Scam of the day – June 29, 2016 – Latest security updates from the Department of Homeland Security

June 28, 2016 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.


Here is the link to a list of all of the recent security updates as posted by the Department of Homeland Security:

Here is a link to recent Apple security updates:

Here is a link to a recent update for Mozilla Firefox:

Scam of the day – June 28, 2016 – FTC shuts down mortgage relief scam

June 28, 2016 Posted by Steven Weisman, Esq.

Scammers are always taking advantage of people at their most vulnerable so it is certainly no surprise that mortgage relief scams through which scammers promise to provide financial relief for homeowners having difficulty paying their mortgages are extremely common.  Recently, the Federal Trade Commmission (FTC) filed charges against Brookstone Law and Advantis Law as well as a number of their associated lawyers and obtained an injunction halting their scam by which they allegedly stole millions of dollars from desperate homeowners by inducing them into paying to be included in “mass joinder” lawsuits that would prevent their homes from being foreclosed upon and would also provide them with financial rewards of at least $75,000.

The truth is that a mass joinder lawsuit is far more complex than a class action and that although the law groups charged by the FTC did actually file some legal actions against some mortgage issuing banks, they never won a single case and most of the cases were dismissed because the lawyers failed to actively pursue the cases.  People who fell for the scam paid $895 or more for a legal analysis in which they were told that they would win at least $75,000.  Once the victims signed on to the lawsuits, they were required to pay recurring monthly fees of thousands for dollars.  According to the FTC, the scammers even continued to charge their victims the monthly fees after their lawsuits were dismissed.


Certainly, advising someone having difficulties paying their mortgage not to speak with their lender or an attorney is such outrageous advice that it should be a strong indication that you are dealing with a scammer.  If you are experiencing difficulty paying your mortgage, you can call 1-888-995-HOPE for free personalized assistance from housing counseling agencies that are certified by the Department of Housing and Urban Development (HUD).  You also can get assistance by going to the website of HOPE NOW at  HOPE NOW is a legitimate and effective alliance of counselors, mortgage companies and others that provides help homeowners in financial distress.

Scam of the day – June 27, 2016 – Why you should have a credit freeze

June 27, 2016 Posted by Steven Weisman, Esq.

Regular readers of Scamicide are probably familiar with credit freezes, but it is important to remind everyone about the benefits of this tool that is simply the best thing you can do to protect yourself from identity theft.  A credit freeze is, as the name implies, is a freezing of your credit report at your request whereby no one can have access to your credit report even if they have your Social Security number and other personal information about you.  You control access to the credit report through a special PIN that you choose.   Thus, even if someone was able to steal your Social Security number, they could not parlay that into access to your credit report and use it to purchase things or set up accounts using your name.  If you need to thaw out your credit report at such times as you want to apply for credit in the future, it is an easy procedure to do by using your PIN; then, after your new credit has been established, you can freeze your credit report again.

Here is a link to the National Conference of State Legislature’s webpage that describes the credit freeze laws for each individual state.  Because the laws differ from state to state, you should check on the laws for your own particular state when putting on a credit freeze because the costs differ from state to state.

The credit reporting bureaus and many of the companies offering identity theft protection services advise people to put a fraud alert on their credit reports at each of the three major credit reporting agencies, Experian, Equifax and TransUnion, if you think you are in danger of identity theft rather than use a credit freeze. With a fraud alert in place, you are supposed to be notified if anyone attempts to open a new account or access credit in your name, which sounds like a good thing and it would be if it weren’t often ignored by businesses opening new accounts or granting credit in your name by identity thieves.

And what is the penalty, you might ask for a company failing to contact you before granting someone credit if you have a fraud alert on your credit report? Zero. Zilch. Nada. There is absolutely no penalty whatsoever if a company chooses to ignore a fraud alert and fails to notify you when someone attempts to open a new account using your name.  So why do credit reporting agencies recommend that people use fraud alerts to protect themselves from identity theft?  The answer is simple. The credit reporting agencies make billions of dollars by selling your information to banks and other companies. With a fraud alert in place, they can continue to sell your information however, if you have a credit freeze in place, they cannot sell your information. With a credit freeze in place, even an identity thief who already has your Social Security number will not be able to access your credit reports to use your credit to make purchases or open accounts in your name.

This is important because before opening new accounts, most companies will do a credit check of the applicant. With a credit freeze in place, a credit check cannot be done and consequently an identity thief will be prevented from opening new accounts

Having your credit frozen will not affect your ability to get your annual free credit reports from each of the three major credit-reporting agencies Equifax, Experian and TransUnion.  It is important to put a credit freeze on your credit report at each of the three major credit reporting agencies.  Here are the links to each of them where you can go to freeze your credit.




