Scam of the day – August 5, 2016 – Amazon phishing scam

Using Amazon as a hook for a phishing scam is not surprising since so many people shop through Amazon.  Reproduced below is an Amazon themed email phishing scam that is presently circulating.  DO NOT CLICK ON THE LINK.  As with so many phishing scams, this one appears legitimate as it lures you into clicking on a link in order to provide information purportedly to process your refund. However, the real purpose of the phony email is to persuade you to either provide information that will be used to make you a victim of identity theft or to click on the link which can download keystroke logging malware that will lead to your becoming a victim of identity theft or to download ransomware that will encrypt all of the data on your computer which the hacker will threaten to destroy if you do not pay a ransom.

TIPS
There are a number of indications that phishing emails, such as this, are not legitimate.  Sometimes the address from which it is sent has nothing to do with the company, which is an indication that the email was sent through a botnet of computers hacked into for the purposes of sending out large numbers of such phishing emails while hiding the real source of the email.  However, even if the address of the sender looks correct, it still can be a phishing email.  Grammar and spelling also apparently are not great strengths of many scammers.  Often such messages will contain such errors as in this one the misspelling of the word “system” as “sytem.”  In any event, even if you think when you get such an email that it might be legitimate, the risk of identity theft or ransomware is too great to trust it. Instead, call the company at a telephone number that you know is accurate to confirm whether or not the email is legitimate.  Finally, make sure that you have up to date security software on all of your devices, recognizing, however, that such security software will not protect you from the latest strains of malware.

Scam of the day – August 4, 2016 – Olympic scams

Tomorrow brings the much anticipated opening ceremonies of the 2016 Rio Olympic Games and scammers will be taking advantage of the public’s interest in the event to lure them into scams.  As the Games get underway many people will be receiving emails and text messages purporting to contain updates, photos and videos of Olympic events.  Unfortunately, if you click on the links or download the attachments in these emails, you will end up downloading keystroke logging malware that will steal your personal information from your computer, laptop, tablet or smartphone and use that information to make you a victim of identity theft.   You also run the risk this year of downloading ransomware that will encrypt all of the data on your computer and threaten to destroy it if you do not pay a ransom.

Also, If you are shopping for Olympic merchandise, you should be wary of the large amount of counterfeit and poor value fake Olympic merchandise that is being sold on the Internet.

TIPS

As I have warned you many times, never click on a link or download an attachment unless you are absolutely sure that it is legitimate.  In regard to Olympic email or text message updates you are better off not downloading or clicking on links in any emails or text messages you may receive even if they appear to be from a legitimate source because the URL may appear to be legitimate, but it may merely be “spoofed” or copied from a legitimate site so it appears legitimate, but in truth is not.  You are better off going directly on your own to sources such as www.espn.com that you know are legitimate.  Also, make sure that your anti-malware and anti-virus software is installed and up to date on all of your electronic devices.  Also, be wary of links sent to you through social media such as Facebook even if they look legitimate because it is easy to hack someone’s social media accounts to send out malware that unwary victims click on.

In regard to purchasing official Olympic merchandise, go directly to the official Olympic website of https://www.olympic.org/rio-2016.  If you want Team USA merchandise, go the official Team USA website of http://www.teamusa.org/road-to-rio-2016.   Both of these websites are safe and secure places to purchase official Olympic merchandise and apparel.

Scam of the day – July 21, 2016 – Hackers attack unpatched computers

Recently it was disclosed by the security research firm Proofpoint that a twelve year old malware program known commonly as NetTraveler has been used by Chinese hackers against Russian and Eastern European targets exploiting a vulnerability in Microsoft Word designated as CVE-2012-0158.  This malware program enabled the hackers to infiltrate the computers of their victims who generally downloaded the malware as a result of clicking on links in spear phishing emails.  What is particularly significant about this cyberthreat is that this specific vulnerability was patched four years ago, but many people and companies have still not installed the patches necessary to defend against this particular malware thus leaving them needlessly vulnerable.  Similarly, ransomware, which has developed into a major threat to companies, governments and individuals by which their computer data is encrypted with the hacker threatening to destroy the data unless paid a ransom has turned into a huge worldwide problem.  However, the problem is somewhat bigger than it needs to be as some hackers are still using old ransomware programs for which security patches have already been issued, but failed to be installed by many companies, government agencies and individuals.

It is hard enough to defend yourself against the numerous zero day exploits which are the newer strains of malware exploiting vulnerabilities for which there are no existing security defenses.  Once discovered it can take thirty days or more for the security software companies to come up with a patch for the latest zero day exploits.  However,  no one should fall victim to a malware program for which there already exists a security patch.

