Scam of the day – May 26, 2017 – Latest USAA phishing scam

USAA is the insurer of millions of members of the military as well as many veterans so it is no surprise that it is the basis for a new phishing email presently being circulated.  As with so many phishing emails, this one tells you  that you need to click on links in the email in order to resolve security issues.  The truth is that if you click on the link or provide personal information, you will become a victim of identity theft as the criminal will use the information you provide to make you a victim of identity theft.  Alternatively, merely by clicking on the link provided in the email, you may download keystroke logging malware that will enable the identity thief to steal all of the information in your computer, laptop or other device and use that information to make you a victim of identity theft.   In another scenario, clicking on the link will download dangerous ransomware.

Here is a copy of the new phishing email that is presently circulating.  DO NOT CLICK ON THE LINKS.  As phishing emails go, the graphics are pretty impressive.   It should be noted that the email is directed to “Dear Customer” rather than your name and no account number is provided. These are further indications that this is a scam.  Finally, this email was sent by an email address that had nothing to do with USAA, but was undoubtedly part of a botnet of computers using email addresses of hacked email accounts to send out the phishing email.


Frankly, whenever you get an email, you can never be sure who is really sending it to you.  Obviously if you receive this email and you do not have an account with USAA, you know it is a scam, however, if you receive something like this that appears to come from a company with which you do business, you should still not click on any links contained in the email unless you have independently confirmed with the company that the email is legitimate.  Remember, even paranoids have enemies.

Scam of the day – June 20, 2016 – LinkedIn phishing email

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work.  Here is a copy of a new phishing email that appears to come from LinkedIn that is presently circulating.  DO NOT CLICK ON THE LINK.  Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond.  Because LinkedIn has been in the news regarding a massive data breach, many people might be more likely to trust this email.  Don’t trust it.

“Dear Linkedin User

Due to the recent upgrade in linkedin you have to upgrade your account to keep using linkedin  or your account will be terminated.
In order to login click the link below
to login and wait for responds from linkedin.
We apologies for any inconvenience and appreciate your understanding.


There are a number of indications that this is not a legitimate email from LinkedIn, but instead is a phishing email.  The email address from which it was sent has nothing to do with LinkedIn, but most likely was from a hacked email account that is a part of a botnet of computers controlled remotely by the scammer.  In addition, they also would not use the generic greeting “Dear LinkedIn User,” but would rather specifically direct the email to you by your name. Another indication that this is a scam is the poor grammar where the email reads, “We apologies for any inconvenience.”  English is often not the primary language of many scammers based around the world and it shows in their grammar.

As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the company at a telephone number you know is accurate where you can confirm that it is a scam and make sure that you dial the telephone number correctly because scammers have been known to buy phone numbers that are just a digit off of the legitimate numbers for companies to trap you if you make a mistake in dialing the real number.


Scam of the day – December 29, 2015 – Data on 191 million American voters exposed online

In a disturbing discovery, security researcher Chris Vickery announced that he found a database of information on more than 191 million American voters from all fifty states available and exposed on the Internet due to an incorrectly configured database.  The information includes the names, addresses, phone numbers, dates of birth and political affiliations of the people contained in the database.  Chris Vickery, you may remember was the researcher who also recently found a similar data vulnerability with the Hello Kitty website.  There is no indication at this time that the information had been accessed by identity thieves and scammers who could use the information to advance any number of illegal activities such as spear phishing to lure people into downloading keystroke logging malware that would enable the identity thief to steal the victim’s personal information from their computer and use it to make them a victim of identity theft.  As I write this Scam of the day, the vulnerable database remains available online.

Generally, voter registration data is a matter of public record in most states.  The various states have differing rules limiting the use of the data.  For instance, South Dakota requires that such data not be provided to people for use commercially.  Compiling all of the data from all of the states is a time consuming effort, but the effort is worthwhile for companies that gather the data and sell it to political campaigns to assist them in getting their message out in an effective and targeted manner.


This is just another example of the need for greater regulation regarding access to the vast amounts of personal information about us all that is so accessible in the computer age.  This also serves as a warning to everyone to follow my motto of “trust me, you can’t trust anyone.”  Scammers and identity thieves with access to personal information about you can tailor their messages and scams to make them appear more legitimate because of the information about you that they have, which is why you should never provide personal information such as credit card numbers, bank account information or Social Security numbers to anyone who contacts you unless you have confirmed that they are legitimate.  Too often they may be a scammer or identity thief who is just using personal information he or she gained elsewhere to entice you into providing personal information under some legitimate sounding guise that will, in turn, be used against you to make you a victim of identity theft or the victim of a scam.

