Archives for Rip-Off

The IRS wants you to watch out for scams during tax season

Unfortunately, income tax season can be a vulnerable time for thieves using phone or phishing scams. The IRS wants you to be aware of these potential threats, and take extra caution this month.

This time of year, you might receive a phone call saying you owe taxes and can be arrested if you don’t give the caller your credit card or other personal information. Sometimes these are recorded messages that can be convincing. As reported in Top Tech News, the IRS wants to make it clear that this is never how it will contact you.

“The IRS does not initiate contact with taxpayers by phone. And if someone owes money to the government, they’ll first get a bill through the mail. The IRS also does not demand payment until after a taxpayer has had time to question and/or appeal a bill. The agency also says it does not ask for credit or debit card numbers over the phone,” Top Tech News explained.

The IRS also never makes first contact with a taxpayer via email. If you get an unexpected email allegedly from the IRS in your inbox, it’s probably a scam. These emails often demand you Social Security Number, which the IRS would never do in an email.

The IRS wants taxpayers to keep extra attention on their bank accounts this season, and go to www.irs.gov to learn more about potential scams.

Nova Scotians beware of this latest phone scam

A new phone scam has been reported coming out of Nova Scotia, after Halifax restaurant owner Elias Fathallah says he nearly fell victim to the ploy. According to CBC, the scam has targeted over a dozen other people in the province, who have received phone calls from an impersonator pretending to be from Nova Scotia Power, saying they had unpaid electricity bills and were going to be cut off.

On December 15th alone, Nova Scotia Power says it received fifteen reports from customers who had been targeted by this scam.

Fathallah says he was serving customers on December 15th when around 11:30 a.m. his phone rang. “Someone called Eugene told me he worked with the power company, and he was coming in 45 minutes to disconnect my power,” he said. Fathallah also says the man gave him a 1-800 number and extension, with which he could call and keep his power running.

“When I called the machine, it said ‘Welcome to Power Nova Scotia,'” Fathallah said. A person named Robert William answered and said he was the manager. “William” told Fathallah that his online payments had not gone through since September, meaning Fathallah owed Nova Scotia Power thousands of dollars.

Fathallah agreed to give the man his credit card information so he could pay the allegedly unpaid bills, but before he could, “the man interrupted, saying instead that Fathallah had to go to a spot on Oxford Street in Halifax and pay $1,020.09 in cash,” reports the CBC. This is when Fathallah caught on.

No legitimate power company would ever ask to collect payments in a parking lot, so Fathallah called the number on his bill statements. “I told her, ‘What’s going on? Why do I have a red flag on my account? I paid my bills on time.’ And she said, ‘What are you talking about? Your bills are paid … we are not coming to disconnect your power,” Fathallah recounted.

It’s a good thing that Fathallah made the choice to call Nova Scotia Power, but he says it could have gone the other way, and that the scammer seemed very authentic. “He was playing me well. He was so calm, so professional,” he said.

Nova Scotia Power has said luckily no one has fallen victim to the scheme yet, despite the scammers’ numerous attempts.

Ransomware is making a pretty penny worldwide

We’ve all heard about ransomware, and how it holds devices hostage until the owner pays up. But have you ever wondered just how much money ransomware has managed to steal across the globe? According to a joint study from Google, bitcoin security firm Chainalysis, the University of California at San Diego, and New York University, the most prevalent ransomware strains have roped in a total of $25 million.

According to an article by PC Mag, the ransomware ecosystem is “dominated by a few kingpins.” For example, Locky and Cerber. Locky was the first ransomware to steal more than a million dollars per month, and has made around $7.8 million in total. Cerber makes around $200,000 a month and has made $6.9 million in total. Other big earners include CryptoLocker, CryptXXX, SamSam, CryptoWall, AlNamrood, TorrentLocker, Spora, CoinVault, and WannaCry.

The study says that the problem is made worse because “just 37 percent of users back up their data.” If more users had backups, holding data hostage would not be so threatening to victims of ransomware scams.

