Scam of the day – February 16, 2017 – New twist on mail theft

Identity theft is a high tech, low tech and no tech crime and while we often tend to focus our attention on high tech identity theft tactics such as spear phishing, no tech tactics such as fishing for mail with a plastic bottle covered in glue that is lowered into blue public mailboxes to capture mail being sent with checks is making a comeback.  In the Bronx, New York just in the last year police and postal inspectors have made about 150 arrests according to Donna Harris of the U.S. Postal Inspection Service.

I have warned you for years about leaving mail with checks or credit card information in your personal mailbox outside of your home with the flag raised to alert your postal carrier that there is mail in your box to be retrieved is a bad idea because it also alerts identity thieves who can easily steal the mail.  Once they have the checks, they can “wash” the name or even the amount of the check and make the check payable to the thief. They also can use the account number of your check to create counterfeit checks to access your checking account.


This is an easy crime to avoid.  The best course of action is to pay your bills electronically and avoid the problem altogether.  However, if you cannot do so or prefer to send a paper check by mail, you should use a gel pen that is not easily “washed” to write your checks and you should mail envelopes with checks in them directly from inside the post office.

Scam of the day – February 15, 2017 – FTC gets court order halting phony rental property scam and free credit reporting scam

The Federal Trade Commission (FTC) has obtained a temporary restraining order against Credit Bureau Center LLC, Michael Brown, Danny Pierce and Andrew Lloyd as a part of its legal action against them on charges that they operated scams involving phony rental property advertisements and offered “free” credit reports for which they charged monthly amounts to their victims’ credit cards.

According to the FTC, the scammers placed Craigslist advertisements for rental properties they were not authorized to represent and in some circumstances even placed advertisements for properties that did not even exist.  When people responded to the ads, the victims were told that before they could see the properties they had to get a free credit report from the defendants’ websites’, and in order to qualify to be considered for renting the properties.  The “free” credit reports, however, were far from free because the fine print in the agreement to obtain the “free” credit report required the victim to enroll in a credit monitoring service with a continuing monthly charge of $29.94.  According to the FTC, the victims never were shown properties even after getting the required credit report and the scammers ignored all communications from their victims after the victims signed up for the credit monitoring service.


Advertisements for rental units and vacation rentals that are not owned by the scammers placing the advertisements is a common scam.  It is easy for scammers to get photos and other information about rental units and vacation rentals from legitimate websites and post them to lure victims into sending money to the scammers as a deposit.

A good way to protect yourself from this type of scam is to do a Google or other search engine search with the address of the property to see where it may turn up and who is listed as the owner.  Another good source of information is to go online to the Tax Assessor for the city or town where the property is located and confirm that the name of the property owner matches the name of the person attempting to rent you the property.

In regard to “free” credit reports, you should never have to give a credit card number for a free service although often scammers require this.  You should also carefully read any contract you make.  There rarely is anything fine in fine print.  The victims of this particular scam would have seen that they were signing up for a recurring charge if they carefully read their contract.

Finally, carefully monitor your credit card statements and bank accounts often to discover fraudulent charges as soon as possible.

Scam of the day – February 14, 2017 – FTC issuing refunds to buyers of indoor tanning system

Today being Valentine’s Day is probably a good time to tell you that the Federal Trade Commission (FTC) is now mailing 2.59 million dollars of refunds to the purchasers of the Mercola indoor tanning systems, which was represented by Mercola to not only provide you with an attractive, healthy tan, but also be safe, not increase your risk of melanoma, and even reverse the appearance of aging.  The FTC sued Mercola over these false and misleading representations.

Unfortunately, the truth is that we need to adjust our thoughts on the attractiveness of a tan because there is no such thing as a healthy tan and no tanning system can avoid the risk of melanoma or reverse the appearance of aging.

In 2016, the FTC settled its complaints against Dr. Joseph Mercola and his indoor tanning system companies, D-Lite, SunSplash and Vitality.  Now the FTC is mailing refund checks to the customers of these companies who bought the indoor tanning systems after January 1, 2012.


Customers of Dr. Mercola who completed a claim form prior to October 31, 2016 will be receiving refund checks averaging about $1,897.  If you receive a check you should cash or deposit it within sixty days.  No fee is required to be paid in order to be eligible for or receive one of these refund checks.  For more information, click on the tab at the top of this page that reads “FTC Scam Refunds.”

