Scam of the day – November 18, 2015 – Debt collection scams

November 18, 2015 Posted by Steven Weisman, Esq.

Debt collection scams essentially come in two varieties.  One occurs when scammers use deceptive and abusive tactics to collect on debts such as credit card debt in violation of the FTC Act and the Fair Debt Collection Practices Act.  Often these scammers misrepresent who they are, often claiming to be sheriffs or other process servers, and falsely threaten their victims with arrest and other serious consequences.  Presently the FTC is returning millions of dollars to people who were abused by Asset Capital and Management Group, in such a debt collection scam.  Victims of this particular company can get more information about receiving a check for their losses by calling 855-312-3324.  You also can click on the tab entitled “FTC Scam Refunds” at the top of this page.  I urge everyone to check out this particular tab from time to time to see if you are eligible for refunds relating to various FTC actions.

The second debt collection scam involves scammers harassing their victims about totally non-existent debts.  They manage to sound convincing to their unfortunate victims because the scammers have previously gathered much personal information about their potential victims so that when they talk to them on the phone they sound convincing and legitimate.  Using illegal collection tactics, they threaten arrest and garnishment of wages unless the victim pays the non-existent debt immediately.  Often out of fear, their victims pay.  The Federal Trade Commission (FTC) has taken action against 61 such scammers over the last three years, but the scam continues.  One particular phony debt collection scam shut down by the FTC operated out of call centers in India and scammed unsuspecting victims out of more than five million dollars before it was closed by the FTC.

TIPS

Debtors have considerable rights pursuant to the Fair Debt Collection Practices Act including the right of the debtor who may have been first contacted by phone to request that written documentation in support of the claimed debt be sent to the debtor before any further action is taken.  In addition, debtors have the right to demand that they not be contacted by phone, after which no legitimate debt collector will contact the debtor.  To do so would violate federal law.   For more information about your rights as a debtor and what to do if you are in debt or being hounded by someone posing as a legitimate debt collector you can find much helpful information by clicking on this link from usa.gov which is an interagency website for a number of different federal agencies.   https://www.usa.gov/debt

 

Scam of the day – November 17, 2015 – FTC shuts down Click4Support

November 17, 2015 Posted by Steven Weisman, Esq.

Tech support scams are a profitable way for scammers to steal your money.  I have been warning you about these scams for years.  They come in a number of different varieties including pop up ads on your computer and telephone calls purportedly from Microsoft, Apple or Google.  Recently the Federal Trade Commission (FTC) announced that, along with the Attorneys General of Pennsylvania and Connecticut, it had filed legal action against a company, Click4Support which the FTC alleges stole more than 17 million dollars from unwary consumers by pretending that they represented Microsoft, Apple and others offering unneeded tech support services.  A federal court judge has issued a preliminary injunction against Click4Support stopping their scam and freezing their assets.

Click4Support used online advertisements and popups that made them appear to be a part of Microsoft and Apple.  The ads would lure unsuspecting computer users to call Click4Support and then give Click4Support remote access to the victims’ computers for purposes of identifying viruses, malware and other problems, which were always found whether or not they actually existed.  Then Click4Support sold its services either on a one time basis or a long-term service plan at a cost that ranged from $69 to thousands.  In return, the victims actually got nothing of value and, in some instances, their computers were harmed.

TIPS

In the phone scams for tech support, it is important to remember that neither Microsoft nor Apple will ever call you about tech support so if someone represents that they are doing just that, it is a scam.  Hang up the phone.  Don’t trust popup ads for tech support service either.  If you have any concerns about your computer’s security contact a reputable computer security company using a telephone number that you have confirmed is legitimate.

Scam of the day – November 16, 2015 – FBI agent advises ransomware victims to pay the ransom

November 16, 2015 Posted by Steven Weisman, Esq.

Speaking recently at a cybersecurity conference in Boston, FBI Assistant Special Agent Joseph Bonavolonta startled many people when, in discussing ransomware, he said “the ransomware is that good.  To be honest, we often advise people just to pay the ransom.”  I have been warning you about ransomware since 2012.  Ransomware  problems start when you find your computer frozen and a message on your screen tells you that your computer will remain frozen until you pay a “ransom.”  CryptoWall and its predecessor CrytoLocker ransomware have been used effectively by criminals for years.    The most recent version of ransomware being used is called Tescrypt.  Companies and individuals have been the targets of ransomware.  In fact, a number of police departments, including the Swansea Massachusetts police department have been the victims of ransomware and actually paid the ransom.

