Scam of the day – Mary 5, 2017 – 10 Concerts I’ve been to Facebook scam

Facebook is very popular with the general public and anything popular with the general public becomes a popular platform for scammers.  I have written about many Facebook scams over the years, but the latest one is particularly dangerous because it appears so innocuous.  It comes up on your Facebook page under the headline “10 Concerts, but there is one act that I haven’t seen live.  Which is it?”  While this may appear harmless, the information you provide may tell more about you than the person who appears to be posting it.  It may provide information about your approximate age and preferences in music which can then be used by a scammer to send you a phishing email tailored to appeal to your particular interests that you may trust and click on a link contained in the email that contains either keystroke logging malware that can be used to steal your identity or ransomware.

TIPS

We all tend to put too much personal information on social media that can be exploited by scammers and identity thieves to our detriment.  However, if you, as many people do, find this game and other similar games to be fun to play, you may want to just adjust your privacy setting to “friends only” so that you limit who gets to see your answers.

Scam of the day – April 30, 2017 – Facebook Mother’s Day coupon scam

Mother’s Day is fast approaching and scammers are taking advantage of this with phony $50 Lowe’s coupons that are turning up on Facebook pages luring people with the promise of the free coupon into providing information to a phony survey where the only goal is to gather personal information that will be used by the scammers for purposes of identity theft. Here is a copy of the coupon as it is appearing on Facebook.

lowes coupon scam Lowes $50 Mothers Day Coupon Is A Scam

While this particular scam uses a free $50 coupon from Lowe’s as the basis of the scam, similar scams have used phony coupons for Home Depot, Target, Ikea and others.

TIPS

No company could cover the cost of giving away vast numbers of $50 coupons although sometimes participants in legitimate surveys are promised a chance to win a coupon in a drawing.  Facebook is a favorite venue for scammers to use for this type of scam because often unwary victims will unwittingly share the scam with their friends.  If you have doubts about the legitimacy of a coupon, the best place to go is to the company’s website to see what real coupons are being offered.

Scam of the day – December 12, 2016 – Secret Sister gift exchange scam

It seems harmless enough when you see it come up on your Facebook page.  It is often titled the “Secret Sister Gift Exchange” and it provides you with a list of six people.  You are told to send a gift worth at least ten dollars to the first person on the list, remove that person’s name from the list, move the second person on the list to the first position, add your name to the end of the list and then send the list to six of your friends.  In theory, you will receive thirty-six gifts for your small contribution of ten dollars.

So where is the harm?

First of all, it is a blatantly illegal chain letter and violates Title 18 of the United States Code, Section 1302.  In addition, like all chain letters, ultimately, it is destined to fail because it is a pyramid scheme where ultimately we run out of people on the planet.  It is destined to fail.

In this particular version of the illegal chain letter, you are required to provide personal information that can lead you to become more vulnerable to scams. This scam has been with us for a couple of years and resurfaces during the holidays.

TIPS

Avoid all chain letters regardless of the guise under which you receive them.  They are illegal.  In addition, although this particular chain letter is turning up on Facebook pages, it is a violation of your Facebook terms of agreement, so you potentially face the loss of your Facebook account if you participate in the scheme.

Scam of the day – August 8, 2016 – Yet another Facebook scam

During the years that I have been writing Scamicide I have written many times about various Facebook scams.  The reason for this is that with more than a billion users, Facebook is obviously popular and anything popular with that many people will be sought after as a vehicle for scammers to scam people.  Recently, I wrote about the dangers of Facebook cloning when a new Facebook account is set up using your name and information in an effort to lure people into trusting messages and links that will appear to be sent by you.  But Facebook accounts are relatively easy to hack as well with the same goal of using your name to lure someone who trusts you into becoming a victim of a scam.

I urge Scamicide readers to contact me with scams they encounter so we can share these with everyone.  Recently I was contacted by Erica Kenney who was Facebook chatting with someone that she thought was her aunt after her aunt contacted her on Facebook to wish Erica a happy birthday.  The conversation evolved into Erica’s “aunt” informing  Erica that she had just won $100,00 from the Hugh Trust Foundation and that she saw Erica’s name on the list of winners too. All Erica had to do was contact the people her aunt referred her to in order to get her prize.  Of course, if Erica had followed up on the scam, she would have either clicked on a link and downloaded keystroke logging malware that would steal her personal information from her computer and use it to make her a victim of identity theft or be tricked into providing personal information directly when she went to the website to claim her prize.  Once again, there would be no prize except the booby prize of having your identity stolen due to providing the information to the scammer.

Fortunately, Erica was too smart to fall for this scam.

