Scam of the Day
Scam of the day – March 26, 2023 – Major Data Breach Threatens Children
A recent data breach at iDTech a coding camp for children that provides on-campus as well as online tech and coding courses has resulted in the hacker offering for sale on the Dark Web approximately a million records including names, dates of birth, email addresses and more of hundreds of thousands of children who attended the camp. Making the matter worse is that as of today, iDTech has still not yet officially notified the parents about the data breach. Fortunately, the parents have been notified through the site Have I been Pwned (not a misprint, there is no “a”) of the data breach. According to a study last year by Javelin Strategy & Research more than 1.25 million children became victims of identity theft last year and the true number is probably much greater because in many instances child identity theft is not discovered until the child reaches age 18. Identity thieves steal the identity of a child and then run up large debts using the credit of the child, who generally does not become aware that his or her identity has been stolen until he or she reaches older teen years when the teenager might first apply for a car loan or financial aid for college.
Identity theft of children’s identities is a huge national problem. According to a study by the Carnegie Mellon CyLab, children are more than 51 times more likely to become a victim of identity theft than adults. Children are also the most common victims of “synthetic identity theft.” Many people are not familiar with the term “synthetic Identity theft,” but it poses a significant threat to many people particularly children.
Synthetic identity theft occurs when a criminal takes information from a variety of sources to create a new identity to take out loans, purchase goods and services, or fraudulently obtain credit cards. Synthetic identity thieves combine real and fake information to form a new fictional person. They may use your Social Security number and combine it with the name, address and phone number of someone else. The Federal Trade Commission (FTC) has said that synthetic identity theft is the fastest growing type of identity theft. Children are the most common victims of synthetic identity theft and it is often many years before the problem is discovered.
In synthetic identity theft criminals then build the credit score of the synthetic identity by having people use the credit cards and make regular payments until the credit score of the new synthetic identity is high enough for the ultimate payoff, which is referred to as the “bust out.” In the bust out phase, the identity thief uses the new synthetic identity to either make large purchases or take out big loans that are never paid back. Some synthetic identity thieves will take years to build the synthetic identity theft credit score by making payments on cell phone accounts, car loans and more.
TIPS
Some telltale signs of synthetic identity theft include being contacted about an account that you never opened or a debt that you didn’t incur. Also, look for aliases listed on your credit report that you do not use. A dramatic lowering of your credit score coupled with a lack of negative information on your primary credit reports are further indications of synthetic identity theft. The reason that your primary credit report will not show negative information due to synthetic identity theft is because when a criminal uses your Social Security number, but doesn’t use your name, the negative information caused by their actions does not appear on your regular credit report. Instead, the information is added to a sub-file of your credit report which will, however, cause your credit score to drop tremendously.
If you do find out that you or your children have become a victim of synthetic identity theft, notify each of the three credit reporting agencies, Equifax, Experian and TransUnion of the crime and ask them to investigate and remove the false information from your sub-files.
Parents also should, as much as possible, try to limit the places that have their child’s Social Security number and become familiar with the Family Educational Rights Privacy Act which helps you protect the privacy of your child’s school records and enables you to opt out of information sharing by the school with third parties. You also should freeze the credit reports of your children. Until 2018 there was no national law that allowed the credit reports of children to be frozen, but in the wake of the major Equifax data breach, Congress passed laws that now permit children’s credit reports to be frozen and unfrozen for free.
Here are the links to information about how to freeze your child’s credit reports at each of the three major credit reporting agencies.
https://www.transunion.com/credit-freeze
https://www.equifax.com/personal/education/identity-theft/freezing-your-childs-credit-report-faq/
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”
Scam of the day – March 25, 2023 – Increased Danger From Scammers Using AI
When I first started Scamicide more than ten years ago, “things aren’t as bad as you think… they are far worse” was prominently featured toward the top of the first page of the blog and unfortunately, that statement appears to be true evidenced by the increased use by scammers of Artificial Intelligence (AI) to help them create more convincing and effective scams.
