Posts Tagged: ‘Scamicide’

Scam of the day – December 19, 2014 – Are you protected when you use your debit card as a credit card?

December 19, 2014 Posted by Steven Weisman, Esq.

Regular readers of Scamicide and my books, such as the recent “Identity Theft Alert” are familiar with my regular refrain that you should not use your debit card for anything other than an ATM card and even then you should carefully examine any ATM you are considering using for evidence of tampering that can indicate that the ATM has been tampered with and a skimmer installed on it that will capture your account data when you insert your card.  When you shop with a credit card whether online or in a brick and mortar store, your liability limit for fraudulent purchases made with your card is fifty dollars and most card issuers don’t hold you responsible for any fraudulent charges when you promptly report the fraud.  On the other hand, when you use your debit card, you are making a direct withdrawal from the bank account tied to your card.  If your debit card security is breached such as in a data breach as occurred in the last year at Target, Home Depot and numerous other stores your liability is five hundred dollars if you do not report the fraudulent use within two business days after learning of the breach and if you are not regularly monitoring your bank statements and do not report the fraudulent use for more than sixty days after your bank statement with the fraudulent charges is sent to you, your liability is unlimited.  Potentially, you could lose your entire bank account if you are not careful.  And even if you report fraudulent use of your debit card immediately, your bank account will be frozen and you will lose access to your own bank account while the bank investigates the matter which can be a tremendous inconvenience.

But what about people who use their debit card as a credit card at the register when paying for purchases?

When you present a debit card, you are asked if you want to use it as a debit card or a credit card which might lead some people to think that if they use it as a credit card, they are receiving the legal protections that apply when you use a credit card.  These people could not be more wrong.  Regardless of whether your debit card transaction is processed as a debit purchase with a PIN or as a credit card transaction without a PIN, the money is still processed as  a debit card with the funds being immediately withdrawn from your bank account.  Frankly, the only difference to the consumer is the fees associated with the card use.  Some banks charge you a transaction fee if you use your debit card as a debit card with a PIN for purchases, but charge the retailer a fee when the card is used as a “credit card” purchase.

TIPS

Never, and I mean never, use your debit card for anything other than an ATM card.  Do not use it for purchases either in a store or online.  Make your purchases by credit card only and regularly monitor your credit card account carefully for unauthorized purchases and report them immediately.  Also, pay careful attention to small regular occurring charges that may appear on your credit card statement that you might otherwise overlook due to their small amount.  Some identity thieves count on their victims missing these regular charges that can add up considerably over time to a great amount of lost money for you.

Scam of the day – June 6, 2013 – Wal Mart phishing scam

June 5, 2013 Posted by Steven Weisman, Esq.

Wal Mart has issued a warning to its customers that identity thieves are sending out phishing emails in which the identity thieves claim to be from Wal-Mart.com.  The email appears to be a confirmation of an online Wal-Mart purchase that requires the person receiving the email to click on a link in the email to provide information to confirm the purchase.  This particular email is not, however, being sent by Wal-Mart and if you click on the link and provide the credit card information and other information requested, you will become a victim of identity theft.  Phishing, as regular readers of Scamicide and “50 Ways to Protect Your Identity in a Digital Age” know is the technique by which identity thieves contact you posing as a company or governmental agency that you deal with and then lure you into providing information that is then used to make you a victim of identity theft.

TIPS

Never click on links unless you are absolutely sure that they are legitimate.  Even if they do not ask you for personal information, merely clicking on the link can result in keystroke logging malware being downloaded to your computer that can enable the identity thief to steal all of your personal information from your computer including your Social Security number, bank account numbers and credit card numbers.  In this particular Wal-Mart scam, the easiest way to know that it is bogus is if you have not purchased something from walmart.com.  However, even if you had, Wal-Mart would not contact you to confirm sensitive information.  Whenever you are in doubt, you can always call the company at a telephone number that you know is legitimate in order to confirm that the email was a scam.

Scam of the day – June 3, 2013 – Latest skimmer scam

June 3, 2013 Posted by Steven Weisman, Esq.

