Posts

Bitcoin Scams Up the Ying Yang

If you are thinking of jumping onto the Bitcoin bandwagon, or any type of cryptocurrency, you have to make sure that you are watching out for scams. There are a ton of them out there, including the following:

Fake Bitcoin Exchanges

You have to use a Bitcoin exchange if you want to buy or sell Bitcoins, but not all of them are legitimate. Instead, many of them are created for the sole purpose of taking people’s money. Only use well-known exchanges.

Ponzi Schemes

Bitcoins are not exempt from Ponzi schemes, and you have to look out for these. These are like pyramid schemes, and you definitely don’t want to get caught up with this, as you will certainly lose your money.

Fake Currency

You have certainly heard of Bitcoin, but there are other cryptocurrencies on the market, too, as alternatives to Bitcoin. However, there are also fake ones. For instance, one of these, My Big Coin, was fake, yet the people behind it managed to take more than $6 million from customers.

Well-Known Scams

Bitcoin scammers also rely on old school, well-known scams to trick people. They might, for instance, send emails pretending to be the IRS or even having some type of Bitcoin sale. People fall for these scams every day. If it seems weird, like the IRS emailing about Bitcoin, it is most definitely a scam.

Malware

Malware is another associated scam with Bitcoin. Most, or all wallets are connected online, scammers can use malware to access the account and take your money. Malware can get on your computer in a number of ways, including from websites, social media sites, and even through email.

Fake News

We live in an era where online news is the most popular method to get news, but it’s also very easy to create news stories that seem totally legitimate, yet they are absolutely fake. Basically, scammers create these stories to bait victims, so always think before you start clicking.

Phishing

These Bitcoin scammers also use phishing scams to try to get money from people who are trying to buy and sell Bitcoin. These scams are often done by clicking malicious links.

It doesn’t matter if you join the Bitcoin craze or not, you can also use these tips to keep yourself safe from other scams. Here’s some final tips:

  • Always do a security scan on your laptops, computers, phones, and tablets on a regular basis.
  • Do your research before investing in any cryptocurrency website. Make sure it is trustworthy and secure.
  • Store all of your cryptocurrency in a wallet offline, which keeps it protected from scammers.
  • Always monitor all of your banking, credit card, and cryptocurrency accounts.
  • Always insist the crypto site has two step or two factor authentication.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Beware of these 4Scams

IRS

  • The e-mail (or phone call) says you owe money; if you don’t pay it immediately, you’ll be put in jail or fined.The scammer may know the last four digits of the victim’s Social Security number.
  • Caller ID will be spoofed to look like the call is from the IRS.9D
  • The e-mail will include an IRS logo and other nuances to make it look official.
  • The scammer may also have an accomplice call the victim pretending to be a police officer.
  • The victim is scared into sending the “owed” money—which goes to the thief. Or, the thief gets the victim to reveal credit card information.
  • Another version is that the IRS owes the victim. The victim is tricked into revealing bank account information to receive the refund.
  • Know that the IRS will never contact you via e-mail or phone; will never threaten jail time, a fine or other threats like a driver’s license revocation.
  • If you owe, the IRS will send you snail mail, certified.
  • The IRS will never threaten to have you arrested.
  • If the subject line of an e-mail appears to be from the IRS, delete it.
  • If a phone call appears to be from the IRS, hang up.

Bereavement

  • Scammers scan obituaries for prey.
  • They then contact someone related to the deceased and claim something against the estate or that they’ll reveal a family secret scandal unless they’re paid.
  • If one of these scams comes your way, request written documentation of the claim.
  • Tell the sender you’ll send this documentation to the executor.
  • If you’re blackmailed, contact a lawyer.
  • Never arrange to meet the sender.

Computer Hijack

  • This may come as a phone call: A person claiming to be a Microsoft rep informs you that your computer has been hacked and he’ll fix it—or you’ll lose everything.
  • He wants to convince you to let him have remote control or “sharing” of your computer…and from there he’ll try to get your credit card number…

Investment Scam

  • Someone halfway around the world has chosen YOU to handle a large amount of money, and you’ll be paid richly for this.
  • The sender often has a foreign sounding name, but even common names are used.
  • Often, there’s some smaltzy message in the e-mail subject line like “God bless you” or “Need your help.”
  • Delete e-mails with any subject lines relating to investments, inheritances, mentions of money, princes, barristers or other nonsense.
  • If you feel compelled to open one, don’t be surprised if there are typos or that it’s poorly written. Do NOT click any links!