ChatGPT, Microsoft’s popular artificial intelligence chatbot can generate articles, essays, stories and more in response to simple text prompts. It also can create more sophisticated and effective spear phishing emails that are more likely to convince an unwary targeted victim to either provide personal information that can lead to identity theft, click on a link and download dangerous malware or fall for a scam. Phishing emails that have originated overseas in countries where English is not the primary language often could easily be recognized by their lack of proper grammar, syntax or spelling, however with AI those problems are solved for the scammer and their phishing emails will now be more difficult to recognize.
We are all familiar with phishing emails which are emails that attempt to lure you into providing personal information or clicking on malware infected links. Fortunately, however, phishing emails are often easy to recognize because they may not be addressed to us personally or involve a subject matter that doesn’t relate to us. Spear phishing emails, however, are specifically tailored to appeal to the particular victim. They often address you by name and deal with subjects or companies with which you are involved or have an interest. Now, those spear phishing emails pose the threat of being even more dangerous as scammers are starting to use AI to make them even more believable.
TIPS
The best advice to avoid being a victim of a spear phishing email remains the same. B.S. Be skeptical. Following a zero trust protocol, you should never provide personal information or make a payment or click on a link in any email (or text message) unless you have absolutely confirmed that the communication is legitimate. Regardless of how legitimate it may appear, you should follow this rule.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – March 24, 2023 – Getting Scammed Through Your Smart TV
Smart TVs are terrific. Unlike old television sets that were not connected to the internet, smart TVs are connected to the internet which means that you can stream movies from Netflix and other streaming services, play video games and access a wide variety of apps. They do have a downside in that they often are gathering information about you and invading your privacy, but that is a topic for another column at another time. Today, I want to warn you about recent reports of people trying to log in to their streaming service only to find a pop-up that tells them that there is a problem with either your television or your streaming subscription. The pop-up provides either a phone number or a website to use to remedy the problem.
The problem is, however, that your smart TV has been hacked and the message is coming from a scammer. If you call the number or go to the website provided you will reach a customer service representative who asks for a small activation fee by credit card, debit card or gift card. Anytime you are asked for a payment by way of a gift card, you know it is a scam and if you provide your credit card or debit card information, the scammer will quickly proceed to run up charges. Anything that is connected to the Internet can be hacked and your smart TV is no exception, but many people don’t realize that their smart TV is vulnerable to being hacked.
TIPS
The key to hacking your smart TV is your router. Many people don’t bother to change the default password on their router and therefore leave themselves extremely vulnerable to hackers who use the readily available default passwords to get access to your router and the devices connected to it. As an additional line of defense you should also have a strong, complex password for your smart TV as well.
Also, many people ignore software updates for their smart TV although they wouldn’t do so for their computers, laptops or phones. It is important to update your smart TV’s software whenever such updates are made available to keep the smart TV more secure
If you have any thought that the pop-up may be legitimate, don’t call the phone number provided or go to the website provided. Instead call your streaming service’s customer service number which you can get from their real websites.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – March 23, 2023 – New AOL Phishing Scam
Today’s Scam of the day is about a phishing email presently circulating that attempts to lure you into clicking on a link in order to continue using your AOL account. Millions of people still use AOL. One reason for this is that you get greater email privacy when compared to some other email carriers. Due to its popularity, scammers and identity thieves often send out phishing emails that appear to come from AOL, such as the one reproduced below that was sent to me by a Scamicide reader. If you click on the link in the email one of two things can occur and both are bad. Either you will end up providing personal information to an identity thief or you will, merely by clicking on the link, download dangerous malware such as ransomware on to your phone, computer or other device. I have removed the link.
Here is the email presently being circulated.
|
||
| Dear User, Starting on March Eighth,2023. all old versions of accounts will no longer be able to log in via their email addresses due to recent security upgrades.
Follow below to Sign in and update your mailbox to avoid service interruption.
|
||
| Failure to do this, Will lead to permanent account closure
Sincerely, |
TIPS
When AOL communicates with its customers about their accounts, they do so by AOL Certified Mail, which will appear as a blue envelope in your inbox and will have an official AOL Mail seal on the border of the email. No official AOL Mail seal appears in the inbox for this phishing email. Also, this email also does not refer to you in the salutation, but merely addresses you as “Dear User.” In addition, the scammer was not very smart as the message line in the email reads “Verizon Account Management” which has nothing to do with AOL.
