Scam of the day – May 29, 2017 – FTC and Florida Attorney General shut down huge debt relief scam

Being in debt is a difficult situation faced by many people. Unfortunately, it can be made much worse when debtors are targeted by unscrupulous scammers posing as debt relief specialists who make matters worse. Recently, the Federal Trade Commission (FTC) and the Florida Attorney General obtained a temporary injunction shutting down an alleged phony debt relief scam operated by Jeremy Lee Marcus, Craig Davis Smith and Yisbet Segrea through eleven companies such as Financial Freedom National and Loans, Instahelp America.

According to the FTC’s complaint, the scammers posed as non-profit corporations and promised to provide guaranteed debt consolidation loans at very attractive interest rates to consumers having difficulty paying their debts.  The FTC says that despite collecting processing fees and monthly payments of as much as a thousand dollars or more, the scammers never provided the loans.  The scammers are also alleged to have contacted people already enrolled in debt repayment programs with legitimate debt relief companies and lured them into switching to the programs operated by the scammers.  In so doing, they induced the unwary customers to move their escrow money held by the legitimate debt relief companies to the companies operated by the scammers who then looted the money.

TIPS

There are many debt relief companies that may be able to help people with debt problems, however, credit counseling services may be a better and more economical choice for many people.  While there are legitimate debt relief companies, there also are many scammers who will take your money and provide little, if anything for your payment.  It is important to remember that it is illegal for a debt relief company to charge you a fee prior to settling your debts.

If you are considering using a debt relief company, you should check with your state’s Attorney General and your state’s consumer protection agency to see if there are any consumer complaints against them.  Finally, for detailed information about alternatives to consider if you are having debt problems, go to the FTC’s website at https://www.consumer.ftc.gov/articles/0153-choosing-credit-counselor

Scam of the day – May 28, 2017 – Chipotle data breach update

Today’s scam of the day is an update of the Scam of the day from April 28th when I first wrote about the data breach at Chipotle Mexican Grill. After  a series of food safety problems in 2015, the Chipotle Mexican Grill restaurant chain had recently regained sales, but that could change with the announcement by the company that it had suffered a data breach affecting most of its 2,550 restaurants between March 24th and April 18th. Following an all too predictable pattern, the data breach came about as a result of malware that stole credit card and debit card information from Chipotle’s card processors.  This in great part is due to the fact that Chipotle has still not updated its credit card processing equipment to handle the more secure chip credit cards as required by industry regulations.

Here is a link to Chipotle’s  updated official announcement about the data breach which, if you ate at a Chipotle’s restaurant during the relevant period, also provides a link to inform you if the particular restaurant you went to is affected by the data breach.  https://www.chipotle.com/security

TIPS

As consumers the best thing you can do is to use your EMV chip card whenever possible.  Unfortunately, Chipotle is just one of many retail establishments that still have not updated their credit card and debit card processing equipment to use EMV chip cards.  For further personal protection, don’t use your debit card for retail purchases because the protection from liability that you get regarding fraudulent use of a debit card is not as strong as the liability protection you get when using a credit card. In addition, even if you report fraudulent use of your debit card immediately to your bank, your bank account to which the card is tied will be frozen and inaccessible to you while the bank investigates the matter.

If you were a customer of Chipotle’s during the affected period, it is a good idea to carefully monitor the charges on your credit card for indications of fraudulent use.

Scam of the day – May 27, 2017 – Target pays $18.5 Million to 47 states to settle security breach claims

Many people trace the era of major data breaches by hackers to the massive data breach at Target during the holiday shopping season of 2013. Credit card and debit card data on approximately 40 million Target customers was stolen as well as other information including email addresses of approximately 70 million Target customers.

Recently 47 states and the District of Columbia settled civil charges against Target related to the data breach with Target agreeing to pay 18.5 million dollars to each of these states and the District of Columbia. California will receive 1.4 million dollars which is the largest amount that any state will receive.  None of this money is to returned to consumers.

This settlement is very significant because it is part of an escalating trend of companies whose negligence leads to data breaches being held responsible for the harm caused to consumers.

Pursuant to the settlement, Target will implement a comprehensive security program which will include the use of whitelisting analytic software that helps prevent unauthorized malware programs from being downloaded, segmenting of credit card information from other parts of Target’s computer networks and increased use of encryption.

TIPS

This is a very positive step and, having reviewed in detail the security requirements that Target will be required to implement, I believe these provide a good guide for other companies to use to enhance their data security.

As for all of us as consumers, the best thing we can do is to refrain from using our debit cards from any use other than as an ATM card because the laws protecting us from unauthorized use of debit cards are not as strong as those protecting us from unauthorized use of credit cards.  In addition, whenever possible use your credit card as a chip card rather than as a magnetic strip card for increased security.

Scam of the day – May 26, 2017 – Latest USAA phishing scam

USAA is the insurer of millions of members of the military as well as many veterans so it is no surprise that it is the basis for a new phishing email presently being circulated.  As with so many phishing emails, this one tells you  that you need to click on links in the email in order to resolve security issues.  The truth is that if you click on the link or provide personal information, you will become a victim of identity theft as the criminal will use the information you provide to make you a victim of identity theft.  Alternatively, merely by clicking on the link provided in the email, you may download keystroke logging malware that will enable the identity thief to steal all of the information in your computer, laptop or other device and use that information to make you a victim of identity theft.   In another scenario, clicking on the link will download dangerous ransomware.

Here is a copy of the new phishing email that is presently circulating.  DO NOT CLICK ON THE LINKS.  As phishing emails go, the graphics are pretty impressive.   It should be noted that the email is directed to “Dear Customer” rather than your name and no account number is provided. These are further indications that this is a scam.  Finally, this email was sent by an email address that had nothing to do with USAA, but was undoubtedly part of a botnet of computers using email addresses of hacked email accounts to send out the phishing email.