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Beware of the Jury Duty Scam

Imagine getting a call from someone identifying themselves as a federal court official or U.S. Marshal, informing you that your arrest is imminent unless you pay a cost—all because you failed to respond to a jury summons (which you don’t remember getting). I’d like to think that you’d immediately smell the rotten scam here and hang up, but unfortunately, many adults fall for this jury duty scam.

10DFirst off, let me get it off my chest: Who the devil ever heard of being arrested or fined for not responding to a jury summons? This farce isn’t even depicted in any of the slew of crime and law dramas that have been on TV for decades.

But the scammer relies on inducing enough fear in the targeted person to win them over. These scammers are sophisticated and even have call centers, says Melissa Muir, quoted in an article on uscourts.gov. She’s director of Administrative Services for the U.S. District Court of Western Washington. She points out that a federal court will never call someone and make threats or demand payments.

So if you hear what sounds like a bustling call center in the background of the call, assume this is staged to make the call sound official.

So what is the federal court’s response when someone ignores a jury summons?

  • The court clerk’s office will contact you.
  • You may be required to appear in court before a judge.
  • At the court, the judge may order that you pay a fine—but not before you’re given the chance to explain why you failed to appear for your jury summons.

If you get a fraudulent call, do not give out any information; hang up. Call your local court clerk’s office or the U.S. Marshal’s Service office for peace of mind: Check if you really did miss a jury summons, but chances are extremely high, and I mean higher than a kite, that the call was a scam.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Beware of Hot and Cold Reading Scams

Many so-called psychics are frauds. But so are some auto mechanics, lenders and roofers. There’s fraud in just about all lines of work.

1SWhat we do know is this: There’s not enough evidence to refute paranormal phenomena. Nor enough to prove it beyond a doubt.

And we also know this: There exist scams involving hot and cold readings.

I could give a scam reading to a flamboyant, colorfully-dressed woman (whom I’ve known for only a minute) with big hair, lots of costume jewelry and a supersonic laugh.

I could tell her she’s attracted to quiet, analytical, detail-oriented, very serious men whose eyes well up during sappy movies. She’ll pay me $100 for my “reading” and think I’m a psychic. What she doesn’t know is that I know that people with “sanguine” temperaments are attracted to the “melancholy” temperament.

I didn’t “read” her based on psychic abilities. I “read” her based on a book about temperaments I read years ago. Some people get really good at cold readings and make money off of this.

Hot Readings

You have an appointment with a woman. You find her Facebook page (because you got enough preliminary information to achieve this). You learn all about her. You look her up on LinkedIn too.

Come appointment (reading) time, you start telling her things about herself, flooring her. Scammers can cunningly extract information via other routes as well, but the bottom line is that the crook gets information ahead of time and pretends it’s only just coming up during the reading.

Cold Readings

The information is gleaned right on the spot—via skilled observational powers. Typically the cold-reader begins broadly, such as, “You’re very sad these days,” watching the customer’s body language and facial reactions, and then making deductions based on those.

The reading is very carefully worded to cover the possibility that the deductions are wrong. The scammer might say, “A person very dear to you is no longer around,” instead of the specific, “A person very dear to you has recently died.”  All possible reasons for the “loss” are covered with the ambiguous statement.

Cold readings to a large group are a joke, because the scammer will announce something that, by the law of averages, will apply to several people in the group. He then narrows it down from there.

There may be many honest, true psychics out there (some police departments use them for missing-persons cases believing if there wasn’t some fire to this smoke).

But beware of the scammers. Don’t pay someone to tell you something about your life that’s already on Facebook or evident in your clothing and mannerisms.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

LinkedIn targeted by Scammers

LinkedIn is a free service that allows professional people to network with each other. Often, a LinkedIn member will receive an e-mail from another LinkedIn member “inviting” them to join their network. Sometimes, the inviter is someone the recipient doesn’t know, but the recipient will link up anyways. And that’s the problem.

