Scam of the day – April 19, 2017 – Phony Nintendo Switch emulator scam

The recently launched Nintendo Switch is the latest video game console released by Nintendo.  Software emulators for the Nintendo Switch are being offered online in many places including YouTube where thousands of videos can be found offering Nintendo Switch emulators.  Emulators permit someone to play console-only games on their portable devices such as their smartphones or tablets.  Nintendo does not make such an emulator.  People going to one of these phony Nintendo Switch emulator websites are generally directed to a survey that they must complete in order to receive the code necessary to use the offered emulator, however, this is a scam and while completing the survey provides the scammers with rewards because they are paid by marketers for each completed survey they supply, the person trying to get the emulator ends up with nothing.  Even worse is the very real possibility that someone downloading attachments for what they think is a Nintendo Switch emulator will be downloading malware that can either lead to identity theft or ransomware malware.

The phony Nintendo Switch emulator scam was uncovered by Symantec, a security company.

TIPS

There presently is no emulator for the Nintendo Switch, so any online offer of one at this time is a scam.  Being directed to a survey when you are attempting to locate something free on the Internet is always a source of concern for while there are legitimate surveys that will provide you something in return, such as a chance at winning a gift card, many of these surveys are scams providing nothing in return.  Finally, as always never click on links or download attachments unless you have absolutely confirmed that the link or download is legitimate.  The risk of downloading dangerous malware is too great.

Scam of the day – April 16, 2017 – Federal Express phishing email

Shown below is a copy of an email that I received recently that purports to be from Federal Express urging me to click on a link to the oddly worded “message with the required information” without any indication as to to what the “required information” relates.  This is just another clever, legitimate appearing phishing email attempting to lure me into clicking on the link.  DO NOT CLICK ON THE LINK.  Clicking on the link either in an email that you might receive or the one shown below  would either take you to another legitimate looking page where you would be prompted to input personal information that would be used to make you a victim of identity theft or would download on to your computer a keystroke logging program that will steal all of the information from your computer including passwords, credit card numbers, your Social Security number and other personal information that would be used to make you a victim of identity theft.   Phishing emails like this are also used to trick people into unwittingly downloading ransomware. If you look closely at the email, you will note that even though it has the Federal Express logo and looks quite official, there are a number of tip offs that this is indeed a phishing scam.  What is not shown on the email as copied below is that it is sent from an address that is not that of Federal Express.  The email of the sender is that of a private individual who, most likely, had his or her email account hacked and used as a part of a botnet to send out these types of phishing emails.  The email also never refers to me by name.only refers to me as customer rather than by my name.  It is also important not to click on the “unsubscribe” link because that too may be loaded with malware.

FedEx Express

We have sent you a message with the required information.
Click here to open this email in your browser.

Thanks for choosing FedEx®.

More details
This message was sent to **************. Please click unsubscribe if you don’t want to receive these messages from FedEx Express in the future.
©2017 FedEx. The content of this message is protected by copyright and trademark laws under U.S. and international law.
Review our privacy policy. All rights reserved

TIPS

If you receive on any email from a company that asks you to click on a link, you should hesitate to do so, particularly if it appears bogus as this one does.  If you have the slightest thought that the email may be legitimate, rather than click on the link, go to the website of the company, which in this case is www.fedex.com or call them directly at 1-800-463-3339.

April 11, 2017 – Steve Weisman’s latest column for USA Today

Ransomware is one of the biggest cyberproblems for individuals, companies and governmental agencies.  Here is a link to my latest column for USA Today in which I describe a new variation of ransomware that is based on a Star Trek theme.

https://www.usatoday.com/story/money/columnist/2017/04/11/star-trek-themed-ransomware-interferes-civilization-bigtime/100077300/

Scam of the day – April 8, 2017 – Apple phishing email

Today I received an email from Apple Tech Support or at least that is from where the email represented it was being sent even though the email address from which the email was actually sent was the email address of a private individual who most likely had his email account hacked and used by a scammer to send out the phishing email.

The email I received is copied below.  DO NOT CLICK ON THE LINK.

The email  purported to inform me that for security reasons I needed to confirm my identity and provided a link for me to click on to provide the necessary information to regain use of my Apple account.  This is a phishing scam.  If you click on the link contained in the email, you will either download keystroke logging malware that can steal your personal information from your computer and lead to your becoming a victim of identity theft or be taken to a legitimate appearing page where you are lured into providing your personal information that will also result in your becoming a victim of identity theft.  Other times by clicking on the link you will unwittingly download dangerous ransomware.

TIPS

This particular phishing email has many signs that is a a scam.  It is addressed to “Dear Client” rather than to me by name.  In addition, the first sentence is grammatically incorrect.  Often these scams originate in countries where English is not the primary language and this is reflected in these phishing scams.  While the Apple logo looks legitimate, this is easy to copy.  The key thing to remember is, as I always am saying, “trust me, you can’t trust anyone.”  Never click on links in emails unless you have absolutely confirmed that the communication is legitimate.  If you received an email such as this and you had the slightest thought that it might be legitimate, you should merely contact the real company, in this case, Apple, at a phone number or online independently of the email and at a telephone number or email address that you know is correct.