Scam of the day – June 26, 2016 – FTC refunds victims of brain training program scam

June 25, 2016 Posted by Steven Weisman, Esq.

Many of you may be familiar with Lumosity, a brain training program sold by Lumos Labs that has extensively advertised throughout the media its brain games that it said could target and train specific areas of the brain and improve cognitive performance as well as protect the brain from dementia and Alzheimer’s disease.  According to their advertising, which included customer testimonials, merely using the games for ten or fifteen minutes,  just three or four times a week could help users achieve their “full potential in every aspect of life.”  It sounds pretty good.  In fact, it sounds too good. Unfortunately, according to Jessica Rich of the Federal Trade Commission (FTC), “Lumosity simply did not have the science to back up the ads.”  Rich went on to say “Lumosity preyed on consumers’ fears about age-related cognitive decline, suggesting their games could stave off memory loss, dementia and even Alzheimer’s disease.”  As for the testimonial raves from satisfied customers, Lumosity failed to disclose that many of those were from people who had been offered potential prizes for their comments.

As a result of the deceptive advertising, the FTC brought charges against Lumos Labs, the maker of Lumosity and earlier this week, the case was settled with Lumos Labs agreeing to change its advertising as well as pay two million dollars to the FTC to be refunded to affected customers who purchased Lumosity products between January 1, 2009 and December 31, 2014.  Lumosity is also required to notify affected customers of their options for refunds and to cancel subscriptions.  I first reported to you about this settlement in the Scam of the Day for January 7, 2016 and now the FTC  is finally processing the refunds.


This case serves as another reminder that it is always a dangerous practice to rely on advertising to evaluate the effectiveness of products related to health care.  It is always a good practice to both do your own research as well as check with your own doctor before spending money for any health care product including weight loss plans and, as here, brain training products.  If you were a purchaser of Lumosity products during the indicated dates, you should have already received a letter from Lumos Labs about how to cancel ongoing subscriptions as well as claim your share of the two million dollar fine.  If you did not receive the information about applying for a refund, go to the tab entitled “FTC Scam Refunds” at the top of this page for information about how to apply online or by mail for your refund.

Scam of the day – June 25, 2016 – Federal Student Tax scam

June 25, 2016 Posted by Steven Weisman, Esq.

For years now I have been warning you about phone calls from scammers posing as IRS agents demanding immediate payments for unpaid taxes.  I continue to warn you about these scams because they continue to work.  According to the IRS, thousands of victims have paid millions of dollars to the perpetrators of these scams.  The form of the scam changes slightly from time to time.  In the most recent incarnation of this scam, people are receiving calls demanding payment of the non-existent Federal Student Tax.  The scammers generally demand payment by credit card, wired funds or even iTunes gift cards which is a major indication that the call is a scam.


This scam is easy to spot.   The IRS will never initiate communications with a taxpayer by phone so if someone calls you purporting to be from the IRS in an initial effort to collect overdue taxes, you should hang up because it is a scam.   Even if your Caller ID appears to show that the call is from the IRS, this does not mean that the call actually is from the IRS.  Through a technique called “spoofing” a scammer can make the call appear to be legitimate, but it is not.  The IRS will never demand payment by credit card, debit card, cash card, iTunes gift card  or wired funds in an initial telephone call.  If you think that you really may owe taxes, call the IRS at 800-829-1040 to speak to a real IRS employee.  If you receive a scam call, you may wish to report the call to the Treasury Inspector General for Tax Administration at 800-366-4484.

Scam of the day – June 24, 2016 – EMV chip card update

June 23, 2016 Posted by Steven Weisman, Esq.

It has been eight months since the mandate to the credit card companies and merchants to switch to the new EMV chip credit cards which generate a unique randomly generated code for each transaction that renders useless hacking retailers to steal credit card information as we have seen so many times in the past few years, most notably with Target in 2013.  Yet despite the October 1, 2015 deadline for merchants and credit card companies to switch to the new EMV chip credit cards in order to avoid liability for fraudulent credit card purchases, recent surveys indicate that only 70% of American credit card holders have EMV chip credit cards and less than 37% of merchants have adopted the new technology.  Many smaller retailers have made the decision not to switch to the new processing equipment required to process EMV chip credit cards because they have determined that the cost of updating and changing their card processing equipment is more expensive than they perceive their risk of potential liability for fraudulent card use while other retailers have updated their equipment, but have been delayed in having it become operative because it must be certified by each payment network, such as MasterCard and Visa, used by the merchant.  Some merchants have even sued MasterCard and Visa over the delays.


