Category: FraudAlert

Last weekend the FBI issued an urgent bulletin for anyone with a home or small office internet router to immediately turn it off and then turn it on again as a way to temporarily thwart the spread of foreign malware linked to Russia.

 

Over 500,000 routers have already been infected.

 

There are two steps to fully protect your router but the second step is too technical for the average HM resident without simplifying those instructions which I will try to do.

 

However, the first step is very easy to do. Simply unplug your router and plug it back in after one minute. Then press the WPS button on top of the router. Then the lights will begin to blink (hopefully green) and you will have your FIOS service back.

 

The ROUTER is the piece of Verizon equipment where the cable enters your house and is about a foot with blinking green lights.

 

You can stop reading here unless you want a little more information about the danger and what the government is doing about it.

The spyware known, as VPNFilter, has been quietly spreading since at least 2016, according to researchers.

 

Once a router is infected, the hackers would potentially be able to use the device as a jumping-off point to launch further attacks. The cybercriminals could also collect personal information, block network traffic — or just turn your router into an expensive brick.

 

The following is STEP2:

 

“If you have an older router, the odds are greater it may have shipped with a standard password which is the same across all types of the device. Change the router password, make sure the firmware is update and in some cases, even replace the router

 

STEP 1 will minimize some of the risk, because some portion of the attack may be deleted after rebooting

This a necessary step, experts said, but they warned that it is not a foolproof fix.

 

“If this is addressed broadly, it will cause the malware campaign to lose a lot of its access and reduce the broader risk on a macro level,” said a CEO of a cyber security company.

A LIST OF SCAMS NEW AND OLD COURTESY OF CARL FLETCHER.

The descriptions are too long to post here so below are a list of the OLD and NEW ones. For more information on any of these copy and paste the following URL into your browser:

https://www.experian.com/blogs/ask-experian/the-ultimate-list-of-the-years-worst-scams/?ty=na&pc=crm_exp_0&cc=emm_c_m_pro_9971180515_mktfttLeads_20180515_x_101

OLD

IRS Collection
Veteran’s Charities
Tech Support
Romance
Home Improvement

NEW

AIR BnB
Record You Saying YES
Fake Car Sales
Cryptocurrency
Death Threat
Downloading Fake Bank Apps
Failure to Report for Jury Duty
Getting You to Give Them Your New Medicare Number
NETFLIX Payment Failure
Getting Your Cellphone # for Two Factor Identification (Porting)
Secretary of State Money Owed to You
Stealing Your CHIP Credit Card Info at Checkout (Shimmer)

 

Spring is here, the grass is riz. I wonder where the flowers is?

Full apologies to Ms. Ginny Newlan for this awful poem.

 

Spring, unlike winter, does not have any season specific scams that are especially crafted to take advantage of your seasonal generosity. Instead we just have the latest scams from the fertile minds of these evil doers.

 

Therefore, in this issue we’ll just be covering the following items:

• Gas Pump Scams
• How to Recover Money Lost on Western Union Scams
• Signs That Your Identity Has Been Stolen
• Tips for Creating a Strong Password
• Be Aware of the Key Cloning Scam

 

 

GAS PUMP SCAMS

 

Along with skimmers, microcameras etc., there’s another couple gasoline pumping frauds being perpetrated. The first is when the price per gallon actually charged is different than the pricing shown on the pump. The second is when the volume charged is more than the volume delivered.

 

Fake Per Gallon Price

 

Along with skimmers, microcameras etc., there’s another couple gasoline pumping frauds being perpetrated, incorrect $/ gallon setting on pump, or incorrect volume pumped setting.

 

Price Scam

 

A SHELL station in Mesa, Arizona) had the price 12 cents per gallon HIGHER than the advertised price on the pump and the sign out front. That particular SHELL station was being operated by 2 men from India.

 

They get away with this because the State seldom physically inspects the pumps as it is very labor intensive, so it often goes overlooked for months or years   At any rate you can call the official number on the gas pump. In some case, they even have counterfeit official stickers to put on the pumps when they re-calibrate. which is why you should call. But by all means if you are overcharged take your receipt inside and demand a refund. You will get it.

