Category Archives: Scam

Article: How to protect yourself while online shopping for the holidays

A recent article from Mashable provides researched geared towards protecting yourself online while shopping for the holidays:

—Begin—

With many retailers offering internet-only promotions to go along with their in-store doorbusters, more Americans than ever seem to be choosing to stay home to take advantage of the best deals of the season.

Research from Visa projects an 18 percent increase in online holiday spending this year, which follows 16 percent growth over the 2015 season from the year before. That uptick in 2015 resulted in about $11 billion of online sales over the five-day Thanksgiving weekend period (Thanksgiving Day through Cyber Monday). That’s why it’s essential that shoppers protect themselves and their personal information more than ever in 2016. Especially since “25 percent of all security breaches [are] taking place in the retail sector,” said Experts Exchange COO Gene Richardson in a statement to Mashable.

As a former head of the data security teams of IBM, Charles Schwab and Motorola, Richardson has extensive experience advising companies and consumers alike on how to avoid fraud and protect their identities online.

With that in mind, he’s assembled a set of helpful online shopping safety tips:

1. Ensure that the website address is secure and has a valid encryption certificate. It will usually display a “locked, green” indicator in front of the website name. If it doesn’t have that, it does not have a higher level of security that has been guaranteed by a known entity like Verisign, Symantec and others.

2. Ensure your system has the most recent recommended system and security patches.

3. Always use a credit card that is not tied directly to your personal bank account(s), even if you are using PayPal, Bitcoin or some other payment method.

4. Never give anything other than name, address and phone number. You should not need to answer security or privacy questions when making a purchase or checking out. If they ask, see if you can checkout as a “guest” instead.

5. Monitor your credit through a third party for identify theft and have SMS and email alerts sent to you immediately.

6. Set-up alerts with your credit card company that send both SMS and emails when any purchases are made and the credit card was not scanned (meaning, it wasn’t in someone’s hand when the charge was made). Set them as low as $25 per purchase. Also, set-up alerts for total purchases over $500 in a billing period to protect multiple $24.99 purchases. And if possible, a maximum amount of purchases allowed in a billing period such as $1500 before card will get declined.

7. Ensure that you have a reputable Antivirus program running on your computer and that your browser has an Ad blocking plug-in.

8. Ensure that the network your computer/device is on is secure and you know who has access to your network. This is usually done with your router. You want to lock down your router so that traffic can be initiated from the inside-out but you do not want traffic to be initiated from the outside-in. If you are using a WiFi connection, make sure that network is also secure and requires a password to join. If it is a public WiFi network that doesn’t require a password, then the traffic coming from your device can be monitored and stolen.

9. Any passwords that you use should be strong, hard to guess ones. Or, even better, hard to guess, but easy to remember.

10. Don’t click on unfamiliar links to sites advertising sales, coupons, etc.

11. Use two-factor authentication/verification, if it is offered.

Mobile Concerns

To stay safe while shopping on your phone or tablet, be sure to follow these tips, according to RiskIQ:

1. Only download apps from official app marketplaces like Google Play or Apple’s App Store.

2. Be wary of applications that ask for suspicious permissions, like access to contacts, text messages, administrative features, stored passwords, or credit card info.

3. Check out the background of an app before downloading. Research the developer and be cognizant of the spelling of brand names.

4. Make sure to take a deep look at each app. New developers, or developers that leverage free email services (e.g., @gmail) for their developer contact, can be enormous red flags — threat actors often use these services to produce mass amounts of malicious apps in a short period. Also, poor grammar in the description highlights the haste of development and the lack of marketing professionalism that are hallmarks of mobile malware campaigns.

Common Sense

Just like any other time of the year, a deal found online over Thanksgiving weekend that seems too good to be true might be just that.

In addition to Richardson’s first tip about web page encryption certificates, always check website addresses after following links on Twitter, Facebook or even Google to be sure you haven’t been redirected. Legitimate retailers will almost always be determined by the “S” in HTTPS at retail sites.

Finally, keep your personal and financial information close at hand. Never provide anything until you’ve done your homework on a site or app, and even then never input anything until you’ve selected your purchase and are checking out.

With a measured approach to online shopping, you can dodge the in-store lines and the security risks this holiday season.

—End—
Source: http://mashable.com/2016/11/21/online-shopping-safety-black-friday-cyber-monday/#6OHl_1zRaqql

Article: Random text? Wait, wait, don’t click that!

“Here’s a tip that’s worth repeating:

Don’t click on a link in a text message you get on your phone that says you’ve won a terrific prize or a gift card, or that asks you to click on a link. Don’t reply either. It’s probably a scam.

