Posts Tagged: ‘security software’

Scam of the day – December 9, 2014 – Banks win first round in Target lawsuit

December 9, 2014 Posted by Steven Weisman, Esq.

Last year’s massive data breach at Target was the first of a series of data breaches that continue unabated to this day with no end in sight.  While millions of Target customers were inconvenienced by the theft of their credit card or debit card information, banks that issued those cards and had to replace those stolen cards suffered financial losses involved with replacing the stolen cards as high as 400 million dollars.  Five of these banks, Umpqua Bank, Mutual Bank, Village Bank, CSE Federal Credit Union and First Federal Savings filed a class action in federal court on behalf of themselves and other affected banks seeking payment from Target for the losses they incurred as a result of the Target data breach.  Target responded to the lawsuit by filing a Motion to Dismiss the lawsuit arguing that it was not responsible for the data breach, however Judge Paul A. Magnuson, in denying Target’s motion ruled that there was sufficient evidence of Target’s negligence to warrant a trial.  Specifically, the judge said that Target ignored security software program alerts that there was a problem and also actually disabled some of its own security features which contributed to the data breach.  According to Judge Magnuson, “Plaintiffs have plausibly alleged that Target’s conduct both caused and exacerbated the harm they suffered.”

TIPS

The importance of this early ruling in the case of the banks against Target cannot be overestimated.   While in the past retailers were not held responsible for the occasional data breach occurring in the processing of credit and debit card transactions, an ultimate verdict in favor of the banks could signal a major change in how retailers conduct business in general and in particular what security steps they will need to take in order to avoid financial responsibility for future data breaches.  Coupled with regulations shifting responsibility for data breaches to retailers who fail to switch to new smart credit cards with computer chips by October of 2015, this ruling may signal a new paradigm for company electronic security.

Scam of the day – June 25, 2014 – World Cup scams

June 25, 2014 Posted by Steven Weisman, Esq.

With an estimated 46% of the planet’s population eagerly watching the FIFA World Cup tournament it should come as no surprise that this event will also spawn scams and identity theft schemes concocted by criminals around the world.  One of the most common scams involves an email informing you that you have won tickets to the tournament in Brazil.  However, if you click on the link in the email, you will only succeed in downloading malware on your computer that will steal your information which will then be used to make you a victim of identity theft.  Another common scam being seen now is one in which you are promised that by clicking on links in the email you will either be able to get free access to the games streamed on the Internet or free news and highlight videos.  Again, however, if you click on the links, you will end up installing malware on your computer.

TIPS

The advice is the same as always, never click on links in emails unless you are absolutely sure that they are legitimate.  It is impossible to win a contest you have not entered so that should be warning enough not to click on links in emails regarding contests you apparently have won although you never entered.  It is impossible to know if any of these emails that you receive regarding the World Cup are legitimate, so do yourself a favor and stick to either the official FIFA website, www.fifa.com or other sports websites that you know are legitimate, such as ESPN’s www.espn.go.com.  Also, make sure that your anti-malware and anti-virus security software is up to date.

Scam of the day – June 15, 2014 – Russian iPhone hackers arrested

June 15, 2014 Posted by Steven Weisman, Esq.

It was only a few days ago that I warned you about some iPhone scams threatening users of Apple’s iPhone through a manipulation of the Find My Phone feature of the iPhone.  The Find My Phone feature allows iPhone owners to track and lock their phones if they are lost or stolen.  However this feature was allegedly misused by two Russians who used phishing techniques to get access to their victims’ Apple ID accounts where they activated the phone locking feature.  They then sent messages to their victims indicating that they would remotely delete the data in their phone and keep the phone locked unless they paid a ransom.  Another technique allegedly used by the pair of criminals to gain access to the phones was to place online ads offering to provide access to much media content to be accessed through the victim’s iPhone.  Once the victim linked his or her iPhone to the scammer’s account, the scammers activated the Find My Phone feature to lock the phone.

