Scam of the day – July 30. 2017 – AOL phishing scam

Millions of people still use AOL.  One reason is that you get greater email privacy when compared to some other email carriers. Due to its popularity, scammers and identity thieves often send out phishing emails that appear to come from AOL, such as the one reproduced below.  The logo and format of this particular email that is presently circulating is quite poor.  Compare it to the excellent counterfeit phishing email I included in the Scam of the Day for May 31, 2014.  This one comes from an email address that has no relation to the company, AOL.  Further, it is not directed to the recipient specifically by name.  Like many similar scams, this one works by luring you into clicking on a link in the email in order to resolve a problem.  However, if you click on the link, one of two things will happen.  You either will be prompted to provide information that will be used to make you a victim of identity theft or by clicking on the link you will unwittingly download a keystroke logging malware program that will steal all of the information from your computer and use it to make you a victim of identity theft.   Here is how the email appears.  DO NOT CLICK ON THE LINK:
“Dear Aol User
You can not send or receive new messages until you re-validate your mailbox.
To renew the mailbox,
Click below: Login&Complete
Thank you!
Webmail Administrator.”
TIPS
When AOL communicates with its customers about their accounts, they do so by AOL Certified Mail, which will appear as a blue envelope in your inbox and will have an official AOL Mail seal on the border of the email.  This particular email had neither and only had an easy to counterfeit AOL logo appear on the email.  Whenever you get an email, you cannot be sure of from whom it really comes.  Never click on a link unless you are absolutely sure that it is legitimate.  If you think the email might be legitimate, The best thing to do is to contact the real company that the email purports to be from at an address or phone number that you know is accurate in order to find out if the communication was legitimate or not. Remember, never click on links in emails unless you have confirmed that they are legitimate.

Scam of the day – February 28, 2017 – Religious leaders being hacked by scam artists

As many of you know, one of my mottos  is “trust me, you can’t trust anyone.”  I mention this because of a recent story in the news about a Denver church pastor whose Facebook account was hacked.   When a parishioner messaged the pastor about difficulties she was having, her pastor messaged her back telling her about a grant of substantial money he had recently received and gave her the contact information for the grant issuer so she could apply for the money she so desperately needed. Of course the grant was a scam and the message to her came from the scammer who had hacked into the pastor’s Facebook account. Fortunately, in this instance, the parishioner called her pastor prior to making the payment demanded of the phony grant issuer and managed to avoid being scammed.  However, other people have not been so lucky.

TIPS

Trust me, you can’t trust anyone.  It bears repeating.  Whenever you get an email, text message or phone call, you can never be sure that the communication is coming from who appears to be sending the communication.  It is relatively easy to hack an email account, Facebook account or cell phone.  Therefore, you should never click on a link, download an attachment or provide personal information in response to any communication unless and until you have absolutely confirmed that it is indeed legitimate.

Scam of the day – January 13, 3017 – A new version of the Nigerian letter

Although it may seem as if this scam only began in earnest with the invention of email, in fact, the Nigerian email scam of today is just a variation of a scam that is more than four hundred years old when it was called “the Spanish Prisoner con.  At that time, a letter was sent to the targeted victim purportedly from someone on behalf of a wealthy aristocrat who was imprisoned in Spain under a false name.  The identity of the nobleman was not revealed for security reasons, but the victim was asked to help raise money to obtain the release of the aristocrat, who, it was promised, would reward the money-contributing victim with great sums of money and, in some versions of the con, the Spanish prisoner’s beautiful daughter in marriage.

In one of the present day typical incarnations of this scam, you receive an email in which you are promised great sums of money if you assist a Nigerian in his effort to transfer money out of his country.  Other variations include the movement of embezzled funds by corrupt officials, a dying gentleman who wants to make charitable gifts or a minor bank official who is trying to move the money of deceased foreigners out of his bank without the government taking it.  The email which I received recently and is copied below deals with abandoned property.

What all of these scams have in common is that as soon as you contact the scammer, the need for you  to provide fees for a variety of purposes becomes apparent and regardless of how much money you pay, you never receive anything.

