Scamicide

Posts Tagged: ‘Phishing’

Scam of the day – May 19, 2013 – Fidelity phishing scam

May 19, 2013 Posted by Steven Weisman, Esq.

Phishing, as I have described on Scamicide and in my book “50 Ways to Protect Your Identity in a Digital Age” is the name for the tactic used by identity thieves by which you are lured to a phony website to provide information used to make you a victim of identity theft. Phishing often starts with an email from a company with you do business or a federal or state agency. The email indicates that there is some problem or other matter to which you must give your immediate attention and a link is provided for you to purportedly go to the website of the company or agency, however, in fact, you are either sent to a phony website for the company or agency where information is solicited that will be used to make you a victim of identity theft or, even worse, by clicking on the link you download a keystroke logging malware program that steals all of the information from your computer including your Social Security number, credit card number, passwords and other information used to also make you a victim of identity theft.

Recently, I received an email purportedly from Fidelity Investments. As phishing attempts go, this one was pretty flawed. The email address from which it came was not an email address of Fidelity Investments. In fact, it was that of a private person who most likely was a part of a botnet by which his computer was being manipulated by an identity thief. If you want more information about botnets, you can check out the archives of Scamicide or read about them in my book “50 Ways to Protect Your Identity in a Digital Age.” Other flaws in the phishing email were the lack of my name appearing anywhere which indicates that it is just a general phishing email sent out to many people by the identity thief, and the lack of a Fidelity logo.

Here is a copy of the email I received. DO NOT CLICK ON THE LINK.

“Account Status NotificationWe have noticed unusual activity on your account. Due to this, we need you to verify your account information for more efficient use of our Banking system: Please confirm your account information today by clicking on the link below: https://fidelity.secure.com/Logon.aspx?LOB=RBGLogon=user=&email&Security Adviser
©

TIPS

Never click on links in emails unless you are sure they are legitimate. Unfortunately, you can never be sure when you receive an email if the email is legitimate so you should always be skeptical and make it a habit not to click on links until you have verified that they are legitimate by contacting the company or agency that is indicated as having sent the email to confirm whether or not the email and link are legitimate. Look for the telltale signs that it is a phony, such as an email address for the sender that is not that of the real company or agency and the failure to direct the email to you directly by name. You can contact the company or agency by phone or email directly to confirm whether or not the email you receive was legitimate. Finally keep your Firewall and security software up to date to help protect you from viruses and malware. Security software is certainly not perfect, but it does help.

Read full article |Leave a comment
Tags: computer viruses, fidelity phishing, fidelity phishing scam, firewall, Identity Theft, keystorke logging malware, Malware, Phishing, security software, viruses, viruses and malware
Categories: Site Related

April 25, 2013 – Associated Press hack attack – what it means to you

April 25, 2013 Posted by Steven Weisman, Esq.

On Tuesday, the Twitter account of the Associated Press (AP) was hacked into and a phony message describing a terrorist attack on the White House was sent out to the close to two million followers of AP’s Twitter account. Immediately thereafter the Dow Jones Industrial Average lost 140 points as computerized program trading reacted automatically to the news without any verification of the truth of the report. The phony tweet was corrected within minutes and the market recovered just as quickly as it went down, however the problem exposed by this hacking still remains. In May of 2010 the Dow Jones Industrial average quickly lost almost 1,000 points due to a glitch in the computerized trading programs used on Wall Street. Problems with computerized programmed trading which automatically order trades in response to perceived information are quite significant. However, another problem is the hacking into the sources of our information. The AP hacking is only the most recent hacking of a major provider of information. Just last week the CBS news programs “60 Minutes” and “48 Hours” were hacked. Also recently NPR and the BBC had their Twitter accounts hacked. But it is not just the media that is being hacked. Hacking is a major problem for all companies. A recent study by Verizon indicated that 75% of the hacks were done last year by criminals seeking financial gain. Sometimes it is to gain trade secrets, but other times it is to steal information about customers to make them victims of identity theft. In 76% of the data breaches, according to the Verizon report, the hackers were able to exploit weak passwords. In 29% of the hacks, tactics such as “spear phishing” were used to install keystroke logging malware on to the hacked companies’ computers to steal their data. Spear phishing is a targeted phishing attack, often done through phony emails purporting to be from employees’ friends or business partners of the companies that contain the malware.