The rules regarding the shifting of liability for fraudulent charges do not directly affect consumers, however, that does not mean that consumers can just ignore this matter.  Scammers are still taking advantage of the fact that 30% of Americans still have not received a new EMV chip card by emailing them posing as their credit card companies asking for information in order to process their new EMV chip cards. Unfortunately, people receiving these emails provide the personal information including their credit card number, which is then used to make fraudulent charges in the names of the scammers’ victims.

So how do you know as a consumer if you receive an email purporting to be from your credit card company that it is legitimate?

First check the address of the email sender.  If it appears to come from someone or some company wholly unrelated to your credit card issuer, it is a scam.  Many scammers use hijacked email accounts that become a part of a network of controlled computers referred to as a botnet to send out their emails so that it is difficult to trace the scams back to the scammer.

Merely because the email appears legitimate, is written in proper English and even carries the logo of your credit card company does not mean that it is legitimate.  It is easy to copy the logo of a company on to an email.  If you get an email from your real credit card company it will generally be addressed to you specifically by name rather than a generic greeting of “Dear Cardholder.”  In addition, legitimate emails to you will generally reference your account by including the last four digits of your account.  However, even paranoids have enemies so if you do get an email that appears legitimate, but you still have concerns, merely call the company at the number found on the back of your credit card to confirm that the email is legitimate. but make sure that you dial the number correctly because some enterprising scammers have bought telephone numbers that are quite similar to those of the legitimate customer service numbers for your credit card companies in order to snare people who have misdialed their credit card company.

Scam of the day – June 23, 2016 – FTC refunds money to victims of weight loss scams

June 23, 2016 Posted by Steven Weisman, Esq.

The Federal Trade Commission (FTC) is sending 6.3 million dollars in refunds to people who were scammed into buying Kevin Trudeau’s book, “The Weight Loss Cure ‘They’ Don’t Want You to Know About.”  The book was sold through infomercials that touted it as a simple and effective plan that would enable you to lose dramatic amounts of weight while still eating whatever foods you wanted.  The truth was that the diet was a far from simple starvation diet that also required daily injections of difficult to obtain prescription drugs.  Although Trudeau was ordered to repay cheated consumers millions of dollars in 2009, it was not until a court-appointed receiver was able to locate significant money hidden by Trudeau that money just became available to partially compensate consumers for their losses.  If more of Trudeau’s funds are located, payments will be made by the FTC in the future, as well.  If you were someone who bought this book, go to the tab at the top of this page designated “FTC Scam Refunds” for more information about getting and cashing your refund check.

In addition, The FTC has also settled a lawsuit with Genesis Today, Pure Health and Lindsey Duncan about false and misleading claims that they made about their weight loss products containing green coffee bean extract.  I first reported to you about this FTC action in the Scam of the Day for January 27, 2015.    Duncan and his companies claimed  green coffee bean extracts would enable users to lose 17 pounds and 16% of their body fat in 12 weeks without diet or exercise.  Duncan also referred to a severely flawed clinical study which he claimed supported his claims.  Helping his sales of the weight loss product were his television appearances on legitimate shows such as The View and The Dr. Oz Show.  Dr. Oz received much criticism while testifying before Congress recently regarding the recommending of green coffee bean extracts for weight loss on his show.    The FTC is mailing checks to people who bought the supplements online and for whom the FTC has an address.  If you bought the supplements at a retail store, you can apply for a refund by going to the tab at the top of the page designated “FTC Scam Refunds” for the forms you need.


The truth is that there are no quick fixes when it comes to weight loss and you should be wary of any product that promises you can lose tremendous amounts of weight quickly without dieting or exercise.  You should also be wary of any weight loss product that is sold exclusively either over the Internet or through mail-order advertisements.  It is also important to remember that no cream that you rub in your skin can help you lose substantial weight and no product can block the absorption of fat or calories.  The best course of action is to ask your physician about the effectiveness of a particular weight loss product or program before you reduce your wallet in an effort to reduce your waistline.

Scam of the day – June 22, 2016 – Virtual currency hacked

June 22, 2016 Posted by Steven Weisman, Esq.