14DA report at www.secureworks.com says that Dell SecureWorks Counter Threat Unit™ (CTU) researchers discovered 25 phony LinkedIn profiles.

With this particular phony network (called TG-2889), most of the intended victims live in the Middle East. The profiles are convincing, including some having over 500 connections.

Signs of Fraudulence

  • Profile photos appear on other, unrelated sites.
  • Duplicate summary profiles, some duplicated from other sites.
  • “Supporter persona” profiles use same basic template and have other similarities.

Using phony profiles, the scammers aim to lure legitimate LinkedIn users into giving up personal information that the “threat actors” can then use either against them (like getting into their bank account) or scamming their associated company out of money.

Or, as evidenced by that one-fourth of the targets work in telecommunications, the scammers may be planning on stealing data from telecommunications companies.

TG-2889 is doing a pretty good job of maintaining the fake profiles, as they regularly make revisions, continues the secureworks.com report. This suggests that a new campaign is planned, perhaps one targeting the aerospace industry, since at least one fake profile mentions Northrup Grumman.

It’s also likely that some TG-2889 profiles have not been identified, and let’s also assume that LinkedIn is tainted with even more bogus profiles from other threat actors.

For Legitimate LinkedIn Users

  • If you suspect a profile is fake, cyber-run for the hills.
  • Link up with profiles of only people you know.
  • Be leery of interacting with members you don’t know even if they appear to be part of the network of someone you do know.
  • If you get a job offer through LinkedIn, don’t respond via that conduit. Instead contact directly the employer for verification.
  • For employers: Have you instructed your employees in proper use of the LinkedIn system? Are you sure they are not abusing it (either intentionally or non-intentionally), which could put your company at risk?

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Ransomware Scammers get the Big Bucks

It sounds almost like science fiction, even in this cyber age: A thief hacks into your computer and encrypts your files, meaning, scrambles the information so you can’t make sense of any of it. He demands you pay him a big fat payment to “unlock” the encryption or to give you the “key,” which is contained on the thief’s remote server.

10DYou are being held ransom. The FBI’s Internet Crime Complaint Center has sent out a warning to both the common Internet user and businesspeople about this ransomware, says an article on arstechnica.com.

And if you think this is one helluva dirty trick, it can be worse: The thief gets your payment, but you don’t get the cyber key.

The article says that the biggest ransomware threat is the CryptoWall. The FBI’s IC3 has received reports from 992 victims of this ransomware, but it’s estimated that there are many more victims who have not notified the IC3 (would you or your friends necessarily know to do this?) and instead just paid the ransom—or didn’t, resigning to never being able to access their files again.

In addition to the ransom cost, there are also the costs associated with cleaning up the mess, and the fallout especially hits businesses, because they suffer lost productivity and having to pay IT services.

The arstechnica.com article quotes Stu Sjouwerman, CEO of KnowBe4, a security training company: “CryptoWall 3.0 is the most advanced crypto-ransom malware at the moment.”

According to the IC3, there are $18 million in losses associated with CryptoWall, but remember, that’s only what has been reported. Many businesses do not notify the FBI of breaches: the ransom payment as well as the heavy cost of impaired productivity.

How does an individual or business avoid getting sucked into this trap? The FBI offers the following recommendations:

  • Back up all of your data on a regular basis.
  • Protect all of your devices with antivirus software and a firewall—from reputable companies.
  • Keep your security software updated.
  • Clicking on a malicious website could download ransomware; therefore, you should enable pop-up blockers that will prevent these dangerous clicks.
  • Do not visit suspicious websites.
  • Avoid clicking on links inside e-mails.
  • Protect your WiFi connection. A criminal can insert a virus on your device while on unencrypted WiFi. Use a VPN, a virtual private network encrypts your data over free WiFi.
  • Avoid opening attachments that come from strangers or people for whom it would be out of character for them to send you an attachment or who’d have absolutely no reason to. This includes the IRS, UPS, Microsoft, Walmart, etc.
  • CryptoWall can still make its way into your device if you’ve clicked on a malicious ad that’s on a legitimate website, says the arstechnica.com article. Here is where an updated antivirus software program would come into play to detect the malware.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Top 12 Scams Happening NOW