I have been warning you about the dangers of skimmers since the inception of Scamicide and in my book “50 Ways to Protect Your Identity in a Digital Age.”  Recently a new wave of skimmer identity theft has been sweeping the country, with police in White Pine, Tennessee among the many places reporting an increase in this criminal activity.  As those familiar with Scamicide or my book know, a skimmer is a small electronic device that fits over any machine used to read credit cards or debit cards, such as ATMs, gas pumps or other similar devices.  Often the skimmer can be hard to recognize.  When you run your card through what you think is a legitimate card reader, your card’s information is provided to an identity thief who can use this information to make you a victim of identity theft, use your credit card to run up purchases in your name or use your debit card to empty your bank account.

TIPS

Limit your use of ATMs to those of banks with which you are familiar and feel around the card insert to see if there is any indication that the device has been tampered with.  Also shield the key pad from any prying cameras that may be attempting to read your PIN when you insert it.  Also feel the pad itself to make sure that it has not been tampered with by overlaying the pad with a thin cover that electronically steals your PIN.  For more information about skimmers, you may want to get my book “50 Ways to Protect Your Identity in a Digital Age.”  You can click on the link that shows the book on the right side of this page to go directly to Amazon to get the book at a reduced price.  Also, do not use your debit card for any purchases because the protections that you have if your debit card information is compromised through a skimmer is much less than if you use a credit card.

Scam of the day – May 29, 2013 – Google Chrome updates

May 29, 2013 Posted by Steven Weisman, Esq.

Regular readers of Scamicide (which I hope you are or will become) know how important it is to keep all of your computer, tablet and smartphone software up to date with the latest security patches.  Scammers and identity thieves are constantly identifying vulnerabilities in the many software programs we use and exploiting those vulnerabilities to make us victims of scams and identity theft.  Just as the scammers and identity thieves are busy identifying vulnerabilities, the makers of the software we use are just as busy trying to correct those vulnerabilities.  It is very important to protect yourself online by updating your computers, laptops and smartphones with the latest security updates.  Scammers and identity thieves take advantage of the fact that many people are slow to update their software with the latest patches.   Google has just released Google Chrome 27.0.1453.93 to correct multiple vulnerabilities discovered in Google Chrome that can lead to your becoming a victim of identity theft.

TIP

Here is a link from the United States Computer Emergency Readiness Team which is a part of the Department of Homeland Security that contains a link to a Google Chrome Release which will enable you to download the necessary patches to keep yourself secure on your computer, laptop and smartphone.  https://www.us-cert.gov/ncas/current-activity/2013/05/22/Google-Releases-Google-Chrome-270145393

Scam of the day – April 18 2013 – Hitman scam update

April 18, 2013 Posted by Steven Weisman, Esq.

I have previously warned you about the hitman scam on January 15, 2012 and January 29, 2013, but I am doing so again today because this scam, which is still unfamiliar to many, is making a comeback.  Recently the FBI has been getting many complaints about incidents of this scam that begin when you receive an email informing you that the sender is a hitman who has been hired to kill you, but that if you pay him $10,000 he will refrain from doing so.  Although this is a scary email to receive, you should ignore it other than to report it to your local police and the Internet Crime Complaint Center at www.ic3.gov.

TIPS

Indications that the email is a scam include the fact that is entirely lacking in specific details about you.  It does not use your name or other identifying information.  In one phony email  it is addressed to “Friend.”  In addition it does not provide any details about who has hired the hitman, where you live or any other details that would take this out of a generic, mass produced scam email.   It often contains much of the poor grammar found in many email scams originating in foreign countries.  If you receive this email and have any concerns that it might be real, report it to the local police.  If you are convinced that it is a scam, report it to the Internet Crime Complaint Center at www.ic3.gov.

For a sample copy of one of the phony letters, go to the Scamicide archives for January 29, 2013. It is a good idea to always check the Scamicide archives for scams that you may hear about.  Chances are you will find information there.

