refer to your specific account number in the email.  They also would specifically direct the email to you by your name.  This email’s salutation is a generic “Dear customer” without even capitalizing the word “customer.”  As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or smartphone and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the customer service number  for your bank where you can confirm that it is a scam, but make sure that you dial the telephone number correctly because scammers have been known to purchase phone numbers that are just a digit off of the legitimate numbers for financial companies, such as Regions to trap you if you make a mistake in dialing the real number.

 

Scam of the day – October 9, 2016 – Microsoft phishing email

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which  download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work.  Reproduced below is a copy of a new phishing email presently circulating that appears to come from Microsoft on behalf of Outlook.  DO NOT CLICK ON THE LINKS.  Microsoft is a popular target for this type of phishing email because its products including Outlook are used by millions of people.  Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond or your account will be deleted.   As phishing emails go, this one is pretty good.  It looks legitimate.  However, the email address from which it was sent is that of an individual totally unrelated to Microsoft and is most likely the address of an email account of someone whose email account was hacked and made a part of a botnet of computers used by scammers to send out phishing emails.   The grammar and spelling is good although there are a couple of minor capitalization mistakes and a missing comma.  Also, as so often is the case, the email is not directed to you by name.  It carries a professional looking photograph, but that is meaningless..

 

Your Services Agreement and Privacy Statement made clearer

Dear Outlook.com User.

we’re updating the Microsoft Services Agreement and the Microsoft Privacy Statement. We want to take this opportunity to notify you about these updates for your safety.
If you do not update your Microsoft account within 24 hours your account will be deactivated and deleted from our server and you will no longer have access to many of the outlook.com features for improved Conversations.
Take a minute to update your account for a faster, safer and full-featured Microsoft Outlook experience and to avoid your account being De-Activated. 

 
Update Your Account

Thank you for using Microsoft services.

Microsoft respects your privacy. To learn more, please read our Privacy Statement.

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052

TIPS

There are a number of indications that this is not a legitimate email from Microsoft, but instead is a phishing email. Legitimate companies would specifically direct the email to you by your name. This one has a generic  “Dear Outlook.com User.” As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or smartphone and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call Microsoft’s customer service department at 1-800 – 642-7676  where you can confirm that it is a scam, but make sure that you dial the telephone number correctly because scammers have been known to buy phone numbers that are just a digit off of the legitimate numbers for companies to trap you if you make a mistake in dialing the real number.