Scam of the day – July 23, 2017 – A new twist on the tech support scam

I have been reporting to you about tech support scams for years.  These scams generally involve pop-ups that appear on your computer screen informing you of a serious, non-existent problem with your computer that requires immediate attention by you and for which you are required to pay money for a service you don’t really need.  The FTC has been particularly active in taking action against these scammers including recent actions against sixteen companies participating in these scams.

Recently, however,  a new variation on the tech support scam has been appearing where you get a phone call purporting to be from one of the companies that may have sold you unnecessary tech support services offering to refund your money.  The scammers then either ask for remote access to your computer, a payment to process the refund or personal information.  The call is not from the person or company that may have sold you worthless tech support in the past, but is most likely from a new scammer who got your name and contact information from a “sucker list” provided by the previous scammer.  If you provide access to your computer or provide personal information, this will be used to make you a victim of identity theft and payments made to them to process your refund are just funds thrown away because you will not get anything in return.

TIPS

Never give your personal information over the phone to anyone unless you have absolutely confirmed that the person is legitimate and needs your personal information for legitimate purposes.  Providing access to your computer to these people or making payments to these people is also not advised.

It is also important to have anti-virus and anti-malware software and keep them up to date with the latest security patches.  However, you should obtain these security software programs only from legitimate companies that you have researched.

It is important to remember that neither Microsoft nor Apple will contact you by way of pop up ads offering tech support for which you will be charged.  It should be noted, however, that Microsoft does regularly issue software security updates, but they do this in automated updates if you have enrolled for this service.  If you receive a pop up ad purporting to be from Microsoft or Apple and have any thought that it might be legitimate, you should merely contact Microsoft or Apple directly at a telephone number you know is accurate to confirm the pop up was a scam.

Scam of the day – July 22, 2017 – FTC sues debt collectors

Legitimate debt collection is highly regulated by federal law, however, there are numerous phony debt collectors who call people and threaten them if they do not pay alleged debts with serious repercussions including imprisonment.  In many instances, scammers even attempt to collect on non-existent, phantom debts.  Recently the Federal Trade Commission (FTC) sued Hardco Holding Group LLC, S&H Financial Group, Inc., Daryl M. Hall and Dequan M. Sicard alleging that they called their victims posing as lawyers and threatened them with arrest if they did not pay non-existent, phantom debts.  The FTC has obtained a temporary restraining order against the defendants to cease their collections activities pending resolution of the lawsuit.

TIPS

Subject to strict federal laws, legitimate debt collectors are permitted to call debtors, however, the law prohibits them from threatening imprisonment for the failure to pay a debt.  It can be difficult to know when someone calls attempting to collect a debt if indeed they are legitimate or not, so the best course of action if you receive such a call is to not discuss the debt with the person calling, but instead demand that they send you a written “validation notice” by regular mail which describes the debt they allege you owe and includes a listing of your rights under the Federal Fair Debt Collection Practices Act.  Never give personal information over the phone to anyone who calls you attempting to collect a debt.  You can never be sure who they are.  If you receive the validation notice and it appears to be legitimate, you may be better off contacting your creditor directly because the person who called you may not be representing the creditor, but may merely have information about the debt.

Scam of the day – July 21, 2017 – Free Southwest Airlines ticket scam

It appears Delta isn’t the only airline having its 88th birthday a little early. It was just ten days ago that I warned you about a new scam involving Delta Airlines appearing on Facebook in which you are told that Delta is giving away free airline tickets to celebrate its 88th birthday.  The Facebook posting asks you to like and share the post as well as complete a survey in order to get your tickets.  However, there are no free tickets and if you complete the survey, you turn over information to a scammer who can use it to make you a victim of identity theft.

Now an identical scam is appearing on Facebook offering free tickets on Southwest Airlines to celebrate its 88th birthday.

Here is a reproduction of what appears on your Facebook page.

TIPS

A good starting point for recognizing that this is a scam is the fact that just as the birthday for Delta Airlines was incorrect in the posting by five years, Southwest Airlines only began in 1967, so it is a long way off from its 88th birthday.

Southwest Airlines does not offer free tickets in return for answering survey questions and the website referred to in the posting is not a legitimate website for Southwest Airlines.  The real website of the company is www.southwest.com

These types of scams entice people to share and like the posting in order to take advantage of Facebook’s algorithms that value the popularity of postings measured by likes and shares which then appear on the Facebook pages of more people.  Scammers are able to change the content of what is shared or liked to something entirely different through a technique called “farming.”  This is often done in order to send advertising or gather marketing information, but it also can be done to send malware infected content that can steal personal information from your computer and use it to make you a victim of identity theft.

When you see one of these “too good to be true” offers, the best course of action is to check with the company’s legitimate website where you will learn whether or not the offer is indeed legitimate.