TIPS

The solution to protecting yourself from various types of malware including ransomware is to first avoid them in the first place by avoiding spear phishing emails and text messages.  Don’t click on links unless you have absolutely confirmed that they are legitimate.  Installing anti-phishing security software is also advisable, but not totally effective so you should not entirely rely on it to screen all of your phishing emails. Secondly, you should install the latest security updates to all of your software programs as soon as they become available.  The best way to do this is to have updates installed automatically, but in any event, make sure you do not delay installing security updates and patches as soon as they become available.  Here at Scamicide we let you know when important new security updates are issued.

Scam of the day – July 18, 2016 – Facebook cloning or spoofing

Just last weekend, I received three “friend” requests on Facebook from people who were already Facebook friends of mine, which is an indication that someone had set up new Facebook pages in their names and was attempting to lure their friends into becoming friends with the hacker.  This scam is called either Facebook cloning or Facebook spoofing and the goal of the hacker is to get people to respond to the new friend request and then to lure the friends of the person whose Facebook page they commandeered to trust communications and postings from the cloned page in an effort to get them to click on links and download malware or ransomware or respond to emergency requests by sending money.

TIPS

There are many things you can do to protect yourself from this type of scam.  Scammers harvest information from social media to help them in their scams so the first thing you should do is to check to see if the public is able to see your posts.  Click on the padlock at the top right hand side of your Facebook page and click on “Who can see my stuff?”  It should say “friends,” but if it says “public” you should change that setting to “friends” to increase your privacy.

As for accepting friend requests, if you are already a friend of the person, don’t accept a second request.  Also, when accepting friend requests, don’t do it from the friend request email.  Instead go directly to your Facebook page from your browser and not from a link in the email because it could be a phishing scam seeking to steal your password or other information.

Finally, it is worth repeating that you should never trust any communication that contains a link until you have confirmed independently that the communication is legitimate.  The risk of malware in a link found in social media, a text message or email is just too great.

If your Facebook account has been cloned, here is a link that will take you to Facebook with tips as to what to do and how to report the problem.  https://www.facebook.com/help/174210519303259

Scam of the day – July 16, 2016 – Google warning Gmail users about foreign hackers

State sponsored hacking from countries such as China, North Korea and Russia pose a threat to everyone, but Google, which has for years been monitoring hacking attempts by foreign governments, is notifying Gmail customers when Google has reason to believe that their Gmail accounts are being targeted.  If Google finds that you have been targeted you will receive the following message that takes up your entire screen warning you of the danger and urging you to use the more security dual factor authentication.  In its warning, Google indicates that less than 0.1% of all Gmail accounts are targeted, however, it is important to note that this percentage translates into more than a million people who are in jeopardy.

Screen Shot 2016-04-01 at 3.52.40 PM

TIPS

As I have suggested many times, whenever you have the opportunity to use dual factor authentication, it is a wise choice to make because even if someone manages to steal your password or even trick you into providing it, as was the case with Jennifer Lawrence when she was convinced by a phishing email to provide her password to a cybercriminal who used it to access nude photos of her that she stored in the cloud, the hacker will not be able to access your email or other account because a special code provided to you through your cell phone is required whenever you wish to gain access to your account.

Finally, as I so often say, even paranoids have enemies so I urge you to err on the side of caution if you receive this type of notice and not necessarily trust it.  It could be a phishing communication from a cybercriminal luring you into clicking on a link which will either get you to provide personal information that can be used to make you a victim of identity theft or will download keystroke logging malware or ransomware.  The best course of action would be to merely go to Google directly from your browser without clicking on the link contained in the notification.  Here is a link you can trust that will take you to instructions for enabling dual factor authentication for Gmail  https://support.google.com/accounts/answer/185839?hl=en

Scam of the day – June 5, 2016 – Danger when recharging your smartphone

Recently, cyber security company Kaspersky Lab issued a report detailing the dangers posed by the simple act of recharging your phone through someone else’s computer or at a public charging station as are commonly found in airports.  The problem stems from the fact that information is transferred between your smartphone and the charger as soon as you plug your smartphone into the computer or charging station you are using to recharge your smartphone.  Among the information that is transferred is the name of your device, the manufacturer and model, serial number, firmware information, file system and electronic chip ID which would all be shared with a computer that you may be using to recharge your phone.  And while this information may seem to be innocuous, this information is sufficient for a sophisticated hacker to use to gain much further information from your smartphone that could be used to your detriment.  As for the charging stations at airports and elsewhere, they can be either infected with malware or be a fake charging station with the sole purpose of infecting your smartphone.  Once you plug your phone into one of those already infected charging stations or a totally phony charging station, it can install and delete applications, including stealing your data or installing ransomware.

TIPS

So what can you do?  Obviously, you should never use a strange computer to recharge your phone.  The risk is too great.  As for charging stations, confirm that it is a legitimate charging station and not a fake one before you connect your smartphone.  Make sure that your smartphone is secured with a password, fingerprint or iris scanners and do not unlock the smartphone while it is charging.  Always protect the data on your smartphone with encryption programs and finally, use security software programs for your smartphone and make sure that it is updated with the latest security patches.