Dear Client,

Your AppleID  was suspended until we’ve response from you.

We are temporarily restricting modifications to this account as a security precaution. Please go to (https://appleid.apple.com) and confirm your identity to regain access to your account.

Your account will have restricted functionality until we hear from you.

Thanks,
Apple Customer Support

Terms of Service • Privacy Policy
Copyright © 2017 Apple Inc. 1 Infinite Loop, Cupertino, CA 95014. • All Rights Reserved

Scam of the day – March 28, 2017 – Star Trek themed ransomware

Ransomware is  a type of malware that gets unwittingly downloaded on to a company’s, institution’s, government agency’s or individual person’s computer, which when downloaded encrypts the data of the victim.  The victim is then told to either pay a ransom, generally in bitcoins, within a short period of time or the hacker will destroy the data.

Ransomware has become one of the most common and effective cybercrimes in the last year, successfully targeting individuals and a wide range of companies including law firms, accounting firms and even police departments. According to the United States Justice Department, ransomware attacks quadrupled last year to more than 4,000 per day.  As big a problem as ransomware was last year, I predict it will be much worse in 2017.

New strains of ransomware are constantly being developed and one of the more interesting ones to appear recently is the Star Trek themed ransomware called Kirk ransomware referring to Captain James T. Kirk of the original Star Trek television show.  When the Kirk ransomware attacks your computer it fills your screen with a ransomware demand with the images of Captain Kirk and Mr. Spock in the background.  The ransom is demanded in the form of a cryptocurrency similar to Bitcoin called Monero.  The ransom generally is valued at about a thousand dollars in Monero currency.  If the victim agrees to pay the ransom, a decryption tool is provided entitled Spock.

TIPS

The key to not becoming a victim of a ransomware attack is to prevent it in the first place.  Generally, the malware is installed unwittingly by victims when they are lured through phishing and spear phishing emails to click on links infected with the malware.  Never click on links in emails or text messages regardless of how legitimate they may appear until you have verified that it is legitimate.  You should also install anti-phishing software.

It is also important to not only have anti-malware software installed on all of your electronic devices, but to make sure that you update the security software with the latest security patches and updates.  Many victims of ransomware have fallen victim to strains of ransomware for which there are already security software available to thwart it.   Finally, always back up your computer’s data daily, preferably in two different ways in order to protect your data in the event you do become a victim of ransomware.

Scam of the day – February 4, 2017 – Hotel suffers ransomware attack

Ransomware is  a type of malware that gets unwittingly downloaded on to a company’s, institution’s, government agency’s or individual person’s computer, which when downloaded encrypts the data of the victim.  The victim is then told to either pay a ransom, generally in bitcoins within a short period of time, or the hacker will destroy the data.

In a new twist on the ransomware story, the computer system of the Seehotel Jaegerwirt hotel in Austria became infected with ransomware that controlled the electronic key system for the hotel which creates the cards used as keys for each hotel room preventing the hotel from issuing new keys.  Faced with an inability of their newly  arrived guests to access their rooms, the hotel quickly acquiesced to the demands of the hackers and paid a bitcoin ransom of approximately $1,600 to the hackers who then gave them back control over their systems.  Interestingly, a spokesman for the hotel said that when the hotel rooms are refurbished in the future, the hotel intends to revert back to old-style door locks and actual keys in order to avoid problems such as this in the future.

Ransomware has become one of the most common and effective cybercrimes in the last year, successfully targeting individuals and a wide range of companies including law firms, accounting firms and even police departments. According to the United States Justice Department, ransomware attacks quadrupled last year to more than 4,000 per day.  As big a problem as ransomware was last year, I predict it will be much worse in 2017.

TIPS

The key to not becoming a victim of a ransomware attack is to prevent it in the first place.  Generally, the malware is installed unwittingly by victims when they are lured through phishing and spear phishing emails to click on links infected with the malware.  Never click on links in emails or text messages regardless of how legitimate they may appear until you have verified that it is legitimate.  You should also install anti-phishing software.

It is also important to not only have anti-malware software installed on all of your electronic devices, but to make sure that you update the security software with the latest security patches and updates.  Many victims of ransomware have fallen victim to strains of ransomware for which there are already security software available to thwart it.   Finally, always back up your computer’s data daily, preferably in two different ways in order to protect your data in the event you do become a victim of ransomware.

Scam of the day – January 24, 2017 – Utility bill scams

Scams regarding payments of utility bills are occurring with greater frequency now that Winter has arrived.  The Nebraska Public Service Commission is warning consumers about a number of these scams, but these scams are certainly not limited to Nebraska.

In one version of the scam, potential victims receive telephone calls purportedly from their utility company informing them of a special company promotion for which they are eligible.  They just need to provide some personal information.

