Scam of the day – October 7, 2017 – Accused Russian hacker to be extradited to the United States

Earlier this week, Spain’s highest court agreed to extradite Peter Levashov who was indicted last April by a federal grand jury on charges of fraud, identity theft and conspiracy.  Levashov who formerly served in the Russian army and also had  worked for Russian President Vladimir Putin’s United Russia Party is accused of operating a massive botnet of thousands of infected computers that he would rent out to other criminals to send computer viruses and malware.

A botnet is a network of computers that have been infected with malware that enables criminals to surreptitiously use these computers to send out all manner of malware including ransomware.  People whose computers become part of a botnet often unwittingly download the malware necessary to make their computer part of the botnet by clicking on a link in an infected phishing email.

TIPS

Many people are a part of botnets without even knowing it.  If you use Windows 10 you can find out if you are a part of a botnet by opening the Task Manager and see what programs are using your network.  If there is something you don’t recognize, you may be a part of a botnet.

Of course, the best course of action is to avoid ever becoming part of a botnet and the best way to do that is to avoid clicking on any links in any emails unless you have absolutely confirmed that the email is legitimate.  In addition, installing security software and keeping it up to date with the latest security patches is also a good practice and if your router is more than ten years old, it may not be providing sufficient protection from botnets.  Updating old routers can help avoid becoming a part of a botnet.

Scam of the day – August 21, 2017 – Amazon phishing email

It must be phishing season.  Today’s Scam of the day is yet another phishing email.  This one purports to be from Amazon and again the email attempts to lure you into clicking on a link to make important updates to your account.  Unfortunately, if you do so you will  either download malware or provide personal information that will be used to make you a victim of identity theft, are nothing new.   Phishing emails are a staple of identity thieves and scammers and with good reason because they work. Reproduced below is a copy of a new phishing email that appears to come from Amazon.  At the intelligent suggestion of a Scamicide reader, I have removed the link from the version of the email reproduced below and will continue to do so when showing examples of new phishing emails in the future.  Until now, I had thought it was important for people to see the exact phishing email and merely strongly advise people not to click on the link, however, the risk of someone even accidentally clicking these infected links is too great to continue to show these links.

Amazon is a popular target for this type of phishing email because it is used by just about everyone.   Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond. As phishing emails go, this one is pretty good.  It looks legitimate.  However, the email address from which it was sent is that of an individual totally unrelated to Chase and is most likely the address of an email account of someone whose email account was hacked and made a part of a botnet of computers used by scammers to send out phishing emails.   As so often is the case with these type of phishing emails, it does not contain your account number in the email.  It carries a legitimate looking Amazon logo, but that is easy to counterfeit.

 

Dear Customer,                                                                                                 We have recently upgraded our server for the help of our customers, and we recommend a new security features as part of our commitment to keep our customers safe.                                                                                             For security measures the following information is required to solidify your profile. 

INFECTED LINK WAS FORMERLY LOCATED HERE.  IT HAS BEEN REMOVED FROM THIS COPY

Your sincerely                                                                                                             Amazon

© 2017 Amazon or its affiliates.                                                                                                All rights reserved                                                                                                                          410 Terry Avenue N., Seattle, WA 98109-5210.    Reference:219862590

Scam of the day – June 24, 2016 – EMV chip card update

It has been eight months since the mandate to the credit card companies and merchants to switch to the new EMV chip credit cards which generate a unique randomly generated code for each transaction that renders useless hacking retailers to steal credit card information as we have seen so many times in the past few years, most notably with Target in 2013.  Yet despite the October 1, 2015 deadline for merchants and credit card companies to switch to the new EMV chip credit cards in order to avoid liability for fraudulent credit card purchases, recent surveys indicate that only 70% of American credit card holders have EMV chip credit cards and less than 37% of merchants have adopted the new technology.  Many smaller retailers have made the decision not to switch to the new processing equipment required to process EMV chip credit cards because they have determined that the cost of updating and changing their card processing equipment is more expensive than they perceive their risk of potential liability for fraudulent card use while other retailers have updated their equipment, but have been delayed in having it become operative because it must be certified by each payment network, such as MasterCard and Visa, used by the merchant.  Some merchants have even sued MasterCard and Visa over the delays.

TIPS

The rules regarding the shifting of liability for fraudulent charges do not directly affect consumers, however, that does not mean that consumers can just ignore this matter.  Scammers are still taking advantage of the fact that 30% of Americans still have not received a new EMV chip card by emailing them posing as their credit card companies asking for information in order to process their new EMV chip cards. Unfortunately, people receiving these emails provide the personal information including their credit card number, which is then used to make fraudulent charges in the names of the scammers’ victims.

So how do you know as a consumer if you receive an email purporting to be from your credit card company that it is legitimate?

First check the address of the email sender.  If it appears to come from someone or some company wholly unrelated to your credit card issuer, it is a scam.  Many scammers use hijacked email accounts that become a part of a network of controlled computers referred to as a botnet to send out their emails so that it is difficult to trace the scams back to the scammer.