Scamerama is here to stay! Scams are as old as time, and evolve as inventions and technology evolve. Top scams, according to a report on FraudAvengers.com, are as follows:9D

  1. Scammer “accidentally” overpays you for an item you sold online; you cash the crook’s phony check and wire back the difference. You’re out cold.
  2. You order something online and it’s not delivered or version arrives that’s nothing like in the advertisement.
  3. You prequalify for a credit line or loan that seems too good to be true. It requires upfront fees and sensitive information—and you end up never hearing from them again.
  4. You “win” a prize or gift card and, to receive it, must give out sensitive information and/or pay a fee. This scam occurs also via phone, and sometimes the scammer uses well-known brand names.
  5. Calls from people claiming to be IRS reps warning you that you owe money—or that you’re owed money—and that you must pay up immediately or go to jail, or pay a fee to get your refund.
  6. Crooks harp on the vulnerability of confused people seeking health care coverage every fall during open enrollments.
  7. You purchase the puppy in the online photo, pay fees for shots, crating, etc., and the puppy never arrives.
  8. “Human Resources” e-mails that make you think they’re from your employer; you provide critical information that allows the scammer to hijack your direct deposit setup.
  9. The fraudster’s “service” helps recover unclaimed property or funds, but there’s no recovery—even after you’ve paid a fee or given out sensitive information.
  10. An online job offer looks great: no experience required, start immediately, full-time—after you pay a training fee and/or give up your SSN online.
  11. A medical plan that seems too good to be true—because it’s not coverage; it’s just a discount plan.
  12. For a fee, the thief claims to be able to help you get out of debt or recover from recent identity theft or some kind of fraud, playing on your vulnerable state.

Seriously, none of these scams would happen to you if you just paid attention. Please, beware, be careful and be smart.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Trusting too much brings Trouble

There will always be the person who lives on the Equator to whom you can sell an electric heater. As they say, there is a sucker born every minute.

12DThis is why cyber criminals will always have a field day, like the crook who posed as a tax man who got an elderly couple to send $100,000 to an offshore bank account after he tricked them.

This was a fear-based scam. The other two categories are compassion and self-interest. And just because a person can’t be frightened doesn’t mean that their heart strings can’t be tugged by a charity scam.

Elderly people and those with low income are more likely to be tricked. Other people…well, you just have to wonder what’s between their ears.

For example, the popular Microsoft scam involves a person calling the victim to tell them that their computer has a virus. The caller is a crook who wants to convince the victim to allow him remote access to the computer. Don’t the victims ever wonder how the heck Microsoft would even know their computer had a virus? Red flag, anyone?

Some say ask the caller for their number so you can call back–they’ll probably hang up. Probably. The scammer may have a number in place just to cover this possibility. Really, just hang up. It’s a scam.

Some people will just keep giving money out, again and again, to the same scammer; it’s not always a flash-in-the-pan payout. What compels them to behave this way? Perhaps it’s to continually convince themselves that they’re not dumb enough to be scammed.

Another way cons trap people is by asking for small amounts of money first; this lowers the victim’s guard.

More Popular Scams

  • Charity. These can range from natural disaster relief to donations for made-up charities, or those with names very similar to well-known ones.
  • Rental. The crook sends the landlord an overpayment by check of the first month’s rent before living there, then tells the landlord to wire back the difference. The check bounces.
  • IRS: Always hang up on callers identifying themselves as tax people claiming you underpaid or are owed a refund, even if the caller ID says “IRS.”

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

3 More Ways Criminals use influence to steal

Criminals use six basic principles to influence and steal. In the first post we discussed:

  • Reciprocation: Do something nice for a person and they will feel obligated to return the favor.
  • Social Proof: This is the “It’s okay if everyone else does it” approach.
  • Commitment and Consistency: Get someone to verbally or in writing commit to something, and this will increase the chances they’ll follow through.

11DRobert Cialdini is a psychologist who studied influence for nearly 30 years, condensing his findings into six principles. In this post we will discuss 3 more principles of influences that tie it all together and make scammers experts at their craft.