As with many types of malware, you download it when you click on tainted links or tainted attachments, which is why I always warn you not to click on any links or download attachments unless you are absolutely sure that they are legitimate.  In many instances, the ransomware has come as hidden malware in a phony email purporting to be from Federal Express or UPS.  As we approach the holiday shopping season, you can expect an upswing in people falling for this scam and clicking on links and downloading attachments in emails purportedly from these companies related to holiday shopping.

TIPS

The best way to deal with ransomware is to avoid it in the first place.  Have a good firewall, good anti-virus and good anti-malware software installed on your computer, tablet or other devices and keep the software up to date.  However, remember that the security software companies are always playing catchup with the hackers, so your security software will not always protect you.  The latest incarnations of most malware is generally at least thirty days ahead of the security software companies so you can never rely on your security software and your firewall to keep you totally safe.   However, make sure that when security updates are available that you download them as soon as possible.  Many people become victims of older versions of ransomware because they have not updated their security software.  Also, you should always back up everything on your computer in the Cloud or on a USB drive or preferably both.  Finally, never click on links or download attachments unless you are absolutely positive that they are legitimate and the only way to do this is to confirm that they are legitimate with the real companies you think may be sending you the email before ever clicking on a link or downloading an attachment.

If you are a victim of ransomware, here are a couple of free links that may help you.   The first  is a link to Microsoft’s Malware Protection Center with links and instructions for removing ransomware infections from your computer: http://www.microsoft.com/security/portal/shared/ransomware.aspx#recover.  The second is to Malwarebytes Anti-Malware which will detect and remove malware such as trojans and spyware.  The link is www.malwarebytes.org.  Some types of malware cannot be defeated after it is installed, but it is always worth a try.  However, the best course of action to take is to avoid downloading anything unless you are confident it is legitimate and always back up all of your data both in the cloud and offline so that even if you do become a victim of ransomware, you don’t have to pay because your data is already preserved.

Scam of the day – November 15, 2015 – Bank of America phishing email

November 15, 2015 Posted by Steven Weisman, Esq.

Here is another good example of a phishing email.   It makes for compelling reading, but it is a scam.  Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.  They are a staple of identity thieves and scammers and with good reason because they work.  As always, they lure you by making it appear that there is an emergency that requires your immediate attention or else dire consequences will occur.  Here is a copy of a new phishing email that appears to come from Bank of America that is presently circulating.  This particular one came with particularly good looking graphics and a Bank of America logo, but it is a scam.

Security Alert
BankAmerica account ending in ****
Unusual account activity detected
Dear Customer,
We detected unusual activity on your Bank of America account on 11/07/2015. For your protection, please verify this activity so you can continue making transactions without interruption.
Please sign in to Online Banking or visit Online Banking at www.bankofamerica.com to review and verify your account activity, or you can call us immediately at 1.800.383.0618in the U.S.; international customers please call collect via the international operator at757.677.4701. After verifying your credit card transactions, we’ll take the necessary steps to protect your account from fraud.
If we don’t hear from you, unfortunately certain limitations may be placed on your account.
Please disregard this notice if you have already taken the required action.

Security Icon Your last sign-in was 11/07/2015
To verify that this email is from Bank of America, confirm your last sign-in date is correct. To access Online or Mobile Banking, go directly to bankofamerica.com or use our Mobile Banking App.
Remember: We never ask for private information such as an account number, card PIN, or Social Security or Tax ID number in email messages. If you think an email is suspicious, don’t click on any links. Instead, forward it to abusee@bankofamerica.com and delete it.

This is a service email from Bank of America. Please note that you may receive service emails in accordance with your Bank of America service agreements, whether or not you elect to receive promotional email.
Read our Privacy Notice.
Please don’t reply directly to this automatically generated email message.
Bank of America Email, NC1-028-09-01, 150 N College St., Charlotte, NC 28255
Bank of America, N.A. Member FDIC. Equal Housing Lender http://www.bankofamerica.com/help/equalhousing.cfm
В© 2015 Bank of America Corporation. All rights reserved

TIPS

Some indications that this is a phishing email is that the email address from which it was sent had nothing to do with Bank of America, but most likely was from a computer that was part of a botnet of computers controlled remotely by the scammer.  In addition, legitimate emails from your bank would include the last four digits of your account rather than just **** as appears in this email.  They also would not use the generic “Dear Customer,” but would rather specifically direct the email to you by your name.  As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call your bank at a telephone number that you know is accurate and you will be able to confirm that it is a scam.

