They say they want your opinion, but don’t be fooled!

(Another article from AARP)

The email – often from a well-known retailer like Walmart or Macy’s – may start out innocently enough:

You have been chosen to take part in our brief Customer Satisfaction Survey. If you decide to complete this survey, we will send $150 to your confirmed credit or debit card account just for your time. Helping us better understand how our customers feel, benefits everyone. With the information collected we can decide to direct a number of changes to improve and expand our services. The survey form is attached to this email. Please download the attachment, open it, and follow the instructions on your screen.
Wanting to help, you play along. The first few questions of the survey may ask basic information about which products and/or services you use or instruct you to evaluate the customer service. But then, the form takes a twist. It asks for personal information like credit card, bank account or Social Security numbers, which is later used against you by a scammer.

Take steps to protect yourself.

Know who you are dealing with. It’s easy to steal the look and feel (colors, logos and header) of an established retailer or organization. Scammers can also make links look like they lead to reputable websites and emails appear to come from a different sender. Tip: hover over the sender name to make sure the address is valid.
Legitimate businesses will never ask for your Social Security number, money, password, or bank account information on a customer survey.
When in doubt, do a quick web search. If the survey is a scam, you may find alerts or complaints from other consumers, and the organization’s real website may have further information.
Watch out for a reward that’s too good to be true. If the survey is real, you may be entered in a drawing to win a gift card or receive a small discount off your next purchase. Few businesses can afford to give away $150 for completing a few questions.
If you think you have been the victim of a customer service survey scam, file a complaint with the Federal Trade Commission at http://www.ftc.gov/complaint.

Sincerely,

Kristin Keckeisen
Fraud Watch Network

Tax Scammers Hit New Lows

Sent to me by AARP. I wanted to share, especially with my senior citizens.

 

April 15 is less than a month away, and scammers are continuing to target people for tax-related scams.

IRS Imposter Scams
The Associated Press recently reported that fake IRS agents have targeted more than 366,000 people with harassing phone calls demanding payments and threatening jail in the largest scam of its kind in the history of the agency.

How it works:

Bogus IRS agents call you, claim you owe taxes, and demand payment using a prepaid debit card or a wire transfer. And, they might even know the last four digits of the taxpayer’s Social Security number.
Those who refuse are threatened with arrest, deportation or loss of a business or driver’s license.
The callers may also manipulate caller ID to make it look like they are calling from an IRS phone number.
The IRS will make contact first by paper mail and they never demand payment by debit card, credit card, or wire transfer.

What to do:

If you get a phone call from someone saying he is with the IRS—hang up and contact the IRS immediately at 1-800-829-1040.

Inflated Refund Scams
With 60% of taxpayers using professional help in filing their taxes, people should be suspicious of anyone promising inflated refunds. “Every filing season, scam artists lure victims in by promising outlandish refunds,” said IRS Commissioner John Koskinen.

How it works:

The scammer tells his targets they will get a large refund saying they qualify for fictitious tax credits, rebates, or government benefits.
They may also file a return in the person’s name and not tell the person that a refund was made – the money goes straight into the scammers’ bank account.
These fraudsters may use flyers distributed door-to-door or in community gathering places, advertisements, phony store fronts and word of mouth through community groups and churches to lure their victims.
What to do:

Watch out for tax preparers who promise a big refund – maybe even before looking at your records.
Be careful of supposed tax preparers who charge fees based on a percentage of the return – this is not a standard practice and gives the preparer a strong incentive to falsify the return.
Make sure you get a copy of the return that was filed – and then track the return on the IRS website.
And of course, never sign a blank return – no matter what promises are made!
Identity Theft Refund Fraud
Taxpayers also need to watch out for identity theft, particularly around tax time.

How it works:

You file your taxes expecting a refund.
But, you find out that someone else, using your Social Security number and likely other personal identifying information, has filed a return in your name.
Your return is rejected as a “duplicate” because a refund has already been issued to the scammer.
Also know that scammers will often steal Social Security numbers and other personal information of people who may not be filing a tax return—like your children or grandchildren, folks who may not have income to report, or even the recently deceased. So please share this alert with family and friends and help them detect and correct fraud!

What to do:

If you think someone used your Social Security number for a tax refund contact the IRS as soon as possible. Specialists will work with you to get your tax return filed, get you any refund you are due, and protect your IRS account from thieves in the future. Go to irs.gov/identitytheft or call 800-908-4490. Also if you haven’t received your refund yet, visit irs.gov/refunds to check your status.