 

When a Gallon is  Not a Gallon

 

This one may be too much trouble to actually check but if you want to here’s how:

 

Always check the first gallon before pumping more – simply to MATCH the PRICE (advertised) against the ONE gallon pumped into my car. (but can’t check that I actually got 1 gallon, not less) without bringing along a one gallon gas can that you would pour directly into your tank.

 

 

.

 

East Goshen Township Help Recovering Money Lost by Western Union Scam

 

For years, many people who lost money to scams sent their payment through a Western Union wire transfer. Scammers contacted people and promised prizes, loans, jobs, discounted products or other financial rewards in exchange for money upfront. They also pretended to be family members in need of cash or law enforcement officers demanding payment. The scammers told people to send money through Western Union. No one received the cash, prizes or services they were promised

Western Union admitted to aiding and abetting wire fraud and has agreed to pay $586 million. Westtown-East Goshen Regional Police Department contacted residents who have been victims of this type of scam. Hopefully you were contacted because the deadline to file has passed but kudos for the officers’ efforts.

 

Make Your Passwords More Secure by Answering These Five Questions

 

There are new techniques that are coming to protect your identity such as Facial recognition software, fingerprint authentication, but the most widespread method continues to be the traditional, keyboard-entered, alpha-numeric password. So here are the ways to be more secure.

1. Am I including identifiable information?

Your personal info is available on-line via Facebook, Pinterest, etc. Therefore, even though it makes it easier to remember your password, don’t use birthday, dog’s name, high school etc as your password.

2. Don’t Use the Same Password on Multiple Sites

 

3. Is it complex enough?

Many sites now have requirements, like using a certain combination of numbers, letters and symbols. This is good advice even for sites that don’t require it.

4. Is 2-factor authentication available? If so, have I enabled it?

This is a simple technique to greatly insure your on-line safety. I would use it for financial or other sensitive sites. It’s very simple. I use it for Vanguard and my bank. You simply give the bank your number and when you log on they will send a code to your cellphone that you must enter to continue. This would stop someone who has your ID and password. If you only have a landline they will call you with the code.

5. How frequently should I change it?

You should change it at regular intervals, but this is a royal pain. I suggest you do this for any critical sites and leave the rest alone.

Finally, I personally use a system to create passwords that allows me to recreate a password if I can’t remember it. These passwords don’t meet all of the 5 criteria, but I use them for unimportant sites.

 

Mystery Device Could Let Thieves Get In Your Car in Seconds

The device is a receiver / transmitter combination that picks up the signal that your fob is sending and in effect, becomes the key to your car. This device work very sneakily and very fast. It then takes only seconds using it to open your car and start it.

How does it work? The thief trails behind you with the device in hand. Within seconds, the device cloned the signal of your car’s key fob.

Experts so far were able to use the same device to break into and even start 17 different makes and models of cars.

The Alliance of Automobile Manufacturers, an auto industry association, told NBC News that “protecting vehicle access and security continue to be top priorities” and that “automakers have been working on multiple fronts” to address security and enhance it.

 

Clues That Your Identity Has Been Stolen

Sometimes a credit card or credit bureau will notify you that your information has been stolen but no personally identifiable information was taken. This is absolute BS. If it took them weeks or months to spot the hack how the hell do they know what was stolen.

To protect yourself better, look for the following signs:

 

• Missing Mail – especially bank or credit card statements
• Purchases You Didn’t Make
• New Accounts you Didn’t Open
• Companies Refuse Your Checks
• Trips You Didn’t Take
• Strange Hospital Bills
• Changes to Your Credit Score (check at least monthly)
• Insurance Rejection for Pre-Existing Conditions You Don’t Have
• Rejected Insurance Claims
• Too Many Tax Forms
• Income You Can’t Account For
• Bill Collectors
• New Social Media Accounts
• Data Breach Notifications for Accounts You Don’t Have

 

 

 

 

 

 

The information below is boilerplate for each newsletter for new readers

 

This leads me to couple of points that readers have asked and I think everyone should know. First, you don’t have to give up your subscription if you move elsewhere. So long as I have a current E-Mail address your subscription will continue. Second, I have been asked to allow other communities to distribute this newsletter. I have absolutely no problem with that. Third, although most of you are already aware of this, a quarterly news is letter is too slow to protect you so for those who use the internet I put alerts out on the Hershysmill web site as I become aware of them. The web address is http://hersheysmill.org/.

