ID theft : phishing scams

Comcast phishing scam seeking victims

IdentityTheft — Thu, 24 May 2012 17:58:00 GMT

According to reports, a new phishing scam is targeting Comcast XFINITY cable Internet subscribers.

The email reads: "Dear Comcast Customer, The Constant Guard service has updated the Online Security of Comcast Users. To link your account to our new update you just need to re-login your account using the secure link bellow. The link will redirect you to our update login page. Simply login your account and the account will automaticly be updated."

The link points to a TinyURL which redirected victims to a compromised higher education institution website in India. It appears to have been compromised through vulnerable FrontPage server extensions.

The fake page is an identical copy of the real Comcast XFINITY login page, and even includes a fully functional TRUSTe logo, to fool victims into thinking the site is secure.

Your response to this should be to call Comcast first and ask questions. Find out if it's legit. A huge clue in this scam that it's a fake is the misspelled words, which are common in phishing attempts.

New scam making the rounds

IdentityTheft — Wed, 28 Dec 2011 20:59:00 GMT

If you got a new Macbook, iPad or some other Apple product for Christmas, you should be aware that there's a new e-mail scam headed your way. Scammers are sending out a very official-looking e-mail, which requests that you update your billing information.

The scam reportedly targets new Apple owners who are just setting up and registering their new equipments and accounts. The e-mail apparently looks legitimate, and reads, "It has come to our attention that your account billing information records are out of date. That requires you to update your billing information. Failure to update your records will result in account termination."

There is also a link included, "http://store.apple.com," which actually goes straight to the scammer's servers. Clicking on the link and then inputting your information will give the scammer all he needs to steal your identity.

Once you click on the link, you are directed to a fake Apple ID sign-in page, which will give the scammer your login credentials. You will also be prompted to input your name, date of birth, Social Security number, credit card information, billing and shipping addresses, and your Apple ID and password.

Be extra vigilant when you receive unsolicited e-mails. Do not click on any links contained in them, and don't give your personal, financial or account information to anyone unless you are sure of the person on the other end of the request. It's best to check with the company directly to see if the request was made in the first place.

Don't fall for PayPal phishing scam

IdentityTheft — Tue, 08 Nov 2011 16:08:00 GMT

A new phishing scam is making the rounds – and if you use PayPal, you could fall victim.

The e-mail looks like it is from PayPal's account review team, and states that the site's security system has "blocked unusual charges to a credit card linked to your account." The message further states that there has been an intrusion to the e-mail recipient's account, and it appears that someone has tried to use your account. The e-mail contains a handy attachment which, after you download it, will allow you to enter information and take steps to "restore your account success."

When you receive a message such as this, you would immediately want to make sure your account is safe and the emotional rush that comes in a moment like this can cloud your judgment.

PayPal has the controls in place to prevent fraudulent transactions, but their system isn't foolproof. This is where this particular scam shows its effectiveness. Since you trust PayPal to protect your account, and the scam e-mail says PayPal has locked your account for your protection, you're more apt to fall for it.

The information requested in this scam includes cardholder name, birth date, mother's maiden name, Social Security number and home telephone number. It also asks for your home address. The form does not ask for a PayPal e-mail address.

When you receive e-mails and you don't know where they came from, do not click on links included in the e-mail or download anything. If you are unsure whether it came from the source it claims, contact the source directly and ask. In this case, you could look up PayPal and contact them directly, using contact information from PayPal's official site, not from the e-mail you received.

The best advice when you receive unsolicited e-mails? When in doubt, don't.

Check out online loan companies thoroughly before you sign

IdentityTheft — Tue, 25 Oct 2011 15:45:00 GMT

Want to put a big, fat target on your back for identity theft? Dumb question, huh? No one wants to be victimized by an identity thief. But if you've applied for a bad credit loan, you may become just that – a target.

Some of the online bad credit loan companies use or sell your personal information. In fact, there are many bogus sites that offer loans, but that are really in the business of scamming consumers. Hundreds of people, already dealing with bad credit, are now being bugged by debt collectors for debts they don't owe – debts racked up by identity thieves who got their victims' information after the information was compromised following the application for an online loan.

These thieves know exactly what they are doing. They prey on those desperate for help, and promise loans to those who have been turned down everywhere else. But many of these sites do nothing more than sell your information, which can then be sold online to those wishing to commit crimes.

But bear in mind: Not all online loan sites are scams. There are those that legitimately offer loans to those with bad credit, and these sites have made sure their sites are secured. When you're looking for a bad credit loan, be sure you thoroughly check out the site and the company behind it before you provide any personal information.

You'll also want to find out if there are any complaints against the company. You can type in the company name and the word "complaints" to see what pops up. Lots of complaints is a red flag, telling you that you should move on.

Remember, don't pay money up front for a loan. Do your homework before you sign on the dotted line, and know what you're getting into.

Keeping your information safe online just takes common sense

IdentityTheft — Wed, 04 Aug 2010 16:40:00 GMT

Reports of identity theft are registered every day, and more people are falling victim to it than ever before. Increased Internet use, whether on a personal computer or handheld device, may be to blame. Sixteen percent of American households with the Internet reported some kind of identity theft last year, according to a survey by Consumer Reports.

So how do you keep your personal information safe online?

If you access the Internet at home via a wireless network, having a firewall is a must. This helps to form a barrier between your trusted network and any untrusted networks trying to access your computer. Make sure you regularly update anti-spyware, anti-phishing and anti-virus software. Having anti-virus software protection is an important thing that a lot of folks just simply forget about. Most of these programs are subscriptions, so you can't assume that you just have them on your computer or that the subscription lasts more than a year.

Make sure to secure your mobile devices, like smart phones or iPads, with passwords and encryption, just in case they are lost or stolen. For many people, these devices contain just as much personal information as a home computer. You should also set up your accounts with a pin code as well, so that in order to make any changes regarding your personal accounts, you would need to have a four-digit code to access them.

Do your research before you download free apps to your device. You never know who might have access to your personal date via your apps.

Beware of social networking sites. This is where most personal information is lifted. So consider how much you post on your page. If your date of birth, phone number, address or maiden name appear on your Facebook or MySpace page, these could be used to obtain the rest of your personal information. Be sure to set restrictions on your profile so only certain groups of people can view your personal information.

Never give anyone your personal information, such as your Social Security number, in an e-mail. "Phishing" e-mails may look like they're from your bank or credit union, but if you are affiliated with a bank, that institution already has your personal information. They won't need you to e-mail it to them. If you receive an e-mail requesting that you do so, call your bank to confirm the e-mail was sent before responding.

If a suspicious e-mail contains a link, don't click on it, no matter how tempted you are. The safest thing you can do to find out what the site is would be to get out of the e-mail, and type the URL for the link into your Web browser separately.

When it comes to protecting your personal information, the best advice is to follow your own common sense. When in doubt, don't.