Whenever you get an email, you cannot be sure who is really sending it. In the case of this email, the email address of the sender had no relation to AOL and most likely was the email address of someone whose email account was hacked and made a part of a botnet of computers used by cybercriminals to send such communications. Never click on a link unless you are absolutely sure that it is legitimate. If you think the email might be legitimate, the best thing to do is to contact the real company that the email purports to be from at an email address or phone number that you know is accurate in order to find out if the communication was legitimate or not.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – March 22, 2023 – Shark Tank Endorsement Scam
ABC’s “Shark Tank” is a popular reality show where entrepreneurs present their ideas for a wide variety of products to five successful “sharks” of industry who have been successful entrepreneurs themselves. In the show the contestants vie to get the “sharks” to invest in their companies and products. Of course, anything popular with the public is popular with scammers so it is not surprising that scams have recently been turning up where scammers are attempting to lure people into buying their phony products by providing fake Shark Tank celebrity testimonials complete with doctored photos and videos. Unfortunately, it is all a scam.
TIPS
B.S. Be skeptical. Before you consider buying a product that appears to be endorsed by a Shark Tank celebrity, use your search engine to find product reviews. It also can be helpful to search using the name of the product and adding the words “scam” or “complaints” to see what you can find.
Another good way to investigate whether a product indeed was actually endorsed by Shark Tank is to to the show’s website to see a full list of all of the businesses that actually have appeared on the show. The email address is ab.com/SharkTank.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – March 21, 2023 – Police Phone Call Scam
Recently the Knoxville Tennessee Police Department issued a warning about an increase in phone scams in which the caller poses as a law enforcement officer who tells the targeted victim of the scam that there is a warrant for his arrest, but that if they immediately pay a fine by a gift card or Zelle the warrant will be dismissed While this warning was from the Knoxville Police, this scam has been widely reported around the country.
This scam may fool some people because the Caller ID of the targeted victim indicates that the call has come from the police. Regular readers of Scamicide know that Caller ID can easily be manipulated by a technique called “spoofing” to make the call appear to come from whatever number the scammer desires.
TIPS
Remember my motto, “trust me, you can’t trust anyone.” No law enforcement agency calls people to clear outstanding warrants by phone and no law enforcement agency would ever under any circumstances request a payment by way of a gift card or Zelle. Anytime you are asked to pay for anything through a gift card, you can be confident that it is a scam. Gift cards are a favorite method of payments for scammers because it can be done anonymously. Zelle should only be used to send small amounts of money to people you know well and should never be used for business transactions. Banks are refusing to refund money to people who have been scammed using their Zelle accounts.
Whenever you get a phone call, email or text message you can never be sure who is really contacting you and so if you are ever asked in any communication for a payment or personal information, you should be skeptical and never provide the information or make a payment until you have absolutely and independently confirmed that the communication is legitimate.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – March 20, 2023 – FTC Settles Claim Against Company Selling Bogus Covid-19 Products
While the instances of coronavirus (COVID-19) infections are nowhere near their levels during the height of the pandemic, the virus is still with us and continues to pose a public health threat. Unfortunately, unscrupulous companies are marketing bogus COVID cures and treatments that are totally ineffective. In the last couple of years I have reported on the efforts of the Federal Trade Commission (FTC) and the Food and Drug Administration (FDA) to stop scammers from preying on the fears of people by selling them worthless or even harmful phony cures and treatments.
Recently the FTC sued a multi level marketing company doTERRA International, LLC for its fraudulent claims that its essential oils and dietary supplements could cure, treat or prevent COVID-19. The company and its high level distributors have agreed to settle the case and will be paying a financial penalty and cease making their unfounded claims.