 

 

 

Don’t pay any ransom.

GandCrab is the latest family of ransomware that started to claim victims late January, demanding exorbitant prices (ranging from $400 to $700,000) in exchange for the decryptor.

I use a security product called BITDEFENDER s I am protected against it

I cannot recommend this product because it depends on your view of security products but I do find it easy to use.

Regardless, now you can get rid of the GandCrab for free, and, of course, without paying the ransom attackers request.

BITDEFENDER has teamed up with Europol, the local police, and the Directorate for Investigating Organized Crime and Terrorism and just released a free GandCrab decryption utility. The free tool works for all known versions of GandCrab.

Go to the website labs.bitdefender.com and click on the ransomware decryption tools section to download a free version.

Again, you’ll be trusting the website. I do, but I can’t make any guarantees

On 4/1/18 Medicare will start a year long project to replace all current Medicare cards for beneficiaries to convert to alphanumeric ID numbers which by the way was supposed to be done when Medicare was first rolled out. 

However, as we hopefully all know scammers are opportunistic. There is no better opportunity for them than any government changes such as IRS rules or new Medicare cards. 

To help protect yourself remember this overall government rule: Agencies needing to contact you will use US mail, not E-Mail or phone. 

Scam 1 – Cash 

You will receive a call from someone at Medicare who will tell you your new card is on the way but you will need a temp card in the meantime for a charge of $5 to $50.

Of course Medicare doesn’t work this way and your old card will still be good. After all, this a change to protect you not a revenue generator.

Scam 2 – ID Theft 

In all likelihood these will be done together. They will say they need all your personal information to process your request. Things like a credit card with your security code, date of birth, address and even social security number. Of course, if they were really from Medicare they would have everything except your credit card number 

What to Do? 

If you only got dinged for some cash consider yourself lucky and be more cautious in the future. 

If you more likely got hit for ID theft call the bank whose credit card you gave away and ask for help with identity theft.

Special thanks to our neighbor Mary Ann Kushner for this tip.

 

 

GAS PUMP SCAM

 

Along with skimmers, microcameras etc., there’s another couple gasoline pumping frauds being perpetrated, incorrect $/ gallon setting on pump, or incorrect volume pumped setting. 

 

Always check the first gallon before pumping more – simply to MATCH the PRICE (advertised) against the ONE gallon pumped into my car. (but can’t check that I actually got 1 gallon, not less) without bringing along a one gallon gas can that you would pour directly into your tank.

 

A SHELL station in Mesa, Arizona) had the price 12 cents per gallon HIGHER than the advertised price on the pump and the sign out front. That particular SHELL station was being operated by 2 men from India.

At any rate you can call the official number on the gas pump. In some case, they even have counterfeit official stickers to put on the pumps when they re-calibrate. The State seldom physically inspects the pumps as it is very labor intensive, so it often goes overlooked for months or years which is why you should call.

But by all means if you are overcharged take your receipt inside and demand a refund. You will get it.

 

 

AVOID THESE SCAMS THIS HOLIDAY

Package Theft.

You can avoid this by making your delivery require a signature or have them delivered to a carrier pickup point such as Amazon’s Locker.

Fake Shopping Sites

Using these will at best send you shoddy goods for high prices and identity theft at worst.  You can avoid this by carefully checking the website for a name brand that’s one letter off or has come-ons as part of the name such as DEALS, DISCOUNTS, or SALES. Also avoid if discounts are too step or the site only lists a PO Box or an E-Mail address not a phone number or postal address. Google the company name or YELP.COM

 

Fake E-mails or Phone Calls

The fake E-Mail will say there was a problem with delivering your gift so click on the link to arrange delivery. DON’T. You’ll get malware.

