Posts

Tsunami Scam Warnings Keep Coming In

In light of the earthquake and tsunami in Japan, and the subsequent tsunami warnings in Hawaii and on the US West Coast, McAfee is warning consumers about a number of online scams that have appeared within hours of these devastating events.

Sadly, scammers seem to come out of the woodwork during a natural disaster to catch consumers when they’re in a panic, looking for answers, and when they’re most vulnerable.  People should not click on links or respond to phishing e-mails for relief donations that ask for credit card numbers or other personal information.  In addition, be wary of tiny URLs on social media services and posts on social networking sites. Hundreds of domains that could be related to the disaster have been registered so far today, including a scam site that appeared within just two hours of the earthquake.

Follow these guidelines to ensure that donations to victim relief efforts are sent through legitimate sites:

.Org domains are cheap.  Registering does not indicate charitable status in any way.  Verify that the organization is actually a registered charity by typing the URL directly into a web browser.

Domain solicitations that arrive by unsolicited email, especially those sounding overly urgent or desperate, are very likely to be scams.

Be aware that donation requests made via advertising banners can also be scams.

If you’d like to help, support one of the major international organizations that have a “most in need” fund such as the Red Cross.

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing how to protect yourself from identity theft on CounterIdentityTheft.com. (Disclosures)

Slam Online Scams

#1 Nigerian Scams: While these types of scams are generally understood to be Nigerian in nature and origin, and are in fact named after the 419 Nigerian code that made them illegal, advanced-fee scams happen right here in the good old USA by Americans presenting to offer jobs or may ask help to transfer money.

#2 Romance Scams: If you ever hear talk like this, run far and fast: “In me sweetheart you are going to find the most passionate, loving and romantic man you have ever met. There are very few promises in life but this is one of them! ROMANCE is the key to my happiness and to my heart and soul!”

#3 Classified Ad Scams: This story caught my eye: “An online scam targeting pet-lovers is circulating the web, and it could cost you more than a new pet. An ad posted to a local online classified website by a man who claimed he was living in Florida. He was willing to give the Labrador Retriever puppy named Dely away for the cost of shipping, which was $220.”

#4 Phishing: Phishing continues to become more sophisticated, more effective, and more prevalent. In one example, criminal hackers waited until Pennsylvania school administrators were on vacation, then used simple money transfers to liquidate over $440,000 out of the districts accounts.

#5 Spear Phishing: Spear phishing occurs when the scammers concentrate on a localized target, usually an individual with control over a company’s checkbook. This insidious type of phishing occurs when a recipient clicks a link, either in the body of an email or on the spoofed website linked in the email, and a download begins.

Don’t be taken. Keep your head up and recognize when someone’s trying to take advantage of you.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover.

The Ever Present Credit Card Scam

The Ever Present Credit Card Scam

When people ask me, “How do I protect myself from credit card fraud?” I tell them, “Cancel the card, or never use it.” Because that’s the only way. Otherwise, all you can do is hope the merchant has a sophisticated system in place to mitigate the fraud.

The FBI’s Internet Crime Complaint Center’s Annual Report determined that the total dollar loss from all cases of fraud in 2009 that were referred to law enforcement by IC3 was $559.7 million; that loss was greater than 2008 when a total loss of $264.6 million was reported. Some estimate identity fraud in total at over $50 billion.

Flaws in the system used to issue credit facilitate new account fraud, since creditors often neglect to fully vet credit applicants with technology as essential as device reputation. Account takeover requires nothing more than access to credit card numbers, which can be accessed by hacking into databases or skimming cards at a point of sale terminal, ATM, or gas pump.

You should be aware of these common scams:

Micro Charges: Micro charges are fraudulent charges ranging from twenty cents to ten dollars. The idea is to keep the amounts low enough to go unnoticed by cardholders.

ATM Skimmers: Criminals can place a card reader device on the face of an ATM to copy your card data. The device, which appears to be part of the machine, may use wireless technology to transmit the data to the criminals. In many cases, thieves will also hide a small pinhole camera somewhere around the ATM (in a brochure holder, mirror, or speaker, for example) in order to record PIN numbers as well. Always cover the keypad with your other hand when entering your PIN.