TIPS

Frankly, whenever you get an email, you can never be sure who is really sending it to you.  Obviously if you receive this email and you do not have an account with USAA, you know it is a scam, however, if you receive something like this that appears to come from a company with which you do business, you should still not click on any links contained in the email unless you have independently confirmed with the company that the email is legitimate.  Remember, even paranoids have enemies.

Scam of the day – Mary 25, 2017 – Latest security updates from the Department of Homeland Security

As was made abundantly clear by the recent massive ransomware attack that focused on a vulnerability in the Microsoft Windows operating system for which Microsoft had already issued a security update, constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  This has been a particular busy week for security updates.  These new updates from the Department of Homeland Security includes critical updates for Google Android systems and numerous Apple products.

TIPS

Here is a  link to a list of all of the recent security updates as posted by the Department of Homeland Security:

https://www.us-cert.gov/ncas/bulletins/SB17-142-0

https://www.us-cert.gov/ncas/current-activity/2017/05/15/Apple-Releases-Security-Updates

Scam of the day – May 24, 2017 – Small businesses are big targets for scammers

Small to medium sized businesses have been big targets for scammers and cybercriminals for a long time with good reason.  Small to medium sized businesses have much information about their customers and their employees that can be misused for purposes of identity theft and often are not as protected from cyberattacks as they should be.  According to a study by security company Symantec 36% of all targeted cyberattacks have been made against businesses with fewer than 250 employees.  This problem is made worse by the fact that according to the National Cyber Security Alliance 83% of small businesses have no formal cybersecurity plan and 69% have no plan at all.

TIPS

Some of the steps I advise are installing Firewalls, installing security software and regularly updating it, training employees about proper security practices, better use of encryption, and using dual factor authentication when available.  I also consult and give speeches to companies and trade groups about how to protect themselves from scams.  If your company or trade group is interested in having me come to speak to you, you can reach me here at Scamicide.

The FTC has also recognized this problem and has now set up a new website that provides helpful information to small businesses about protecting themselves from cyberattacks.  Here is a link to that website.  https://www.ftc.gov/SmallBusiness

Scam of the day – May 23, 2017 – Mimic phone number scam

The Department of Veterans Affairs is warning veterans of a scam involving a scam related to its Veterans Choice Program (VCP) hotline. The VCP hotline is available for veterans seeking to determine if they are eligible for the VCP which is a benefit program for eligible veterans to receive health care in their communities.  The VCP hotline number is 866-606-8198.  Scammers, however have set up a phony VCP hotline number of 800-606-8198 by which they attempt to trick veterans who may use the toll free 800 number instead of the toll free 866 number in attempting to reach the hotline.  Veterans calling the wrong number are then asked under various pretenses to provide a credit card and they end up becoming victims of identity theft.

TIPS

This is not a new scam.  In the past, scammers have obtained telephone numbers that are just a digit off from those of bank customer service numbers and then ask unsuspecting callers who misdialed their bank for banking information which was also used to make the caller a victim of identity theft.

You never can be sure who is actually on the other end of the line when you receive a call, but you also have to be careful when making calls because of scams like this.  In this particular scam, the scammers have not been indicating that you have reached the U.S. Department of Veterans Affairs, but you can’t rely on this because future scammers may not follow the protocol of the present scammers.  Always be extra careful when calling numbers where you can be expected to provide personal information.

Scam of the day – May 21, 2017 – HSBC text scam

British based HSBC is the world’s sixth largest bank and has branches around the world.  Recently scammers have been randomly sending out text messages, such as the one reproduced below in order to scare people into clicking on the link in order to verify their account and avoid a threatened suspension of the account.  If you click on the link it will take you to a phony HSBC website that looks legitimate, but is merely a scam to lure you into providing your username and password for your HSBC account (if you have one) which the scammer will use to steal money from your account.  If you receive this text message and don’t have an account with HSBC, you know immediately it is a scam, but it can look frighteningly legitimate if you have an account with HSBC.

HSBC banking scam text (Image: loveMONEY_

TIPS

This message can be particularly problematic if you are an HSBC customer and have signed up to receive text message alerts from the bank. However, whenever you receive a text message you can never be sure who is really sending it to you, so you should never click on links in such text messages which may either download ransomware malware on to your phone or keystroke logging malware that can lead to your becoming a victim of identity theft.  In other instances, such as with this particular text message scam, you are in danger of providing your personal information directly to the scammer that can be used to access your accounts.  The best course of action when you receive such a text message if you have a concern that it may be legitimate is to merely independently contact your bank to determine whether or not the text message was a scam.

Scam of the day – May 20, 2017 – FTC sending refunds to victims of phony Yellow Pages scam

The Federal Trade Commission (FTC) took legal action against CPU Service, Inc and its principal owner, Robert Ray Law shutting down a scam operated by Law and his company by which phony invoices for what appear to be “Yellow Pages” advertising was sent to thousands of small businesses, doctor’s offices, retirement homes and religious schools that had never ordered the ads.  The invoices carried the familiar walking fingers logo of AT&T, but was not affiliated with AT&T in any manner. Many people fell for this scam with many victims sending as much as $487 to the scammers.

TIPS

The FTC is now sending out refund checks to victims of the scam.  If you were one of the victims, you can get more information by going to the tab at the top of this page entitled “FTC Scam Refunds” and click on CPU Service Incorporated.

As for the rest of us, whether you are an individual consumer or a business, you should never pay a bill even if it appears legitimate unless you have verified that the bill is indeed owed.  Scammers will often send out bills that appear to be legitimate in the hope that their victims will not notice the difference between the scam invoice and a legitimate invoice.