Steve Weisman’s latest column from USA Today

November 14, 2015 Posted by Steven Weisman, Esq.

Here is a link to Steve Weisman’s latest column from USA Today about income tax identity theft

http://www.usatoday.com/story/money/columnist/2015/11/14/weisman-tax-identity-theft/75303596/

Scam of the day – November 14, 2015 – Facebook Secret Sister Gift Exchange scam

November 14, 2015 Posted by Steven Weisman, Esq.

It seems harmless enough when you see it come up on your Facebook page.  It is often titled the “Secret Sister Gift Exchange” and it provides you with a list of six other people.  You are told to send a gift worth at least ten dollars to the first person on the list, remove that person’s name from the list, move the second person on the list to the first position, add your name to the end of the list and then send the list to six of your friends.  In theory, you will receive thirty-six gifts for your small contribution of ten dollars.

So where is the harm?

First of all, it is a blatantly illegal chain letter and violates Title 18 of the United States Code, Section 1302.  In addition, like all chain letters, ultimately, it is destined to fail because it is a pyramid scheme where ultimately we run out of people on the planet.  It is destined to fail.

In addition, in this particular version of the illegal chain letter, you are required to provide personal information that can lead you to become more vulnerable to scams.

TIPS

Avoid all chain letters regardless of the guise under which you receive them.  They are illegal.  In addition, although this particular chain letter is turning up on Facebook pages, it is a violation of your Facebook terms of agreement, so you potentially face the loss of your Facebook account if you participate in the scheme.

Scam of the day – November 13, 2015 – Another secret shopper scam

November 13, 2015 Posted by Steven Weisman, Esq.

Although there is nothing new about secret shopper scams or mystery shopper scams as they are sometimes called, they are scams that are still constantly finding new victims.  I picked today to make this the Scam of the day because I received a scam secret shopper email that I am reproducing below:

“Perhaps, I may have a part-time job that you would find this interesting. We are looking for outstanding Brand Assessors (Secret Shoppers) to help evaluate sales performance and customer service in USA. We operate in a range of diverse business sectors, such as Retail,Hotels, Automotive, Supermarkets, Restaurants, Pub Retail, Banking and more. You will need to have a passion for standards, be conscientious,articulate, and fair. There are no hidden fees, there’s no-catch. Secret shoppers normally get paid between $250-$400 per assignment so you can earn as much as three thousand dollars a month for doing something that can make a real difference. Shoppers are expected to complete their mystery shopping assignment and fill out an evaluation form, answering questions about their shopping experience in the establishment, the quality of customer service, etc.

To start earning money immediate, reply this email with the following information below to sign up :

Full Name:
Physical
Address:
City,State,Zip,Code:
Mobile
Number:
Age:
Gender:
OCCUPATION:
EMAIL:

Thanks for responding, We will wait for your full details .

Regards,
Derrick Hay
Candidate
Recruitment
Team Secret Shopper @2015”

The manner in which the scam works is that when you answer an  advertisement or an email to be a mystery shopper, you are sent a bank check for you to deposit and use for your shopping.  You spend some of the money on the goods that you purchase which you are allowed to keep and also are able to keep some of the balance of the check as payment for your services.   You are instructed to return the balance by a wire transfer.  The problem is that the check is counterfeit, but the money you send by wire from your own bank account is legitimate and that money is gone from your bank account forever.

TIP

One reason why this scam snares so many people is that there really are mystery shopping jobs although the actual number is quite few and they do not go looking for you.  If you want to find out if a mystery shopping company is legitimate, you can contact the Mystery Shopping Providers Association which is a trade organization of legitimate mystery shopping companies.  Their website is www.mysteryshop.org.  Other indications that you are involved with a scam is when you receive a check for more than what is owed you and you are asked to wire the difference back to the sender.  This is the basis of many scams.  Whenever you receive a check, wait for your bank to tell you that the check has fully cleared before you consider the funds as actually being in your account.  Don’t rely on provisional credit  which is given after a few days, but which can be rescinded and never accept a check for more than what is owed with the intention to send back the rest.  That is always a scam.  Also be wary whenever you are asked to wire funds because this is a common theme in many scams because it is difficult to trace and impossible to stop.

