Department of Veterans Affairs warns of scam targeting veterans

Well, this is just gross.

According to a warning released by the VA, scam artists have been targeting veterans over the telephone. They claim to be VA workers, telling victims that the VA has new procedures regarding prescriptions, and that they need the veterans’ credit card information.

Of course, the VA will never call veterals asking for credit card numbers or any other personal information.

It just illustrates the Number One Rule of Fraud Prevention:

Never give any personal information to an unsolicited caller, no matter who they claim to be.

If you have friends, family or neighbors who are veterans (especially elderly veterans), make sure they know about this scam, and that they know not to give out personal information.

The source for this post is “Scam targets veterans’ credit card info, VA warns,” published at CNN.com on 9/18/09.

How to avoid spyware and adware

I’ve said before that I don’t have the tech chops to get into an extremely detailed description of computer security issues, but I think its important to at least understand the basics. The minutiae of VBS or C+ programming doesn’t matter for our purposes here much as the following facts:

  1. There is a lot of malicious software out there
  2. It is important to know how to recognize it and how to avoid it
  3. It is important to keep your security software updated, and to make sure it is legitimate software from a trusted source

Let’s dive right in. Warning: this is one of my longer posts.

Basic Definitions

Malware: This is sort of an “umbrella term” for software intended to harm your computer. It includes (but is not limited to) spyware, misleading adware, viruses, worms and trojan horses.

Spyware: This is a term for software that, in some form, sends information from your computer to another entity without your consent. This information can be anything from words typed into search engines (Google, e.g.), websites visited or even keystrokes. Spyware can pose a serious identity theft risk, as it can relay financial account information (account numbers and passwords) to a third party.

Adware: Adware is software that displays advertising in some form. Not all adware is necessarily malicious (the free version of the Eudora email client contains benign adware), but sometimes it is. Often, spyware and adware are bundled together.

How Spyware and Adware Infect Your Computer

Some spyware is intentional. Some companies install keyloggers on their computers to keep tabs on employee computer use. I’m just guessing, but I’ll bet every letter you type into an FBI computer is logged.

However, the spyware I’m talking about is the kind that installs itself on your computer without your knowledge or consent. These programs can install through a variety of channels. Some of them are:

Backdoor: These programs exploit “holes” in your web browser or computer’s security features. You can become infected simply by visiting a website that has been set up to install malware, and you probably won’t even know it at the time.

Piggybacking: Sometimes software you want is bundled with software you might not want. Adware often shows up in this form, but other malware uses this method as well. I mentioned the free Eudora email client earlier. This is pretty benign adware—in return for not paying for the full version of the software, you put up with some banner ads, from which the software company earns revenue. However, you’ve also got examples like Bonzi Buddy, which was designed to appeal to children (and secretly send information about their web browsing habits to a third party). Bad scene.

Trojan Horses: A trojan horse is software that poses as useful or desirable software, but is actually spyware, adware or other malware. Some of the most common examples right now are Fake Virus Scan Pop-Ups, which I talked about a couple weeks ago. While visiting a website, a window pops up with a frantic message telling you that your computer is infected with a virus, and to click “OK” to run a scan now. This downloads software, some of which may actually even look like a real virus scanner, that can wreak havoc on your computer, to say nothing of the financial threat it could pose if it contains some really nasty spyware. I want to touch on a few examples of trojan horse software here:

MS Antivirus: This is a fake virus scanner that can disable your real antivirus and anti-spyware programs. Other than that, it’s mostly just annoying, but turning off your security software opens the door to all kinds of other infections. MS Antivirus goes by about a million different names, and it is constantly being updated to evade detection by legitimate security software, which just illustrates the importance of keeping your antivirus software updated. Pay for the subscription. It is worth it.

No-Adware: This was a trojan horse designed to confuse you with a name similar to Ad-Aware, which is a legitimate product. No-Adware is supposedly no longer considered “rogue” software, but you know what? I still haven’t forgiven them.

Tattoodle: This is an application that usually gets installed (intentionally) through Facebook. I don’t know yet if it’s malicious or just annoying, but I don’t think I care: it changes your browser’s homepage, makes itself difficult to remove and its logo is designed to make you think it’s related to Google. If it looks like malware and acts like malware, I call it malware. Just my opinion.

