Tag Archives: scam

ALERT! Phony Calls From VISA Card Services ALERT!

visa-full-colour-reverseCurrently there is a clever fraud scheme that is striking VISA card holders in the midwest. Card holders are receiving calls from criminals claiming to be VISA Security and Fraud Department. The scam works like this .

1) Person calling says – “This is (name) and I’m calling from the Security and Fraud Department at VISA. My Badge number is (xxxxx), your card has been flagged for an unusual purchase pattern, and I’m calling to verify. This would be on your VISA card which was issued by (name of bank).”

2)  They ask; “Did you purchase an Anti-Telemarketing Device for $497.99 from a marketing company based in Arizona?” When you say “No”, the caller continues with, “Then we will be issuing a credit to your account. This is a company we have been watching, and the charges range from $297 to $497, just under the $500 purchase pattern that flags most cards.” Before your next statement, the credit will be sent to (gives you your address). Is that correct?’ You say “yes”.

3) The caller continues – “I will be starting a Fraud Investigation. If you have any questions, you should call the 1- 800 number listed on the back of your card (1-800-VISA) and ask for Security. You will need to refer to this Control Number.” The caller then gives you a 6 digit number. “Do you need me to read it again?”

4)  Here’s the IMPORTANT part on how the scam works – The caller then says, “I need to verify you are in possession of your card.” He’ll ask you to “turn your card over and look for some numbers.” There are 7 numbers; the first 4 are part of your card number, the last 3 are the Security Numbers that verify you are the possessor of the card. These are the numbers you sometimes use to make Internet purchases to prove you have the card. The caller will ask you to read the last 3 numbers to him. After you tell the caller the 3 numbers, he’ll say, “That is correct, I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions?”
After you say no, the caller then thanks you and states, “Don’t hesitate to call back if you do”, and hangs up. You actually say very little, and they never ask for or tell you the card number.

The scammer is after the 3-digit PIN number on the back of the card. For online purchases they need this number to verify they have the card in their possession. If you are a VISA card holder you should understand that VISA has all this information. Consumers need to know that VISA will not call or e-mail cardholders to request their personal account information. Report suspicious calls or emails by calling the number on the back of your payment card or by contacting the FTC’s Complaint Assistant. Cardholders should also know that Visa’s zero liability fraud policy ensures that they are not held responsible for any unauthorized purchases.

If you get a call like this and you suspect something is amiss hang up and call the company back. Never give your credit card information to anyone you are not certain of.

Finally; how did the scammer know your name, address, bank and credit card number? Scammers do their homework on targeted victims or buy stolen or hacked information on black market websites. That information often comes from data breaches.

To learn more about protecting yourself visit the VISA website and test your security IQ. Or call the Visa Global Customer Assistance Center at (800) 847-2911

Fake Websites and Phony Trust

www.keepcalm-o-matic.co.uk

If you follow the African-American Cyber Report you know there are certain rules that we preach constantly. You can find these rules on the homepage. But I need to point out two of those rules that come into play here. Rule #1 “The only rules on the Internet are the ones you impose and enforce.” And rule #10, “Everything on the Internet is real; just not always true.”

I encourage black people not to trust anything you see on the Internet simply because its all suspect until you verify it. That is the case with all those seals of approval you find on the Internet websites. They could be worthless because the are so easily copied and used by scammers and malicious actors online. Those badges or seals are known as “trust seals” but really they are just images, pixels, on your screens. Anyone could copy and paste these images on any webpage. Yeah it might look fancy and official but that means nothing. Check rule #10 again. Whenever you are about to buy something online or download some app or software you need to first verify that you are indeed dealing with a reputable party. You need to do your homework.

African-Americans are warned to impose their own standards on everything they do online and protect yourself from the bad actors you are bound to come across on the wild world web. Check rule #1.

You might be ready to buy software or a game or movie online or download an app and see this;  “CNET gave our software a 5-star editor’s choice rating,” or “We are a BBB accredited business with an A+ rating.” Suspicion of these statements would serve you well.

Any malware author or phisher could copy and paste a logo, seal or statement on a  malicious website in a few seconds. Someone that copies those seals or statement to mislead people would be violating copyright law but how many people are going to lose money before that person is caught and shut down?

 

And if you did not know there are literally thousands of phony, duplicate or replica websites on the Internet. You can easily get caught up in a scam or get stuck with malware, ramsomware or a virus if you are not careful. Do you home work and study how to spot phony websites.

