Too Good to be True—Probably Is

This post came to me because I noticed something interesting in my Junk mail.  A spam mail for Walmart (supposedly, but most likely not) that had “We want YOU: Walmart Workers 75/h Now.”  I don’t think Walmart pays their salaried people (except maybe at the Corporate offices) $75/h.  So, I thought “Why would they send this out, with such an outrageous salary listed?”  Then it occurred to me that someone clicked on it.  The old adage of “If they keep doing it, then obviously someone is falling for it.”

In these hard economic times, it’s easy to fall victim to something like that.  The hope for a payday or windfall tempts everyone.  In fact, just the hope for steady income tempts everyone (myself included).  The problem is the actual companies are not hiring like this (by sending out unsolicited e-mails).  And they definitely are not offering tons of money per hour. 

The point to this post is this.  If it sounds too good to be true (or sounds like it’s way more than you’d expect someone to make at the company) then it probably is.  It’s more than likely a scam.  They definitely will want your personal information, and maybe will want money.  Either way, you’re taking a chance that they aren’t going to steal your identity or rob you/kidnap you/kill you.  So, be careful.

If you are looking for work, check out the Regional Help Wanted site (http://www.regionalhelpwanted.com), Monster (http://www.monster.com), CareerBuilder (http://www.careerbuilder.com), or Yahoo HotJobs (http://hotjobs.yahoo.com). You can also try looking on Twitter, but the same rule applies.  Some of the jobs there are too good to be true.

Have a great day:)
Patrick.

Disasters and Scams Seem to Go Hand in Hand

The earthquake in Haiti last evening is a tragedy and a catastrophe. And the natural desire to help is a very well-placed thing and should be acted upon. However, there are people who are more than happy to take advantage of our desires to help out.

Already there are a bunch of domain names being registered referencing the Haiti Disaster (http://isc.sans.org). They don’t specify how many or what names, but I’ll bet by the end of the day, a list will be up.  This happens after every major disaster—or major news event.  While some (or most) of the sites may be legitimate, there will be a large number that are not. 

There is a new method going around also.  Sending SMS requests via Twitter and Facebook.  These messages say something like “SMS yele to xxxxx to donate $5 ($10) to Haiti”.  Some will tell you that the donation is charged to your cell phone—others won’t. I’m not saying that you shouldn’t do this—I’m saying that you need to be aware of two things: 1) You’re going to see a $5.00 SMS charge on your phone bill (regardless of your “Text Messaging Plan” and 2) you honestly don’t know if that money will go to the Haiti Disaster, or someone’s lifestyle.

If you’re in the United States (and probably other countries as well), your best bet is to go to http://www.redcross.org (The American Red Cross) and donate through them.  If you’re interested in the SMS route, try http://www.mgive.com or http://mobilegivinginsider.com as they are vetted by ISC.  The American Red Cross is also on Twitter at http://www.twitter.com/redcross (or @redcross).

If you have SMS “Premium blocking” enabled on your phone, you may have to call your wireless carrier first to approve the donation (or disable it while you do the donation).  My suggestion is to monitor it to find out if you’re suddenly donating every day.  If so, then you need to block the charges.

As I said, this is already a tragedy and a catastrophe. Please don’t let it become a financial tragedy for you.  Donate—but do it through legitimate sources.  Check the ISC lists and check out the site (and entities behind the sites) BEFORE you donate.

Myself, I’m waiting to see what my local chapter of Phi Theta Kappa is going to do.  I’ll help them, or I’ll make a donation to the Red Cross.  Maybe, I’ll even donate blood (since that will be needed as badly as money).

Have a great day:)
Patrick.

Virginia Won’t Pay Hacker’s Ransom Demand – InsideTech.com

Virginia Won’t Pay Hacker’s Ransom Demand – InsideTech.com

Recently a “cyber-criminal” (please note that I’m not using the overhyped and irresponsibly used term “hacker”) broke into the Virginia Department of Health’s database and stole a bunch of records.  The criminal claimed that they also deleted the backups of the records (which was false) and demanded a ransom of $10 million.

Instead of paying, Virginia is working with the FBI to apprehend the criminals.  Are they doing the right thing here?  I would say “yes” and “no”.  Understand that I am basing this upon the same information that you have—I don’t have any secret information about the case.

Yes they are doing the right thing by refusing to pay the ransom, and by working with the appropriate law enforcement agencies to track down the criminal(s) responsible.  It would be foolish and useless to give into the demands, as the criminal will either a) not give you the records or b) give you something more like a virus with them.

Based on the articles that I’ve read, there is a possibility that the information that was stolen includes identifiable information such as your Social Security number (this is only in the case of Virginia residents who have had prescriptions filled).  The articles do not specify if the state is working with Credit reporting agencies to prevent Identity theft.

This would be where I have to say “No.”  If your bank is breached, or a store that you’ve used  a credit card at is breached (or the credit card processing agency), they typically offer those infected with a years’ worth of credit monitoring.  And they typically bear the burden of the cost of the monitoring.  It’s a small price for them to pay, in order to regain your trust.

The articles don’t specify if Virginia is doing any of this.  If they are then I say they’re doing everything right (as far as things I’ve looked at). But if they aren’t doing anything to prevent the Identity theft, then they are putting their residences at an unnecessary risk.

These articles also emphasize the need for stronger security and the need to maintain backups off-site.  The criminal claims that the backups were still attached to the system, and that he/she deleted them.  If that’s the case, then the state failed right there.

This is an issue that everyone can monitor and take some learning examples from. Especially when it comes to maintaining backups and protecting your information.  You may not be able to control it once you put it on someone’s server, but you definitely can control it on your computer.

If you’re a resident of Virginia and were affected by this (or know someone who is), please drop me a note and let me know if the state is doing anything to help you safeguard your personal information in this matter.

Have a great day:)

Patrick.