Dummy ATMs: ATMs can be purchased through eBay or Craigslist and installed anywhere. (I bought one from a guy at a bar for $750.) A dummy machine has been programmed to read and copy card data.

Phone Fraud: The phone rings and it’s a scammer claiming to be calling from your bank’s fraud department. The scammer may already have your entire card number, which could be stolen from another source. You might be asked about a fictional charge you supposedly made, and when you deny it, you’ll have to provide your three to four digit CVV number in order to have the charge removed. Never give out this type of information over the phone.

Phantom Charges: When searching for something on the web, you come across a great deal. In the process of ordering, the website informs you that a discount is available along with a free trial of another product. Thinking you’re saving money, you take the bait. The next thing you know, your card is being charged every month and the company makes it very difficult to cancel the charges.

Look for and do business with companies that have a comprehensive, defense-in-depth approach to protect consumers against identity and financial fraud. Check your credit and banking statements carefully. Scrutinize every charge and call your bank or credit card company immediately to refute any unauthorized transactions.

(Be sure to do it within 30 or 60 days at most, depending on the type of card.)

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses ATM skimming on Extra TV. Disclosures.

Caller ID: Tool for Scammers

Most of us tend to trust the person on the other end of the telephone more than we trust an email in our inbox. However telephone scams continue to plague people and successfully empty the victims bank accounts.

Caller ID spoofing occurs when your phone rings and your caller ID displays a name and number that seem legitimate, but are, in fact, spoofed. The caller has masked his or her true name and number. Most people aren’t aware of caller ID spoofing, and therefore have no reason to question the phone call’s legitimacy.

Caller ID spoofing is often sold as a tool for law enforcement. It can provide a useful disguise if, for instance, a suspect has been withholding child support. But a civilian who suspects a spouse of infidelity might use caller ID spoofing to conduct his or her own investigation. On-call doctors who wish to keep their phone numbers private may need to provide spoofed numbers for clients.

The fraudulent uses for caller ID spoofing vastly outweigh the legitimate ones. Anyone can obtain this technology and pose as law enforcement, a lottery, a charity, a government agency, a credit card company, or anything else that might be lucrative. Abuses of caller ID spoofing have raised hackles with government officials.

Don’t automatically trust the information displayed by you caller ID.

No matter what your caller ID says, never give out personal information over the phone.

If a caller tells you you’ve won something or stand to lose something, tell them you’ll be happy to discuss if further, but that you’ll have to call them back. Then go online, search for a valid number, and call to confirm the details.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses another databreach on Fox News. Disclosures


5 Ways to Prevent Check Fraud Scams

Check fraud is a billion dollar problem. Check fraud victims include banks, businesses and consumers. Our current system for cashing checks is somewhat flawed. Checks can be cashed and merchandise can be purchased even when there is no money in the checking account.

There are 5 main forms of check fraud to watch out for:

Forged signatures are the easiest form of check fraud. These are legitimate checks with a forged signature. This can occur when a checkbook is lost or stolen, or when a home or business is burglarized. An individual who is invited into your home or business can rip a single check from your checkbook and pay themselves as much as they like. Banks don’t often verify signatures until a problem arises that requires them to assign liability.

Forged endorsements generally occur when someone steals a check written to someone else, forges and endorsement and cashes or deposits it.

Counterfeit checks can be created by anyone with a desktop scanner and printer. They simply create a check and make it out to themselves.

Check kiting or check floating usually involves two bank accounts, where money is transferred back and forth, so that they appear to contain a balance which can then be withdrawn. A check is deposited in one account, then cash is withdrawn despite the lack of sufficient funds to cover the check.

Check washing involves altering a legitimate check, changing the name of the payee and often increasing the amount. This is the sneakiest form of check fraud. When checks or tax-related documents are stolen, either from the mail or by other means, the ink can be erased using common household chemicals such as nail polish remover. This allows the thieves to endorse checks to themselves.

Uni-ball pens contain specially formulated gel ink that is absorbed into the paper’s fibers and can never be washed out. The pen costs two bucks and is available at any office supply store.

Consider a locked mailbox so nobody can access your bank statements.