When you see those seals or badges on a website you should be able to click on it and be taken directly to the website that provided the seal of approval. Once there the seal-provider’s website will verify whether the original website you were on is actually a recipient of the seal.

Ok, that’s how it is supposed to work. But does it really? In reality even if the site is legitimate clicking on that badge may not work. This where you have to do your homework. Take the time to go to the seal providers website and investigate to see if the software is really a “PCWorld editor’s choice” or accredited by the Better Business Bureau. Listen to me when I tell you that those seals, badges and quotes don’t mean a damn thing by themselves. You need to protect yourself. No one is going to do it for you.  Check rule #1 yet again!

In some cases doing the research may not be a easy task. Microsoft doesn’t offer an easy-to-find “certified partners” list but we found it here in case you need it. However, some seals you can click,  but again, you could be transferred to a phony replica website.  Investigate the web address closely look for misspellings that could look like the web address but is not.  This trick is called typosquatting or URL hijacking. Here is an example; www.google.com is the real website. the fake could look like this www.gooooogle.com or www.goggle.com. Look carefully at the differences.

Another problem you need to be aware of is that those seals and logos don’t always mean what you think they mean.  For example, that “Norton Secured” seal only means that the website is scanned daily for malware and other vulnerabilities. That is not considered the ultimate level of security or privacy. The BBB Accredited badge means the website’s company is registered with the Better Business Bureau. It is not an indication of the level of satisfaction of its customers. That 5-star rating from a software download site just means a reviewer at some point in the past gave that program a good rating, or the scammer gave themselves five stars. And that “Microsoft Certified Partner” badge has its own issues. It doesn’t seem to mean much at all except maybe the software works with Windows computers.

 “Be paranoid when you are online. It’s a great defense mechanism.” 

I understand all this can be confusing and even frustrating. You need to use that fear and frustration as fuel to protect yourself. But there are a few things you can trust when online. Look for the green bar on your URL window. That’s the window where you type the web address of the website you want to go to. When you see that green name next to your address bar that is a definite confirmation that the website has had its identity verified. Read more about these “Extended Validation” certificates and how they’re more trustworthy than typical SSL certificates.

The above image reveals the real PayPal website and a phony site. Notice the green in the address bar.

Lets be real about this. You will find legitimate websites displaying a fake seal. And eventually they will get caught and be forced to remove it. But how legitimate is a website that fakes its trustworthiness? What you should worry about are the pop up sites that are here today and gone today. These are the site that distribute malware, launch phishing scams and steal data. Its those websites that get the most benefit from stealing these seals. They are breaking the law anyway so faking a seal-provider’s logo or seal is really no big deal for them. Be most cautious when it come to financial websites like your bank. A fake website like www.wellsfago.com is waiting for you to log on thinking its www.wellsfargo.com.

Its the Internet; trust no one.

Now you know

 

 

 

Ebola Scams Hits Email In Boxes

Has Ebola hit your email inbox?  The latest Internet scams, malware and viruses come in the form of email related to the Ebola virus. These emails come from various sources claiming to be agencies of the federal government, health insurance companies, charities, and news services.  All claim to have vital information about the outbreak. Some claim to provide information about either avoiding the Ebola virus, what to do if you think you have it and how to buy insurance against a possible infection. Some emails claim that your medical insurance will not cover you if you get infected. But you can buy Ebola insurance. Many of the emails contain links or attachments that may download malware or viruses into a users computer. Some of the malware has locked up computers and demanded payment to release the computer back to the owner. Others install malware that copies user names and passwords.

Another email is being sent to people who have recently traveled stating that they may have been infected and they need to click on a link or complete a form to report their name, address and other sensitive information to health authorities. This is a classic phishing tactic.

People are sharing Ebola news via email so look out for email with links or attachments that come from friends. Many viruses and malware programs are designed to email themselves to all the names in the email contacts list. If your friend sends you an unexpected email with a link or attachment don’t open it. Call them and ask if they did indeed send it and what is it? 

The US-CERT (United States Computer Emergency Readiness Team) has issued warnings regarding Ebola scams. The organization has warned Internet users to be alert for fraudulent emails of this kind to avoid malicious cyber campaigns.

Internet users are warned to be careful if they receive these types of email messages, If you do receive an Ebola email keep yourself safe by taking the following steps:

Simple common sense will spot many of these scams. Many cyber criminals are not native English speakers.  So they give themselves away with poor writing and English with various typos, grammar mistakes, an odd sender’s email address or a link to a suspicious domain. These are among the most common signs of a scam.