Here is a copy of the email I recently received:

 

“Good Day!

I am contacting you regarding a special cargo that has been abandoned here at our warehouse for over a period of 2 years and when scanned, it revealed an undisclosed sum of money in it. From my findings, the cargo originated from Europe and the content was not declared as money by the consignor in order to avoid diversion by the shipping agent, and also failure to pay the special cargo non-inspection fee of 3,475  . I strongly believe the box will contain about 4.6 million or more.

In my private search for a reliable person, my proposal now is to present you as the recipient of the cargo since the shipper has abandoned it which is a possibility due to the fact it has been abandoned for a period whereby a new beneficiary can be presented to the clearance department for claim and also my position at this shipping service. I will pay for the fee and arrange for the cargo to be delivered to your address. Alternatively, I can personally bring it myself and then we share the total money in the box equally.

Regards,

Mr. Lewis Hawkins
Asst. Operations Manager
ZIM Integrated Shipping Services Ltd
Chicago (IL) Agents: 9950 W.Lawrence Avenue,
Suite 215 Schiller Park, IL 60176”

TIPS

Although it should be apparent to everyone who reads this email that it is a scam, the very outrageousness of  the email is most likely intentional because as more people become aware of the Nigerian letter scam, the scammers do not want to waste their time on potential victims who may be skeptical of their scam, so they often send out emails like these that are so ridiculous in an effort to catch only the most gullible and greedy.  Also note that the salutation does not even indicate to whom the email is being sent.  Instead, the lazy scammer merely addresses it as “Good day! ” Never  reply to emails such as this.     If you receive a particularly inventive or interesting Nigerian email, please share it with us here at Scamicide.

Scam of the day – February 24, 2016 – FTC settles with fake weight loss merchant

How could Oprah ever steer you wrong?  I first reported to you last May about Sale Slash, a company that sold phony weight loss products such as Premium Green Coffee, Pure Garcinia Cambogia, Premium White Kidney Bean Extract, Pure Forskolin Extract and Pure Caralluma Fimbriata Extracts.  Last year the Federal Trade Commission (FTC) brought legal action against Sale Slash and a number of individuals involved with the scam.  Sale Slash sent spam emails, often from hacked email accounts of your friends who were made part of a botnet of computers sending out emails appearing to come from your friends with messages, such as “hi, Oprah says it’s excellent.”  The message would also have links to phony news sites with videos of phony celebrity endorsements.  Obviously, neither Oprah Winfrey nor your friend whose email was hacked endorsed these phony weight loss products.  Now the FTC has settled the lawsuit with Sale Slash and the other defendants, closing down the scam and requiring them to turn over approximately ten million dollars to the FTC to be returned to the victims of the scam.  As further details become available as to how you can make a claim if you were a victim, I will let you know.

TIPS

The truth is that there are no quick fixes when it comes to weight loss and you should be wary of any product that promises you can lose tremendous amounts of weight quickly without dieting or exercise.  You should also be wary of any weight loss product that is sold exclusively either over the Internet or through mail-order advertisements.  It is also important to remember that no cream that you rub in your skin can help you lose substantial weight and no product can block the absorption of fat or calories.  The best course of action when considering a weight loss product is to ask your physician about the effectiveness of a particular weight loss product or program before you reduce your wallet in an effort to reduce your waistline.

Scam of the day – December 1, 2015 – Email security update scam

Today’s Scam of the day comes from the inbox for my own email.  It is a common phishing scam that attempts to lure the victim into clicking on a link contained in the email.  If the intended victim clicks on the link, he or she will unwittingly download keystroke logging malware that will enable the scammer to steal all of the personal information from your computer or smartphone and use it to make you a victim of identity theft.  This particular phishing email follows a common pattern at educational institutions or businesses where the email is made to appear as if it originated with your school’s or company’s IT department requiring you to verify your account in order to continue to use your email account. It appears to be legitimate, but it is not. Here is a copy of the email.  DO NOT CLICK ON THE LINK.

