MARRIOTT DATA BREACH: Basic Consumer Information

November 30, 2018 9:53 am

THE FOLLOWING IS INFORMATION RELATED TO A LARGE DATA BREACH THAT MARRIOTT DISCOVERED. WE ARE PROVIDING THIS INFORMATION TO OUR MEMBERS BECAUSE WE BELIEVE IT MAY BE HELPFUL.

__________________________________________________________________

MARRIOTT DATA BREACH: Basic Consumer Information

WE ARE AWARE AND ACTIVELY MONITORING THE BREACH

Marriott’s reservation database (Starwood Reservation Database) was hacked.

Hackers mined/collected data for 4 YEARS before discovery of the breach.

Hackers accessed: names; birthdays; passport numbers; email addresses; mailing addresses; and phone numbers

HACKERS MAY HAVE ACCESSED FINANCIAL INFORMATION, including credit card numbers, PIN numbers, and/or expiration dates

500 million consumers (worldwide) affected by the breach (# of WV consumers unknown at this time).

Breach includes SHERATON, WESTIN, and ST. REGIS hotel chains.

Marriott has created a website and call center for consumer inquires.

Consumer Website:                        info.starwood.com

Dedicated Call Center:                   1-877-273-9481

Marriott is also offering free enrollment in Webwatcher (which is a monitoring service). We’re reviewing the webwatcher program and cannot advise consumers on the pros and cons of the service at this time.

Free Webwatcher Enrollment:   info.starwood.com

Phishing Email – December 7, 2017

December 7, 2017 4:45 pm

On December 7, 2017 a few members of the State Bar received phishing emails with the subject “FYI” If you received this email please delete it and do not open the attachment. Below is a screenshot of the details.

FYI – Amazon Gift Cards

November 7, 2017 3:25 pm

The following message was reported as fraudulent. Steptoe & Johnson PLLC reported the activity.

Sent: Tuesday, November 07, 2017 1:17 PM
Subject: FYI – Amazon Gift Cards (Do Not Click!)

The Following E-mail is making the rounds and, as much as I wish to say we are giving away Gift Cards, the sad fact is that we are not.  Please do NOT click on the link or fill out any information to claim your gift card – you will only receive heartache and not $20.

—————————————-

From: Daved Gormon [mailto:Daved.Gormon@work-rewards.com] Sent: Tuesday, November 07, 2017 12:28 PM
To: Angela Fazzini
Subject: Good job. Here is a token of our appreciation.

Google E-Sign & Google Drive

May 11, 2017 2:51 pm

Suspicious emails have been going out to the general public saying you need to click on a link to “e-sign” a document through google or access a shared document. These emails claim to be relating to a document saved within Google Drive or E-Sign but are actually fraudulent phishing email links.

Below is an example of the fraudulent email.

Email Spoofing

March 22, 2017 10:38 am

On Tuesday March 21st, State Bar President McGhee reported that fraudulent emails are being sent out to bar members using his email address. The individual that is sending these emails is requesting payment information via email. These emails are being “spoofed” the individual is using an unauthenticated email server. These emails should be deleted as soon as possible if you receive one. No phishing links were included in the email. The State Bar and its Board of Governors do not request payment information via email in any circumstance.

If you receive any emails similar to the event described above please contact Mike Mellace at mellacem@wvbar.org .

WVSAO Phishing Email

March 14, 2017 10:50 am

Notice of Potential Scam Involving Correspondence from Office of Disciplinary Council

December 1, 2016 3:41 pm

The WV Office of Disciplinary Council has advised that bar members in Pennsylvania, Texas and Maryland have reported receiving an email claiming a grievance has been filed against them and giving them 10 days to respond. The email invites them to “click here” for more information.

None of the disciplinary agencies are responsible for these emails. The link loads a malicious software called ransomware on your computer that blocks computer access until a sum of money is paid.

We are no aware of any similar scams in WV, however, be alert. If you receive this type of email, delete it immediately. If you have any questions about any emails received from the Office of disciplinary council, contact that office at www.wvodc.org or 304-558-7999. Do not click on any links.

Wire Fraud Issues

November 28, 2016 8:35 am

Charleston, WV – A WV State Bar member recently reported being hit with a wire fraud issue twice in the last year, and another law firm recently wired fund to the wrong account based on a fraudulent e-mail.  In both cases a realtor’s e-mail account was hacked.  In the first case, the buyer received alleged wire instructions from our office to send the funds for closing.  Fortunately, we had asked for a cashier’s check and buyer brought to our attention.  In the second case, our seller allegedly sent wire instructions for their proceeds, to which it was sent, but immediately recovered by the bank.  Lawyers need to verbally call the recipient of the wire and verify the instructions, as well as obtaining copies of driver’s licenses.  Also, lawyers should be sending wire instructions via secure e-mail.  Generally, the hacker will get into a Yahoo account (either realtor or lawyer) and then spoof the party who is sending the wire instructions.  Here is is a link to a recent Florida Bar New article.

Good Day Attorney

November 18, 2016 3:58 pm

The following email has been reported by multiple attorneys as being a fraudulent email.

ATTORNEYS BEWARE OF CLIENT TRUST ACCOUNT SCAMS

November 18, 2016 3:40 pm

The State Bar has become aware of fraudulent schemes that have targeted lawyers’ client trust accounts throughout the country. From email that the ADO has received from its counterparts in other states, there appear to be two variations that have been used during the last few months. The first scheme is an advance fee “confidence scam” which involves what purports to be a business proposal from officials of a foreign government or foreign business. Typically the lawyer receives an unsolicited email from a company in China (or other location in Asia). The email states that the sender has found the lawyer’s name in an online legal directory The sender then advises the lawyer that he (or she) would like to retain the services of the lawyer to collect a judgment from a local business. The lawyer then performs some preliminary research and determines that the local business is a legitimate business. A contingency agreement is entered into. Within days, and prior to a demand letter being sent, the lawyer receives a cashier’s check from the local business for a large sum of money (normally several hundred thousand dollars) towards the judgment, with a note explaining the purpose of the check. The check appears to be from a local bank The lawyer then deposits the check into his/her client trust account. The Chinese business then contacts the lawyer and advises that the business needs all (or a portion) of the settlement proceeds immediately to cover on-going business expenses. The lawyer is advised that he/she can retain his/her contingency fees from the amount that is requested to be transmitted to the Chinese business. The lawyer then calls the bank in which he/she is holding client trust funds to inquire if funds are available, and is advised that they are. The funds (less the lawyer’s fees) are then wired to the scammer’s account in China (or elsewhere in the Far East). Within days, the lawyer is informed by the bank holding his/her client trust account that the local check was a forgery, and the lawyer is then out of trust by several hundred thousand dollars. The scams normally work because the victim lawyers do not appreciate the difference between funds that have “cleared” (or are collected), and funds that are available for use. Banks are required to make funds available for use within a few days of the deposit of checks, even though the funds often are not actually collected until nearly two weeks after the checks are deposited. The second type of scam that has been reported by other states involves the collection of a divorce settlement that has been allegedly reached with the scammer’s ex-husband. The scammer informs the lawyer that she is currently on assignment in a far eastern country and has an agreement for the husband to pay her several hundred thousand dollars, plus legal fees. The rest of the scam proceeds in a manner essentially similar to the judgment collection scam outlined above, and involves the deposit of a forged cashier’s check into the lawyer’s client trust account and the wiring of the client’s share to a foreign bank. Attorneys are warned that if the proposition appears too good to be true, it probably is. One should always be extremely wary of email communications from anyone you don’t know. Finally, it is extremely important that lawyers know the difference between available funds and collected funds