The fake phone calls ask you to return their call to area codes with very high per minute charges.

Fake Freebies

All sorts of mischief here from credit card theft to malware to ID theft. Check the manufacturer’s web site. If the offer is not there RUN.

Gift Card Rip-offs

Avoid buying cards from gift card racks. Buy from the store issuing it or their websites. Thieves can open gift cards, steal info and cash them when you activate them.

Fake E-Cards

Can contain malware or annoying pop up ads. If you don’t know the sender or the card company or see spelling errors DELETE.

Fake Holiday Job Adds

They will gather enough information to steal your identity.

To avoid this, verify the company is real contact them to see if they are really hiring.

 

For years, many people who lost money to scams sent their payment through a Western Union wire transfer. Scammers contacted people and promised prizes, loans, jobs, discounted products or other financial rewards in exchange for money upfront. They also pretended to be family members in need of cash or law enforcement officers demanding payment. The scammers told people to send money through Western Union. No one received the cash, prizes or services they were promised.   Because of joint investigations by the FTC, the Department of Justice (DOJ), and the U. S. Postal Inspection Service, Western Union admitted to aiding and abetting wire fraud and has agreed to pay $586 million. The Department of Justice is now using that money to provide refunds to people who were tricked into using Western Union to pay scammers. Deadline to file a claim is February 12, 2018.   In the immediate future, the Westtown-East Goshen Regional Police Department will be attempting to contact its residents who have been victims of this type of scam to advise them that they may be eligible to file a claim.   To learn more or to submit a claim, victims are encouraged to visit the following link: https://www.ftc.gov/enforcement/cases-proceedings/refunds/western-union-settlement-faqs.

Oh, the weather outside is frightful, but not really. It is mid-November and the temperature is 52 degrees. So even though it’s a bit warm, it’s time to turn our attention to winter scams to prevent you from getting burned.

Winter is an especially active time for scammers as we have Thanksgiving and Christmas charity scams as well Christmas gift ones.

But it’s not just holiday scams. There is lots of confusion surrounding health insurance and scammers love confusion so with the new 12/15 deadline they’ve gotten very busy. Finally we also have non-seasonal scams which continue year round.

So on that cheery note, let’s begin.

Why Do Scammers Target People Over 50?

• They have more money usually retirement accounts and home equity
• They grew up in a more trusting time
• They often have specific health needs that can be exploited
• They are too embarrassed to report the crime
• They are more willing to contribute to seemingly good causes

Here Are a Few to Be Aware Of

SSI Disability Fraud

TV ads attracted people to see if they were eligible for SSI. They were sent to doctors in on the scheme who told them they were ineligible. The company then filed applications in their name. The scheme cost taxpayers $25,000,000.

Home Services

This one is much more relevant to HM. The targets were people living alone who appeared not to have any family. Once inside the home, these “caregivers” would trick the residents (or forge their signature) on documents ranging from Power of Attorney to Reverse Mortgages. Soon the homeowner was penniless and evicted.

Mortgage Default Prevention

Hopefully everyone the place to start if you fall behind on your mortgage payments is the bank or mortgage company holding your mortgage. NEVER respond to a TV ad offering to take what you can pay and “negotiate” with the bank on your behalf. Your money is spent as soon as you send it in.

Prepaid Funerals

This one is so simple and obviously well suited to fraud but people signed up anyway.

For a fee of $10,000 up front the company would negotiate a deal with the Funeral Home of your choice and then purchase a dividend paying life insurance policy for you so that your money would earn some money while you were alive. Amazingly, 97,000 people signed up for this which ultimately burned Funeral Homes and insurance companies as well as the victims.

Victim of Love

As the song from Beauty and the Beast says, “A tale as old as time.”

Older men bump into a younger, attractive who begins grooming them for a rip-off later. They begin by telling a sympathetic story of fleeing from abuse or having a sick child etc. After a while she asks if they can help with a little cash for her desperate situation. Once on this path the requests become bigger. Thus, the saying “There’s no fool like an old fool.”