“Ebola scams will continue to push strong emotional triggers, so we advise users to double check online warnings, news updates and videos. Getting news straight from reputable sources and media agencies is always the right thing to do,” said Bitdefender Chief Security Strategist Catalin Cosoi.

Another Ebola scam will tug at the heart of many victims. Fake charities are starting to pop up for Ebola victims and soliciting online donations. Some people have reported receiving calls from charities asking for donations. Before you give a dime to anybody verify the legitimacy of the charity or just donate to the good old Red Cross

Breaking It Down

Lets admit that some people have no qualms about doing whatever they have to do to rip you off. People are suffering and dying with this horrible disease but somebody is thinking about making money off it. Don’t play into that. Use caution when dealing with any email about the Ebola virus. Same for anyone calling asking for donations. As a matter of fact, treat both as if they do indeed have the virus. Keep your anti-virus software up to date. Make sure your friends and family are aware of the scams that are out there.  If you believe that you may have been exposed then stay at home and call 911 for help. And don’t buy Ebola insurance. C’mon; Ebola insurance? Really?

For more information about Ebola scams please see;

Better Business Bureau Warns of Ebola Scams

Scammers are Cashing in on Your Ebola Fears

FDA Warns of Ebola Scams

Ebola Scams Hit the Web

 

Scammmers Using Caller ID Spoofing

Telecom trade association group USTelecom is warning consumers about the explosion of caller ID spoofing.

According to the organization the tactic being used works like this; sales people and scammers use technology that makes calls appear to be coming from the recipient’s own number. The victim usually answers the phone out of curiosity. The objective of the scammers is to gather personal information from the victim, phishing.

 “We’re hearing a growing number of reports from our members that customers are receiving these intrusive calls utilizing this deceptive method,” explained Kevin Rupy, vice president of law and policy at USTelecom. “Carriers are deeply concerned about this problem and are educating call centers to help customers who experience these calls.”

USTelecom is advising customers to check with their carrier to see what services they provide to block these calls. Some phone companies can enable customers to block certain calls and other companies can provide tools  that allow the consumer to send unwanted calls directly to voice mail.

Pindrop Security specializes in phone fraud protection solutions. The company recently  confirmed the increasing volume of attacks on consumers and businesses.

Co-founder and CEO of Pindrop Security Vijay Balasubramaniyan stated that over half of the caller ID spoofing attacks aimed at US businesses are from outside the country.

ID spoofing attacks are a serious and growing problem. According to Balasubramaniyan cyber criminals can use a wide range of legal tools that work on smart phones and computers. Some even use voice distortion technology.  But he also points out that there is no technology to prevent spoofing. The best way to deal with these calls is to detect them by using technology such as the one provided by Pindrop Security, Balasubramaniyan said.

The Better Business Bureau has three tip for avoiding phone scammers.

1) Consumers are advised not to call back individuals who leave suspicious voice messages because they might be con artists who are after some information they can use.

“Another reason to not return phone calls is that this can expose you to long distance charges. A scam known as ‘One Ring’, is designed to lure callers into calling back at which point they are charged for the call at very high rates,” Balasubramaniyan said.

2) Caller IDs should not be trusted because scammers possess the technology to spoof any number, including the ones of family and friends, which they can obtain through social engineering tactics They can also spoof trusted numbers such as the victim’s bank.

3) Consumers are advised not to hand out any sensitive information over the phone, unless they’re the ones initiating the call and they’re certain that the person they call is trustworthy.

“Don’t give out ANY information to a non-trusted caller. If someone calls you and then says they need to verify who you are, don’t respond. Even email and websites can be suspect,” Balasubramaniyan said.

Breaking it Down

I have a simple suggestion for black people; Don’t trust your phone! Caller ID is a common feature on both home phones and smartphones.What caller ID spoofing does is trick you into answering the phone. Cyber criminals are faking the the number that you see on the caller ID screen.  The ugly part of this is that these scammers can use anybody’s phone number to mask their call. So it may or not be your mother calling. And that is why these calls are such a pain.

I say this all the time and I’ll say it again; black people don’t  play when it comes to money! If the number is from your bank then simply tell them YOU will call THEM right back. Use the number you know and not the one they give you.

If you don’t recognize the number then don’t answer the phone. If it is important then they will leave a massage or call back. If you recognize the number and its not who they say it is then hang up and call your service provider and report it.