TIPS

Both government entities and companies are not doing what they need to do to properly protect their data from hacking. The Associated Press Twitter account should have been protected by two-factor authentication when logging in so that even if a password is obtained by a hacker, he still would not be able to access the account. Two-factor authentication requires not just a password, but also a code that is sent to a person’s cell phone. Some companies such as Apple already use this technique. The problem is that even if you and I do all we can to protect ourselves from identity theft, we are only as safe as the company or governmental agency with the worse security holding information about us. Therefore you should try to limit as much as possible the places that hold your personal information and we all should impress upon the government and private industry the absolute necessity for better data protection. The technology is available. It just has to be used.

Read full article |Leave a comment
Tags: 58 hours hack, 60 minutes hack, ap hacked, ap hacking, associated press hacked, Associated Press hacking, Identity Theft, keystroke logging malware, Phishing, spear phishing, Twitter, twitter ap hack
Categories: Site Related

Scam of the day – April 17, 2013 – Smartphone credit card scam

April 17, 2013 Posted by Steven Weisman, Esq.

Many scams are merely updates of older scams. The Nigerian letter of today is actually just the most recent incarnation of a scam that was being done in the 1500s when it was referred to as the “Spanish Prisoner Scam.” Smartphones and other portable devices have made our lives easier and we all depend on them, however, they have also made the lives of identity thieves and scammers easier too as they use them to foist old scams on you by way of new technology. The FBI has recently issued a new warning about a text message that people are receiving that purports to be from the issuer of your credit card telling you that your card has been deactivated. You are then told to call a specific telephone number and provide your personal information including your name, credit card number and other personal information in order to reactivate your card. Although this scam is being used by identity thieves around the country, the FBI warning dealt with calls coming from the 907 area code which is Alaska. But even if you don’t live in Alaska, you may well be receiving a text message from your own local area. This impersonation of your credit card issuer in order to get you to provide the identity thief with information that the identity thief can use to make you a victim of identity theft is called “phishing.”

TIPS

Never, and I do mean never, respond to a text requesting personal information unless you have confirmed that the message to you is legitimate. In this case, if you have even the slightest concern that the text message may be from your credit card issuer, you should call your credit card issuer at the number indicated on the back of your credit card to confirm whether or not the text message you received was legitimate. Then you will find out for sure that it was a scam. You can never be sure when you receive a telephone call, email or text message who is sending you the message. The risk of providing personal information to an identity thief is too high for you to trust any such communication.

I also urge you to pick up a copy of my book “50 Ways to Protect Your Identity in a Digital Age” which provides you with a wealth of specific steps you can take to make yourself safer on your smartphone, tablet or other portable devices. You can click on the picture of the book on the right hand side of this page to go to Amazon where you can purchase the book at a discount.

Read full article |Leave a comment
Tags: alaska credit card scam, fbi credit card scam, Identity Theft, identity thief, Phishing, smartphone credit card scam, spanish prisoner, spanish prisoner scam
Categories: Site Related

Scam of the day – March 6, 2013 – Evernote hacking danger

March 5, 2013 Posted by Steven Weisman, Esq.

Evernote is a popular on line service that helps you store notes, files, web pages and images on all of your electronic devices. It has both a free and a premium service for which you pay. Unfortunately Evernote is also popular with identity thieves as evidenced by its being hacked. Evernote announced the hacking a couple of days ago. According to Evernote, the hackers managed to steal the names, email addresses and encrypted passwords of its customers. Evernote is confident that its encryption program will protect the passwords of its users, but only time will tell. Evernote also stated that it did not believe that credit card numbers used by its premium customers had been accessed. Again, however, premium users of Evernote should be particularly vigilant in monitoring their credit cards. Despite its position that no passwords had been stolen, Evernote is requiring all of its customers to obtain new passwords. The ONLY place to do this is on Evernote’s website at www.evernote.com.

TIPS

Users of Evernote should be particularly wary of an identity theft tactic called “spear phishing.” Spear phishing occurs when you get an email that lures you to a phony website or link where you either become victimized by providing information that is used to make you a victim of identity theft or causes a keystroke logging malware program to be downloaded when you click on the link or download tainted material that steals all of the information from your computer including bank account numbers, Social Security number, credit card numbers and other information that makes you a quick victim of identity theft. What makes spear phishing particularly insidious is that unlike most phishing emails which never use your name, spear phishing is directed to you by name which makes many people more trusting of the email. As I always say, “Trust me, you can’t trust anyone.” Identity thieves will be contacting people by email posing as Evernote and telling them that they need to change their password by clicking on a link contained in the email or by providing other information. Do not fall for this ruse. Evernote is not contacting people by email, but the identity thieves who stole their email list will be. The only place to change your password is www.evernote.com. This is also another good example of the fact that your security is only as safe as the weakest place that holds your information. Limit the places that do have personal information about you as much as possible.