What To Do About Spyware and Adware

Sometimes spyware doesn’t have a whole lot of symptoms. A sudden increase in popup advertisements, constant frantic popups that claim your computer is infected, or just a sudden decrease in system performance can all be signs of a malware infection. I suppose having your identity or financial account information stolen could also be signs, but we’re not going to let it get to that point, are we?

First and foremost, it is of vital importance to install good antivirus and anti-spyware software, and to keep this software updated, even if that means paying for a subscription every year. Second and also foremost, it is vital to make sure this software is the real thing. Here are what I think of as the “Big Three” real, actual, non-malware computer security programs, along with some other software:

Norton: This is what I use. It currently comes in three versions for home users—AntiVirus, Internet Security, and 360, which range in price from $39.99 to $69.99 (although I’m pretty sure 360 is normally $79.99). As with all security software, you also have to subscribe to the updates every year, but it is well worth it.

McAfee: The Pepsi to Norton’s Coke, McAfee is another good one. It’s not my favorite, but I think that has to do more with the look and feel of the software than its actual functionality. As of this writing, its home computer versions range from $29.99 to $39.99, so it’s definitely more of a “budget” option. It works fine, though.

Kaspersky: This one actually originates from Russia. It is excellent antivirus software, and I’m pretty sure at one point years ago it was absolutely free to download and update. Alas, you have to pay for it now; prices are similar to Norton, ranging from $39.95 to $79.95.

Spybot Search & Destroy: This is free software that I highly recommend. It is not a replacement for any of the three antivirus softwares above, as it only concentrates on spyware and adware, but it is a great little backup program to have on hand. You’d be surprised how much potentially harmful stuff slips past your antivirus software. Beware of trojan horses with similar names—only get it from the website I’ve linked here.

Ad-Aware: This is similar to Spybot Search & Destroy. There is a free version still available, but you can also buy software from their site. To be honest, I haven’t used this one in a long time. Again, beware of imitators.

One final word on avoidance: I think there are certain types of websites that tend to contain more malware than others. You’re mostly safe when it comes to the giant corporate sites like Amazon, but I would never suggest you stick only to huge corporate sites.  You miss out on the whole democratic, DIY side of the Internet if you do that.

However, any time you’re viewing sites that offer pirated software, movies or music, or sites that appeal to the…ahem…prurient interests, you’re going to run into a lot more malware, especially in the form of trojan horses, than you might otherwise. So my advice is to go forth and browse, have fun and don’t be afraid to venture outside the “mall,” but try to avoid the seedy side of town.

Watch Out For Census Scams

What do economic stimulus packages, Cash For Clunkers, tax refunds, and the U.S. Census all have in common?

Besides the obvious fact that they’re all related to da gubbermint, they’re also things that people have turned (or could turn) into scams.

The 2010 Census is already in its early stages, and workers are already going door-to-door to verify addresses. However, you know as well as I do that there are also going to be some con artists out there, trying to get personal information for fraudulent use.

Ask any Census worker to show you his or her identification and badge before you answer questions. They will not ask for your Social Security number, credit card or bank account information, or donations. Anyone attempting to get this information from you is attempting to commit fraud. Politely refuse to answer their questions, close and lock your door, then contact police immediately. A Census worker will also never ask to enter your home.

Also, Census workers will only contact you by telephone, in person or by U.S. Mail (meaning envelopes-with-paper-in-them). They will not use email in any circumstance. Immediately delete any emails that claim to be from the U.S. Census.

Why don’t they use email, and why will they never do so?

Well, it’s because of people like me. I have six email addresses that I can think of offhand. There are probably another five or six that I don’t even remember. One of them is just so I can use Google Reader, and another is a leftover from an old blog, but my work email and two out of my three home emails are pretty active. Within a single household, there might be twenty email addresses, including young children. Can you imagine the mess that would ensue if they tried to use email to conduct a Census? There would be panic on a heretofore unseen level when the results came out that the population had rocketed up to 2 billion people over the last ten years.

The core information in this post was taken from “Be cautious about giving info to census workers.

Worst. Scam. Attempt. Ever.