Merely because the email appears legitimate, is written in proper English and even carries the logo of your credit card company does not mean that it is legitimate.  It is easy to copy the logo of a company on to an email.  If you get an email from your real credit card company it will generally be addressed to you specifically by name rather than a generic greeting of “Dear Cardholder.”  In addition, legitimate emails to you will generally reference your account by including the last four digits of your account.  However, even paranoids have enemies so if you do get an email that appears legitimate, but you still have concerns, merely call the company at the number found on the back of your credit card to confirm that the email is legitimate. but make sure that you dial the number correctly because some enterprising scammers have bought telephone numbers that are quite similar to those of the legitimate customer service numbers for your credit card companies in order to snare people who have misdialed their credit card company.

Scam of the day – March 16, 2016 – New Chase phishing email

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work.  Here is a copy of a new phishing email that appears to come from Chase bank that is presently circulating.  DO NOT CLICK ON THE LINK.  Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond.

Dear Chase customer:

As part of our commitment to help keep your account secure, 
we have detected an irregular activity on your account and we are placing a hold on your account for your protection.
 

Please visit the confirmation of accounts system
www.chase.com

Please enter your information carefully


Sincerely, 

Chase Online Banking Team 

 

 

ABOUT THIS MESSAGE:

We sent this email from an unmonitored mailbox. Go to chase.com/CustomerService to find the best way to contact us.

Your privacy is important to us. See our online Security Center to learn how to protect your information. Chase Privacy Operations, PO Box 659752, San Antonio, TX 78265-9752.

© 2016 JPMorgan Chase Bank, N.A. Member FDIC

TIPS

There are a number of indications that this is not a legitimate email from Chase, but instead is a phishing email.  The email address from which it was sent has nothing to do with Chase, but most likely was from a hacked email account that is a part of a botnet of computers controlled remotely by the scammer.  In addition, legitimate credit card companies would refer to your specific account number in the email.  They also would not use the generic greeting “Dear Chase Customer,” but would rather specifically direct the email to you by your name.  As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the customer service number on the back of your credit card where you can confirm that it is a scam and make sure that you dial the telephone number correctly because scammers have been known to buy phone numbers that are just a digit off of the legitimate numbers for financial companies, such as Chase to trap you if you make a mistake in dialing the real number.

Scam of the day – October 1, 2015 – EMV smart chip card scams

Scammers always are taking advantage of whatever current events are going on.  Today is the deadline for retailers and credit card issuing companies to switch over to using the new EMV credit cards containing a computer chip that creates and encrypts a new number every time the card is used.  Unlike credit cards in other parts of the world, American credit cards still mostly use magnetic strip technology that has been around since the 1960s in which personal information is contained on a magnetic strip on the back of the card.  When the information on this strip is stolen as through a hacking, the identity thief has access to the credit of the victim.  However in more than 80 other countries around the world, the magnetic strip card technology has been replaced with cards embedded with a microchip.  This technology is often referred to as EMV which stands for Europay, MasterCard and Visa, the originators of the card.  With EMV cards, the chip creates and encrypts a new number every time the card is used.  Thus hacking into the credit and debit card processing terminals used by the cardholder is a worthless exercise in trying to access the credit card or debit card.  For cost reasons, credit card companies and retailers have resisted updating the credit card system in the United States although changes in regulations in regard to liability for fraudulent credit card use will prompt credit card companies and retailers to switch to this technology.   Under these new rules, after October 1st if a retailer does not switch its card processing machines over to EMV card processing of sales, in the event of a data breach, the retailer will be held financially responsible for any losses incurred.  Previously, in the event of data breaches, it has generally been the credit card issuing banks that have been held responsible for such credit card fraud.

The October 1st deadline, however,  has not been met by many credit card issuers and retailers.  More than a billion credit and debit cards will have to be switched to the new EMV cards and only 120 million people have already received a new EMV card.  That number is expected to reach 600 million by the end of 2015.  Meanwhile, many retailers have not yet converted their card processing devices to accept the new EMV cards.  Since under the new regulation regarding liability in the event of credit card fraud, the liability passes to the party that is the least EMV compliant, there is much incentive for the credit card companies to issue new EMV cards and for retailers to convert their credit card processing equipment as soon as possible.

Ingenious scam artists, the only criminals we refer to as artists are taking advantage of the situation by contacting people by email posing as your credit card company and prompting you to either provide personal information in response to the email or click on a link in the email in order to update your account to get a new smart EMV chip card.  If you provide personal information to the scammer, you will end up becoming a victim of identity theft.  If you click on the link, you may also download keystroke logging malware that will steal your information from your computer or smartphone and use it to make you a victim of identity theft.

TIPS

So how do you know if you receive an email purporting to be from your credit card company if it is legitimate?

First check the address of the email sender.  If it appears to come from someone or some company wholly unrelated to your credit card issuer, it is a scam.  Many scammers use hijacked email accounts that become a part of a network of controlled computers referred to as a botnet to send out their emails so that it is difficult to trace the scams back to the scammer.

Merely because the email appears legitimate, is written in proper English and even carries the logo of your credit card company does not mean that it is legitimate.  It is easy to copy the logo of a company on to an email.  If you get an email from your real credit card company it will generally be addressed to you specifically by name rather than a generic greeting of “Dear Cardholder.”  In addition, the email to you will generally reference your account by including the last four digits of your account.  However, even paranoids have enemies so if you do get an email that appears legitimate, but you still have concerns, merely call the company at the number found on the back of your credit card to confirm that the email is legitimate.