Scam of the Day

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Scam of the day – December 7, 2021 – Hacker Sentenced for Stealing Millions of Dollars Worth of Cryptocurrencies.

Garrett Endicott recently was sentenced to prison for his role in a hacking conspiracy perpetrated by a criminal group known as “The Community” that stole millions of dollars worth of cryptocurrencies from their victims through SIM card swapping which gave Endicott and the other five members of “The Community” access to the cryptocurrency accounts of their victims.  SIM card swapping is a major problem.  A Subscriber Identity Module, more commonly known as a SIM card, is an integrated circuit that stores information used to authenticate subscribers on mobile devices, such as a cell phone.  The SIM card is able to be transferred between different devices, and often is, when people update into a newer cell phone.  However, as more and more financial transactions, such as online banking, are now done through cell phones, identity thieves with access to their victims’ SIM cards are also increasingly becoming able to intercept security codes sent by text messages for online banking as part of dual factor authentication and thereby providing the identity thief with the opportunity to empty their victims’ bank accounts and cause other financial havoc.

SIM card swapping or porting as it is sometimes referred to is the name for the crime where someone convinces your phone carrier to transfer your SIM card to a phone controlled by the criminal. By SIM swaps, criminals can reset passwords on online accounts and request dual factor authentication codes be sent to their phones which will render dual factor authentication useless as a security measure.  Sometimes criminals contact the mobile service providers of their victims posing as the victims and trick the mobile service provider employees to swap the SIM cards to phones controlled by the criminals  Other times criminals bribe employees at their victims’ mobile service providers to achieve the SIM swap.

SIM card swapping has resulted in huge losses including one instance in which a victim had 23.8 million dollars worth of cryptocurrencies stolen from his account by someone who accessed the account through SIM swapping that thwarted the dual factor authentication used by the victim to protect the security of the account.

In a new development the Federal Communications Commission (FCC) is proposing new regulations that will require phone carriers to better authenticate customers before redirecting a customer’s phone number to a new device or carrier.  In addition, the new proposals would require phone carriers to immediately notify its customers whenever a SIM card change is requested for their phone number.

TIPS

The best protection for your phone starts with a strong password, facial recognition or fingerprint scanner.  Also, set your phone so that it locks when you are not using it.  Make sure that you back up everything in your phone regularly. Install the Find My iPhone app if you have an iPhone or the Find My Device app if you have an Android phone.  These will enable you to locate your cellphone if it is lost or stolen and also allow you to send a command to erase everything in your cellphone even if the phone has been turned off.  If your phone is lost or stolen, you should immediately contact your wireless provider to have them disable the SIM card in your phone so that your phone cannot be used by someone else.  As for protecting your phone from cyberattacks, it is important to both download and continually update security software.

Perhaps the best thing you can do to  protect your SIM card from SIM card swapping is to set up a PIN or password to be used for access to your mobile service provider account. This will help prevent a criminal from calling your carrier posing as you and convincing your mobile carrier to swap your SIM card to the criminal’s phone merely by providing personal identifying information or answering a security question.

AT&T will allow you to set up a passcode for your account that is different from the password that you use to log into your account online.   Without this passcode, AT&T will not swap your SIM card.   Here is a link with instructions as to how to set up the passcode. https://www.att.com/esupport/article.html#!/wireless/KM1051397?gsi=9bi24i

Verizon enables customers to set up a PIN or password to be used for purposes of authentication when they contact a call center.  Here is a link with information and instructions for setting up a PIN with Verizon.  https://www.verizonwireless.com/support/account-pin-faqs/

T-Mobile will allow you to set up a passcode that is different from the one you use to access your account online.  This new passcode is used when changes to your account are attempted to be made such as swapping a SIM card.  This code will not only protect you from criminals attempting to call T-Mobile and swap your SIM card, but will also prevent someone with a fake ID from making changes to your account at a T-Mobile store.  Here is a link to information and instructions for adding a new passcode to your account. https://www.t-mobile.com/customers/secure

Sprint customers can establish a PIN that must be provided when doing a SIM swap, in addition to merely answering a security question, the answer to which may be able to be learned by a clever identity thief.  Here is a link to information about adding a PIN to your Sprint account. https://www.sprint.com/en/support/solutions/account-and-billing/update-your-pin-and-security-questions-on-sprint-com.html

For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.”  Scamicide has been cited by the New York Times as one of three top sources for information about Coronavirus related scams.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free by going to the bottom of the first page of Scamicide.com and typing in your email address where it indicates “Sign up for our blog.”