Phone scam targeting the elderly in New York State

phone-449836_640On Friday, May 5, the New York State Police issued a warning to state residents about a recent surge in phone scams targeting seniors in the region.

According to the Wyoming County Free Press, the scam includes two main scenarios. In the first, the caller is “claiming to be a family member in trouble or arrested in another state or country. This caller will put urgency on helping them and not to contact other family.” In the second scenario, the caller “claims to be a law enforcement official with a family member under arrest demanding bail or funds for them.” Police remind citizens that they will never contact families for bail money.

In either scenario, the caller will ask the victim to put specific amounts of money on store gift cards, such as Walmart, Home Depot, Lowes, Target and other big retail stores. Then, the victim is instructed to call a number and read off the gift card identification number. If the victim complies, those gift cards will be used to buy and resell items.

The New York State Police are asking residents to make seniors in their life aware of this scam in attempts to prevent its future success.

2016 was marked by the highest number of data breaches in history

hackersWe will remember 2016 for a lot of reasons; a polarizing election, a slew of tragic celebrity deaths. But there’s another serious problem with 2016 – data breaches. According to the National Law Review and findings by the Identity Theft Resource Center and CyberScout, 2016 showed a record high for data breaches in the United States. The number of recorded breaches last year reached 1,093, surpassing 2015 by 40 percent.

While the financial services industry accounted for only 4.8 percent of the total breaches, business, healthcare, education, military, and other government services were hacked significantly more frequently.

According to these findings, for the eighth year in a row, hacking, skimming, and phishing scams were the main factors behind these data breaches – 55.5 percent of all reported incidents. Breaches using email and internet accounted for only 9.2 percent of all the hacks, and employee error was responsible for 8.7 percent. Of all these breaches, 64 percent involved identity and personal data theft.

These findings are concerning, but not altogether too surprising. It makes you wonder what we can do to make our data more secure in the future.

Verizon Under Fire Again for Overcharging

verizonAccording to Fortune, the Federal Communications Commission has recently confirmed it is investigating complaints from Verizon Wireless customers about strange data billing. Among those complaints are upticks in customers’ mobile usage when they’re asleep, data usage surging from single digits into hundreds of gigabytes, and even a case of a deceased man’s phone suddenly triggering overages on his widow’s account.

The billing issues were first uncovered by financial reporter and columnist for The Cleveland Plain Dealer, Teresa Dixon Murray. She also revealed an error in 2010 that led to a substantial fine for Verizon. Murray wrote that her family received extra charges for usage that apparently happened while the family slept, leading to a series of replies from Verizon customers across the country who had experienced the same or a similar problem.

Now, six years later, the stories are not only still flooding in, but being taken seriously. One woman was charged for using wireless data on a flip phone that was not data-compatible. In another story, a woman named Joyce Shinn was surprised to find that her husband’s bill started showing data charges a year after his death.

Perhaps the most significant of all is the story of Valerie Gerbus, whose reported data usage skyrocketed from 4GB one month to 596GB the next. Gerbus was charged a whopping $8,535, plus a $600 fee when she decided to cancel her plan. Although Verizon eventually waived the bill and claimed that they resolved the situation, the company refused to provide details about the initial problem.

Various Verizon representatives have responded to Murray’s probing on these billing errors, attributing them to consumer error or popular, automatic smartphone features that prioritize using data over Wi-Fi.

The FCC hopes their investigation will determine whether these issues are a coincidental collection of consumer errors or rather something more nefarious, or simply ignorant, by Verizon Wireless.

New Android Malware Poses Scary Threat

malwareThere are so many viruses and malware floating around out there, it’s impossible to keep them all straight. But if you’re an Android user, you should probably be aware of the new Trojan horse that will not only steal your payment data, but also hinder you from alerting your bank.

First identified by security vendor Symantec, the new version of the Android.Fakebank.B malware has a “call-barring” function. This means a hacker can delay the user from canceling any cards that have been compromised.