TIPS

A strong password and security question can help increase your security on Facebook.  Unfortunately, however, a very simple flaw in Facebook procedures allows a hacker to get access to your account and the ability to change your password after the hacker is unable to answer your security question merely by having the hacker provide three “friends” with Facebook accounts to whom Facebook will send security codes that the hacker can use to gain access to your account and change your password.  The hacker, of course, has already set up Facebook accounts for three phony “friends” to whom Facebook will send the security codes which can be used to hack your account.  Other times, the personal information that is readily available about people on line is sufficient to answer the security question.  Regardless of how the account is hacked into, the result can bring an increased risk of identity theft to your real friends who may trust a message from you that contains a link with dangerous keystroke logging malware that can result in your real friend’s computer being infiltrated and all of the information on it stolen such as Social Security number, account passwords and credit card numbers that can result in identity theft.

Be careful what personal information you put on Facebook.  Always consider how that information can be used against you to make you a victim of identity theft.  When setting up a security question, pick an answer that is nonsensical to protect it from hackers, such as “Where did I go to High School?” with an answer of “blue.”  Finally and most importantly, never, and  I mean never, click on links in messages that you receive unless you are absolutely sure that they are legitimate.  Merely because a message appears to be from a friend does not mean that the friend actually sent it.  His or her account may have been hacked or they may even be passing on tainted material without knowing it.  Never click on a link until you are absolutely sure that it is legitimate.  Call your friend to confirm that the message was from them and confirm from where they got the link they are sending to make sure that it is legitimate.  It may seem paranoid, but even paranoids have enemies.

 

Scam of the day – February 8, 2016 – The dangers of Facebook farming

We have all seen Facebook postings urging us to click that we “like”them.  Sometimes it is an emotional appeal to show support for a sick child.  Sometimes it is to show support for a political message. Sometimes these appeals are legitimate, but unfortunately sometimes they are not.  Often they are done to take advantage of Facebook’s algorithms that value the popularity measured by likes and shares which then appear on the Facebook pages of more people.  Although the original content liked or shared may appear sincere or entertaining, the scammers who use this technique, which is called “farming,” then are able to change the content to something entirely different from what was originally shared or liked.  This can be done for purposes of sending advertising or gathering marketing information, but, at its worst, it can be used to send malware infected content that can steal personal information from your computer and use it to make you a victim of identity theft.

TIPS

So what should you do?  Posts that promise some sort of prize for sharing or liking are most likely scams. As for the other scams, you may wish to be a bit skeptical before automatically sharing or liking a post. You may wish to even do a little research yourself to find out if the posting is legitimate.    A 2007 photo of a seven year old Pennsylvania girl with Stage IV cancer posing in her cheerleading uniform has been used numerous times for Facebook farming.  Today that girl is a cancer free teenager whose family is understandably outraged that their daughter’s photograph has been abused by scammers through Facebook farming.

Scam of the day – September 26, 2015 – Employment recruiter scams

Searching for a job is much easier today with all of the resources of the Internet, however, unfortunately, it is also easier for scammers to search for victims posing as employment recruiters using the resources of the Internet.  The phony recruiters often reach out to people on social media such as LinkedIn, Twitter and Facebook.  Many people provide personal information to these scammers who then use that information to make the job seeker a victim of identity theft.  Often the scammers will copy the logo of legitimate companies so that their emails may look legitimate.

TIPS

As I always say, “trust me, you can’t trust anyone.”  You can never be sure when you receive an email, text message or communication by way of social media who is really contacting you.  For this reason, you should never provide personal information to a recruiter unless you have absolutely confirmed they are legitimate.  You can do this by contacting the HR department of the real company they may only be pretending to represent.   Real job postings can also be found on the websites of legitimate companies so if someone claims to be recruiting for a company that does not list such a job as being offered by the company on its website, you can expect that the recruiter is a scammer or identity thief.

Scam of the day – September 11, 2015 – University of Colorado warns students about sextortion

Back in the March 31st Scam of the day I warned you about the dangers of sextortion.  Sex extortion or sextortion has been around for years on the Internet with criminals tricking people into performing sexual acts online that are recorded and then used to blackmail the victims.  Now the University of Colorado Boulder Police Department is warning students about overseas criminals luring students into performing sexually acts on Skype that the criminal records and then threatens to make the videos public unless a ransom is paid.  In this latest incarnation of the scam, the criminal initially friends the victim on Facebook and gains the trust of the victim before luring him or her into compromising videos.  Investigators in Colorado have traced the particular criminal involved with their campus to someone based in Singapore.

In a twist on this scam found in the actions of other cyberextortionists, the cybercriminals  pretend that they are having audio difficulties and convince their victims into downloading a specific Android app on to their Android smartphone which they represent will remedy the problem.  However, instead of fixing the problem, the app is malware that steals all of the contact information stored on the victim’s smartphone.  The cybercriminal then threatens to send the videos to everyone on the victim’s contact list unless the victim pays a ransom.

