Scam of the day – January 19, 2017 – W-2 scam

We have just come out of the holiday season which is, perhaps, the biggest time of the year for scams and now we are entering the income tax season which probably runs a close second when it comes to scams.

Employers are now sending out W-2 forms to employees which are necessary for the employees to complete their income tax returns.  Many employers will send an email to employees about obtaining their W-2s online and scammers are taking advantage of this by sending emails that appear to come from the potential victim’s employee which contain a link to be used to view and then print the victim’s W-2.  However, when scammers send these phishing emails they are seeking the username and password of the victim which will be provided to the scammer when the victim clicks on the link and provides this information when prompted.  This can lead to identity theft.  In another variation of this scam, merely by clicking on the link, the victim downloads keystroke logging malware that will steal all the information in the victim’s computer and use it to make the person a victim of identity theft.  In yet another variation of the scam, clicking on the link will download dangerous ransomware.

TIPS

Employers will generally not include a link in legitimate emails to access their W-2 forms online.  Instead they will instruct the employee to go directly to this information at the appropriate department within the employer using their username and password separately.    Even if your employer were to provide a link in such a legitimate email, you could never be sure that the email was from your employer so you should not click on the link.  It is better to independently go to the department of your employer that has this information.

Scam of the day – December 20, 2016 – Hacker convicted of selling stolen bank accounts on the Dark Web

Recently, Aaron James Glende, a hacker known a IcyEagle was convicted of hacking into the bank accounts of eleven Sun Trust customers and selling their account information on the Dark Web for $229.99 per account.  Each of these accounts had balances of between $250,000 and $500,000.  He also stole thirty-two accounts with balances of between $100 and $300 which he sold for $9.99 for each account.  Glende was sentenced to four years and two months in prison.

The Dark Web is that part of the Internet where criminals buy and sell stolen goods and data as well as malware and other cybercriminal tools.

TIPS

The information stolen by Glende included usernames and passwords for online banking accounts.  In order to protect yourself from becoming a victim of a similar theft, you should use a complex password, a security question the answer to which cannot be guessed or obtained through research and use strong software security programs on all of your electronic devices.  It is also important to keep your security software updated with the latest security patches.  Also, never provide your personal information including passwords in response to emails unless you have absolutely confirmed that the email or text message is legitimate.  Too often, messages seeking this information are just phishing scams designed to trick you into turning over this information to an identity thief.

Here is an image of Glende’s account on the Dark Web site Alpha Bay.

AlphaBay portal

Scam of the day – November 23, 2016 – Increased threat to ATMs

For years I have been warning you about the dangers of skimmers, which are small devices installed at ATMs, gas pumps and other card readers that are used to steal the information from your credit card or debit card to gain access to your credit or your bank account respectively.  However, recently a new threat is emerging around the world that poses a greater threat to ATM security.  Cybercriminals including the Russian cybergang known as Buhtrap are using newly developed malware to target not just individual accounts, but the internal networks of banks and ATMs in order to program the ATMs to spit out huge amounts of cash at a specific time.  This technique has been used in Taiwan and Thailand earlier this year to deliver cash to the criminals who go to the infected ATMs at a specific time when the ATM’s programming has been altered  programmed to spit out cash to the awaiting criminals.  The threat to banks around the world is quite real and has been the subject of multiple FBI warnings to financial institutions in the United States since the summer.

TIPS

In the recent attacks against banks in Taiwan and Thailand, the malware infecting the banks’ internal networks and ATM systems was installed when bank employees clicked on links in phishing emails that appeared to come from other banks or ATM vendors and unwittingly downloaded the malware enabling the cybercriminals to take over the banks’ internal systems and ATM systems.    The danger of phishing cannot be overestimated.  According to Jeh Johnson, the Secretary of the Department of Homeland Security, “the most devastating attacks by the most sophisticated attackers almost always begin with the simple act of spear-phishing.”

This is a lesson to us all.  Whether at work or at home, the danger of phishing emails is tremendous, but it is easy to avoid.  Install anti-phishing security software on all of your electronic devices, however, you cannot depend on this software to keep you totally safe so the best rule to follow is to never click on any link or download any attachment in an email or text message unless you have absolutely confirmed that it is legitimate.