Scam of the day – February 13, 2017 – Man sues Verizon for failing to prevent him from committing identity theft

In a rather unusual lawsuit, to say the least, James Leslie Kelly who is serving a ten year sentence for identity theft has filed a civil lawsuit against Verizon Wireless seeking 72 million dollars that he claims is owed him because, he alleges, Verizon Wireless was negligent in failing to recognize that he had stolen the identity of someone with a similar name when Kelly stole $300 worth of products and services from Verizon Wireless using his victim’s name.

Kelly’s self prepared lawsuit most likely will be dismissed without a trial.


As outrageous as Kelly’s lawsuit is, there is a lesson to all of us, which is that even if you take all the steps you can to protect yourself from identity theft, you are only as safe as the places that have your personal information and accounts with the weakest security and while I am not passing any judgment on whether Verizon Wireless should have done a better job of protecting the real victim of identity theft in this case, I am telling everyone that, as much as possible, you should limit the places that have your personal information and monitor all of your accounts often in order to recognize when your personal security has been breached.

Scam of the day – February 12, 2017 – Data breach at InterContinental Hotels

InterContinental Hotels became the latest hotel chain to disclose that it had been hacked by cybercriminals stealing credit card and debit card information, joining Kimpton Hotels, Marriot Hotels, Hyatt Hotels, Trump Hotels, Hilton, Mandarin Oriental and White Lodging which all suffered data breaches during the past year.  Trump Hotels was hacked twice in the last year.

According to a statement released by InterContinental, credit card and debit card processing equipment was infected with malware at restaurants and bars at their hotels between August and December of 2016. The full extent of the data breach has not yet been determined.  For a list of the affected restaurants, you can go to this link.

It is not known yet whether the data breach is related to the hacking by the Russian organized crime group Carbanak, that, as reported recently by Brian Krebs managed to install malware into the credit and debit card processing equipment manufactured by MICROS used in hotels around the world.

The primary reasons for the continuing problem of data breaches at hotel chains are the weak cybersecurity of many hotel chains coupled with these companies still using credit card and debit card processors for cards with magnetic strips rather than the safer smart EMV chip cards.  Regulations effective October 1, 2015  mandated credit card issuers and retailers switch over to the new smart EMV chip cards or risk increased legal liability, but unfortunately, many companies have been slow to switch to the new card processing equipment.  If smart EMV chip cards had been used at the bars and restaurants at the InterContinental hotels, the card information that was stolen would have been worthless, but since they still used the old fashioned magnetic strip cards, InterContinental and its customers face financial problems from this data breach.


Until credit card issuing companies and brick and mortar stores and businesses that take credit cards switch to the new smart EMV chip cards, this story will, as I predicted  more than a year ago, continue to occur again and again.  As for us, as consumers, the best thing we can do is to refrain from using our debit cards for anything other than an ATM card because consumers whose debit card security has been breached are not protected as much as when a credit card is used for fraudulent purchases.  In addition, if you do not already have a new smart EMV chip card, you should demand one from your credit card company.  You also should regularly monitor your credit card statements for indications of fraudulent use.


Scam of the day – February 11, 2017 – Arby’s suffers major data breach

Fast food company Arby’s became the latest announced victim of a major data breach which appears to have occurred between October 25, 2016 and January 19, 2017, but was only disclosed by the company yesterday.  The data breach which affected hundreds of the company owned stores, but not those of franchise owners may have resulted in more than 335,000 credit and debit cards being compromised.

As is often the case, the data breach was originally discovered by a bank which first found a pattern of fraudulent credit card use and was able to trace the source back to Arby’s restaurants.  In this case PSCU, a credit union service group for more than 800 credit unions uncovered the fraud.

At the present time it has not been determined how the point of sale credit and debit card processing equipment was compromised with the malware that was downloaded to the equipment to steal the credit and debit card information.  Often the problem can be traced back to spear phishing.


This type of data breach continues to occur as many retail stores and restaurants still have not replaced their magnetic strip credit and debit card processing equipment with EMV chip card processing equipment. Whenever possible you should use your EMV chip card and never use your debit card for a retail purchase because the consumer protection laws regarding debit card fraud are not as strong as the laws protecting consumers from credit card fraud.

Anyone who has used their credit card at an Arby’s restaurant between October 25, 2016 and January 19, 2017 should carefully monitor their credit card statements for evidence of fraudulent use and if you find it, you should report it immediately to your credit card company.  If you used a debit card at an Arby’s restaurant during that time period, you should monitor the bank account attached to the card particularly carefully and refrain from using your debit card for retail purchases in the future.