Fakebank has been around since 2013. It operates by pretending to be an Android app, all the while stealing the user’s money. It first scans the phone for specific banking apps, and upon finding them prompts the user to delete and replace them with malicious versions. Fakebank.B, the newer version, will also monitor phone calls and, if it believes a bank is being dialed, it will cancel the call.

Right now, Fakebank.B has only surfaced in Russia and South Korea. However, Symantec is warning users everywhere to refrain from downloading apps from untrustworthy sources, such as third-party app stores.

*Source: Network World

Most Websites Vulnerable to Bot Attacks

DistilLogoAccording to a new study by Distil Networks Inc, 97 percent of major websites offer minimal to no security against bots. One thousand of the top websites in retail, financial services, consumer services, news and media – and even United States government agencies – were examined in the study.

Bots can be used by competitors, hackers, and other cybercriminals for things like website scraping, brute force attacks, competitive data mining, online fraud, account hijacking, data theft, and much more. Needless to say, they’re no small threat and protecting against them should be a priority.

“Bots, especially Advanced Persistent Bots (APBs) are evolving in sophistication because of their polymorphic nature and quick deployment to access sensitive information and reap monetary benefits,” stated Distil Networks CEO Rami Essaid, in a press release. “Our 2016 Bad Bot Landscape Report found over 88 percent of all bad bot traffic last year was made up of APBs – bots that mimic human behavior.”.

Distil Networks tested these websites against the four main kinds of bots, ranked by their level of sophistication. They include browser automation bots (advanced bots), hidden legitimate browser bots (evasive bots), bots lacking well-formed web browsers (simple bots), and bots acting as bots (crude bots).

Zuckerberg’s Online Profiles Hacked

By Elaine Chan and Priscilla Chan (CC BY 2.5  via Wikimedia Commons)

By Elaine Chan and Priscilla Chan (CC BY 2.5 via Wikimedia Commons)

Online accounts are compromised every day, yet many of us think it could never happen to us. Think again. Over the weekend, Facebook tycoon Mark Zuckerberg was the victim of an attack that saw hackers gain access to his Twitter, LinkedIn and Pinterest profiles. If one of the most tech savvy entrepreneurs can find himself in this situation, none of us are immune.

There has been plenty of speculation as to how the crooks got access, including suggestions Zuckerberg was caught up in the 2012 LinkedIn hack and used the same password for multiple sites. The good news is his Facebook account was untouched. Some media reported his Instagram account was also compromised; however, a TechCrunch article states the photo-sharing platform’s security systems stopped the intrusion.

No real damage was done before the accounts were reclaimed, though the group – which called itself “OurMine” – did post a few messages.
Zuckerberg and his Facebook PR machine have been quiet in the wake of the cyber attacks and have declined to comment.

Telstra Withdraws $2M from Man’s Bank Account

BYOD costWe’ve heard of big phone bills before, but an Australian man may have made the biggest payment we can recall in recent times. Last week, Calum Mawson went online to pay his $225 Telstra bill. Instead, $2.25 million was taken out of his bank account.

When Mawson received payment confirmation, he immediately called the telco to get to the bottom of the matter. He believed the rep who told him the transaction wouldn’t process through his account and not to worry about it. However, he soon realized he was in trouble when another transaction was denied for insufficient funds. A quick check of his account revealed a full $2,250,623 had been withdrawn.

He must have had some serious overdraft protection on the account.

“I was completely gobsmacked at the amount, I have never seen so much money in my life,” Mawson was quoted as saying.

The 22-year-old said his bank was very co-operative in the aftermath, eventually restoring his account balance after a few days. Telstra wasn’t quite as friendly.

“Telstra has been so unhelpful throughout the whole experience and customer service just kept trying to push the blame,” he said. “I think Telstra are the ones to blame in this scenario and what makes things worse is the fact they haven’t even reached out to offer any sort of compensation.”