Scam of the day – November 21, 2016 – New IRS scam targets tax professionals

While many of the rest of us are still receiving phone calls from scammers posing as the IRS in order to fool us into sending them money, CPAs and other tax professional are being targeted by sophisticated identity thieves through emails that appear to come from the IRS with the subject line indicating “Security Awareness for Tax Professionals”   The email has a counterfeit IRS logo in the message and tells the intended victim that the IRS is updating its authentication procedures and requires the person receiving the email to log in to update their username and password.  Of course, anyone providing this information would have turned this data over to a scammer who will then use it to access sensitive information in that person’s e-services account with the IRS.

TIPS

Tax professionals receiving this email should already be protecting their security through strong passwords, dual factor authentication, when possible, regularly updated security software as well as using encryption programs for email.  Data should also be stored in the cloud or a portable hard drive.  If someone receiving this email has concerns that it might be legitimate due to the fact that the IRS is constantly trying to update its security, he or she should still not click on any links in the email or provide any information in response to the email, but rather contact the IRS directly at an email address of telephone number he or she knows is legitimate.

Scam of the day – November 8, 2016 – PayPal email phishing scam

PayPal is a popular payment service used by many people particularly with eBay.  Therefore it can seem plausible when you receive an email that purports to come from PayPal asking you to clear up an undisclosed problem with your account.  However, anyone responding to the email copied below would either end up providing personal information to an identity thief or merely by clicking on the link could download keystroke logging malware that will steal the information from your computer and use it to make you a victim of identity theft.  DO NOT CLICK ON THE LINK.

This particular phishing email is not particularly sophisticated. Although it came with what appears to be a legitimate PayPal logo, that logo is easy to counterfeit.  More importantly It came from an email address of a private person rather than that of PayPal.  The address used, most likely is that of someone whose email account and computer was hacked in order for the identity thief to send out these phishing emails in mass quantities. It also is not directed to you personally as PayPal would do with all of its legitimate communications which is an indication that this is a phishing scam.  Finally, the words “recent” and “activity” improperly appear as “Recentactivity” without a space between the two words.

TIPS

The primary question we all face when we receive such an email asking for personal information or urging us to click on a link is how do we know whether to trust the email or not.  The answer is, as I always say, trust me, you can’t trust anyone.  Regardless of how legitimate such emails appear, you should not provide any personal information or click on any links until you have independently verified by phone call or email to an email address that you know is accurate that the request for personal information is legitimate.

 

.

Scam of the day – November 7, 2016 – Regions Bank phishing email

Regions Bank is a large bank based in Alabama with more than 1,700 branches throughout the South, Midwest and even into Texas. Recently, I received a phishing email  that appeared to come from Regions Bank.  Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which  download malware or  trick you into providing personal information that will be used to make you a victim of identity theft, are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work.   The Regions Bank phishing email uses the common ploy of indicating that the bank needs you to verify personal information for security purposes.   As phishing emails go, this one is pretty good, but it does have some telltale flaws.   Although the email address from which it was sent appears to be legitimate, upon closer examination you can determine it is not an official email address of Regions Bank.  Also, although the email is quite short, it contains numerous grammatical errors and the word “Sincerely” is spelled wrong.  Most telling, the email is not directed to you by name and does not contain your account number in the email.  It is important to remember that merely because the email contains the exact logo of the bank does not mean that the communication is legitimate.  It is easy to obtain a copy of the logo on the Internet.

TIPS

Obviously if you do not have an account with Regions bank, you know that this is a phishing scam, but even if you do have an account with this bank, there are a number of indications that this is not a legitimate email from Regions Bank, but instead is a phishing email. Legitimate banks would refer to your specific account number in the email.  They also would specifically direct the email to you by your name.  This email’s salutation is a generic “Dear customer” without even capitalizing the word “customer.”  As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or smartphone and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the customer service number  for your bank where you can confirm that it is a scam, but make sure that you dial the telephone number correctly because scammers have been known to purchase phone numbers that are just a digit off of the legitimate numbers for financial companies, such as Regions to trap you if you make a mistake in dialing the real number.