Scam of the day – March 27, 2015 – Another Nigerian letter scam

As we all know by now, the Nigerian letter scam is the name for a type of scam in which you are told that under some pretense you are to receive a huge amount of money for doing next to nothing.  Of course, once you correspond with the sender of the email, you soon learn that it takes payment after payment from you under various guises in order to receive the money and, of course, ultimately, you receive nothing, but the scammer has managed to trick you out of your money.  Here is a copy of such an email that I recently received:

“Dear Friend ,

How are you? I am sorry but happy to inform you about my success in getting those funds transferred under the co-operation of a new partner from Kosovo though I tried my best to involve you in the business but God decided the whole situations.  Presently I am in Kosovo for investment projects with my own share of the total sum. Meanwhile, I did not forget your past efforts and attempts to assist me in transferring those funds despite that it failed us somehow.

Now contact my little friend in South Africa his name is. Mr. Betrand Thando On his e-mail address;  Ask him to send you the total sum of $400.000.00 (four hundred thousand usd) which i kept for your compensation for all the past efforts and attempts to assist me in this matter. I appreciated your efforts at that time very much. So feel free and get in touch with my little friend. And instruct him where to send the amount to you. Please do let me know immediately you receive it so that we can share the joy after all the sufferness at that time.  In the moment, I am very busy here because of the investment projects which I and the new partner are having at hand, finally, remember that I had forwarded instruction to my friend on your behalf to receive that money, so feel free to get in touch with him he will send the amount to you without any delay.

Miss. Bea.”


This email is typical of many others and filled with poor grammar and punctuation.  In this case, the letter even speaks of previous dealings which certainly cannot be true. The story is utterly preposterous.  So who would possibly fall for this?  Only the truly gullible and that is the very strategy used by these scammers.  They do not want to waste their time on people who might eventually see through their scam so they make their plea as outrageous as possible so that if someone takes the bait, they are likely to be able to cheat that person out of their money.

By now, we all know that no one is giving you something for nothing and even the most gullible among us must ask themselves, why they were singled out for such good fortune.  The answer is that this is a scam and the best thing you can do is to enjoy the humor of these emails, but never respond to them

Scam of the day – October 4, 2014 – J.P. Morgan update and credit freeze information

Last Thursday, in a required SEC filing,  J.P. Morgan Chase & Co. reported that the data breach, which we reported to you about when it was first discovered during the summer, was much larger than initially thought.  At the time, J.P. Morgan believed that only a million accounts were compromised, but now, J.P. Morgan is indicated that information on 76 million households and 7 million small businesses was stolen by hackers thought to be from Russia or another Eastern European country.  According to the SEC filing, J.P. Morgan says that the information stolen included names, addresses, phone numbers and email addresses.  At this time J.P. Morgan is saying that they are not aware of fraudulent activities tied to the data breach and that no account numbers, passwords, user IDs or Social Security numbers were stolen.  The data breach apparently began in June and went on until discovered in mid August, which is especially troubling because it provided time for the hackers to cover their tracks for what may have been their true goal.  The hackers did manage to gain access to the entire list of applications and programs used by J.P. Morgan Chase on its computers which could then be evaluated by the hackers for inevitable vulnerabilities that could be exploited at a later time.  Obviously J.P. Morgan is busy trying to protect against this threat.


For customers of J.P. Morgan Chase, now is not the time to run and hide nor take your money out of the bank.  In fact, at the time that the FBI began its initial investigation of this data breach during the summer, it indicated that it was looking into possible data breaches of as many as four other banks as well.  It may well be that we are not yet aware of the breaches that occurred and may still be going on in other banks.  You can expect either the hackers, people who the hackers sell the information they gathered and even totally independent identity thieves to start contacting people through emails, text messages and phone calls purporting to be from J.P. Morgan Chase.  In these contacts, they will attempt to lure unsuspecting victims into providing personal information under various guises or clicking on links to obtain what may appear to be important information.  However, if you provide that personal information all you will do is end up a victim of identity thief.  If you click on the links in emails or text messages appearing to be from J.P. Morgan you may well end up downloading keystroke logging malware that will steal all of the information from your computer that will be used to make you a victim of identity theft.  Trust me, you can’t trust anyone.  Even if your Caller ID appears to show that the call you receive is form J. P. Morgan Chase, scammers are able to make their calls appear to be from J.P. Morgan Chase through a tactic called spoofing.  The best course of action if you receive any purported communication from the bank is to not respond directly, but instead contact the bank independently on your own to find out what the truth is.