“To All Faulty\Staff
We currently upgraded our Server to 50GB inbox space. Please verify your account to validate E-space.
​Your emails won’t be delivered by our server, unless email account is verified. Protecting your email account is our primary priority. For account verification  Click on Outlook Web Access
should you have any questions please contact the IT Helpdesk.
INSTITUTE OF EDUCATION.
Copyright ©2015 ITS Help Desk.”
TIPS
Whenever you receive an email or a text message, you can never be sure who is actually sending you the email or text message.  Even if the email address of the sender is one that you know is from someone or some company you know, their email account may have been hacked and being used by the hacker to send out phishing emails.  It is just too risky to click on a link in any email or text message until you have independently confirmed that it is legitimate and, of course, you should always keep your anti-virus and anti-malware software up to date with the latest patches on all of your electronic devices, however, it is important to remember that you cannot totally depend on your security software because the best security software is always at least thirty days behind the newest malware.

September 28, 2015 – Steve Weisman’s latest USA Today column

Here is a link to Steve Weisman’s USA Today column from today’s online edition of USA Today entitled “Email Scam Hits Corporate Computers.

http://www.usatoday.com/story/money/columnist/2015/09/28/steve-weisman-cyberthieves-corporate-targets-email/72963040/

Scam of the day – July 18, 2015 – Ingenious text message gmail scam

It is not surprising that scam artists are the only criminals that we refer to as artists.  Some of their scams are truly ingenious.  Today’s scam starts when you receive a text message from Google with a verification code.  Immediately thereafter and before you can even respond to the first text message, you receive a second text message that states, “Google has detected unusual activity on your account.  Please reply with the verification code sent to your mobile device to stop unauthorized activity.”  Many people have been merely following those directions and promptly send the verification code they just received.  However, by doing so, the victim has just turned over his or her gmail account to a scammer who can scour the account for information to be used for identity theft purposes.

What actually went on was that a hacker with the victim’s email address and cell phone number went to login on the victim’s gmail account and clicked on the “Forgot password” link prompting a verification code to be sent to the victim’s cell phone.  Immediately thereafter the hacker sent the original message that appears above pretending that he or she is Google so when the victim responds by sending the verification code, he or she is actually sending it to the hacker who then uses it to access the victim’s gmail account.

TIPS

Never send a verification code to anyone through an email or a text message.  The only place you should use a verification code is when you login online.  If like the victim of this scam, you receive a verification code sent to you on your cell phone that you did not request, notify your email provider because that is an indication that someone is trying to hack into your account.

Scam of the day – March 27, 2015 – Another Nigerian letter scam

As we all know by now, the Nigerian letter scam is the name for a type of scam in which you are told that under some pretense you are to receive a huge amount of money for doing next to nothing.  Of course, once you correspond with the sender of the email, you soon learn that it takes payment after payment from you under various guises in order to receive the money and, of course, ultimately, you receive nothing, but the scammer has managed to trick you out of your money.  Here is a copy of such an email that I recently received:

“Dear Friend ,

How are you? I am sorry but happy to inform you about my success in getting those funds transferred under the co-operation of a new partner from Kosovo though I tried my best to involve you in the business but God decided the whole situations.  Presently I am in Kosovo for investment projects with my own share of the total sum. Meanwhile, I did not forget your past efforts and attempts to assist me in transferring those funds despite that it failed us somehow.

Now contact my little friend in South Africa his name is. Mr. Betrand Thando On his e-mail address; mr.betrandthando@yahoo.com  Ask him to send you the total sum of $400.000.00 (four hundred thousand usd) which i kept for your compensation for all the past efforts and attempts to assist me in this matter. I appreciated your efforts at that time very much. So feel free and get in touch with my little friend. And instruct him where to send the amount to you. Please do let me know immediately you receive it so that we can share the joy after all the sufferness at that time.  In the moment, I am very busy here because of the investment projects which I and the new partner are having at hand, finally, remember that I had forwarded instruction to my friend on your behalf to receive that money, so feel free to get in touch with him he will send the amount to you without any delay.

Thanks,
Miss. Bea.”