People Over 55 Grew Up In a Different Environment With Some Great Qualities That Scammers Try To Take Advantage Of

In my career in cyber security the greatest threat was not technology but wetware (a/k/a people.) Recognizing this truth scammers have shifted from emphasizing weaknesses in the hardware to people. They try to use their good qualities against them as we’ll see below:

Industriousness

Because you are a hard worker you are busiest at the start of the workday and are most likely to be distracted. Hence bad E-mails are sent first thing in the morning. It will also get worse with the approaching holidays.

To protect yourself slow down a little and don’t fall for subject lines like “Immediate Action Required.” Also, Thursday is peak fraud E-Mail day.

Curiosity

A habit to keep in check these days. Scammers peak your interest with fake reports of celebrity deaths or other events. They also use greed, promising prizes for taking a short survey by clicking on the link.

FREE is a Bad Word

Promises of free stuff is a powerful lure but is usually toxic. Specifically, some of the worst “free” come-ons are for:
• Health and Medical
• Travel and Leisure
• Free Samples

Health and Medical

For seniors, Oct 15th to Dec 7th are prime scam time because it’s Medicare open enrollment. The crooks main goal is identity theft.

Same thing with pop-up free flu shot kiosks. They just want your ssn and other information

Another is medical equipment at “No Cost to You. We Bill Medicare.” This can burn you in several ways. Often the equipment is cheap stuff. If they successfully bill Medicare without a doctor’s prescription, you may end up paying hundreds for a $20 item.

The stuff is free but you have to give them a credit card to cover shipping and perhaps some supporting information as well.

Travel and Leisure

Free tickets or meals from well-known airlines or restaurants are almost always fake. It’s easy to cut and paste famous logos so always check the real company’s website or call their 800 number.

Time share presentations offering luxury cruises or accommodations will cost a lot of non-refundable credit charges for virtually nothing.

Free Trials

Last one. Any ad with the words “Miracle” “Guaranteed” and “Risk Free” are scams. Also, glowing customer reviews can be written by the company itself.

So how do they scam you? First, the 30-day return period starts when you order not when you get the product which you might not get for 30 days. The offers may also have microprint where you are agreeing to accept very expensive products with no returns allowed.

SCAMMERS DON’T JUST STEAL PEOPLE’S ID, THEY STEAL BUSINESS, GOVERNMENT AND MEDICAL IDs. IN ADDITION, THEY MAKE UP THEIR OWN.
Below is a list of Fake Callers:
Jury Duty Manager You didn’t show up. Pay $400 or go to jail.
Utility Company We will shut off your utility unless you pay immediately.
Property Clerk You have unclaimed property. Just pay this fee and get it.
Ticket Seller We have cheap tickets to a hot show but you must buy now
Bank Verifier Error on your account. Please verify your info so we can fix
Police/Fire Dept We are raising money for them. How much will you give?
IRS You owe back taxes and will go to jail if you don’t pay right now.
VA I’m from the VA. You have new benefits. Just need your information.
Drug Pusher We have new capsules that will halt your disease

The information below is boilerplate for each newsletter for new readers

This leads me to couple of points that readers have asked and I think everyone should know. First, you don’t have to give up your subscription if you move elsewhere. So long as I have a current E-Mail address your subscription will continue. Second, I have been asked to allow other communities to distribute this newsletter. I have absolutely no problem with that. Third, although most of you are already aware of this, a quarterly news is letter is too slow to protect you so for those who use the internet I put alerts out on the Hershysmill web site as I become aware of them. The web address is http://hersheysmill.org/.

Recently, I learned of a new way thieves can get into your locked car without breaking anything. The trick is simple. They have a reader that records your car’s lock code when you remotely lock your doors. Once you’ve gone they simply transmit the lock code and your car opens.

This isn’t quite as easy as it sounds as they have to be somewhere near your car. So be alert for people sitting in cars near where you park.

For total safety, manually lock your car doors and they can’t do anything.