Read full article |Leave a comment
Tags: evernote, evernote hacking, evernote identity theft, evernote passwords, hackers, Identity Theft, keystroke logging malware, passwords, Phishing, spear phishing, spear phishing evernote, www.evernote.com
Categories: Site Related

Scam of the day – March 5, 2013 – Another PayPal scam

March 5, 2013 Posted by Steven Weisman, Esq.

Recently, I received another email purporting to be from PayPal requesting information in order to resolve and undisclosed “issue” with my account. The email goes on to provide a link to click on to go to the proper place to provide the information requested to enable me to use my PayPal account. The email indicates that until this information is provided, my use of the account will be limited. Unfortunately, this email is not from PayPal. It is from an identity thief and it follows a common pattern for these types of scams. It carries a sense of urgency such that if I do not respond, I will not be able to have access to my account. This same tactic is used with phony emails purporting to be from your bank or other companies with which you do business. It is important to remember my motto: “Trust me, you can’t trust anyone.” If you click on the link, one of two things will happen, both of which are bad. The first possibility is that you will be taken to a website where you provide personal information that enables the identity thief to steal your identity. That is called phishing. The second possibility is even worse; merely by clicking on the link, you may unwittingly download a keystroke logging malware program that will steal all of the information from your computer, such as credit card numbers, passwords, account numbers and your Social Security number thereby enabling the identity thief to steal your identity and empty your accounts. The email I received is reproduced below. DO NOT CLICK ON THE LINK.

TIPS

Although as phony emails go, this one was pretty good, there are some telltale signs that it is not a real email from PayPal. The grammar is good and although it does not show it in the copy of the email below, the email to me carried an accurate depiction of the PayPal logo. However, the email is not directed to me individually, but rather to a generic, “Dear Customer” which indicates that it is a scam. A real email from PayPal will use your name in the email and will never ask for personal or account information. As I often say, you can never be sure when you receive an email whether it is legitimate or not so whenever an email asks for information and you have even the slightest thought that it might be legitimate, merely contact the company at a telephone number or email address that you know is accurate. Then you can find out if there really is an issue. In this case, if you need to contact PayPal, its website can be found at https://www.paypal.com. There you can inquire about any emails you may receive that might appear to relate to your account.

We need your help

Dear Customer,

We need your help resolving an issue with your account. To give us time to
work together on this, we’ve temporarily limited what you can do with your
account until the issue is resolved.

We understand it may be frustrating not to have full access to your PayPal
account. We want to work with you to get your account back to normal as
quickly as possible.

What’s the problem?

We need a little bit more information about you to help confirm your
identity.

Case ID Number: PP-001-487-280-335

Click To Confirm

How you can help

It’s usually pretty easy to take care of things like this. Most of the
time, we just need a little more information about your account or latest
transactions.

To help us with this and to find out what you can and can’t do with your
account until the issue is resolved, log in to your account and go to the
Resolution Center.

Sincerely,
PayPal

Read full article |Leave a comment
Tags: keystroke logging malware, Paypal phishing, paypal scam, Phishing, phony paypal email, Scam, www.paypal.com
Categories: Site Related

Scam of the day – January 24, 2013 – Latest PayPal scam

January 24, 2013 Posted by Steven Weisman, Esq.

Once again, today’s “scam of the day” come right from my own email box. I have copied it below. As you can see, it looks pretty authentic except for the fact that it is addressed to “Dear valued PayPal member” rather than being directly addressed to me. The grammar and spelling are both good and as typical in such scams, it creates an emergency to which I must respond. If I believe the email and do not update my account information with them, I am told my account will be suspended. However, my advice to you when you get such an email is to not respond to it by either providing information or clicking on links within the email. This is a phishing email and if you provide the requested information, it will be used to steal your identity as well as access your PayPal account. You also may unwittingly download a keystroke logging malware program if you click on links in the email. This would result in all of the information contained in your computer including credit card numbers, bank account numbers and passwords being stolen by the identity thief.

TIPS

If you receive an email such as the one copied below, do not under any circumstances either click on any link or provide the information requested. If you have any thought that it might be legitimate, call PayPal at a telephone number that you know is legitimate or go to their website to get an address to which you can direct your inquiry about the email. Either way you will then safely learn that the email sent to you was a scam.