In another version, potential victims are called on the phone and told that their utility service will be terminated for non-payment unless they pay by credit card over the phone.

In a third version of this scam, potential victims receive an email that has a link to take them to their bill.

All of these are scams.  In the first, there is no special promotion and the victim ends up providing personal information that leads to identity theft.  In the second, the victim is coerced into giving their credit card information to a scammer and in the third, merely by clicking on the link to go to the phony bill, the victim ends up downloading keystroke logging malware or ransomware that can lead to identity theft or worse.

TIPS

You can never be sure when you get an email or a telephone call if it is really from a legitimate source.  Email addresses can be hacked to appear legitimate and even if you have Caller ID, a scammer can use a technique called “spoofing” to make it appear that the call is from a legitimate caller.

Trust me, you can’t trust anyone.  Never provide personal or financial information to anyone in response to a telephone call, text message or email until you have independently confirmed that the communication was legitimate.  In the case of a utility bill, merely call the number on the back of your bill and you will be able to confirm whether or not the communication was legitimate.  Also, never click on links unless you have confirmed that they are legitimate.  The risk is too great.

Scam of the day – January 22, 2017 – College falls victim of ransomware

Ransomware, as regular readers of Scamicide know, is  a type of malware that gets unwittingly downloaded on to a company’s, institution’s, government agency or individual person’s computer, which when downloaded encrypts the data of the victim.  The victim is then told to either pay a ransom, generally in bitcoins within a short period of time, or the hacker will destroy the data.

The latest public victim of ransomware is the Los Angeles Valley Community College District which recently paid a $28,000 bitcoin ransom after ransomware locked the campus’ computer network along with its email and voicemail systems.  After paying the ransom, the code was delivered to the school enabling them to regain their files and control over their email and voicemail systems.

Ransomware has become one of the most common and effective cybercrimes in the last year, successfully targeting individuals and a wide range of companies including law firms, accounting firms and even police departments. As big a problem as ransomware was last year, I predict it will be much worse in 2017.

TIPS

The key to not becoming a victim of a ransomware attack is to prevent it in the first place.  Generally, the malware is installed unwittingly by victims when they are lured through phishing and spear phishing emails to click on links infected with the malware.  Never click on links in emails or text messages regardless of how legitimate they may appear until you have verified that it is legitimate.  You should also install anti-phishing software.

It is also important to not only have anti-malware software installed on all of your electronic devices, but to make sure that you update the security software with the latest security patches and updates.  Many victims of ransomware have fallen victim to strains of ransomware for which there are already security software available to thwart it.   Finally, always back up your computer’s data daily, preferably in two different ways in order to protect your data in the event you do become a victim of ransomware.

Scam of the day – January 19, 2017 – W-2 scam

We have just come out of the holiday season which is, perhaps, the biggest time of the year for scams and now we are entering the income tax season which probably runs a close second when it comes to scams.

Employers are now sending out W-2 forms to employees which are necessary for the employees to complete their income tax returns.  Many employers will send an email to employees about obtaining their W-2s online and scammers are taking advantage of this by sending emails that appear to come from the potential victim’s employee which contain a link to be used to view and then print the victim’s W-2.  However, when scammers send these phishing emails they are seeking the username and password of the victim which will be provided to the scammer when the victim clicks on the link and provides this information when prompted.  This can lead to identity theft.  In another variation of this scam, merely by clicking on the link, the victim downloads keystroke logging malware that will steal all the information in the victim’s computer and use it to make the person a victim of identity theft.  In yet another variation of the scam, clicking on the link will download dangerous ransomware.

TIPS

Employers will generally not include a link in legitimate emails to access their W-2 forms online.  Instead they will instruct the employee to go directly to this information at the appropriate department within the employer using their username and password separately.    Even if your employer were to provide a link in such a legitimate email, you could never be sure that the email was from your employer so you should not click on the link.  It is better to independently go to the department of your employer that has this information.

Scam of the day – December 19, 2016 – Android Super Mario Run scam

Super Mario Run is presently the most popular game in the App Store for iPhones and other Apple devices. Unfortunately, for those of you with Android devices, Nintendo has not yet created an Android Application Package version of Super Mario Run although scammers are indicating throughout the Internet that they have free Android versions of Super Mario Run that you can download.  This is a total scam. Sometimes a leaked version of a game is leaked before it is officially launched, however, in this instance, Nintendo hasn’t created one yet so there is nothing to leak.  Anytime you download an Android version of Super Mario Run, you are running the risk of downloading attached malware that can be used to steal your identity or bring other dangers such as ransomware.

TIPS

Free apps loaded with malware present a tremendous danger.  The best thing you can do is to stay with sources such as the App Store or Google Play that you know are legitimate when looking for apps.  Although neither of these companies are perfect when it comes to investigating apps to make sure they are legitimate and not filled with malware, they both do a pretty good job of vetting apps before they are made available to the public.