Liking

  • If someone likes you they will more likely comply with you. Get more bees with honey as they say. We do business with those we know, like, and trust. When you see others rate a product high, you are more likely to buy it.
  • The liking could even result from noticing that you have a similar hairstyle or body mannerisms. This is why salespeople are taught to mimic the vocal patterns of their prospects.
  • A similar name, knowing the same people, finding common ground, a similar physical appearance, is all comforting.
  • Scammers do everything they can to appear as a likable trusted source. The scam email looks exactly like your bank because you must like your bank if you trust them with your money, so you click the link. This new person friends you on social and you see they are connected to 25 of your others friends and colleagues. They must be OK right? No.

Authority

  • Coming off with some authority increases one’s ability to influence people. This is why salespeople are taught to speak with downward inflections.
  • To seem more authoritative, wear dark clothing. Police officers and security guards dress in black or dark blue. So do ministers, judges and karate instructors. Attorneys in court, especially during closing arguments, usually wear dark. Imagine a cop in pink. Or SWAT in lavender.
  • But authority can also be white (doctor’s lab coat, nurse’s uniform). The bottom line is that when people perceive authority, they tend to comply.
  • This concept greatly pertains to social aggression: A man harassing a woman will usually back off if she suddenly squares up her shoulders, stares hard at him and speaks in a deep, primal voice, “Get out of my way, or else!” Dog are more effectively trained when the trainer uses a deeper voice.
  • Scammers pose as the government, law enforcement, the IRS, bill collectors, the security department from your credit card company, HR, accounting and more. Anytime an authoritive figure contacts you, be suspect.

Scarcity

  • Scarcity of an item makes it more appealing. Antique cars and rare old coins are worth more because there are few of them and a lot of people who want them.
  • This concept is used by marketers all the time. Ever hear “will soon be discontinued”? You suddenly buy a dozen of the product, even though you’ve hardly purchased it before. Ever hear “limited offer” and “but if you act now…”?
  • When there is a big storm/hurricane coming, people clear the shelves at the supermarket in fear they will not eat or drink.
  • Scammers understand scarcity is also associated with loss. They use the same principle when they tell you in a pop up if you don’t fix this, or in an email if you don’t act now, or over the phone if you don’t give up your username and password all your data/money etc will be gone, you won’t get paid next week etc. It’s limitless how they use scarcity.

I’ve said this before. Don’t be cattle. Don’t act like sheep. Most of the world functions based on the honor system. As long as everyone is honest, everything works seamlessly. The honor system is designed with the mindset that we are all sheep and there are no wolves. We know there are plenty of wolves.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Beware every time the Phone rings

Don’t assume you’ll never be targeted by phone scammers just because you don’t have a cell phone; they continue to feast on landline users, especially those over 50.

9D“This is the IRS…”

  • Drill this into your head: The IRS never calls to collect back taxes. NEVER.
  • A common ploy is to threaten that the listener will go to prison if they don’t pay up immediately.
  • If you really do owe taxes, the IRS will contact you alright—but via snail mail, not a phone call, text or e-mail.
  • Scam calls may also sound professional with no threats, and may be a pre-recorded woman’s voice.
  • Scammers can make the caller ID show “IRS.”

Charities and Fundraisers

  • A call comes from the fraudster, claiming he represents a charity and wants your donation. The con artist may even say he’s with the local police department.
  • Want to help mankind? Hang up on the caller and give to a reputable foundation or give out homemade sack lunches to the homeless.
  • Go online and search the organization in question to verify they’re legit.
  • If the call has an automated message, hang up immediately.
  • A legitimate organization will not request your Social Security number or personal financial information.

“You’ve won a prize!”

  • No, you haven’t. These are scams; hang up.

Tech support never calls you…

  • You must call them first. So if you get a call from “tech support” asking for personal information, it’s a scam. Geek squads don’t just up and call people.
  • A call about installing an update is a scam.
  • Scammers can make the caller ID show “Microsoft.”

“Hi Grandma, it’s your favorite grandson!”

  • If relatives call asking for money, hang up and call them to verify that said caller is really your relative.

Avoiding Scam Calls

  • Must you answer the phone every time it rings? It’s perfectly legal to ignore a ringing phone.
  • If your phone has caller block, input numbers from suspected scammers. Next time they call, there’ll be barely one ring, then the caller will be blocked.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.