TIPS

The best solution to any problem is to avoid the problem altogether.  If you are going to indulge in cybersex or phone sex, it should only be done with people whom you totally trust.  Engaging in such activities with strangers or people you do not know well is asking for trouble.  Also, make sure that all of your electronic devices including your smartphone and computer are protected with the latest updated security software.  Even then, however, no security software is 100% effective against the latest viruses and malware so you should never click on links or download attachments unless you have absolutely confirmed that they are legitimate and you should never download apps from anywhere other than legitimate app stores.  The risk of malware is just too high.

Scam of the day – January 9, 2015 – Post holiday delivery scam

Although the holiday shopping season is essentially over, there are still many people who may have ordered gifts at the last minute that are just starting to arrive and scammers are taking advantage of this situation.  Reports are surfacing of people receiving communications purporting to be from national retailers either by email or social media messages in which the people receiving the messages are told that their delivery is ready for pickup or delivery.  The messages and emails often look quite legitimate and carry the logo of the particular retailer from whom the message appears to be sent.  As is an essential part of this type of scam, the email or social media message contains a link which you are advised to click on for more delivery information and that is where the problem starts.  Clicking on the link either will take you to a website that asks for personal information used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will have unwittingly downloaded keystroke logging malware that will steal all of the information from your computer and use it to make you a victim of identity theft.

TIPS

Just as the IRS does not initiate contact with taxpayers by telephone so that if you get a call purporting to be from the IRS you know it is a scam, so do retailers not communicate about deliveries with customers by way of Facebook and other social media.  It certainly is important to keep track of all of your legitimate orders from retailers so if you get such an email message, you can ignore it, knowing you do not have a delivery, but even if you have any question that it may be a legitimate message, you still shouldn’t click on any link without confirming that it is legitimate and the best way to do that is to call or go to the website of the company directly at a telephone number or website address that you know is correct.  Don’t use the phone number or website address provided in the email. Remember, “trust me, you can’t trust anyone.”

Scam of the day – January 2, 2015 – AirAsia Facebook scam

Although legitimate media is reporting pieces of the wreckage as well as bodies from missing AirAsia Flight 8501 have been found, many people are falling for a Facebook scam where a link appears on their Facebook pages that promises to provide information and video from CNN indicating that the AirAsia plane had been found intact in the Philippines.  The piece appearing on Facebook pages looks like a legitimate CNN story and carries the logo of CNN, however, the AirAsia plane shown is not the missing plane, but rather a photograph of another AirAsia flight that skidded off of the runway in Malaysia in 2011.  Clicking on the video will not bring up the video.  Instead you are redirected to a phony CNN website that informs you that you need to “like” and “share” the video before you can view it.  Once you have done both of these actions, you are redirected again to another website that requires you to take a survey before you can view the video.  You are told that by taking the survey, you are eligible to win valuable prizes.  Among the information requested in the survey is your cell phone number and other personal information.  Once you take the survey, you are hooked because unwittingly what you are actually doing is signing up for “cramming” charges on your cell phone for various text message services.  If you are unfamiliar with “cramming,” check out the archives of Scamicide and put in the word “cramming.”

TIPS

Curiosity killed the cat and it can also add additional unwanted costs to your cell phone bill.  Scammers constantly take advantage of our curiosity about current news events to lure people into clicking on links that can result in your signing up for services you don’t want or need or even result in your downloading keystroke logging malware that can result in your information being stolen and you becoming a victim of identity theft.

A red flag in this particular scam is the requirement that you “like” and “share” the video before you have even seen it.  This is something you should never do.  In addition, you can never be sure that an apparent legitimate media link on your Facebook page is indeed legitimate or not so you should never click on such links for your news.  Instead, go directly to the websites of legitimate news outlets that you trust.

Scam of the day – November 9, 2014 – Teenager scams $130,000 from investors

Nineteen year old David Topping was arrested in North Carolina and charged with selling investors $130,000 of fraudulent investments.  Topping contacted his twenty victims through cold calls and social media including Facebook and LinkedIn.  He enticed his victims with promises of monthly returns of 6.24% for the investments in his company, Stark Innovations LLC which he said dealt with international trade.  He further represented to his victims that the investments were totally without risk. Finally he also represented to his victims that the company was socially responsible, giving 5% of its annual profits to local charities.  Of course the entire investment was a scam.  To make things first, Topping was not licensed to sell securities, a fact that would have been apparent to anyone who did their due diligence research and had looked him up with the Securities Division of the North Carolina Secretary of State.

TIPS

No one should ever invest in anything until they have done a due diligence investigation into both the person selling you the investment and the investment itself.  No one should ever invest in anything unless you truly understand the investment.  Legendary Warren Buffet resisted investing in high technology companies until he felt comfortable that he understood the companies  and what they did.  Many intelligent people invested with Ponzi schemer Bernie Madoff without understanding how his investments worked.  If they had investigated his strategy, it would have been apparent that it was a sham.  Why should you trust an investment being sold to you through a cold call or on social media that makes outrageous promises that are too good to be true?  Do your homework and protect your money.