The Federal Trade Commission settled charges with a group of marketers that were part of a scheme that sent millions of unsolicited spam text messages promoting supposedly free merchandise like $1,000 gift cards for Wal-Mart and Best Buy.

People who clicked the links in the messages didn’t get the promised prizes. Instead, they were taken to websites that asked them to give personal information and sign up for multiple offers, often involving purchases or paid subscriptions.

What can you do about unwanted text messages?

  • Delete unwanted text messages that ask you to enter a special code, or to confirm or provide personal information. Legitimate companies won’t send you a text asking for sensitive information.
  • Don’t click on links in the text message. Links can take you to spoof sites that look real but will steal your personal information.
  • Report spam texts to your carrier. Copy the original message and forward it to 7726 (SPAM) free of charge, if you are an AT&T, T-Mobile, Verizon, or Sprint subscriber.”

Though scams involving free gift cards and merchandise are common there are also other types of scams prevalent via text messages. Below is an example of  a scam text message.

textscam

Source: https://www.consumer.ftc.gov/blog/random-text-wait-wait-dont-click

Alert: Potential Hurricane Matthew Phishing Scams

logo

US-CERT warns users to remain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Matthew. Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Matthew, even if it appears to originate from a trusted source. Fraudulent emails will often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from deceptive charitable organizations commonly appear after major natural disasters.

US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:

  • Do not follow unsolicited web links in email messages.
  • Use caution when opening email attachments. Refer to the Security Tip Using Caution with Email Attachments for more information on safely handling email attachments.
  • Keep antivirus and other computer software up-to-date.
  • Refer to the Security Tip Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
  • Review the Federal Trade Commission information on Charity Scams.
  • Verify the legitimacy of any email solicitation by contacting the organization directly through a trusted contact number. You can find trusted contact information for many charities on the BBB National Charity Report Index.

Source: https://www.us-cert.gov/ncas/current-activity/2016/10/11/Potential-Hurricane-Matthew-Phishing-Scams

FUND ADMINISTRATION ORDER CAP 000623 CODED – Scam Email Sent to the Fordham Community on 8/4/2016

This is Scam email that has been reported. This message was
received on or about August 4th, 2015. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————

From: EUMONETAY GROUPUK <drjohnikolo234@gmail.com>
Sent: Thursday, August 4, 2016 11:16 AM
Reply To: eumonetary2010groupuk@gmail.com
Subject: FUND ADMINISTRATION ORDER CAP 000623 CODED

OFFICE OF THE DIRECTOR-GENERAL
UNITED NATIONS OFFICE AT GENEVA
Palais des Nations
AVENUE DE LA PAIX 8 – 14
1211 Geneva 10
SWITZERLAND

RE: FUND ADMINISTRATION ORDER CAP 000623 CODED

I am Michael Møller, Director-General, United Nations office at Geneva
in charge of economic and financial matters. I have been mandated by
United Nations Department on International Fund delivery to confirm if
you have received your assigned compensation award of $ 2,500,000.00
among those paid in the first quarter payment schedule between 1st of January to 31st March 2016?

If you have not received your payment, then forward the Following
details: Full Names, Contact Address, Your Private Telephone / Mobile
Numbers and Valid Means of Identification and Your Current Receiving
Banking Details to Sir Moses Lambert payment coordinator European
Union Monetary Group. United Kingdom his contact information below:-

NAME: SIR MOSES LAMBERT
EMAIL:eumonetary2010groupuk@gmail.com
TEL: +447418469393

Warm Regards,
Michael Møller
Director-General
United Nations Office At Geneva.
Tel: +41225181581

——————–End Message ——————————

Security Awareness: Student IRS Tax Scam Alert

The Internal Revenue Service last week issued a warning to taxpayers about bogus phone calls from IRS impersonators demanding payment for a non-existent tax, the “Federal Student Tax.”

Examples of the varied tactics seen this year are:

  • Demanding immediate tax payment for taxes owed on an iTunes gift card
  • Soliciting W-2 information from payroll and human resources professionals (IR-2016-34
  • “Verifying” tax return information over the phone (IR-2016-40
  • Pretending to be from the tax preparation industry (IR-2016-28

The IRS urges taxpayers to stay vigilant against these calls and to know the telltale signs of a scam demanding payment.

The IRS Will Never:

  • Call to demand immediate payment over the phone, nor will the agency call about taxes owed without first having mailed you a bill.
  • Threaten to immediately bring in local police or other law-enforcement groups to have you arrested for not paying.
  • Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
  • Require you to use a specific payment method for your taxes, such as a prepaid debit card.
  • Ask for credit or debit card numbers over the phone.