 

Scam of the day – October 9, 2016 – Microsoft phishing email

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which  download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work.  Reproduced below is a copy of a new phishing email presently circulating that appears to come from Microsoft on behalf of Outlook.  DO NOT CLICK ON THE LINKS.  Microsoft is a popular target for this type of phishing email because its products including Outlook are used by millions of people.  Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond or your account will be deleted.   As phishing emails go, this one is pretty good.  It looks legitimate.  However, the email address from which it was sent is that of an individual totally unrelated to Microsoft and is most likely the address of an email account of someone whose email account was hacked and made a part of a botnet of computers used by scammers to send out phishing emails.   The grammar and spelling is good although there are a couple of minor capitalization mistakes and a missing comma.  Also, as so often is the case, the email is not directed to you by name.  It carries a professional looking photograph, but that is meaningless..

 

Your Services Agreement and Privacy Statement made clearer

Dear Outlook.com User.

we’re updating the Microsoft Services Agreement and the Microsoft Privacy Statement. We want to take this opportunity to notify you about these updates for your safety.
If you do not update your Microsoft account within 24 hours your account will be deactivated and deleted from our server and you will no longer have access to many of the outlook.com features for improved Conversations.
Take a minute to update your account for a faster, safer and full-featured Microsoft Outlook experience and to avoid your account being De-Activated. 

 
Update Your Account

Thank you for using Microsoft services.

Microsoft respects your privacy. To learn more, please read our Privacy Statement.

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052

TIPS

There are a number of indications that this is not a legitimate email from Microsoft, but instead is a phishing email. Legitimate companies would specifically direct the email to you by your name. This one has a generic  “Dear Outlook.com User.” As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or smartphone and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call Microsoft’s customer service department at 1-800 – 642-7676  where you can confirm that it is a scam, but make sure that you dial the telephone number correctly because scammers have been known to buy phone numbers that are just a digit off of the legitimate numbers for companies to trap you if you make a mistake in dialing the real number.

Scam of the day – August 30, 2016 – NASCAR team becomes victim of ransomware

This past Spring, the computer of the crew chief of the NASCAR Circle Sport-Leavine Family Racing (CSLFR) team was infected with ransomware. Ransomware, as regular readers of Scamicide know is malware that gets unwittingly downloaded on to a person’s or company’s computer, which when downloaded encrypts the data of the victim.  The victim is then told to either pay a ransom, generally in bitcoins within a short period of time or the hacker will destroy the data.  In this case, the racing team paid the $500 bitcoin ransom and got their  huge amounts of data back.  The particular type of ransomware used in this attack was TeslaCrypt for which there already existed security software that could have prevented the malware from being able to encrypt the files, however,  CSLFR did not have such security software on their computers.

Ransomware has become one of the most common and effective cybercrimes in the last year, successfully targeting individuals and a wide range of companies including law firms, accounting firms and even police departments.  As big data becomes more and more a part of sports teams, particularly in Major League Baseball, the National Basketball Association and the National Football League, you can expect future attacks against professional sports teams to become more common.

TIPS

The key to not becoming a victim of a ransomware attack is to prevent it in the first place.  Generally, the malware is installed unwittingly by victims when they are lured through phishing and spear phishing emails to click on links infected with the malware.  Never click on links in emails or text messages regardless of how legitimate they may appear until you have verified that it is legitimate.  You should also install anti-phishing software.  It is also important to not only have anti-malware software installed on all of your electronic devices, but to make sure that you update the security software with the latest security patches and updates.  In the case of CSLFR, they fell victim to a type of ransomware for which there already existed security software to prevent the TeslaCrypt ransomware from operating.  Always keep your security software up to date.  Finally, always back up your computer’s data daily, preferably in two different ways in order to protect your data in the event you do become a victim of ransomware.

Scam of the day – August 25, 2016 – Another Chase phishing email

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work.  Reproduced below is a copy of a new phishing email that is presently circulating that appears to come from Chase bank.  DO NOT CLICK ON THE LINK.  Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond.  As phishing emails go, this one is pretty good.  It looks legitimate.  However, the email address from which it was sent is that of an individual totally unrelated to Chase and is most likely the address of an email account of someone whose email account was hacked and made a part of a botnet of computers used by scammers to send out phishing emails.   The grammar and spelling is good, but as so often is the case, the email is not directed to you by name and does not contain your account number in the email.  It carries a legitimate looking Chase logo, but that is easy to counterfeit.

