Posts Tagged: ‘security software’

Scam of the day – January 11, 2014 – AOL password reset scam

January 11, 2014 Posted by Steven Weisman, Esq.

Although, America Online (AOL) has decreased in popularity somewhat in recent years, about 2.5 million people still use it and with numbers that high, AOL users are a large target for scammers and identity thieves.  A recent scam that has surfaced is an email that purports to be from AOL informing the receiver of the email that a request had been made to reset the password and the person receiving the email is provided two links upon which to click to either agree that the password change was legitimate or to cancel the requests because it was a scam.  The problem is that the email does not come from AOL, it comes from a scammer, and not a very good one.  If you click on either link, you will either be prompted to provide personal information that can make you a victim of identity theft or merely by clicking on either link you will download a keystroke logging malware program on to your computer, laptop, tablet or smartphone that will steal all of the personal information from your device lead to your becoming a victim of identity theft.  This particular scam was not a very convincing one because the address from which it comes is not an official AOL address, nor does it contain AOL logos.  Here is a copy of the email presently being circulated.  DO NOT CLICK ON EITHER LINK.

 

“Dear AOL Customer,

 

The AOL Team

We received a request on 1/10/14 to reset the password for your AOL Online Account. Please confirm this request to complete the password reset:

Yes, I would like to reset my password

I did not make this request, cancel the password reset
To make additional edits to your account, sign in to aol.com
Thankyou,                                                                                                                                                                                                             The AOL team”

TIPS

Never click on links or download attachments unless you are absolutely sure that they are legitimate.  If you have any concerns that the email might be legitimate, contact the company, in this case AOL, at a telephone number or online through a phone number or an address that you know is correct to inquire about the email.  Also, make sure that all of your electronic devices are protected by security software against viruses and malware and keep your security software updated with the latest patches.

 

Scam of the day – November 25, 2013 – Smartphone banking scam

November 25, 2013 Posted by Steven Weisman, Esq.

Many of us use our smartphones for so many more tasks then merely speaking on the phone.  Smartphones have become the fast and convenient way for 300 million people to do their banking.  They also have become the fast and convenient way for scam artists and identity thieves to steal the money from your bank account by planting (with your assistance) malware on your smartphone that not only can read all of the information on your smartphone including your banking passwords and other personal information, but can even change the way your bank account balances appear to you on your smartphone so you are not aware that your account has been stolen by an identity thief.

TIPS

The primary way that identity thieves and scammers install the necessary malware to get access to your bank account and steal your money is by luring you into unwittingly downloading the malware that gives them control over and access to the information in your smartphone.  Most often they do this by a technique called phishing which I have described many times previously in Scamicide.  Phishing occurs when you are lured into clicking on a link or downloading an attachment that appears to be legitimate, but in fact is riddled with malware.  The malware is contained in the link or download material that is often contained in an email that appears to be from a company with which you do business or a trusted friend when in fact, the email is from an identity thief.  It is for this reason that I am constantly warning you not to click on links or download attachments unless you are absolutely sure that they are legitimate.  Just because it appears to come from a friend of yours does not make it legitimate.  His or her email could have been hacked making it appear that the communication and the link are legitimate when they are not.  This technique is called spear phishing.  That is why I always tell you to confirm that the email is legitimate regardless of how good it looks before you download anything or click on a link.

In addition, you should make sure that your smartphone as well as all of your electronic devices are protected with the latest anti-virus and anti-malware software and that you keep these security programs constantly updated with the latest security patches and updates.  In addition, you may even want to consider having a separate smartphone for online banking and other financial transactions on which smartphone you do not do any text messaging or emails in order to avoid falling prey to phishing.

Scam of the day – November 4, 2013 – Adobe update, its worse than you think

November 4, 2013 Posted by Steven Weisman, Esq.

In a number of Scams of the day since October 5th, I have been warning you about problems stemming from the hacking of Adobe, maker of Adobe Acrobat, ColdFusion, ColdFusion Builder and Adobe Photoshop and the problem keeps getting worse.  Where originally Adobe believed that personal data on 2.9 million of its customers was stolen, now the company admits that the total number of people whose information was taken is greater than 38 million.  But it gets worse.  Certainly for those 38 million people who are in danger of identity theft because of this data breach, the news is bad enough, but for the rest of us the news is even more dire.  Along with personal information, the hackers also stole the source code to Adobe Acrobat, Cold Fusion and ColdFusion Builder.  The theft of the source code for ColdFusion is of particular concern because this software is used in the creation of websites and mobile apps by businesses.  Handing over the source code will make it easier for hackers to expose already existing vulnerabilities in the software and to discover new ones.  This in turn will make it easier for hackers to install malware in websites and mobile apps created using this software, which will make it more likely that more people will become at risk of identity theft and other scams.