For more information please see the below link for details and guidance.

https://www.irs.gov/uac/newsroom/irs-warns-of-latest-scam-variation-involving-bogus-federal-student-tax

Article: College Scam Alert: Con Artists Target Students

“If you know some college students who are living on their own, you’ll want to make sure they know how to protect themselves from scam artists.

Ruth to the Rescue has sounded the alarm about con artists targeting adults, especially the elderly, but those crooks are also using “college versions” of their schemes to steal money from students.

The website Credit.com recently posted the scams it calls the most common on campus. If you know a college student, share this information! It could prevent someone from losing a lot of money, and most college students don’t have money to lose.

1) Fake Late Tuition Calls: Beware of someone calling and telling a student that his/her tuition is late and in order to not be dropped from their classes they need to pay right then with their credit or debit card. As in similar scams, (fake IRS, fake power bill) the student should get off the phone immediately and contact the finance office, using a number they know is legitimate. If you want to be prepared in advance, make sure you know how your school will handle late payments, so you know what to expect.

2) Advanced Fees: Remind your college kid that if someone is trying to charge them a large sum of money for something they can most likely do on their own such as scholarships; debt counseling, FAFSA completion or a loan, they should hang up and speak with an adult educated on the matter right away.

3) Online Textbooks: College textbook prices can be crazy expensive and while it is smart for your student to research sites that they may be able to find the books cheaper, it is imperative that they also do their homework on these sites before buying with them. Many too-good-to-be-true sites, will simply collect your students money and deliver nothing.

4) Fake Landlords: For out of state students especially, it is very common nowadays to look online for school apartments and housing. Make sure that your student always sees the apartment in person, inside and out, checks out reviews online, and meets the landlord in person before paying any sort of apartment bill. This is also a scam used against adults, where fake landlords rent homes or apartments they don’t really own. If you cannot get inside to see the place, that’s a huge red flag.

5) Check Cashing: Be wary of “friends” and acquaintances who may ever ask you to cash a check for them. In this scam college students will usually take the check and give the person cash in exchange. When they go to cash the check it bounces and the original check holder is long gone with their money.

6) Beware Public Wi-Fi: College students are notorious for hitting up cafes and parks for free Wi-Fi, but it is imperative that they are aware of everything you subject your electronic device to when you join a Wi-Fi network. Load your student’s computer up with password protection and encryption software before they head off to school and also remind them to never sign into sensitive accounts, such as banking, when on public Wi-Fi.

You Are Your Own Best Defense

Working with the Better Business Bureau, Ruth to the Rescue has come us with this 4-step strategy that really helps to battle any scam artist, using any scheme to try to get your money or your personal information.

1) IGNORE!

It’s really important that you get caller ID and train yourself to ignore any call if you don’t recognize the number. Just don’t answer! If it’s someone you know, they will leave a message and you can call them right back. Every time you pick up a call from a scam artist, you are telling that scammer you are a live target. The same goes for strange emails, delete them! And, never click on links in emails from someone you’re not 100 percent is a friend or legitimate business.

2) RESIST

If you answer a call and someone is demanding money or personal information, resist their offers or their threats. It should become obvious that something’s not right, depending on which buttons their trying to push.

“If they’re really just trying to prey on my emotions or my fear, that’s when you should just immediately hang up!” advises Melanie Duquesnel, CEO for the local Better Business Bureau in Southfield.

She says you never want to share personal information or make a payment, during that first point of contact, especially when that call comes out of the blue. You can listen (without sharing any of your information) but always remember to hang up and do more research!

You can also come up with a “refusal script” in your head that you can use on any scammer or aggressive sales person to reject their offers. Come up with a way to tell them you always do more research on any offer and it’s just a standard procedure that you don’t do business without 24 hours to consider the offer.

“You can come off politely, but at the same time firmly,” said Duquesnel.

3) VERIFY!

If the caller says something that catches your attention, makes you nervous, or seems worth checking out, do further research to see if what they’re saying is true. Remember, never call the numbers they give you for that extra research. Find a legitimate number to call. If you keep calling them back, you could be hearing more lies.

Another good idea, google some of the key facts of the story you’ve been told. There is a lot of information online about scams that are making the rounds. Victims often post their stories, including the names of the scammers, the phone numbers they’ve used, and other details that can help you spot a scam.

Be sure to go sources beyond that first call before you spend any money.

“The initial call is never homework. If someone calls you and says ‘Hey, you’ve won a million dollars!’ and you consider that your homework, I’m going to say absolutely not! You have flunked out of the how to avoid a scammer class,” said Duquesnel.

4) NOTIFY!

Finally, if somebody tries to scam you, tell other people so they can be on the lookout. Share you story with friends, family, and even social media so others know what kind of scams are currently making the rounds and how to spot them.