Finally  don’t answer any questions from a person you don’t know. Don’t give them any information about yourself or anybody else.  One of the really sneaky moves these scammers make is the phony reference call. The caller will ask you for a professional reference for a friend or co-worker. That is how they get you to talk. Its called social engineering. They ask questions about their job performance and work habits and eventually get around to asking questions about their family, children, property and sometimes even more personal questions. You think you’re doing the person a favor but you’re really discussing their life with a cyber criminal. If you get a reference call get the persons name and contact information including the job they are inquiring about and hang up. Call your friend or co-worker and ask if they actually applied for the job and used you as a reference? If not then you know it was a scam attempt.

Now you know.

 

ALERT! EZ Pass Phishing Scam ALERT!

ezpass-scam

Fake EZ Pass phishing email

Over the last couple of days people have reported receiving email from the EZ Pass toll system.  EZ Pass is a highway toll road provider that operates in the North Eastern United States.  This includes such major metropolitan areas as New York, Boston, Newark and Trenton, New Jersey, Philadelphia and Washington, DC. Other states affected include Maryland, Virginia, and Delaware.The emails are extremely good copies using all the company’s colors and fonts.  The emails are nothing more than phishing attempts. Copying emails is a favorite tactic of scammers and you should be on the look out of more of these.

Users of EZ Pass and other toll services know that toll road agencies can impose stiff fines for violators who use  roads and bridges without paying. As a result  people may fall into the scammers trap and click on the link just to make sure.

That is where the trouble begins. The link directs the victims to www . ruckon . pl. The spaces make sure you don’t accidentally click on the link. Once the victims click on the link the site returns a ZIP with an .EXE or directly loads an .EXE.  .EXE means that you have an executable file on your hands and it most likely contains malware.

“Please be advised this is not an authorized communication from E-ZPass, the New York State Thruway Authority or any other toll agency associated with E-ZPass,” said a statement from the Thruway Authority. “We advise you not to open or respond to such a message should you receive one.”

Authorities are warning customers that the E-ZPass Service Center does not send out email invoices for payment. If you owe money on your  E-ZPass the E-ZPass service center will send an invoice through the US Postal Service for payment.

 

Amazingly Sneaky Phishing Scam Hits Netflix Customers

One of the sneakiest phishing scams ever has been hitting Netflix customers. The scam allows the criminal to rummage around inside your computer and steal files while you are on the phone with them. Its amazing and elaborate but customers have been hit. If you are a Netflix customer you need to check this out.

 

Google Shuts Down Virus Shield Scam

Google Shuts Down Virus Shield Scam

A top selling app on Google Play Store has been revealed to be a scam. Virus Shield was rated as the No.1 paid app before it was removed. The app was supposed to protect Android phones from viruses but it did absolutely nothing. Android Police reported that the app is supposed to tell you if your phone is secure by displaying a shield icon with the letter “X” indicating the device has been infected or a checkmark indicating the device is safe. When first installing the app, it displays the “X” mark on the icon then quickly changes to the checkmark once you tap it indicating that your device is safe. In reality the app does nothing. More than 10,000 people who downloaded this app were charged $3.99 each for nothing. The app also received an average rating of 4.7 stars on Google Play Store meaning it came highly recommended from others. Google removed the app but remains silent as to whether refunds are forthcoming.

The app appears to be an orphan since there is no developer listed on Google Play Store. However the email address has been linked to an account banned from forums for attempting to scam people. Critics of Play Store point out the security flaws saying Android’s customizable nature and operating system and Google’s open app store make this kind of scam to possible.

Breaking It Down

The problem here is that Google is sloppy with their app store. The fact that a scam app like Virus Shield was discovered indicates  there is certain laziness that will certainly undermine the reputation of Google Play Store and Android. I can see a class action lawsuit coming from this.  Don’t laugh. There are a few people in the legal department at Google who can’t sleep tonight. As a consumer I am asking myself; what else in that app store maybe a scam or worse a dangerous piece of malware? There are a lot black people out there with Android phones and devices. If you’re one of them it may be time to check out what you use to protect your phone or tablet. Do your homework and don’t rely completely on what is popular. I recommend Lookout. But back to Google; this company needs to change its practice of allowing any app into it’s store. Apple is fortress like when it come to its apps and although Google may not want to go that far they need to step up their security. Finding phony or dangerous apps after they are popular and have stolen customer’s money is not a good business practice. Google should never have allowed this app on its site without at least investigating its creator. This, again, is sloppy and dangerous. One day this minor embarrassment could turn into a monstrous, stock killing catastrophe. Google you’ve been warned!