For more information, check out the IRS “Dirty Dozen Tax Scams”.
Sincerely,

Kristin Keckeisen
Fraud Watch Network

 

Scammers Calling…

An excellent article from AARP.
062014_MedAlertScam_v2a-300x300.png

Have you ever gotten a phone call like this?

  • A caller has a hot tip on a new investment that will yield lots of quick money, and insists you must immediately decide or the opportunity will be gone.
  • Someone calls with an urgent request for a disaster relief charity and asks you for your credit card number to make a donation, but you are not sure you’ve heard of the charity.
  • A tech support caller says virus activity has been detected on your computer, and then asks for access to your computer to fix it or to wire money as a fee to get it fixed.

These are all examples of telemarketing scams. Scammers prey on people by getting them excited about unexpected riches or worried they’re going to miss out on a great deal. Basically, their goal is to get you “under the ether,” an emotional state that can lead to poor decisions.

What can you do to protect yourself – or those you love – from unscrupulous and persuasive scammers?

What Are Telemarketing Scam Buzz Phrases?
It’s sometimes hard to tell the difference between reputable telemarketers and criminals who use the phone to rob people. You can protect yourself by learning how to recognize the danger signs of fraud. If you hear some of these buzz phrases on a phone call, hang up.

  • You’ve been specially selected (for this offer).
  • You’ll get a free bonus if you buy our product.
  • You’ve won big money in a foreign lottery.
  • This investment is low risk and provides a higher return than you can get anywhere else.
  • You have to make up your mind right away.
  • You don’t need to check our company with anyone.
  • You must send money, give a credit card or bank account number, or have a check picked up by courier.
  • You must act ‘now’ or the offer won’t be good.
Tips to Avoid Telemarketing Fraud
It’s very difficult to get your money back if you’ve been cheated over the telephone. Before you do anything by telephone, remember:

  • Don’t buy from an unfamiliar company; legitimate businesses are happy to give you information.
  • Always check out unfamiliar companies or charities with your local consumer protection agency, Better Business Bureau, attorney general, or charity watchdog groups.
  • Get the caller’s name, business name, telephone number, street address, mailing address, and business license number before you transact business, then verify these.
  • Don’t pay in advance for services.
  • Resist pressure to make a decision immediately.
  • Be sure to talk over big investments offered by telephone salespeople with a trusted friend, family member, or financial advisor.
  • Never respond to an offer you don’t understand thoroughly.
  • Keep your credit card, checking account, or Social Security numbers to yourself. Don’t tell them to callers you don’t know — even if they ask you to “confirm” this information. That’s a trick.
  • Don’t send cash by messenger, overnight mail, or money transfer.
  • Don’t agree to any offer for which you have to pay a “registration” or “shipping” fee to get a prize or a gift.

Who Was Alan Turing? And Why Did Queen Elizabeth Grant Him a Pardon?

By Russell Goldman
@GoldmanRussel
Dec 24, 2013 10:47am

(In light of the Duck Dynasty ignorance, I thought this appropriate to post.)

Alan Turing, the British mathematician who helped defeat the Nazis by cracking their secret codes and laid the groundwork for modern computer science, was posthumously pardoned by Queen Elizabeth on Monday for a 1952 conviction for being gay.

Here’s what you need to know about Turing.

Alan Turing

Born: June 23, 1912

Died: June 7, 1954, at age 41. Turning killed himself, likely by eating an apple poisoned with cyanide, following a criminal conviction for homosexuality.

Accomplishments: Turing is widely considered the father of computer science. His developments in cryptography were instrumental in cracking the Nazi’s Enigma code, a vital step in turning World War II in favor of the allies.

Turing predicted the rise of computers and essentially invented the idea of software. He was first to define artificial intelligence and design a test to determine whether computers could truly appear to be human.

Controversy: Despite his contributions to the war effort and to science, Turning was charged with “gross indecency” in 1954, under laws that at the time criminalized homosexuality. Rather than serve prison time, Turning agreed to a form of chemical castration, in which he was injected with female sex hormones. Later that year he killed himself.

Legacy: Every computer today, from cells phones to those aboard the International Space Station, owe their existence to the “Turing Machine,” the first modern computer to run interchangeable software.

As computers become smarter and seemingly more human, the “Turing Test,” an experiment in which human subjects must determine if they are interacting with another person or a computer, remains the standard by which artificial intelligence is measured.

Turing’s life has been commemorated in books, a monument, a play and an upcoming feature film.

“His action saved countless lives. He also left a remarkable national legacy through his substantial scientific achievements, often being referred to as the ‘father of modern computing,’” British Prime Minister David Cameron said in a statement.