TIPS

It is impossible to avoid websites and apps that use Adobe ColdFusion, but it is critical that you protect yourself as best you can by making sure that your firewall, anti-virus software and anti-malware security programs are installed and kept up to date with the latest patches.  In fact, the National White Collar Crime Center was hacked through an exploited flaw in Adobe’s ColdFusion used to create its website.  Unfortunately, the National White Collar Crime Center did not have the latest Adobe security patch installed which would have prevented this particular attack. It is critical to keep all of your software including your security software up to date with the latest patches.  Here at Scamicide we regularly provide you with links to updates of many of the security patches to keep yourself as safe as possible.

Scam of the day – July 26, 2013 – The dangers of Aquaman

July 25, 2013 Posted by Steven Weisman, Esq.

The recent Comic-con convention in California brought attention to comic book and fantasy heroes and characters.  Many people are fascinated by heroes such as Superman, Green Lantern and Batman.  But you should always remember that whatever fascinates large numbers of the public also sparks the interest of identity thieves who will set up phony websites and links on these websites that are traps for the unwary and can result in unwary Internet surfers downloading keystroke logging malware that can steal all of the information from your computer and make you a victim of identity theft.  Recently, security software company  McAfee released its list of the most dangerous superheroes of the Internet.  Hackers have used these heroes as lures to install viruses and malware on unsuspecting Internet searchers.  Surprisingly at the top of the list with 18.60% of searches resulting in tainted websites is DC superhero Aquaman, which is surprising as he doesn’t even have a movie.  Close behind Aquaman at 18.22% is Marvel Comics’ Mr. Fantastic.  The rest of the list in order is The Hulk, Wonder Woman, Daredevil, Iron Man, Superman, Thor, Green Lantern, Cyclops, Wolverine, Invisible Woman, Batman, Captain America and last, but not least your friendly neighborhood Spider Man who although only having 11.15% of tainted websites still poses a significant risk to the unwary.  Thus Aquaman is even more dangerous than the most dangerous woman on the Internet, Emma Watson of Harry Potter fame.  Internet searches of her lead you to tainted websites loaded with viruses and malware 12.5% of the time.

TIPS

Don’t click on links or download attachments unless you are absolutely sure that the sources is legitimate.  the risk is too great. Stick to legitimate websites with which you are familiar when looking for information about popular characters.  Make sure that your security software, anti-virus software and anti-malware software are up to date with the latest patches.

Scam of the day – June 16, 2013 – Ameriprise phishing scam

June 16, 2013 Posted by Steven Weisman, Esq.

Once again, I had to go no further than my own email box to find today’s “scam of the day.”  In my email today was an email that purported to be from Ameriprise, the online brokerage and financial planning company.  As you can see in the email which is reproduced below, I was invited to click on a link to receive a “secured message” about an important matter supposedly affecting my account.  This is a scam.   DO NOT CLICK ON THE LINKS IN THE EMAIL COPIED BELOW.   Phishing is the name for the scam in which you receive an email that appears to be legitimate and attempts to lure you to a tainted website or to download a tainted link.  The email is not from Ameriprise and if you click on the links you will either be taken to a phony Ameriprise website and prompted to provide personal information that will lead to your becoming a victim of identity theft or you will, when you click on the link, unknowingly download a keystroke logging malware program that will steal information from your computer and make you a victim of identity theft.  This particular email is not a very professional attempt, however, to scam me.  The email address from which it came is from a personal aol account and probably not the account of the identity thief, but an account that had been hijacked as a part of a botnet by the identity thief.  For more information about botnets and how they work, you can either check out my book “50 Ways to Protect Your Identity in a Digital Age” or go to the list of topics on the right side of the scamicide opening page and scroll down to the topic of botnets for some cursory information about how they work and how to avoid them.  In addition, the email salutation reads “Dear Customer.”  It does not even use my name.  Finally there is no logo or other appearance that the email is from the real Ameriprise.