TIPS
As for healthcare products in general, you should be skeptical about companies that promise miraculous cures to illnesses and medical conditions. The world is full of snake oil salesmen. You should also be wary of any healthcare product that is sold exclusively either over the Internet or through mail-order advertisements. The best course of action is to ask your physician about the effectiveness of a particular product or program before you buy it.
As for the Coronavirus specifically, the best places to get reliable information are the World Health Organization https://www.who.int/health-topics/coronavirus and the CDC https://www.cdc.gov/coronavirus/2019-ncov/faq.html You also can find trustworthy Coronavirus treatment information at the website of the FDA. https://www.fda.gov/patients/coronavirus-disease-2019-covid-19-resources-patients
Scam of the day – March 19, 2023 – Adobe and Microsoft Issue Critical Software Updates
Both Adobe and Microsoft have just issued new security updates for a number of its popular software programs.
It is always important to update all of the software you use with the latest security updates and patches as soon as they are available. Numerous hacks and data breaches could have been avoided if individuals as well as companies installed security updates when they became available. Hackers take advantage of the fact that many of us procrastinate installing security software to our great detriment. The major data breach at Equifax that affected 147 million people involved a security flaw in Apache software for which a patch had already been issued months earlier, but Equifax had not yet installed.
TIPS
Here is the link to the latest Adobe security update: https://www.cisa.gov/news-events/alerts/2023/03/14/adobe-releases-security-updates-multiple-products
Here is the link to the latest Microsoft security update. https://www.cisa.gov/news-events/alerts/2023/03/14/microsoft-releases-march-2023-security-updates
Additionally, whenever possible you should choose to have all of your software updates installed automatically so you never have to be concerned about delays in downloading and installing the latest critical updates. Here is a link that informs you how to do this for your Microsoft products. https://support.microsoft.com/en-us/help/311047/how-to-keep-your-windows-computer-up-to-date
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – March 18, 2023 – Critical Vulnerability Discovered in Android Phones and More Devices
Google security researches recently discovered eighteen significant vulnerabilities in Samsung computer chips used in dozens of Android phones, wearables and cars. Four of these vulnerabilities in particular would allow a hacker to hack someone’s phone and steal all of the sensitive information in the phone without any interaction with the targeted victim. All the hacker would need to know is the targeted victim’s cell phone number.
Among the devices affected are:
Mobile devices from Samsung including those in the S22, M33, M13, M12, A71, A33, A21, A13, A12 and A04 series; Mobile devices from Vivo, including those in the S16, S15, S6, X70, X60 and X30 series; Pixel 6 and Pixel 7 series of devices from Google; any wearables that use the Exynos W920 chipset and any cars that use the Exynos Auto T5123 chipset
TIPS
Google has already developed a security update to address the vulnerability impacting its Pixel devices for two of the vulnerabilities . Here is a link to those updates https://source.android.com/docs/security/bulletin/pixel/2023-03-01
However, security patches for other affected devices have not yet been released. Until security updates are available you can defend against a hacker trying to exploit these vulnerabilities by disabling Wi-Fi calling and Voice-over-LTE (VoLTE).
It is always important to download security updates as soon as they are available for all of the software that you use to protect yourself from being attacked which is why I provide those updates regularly.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – March 17, 2023 – Tap and Glue ATM Scam
Clever scam artists, the only criminals we refer to as artists, have recently come up with a new way to steal money from your bank account through ATMs. The scam starts when you go to insert your card into the slot at an ATM, but are unable to do so which is obviously puzzling. Fortunately for you, there is a helpful stranger also at the ATM who tells you that he had the same problem, but was able to access the ATM by using the tap function that allows your card to use a radio wave to access your account without having to insert your card into the card reader. Unfortunately, you later find out that not only did you access your account, but so did the helpful stranger who had earlier plugged the ATM card slot with glue to make it unusable and then used your account to withdraw money because whenever you use the tap feature, the account remains open for more transactions unless you log out. Many people don’t think of this and merely take their card and their money and leave.
TIPS
The key to avoiding this scam is to make sure whenever you use an ATM that you affirmatively log out of the account before you leave whether you use the tap feature or not.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”