Crime pays very well

Cryptolocker grosses up
to $30 million in ransom

No wonder street crime is down. If you want to make a dishonest living, cyber-crime is the place to be. According to a Dell SecureWorks report by Keith Jarvis, the creators of the notorious CryptoLocker ransomware virus may have made as much as $30 million in a mere 100 days.That’s a lot more than you’d earn stealing people’s iPhones –and you’re far less likely to get caught. (It’s also a lot more than you’d get doing honest work.) The $30 million estimate comes from a Geek.com article by Lee Mathews, and is based on the SecureWorks report’s numbers. The original report includes a speculation that at least 0.4% of CryptoLocker victims end up paying the ransom, “and very likely many times that.” The report also admits that “These figures represent a conservative estimate of the number of ransoms collected by the CryptoLocker gang.”CryptoLocker first appeared in the wild in early September. Like most ransomware, it attempts to scare people into sending money by closing off access to their data or threatening to do so. But unlike previous such programs, CryptoLocker makes good on its threats. Whereas previous ransomware viruses might trick you into paying their blood money by hiding your documents and other data files where any competent techy could find them, CryptoLocker really encrypts the files. And it does a good job of it. Jarvis’ report states that “CryptoLocker uses strong third-party certified cryptography offered by Microsoft’s CryptoAPI. By using a sound implementation and following best practices, the malware authors have created a robust program that is difficult to circumvent.”

In other words, if CryptoLocker infects your computer, and you don’t have a recent and reliable backup, your choices are between paying the $300 ransom and kissing your documents, spreadsheets, and photographs goodbye. Surprisingly, if you do pay the ransom, you get your files back.Keeping promises — not a behavior usually associated with thieves — suggests that whoever is behind CryptoLocker is treating it like a real business. When people balked at using credit cards to send money to criminals, these particular criminals started accepting Bitcoins. They’ve even responded to the insane Bitcoin deflation of recent months. When they first started accepting the virtual currency, they priced your files at 2 BTC. But as the price of a Bitcoin skyrocketed against real currencies, that price dropped three times, and as of Wednesday was down to 0.3 BTC.That’s an awfully polite gesture for extortionists.Of course, the rising cost of Bitcoins may have helped the criminals considerably. Jarvis estimates that they received nearly $380,000 in Bitcoins (it appears that most people still pay with credit cards). “If they elected to hold these ransoms, they would be worth nearly $980,000 as of this publication.”

I don’t want to make the people running this racket sound like gentlemen thieves. They’re crooks who steal your vital information, then make you buy back what is rightfully yours. They deserve jail time, not $30 million.

Hackers exploit critical IE bug; Microsoft promises patch

Sep 18, 2013 12:24 PM
Microsoft on Wednesday said that hackers are exploiting a critical, but unpatched, vulnerability in Internet Explorer 8 (IE8) and Internet Explorer 9 (IE9), and that its engineers are working on an update to plug the hole.

As it often does, the company downplayed the threat.

“There are only reports of a limited number of targeted attacks specifically directed at Internet Explorer 8 and 9, although the issue could potentially affect all supported versions,” Dustin Childs, a manager in the Trustworthy Computing group and its usual spokesman, said in a blog post Tuesday morning.

“We are actively working to develop a security update to address this issue,” Childs added.

According to Childs and the security advisory Microsoft also published Wednesday, the vulnerability affects all supported versions of IE, from the 12-year-old IE6 to the not-yet-officially-released IE11, the browser that will accompany Windows 8.1 when it ships Oct. 18.

“There is no escaping this one,” said Andrew Storms, director of DevOps at cloud security vendor CloudPassage, referring to the bug affecting all versions of Microsoft’s browser. “IE zero-days are never a good thing, especially when they affect every version,” Storms added.

Although Microsoft’s advisory did not put it in these terms, the vulnerability can be exploited using classic “drive-by” attack tactics. That means hackers need only lure victims running IE to malicious sites—or legitimate websites that have previously been compromised and loaded with attack code—to hijack their browser and plant malware on their Windows PCs.

Until Microsoft produces a patch, the company offered customers several options to protect themselves, including advice on configuring EMET 4.0 and running one of its “Fixit” automated tools to “shim” the DLL that contains the IE rendering engine.

EMET (Enhanced Mitigation Experience Toolkit) is a tool designed for advanced users, primarily enterprise IT professionals, that manually enables anti-exploit technologies such as ASLR (address space layout randomization) and DEP (data execution prevention) for specific applications.