“Dear Customer,
There is an important message regarding your account with www.ameriprise.com, please sign in to our secured message center at our website www.ameriprise.com, sign in and view the secured message we have for you, the message will be stored in the secured message center for 48hours after which it will no longer be available. We bring you messages like this to bring to your attention to updates, to protect your account from unauthorized usage and secure your account anytime we notice usual activities in your account. so please take a few minutes to log into your account at www.ameriprise.com and read  the messages .
Thank you.

www.ameriprise.com”

TIPS

Never click on links unless you are absolutely sure that they are legitimate.  Unfortunately, anytime you receive an email with a link, you cannot trust it because even if it is from someone whom you trust, their email account may have been hacked and the email is actually being sent by an identity thief posing as a friend or a company with which you do business.  The best course of action if you think the email may be legitimate is to call the real person or company to confirm whether or not the email is legitimate.  Also, make sure that your security software and anti-malware software are installed and kept up to date on all of your electronic devices.

If you receive any phishing emails, please send copies of them to me and we will feature them in Scamicide to warn others.  Remember, we are all in this together.

Scam of the day – May 28, 2013 – KFC phony coupon scam

May 28, 2013 Posted by Steven Weisman, Esq.

Just as the band, Dire Straits sang about “money for nothing and chicks for free,” many scammers appeal to our desire of something for nothing by offering free phony on-line coupons for products or services in the hope that we will fall for their promises of something for nothing and click on a link that will not take us to a link for a free product or service, but rather will result in us downloading dangerous malware, such as keystroke logging malware programs that can steal all of the information in your computer and make you a victim of identity theft.  There are many indications of the illegitimacy of these coupons, but one common one is poor grammar.  Particularly, because many of these scams originate in foreign countries where English is not the primary language, it is quite common for these phony on-line coupon offers to have poor grammar.  However, recently I received a phony offer regarding a coupon for Kentucky Fried Chicken that was laughingly amateurish.  A copy of the email is reproduced below.  Note that instead of a reference to the “Colonel,” it refers to the “Kernel.”  I know it is corny (sorry about that), but I had to share it with you.  DO NOT CLICK ON THE LINK.

“Subject: Enjoy our new crispy chicken

KFC
It’s Finger Lickin’ Good

Celebrate with the Kernel this Spring

- your personal voucher enclosed -

Use For Lunch Or Dinner ANYTIME

EXPIRES: 5/31/2013
VOUCHER ID: 1714669500684339988″

TIP

Remember, anytime you receive an email with a link, you should be wary of clicking on the link unless you are absolutely positive that the email is legitimate and the link is safe to click on.  You can never be sure who or what company is sending you an email because it is easy to either pose as someone else or to hack their email.  Certainly, this particular email with its grammatical error and its lack of a corporate logo as well as an email address from which it was sent that does not appear to come from KFC are all good indicators that the email is not to be trusted.  If you ever receive an email containing a link and you are tempted to click on the link, first contact the real company or person directly to confirm whether or not the email is legitimate and remember, despite what Dire Straits say, you don’t get anything for nothing.

Also, make sure your Firewall, security software and anti-malware software are current at all times.

 

Scam of the day – May 19, 2013 – Fidelity phishing scam

May 19, 2013 Posted by Steven Weisman, Esq.

Phishing, as I have described on Scamicide and in my book “50 Ways to Protect Your Identity in a Digital Age” is the name for the tactic used by identity thieves by which you are lured to a phony website to provide information used to make you a victim of identity theft.  Phishing often starts with an email from a company with you do business or a federal or state agency.  The email indicates that there is some problem or other matter to which you must give your immediate attention and a link is provided for you to purportedly go to the website of the company or agency, however, in fact, you are either sent to a phony website for the company or agency where information is solicited that will be used to make you a victim of identity theft or, even worse, by clicking on the link you download a keystroke logging malware program that steals all of the information from your computer including your Social Security number, credit card number, passwords and other information used to also make you a victim of identity theft.

Recently, I received an email purportedly from Fidelity Investments.  As phishing attempts go, this one was pretty flawed.  The email address from which it came was not an email address of Fidelity Investments.  In fact, it was that of a private person who most likely was a part of a botnet by which his computer was being manipulated by an identity thief.  If you want more information about botnets, you can check out the archives of Scamicide or read about them in my book “50 Ways to Protect Your Identity in a Digital Age.”  Other flaws in the phishing email were the lack of my name appearing anywhere which indicates that it is just a general phishing email sent out to many people by the identity thief, and the lack of a Fidelity logo.

Here is a copy of the email I received.  DO NOT CLICK ON THE LINK.