If you lose money, do not be embarrassed to tell someone. They might be able to help you stop further losses, and again, they will be on the lookout for these fast-talking criminals. It’s also important to notify local police when appropriate, the IRS, the Federal Trade Commission, or whatever agency might be able to offer you assistance.

Anyone can fall victim to a scam artist, if the scammer finds the right button to push to pressure them into surrendering their money.

“You must inform. You must share and in doing so you save somebody else,” said Duquesnel.

If you’d like more help from the Better Business Bureau, follow this link.

And, to read more from Credit.com, follow this link.”

Source: http://www.clickondetroit.com/consumer/ruth-to-the-rescue/college-scam-alert-con-artists-target-students

Article: Support Scams That Plagued Windows Users For Years Now Target Mac Customers

Researchers at antivirus provider Malwarebytes spotted a Web-based
campaign that attempts to trick OS X and iOS users into thinking
there’s something wrong with their devices. The ruse starts with a
pop-up window that’s designed to look like an official OS
notification. “Critical Security Warning!” it says. “Your Device
(iPad, iPod, iPhone) is infected with a malicious adward [sic]
attack.” It goes on to provide a phone number people can call to
receive tech support.

The site “ara-apple.com” is designed to masquerade as ara.apple[.]com.
Apple’s official remote technical support page. People who are
experiencing problems with their Macs can go there to get an official
Apple tech support provider to remotely access the person’s computer
desktop. Ara-apple provides links to the remote programs the supposed
technician will use to log in to targets’ Macs.

Source: http://arstechnica.com/security/2015/10/support-scams-that-plagued-windows-users-for-years-now-target-mac-customers/

Article: E-ZPass Warns About Phishing Scam Targeting Customers

“E-ZPass is warning customers about bogus toll violation notices sent by email asking patrons to click a hyperlink to download an invoice.

The email, which appears to have E-ZPass’ logo in the background, says, “Dear customer, You have not paid for driving on a toll road. This invoice is sent repeatedly, please service your debt in the shortest possible time. The invoice can be downloaded here. The “downloaded here” link goes to a website that asks for credit card information. The “downloaded here” link goes to a website that asks for credit card information.”

Below is a picture of the email.

Source: http://www.nbcnewyork.com/news/local/E-ZPass-Scam-Phishing-New-York-New-Jersey-Fake-Toll-Violation-Email-322178962.html?partner=nbcnews

Article: Don’t Get Fooled Into Clicking Phony Windows 10 Upgrade Emails

“A post published to Cisco Systems’s company blog outlines how scammers are taking advantage of Windows 10’s launch to push ransomware onto unsuspecting PC users.  At first glance, the emails look reasonably legit: Cisco notes that scammers are spoofing the sender’s email address to make it look as if the message is from Microsoft. Also, the blue-and-white color scheme used in the message nearly matches the colors Microsoft is using for Windows 10 marketing materials. So unless you look carefully, you could get fooled into thinking the email is actually from Microsoft.

An attached .zip file purports to be a Windows 10 installer, but according to Cisco, the attachment contains a piece of ransomware called CTB-Locker that encrypts your files and requests payment within 96 hours, lets your files be encrypted forever…

First and foremost, don’t click on any attachments you weren’t expecting, and be wary of download links in email messages. Microsoft isn’t distributing Windows 10 through email attachments or links embedded in emails. Instead, your reserved copy of Windows 10 will be automatically downloaded onto your system at some point in the next few days or weeks, and you will receive a notification on your PC when it’s time to install.”

mangled characters cicso

 

 

 

 

 

Source: http://www.pcworld.com/article/2955121/security/dont-get-fooled-into-clicking-phony-windows-10-upgrade-emails.html

Emergency Travel – Scam Email Sent to the Fordham Community on 2/19/2015

This is Scam email that has been reported. This message was
received on or about February 19th, 2015. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.


  
——————–Begin Message ——————————

From: Barbara ONeill <barbarakaneoneill@hotmail.com>
Sent: Thursday, February 19, 2015 4:25 AM
Subject: This Is An Emergency…Barbara ONeill
Greetings,
How
are you doing? I do hope this finds you well, and really sorry to be
mailing at such short notice. I traveled to the ISTANBUL SURGERY
HOSPITAL in (Istanbul,TURKEY)to see my cousin who is critically sick.He
was diagnosed with (Acute Lymphoblastic Leukemia). I was advised by the
doctor that the only way he can survive is by undergoing a BMT (Bone
Marrow Transplant) surgery.
Please
I really don’t know how to say this,but i really need your financial
assistance as this is a matter of Urgency. I hope you get back to me as
soon as you get this mail.
Hope to read from you soon
Best Regards
Barbara ONeill 

—————————–End Message ———————–