Chase logo

Dear Chase OnlineSM Customer,
Please confirm that you or someone authorized to use your account made
the following transaction(s) on your account:

www.Chase.com/validate/account:

Your online account will be fully restored and protected after the verification process.
Thank you for being a valued customer.

Customer Service Center.
JPMorgan Chase & Co ©2016

TIPS

There are a number of indications that this is not a legitimate email from Chase, but instead is a phishing email. Legitimate credit card companies would refer to your specific account number in the email.  They also would not use the generic greeting “Dear Chase  OnlineSM Customer,” but would rather specifically direct the email to you by your name.  As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the customer service number on the back of your credit card where you can confirm that it is a scam, but make sure that you dial the telephone number correctly because scammers have been known to buy phone numbers that are just a digit off of the legitimate numbers for financial companies, such as Chase to trap you if you make a mistake in dialing the real number.

 

Scam of the day – August 8, 2016 – Yet another Facebook scam

During the years that I have been writing Scamicide I have written many times about various Facebook scams.  The reason for this is that with more than a billion users, Facebook is obviously popular and anything popular with that many people will be sought after as a vehicle for scammers to scam people.  Recently, I wrote about the dangers of Facebook cloning when a new Facebook account is set up using your name and information in an effort to lure people into trusting messages and links that will appear to be sent by you.  But Facebook accounts are relatively easy to hack as well with the same goal of using your name to lure someone who trusts you into becoming a victim of a scam.

I urge Scamicide readers to contact me with scams they encounter so we can share these with everyone.  Recently I was contacted by Erica Kenney who was Facebook chatting with someone that she thought was her aunt after her aunt contacted her on Facebook to wish Erica a happy birthday.  The conversation evolved into Erica’s “aunt” informing  Erica that she had just won $100,00 from the Hugh Trust Foundation and that she saw Erica’s name on the list of winners too. All Erica had to do was contact the people her aunt referred her to in order to get her prize.  Of course, if Erica had followed up on the scam, she would have either clicked on a link and downloaded keystroke logging malware that would steal her personal information from her computer and use it to make her a victim of identity theft or be tricked into providing personal information directly when she went to the website to claim her prize.  Once again, there would be no prize except the booby prize of having your identity stolen due to providing the information to the scammer.

Fortunately, Erica was too smart to fall for this scam.

TIPS

A strong password and security question can help increase your security on Facebook.  Unfortunately, however, a very simple flaw in Facebook procedures allows a hacker to get access to your account and the ability to change your password after the hacker is unable to answer your security question merely by having the hacker provide three “friends” with Facebook accounts to whom Facebook will send security codes that the hacker can use to gain access to your account and change your password.  The hacker, of course, has already set up Facebook accounts for three phony “friends” to whom Facebook will send the security codes which can be used to hack your account.  Other times, the personal information that is readily available about people on line is sufficient to answer the security question.  Regardless of how the account is hacked into, the result can bring an increased risk of identity theft to your real friends who may trust a message from you that contains a link with dangerous keystroke logging malware that can result in your real friend’s computer being infiltrated and all of the information on it stolen such as Social Security number, account passwords and credit card numbers that can result in identity theft.

Be careful what personal information you put on Facebook.  Always consider how that information can be used against you to make you a victim of identity theft.  When setting up a security question, pick an answer that is nonsensical to protect it from hackers, such as “Where did I go to High School?” with an answer of “blue.”  Finally and most importantly, never, and  I mean never, click on links in messages that you receive unless you are absolutely sure that they are legitimate.  Merely because a message appears to be from a friend does not mean that the friend actually sent it.  His or her account may have been hacked or they may even be passing on tainted material without knowing it.  Never click on a link until you are absolutely sure that it is legitimate.  Call your friend to confirm that the message was from them and confirm from where they got the link they are sending to make sure that it is legitimate.  It may seem paranoid, but even paranoids have enemies.