Scam of the day – February 26, 2013 – Microsoft hacked – what it means to you

February 25, 2013 Posted by Steven Weisman, Esq.

A few days ago, Microsoft announced that it, like Apple, Facebook, Twitter and hundreds of other prominent companies had been hacked.  The Microsoft hacking is still being investigated and it has not yet been determined if sensitive information was compromised or taken by the hackers, but the lesson is clear for us all.  You are only as secure from identity theft as the security of the weakest place that holds personal information about you.  In the Microsoft and other company hackings in recent days, it appears that, once again, it was a vulnerability in Java that was exploited by the hackers and since anti-virus security software is always playing catch-up when responding to the latest viruses created by the hackers and identity thieves, people should ask themselves whether or not they need to use Java software on their computer.  It has been estimated that half of the major computer hacking last year was done by exploiting vulnerabilities in Java.  It would appear that as soon as Java plugs a hole in their software, the hackers find another to exploit.

TIPS

You should consider whether or not you need Java software since it is such a target for hackers who may hack into your computer just as they have done with hundreds of businesses that use Java.  If you need Java, you should install the latest security patch.  Here is the link to information about both installing the latest Java security patch as well as information about deactivating Java from your computer.  http://www.us-cert.gov/cas/techalerts/TA13-051A.html

Here at scamicide, I will continue to promptly update you with the latest information about security patches you should use to make sure your computer is protected as well as possible.

You should also make sure that your Firewall is operating, use a complex password, maintain constantly updated security software and be prudent when downloading anything or clicking on a link as I have described in my book “50 Ways to Protect Your Identity in a Digital Age” because, as I have told you before, security software is only about 5% effective against the latest viruses.  It takes generally about a month before the software is updated.  Also, in order to limit your exposure to identity theft, limit the amount of information that you provide to companies and websites that store that information because if they are hacked, your security is compromised.

Scam of the day – December 14, 2012 – New Mac app scam

December 14, 2012 Posted by Steven Weisman, Esq.

For many years, users of Apple computers have felt safe knowing that by and large most of the computer scams have targeted users of PCs rather than Macs.  However, with the increasing popularity of Apple computers and portable devices, more and more scammers and identity thieves have begun to tailor their illegal activities to Mac users.  Earlier this week the Russian Security software company, Doctor Web announced that it had found  new malware that is aimed at Mac users.  The scheme starts with a text message or email that asks for you to enter your phone number.  In response the victim receives a text message asking for a registration code.  When the victim responds, automatically continual charges are made to the victim’s smart phone in a scam called cramming.  The particular scam found by Doctor Web targeted people using a music app.

TIPS

Only get your apps from legitimate sources.  The cost of many free apps that you may find on the Internet is far too dear.  A good rule to follow is never to install an app if you are required to provide your smart phone number or send a confirming text message.  That text message may just sign you up for continuing charges wtihout your being aware of it.  Finally, it is time for Mac users to join the rest of the world and realize that scams are not just found on PCs, but are also written for Macs too.

Scam of the day – October 6, 2012 – FTC freezes accounts of scammers

October 6, 2012 Posted by Steven Weisman, Esq.

On July 15, 2012 I warned you about a scam in which you receive a telephone call purportedly from Microsoft, Dell or other major computer companies or security software companies such as McAfee and Norton telling you that they have remotely determined that your computer is seriously infected with computer viruses and that you need to immediately remedy the problem for fees ranging from $49 to $450.  To confirm the problem, they tell you to go to your Windows’ Event Viewer which is a utility that keeps track of program errors and other events on your computer.  Everyone’s Windows’ Event Viewer will show many errors, but almost universally they are of no significance.  However, when directed to this utility and seeing a long list of problems, people can begin to trust the scammer, not knowing that these “problems” are insignificant.  The victim is then directed to a website to download a code or download a software program that permits remote access to the scammer under the guise that the scammer would then remove the offending malware.  Too often when the victim downloaded the software, they also downloaded dangerous keystroke logging programs that allowed the scammer and identity thief full access to all of the information in the victim’s computer that, in turn, let the scammer steal the identity of the victim.

