Scam of the day – October 17, 2017 – New report discloses all wifi networks vulnerable to hacking

Yesterday, a Belgian researcher, Mathy Vanhoef made public his discovery from this past summer that the security protocol used to protect most wifi connections is vulnerable to hacking such that data formerly thought to be encrypted and protected could be hacked and that it was also possible for a cybercriminal to inject ransomware and other malware into websites visited through  compromised wifi connections.  If your device supports wifi, it is most likely affected.

The United States Computer Emergency Readiness team issued a warning yesterday that lists all of the systems affected.  Here is a link to that warning.

As is often the case when discoveries of computer vulnerabilities are made, researchers notify the technology companies first to allow them time to come up with patches.  In this case, the technology companies were notified on August 28th about this problem.  Google has indicated that it expects to have a patch available “in the coming weeks.”  Microsoft has said, “we have released a security update to address this issue.  Customers who apply the update, or have automatic updates enabled, will be protected.”


This is one instance where things may not be as bad as they initially appear.  Hackers exploiting the vulnerability would need to be physically close to the attacked device to accomplish an attack and connections to secure websites using HTTPS will still be safe.  Online banking and online shopping websites will generally use https technology which you can confirm by looking at the address line for the letter “s” after the initial http in the website address.  In addition, as I have long advised you, if you are going to use public wifi you should use Virtual Private Network (VPN) which is not affected by this vulnerability.

This discovery also emphasizes the importance of having your security patches and updates installed automatically or as soon as they are available.  I will update you on this situation as new information becomes available.

Scam of the day – September 6, 2017 – Pacemakers recalled due to risk of hacking

By now, we are all familiar with the Internet of Things which presently includes 5 billion devices and is expected to grow to 25 billion devices by the year 2020.  The Internet of Things is the popular name for the technology by which products and devices are connected and controlled over the Internet.  The range of products that are a part of the Internet of Things is tremendous and includes, cars, refrigerators, televisions, fitness bands, webcams, toys and even medical devices.  The Internet of Things offers tremendous opportunities for constructive and efficient use of these products, but as with any technology connected through the Internet, also provides an opportunity for hackers to exploit the technology for their own criminal purposes.

While hacking of medical devices sounds like something out of fiction, in 2007, former Vice President Dick Cheney was so concerned about hackers that he had the Internet connection on his pacemaker disabled.  In September 2015, the FBI issued a warning saying that “Once criminals have breached such devices, they have access to any personal or medical information stored on the devices and can possibly change the coding controlling the dispensing of medicines or health data collection.”

Now the Food and Drug Administration (FDA) has issued a recall of 465,000 pacemakers due to the vulnerability of the devices to being hacked and controlled by criminals.  Fortunately, the recall can be accomplished with a remote adjustment of the devices and will not require surgery.  Six different types of pacemakers all made by Abbott and sold under the name of St. Jude Medical are covered by the recall.  Here is a link to the FDA’s recall with more specific information.


Earlier this year the FDA issued recommendations for security steps to be taken for Internet connected medical devices, however it should be noted that these are not regulations, but only recommendations.  So what can you do to protect yourself in the meantime? The most important thing you can do is find out if any Internet connected medical devices you may have comply with the FDA’s security regulations.  You should also find out what information is stored on your device and how it is accessed.  Also learn about the use of password protection and make sure that your device is not still using a default password.  If your device uses an open wifi connection, you should change it to operate exclusively on a home network with a secured wifi router.  If your device is capable of transmitting data, make sure that the transmissions are encrypted.

Scam of the day – March 28, 2014 – The threat of drones hacking your smartphone

As I always say, “things aren’t as bad as you think, they are far worse.”  Researchers in London have developed a new software called “Snoopy” which can be used with a drone to steal information from your smartphone that can turn you into a victim of identity theft.  Although it sounds like something out of science fiction, the idea is simple.  It starts with a recent federal court decision permitting commercial drones to fly in US airspace.  The Snoopy software can be installed on the drone which can fly around the area where you are and pick up your smartphone’s attempt to find a close WiFi network.  Snoopy picks up the signal from the smartphone and poses as one of those Wifi connections.  Once the smartphone user has unwittingly connected to what appears to be a safe Wifi network, Snoopy is able to steal information from the connected smartphone and use it to make the phone owner a victim of identity theft.