Scam of the day – February 10, 2017 – Valentine’s day scams

Valentine’s day is rapidly approaching.  Valentine’s day is a very important day to many people including scammers and identity thieves who always manage to find an opportunity in whatever is going on to scam you out of your money.  There are many Valentine’s day scams, but the most prevalent are phony florists, online dating scams, phony Valentine’s day electronic greeting cards and delivery scams.

Scammers set up phony florist websites or send you an email purporting to be from a local florist with a great deal you merely have to click on in order to save a great deal of money on flowers.

Online dating scams are plentiful with most revolving around scammers quickly professing true love for you and then asking for money.

Electronic greeting cards are a great way to send a Valentine’s day card at the last minute when you forgot to get one ahead of time, but phony electronic greeting cards can be filled with malware and if you click on the link to open the card, you will infect your computer or other electronic device with malware that will steal your personal information and use it to make you a victim of identity theft.

A common delivery scam operating on Valentine’s day involves a delivery of a gift basket of wine and flowers to you, however the person delivering the gift basket requests a small payment, generally five dollars or less, as a delivery fee because alcohol is being delivered.  The person delivering the basket will only accept a credit card as payment.  When you turn over your credit card, the scammer then takes down the information and runs up charges on your credit card.


Never trust an online florist or other retailer until you have checked them out to make sure that they are valid.  Otherwise, you might be turning over your credit card information to a scammer.  It is also important to remember, as I constantly warn you, that you can never be confident when you receive an email, particularly one with a link in it or an attachment to download, if the person sending you the email is who they claim to be.  Clicking on links sent by scammers can download keystroke logging malware on to your computer or other electronic device that will, in turn, enable the identity thief to steal personal information from your computer and use it to make you a victim of identity theft.  Always confirm the legitimacy of an email or text message before clicking on links contained in the message.

As for online dating scams, of course you should be wary of anyone who immediately indicates he or she is in love with you and then asks for money.  Some other telltale signs of an online romance scam include wanting to communicate with you right away on an email account outside of the dating site, claiming to be working abroad, asking for your address and poor grammar which is often a sign of a foreign romance scammer.  Many romance scams originate in Eastern Europe.

Never trust an online greeting card, particularly if it does not indicate from whom it is being sent.  Be very wary of a card sent by “an admirer.”  Even if you recognize the name, confirm that it was really sent from that person before you click on the link and open the card.

In regard to the delivery scam, there is no special delivery charge for alcohol so if someone requires a payment for such a delivery and on top of that won’t accept cash, merely decline the gift.

Scam of the day – February 9, 2017 – Latest software security updates from the Department of Homeland Security

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  These new updates from the Department of Homeland Security includes a critical update for WordPress which is the program used by many people to create websites.


It is helpful, whenever possible to choose the option to have your computer, smartphone and other devices automatically install security updates when they become available.

Here are the links to the recent security update as posted by the Department of Homeland Security:

Scam of the day – February 8, 2017 – CFPB accuses company of scamming 9/11 victims

Yesterday, the Consumer Financial Protection Bureau (CFPB) filed a lawsuit against RD Legal Funding LLC, two related companies and their founder Roni Dersovitz accusing them of scamming 9/11 victims and National Football League (NFL) concussion victims out of millions of dollars that the 9/11 victims were to receive under the Zadroga Fund established by Congress to help first responders to the attacks on the World Trade Center in 2001 and the NFL concussion victims were to receive pursuant to the NFL’s class action settlement regarding concussion injuries suffered by former NFL players.

RD Legal is a company that provides advance payments to consumers eligible to receive payments from various lawsuit settlements or victims compensation funds, which is a legal activity.  However, the CFPB and the New York Attorney General allege in their complaint that RD Legal lied to its victims about the terms of their contract with RD Legal as well as about the ability of RD Legal to speed up the processing of its victims’ claims. The CFPB also alleges that RD Legal misled its victims as to when they would actually receive compensation and charged illegally high interest to their victims.  In some instances, according to RD Legal, the company collected twice as much money from their victims than they originally advanced months earlier.


These types of contracts are exceedingly complex and no one should ever sign an agreement assigning rights to payments to be received in regard to a lawsuit settlement or a victims’ compensation fund unless they have had the contracts extensively reviewed by a lawyer.