• Skip to main content
  • Skip to primary sidebar
Scambusters
menu icon
go to homepage
search icon
Homepage link
  • Get Our Weekly Scambusters Newsletter
  • Advice
  • Avoiding Scams
  • Scammer Techniques
  • Identity Theft
  • Consumer Help
  • Phishing
  • Bank
  • Phone
  • Urban Legends
×

Thieves Target Your Password, Your ID -- and Your Car

Password theft

Worst password choices and sneakiest tricks to steal your ID: Internet Scambusters #545

Password theft is back in the spotlight in this week's Snippets issue, with latest details of the worst ones straight off the crooks' own lists.

We also have the lowdown on two sneaky financial scams -- one targeting small business owners.

And we report on an unusual job scam that, in some cases, even takes victims south of the border.

Let's get started...


Thieves Target Your Password, Your ID -- and Your Car


One day you may be able to look your webcam in the eye and be instantly recognized, but until then we're stuck with old-fashioned passwords as the main way of gaining secure access to our online accounts.

But despite widespread warnings, including several Scambusters issues, it's remarkable that people continue to use easy and predictable words or number combos.

So we make no apology for returning to this vexed subject this week as part of our Snippets issue.

We'll also be looking at financial phishing tricks and an unusual variation on jobs scams.

Password Crazy

By now, we hope that most Scambusters readers will be alert to the dangers of using easy, short passwords, and then using them again and again on multiple sites.

But we're hoping you might pass on this issue to friends and acquaintances in hopes of spreading the word and perhaps getting a few more people out of the clutches of the password crackers.

The reason we're doing this is because a recently published list of common passwords shows people are still trying to protect themselves with words like "password," "123456," and "12345678."

More Scam Reports:  Blessing Loom Scam Could Land You in Jail

In fact, those are the top 3 in the latest "Worst Passwords" chart from smartphone software outfit SplashData. And they've held those slots for years.

This year's new entries include the strikingly original (tongue-in-cheek) "Password1" and "welcome," while "111111" shows the biggest gain, moving up three places to number 9.

Seriously though, isn't it a shame that people are still using these terms and numbers, which are the first ones any hacker tries? Using them is just like handing your front door key to a crook.

In fact, the SplashData chart is compiled from the crooks' own online lists that contain millions of stolen passwords -- and they're being offered for sale.

Morgan Slain, SplashData CEO comments: "We're hoping that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites."

Amen to that.

Action: For more information on how to create secure passwords, check out these Scambusters issues:

Get Tough With Computer Passwords and Secret Questions

10 Keys to Password Security

And please pass it on!

Payroll Software Scam

Another continuously hot topic, which we featured in our previous Snippets issue and in many other reports, is phishing, and in particular, the use of bogus email messages that pretend to come from legitimate organizations.

Sometimes these are aimed at small firms, where it's hoped they'll hoodwink busy owners or employees into surrendering confidential information that gives the crooks access to their bank accounts.

More Scam Reports:  How To Spot And Stop A Scam Text Message

The latest one that follows this pattern landed in the inbox of one of the Scambusters team, claiming to be from financial software company Intuit, producer of the QuickBooks program used by lots of small firms.

Carrying the Intuit logo and with the subject line "Information Only: Payroll Account Terminated by Intuit," the message claimed a payroll transaction had been rejected.

It asked recipients to sign in to their account and arrange to transfer money.

But what looked like an Intuit link actually took victims to a French website mimicking the real thing.

The site has now been taken down but, no doubt, not before some firms fell victim. Also, no doubt, the crooks have set up another phishing site with the same purpose.

Meanwhile, another member of our team received a phishing email claiming to come from credit card company American Express.

This time, the subject heading was "American Express Alert: Your Transaction is Aborted" and the message contained links that secretly led to a hijacked commercial computer system that would upload malware onto victims' PCs.

This scam was still "live" at the time of writing, so watch out!

Action: In both cases, poor grammar, spelling and language use were dead giveaways.

But one simple rule avoids this scam: Don't click links in messages that claim to connect to a page where you have to sign on. Instead, go straight to the genuine website yourself and check there that everything is in order.

Job Ad Targets IDs -- and Victims' Cars

Just space to squeeze in one more Snippet -- this time an unusual version of a job scam.

More Scam Reports:  Could That Business Opportunity Be a Franchise Scam?

It starts with a bogus job ad on Craigslist, purporting to come from the homebuilding charity Habitat for Humanity. The name of the Salvation Army has also been used for this trick.

There seems to be two variations of the scam.

In one, applicants are met, usually at a coffee shop, in the locale where the Craigslist ad appears and asked to provide information including Social Security numbers and driver's license details.

This is a straight identity theft ruse and the victim hears no more about the supposed job.

The second variety is more complex. While being interviewed, the victim's car is ransacked.

In several instances, victims were actually asked to drive to Tijuana in Mexico, where their vehicles were actually stolen.

Action: Craigslist is a notorious target for job scams, so be especially wary when applying for a posted job there.

Also be wary about meeting anyone for an "interview" in a coffee shop or anywhere but a proper office. And park your car within sight!

Don't part with personal information to someone before thoroughly checking them and their organization out.

In the end, all of the scams in this week's issue boil down to the same thing: Whether they're sending out phony emails, posting bogus job ads or guessing your password, the crooks want information that will lead them to your money.

That's all for today -- we'll see you next week.

 

« Other Urban Legends and Hoaxes 12
Other Urban Legends and Hoaxes 11 »

Primary Sidebar

Scambusters.org
Prohibited Circle

Don't Get Scammed!

Don't Get Scammed!

Scammers, crooks and criminals are constantly devising new ways to steal from you. 


Our FREE weekly ScamBusters Email Reports keep you up-to-date by showing you exactly what to do and what to avoid to keep you and your family safe.

Your privacy is safe with us

Search For Scam Info

Popular

  • real estate scams
    Buyer Beware: Real Estate Scams and How To Avoid Them
  • public assistance
    Public Assistance Scams: How to Protect Your Benefits
  • online gaming
    Online Gaming Scams Exploit Your Children – What You Need to Know to Protect Your Kids (And You!)
  • travel scams
    Travel and Vacation Scams: What You Need to Know

Footer

↑ back to top

About

  • Privacy Policy
  • Terms & Conditions

Newsletter

  • Sign Up! for emails and updates

Contact

  • Contact

Copyright © 2024 Scambusters.org and Breakthrough Consulting, Inc.