“Account Status NotificationWe have noticed unusual activity on your account. Due to this, we need you to verify your account information for more efficient use of our Banking system: Please confirm your account information today by clicking on the link below: https://fidelity.secure.com/Logon.aspx?LOB=RBGLogon=user=&email&Security Adviser
© Fidelity Brokerage Services LLC. All rights reserved”

TIPS
Never click on links in emails unless you are sure they are legitimate.  Unfortunately, you can never be sure when you receive an email if the email is legitimate so you should always be skeptical and make it a habit not to click on links until you have verified that they are legitimate by contacting the company or agency that is indicated as having sent the email to confirm whether or not the email and link are legitimate.  Look for the telltale signs that it is a phony, such as an email address for the sender that is not that of the real company or agency and the failure to direct the email to you directly by name.  You can contact the company or agency by phone or email directly to confirm whether or not the email you receive was legitimate.  Finally keep your Firewall and security software up to date to help protect you from viruses and malware.  Security software is certainly not perfect, but it does help.

Scam of the day – April 26, 2013 – Latest Apple Safari 6.0.4 updates

April 26, 2013 Posted by Steven Weisman, Esq.

I make it a practice to constantly keep you advised about the latest security patches issued by computer software companies.  Identity thieves and scammers are constantly discovering and exploiting vulnerabilities in the software that we all use in order to make us victims of identity theft or other scams.  Software companies are just as constantly trying to keep up with these threats by developing security patches.  Unfortunately, many people do not keep their computer software up to date with the latest security patches and this makes them particularly vulnerable to becoming a scam or identity theft victim.  Apple the maker of the Safari browser has issued a new security alert and patch for its latest Safari 6.0.4 software and you should download it and install it immediately if you use this browser.

TIPS

The link for accessing the new Apple Safari security updates is http://support.apple.com/kb/HT5701

Scam of the day – April 22, 2013 – Urgent Java updates

April 22, 2013 Posted by Steven Weisman, Esq.

Computer hackers are constantly exploiting vulnerabilities in software to attack your computer and steal information from it that can make you a victim of identity theft.   The dirty little secret is that computer security software is not very effective against the newest viruses and malware.  Studies have shown that it takes the software security companies about a month to catch up with the latest viruses.  During that time you are extremely vulnerable to viruses and other malware despite having the latest security software on your computer.  Java software which is made by Oracle has been a particularly successful target of hackers and identity thieves.  According to Kaspersky Lab, flaws in Java software was responsible for about half of all the cyber attacks by hackers last year.    Dangerous vulnerabilities in Java software have been continuously exploited by identity thieves and hackers to gain access to victims’ computers, steal information and make them victims of identity theft. Despite the best efforts of Oracle the maker of Java software, Java continues to be a source of opportunity for hackers and identity thieves.  It has gotten so bad that  the Department of Homeland Security has gone as far as to advise that people disable Java or prevent Java apps from running in your browser.

TIPS

I strongly advise people who do not need to use Java that they disable it.  Here is an important link from the Department of Homeland Security with information as to how to disable Java or to otherwise deal with its vulnerabilities: http://www.us-cert.gov/ncas/alerts/TA13-064A.

However if you still desire to use Java software, you should use this link to go to Oracle’s latest security patches for Java: http://www.oracle.com/technetwork/java/javafx/overview/index.html

Scam of the day – April 20, 2013 – Bluetooth scams

April 20, 2013 Posted by Steven Weisman, Esq.

Bluetooth technology has proven to be a boon to hands-free use of our smart phones.  Often this technology is used to pair up the smart phone with a car’s technology system, such as the widely used Sync system in Ford vehicles.  But just as this technology can be used to make our lives easier and better, it can also be used by identity thieves to steal information from our smart phones.  Identity thieves will hack into our smart phones using readily available and cheap technology.  They will then steal information stored on your smart phones to make us a victim of identity theft and although many of us take great precautions to keep our computers safe, we often to do not take the necessary steps to keep our smart phones and other portable devices safe.

TIPS

Make sure that you use a complex password that combines letters and symbols on your smart phone.  Even just a few exclamation points at the end of a password can provide greatly enhanced security for your smart phone.  Also it is important to switch your Bluetooth into the “non discoverable” mode when you are not using it to keep identity thieves from hacking into your smart phone.  Finally make sure that you install and keep updated, security software for your smart phone.

For more tips on how to keep your identity safe and secure on your smart phone, check out my book “50 Ways to Protect Your Identity in a Digital Age.”  It can be purchased at a discount from Amazon by merely clicking on the picture of the book on the right of this page.