TIPS

This email is typical of many others and filled with poor grammar and punctuation.  In this case, the letter even speaks of previous dealings which certainly cannot be true. The story is utterly preposterous.  So who would possibly fall for this?  Only the truly gullible and that is the very strategy used by these scammers.  They do not want to waste their time on people who might eventually see through their scam so they make their plea as outrageous as possible so that if someone takes the bait, they are likely to be able to cheat that person out of their money.

By now, we all know that no one is giving you something for nothing and even the most gullible among us must ask themselves, why they were singled out for such good fortune.  The answer is that this is a scam and the best thing you can do is to enjoy the humor of these emails, but never respond to them

Scam of the day – November 6, 2014 – New Smishing scam

Smishing is the name given to text messages that lure you into clicking on links or providing personal information in response to a text message from what appears to be a trusted source, such as a company with which you do business, such as your bank.  Recently there have been a number of smishing scams in which the messages appear to be from the bank Sun Trust.  In some of the recent Sun Trust smishing scams you are prompted to respond to a feigned emergency by providing personal information such as your account number.  If you provide this or other personal information, it is used by the scammers to make you a victim of identity theft.  In other smishing scams, you are told to call a telephone number that is a toll number with charges as much as $19 per minute.  Often you are put on hold for long periods of time to increase the charges.

TIPS

Your bank is not going to contact you by a text message if there is a problem with your account.  More importantly, as I have warned you many times, you can never be sure who really is sending you an email, text message or phone call and should never provide personal information in response to such communications.  If you think that there is a possibility that the contact may be legitimate, you should call the real company at a telephone number that you are sure is legitimate to learn whether or not the original communication with you was a scam.

Scam of the day – September 1, 2014 – Phone scams

Although so much of our attention is focused on scams perpetrated on the Internet and through means of high technology, a recent survey confirmed that low technology, namely the telephone still is fertile ground for many scams.  According to the Truecaller/Harris survey more than 17 million Americans became victims of telephone scams during the past year at a cost of 8.6 billion dollars.  One specifically telephone connected scam is “cramming” where fraudulent charges are added to your phone bill and often go unnoticed by people who pay little attention to the detailed information provided in lengthy, monthly phone bills particularly for wireless service. There are many ways that these unauthorized charges make their way to a victim’s phone, sometimes, consumers actually unknowingly sign up for premium texting services that may be for things such as flirting tips, horoscopes or celebrity gossip.  Whatever the source of the charges, they are fraudulent and typically cost about $9.99 per month and continue to appear for months without end.  You can find more detailed information about cramming by putting the word “cramming” into the archives section of Scamicide.  Other telephone related fraud occurs when people provide personal information over the phone when called by scamming telemarketers or to scammers who entice or scare the person receiving the call to either provide personal information or make a payment, such as in the present scam in which you receive a call purportedly from the IRS demanding payment for outstanding taxes.

TIPS

In regard to protecting yourself from cramming, you should never click on links or sign up for anything unless you have carefully read the fine print to see what else you may be signing up for.  In fact, you should never click on links in an email or text message unless you have independently verified that it is legitimate.  As for calls from telemarketers, not all telemarketers are criminals, but unfortunately, you have no way of knowing when you receive a call whether or not the person on the other end of the conversation is indeed legitimate or not so you should never provide personal information or payment in response to a telephone call until you have independently verified the call.  You may even wish to put yourself on the federal Do Not Call list to avoid telemarketers.  If you do get a call from a telemarketer after you have put yourself on the list, you know that the person is not legitimate and you should ignore the call.  Here is a link to the Do Not Call list if you wish to enroll.  https://www.donotcall.gov/  You can still receive calls from charities even if you are on the Do Not Call List, but again, you cannot be sure that the person calling is really from the charity so never give money over the phone to a telemarketer who calls you on behalf of a charity.  It is also worth noting that when you do make a charitable donation to a legitimate charity telemarketer, the telemarketer takes a percentage of your contribution as a commission.  If you want your donation to do the most good, you should contact the charity directly to make your donation.