Although hackers are not yet using this hacking method, you can expect it to be happening soon.  The best course of action for smartphone users and anyone connecting to a WiFi network remains the same as always.  Have encryption software on your smartphone or other electronic devices and also make sure that you install anti-virus software and anti-malware software on all of your electronic devices as well and keep these programs up to date with the latest security patches.  Finally, only use WiFi networks that indicate that they are secure.


Scam of the day – May 30, 2013 – Iranian attacks on American banks

It should come as no surprise to regular readers of Scamicide because I have been warning you about this for many months, that the American banking system is under intense cyberattack from cybercriminals intent upon disrupting our financial system.  These attacks could have a  profound effect on you if you do not take the proper precautions.  Recently the source of many of these cyberattacks has been traced to Iran and, due to the sophistication of the recent attacks, it is speculated that the attacks are part of a governmental effort against the American banking system rather than the work of just common cybercriminals.  This situation will get worse before it gets better, however there are some things that you can do to protect yourself.


Be a part of the solution and not a part of the problem.  Online banking is still the most safe way to do your banking, but online banking security starts with a secure password that is difficult for cybercriminals to decipher.  Don’t use any word that is in the dictionary.  Computer programs used by identity thieves can crack any such password in short order.  Use a mixture of letters and symbols, the longer the better.  Including signs that are easy for you to remember, such as $ or ! and in multiples as a part of your password can dramatically enhance the security of your password and your account.  Also, refrain from using public WIFI for financial transactions and when you do use WIFI, make sure your tablet, laptop, or smartphone contains the most up to date security and encryption software.  Also, keep hard copies and a USB flash drive of your banking records to help prove what you have in your account if you account is hacked.  Finally, when disposing of paper records of your bank account, make sure you use a cross shredder so that the records cannot be used to make you a victim of identity theft.

Scam of the day – October 13, 2012 – New smartphone scam threat

The Internet Crime Complaint Center yesterday issued a warning about malware attacking Android operated smart phones.  The two types of malware recently identified were Loozfon and FinFisher.  Loozfon steals information from your smartphone while FinFisher is a type of malware that literally can take over your smartphone and remotely control and operate it whreever you are.   One of the current  Loozfon malware gets installed sureptitiously on your smartphone is when you go to a phony work-at-home website that promises you riches merely for sending out emails.  When you go by a link in an advertisement to the phony work-at-home website, unknowingly you download Loozfon on to your smartphone and the scammer is able to use it to steal your address book as well as your phone number.  Finfisher is similarly downloaded by people clicking on links or text messages posing as system updates.  These are just two of the ways now being used to get you to download the dangerous malware on your smartphone.


People need constantly updated security software on their smartphones and other mobile devices as much as they need it on their computers.  Also, make sure that you have and use encryption software to protect the data in your device in case it is hacked.  Be wary of WIFI that can be tainted and used to download malware on your smartphone or other mobile devices if you do not have the proper security software.  Finally make sure that you are both using your smartphone’s or mobile device’s security features to the utmost and gurn off features of your device that you do not need because this will limit your vulnerability to attack from the outside.


Scam of the day – September 4, 2012 – College student identity theft threat

As the new semester starts for college students, a new batch of Freshmen get introduced not only to college life, but to identity theft.  College students are five times more likely to become victims of identity theft than the rest of the population and usually take longer to find out that they have been victimized.  Living in close quarters combined with a lack of proper precautions make college students easy pickings for identity thieves.


Here are a list of things that college students should do to protect their identity: Lock their computers, smart phones and tablets when they are not in use;  use a strong password and use different passwords for each device; use encryption software on all their electronic devices; don’t use Wifi for financial transactions, it is too easy to be cracked; college mail boxes are not very secure, have sensitive mail sent to their home or sent to the student electronically; don’t trust messages with links from “friends” that appear on their Facebook page and don’t put too much personal information on their Facebook pages; it can lead to identity theft; shred papers with personal information before disposing of them; check their bank statement and credit card statements carefully each month to look for signs of identity theft and get their free credit report from each of the three credit reporting agencies annually.