Here’s an attempt at an email scam that nobody should ever fall for. Seriously, it’s like they weren’t even trying:

From: “Mr. R. Jan” <[removed]@gmail.com>
Sent 9/6/2009 3:21:48 PM
To: [removed]
Subject: ATTENTION NEEDED

My name is Mr. Jan and I am contacting you from Liberia for
a mutual business relationship and investment.
I have some funds realized through contract brokerage and I
need your cooperation to invest the funds.
The first stage requires transferring the funds to your
account for subsequent investment.
I therefore want you to work with me as a partner.  On
receipt of your response, I will send you full details of
the transaction and more information about myself.  I
am waiting for your prompt response.
Jan

I’m not even going to bother picking this thing apart. Yes, it’s a total scam. Yes, you should just delete it. No, it’s not a real investment opportunity.

Why I keep badgering you about mystery shopper scams

I seem to be on about mystery shopper scams a lot on this site, and if you’re reading these posts, you might eventually wonder: why does this subject keep coming up?

Below is an excerpt from a recent CUNA press release about a credit union member in Pennsylvania:

A Lancaster Red Rose CU member became a victim of a mystery shopper scam that reportedly took his name from information provided to an online job search database.

The individual received a letter from FreePayingSurvey.com of Wichita, Kan., which included a check for $2,960.50, and instructions to deposit the check into its account and get “trained in financial transaction by sending an international Western Union transfer (of $2,320) to our training agent: Rachel Thomas in Valencia, Spain.”

The letter also instructed the recipient to spend $50 at two of the listed retail locations, and offered a rate of $100 per hour for four hours of evaluations (mystery shopping).

It is unfortunate that the member—who is unemployed—fell for this scam, and as a result, now has a negative balance, Dave Kilby of Lancaster Red Rose CU, told the Pennsylvania Credit Union Association.

So, the reason I’m always on about secret shopper scams is that people keep falling for them. Do yourself a favor—don’t become the subject of a press release.

By the way—look at that URL one more time: FreePayingSurvey. Remember what I said about words that usually mean something is a scam? “Free” was one of them. Add “paying” and “survey” to your mental list.

Indiana Attorney General sets up new fraud alert system

The Indiana AG’s office has a new system for fraud alerts via email. You should sign up for this. I just did it myself.

All you have to do is visit the Indiana AG website and click the red “Consumer Alerts” button to begin. You can just enter your email address, or set it up with a password.

We’ve got a long weekend ahead of us. I’ll be back on Tuesday. In the meantime, stay vigilant out there.

Fake virus scan pop-ups

I don’t normally write a lot about specific computer-related issues, mostly because I don’t have the technical chops to really get into a lot of detail.

However, there is something I feel needs to be addressed: fake virus scanning software.

Have you ever gone to a website and had a realistic-looking window pop up, telling you that your computer has been infected with a virus? Usually, it will tell you to “click here” to run a “free virus scan.”

That was malicious software. If you “click[ed] here,” it very likely installed some form of spyware or adware onto your computer.

These are nasty programs. At best, they can annoy you by highjacking your homepage. so that when you open a web browser, some weird “search” page appears that logs every single thing you search for and spams you accordingly. It can lead to constant pop-up advertisements, misdirection to fake websites, and more.

At worst, they can install spyware, such as a keylogger that tracks every single thing you type on your computer, including logins and passwords. Big trouble if you happen to log in to do some online banking or bill payment.

When these fake virus scanners show up, there is always a button to “cancel,” but frankly, I don’t trust it. It could be set up to do the exact same thing as the “Install” button. I always click the “X” in the upper-right corner of the window.

Then I shut down my web browser, disconnect from the Internet and run an immediate virus scan, because I also don’t really trust that “X” I just clicked. Perhaps I am overreacting, but spyware freaks me out. Better to overreact than to give someone access to my online accounts.

If you already have a good virus scanner (I use Norton Internet Security) and are keeping your updates current (and I know you are, right?), they usually run pretty silently in the background. They might throw out a pop-up window if you’re heading straight into serious trouble, but it won’t look like just a regular “Windows window,” and it won’t ask you to install anything (you’ve already installed the software) or talk about “free trials.”

No matter what brand of virus protection software you’re using, I would also highly recommend Spybot Search & Destroy. This is a program designed specifically to target spyware, adware and other malware. Most likely, your primary virus scanner will catch everything, but it never hurts to have a little backup. Spybot S&D is free, but beware of software with a similar-but-not-quite-the-same name. I’d recommend you only get it from the site linked above.

Whatever you do, don’t be taken in by fake virus scanners.