For me it was partiularly easy to know that the email was phony because I do not have a PayPal account.

Here is a copy of the email I received. DO NOT click on the links contained within this email.

“Security Center !

Dear valued PayPal member,

Warning ! Your PayPal Account Could Be Suspended!

Identity protection matters. And PayPal works day and night to help keep your identity safe.

Thats why it has come to our attention that your PayPal account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website.

If you could take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service.

However, failure to update your records will result in account suspension.

Once you have updated your account records, your PayPal session will not be interrupted and will continue as normal.

To login to your PayPal account and update your records click on the following link:

update

Updating your billing information and security questions will prevent unauthorized third party access,and possibly unauthorized purchases. We thank you for your cooperation.

Sincerely, Paypal

Help Center | Security Center

This email was sent by an automated system, so if you reply, nobody will see it. To get in touch with us, log in to your account and click “Contact Us” at the bottom of any page.

google Email ID PP059″

Read full article |Leave a comment
Tags: keystroke logging malware, latest paypal scam, Malware, paypal identity theft, Paypal phishing, paypal scam, Phishing, phony paypal account
Categories: Site Related

Scam of the day – January 7, 2013 – Most dangerous websites

January 7, 2013 Posted by Steven Weisman, Esq.

Phishing is the name of the scam whereby you are lured to a phony website that appears to be legitimate, however when you click on links in these phony websites, download material from these websites or provide information to these websites, you put yourself in danger of identity theft or of downloading dangerous keystroke logging malware that can steal all of the information on your computer including credit card numbers, your Social Security number, passwords and various account information. In addition, you may unwittingly have your computer taken over as a part of a botnet (for more information about botnets, check out other postings on scamicide.com or in “50 Ways to Protect Your Identity in a Digital Age”) whereby your computer is made part of the botnet circulating scams around the world.

TIPS

Recently Trend Micro issued a list of the most common websites that were the subjects of phony phishing websites during the past month. The top ten websites of which you should be particularly wary of to make sure that you are dealing with the legitimate company are: PayPal, Wells Fargo, Visa, Citibank, Bank of America, Aol, Yahoo, Hotmail, Gmail and Mastercard. Things to look out for to avoid phishing websites are when you are directed to a website through an email that does not refer to you by name or if the email contains spelling errors or poor grammar that may indicate the email is coming from a foreign scammer (or a poorly educated American scammer). A good rule to follow is to not click on links in emails or text messages to go to a website. If you consider the email or message worth following up on, go to the website of the legitimate company by typing the URL that you know is correct into your browser.

Read full article |Leave a comment
Tags: aol phishing, bank of america phishing, botnets, citibank phishing, gmail phishing, hotmail phishing, hotmal phishing, identity theft phishing, keystroke logging malware, mastercard phishing, most dangerous websites, Paypal phishing, Phishing, phony websites, trend micro, visa phishing, wells frago phishing, yahoo
Categories: Site Related

Scam of the day – December 27, 2012 – Visa security program scam

December 27, 2012 Posted by Steven Weisman, Esq.

The most effective scams are, of course, the scams that most closely resemble real business transactions. I recently received an email which is copied below that purported to be from VISA indicating that I could activate a free Visa Security Program merely by enrolling through providing information in an attached form. The phony email also mentions a legitimate VISA security program entitled “Verified by Visa” as a way of making the recipient of the email trust the email even more. However, don’t trust the email and don’t download the form and provide the information requested. If you do provide the information requested all that will happen is that you will end up providing information to an identity thief who will indeed use that information to steal your identity.

TIPS

If you are interested in the extra security program that VISA provides click on this link (which you can trust) to go to VISA’s webpage for directions to enroll. http://usa.visa.com/personal/security/visa_security_program/vbv/verified_by_visa_faq.html#anchor_10.

Whenever you receive such an email that may interest you, you must remember that you never can be sure of the source of any email. If you are interested and think that the email may be legitimate, go directly on your own to the company’s website. Don’t go to the website through a click on a link in the email because you can’t trust it.