TIPS

This week the Federal Trade Commission filed legal actions against 14 companies and 17 people the FTC said were involved in this scam and a New York Federal Court Judge ordered the assets of these defendants be frozen while the case proceeds.  I will keep you informed as to the progress of the cases.  Meanwhile, the best place to find a helping hand is at the end of your own arm, so my advice to you is to be proactive and protect yourself from these scams.  Whenever you receive a telephone call from someone saying they are with a particular company, you can never be sure that they are who they represent themselves to be.  Never give out personal information to someone who calls you on the phone.  If you believe a call is legitimate, call the company back at a number you know is accurate.  It is also important to remember that none of these computer companies or software security companies will ever initiate a call to you so if someone contacts you purporting to be from one of these companies to tell you that your computer is having problems, hang up;  they are scammers.  Always maintain up to date security software and if you have questions, call your computer company or your security software company directly at a telephone number that you know is accurate.

 

Scam of the day – October 2, 2012 – White House spearphishing hack

October 2, 2012 Posted by Steven Weisman, Esq.

Yesterday, a White House spokesman confirmed that a computer network used by the White House Military Office that deals with military support for various White House functions was hacked into last month purportedly by Chinese hackers through the common scammers technique called “spearphishing.”  You can read in more detail about spearphishing in my “scam of the day” of September 11, 2012, which can be accessed in the scamicide archives.  Phishing occurs when you receive an email message or other communication that takes you to a phony website or link that automatically will download malware, such as a keystroke logging program called Trojan Horse that will steal all of the information from your computer and can help make you a victim of identity theft.  Spearphishing is a particularly insidious variation of phishing.  It occurs when you get an email message or other communication that appears to be from someone you know that contains a link or an attachment that when you download it automatically downloads the malware I previously described.  People often let their guard down when they receive an email or other communication from someone that they know even though it is easy to hack into someone’s email and steal their identity to send out these kinds of specially targeted spearphishing emails.  Too often they trust that the email is genuine and either click on the link or download the attachment without being sure that it is legitimate.  Often this can bring terrible results.

TIPS

Remember my motto:  Trust me, you can’t trust anyone.  Never download attachments or click on links unless you are absolutely are sure that the email or other message is absolutely legitimate.  When in doubt (and you should always have some doubt) you should confirm with the person that you think sent you the email that it is legitimate.  It may seem a bit paranoid, but remember, even paranoids have enemies.  If the White House can fall for this scam, so can you, so be extra careful.

Scam of the day – August 14, 2012 – More IRS identity theft scams

August 14, 2012 Posted by Steven Weisman, Esq.

The recent report by the Treasury Inspector General for Tax Administration of the IRS’ poor record when it comes to preventing tax identity theft where identity thieves steal the names of Social Security numbers of their victims and then file phony federal income tax returns claiming phony tax refunds is absolutely startling when you consider that the IRS’ computers were not able to find anything amiss when  it issued more than a million dollars in refund checks regarding 741 separate income tax returns that all used the same Belle Glade, Florida address.  But that wasn’t even the worst example.  The IRS sent checks totalling more than 3.3 million dollars in regard to 2,137 individual returns that all listed the same Lansing, Michigan address.

TIPS

As I have explained previously on this website/blog, identity thieves get names and Social Security numbers of people to file phony income tax returns from Social Security’s own Death Master File which lists the names and Social Security numbers of recently deceased individuals.  This information is available free on line.  They also have stolen the names and Social Security numbers of Puerto Rican citizens who are not liable for federal income taxes, they have stolen the names and Social Security numbers of children and they have stolen the names and Social Security numbers of many others through a large variety of illegal tactics.  To keep yourself from becoming a victim of tax identity theft, keep your Social Security number as private as possible.  The fewer places that have this information, the better.  Also, file your income tax return as early as possible.  Identity thieves file phony income tax returns in the names of their victims before W-2s are required to be filed with the government this year until February 28, 2013.  The Identity thieves forge phony w-2 forms which the IRS may not have a valid W-2 to compare it to.