Scam of the day – July 20, 2017 – Ashley Madison settlement awaits court approval

In July of 2015 it was first learned that the Ashley Madison dating site had experienced a major data breach affecting 36 million of its members. Ashley Madison, a website for people seeking to have extra-marital affairs formerly used the slogan, “Life is short, have an affair.” Ashley Madison was hacked by a group calling itself Impact Team.  Impact Team released information on 36 million users of Ashley Madison including names,  addresses, sexual interests and credit card details.

The Federal Trade Commission (FTC) and 13 state attorneys general sued Ashley Madison and later settled.  Under the terms of the settlement Ashley Madison was required to implement a comprehensive data security program and pay 1.66 million dollars to the FTC and the states involved with the charges.

Now it appears that Ashley Madison, which is owned by Ruby Corp. has agreed to a settlement of the separate class action brought by Ashley Madison customers whose personal information was leaked.  According to the terms of the 11.2 million dollar settlement, victims of the data breach will be paid up to $3,500 each.  The settlement has been agreed to, but needs court approval before it can be final.  I will report to you when that occurs.

TIPS

Perhaps the biggest takeaway from this matter, as millions of Ashley Madison customers suffered the consequences of having their involvement with the dating service made public, is that your personal information is only as safe as the places with the worst security that have your personal information.  It also is obvious that the more places that have your personal information, the more at risk you are.  Therefore you should limit the places that have your personal information as much as possible.  In addition, you should not leave your credit card on record with a company for convenience sake even if it is a company with which you regularly do business.  Unless you agree to have your credit card information saved, companies with which you use your credit card are not allowed to store that information.

July 19, 2017 – Steve Weisman’s latest column for the Saturday Evening Post

Here is a link to an article I wrote for the Saturday Evening Post about Facebook scams which continue to be a major problem.

Con Watch: How to Spot a Scam on Facebook

Scam of the day – July 19, 2017 – Mail identity thief sentenced

Identity theft can be high tech, low tech or no tech.  Stealing mail from mailboxes for purposes of identity theft has been done by identity thieves for years.  Numerous times over the last few years I have warned you about the danger of having your mail, such as credit card bills or bank statements stolen from your personal mailbox.  In addition, many people put themselves in great danger of identity theft by putting their outgoing mail in their mailbox and put up the red flag to alert the postman that there is mail to be picked up.  Unfortunately, that is also an alert to identity thieves cruising the neighborhood of mail to be easily stolen.

Ashley Nicole Leyba of Sacramento, California was recently sentenced to four  years and nine months in prison for her role in an identity theft ring that stole mail and used the information found in the mail to  open credit card accounts and lines of credit.

TIPS

In order to avoid becoming a victim of identity theft through your mailbox, you should make sure that it is securely locked so that it is not easily accessed by your friendly neighborhood identity thief and when it comes to outgoing mail, don’t put it in your mailbox for your postal carrier to pick up regardless of how convenient it may be to do so.  In fact, identity thieves have been known to steal mail from the U.S. Postal Service mailboxes found on the corners of major streets so, in order to be safe, you should mail your outgoing mail at the post office.   It may seem like this is being a bit excessive when it comes to protecting your mail, but remember, even paranoids have enemies.

Scam of the day – July 18, 2017 – Charges brought against telemarketing stock scammers

The Securities and Exchange Commission (SEC) and the U.S. Attorney’s Office for the Eastern District of New York have filed parallel civil and criminal fraud charges against thirteen people operating a scam in which they cold called their primarily senior citizens victims and pressured them to buy penny stocks which would drive up the price of these low capitalized companies at which point the scammers would dump shares of the same companies they had purchased earlier at lower prices.  This classic pump and dump scam resulted in the scammers taking in more than 14 million dollars in illegal proceeds while their victims lost millions when the stocks reverted to their true value.

TIPS

No one should ever buy a stock in response to a cold call from a telemarketer.  Never make any investment until you have carefully researched not only the investment, but the investment adviser seeking to have you invest your hard earned money with him or her.  The SEC has an interactive website where you can learn about your investment adviser. It is   https://adviserinfo.sec.gov/IAPD/Default.aspx

Scam of the day – July 17, 2017 – WWE data breach puts millions at risk of identity theft

The World Wrestling Entertainment (WWE) formerly known as the World Wrestling Federation (WWF) until it lost an intellectual property dispute with the World Wide Fund For Nature (WWF), is the popular company that promotes professional wrestling around the globe.  Recently it was disclosed that databases filled with personal information of users of its website were stored in an unprotected server making them accessible to anyone who came upon them.