TIPS

The best way to resolve a problem is to avoid the problem altogether.  As I constantly warn you, never click on links in emails unless you are absolutely sure that they are legitimate.  It is always safer to confirm first that the email with a link is legitimate first before considering clicking on the link.  You also should make sure that you always backup whatever content you keep on all of your electronic devices.  All of your electronic devices should also be protected with anti-virus and anti-malware software although it is important not to rely to heavily on these security programs because they are always a bit behind in protecting you from the latest malware and viruses.  Finally, If you are unlucky enough to have had your iPhone hijacked, you can correct the problem yourself through a “hard” reset.  Here is a link to instructions from Verizon as to how to do a hard reset: http://www.verizonwireless.com/support/devices/knowledge_base.html/39607/

You also can to to your Apple store with your iPhone and proof of purchase to have Apple resolve the problem.

 

Scam of the day – May 13, 2014 – Bank of America email phishing scam

May 12, 2014 Posted by Steven Weisman, Esq.

It was just last week that I provided you with the worst attempt at a phishing scam I had ever seen. In a phishing scam you are lured into clicking on a link or providing information to an identity thief who sends you an email that generally appears to be from a trusted source and tricks you into responding to a phony emergency.  Many phishing scams are not very well done, as was the case last week with a phishing letter that combined an email address that was obviously phony, poor grammar and no logo of the company purporting to be sending the email.  However, today I received an email which is copied below that may be one of the best phishing scams I have ever encountered.  The email address from which it was sent appears legitimate, it is written with proper grammar and spelling and it contains excellent counterfeit versions of the Bank of America logo.  As usual it describes a believable emergency to which I must respond and carries the tainted link for me to click on to proceed to remedy the situation.  DO NOT CLICK ON THE LINK in this copy or in a version you may receive because if you do, one of two things will happen and either is bad.  Either you will be prompted to provide personal information about your bank account which will lead to your account being emptied by the identity thief or, by clicking on the link, you will unwittingly download a keystroke logging malware program that will steal all of your personal information from your computer and use it to make you a victim of identity theft.

TIPS

Never click on links or download attachments contained in emails or text messages because you can never be sure of whether they are legitimate or not and the risk of downloading malware is too great.  If you have any thought that the email or text message might be legitimate, you should call the real company, in this case, Bank of America at a telephone number that you know is accurate to confirm whether or not the communication was legitimate.  You should also make sure that all of your electronic devices including your computer, laptop, tablet and smartphone have current anti-virus and anti-malware software, but remember, you cannot totally rely on these security software programs because they are generally ineffective against the latest viruses and malware.

“To ensure delivery, add onlinebanking@ealerts.bankofamerica.com to your address book.
Exclusively for: |
Online Banking Alert
Your Account Security Check
Security Checkpoint:
You last signed in to Online Banking on 05/10/2014.
Remember: Always look for your SiteKey® before entering your Passcode.
To: Bank Of America Account Holders
Account: PERSONAL/BUSINESS CHECKING/SAVINGS ACCOUNT
Date: 05/11/2014
Because of unusual number of invalid login attempts on you account, we had to believe that, their might be some security problem on your account. So we have decided to put an extra verification process to ensure your identity and your account security. Please click on Sign in to Online Banking to continue to the verification process and ensure your account security. It is all about your security. Thank you.
Security Checkpoint: This email includes a Security Checkpoint. The information in this section lets you know this is an authentic communication from Bank of America. Remember to look for your SiteKey every time you sign in to Online Banking.
Email preferences
This is a service email from Bank of America. Please note that you may receive service email in accordance with your Bank of America service agreements, whether or not you elect to receive promotional email.
Privacy and security
Keeping your financial information secure is one of our most important responsibilities. For an explanation of how we manage customer information, please visit the Bank of America website to read our Privacy Policy. You can also learn how Bank of America keeps your personal information secure and how you can help protect yourself.Bank of America Email, 8th Floor-NC1-002-08-25, 101 South Tryon St., Charlotte, NC 28255-0001Bank of America, N.A. Member FDIC. Equal Housing Lenderhttp://www.bankofamerica.com/help/equalhousing.cfm?cm_mmc=Email-Specific-_-Email-_-Footer-_-equalhousing
© 2014 Bank of America Corporation. All rights reserved.”

Scam of the day – May 8, 2014 – Windows tech support scam increasing

May 8, 2014 Posted by Steven Weisman, Esq.