Here is a copy of the email that I received:

“You can learn about the other ways Visa is committed to ensuring your safety by
activation the Visa Security Program.
1. Visa monitors for unusual activity Visa’s fraud-screening solutions constantly scan for suspicious activity and will alert your financial institution to questionable transactions.
2. Charges may be put on hold To safeguard your security, your financial institution may temporarily put suspicious charges on hold.
3. You will be notified as soon as possible Visa works with your financial institution to notify you as soon as possible to verify the legitimacy of questionable charges.
Important: In addition to our other ways of preventing, detecting, and resolving fraud, we offer Verified by Visa, a free, simple-to-use service that confirms your identity with an extra password when you make an online transaction.
Actively monitoring the activity on your account to protect from fraud, you need to activate Visa Security Program.
To activate the program, you need to download and fill the registration form that we sent in this email.
© Copyright 1996-2012 Visa. All Rights Reserved.”

Read full article |Leave a comment
Tags: Phishing, phony email, visa identity theft, visa identity theft danger, visa security program scam, visa security scam
Categories: Site Related

Scam of the day – December 26, 2012 – Latest AOL email scam

December 26, 2012 Posted by Steven Weisman, Esq.

Back to the well of scams that is my email box for today’s scam. I always am particularly happy to find scams in my email box which may sound a bit odd, but really is not when you consider that it lets me know what scams are presently appearing through email. If I am receiving the email, the chances are that so are you. Today’s email brought another phony email purporting to be from AOL telling me that “due to congestion” my AOL email account would be shut down unless I responded by clicking on a link provided in the email. Once again, as I have warned you about in the past, this is a typical identity theft scenario. You receive an email that appears to require your immediate response. However, if either you or I clicked on the link provided one of two things would have occurred; either the link would have taken us to a phishing site where we would have been asked for personal information that would have led to our becoming a victim of identity theft or merely by clicking on the link, we would have downloaded a keystroke logging malware program that would have stolen all of the personal information found on our computer’s hard drive such as bank account numbers, Social Security numbers and credit card numbers which would have resulted in our becoming an immediate victim of identity theft.

TIPS

Anyone armed with the information found on this website and in my book “50 Ways to Protect Your Identity in a Digital Age” would have noticed a number of telling hints that this particular email is phony. The email address of the sender of the email is that of an invidivual person, not of AOL or anyone connected with AOL. This email address is undoubtedly the email address of someone whose email address was hacked and stolen by an identity thief who then made it a part of a botnet through which the identity theft scheme is widely distributed. You can find detailed information about what a botnet is and how it works elsewhere on this website/blog and in even more detail in my book. In fact, the email from which it was sent was not even an AOL address, but rather an Earthlink email address. It is hardly likely that AOL would be using Earthlink accounts to send out legitimate email message. As you can see below, the email that I received was directed to “Dear Aol user” rather than my name and in fact, when I clicked to see who else had received the same email, I saw that it was directed to many others, all of whom had their email address start with the same few letters as mine. Also, by clicking on ”Internet details” at the top of the email, I was able to see that the email did not orginate at the email address from which it was sent. It is also likely that this particular email orginated outside of the United States because the grammar is poor which is one indication that the email is being sent by someone whose primary language is not English. Below you can find a copy of the exact email I received. The particular email I received also does not contain any logos typically found in an official AOL email. Offical AOL mail will have an AOL seal on the border of the email and will appear in a blue envelope in your email box.

Never click on emails such as this one. If you have any concerns that it might be legitimate, merely contact the real person or entity it purports to be sent by at an address or phone number that you know is accurate and you can confirm for yourself that it is a scam. Finally, always keep your firewall and computer security software up to date.

“Dear Aol User,

Due to congestion in all Aol Mail user accounts, there shall be a removal exercise of all used and unused Aol Accounts. Aol Inc would be shutting down several accounts.You will have to confirm your Aol account,

So you are required to logon to your Online Aol Account with the provided link Click here to login and wait for responds from Aol.

We apologize for any inconvenience and appreciate your understanding.

Regards,

Aol”

Read full article |Leave a comment
Tags: 50 ways to protect your idenitity in a digital age, aol congestion email account, aol email scam, aol identity theft, botnet, keystroke logging malware program, official aol email, Phishing
Categories: Site Related

Scams, Fraud, Identity Theft

Posts Tagged: ‘Phishing’

We need your help

“Security Center !

Search this website

Videos

Types of Scams

Books by Steven Weisman

Scams, Fraud, Identity Theft

Posts Tagged: ‘Phishing’

Share this:

Share this:

Share this:

Share this:

Share this:

We need your help

Share this:

“Security Center !

Share this:

Share this:

Share this:

Share this:

Search this website

Videos

Types of Scams

Books by Steven Weisman