This also may be a good time to consider putting a credit freeze on your credit report so that even if someone manages to obtain your Social Security number and other personal information, they will be unable to access your credit report and run up large debt in your name.  A separate credit freeze needs to be established at each of the three major credit reporting agencies to be effective.  Here are the links to the pages at Experian, TransUnion and Equifax where you can put a credit freeze on your report and get some peace of mind.




Scam of the Day – September 26, 2014 – Bank tellers charged with identity theft

For a long time I have told you that you are only as safe from identity theft as the places with the weakest security that have your information.  It is for this reason that I urge you to limit the places that do have your personal information, such as your Social Security number as much as you can.  For example,  your doctor asks for your Social Security number, ask in return if they would be willing to accept your driver’s license.  A doctor does not need your Social Security number; they generally ask for it merely to make collection of overdue bills easier.  Sometimes, however, you have no control over the security breaches that can make you a victim of identity theft.  New York Attorney General Eric T. Schneiderman announced recently that three bank tellers and two other people stole more than $850,000 from the accounts of customers of the banks where the tellers worked and had access to personal and financial information of hundreds of customers.  The banks have reimbursed the customers who lost money in this scam.


It is very important to be vigilant in regard to monitoring all of your financial accounts for fraudulent activities.  This means regularly reviewing all of the transactions in your bank accounts, brokerage accounts, credit cards and all other financial accounts that you may have.  The earlier you spot a problem, the easier it is to correct.  This also means monitoring your bills such as your telephone bills for fraudulent charges that may appear through a scam called cramming where regular small charges, sometimes easy to overlook, are put on your phone bill by scammers in various ways.

Scam of the day – July 22, 2014 – Malaysian Airliner Flight MH 17 scams

With the world’s attention focused on the recent  shooting down of Malaysian Airlines Flight MH 17 over the Ukraine, it was inevitable that identity thieves and scammers would soon be exploiting this event toward their own criminal goals and that is just what is already happening.  There are a variety of scams that have sprung up that are using the shooting down of the airplane as a hook to scam members of the public.  One scam involves phony charities that are asking for donations for the benefit of the victims of the missile attack only to steal all of the donations.  Another scam involves emails, text messages or communications on social media, such as Facebook that promise startling video of the event.  One message reads “Video Camera Caught the moment plane MH17 Crash over Ukraine.  Watch here the video of Crash.”  If your curiosity gets the better of you and you click on the link to view the video, you may unwittingly download a keystroke logging malware program that will steal all of your personal information from your computer and make you a victim of identity theft.


You should never give to a charity until you  have confirmed that it is legitimate.  Go to where you can not only find out whether or not the charity is legitimate, but also how much of your donation goes toward charitable purposes and how much goes to administrative costs and salaries.

As I always warn you, you should never click on any link in any email, text message, social media or other communication unless you are absolutely sure that it is legitimate.  In this case, the particular language that I reported above that is used to lure people to download malware is written in broken English and could be an indication that the source is a foreign scammer or identity thief.  If you must search for such video, stay with legitimate new sources such as CNN, ABC, CBS, NBC, Fox or other sources that can be trusted.

Scam of the day – July 9, 2014 – Spoofing scam

Spoofing is a funny sounding word, but there is nothing funny about spoofing, which is the name for the scam tactic used by scammers by which they are able to fool your caller ID such that when you receive a call, it appears to come from a legitimate company, governmental agency, such as the IRS or even your own telephone number.  Sometimes the spoofed calls are automated robocalls in which you are asked for financial information in order to assist you in obtaining a lower interest on your credit card or some tempting ruse.  Other times there will actually be someone on the line purporting to be from a legitimate company or governmental agency.  Using either the carrot or stick approach, they either try to instill fear in you in order to lure you into providing personal information in order to avoid a problem with your bank, the IRS or some other entity or they use the carrot and try to entice you to provide your personal information in order to receive a prize or some other financial benefit.  In all cases you risk identity theft when you provide personal information by phone in response to any telephone call you receive.


There are some basic precepts to remember to help protect you from being scammed by spoofed calls.  First, remember that your caller ID is not fool proof.  You cannot trust your caller ID to accurately inform you as to who is really calling you.  Second, the IRS does not initiate contact with taxpayers by email, text messages or phone calls so if you receive such a communication, you can be sure that it is a scam.  Third, robocalls are illegal except from charities or politicians so whenever you receive a robocall that purports to be from a company or governmental agency, you can be sure it is a scam.  You should never provide personal information to anyone over the phone whom you have not called.  If you ever receive a communication requesting personal information and you think it might possibly be legitimate, merely hang up and call the entity back at a number that you know is accurate and even then do not provide personal information unless there is a real need for it.