Using online banking and discontinuing paper statements.

Never toss old checks in the rubbish, always shred them.

Have checks delivered to the bank for pick up opposed to your home.

Guard your checks in your home or office, lock them up.

Go over your bank statements carefully.
Robert Siciliano personal security expert to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.

Woman Becomes Victim of Craigslist Scam

I have a love/hate relationship with Craigslist. I love the occasional deal I get (like the 25 hp outboard motor I just got) and I love how people use it to find stuff I’m selling or renting out (like an apartment). But I hate the way some people completely over price what they are selling, thinking that old boat motor is worth what a new one costs. Or worse, when scammers contact Craigslisters every time they post an ad trying to get them to ship something overseas and scam them out of their money.

Craigslist should be used with caution. People have been robbed, burglarized, scammed and in some cases their homes were invaded and some people have been killed.

I once listed a property for rent that was relisted for a 1/3rd of my asking price by scammers. People would pull into my driveway and knock on my door while the listing was active and after the listing I posted had expired too.

In Connecticut, a mother, father and son traveled a hundred miles to see a home for rent. The only trouble was, the homeowner wasn’t renting it out and she was still living in it. She was in fact trying to sell it. And when the real estate agent listed it for sale, she also syndicated the ad to multiple sites including Craigslist.

Just like my situation, she had to explain to the people who showed up they were scammed.

Here’s how the scam often works. The scammer copies and pastes the ad and poses as the homeowner who is conveniently away traveling on business in the UK. The scammer lists the ad for much less than is being asked to generate traffic. When people respond to the ad, the scammer tells them they can rent it out and all they have to do is forward him the first month’s rent via a money wire overseas. Some people will want to drive by to get a look without actually going in and that’s enough for them to send the money.

The way I thwarted this crime under my watch was to continually scan Craigslist for key words related to my ad to see if it was being posted by a scammer. When I discovered a fraudulent post, I emailed abuse@craigslist.com with the link. Craigslist was very responsive and took the posts down. I had to do this almost 20 times (the hate part) during the period I was renting out an apartment.

With Craigslist, be very careful who you contact and who contacts you. You never know who the person is or what their motivation may be.

Robert Siciliano personal security expert to Home Security Source discussing burglar proofing your home on Fox Boston. Disclosures.

Summertime Scams Are Coming

As the spring rolls through and the summer heats up, the bad guy is planning his next seasonal scams.  The U.S. Federal Trade Commission has on average over 15,000 complaints a year related to travel, vacation or timeshare scams. It’s important to have summer safety in mind when planning your next summer vacations.

OK, I’ll admit it. I got scammed in a timeshare deal, kind of. I got what I paid for, but many lies were told to get me to sign on the dotted line. Whenever someone offers you money or dinner or tickets to anything in exchange for your time to sit down and learn about a timeshare “opportunity”, know that a very hard sell by someone who does not take no for an answer is coming. The way we got scammed was we were told we’d have no problem renting it out, which was the defining reason I’d commit to buy. The reality is there are hundreds of thousands of timeshares for rent. Which means it’s cheaper to rent someone else’s timeshare than it is to buy one and people who rent them out often do so for less than their annual maintenance fees.

Most people are not equipped to say no to these professionals. So if you absolutely don’t want to buy a timeshare, don’t take the bait, don’t go to the sales presentation, and for heaven’s sake don’t do it if you are under the influence of alcohol!

Another devious summer scam relates to classified offerings for summertime rentals that don’t exist. There may very well be an actual cottage rental, but the scammer may not own it and he may be renting it to 30 people the same week. This is an easy scam to pull off and often involves up front deposits that the victim never gets back.

The best way to prevent getting scammed and ensure summer safety is by dealing with a local real estate agent who specializes in rentals or going through a referral of a friend who has a previous relationship with the owner.

As crazy as it sounds, you are better off paying via a credit card number opposed to a check. Once a check is cashed, that’s it; you don’t have many (or any) options of recouping those funds if fraud is detected. There are a few more protections available when using a credit card.

Robert Siciliano personal security expert to Home Security Source discussing scams on the Donnie Deutsch The Big Idea Show.