But the Fixit route will be easiest for individual users: Microsoft’s posted a link to the Fixit tool on its support site, and customers need only click the icon marked “Enable.” Microsoft has used the shim approach before when faced with unexpected attacks against IE.

Based on past practice, Microsoft’s Fixit workaround probably uses the Application Compatibility Toolkit to modify the core library of IE—a DLL (dynamic link library) named “Mshtml.dll” that contains the browser’s rendering engine—in memory each time IE runs. The shim does not quash the bug, but instead makes the browser immune to the attacks Microsoft’s seen in the wild thus far.

Users can also temporarily ditch IE for an alternate browser, such as Google’s Chrome or Mozilla’s Firefox, to stay safe until Microsoft comes up with a permanent fix.

Microsoft today declined say when it plans to patch the IE vulnerability. But because the next regularly-scheduled Patch Tuesday is three weeks away, it’s possible the Redmond, Wash. company’s security team will deliver a so-called “out-of-band” update before Oct. 9.

Out-of-band updates from Microsoft are rare: The last one it shipped was MS13-008, an the emergency patch issued Jan. 14 that plugged a hole in IE6, IE7 and IE8 that had been exploited since early December 2012.

Facebook Scam Alert – What Really Happens When You “Like”

You’ve seen pictures posted on Facebook “type ‘move’ into the comments and watch what happens” or “If I get a million likes my dad will get me a car.”  They seem innocent enough, but they are big business, and you are not doing yourself any favors if you like or comment.

The classic example is a colorful picture of a prism with the image from the cover of Pink Floyd’s Dark Side of the Moon album in it. It’s accompanied by the caption:

 “OMG it really works ♥

Step 1: Click on the Picture.

Step 2: Hit Like.Step

3: Comment “MOVE” Then see the Magic!!”

You see in your news feed that your friends have liked and commented on the image, so clearly something amazing must happen when you interact as directed.  So you click, you comment, and… nothing happens.

Or at least you think nothing happens.  But your activity has now spread this image and the page into the news feed of all your friends.

Like Farming

It’s called Like Farming. Here’s how it works. Someone creates a page and starts posting photos inspirational quotes or other innocent content. You like the page and it now shows up regularly in your news feed. Anytime you interact with a post, that activity shows up in your friends’ news feeds. The more likes the page gets, the more it shows up. The more comments each picture gets, the more power the page gets in the Facebook news feed algorithm. And that makes it more and more visible.

The social engineering of these sites is impressive, stimulating pictures like the Pink Floyd image described above or moving stories of ’causes’ that need your likes for support. The most famous of these revolved around a girl called “Mallory”

“This is my sister Mallory. She has Down syndrome (sic)and doesn’t think she’s beautiful. Please like this photo so I can show her later that she truly is beautiful.” But there is no Mallory. The picture is of a girl named Katie whose mother is horrified that her daughter’s image is being used for the scam.

Scammers Are Making Money Off Your Likes

So why would the owners of these fan pages go to such lengths to scam us into liking? Because there’s money to be made from them.

When the page gets enough fans (a hundred thousand or more)the owner might start placing ads on the page. Those ads show up in your news feed. They could be links to an app, a game, or a service they want you to buy. It could be a “recommendation” for a product on Amazon where the page owner gets a commission for every purchase made through the link. Or more nefariously, the page owner could be paid to spread malware by linking out to sites that install viruses on your computer for the purposes of identity theft. Bottom line: access to your news feed is lucrative.

Fan Pages For Sale

Just as a magazine that sells ads, these pages are a business, and they can be bought and sold just like any other business. Online message board, Warriorforum.com listed multiple sites for sale. A site about cuddling has over a million fans and was listed for sale on Warrior Forum for $7000. Many of these postings on Warrior Forum come and go for fear that Facebook will find out about them and take the sites down. For example, I found a page for sale for $8500 but the Warrior Forum listing has since been removed. Anotherpage has 1.8 million likes and posts a note right on Facebook stating it’s for sale –  no price listed –  just a warning against “low offers.”

A spokesperson for Facebook says selling pages is specifically against the terms of service, and any page that is sold or engages in fraudulent behavior can be removed. But clearly this is a cat and mouse game, with Like Farms popping up on a regular basis.

How To Unlike

If you’ve liked something and now regret it, you can unlike it. Go to your profile, choose “more” button and choose “likes” from the drop down menu – then “Unlike.”

If you have friends who are over-liking on scammy posts, share this on your Facebook Page so they’ll get the message.