Scam of the day – March 29, 2017 – Phony IRS agent meets his match

One of the most common and effective scams is the phony telephone call purporting to be from the IRS telling you that you owe them money and must pay immediately or there will be dire repercussions. I have been warning you about this scam for years.  Often the calls from these scammers will even appear on your Caller ID to have come from the IRS which can be done through a technique called “spoofing.”

Recently Kyle Roder a police officer in Wisconsin received such a call on his voicemail and then, knowing full well that it was a scam, called the scammer back.  he recorded the entire phone call and posted it on Facebook.  Here is a link to the entire call.

There always was a simple way to know if a collection phone call was from the IRS or a scammer.  The IRS never initiates collection proceedings through phone calls so if you got a call, it was not from the IRS.

But that will be changing this Spring.

Congress, in its infinite wisdom, is authorizing designated private collection companies to collect overdue taxes and contact people by phone in order to do so.  The National Taxpayer Advocate office, which is an office within the IRS estimates about 380,000 taxpayers’ accounts will be turned over to these collection agencies.

Having private collection companies attempt to collect overdue taxes on behalf of the IRS was done in past years, but was not cost effective.


If your account has been transferred to a private collection agency by the IRS, you will be notified by regular mail before you receive any phone call. So if you receive a call attempting to collect money from you for overdue taxes before receiving such a notice, you can be sure that the call is a scam. However, even if you account has been turned over to a collection agency by the IRS, you can never be sure when you are called on the phone, that the person calling you is really from one of the IRS authorized collection agencies so the best course of action is to tell them politely that you cannot be sure that they are who they say they  are and contact the IRS directly to straighten the matter out.

Complicating the matter is that while there are various tax forgiveness programs the IRS operates, these private collection agencies, who are paid on commission, are not required to tell you about these programs when they call, so you are always better off dealing with the IRS directly rather than through a collection agency.

March 28, 2017 – Steve Weisman’s latest column for USA Today

Here is a link to my latest column for USA Today in which I discuss the latest income tax scams.  Income tax scams are always evolving and you need to know how to recognize and avoid these scams.

Scam of the day – March 28, 2017 – Star Trek themed ransomware

Ransomware is  a type of malware that gets unwittingly downloaded on to a company’s, institution’s, government agency’s or individual person’s computer, which when downloaded encrypts the data of the victim.  The victim is then told to either pay a ransom, generally in bitcoins, within a short period of time or the hacker will destroy the data.

Ransomware has become one of the most common and effective cybercrimes in the last year, successfully targeting individuals and a wide range of companies including law firms, accounting firms and even police departments. According to the United States Justice Department, ransomware attacks quadrupled last year to more than 4,000 per day.  As big a problem as ransomware was last year, I predict it will be much worse in 2017.

New strains of ransomware are constantly being developed and one of the more interesting ones to appear recently is the Star Trek themed ransomware called Kirk ransomware referring to Captain James T. Kirk of the original Star Trek television show.  When the Kirk ransomware attacks your computer it fills your screen with a ransomware demand with the images of Captain Kirk and Mr. Spock in the background.  The ransom is demanded in the form of a cryptocurrency similar to Bitcoin called Monero.  The ransom generally is valued at about a thousand dollars in Monero currency.  If the victim agrees to pay the ransom, a decryption tool is provided entitled Spock.


The key to not becoming a victim of a ransomware attack is to prevent it in the first place.  Generally, the malware is installed unwittingly by victims when they are lured through phishing and spear phishing emails to click on links infected with the malware.  Never click on links in emails or text messages regardless of how legitimate they may appear until you have verified that it is legitimate.  You should also install anti-phishing software.

It is also important to not only have anti-malware software installed on all of your electronic devices, but to make sure that you update the security software with the latest security patches and updates.  Many victims of ransomware have fallen victim to strains of ransomware for which there are already security software available to thwart it.   Finally, always back up your computer’s data daily, preferably in two different ways in order to protect your data in the event you do become a victim of ransomware.

Scam of the day – March 27, 2017 – eFax phishing scam

Phishing scams in which you are lured to click on links or download attachments full of malware rely on your trusting the initial communication.  Reproduced below is an email I recently received that appeared to come from eFax a real company that sends faxes digitally formatted as PDF files.  Don’t click where it says “View your document” because if you do you will end up downloading malware.

You have got a 3 page fax at Thu, 24 March 2017 8:17:28

Your personal new Fax reference ID is vnj-48956824

View your document!

Take your faxes online with eFax®, the world's #1 internet fax service.

While the email appears to be legitimate, the email address sending the email had no relation to eFax which was an immediate indication that this was a scam.


The risk of downloading malware by clicking on unverified links or downloading unverified attachments is too great.  Never click on any links or download any attachments regardless of where they may appear to originate until you have independently confirmed that the communication is legitimate.  In this case it would have been simple to determine that this was not a true communication from eFax.

Also, as often is the case, the grammar of scammers is not always the best as where this phishing email states “You have got.”

Scam of the day – March 26, 2017 – Russian hacker pleads guilty

Last week, Mark Vartanyan a Russian computer hacker who used the online alias “Kolypto” pleaded guilty in federal court to various crimes related to his role as one of the creators of the infamous Citadel malware which was used to attack major financial and government institutions around the world resulting in the infection of approximately eleven million computers and  more than five hundred million dollars in losses.