The good news is that the compromised information did not include credit card information or passwords, which would have posed a tremendous threat of identity theft to the people whose information was stored in the unprotected servers.  However the bad news is that the type of information that was compromised included names, email addresses, ages and other information that could be used to formulate spear phishing emails that could be used to attack the victims of the data breach.

Spear phishing occurs when you receive an email or a text message intended to lure you into clicking on a malware infected link that can be used for purposes of identity theft, ransomware or other sinister purposes. What distinguishes spear phishing from mere phishing is that with spear phishing, the communications to you have been specifically tailored with personal information to trick you into trusting it.

TIPS

One lesson from this data breach is to remember that you are only as secure as the places that have your personal information with the weakest security.  Therefore limit the places to which you provide your personal information as best you can.  In addition, there is no law that requires you to provide accurate and truthful information when going to a website asking for your age or other personal information so you can make up information to provide in order to gain access to a particular website.

Another important lesson is to always be skeptical of any email or text message that you receive that asks you to click on a link.  You can never be sure it is legitimate so never click on a link until you have confirmed that the communication is legitimate.

Finally, remember to keep all of your electronic devices updated with the latest security software recognizing that even the newest updates will not protect you from new zero day defects that have not been seen previously.

Scam of the day – July 16, 2017 – Don’t worry about Jayden K Smith

Despite what well meaning friends are telling you, accepting a friend request from Jayden K. Smith will not cause your Facebook account to be hacked.  Neither will accepting a friend request from Anwar Jitou, Tanner Dwyer, Bobby Roberts or other fictional hackers about whom this scam has been warning people in various incarnations for years.  Merely accepting a friend request does not put you in imminent danger of being hacked.  However, now that I have told you not to worry about Jayden K. Smith, I will tell you why you shouldn’t accept a friend request from him.

TIPS

Accepting friend requests from people you don’t know permits these people to see what you post on Facebook, which can provide someone who does not have your best interests at heart with information he or she could use to make you or a family member or friend of yours a victim of identity theft or a scam.  Using personal information gleaned from your Facebook postings, a cybercriminal can create a phishing email with a link containing malware that you may be more likely to click on because the email or text message may seem legitimate because it knows things about you or your interests.  In addition, scams such as the grandparent scam have been aided by grandchildren posting pictures of their grandparents with the names they use to refer to them, such as Grandma or Nana. Armed with this information, your name and perhaps photos indicating you are away on vacation, a cybercriminal can stand a good chance of making your grandparent a victim of the infamous grandparent scam where they pose as you on the phone and lure your grandparents into sending money for a phony emergency.

Scam of the day – July 15, 2017 – Critical updates for Microsoft and Adobe

As illustrated by the recent Wannacry ransomware attack that exploited vulnerabilities in unpatched Windows operating systems, keeping your computer and smartphone software up to date with the latest security patches and updates is critical to staying safe on your computer and smartphone which is why here at Scamicide, whenever important software updates are issued, we let you know about them and where to get them.

Today, we have the newest updates for Microsoft software and Adobe software including the infamous Adobe Flash. Flaws in Adobe Flash have been exploited by hackers and identity thieves against individuals, companies and government agencies including the U.S. State Department and the White House.  Problems with Adobe Flash are nothing new.  In 2010 Steve Jobs vociferously complained about its security and it has routinely been cited as being extremely vulnerable.  Despite security patch after security patch, new problems keep coming up.

It appears that just as companies retire certain programs when it is too difficult to patch them, this may well be the time for Adobe to retire Flash and if it doesn’t, you should consider retiring it yourself and replacing it with another plugin that performs the same function, but is safer. Adobe Flash has already been proven to be so vulnerable to successful attacks by hackers that installing new security patches as quickly as they are issued is little more than putting a Band-aid on the Titanic if I can mix my metaphors.

Microsoft now blocks Adobe Flash by default in its Edge browser due to security concerns.  Microsoft also blocks outdated versions of Adobe Flash from running in Internet Explorer on Windows 7.  If you use Windows 8.1, Windows 10 or Windows Server 2012R2, this will not affect you because these systems automatically install Adobe Flash security patches.  In addition, to Microsoft both Google, Apple and Mozilla have  indicated that are blocking Adobe Flash.

TIPS

Here is the link to the latest Microsoft updates:

https://www.us-cert.gov/ncas/current-activity/2017/07/11/Microsoft-Releases-July-2017-Security-Updates

If you are going to continue to use Adobe Flash, it is imperative that you update your software.  Here is a link to the latest Adobe Flash updates:

https://www.us-cert.gov/ncas/current-activity/2017/07/11/Adobe-Releases-Security-Updates

However, it may well be time for you to replace Adobe Flash to avoid future problems.

Here is a link to a website with alternative plugins you may wish to consider to replace Adobe Flash.

http://alternativeto.net/software/flash-player/