Mystery Shopper Scams Forever, Continued

Yesterday I posted the text of an email our CEO received from “US_Surveys Inc.” and challenged you to see how many “this is a scam” warning signs you could spot.

Here are the answers I came up with:

  1. The “From” and “To” field both contained the recipient’s email address. Now, she didn’t send this thing to herself, so that means they were spoofing the “From” line. If this was really from a company called “US Surveys,” wouldn’t you think it would say “From: [somebody]@ussurveys.com,” or similar?
  2. It was set on “high priority.” They want you to think it’s a limited time offer, and if you don’t act now, you’ll lose out.
  3. Wonky spacing and punctuation (“Our company(US Surveys)” and “Secret/Shopper”) throughout. Most real companies take a little more care when sending official communications.
  4. Look at the payout: $100 for 30 to 60 minutes of work. That means they’re promising $100 – $200 per hour. I hate to break this to you, but real secret shopper jobs don’t pay anywhere near $200/hour.
  5. This: “The requirements for this position is to be no younger then 21 years old.” Bad grammar is a red flag (as is poor spelling).
  6. They want you to have an account at a certain financial institution (Citibank). The only jobs that usually require you to use a certain financial institution are when you work for that financial institution.
  7. They want you to open a new Citibank account, to be used “for this position only.” That’s even weirder than #6 above.
  8. The contact person uses a Gmail address. Gmail is a free email service like Hotmail, Yahoo!, etc. Real companies have their own email addresses (okay, small local businesses use free ones sometimes, but they’re usually not trying to get you to fall for a mystery shopper scam).
  9. The corporate “branding” isn’t consistent within the message. They’re “US Surveys” one minute and “US_Surveys Inc.” the next. Real companies are a lot more careful about how they refer to themselves.
  10. The whole concept of the message. Companies don’t just contact strangers out of the blue for job openings. Even companies that do the “recruiting” thing make you fill out an application and hand in a resume first. Okay, companies with $200/hour positions might contact you if you’re a well-known expert in your field, but their credentials will be visible (and you’ll already know who they are). They also won’t be in the mystery shopper business. Rocket science or brain surgery would be more like it.

So these are ten things I found that should tip you off that it’s a scam. I’m sure there are even more, but ten is such a nice, round number.

This message has made its way around the world—we’ve had a pretty big jump in traffic here the past two days. I hope everyone is realizing that this email is fraudulent, and nobody ends up wiring money to these clowns. You may have lost your job in this lousy economy, but losing several hundred dollars to a scam isn’t going to help you one bit. Keep looking for a real job (or strike out on your own), and stay positive.

Mystery Shopper Scams Forever: Play along at home!

The President/CEO of our credit union got this charming little email message today. I’m just going to post the full text here, and you see how many warning signs you can spot that this is not a legitimate job offer, and is in fact a scam:

From: [CEO’s email address here]
Sent: Monday, August 31, 2009 8:03 AM
To: [CEO’s email address here]
Subject: Regional Representatives Needed
Importance: High

Our company(US Surveys) is glad to let you know that we now have a vacancy for the Secret/Shopper Position.
This is a part time position as it requires no longer then 30 minutes to an hour to complete an evaluation.

For each assignment you carry out you will receive a commission of $100. Most of the time a shopper gets assignments on daily basis.
The requirements for this position is to be no younger then 21 years old and to own a Citibank account.

Regarding the account, it is recommended to apply for a new one that you will use for this position only.
If you need more information about applying for this position you can reply to [removed]@gmail.com.

Thank you,
US_Surveys Inc.

Needless to say, she wasn’t interested. Tomorrow I’ll post my list of warning signs that this thing is an attempt at fraud. There are tons of them.

Seriously, if there was a Mystery Shopper Scams Hall of Fame, this one would have its own room dedicated to it. It’s just a classic example.

Score one for us: federal robocall ban takes effect September 1st

They were already supposed to be illegal in Indiana, but telemarketing robocalls are banned on the federal level starting Tuesday.

Basically, a robocall involves an automatic phone dialer and an automated message. You’d get a robotic-sounding voice (hence the name) telling you, for example, that the warranty on your car was about to run out, and to press “1” to extend it. The implication was that the call came from the automaker itself, only it didn’t. Quite a few people have been suckered out of a few thousand dollars each because of these things.

There are some exceptions to this new rule, of course. You should still sign up for the national Do Not Call Registry, as well.

Stay vigilant.