Digital funds, sometimes known as cybercurrencies, the most famous of which is the Bitcoin, have been fascinating people in recent years.  These cybercurrencies are presently used for both legitimate and criminal enterprises and bring speed and privacy to financial dealings.  Their lack of governmental regulation provides opportunities both to innovators and, unfortunately to hackers, such as those who hacked Mt. Gox, the largest Bitcoin exchange which lost almost a half a billion dollars worth of Bitcoins in 2014.  Now more than fifty million dollars worth of the digital currency Ether was stolen from a project known as the Decentralized Autonomous Organization (DAO) which was acting like a venture capital fund from which Ether funds would be invested in projects chosen by people contributing to the project.    The hackers used a technique known as a “recursive call vulnerability” to steal the funds.  Fortunately, however, it appears that the stolen funds have been frozen and should be able to be recovered although it appears that this may be the end of DAO as an operation.


As worldwide banks continue to struggle with security in a world where banking is done electronically and funds can be stolen by way of computer attacks done through a combination of spear phishing and sophisticated malware, many banks have been looking to the underlying blockchain technology used by Bitcoin, Ether and other cybercurrencies.  However, with the vulnerabilities of blockchain being exposed in hackings such as that of DAO, the search goes on for more secure ways to do online financial transactions, particularly banking.  The present banking system is extremely vulnerable and you can expect there to be many more cyber bank robberies such as occurred most recently at the Central Bank of Bangladesh, not just in third world countries, but in other countries with even more established  and seemingly secure banking systems in the near future.

Scam of the day – June 21, 2016 – FTC and Florida Attorney General bring charges against robocaller

June 21, 2016 Posted by Steven Weisman, Esq.

Automated computer generated robocalls, such as those which we have all received from “Rachel from card services” that try to induce us to get a new credit card or some other service are a scam that has been with us for many years and despite the best efforts of the Federal Trade Commission, still are victimizing many people.  The calls sound legitimate and if you are not sufficiently skeptical, you can end up having your identity stolen or become scammed out of money for a worthless product being sold.  It is easy to identify a robocall that is a scam.  If you get a robocall, it is a scam.  Commercial robocalls have been banned for many years Only politicians, charities and poll taking researchers are legally allowed to use robocalls.

Recently the Federal Trade Commission and the Florida Attorney General commenced legal action against Life Management Services, accusing the company of operating illegal robocall scams in which they offered non-existent credit card interest rate reduction services and credit card debt reduction services that also were bogus.  Those people falling for this scam paid between $500 and $5,000 in upfront payments for which they received nothing, according to the IRS.


The best way to avoid becoming a victim of a robocall scam is to merely hang up as soon as you hear that it is a robocall on the other end of the line.  Because commercial robocalls are illegal, you know immediately that the caller is disregarding the law and therefore should not be trusted.  Some robocalls instruct you to press certain numbers to be taken off of their caller list, but this is another scam.  Doing so will generally only let the caller know that they have contacted a legitimate number and will keep calling you.  There are a number of steps you can take to block these calls including apps that can be used to block robocalls to your smartphone.  Some smartphones have call blocking capabilities built in as a feature of the phone so you can also check this out as an option.  You also can contact your phone service carrier for various options that they all provide to block calls.

Scam of the day – June 20, 2016 – LinkedIn phishing email

June 20, 2016 Posted by Steven Weisman, Esq.

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work.  Here is a copy of a new phishing email that appears to come from LinkedIn that is presently circulating.  DO NOT CLICK ON THE LINK.  Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond.  Because LinkedIn has been in the news regarding a massive data breach, many people might be more likely to trust this email.  Don’t trust it.

“Dear Linkedin User

Due to the recent upgrade in linkedin you have to upgrade your account to keep using linkedin  or your account will be terminated.
In order to login click the link below
to login and wait for responds from linkedin.
We apologies for any inconvenience and appreciate your understanding.


There are a number of indications that this is not a legitimate email from LinkedIn, but instead is a phishing email.  The email address from which it was sent has nothing to do with LinkedIn, but most likely was from a hacked email account that is a part of a botnet of computers controlled remotely by the scammer.  In addition, they also would not use the generic greeting “Dear LinkedIn User,” but would rather specifically direct the email to you by your name. Another indication that this is a scam is the poor grammar where the email reads, “We apologies for any inconvenience.”  English is often not the primary language of many scammers based around the world and it shows in their grammar.

As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the company at a telephone number you know is accurate where you can confirm that it is a scam and make sure that you dial the telephone number correctly because scammers have been known to buy phone numbers that are just a digit off of the legitimate numbers for companies to trap you if you make a mistake in dialing the real number.