Recently there has been an upswing in a scam that has been with us for some time about which I have repeatedly warned you going back years. The scam starts with a telephone call that you receive purportedly from technical support at Microsoft.  The caller informs you that Microsoft has diagnosed problems with your computer, such as viruses. Sometimes they convince you to check your Windows log which will often show many harmless errors that may appear to the uninformed as significant.   They then either ask for remote access so that they can fix the problem at no cost to you or they ask for personal information.   In both situations the caller is up to no good.  If you provide remote access to your computer you will have effectively turned over all of the information in your computer to the caller who can and will then use that information to make you a victim of identity theft.  If you provide personal information by phone, that information too will be used to make you a victim of identity theft.  With increased public attention being focused on the Microsoft no longer updating the Windows XP operating system and recent security problems with Internet Explorer, more people are falling for this scam.

TIPS

Microsoft will not and does not contact you by phone in regard to diagnosing software problems.  If someone contacts you by phone unsolicited by you indicating that they are from Microsoft tech support and they are calling to help you with a problem that you did not contact them about, you should immediately hang up.  You are talking to a scammer.  It should be noted, however, that Microsoft does regularly issue software security updates, but they do this in automated updates if you have provided for this service or on their website.  Installing the latest security software updates and patches is a critical part of fighting identity theft and scams because hackers exploit vulnerabilities that they discover in commonly used software to make you a victim of identity theft or scams.  Software companies are just as constantly coming up with software to correct these vulnerabilities so it is important to install the latest security patches as soon as possible.  It is for this reason that I regularly provide you with links to the latest security patches for the software that you use.  I assemble this information from the Department of Homeland Security.  It is therefore to check Scamicide each day to make sure that you do not miss important information.

Scam of the day – January 11, 2014 – AOL password reset scam

January 11, 2014 Posted by Steven Weisman, Esq.

Although, America Online (AOL) has decreased in popularity somewhat in recent years, about 2.5 million people still use it and with numbers that high, AOL users are a large target for scammers and identity thieves.  A recent scam that has surfaced is an email that purports to be from AOL informing the receiver of the email that a request had been made to reset the password and the person receiving the email is provided two links upon which to click to either agree that the password change was legitimate or to cancel the requests because it was a scam.  The problem is that the email does not come from AOL, it comes from a scammer, and not a very good one.  If you click on either link, you will either be prompted to provide personal information that can make you a victim of identity theft or merely by clicking on either link you will download a keystroke logging malware program on to your computer, laptop, tablet or smartphone that will steal all of the personal information from your device lead to your becoming a victim of identity theft.  This particular scam was not a very convincing one because the address from which it comes is not an official AOL address, nor does it contain AOL logos.  Here is a copy of the email presently being circulated.  DO NOT CLICK ON EITHER LINK.

 

“Dear AOL Customer,

 

The AOL Team

We received a request on 1/10/14 to reset the password for your AOL Online Account. Please confirm this request to complete the password reset:

Yes, I would like to reset my password

I did not make this request, cancel the password reset
To make additional edits to your account, sign in to aol.com
Thankyou,                                                                                                                                                                                                             The AOL team”

TIPS

Never click on links or download attachments unless you are absolutely sure that they are legitimate.  If you have any concerns that the email might be legitimate, contact the company, in this case AOL, at a telephone number or online through a phone number or an address that you know is correct to inquire about the email.  Also, make sure that all of your electronic devices are protected by security software against viruses and malware and keep your security software updated with the latest patches.

 

Scam of the day – November 25, 2013 – Smartphone banking scam

November 25, 2013 Posted by Steven Weisman, Esq.

Many of us use our smartphones for so many more tasks then merely speaking on the phone.  Smartphones have become the fast and convenient way for 300 million people to do their banking.  They also have become the fast and convenient way for scam artists and identity thieves to steal the money from your bank account by planting (with your assistance) malware on your smartphone that not only can read all of the information on your smartphone including your banking passwords and other personal information, but can even change the way your bank account balances appear to you on your smartphone so you are not aware that your account has been stolen by an identity thief.

TIPS

The primary way that identity thieves and scammers install the necessary malware to get access to your bank account and steal your money is by luring you into unwittingly downloading the malware that gives them control over and access to the information in your smartphone.  Most often they do this by a technique called phishing which I have described many times previously in Scamicide.  Phishing occurs when you are lured into clicking on a link or downloading an attachment that appears to be legitimate, but in fact is riddled with malware.  The malware is contained in the link or download material that is often contained in an email that appears to be from a company with which you do business or a trusted friend when in fact, the email is from an identity thief.  It is for this reason that I am constantly warning you not to click on links or download attachments unless you are absolutely sure that they are legitimate.  Just because it appears to come from a friend of yours does not make it legitimate.  His or her email could have been hacked making it appear that the communication and the link are legitimate when they are not.  This technique is called spear phishing.  That is why I always tell you to confirm that the email is legitimate regardless of how good it looks before you download anything or click on a link.