Scam of the day – March 29, 2016 – SEC settles insider trading charges with Russian hedge fund manager

As I first  reported to you this past August and numerous times thereafter as the story developed, forty-three people were charged both civilly and criminally in the largest hacking and securities fraud enterprise in American history.  The defendants were made up of rogue stock traders including hedge fund manager and former Morgan Stanley employee Vitaly Korchevsky along with computer hackers based in the Ukraine.  The hackers used simple phishing tactics to gain access to more than 150,000 press releases issued by Marketwired, PR Newswire in New York and Business Wire of San Francisco on behalf of numerous American companies including Panera, Caterpillar, Inc and Align Technology that contained earnings and other corporate information prior to their public release.  This enabled the rogue stock traders to make trades based on this inside information before it became known to the public.  Trades using this stolen information were made by traders in Russia, Ukraine, Malta, Cyprus, France and here in the United States in Georgia, New York and Pennsylvania  It is estimated that between 2010 and 2015, the defendants made profits of  as much as 100 million dollars on 800 trades during this time.  In December, Alexander Garkusha, one of the defendants pleaded guilty to making trades based upon the stolen information that personally gained him $125,000. Garkusha is cooperating with the government at this time.  His sentencing is scheduled for May 6th.  In January, Igor Dubovoy also pleaded guilty to conspiracy to commit wire fraud and agreed to forfeit more than 11 million dollars.

Now the SEC has announced that it has settled civil charges against Moscow-based hedge fund manager David Amaryan and his funds Copperstone Alpha Fund, Copperstone Capital, Ocean Prime, Inc and Intertrade Pacific SA through which Amaryan earned more than eight million dollars in profits through the illegal scheme.  Pursuant to the settlement, Amaryan and his companies will pay the SEC ten million dollars.  Of course, as is typical in such settlements, Amaryan neither admitted nor denied any wrongdoing, however pursuant to the settlement he is prohibited from using such tactics in the future, which is akin to Amaryan saying he didn’t do anything wrong and he promises not to do it again while also agreeing to pay ten million dollars to the SEC.

TIPS

One of the biggest takeaways from this case is how easy it is to still use phishing emails to lure people into clicking on links tainted with malware that permits hackers to steal a person’s or company’s data.  Phishing and the more targeted spear phishing is also the way that the ransomware used against the Hollywood Presbyterian Medical Center was implanted in its computers.   Apparently corporations still have not learned to sufficiently train their employees to recognize phishing emails nor have they learned to encrypt and segregate sensitive data from hackers.  This lesson is one that each of us, as individuals, should also learn in our own lives because identity thieves and hackers use the same phishing techniques to enable criminals to hack into the computers of individuals and steal their personal information.  Never click on links in emails regardless of from whom they appear to come unless you are absolutely sure that the link is legitimate.  It well could contain keystroke logging malware that will steal all of the information from your computer.  Also, it is important to remember that you cannot rely on your anti-malware software to protect you because the best anti-malware software is always at least a month behind the latest malware.  However, it is still important to have security software on all of your electronic devices and keep that software up to date with the latest security patches because many scammers use older versions of malware for which there are defenses.

Scam of the day – February 20, 2016 – Nine new defendants in cyber stock scam

As I first  reported to you this past August and twice thereafter, more than thirty people were  indicted in the largest hacking and securities fraud enterprise in American history.  The defendants were made up of rogue stock traders including hedge fund manager and former Morgan Stanley employee Vitaly Korchevsky along with computer hackers based in the Ukraine.  The hackers used simple phishing tactics to gain access to more than 150,000 press releases issued by Marketwired, PR Newswire in New York and Business Wire of San Francisco on behalf of numerous American companies including Panera, Caterpillar, Inc and Align Technology that contained earnings and other corporate information prior to their public release.  This enabled the rogue stock traders to make trades based on this inside information before it became known to the public.  Trades using this stolen information were made by traders in Russia, Ukraine, Malta, Cyprus, France and here in the United States in Georgia, New York and Pennsylvania  It is estimated that between 2010 and 2015, the defendants made profits of  as much as 100 million dollars on 800 trades during this time.  In December, Alexander Garkusha, one of the defendants pleaded guilty to making trades based upon the stolen information that personally gained him $125,000. Garkusha is cooperating with the government at this time.  His sentencing is scheduled for May 6th.  In January, Igor Dubovoy also pleaded guilty to conspiracy to commit wire fraud and agreed to forfeit more than 11 million dollars.

Now the SEC has filed fraud charges against nine new defendants in this case including both companies and individuals who traded with a brokerage company in Malta using the stolen information.