Scam of the day – November 12, 2015 – New Chase phishing email

November 12, 2015 Posted by Steven Weisman, Esq.

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.  They are a staple of identity thieves and scammers and with good reason because they work.  Here is a copy of a new phishing email that appears to come from Chase bank that is presently circulating.  This particular one came with quite good looking graphics and a Chase logo, but it is a scam.
“Confirmation of Recent Account Activity –
Unable to Contact You- Action Required
Your Account Ending in *46*

Dear Customer:

As part of our commitment to help keep your account secure, we routinely verify activity that seems unusual based on your general account usage. We called you to help us verify recent activity, but we weren’t able to reach you.  If you’ve already taken the required action about this recent activity, there’s nothing you need to do at this time. Otherwise, we ask that you Follow the next required action: •Log in to your account now and follow the instructions..Click here
We are here to assist you anytime. Your account security is our priority. Thank you for choosing Chase.

Sincerely,
Chase Fraud Department

Is your contact information current? Make sure we can reach you if we notice suspicious activity on your account. Update your information by logging into your account at Click here.

ABOUT THIS MESSAGE:
This service message was delivered to you as a Chase customer to provide you with account updates and information about your card benefits. Chase values your privacy and your preferences.

If you want to contact Chase, please do not reply to this message, but instead go to Click here. For faster service, please enroll or log in to your account. Replies to this message will not be read or responded to.

Your personal information is protected by state-of-the-art technology. For more detailed security information, view our Online Privacy Policy. To request in writing: Chase Privacy Operations, PO Box 659752, San Antonio, Texas 78265-9752

© 2015 JPMorgan Chase & Co. ”

TIPS

An indication that this is a phishing email is that the email address from which it was sent had nothing to do with Chase, but most likely was from a computer that was part of a botnet of computers controlled remotely by the scammer.  In addition, legitimate credit card companies do not refer merely to the last two digits of your account in emails, but instead refer to the last four digits.  They also would not use the generic greeting “Dear Customer,” but would rather specifically direct the email to you by your name.  As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the customer service number on the back of your credit card where you can confirm that it is a scam.

 

Bottom Line Cruise to Alaska

November 12, 2015 Posted by Steven Weisman, Esq.

Join me and five other Bottom Line experts on a cruise to Alaska June 19-26, 2016!  Take charge of your health and wealth during valuable seminars and informal dining experiences.   I will be giving specific tips about how to avoid scams and identity theft schemes as well as how to protect your cybersecurity.  Cruise the Inside Passage, take in the beauty of Hubbard Glacier and explore the picturesque towns of Juneau, Ketchikan and Skagway. Come away with unique investing strategies, tactics for preserving your money, natural approaches to heart and brain health, ways to protect yourself from scams and identity theft and much more. #BLPCruise2016

 

Scam of the day – November 11, 2015 – Indictments unsealed in major cybercriminal enterprise

November 11, 2015 Posted by Steven Weisman, Esq.

Yesterday federal prosecutors unsealed a 23 count 68 page indictment of three men, Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein on charges related to a massive and intricate list of cybercrimes including, security fraud, identity theft, computer hacking, wire fraud and money laundering that earned them hundreds of millions of dollars.  Among the companies they are accused of hacking into are J. P. Morgan Chase, from which they stole personal information of 83 million people, E*Trade, Scottrade and Dow Jones.  They are accused of using the stolen data to advance securities frauds in which they manipulated the price of the stocks.  They also are accused of operating illegal online gambling websites from which they made millions of dollars every month and running their own financial operations by which they processed millions of dollars of illegal transactions for other criminals for a fee.  Their money was laundered through more than 75 shell companies, banks and brokerage accounts around the world. The indictments trace back their criminal activities to 2007.  Their actions were extremely complex and we can expect more and more details to emerge in the days and weeks ahead.

TIPS

This case again emphasizes the fact that each of us is only as secure as the places with the weakest security that hold our personal information.  However, many of the victims of the stock frauds the defendants are alleged to have committed became victims when they trusted emails that appeared to be legitimate urging them to invest in various stocks.  The lesson is to never trust an email with a stock tip regardless of from whom it appears to come.  Never invest in a stock until you have thoroughly and independently investigated it.