Like much criminal malware, Citadel was sold on the Dark Web by the criminal geniuses who developed it, but what made it unique at the time that it was first employed in 20112 was that like legitimate software programs, the makers of Citadel encouraged feedback from their customers in order to help improve the product and create desirable new features.

Vartanyan will be sentenced on June 21st and under the terms of his plea agreement prosecutors will not ask for a sentence longer than five years in prison conditioned upon Vartanyan’s continued cooperation with American law enforcement.


Like so many malware programs, Citadel was largely downloaded on to the computers of its victims as a result of phishing and spearphishing emails which again emphasizes the point that a major security step we all should take is to refrain from ever clicking on links or downloading attachments in emails or text messages unless we have absolutely confirmed that the communication is legitimate.

Scam of the day – March 25, 2017 – Multiple states’ JobLink database hacked

JobLink, which is a database managed by Job Link Alliance, maintains online databases that connects employers with job seekers.  JobLink is used by the state governments of Alabama, Arizona, Arkansas, Idaho, Illinois, Kansas, Maine, Oklahoma and Vermont. It has recently come to light that the database for all of the states using JobLink were hacked sometime prior to March 16th.  The total number of people affected is undetermined at this time, but potentially huge.  In Delaware alone personal information from more than 200,000 accounts were stolen. Included in the information stolen in this data breach were names, Social Security numbers and birth dates which could be readily used for purposes of identity theft.


If you used JobLink in any of the affected states, you should immediately freeze your credit with each of the three credit reporting agencies to help prevent anyone who may have access to your Social Security number from obtaining credit in your name.  You can find out how to put a credit freeze on your credit report by putting in the key words “credit freeze” in the Search the Website section of Scamicide at the right hand corner of this page.

You should also carefully monitor all of your credit cards and other accounts regularly for any indications of identity theft.

Scam of the day – March 23, 2017 – Ponzi schemer sentenced

Ponzi scheming investment advisor Patrick Churchville has been sentenced to seven years in prison for operating a Ponzi scheme that cheated more than a hundred of his clients out of 21 million dollars. Between 2008 and 2011 Churchville invested his clients’ money in JER Receivables under participation agreements through which they would lend money to JER to buy healthcare receivables promising profits of 30% in 16 months.  When the investment failed, Churchville continued the scam by siphoning money for himself such as in his purchase of 2.5 million dollar waterfront home and used new investors money to pay older investors, which is the defining element of a Ponzi scheme.


It bears repeating.  If it looks too good to be true, it usually is.  Anyone being promised a return of 30% in 16 months should be skeptical.  Also, never invest with anyone unless there is an independent custodian who holds the investment in order to avoid having the same person both manage and hold the investment which is a recipe for disaster since it makes it easy for the scammer to hide his or her crimes.  Churchville, like famed Ponzi schemer Bernie Madoff, both made the investments and acted as the custodian of the investment enabling him to falsify records and keep his victims unaware of the scam being perpetrated.

Scam of the day – March 22, 2017 – FTC shuts down fraudulent weight loss scam

The FTC has settled a claim against scammers who were marketing worthless weight loss products through illegal spam emails and phony celebrity endorsements.  The scammers hacked into email accounts of unwary victims and used those email accounts to send out spam emails to people on the contact list of the hacked accounts with links purporting to be to an interesting news story.  Many people receiving these emails fell for the scam because they believed the email was coming from a trusted source.

The links led to websites that touted worthless weight loss products such as Original Pure Forskolin and Original White Kidney Bean.  The websites also contained false claims of weight loss such as 17 pounds in 4 weeks or 41.7 pounds in 2.5 months.  The websites also falsely represented that the products were featured or endorsed by Oprah Winfrey or the hosts of “The Doctors” television show.


Whenever you receive an email purporting to be from a friend with a short note instructing you to click on a link to some important story, you should immediately be skeptical.  Often the emails seem out of character with the person who appears to be sending you the email which is because often their emails have been hacked and used to send out spam emails such as this.  If you get such an email and it is spam, you should let your friend know that their email account has been hacked.

Never click on links in emails unless you have verified that they are legitimate.  While in this particular case, clicking on the link would only take you to a phony website, often clicking on links such as this can download ransomware or keystroke logging malware that will enable a hacker to steal your personal information from your computer and use it to make you a victim of identity theft.

As for weight loss products, you should always do your research and check with your primary care physician before considering buying any product promising to help you lose weight easily.

Scam of the day – March 21, 2017 – European Commission acts to reduce social media based scams

Social media is an integral part of the lives of all of us and therefore it is often used by scammers to convey scams because people often put too much trust in postings and messages they receive through social media. Cognizant of this fact, the European Commission, led by French consumer authorities have given Facebook, Twitter and Google+ until April 16th to come up with proposals to address the growing number of scams using their social media.  If the proposals of these companies are deemed not satisfactory, the European Commission has indicated it would resort to enforcement actions.


This is a positive step by the European Commission.  It starts with the recognition that scams are rampant on social media and then permits the various social media companies to have substantial input as to how they will constructively deal with this problem.  However, if the companies fail to act responsibly in this matter, the European Commission is ready to impose regulations.

As for all of us as consumers of social media services, the most important way to avoid scams on social media is to follow my motto, “trust me, you can’t trust anyone” and always be skeptical of any offer you receive on social media, particularly ones that require you to provide personal information.  In addition, never click on links or download attachments unless you have absolutely confirmed that they are legitimate.