TIPS

One of the biggest takeaways from this case is how easy it is to still use phishing emails to lure people into clicking on links tainted with malware that permits hackers to steal a person’s or company’s data.  Phishing and the more targeted spear phishing is also the way that the ransomware used against the Hollywood Presbyterian Medical Center was implanted in its computers.   Apparently corporations still have not learned to train their employees to recognize phishing emails nor have they learned to encrypt and segregate sensitive data from hackers.  This lesson is one that each of us, as individuals, should also learn in our own lives because identity thieves and hackers use the same phishing techniques to enable the stealing of the identities of individual victims.  Never click on links in emails regardless of from whom they appear to come unless you are absolutely sure that the link is legitimate.  It well could contain keystroke logging malware that will steal all of the information from your computer.  Also, it is important to remember that you cannot rely on your anti-malware software to protect you because the best anti-malware software is always at least a month behind the latest malware.  However, it is still important to have security software on all of your electronic devices and keep that software up to date with the latest security patches because many scammers use older versions of malware for which there are defenses.

Scam of the day – February 19, 2016 – Hospital pays ransomware hackers

I have been warning you about the dangers of ransomware since 2012.  Ransomware  problems begin when you find your computer frozen and a message on your screen tells you that your computer will remain frozen until you pay a “ransom.”  CryptoWall and its predecessor CryptoLocker ransomware have been used effectively by criminals for years.    The most recent version of ransomware being used is called Tescrypt.  Companies, government agencies and individuals have all been the targets of ransomware.  In fact, a number of police departments, including the Swansea Massachusetts police department have been the victims of ransomware and actually paid the ransom. More recently, the town of Medfield, Massachusetts paid a bitcoin ransom equal to approximately $300 to a hacker who used ransomware to encrypt and lock the municipalities computer network.

Recently the computer system of the Hollywood Presbyterian Medical Center had its computers locked and encrypted by ransomware and this week paid a ransom of 50 bitcoins (approximately $16,664) to get back access to its computers.

As with many types of malware, you download ransomware when you click on tainted links or tainted attachments, which is why I always warn you not to click on any links or download attachments unless you are absolutely sure that they are legitimate. That is what happened in Medfield and at the Hollywood Presbyterian Medical Center. In my end of the year column for 2015 for USA Today, I predicted an upswing in ransomware.  This prediction, unfortunately, has proven to be accurate.  Here is a link to that column. http://www.usatoday.com/story/money/columnist/2015/12/27/weisman-cybersecurity-predictions/77832588/

TIPS

The best way to deal with ransomware is to avoid it in the first place.  Have a good firewall, good anti-virus and good anti-malware software installed on your computer, tablet or other devices and keep the software up to date.  However, remember that the security software companies are always playing catchup with hackers, so your security software will not always protect you.  The latest incarnations of most malware is generally at least thirty days ahead of the security software companies so you can never rely on your security software and your firewall to keep you totally safe.   However, make sure that when security updates are available that you download them as soon as possible.  Many people become victims of older versions of ransomware because they have not updated their security software.  Also, you should always back up everything on your computer in the Cloud or on a USB drive or preferably both.  Finally, never click on links or download attachments unless you are absolutely positive that they are legitimate and the only way to do this is to confirm that they are legitimate with the real companies you think may be sending you the email before ever clicking on a link or downloading an attachment.

If you are a victim of ransomware, here are a couple of free links that may help you.   The first  is a link to Microsoft’s Malware Protection Center with links and instructions for removing ransomware infections from your computer: http://www.microsoft.com/security/portal/shared/ransomware.aspx#recover.  The second is to Malwarebytes Anti-Malware which will detect and remove malware such as trojans and spyware.  The link is www.malwarebytes.org.  Some types of ransomware cannot be defeated after they are installed, but it is always worth a try.

Scam of the day – November 29, 2015 – UAE bank hacked

The Bank of Sharjah in the United Arab Emirates was recently hacked and the hacker, who calls himself Hacker Buba is reportedly threatening to make public confidential information including account statements of the bank’s customers if he does not receive a three million dollar bitcoin ransom by the end of the weekend.  This is not an idle threat as the hacker has already released account statements of more than five hundred of the bank’s customers.  Officially, the bank’s chief financial and operating officer has admitted that the bank has been hacked and is being blackmailed, however, the bank has indicated that it will not give in to extortion and is refusing to pay the ransom.

TIPS

Cybercriminals are more and more turning to extortion against banks, lawfirms and other companies by which the cybercriminals threaten to either publicly release privileged data or encrypt and destroy the data of the targeted company.  In many instances, companies have not made public that they have been the victims of such cyber extortion.  As I constantly remind you, your data is only as secure as the companies with which you do business with the weakest security.  Choosing companies to do business with that have strong cybersecurity standards is something we all should consider.