In addition, you should make sure that your smartphone as well as all of your electronic devices are protected with the latest anti-virus and anti-malware software and that you keep these security programs constantly updated with the latest security patches and updates.  In addition, you may even want to consider having a separate smartphone for online banking and other financial transactions on which smartphone you do not do any text messaging or emails in order to avoid falling prey to phishing.

Scam of the day – November 4, 2013 – Adobe update, its worse than you think

November 4, 2013 Posted by Steven Weisman, Esq.

In a number of Scams of the day since October 5th, I have been warning you about problems stemming from the hacking of Adobe, maker of Adobe Acrobat, ColdFusion, ColdFusion Builder and Adobe Photoshop and the problem keeps getting worse.  Where originally Adobe believed that personal data on 2.9 million of its customers was stolen, now the company admits that the total number of people whose information was taken is greater than 38 million.  But it gets worse.  Certainly for those 38 million people who are in danger of identity theft because of this data breach, the news is bad enough, but for the rest of us the news is even more dire.  Along with personal information, the hackers also stole the source code to Adobe Acrobat, Cold Fusion and ColdFusion Builder.  The theft of the source code for ColdFusion is of particular concern because this software is used in the creation of websites and mobile apps by businesses.  Handing over the source code will make it easier for hackers to expose already existing vulnerabilities in the software and to discover new ones.  This in turn will make it easier for hackers to install malware in websites and mobile apps created using this software, which will make it more likely that more people will become at risk of identity theft and other scams.

TIPS

It is impossible to avoid websites and apps that use Adobe ColdFusion, but it is critical that you protect yourself as best you can by making sure that your firewall, anti-virus software and anti-malware security programs are installed and kept up to date with the latest patches.  In fact, the National White Collar Crime Center was hacked through an exploited flaw in Adobe’s ColdFusion used to create its website.  Unfortunately, the National White Collar Crime Center did not have the latest Adobe security patch installed which would have prevented this particular attack. It is critical to keep all of your software including your security software up to date with the latest patches.  Here at Scamicide we regularly provide you with links to updates of many of the security patches to keep yourself as safe as possible.

Scam of the day – July 26, 2013 – The dangers of Aquaman

July 25, 2013 Posted by Steven Weisman, Esq.

The recent Comic-con convention in California brought attention to comic book and fantasy heroes and characters.  Many people are fascinated by heroes such as Superman, Green Lantern and Batman.  But you should always remember that whatever fascinates large numbers of the public also sparks the interest of identity thieves who will set up phony websites and links on these websites that are traps for the unwary and can result in unwary Internet surfers downloading keystroke logging malware that can steal all of the information from your computer and make you a victim of identity theft.  Recently, security software company  McAfee released its list of the most dangerous superheroes of the Internet.  Hackers have used these heroes as lures to install viruses and malware on unsuspecting Internet searchers.  Surprisingly at the top of the list with 18.60% of searches resulting in tainted websites is DC superhero Aquaman, which is surprising as he doesn’t even have a movie.  Close behind Aquaman at 18.22% is Marvel Comics’ Mr. Fantastic.  The rest of the list in order is The Hulk, Wonder Woman, Daredevil, Iron Man, Superman, Thor, Green Lantern, Cyclops, Wolverine, Invisible Woman, Batman, Captain America and last, but not least your friendly neighborhood Spider Man who although only having 11.15% of tainted websites still poses a significant risk to the unwary.  Thus Aquaman is even more dangerous than the most dangerous woman on the Internet, Emma Watson of Harry Potter fame.  Internet searches of her lead you to tainted websites loaded with viruses and malware 12.5% of the time.

TIPS

Don’t click on links or download attachments unless you are absolutely sure that the sources is legitimate.  the risk is too great. Stick to legitimate websites with which you are familiar when looking for information about popular characters.  Make sure that your security software, anti-virus software and anti-malware software are up to date with the latest patches.