Scam of the day – December 6, 2021 – Hacked Email Account Scams

Recently I received the following email that appeared to come from a friend of mine.  I have crossed out the email address and name of my friend from the email:

“I’m sorry for any inconvenience this will cost you. I got bad news this morning that I lost a childhood friend to the deadly COVID-19. I want to support the struggling family with a small donation .So I was going to ask if you could kindly help me send out a donation to them anytime you can today, I’m having issue with my bank I contacted my bank and they told me it would take a couple of days to get it sorted I would refund you when I get it sorted soon. Kindly let me know if that will be possible.

Thanks so much, I want to donate the total of $400. Can you help me get the donation sent directly to their PayPal app account?
Here are the details
Family and Friend
xxxxx@yahoo.com
Best regards,
xxxxxxxxx”
The email came from the email address of a person who is a friend and client of mine, but it was pretty clear to me that my friend  had not sent the email.  Rather, her email had been hacked and used to send emails to people on her contact list asking for the payment.  As I often tell you, you can never be sure who is actually calling you on the phone, sending you a text message or sending you an email.  Therefore you should never give personal information, credit card information, gift card information or wire money in response to such a communication unless you have absolutely confirmed that the communication is legitimate.  Gift cards and wiring money are two of the favorite ways that people are scammed so when you are asked to provide either of those, you should always be skeptical.
But what do you do if your email account is hacked?
TIPS
Here are the steps you should take if your email account is hacked:
1.  Report the hacking to your email provider.
2.  Change your security question.  I often suggest that people use a nonsensical security question because the information could not be guessed or obtained by research online. For instance, you may want the question to be “What is your favorite color?” with the answer being “seven.”
3. Change your password on your email account.  If you use the same password for other accounts, you should change those as well.
4.  Contact people on your email list and let them know you have been hacked and not to click on links in emails that may appear to come from you.
5.  Scan your computer thoroughly with an up to date anti-virus and anti-malware program.  This is important because the hacker may have tried to install a keystroke logging malware program that can steal all of the information from your computer.
5.  Review the settings on your email, particularly make sure that your email is not being forwarded somewhere.
6.  Get a free copy of your credit report.  You can get your free credit reports from www.annualcreditreport.com.  Some other sites promise free credit reports, but sign you up for other services that you probably don’t want or need.   You should then consider signing up for an identity theft protection service if you have not already done so.
7.  If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies.  Here are links to each of them with instructions about how to get a credit freeze:

For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.”  Scamicide was cited by the New York Times as one of three top sources for information about Coronavirus related scams.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”

Scam of the day – December 5, 2021 – FTC Refunding 1.8 Million Dollars to Consumers Defrauded by Lifewatch

Scams involving medical services have been a staple of scam artists since the earliest days of time and seniors are frequently targets of scams so when you put the two together, you have the perfect storm for scams.  Although there are many companies that offer medical alert systems for seniors, there are many scammers that sell these services to unwary seniors.  So how do you tell the sales pitch for a scam medical alert company from the sales pitch for a legitimate medical alert company?  One way to tell is if the sales pitch comes via an illegal prerecorded robocall.  Since commercial robocalls are illegal, obviously a company selling you their services through this type of call has little regard for the law and you should have little regard for that company.  Six years ago I told you about one such company, Lifewatch which in 2015 was sued by both the Federal Trade Commission (FTC) and the Attorney General of Florida who alleged that the company violated the law not only through illegal robocalls, but also by alleging that the medical alert system they offered was free and already been paid for by a friend or family member when that was untrue.  They also were accused of misrepresenting that their product has been endorsed by AARP, which it was not.  Finally, they were accused of telling prospective customers that they would not be charged anything (in regard to the product that they already had been told had been prepaid) until they activated the device.  The truth, according to the FTC, is that Lifewatch charged people immediately.

Now six years later, the lawsuit has been settled with Lifewatch providing 1.8 million dollars to the Federal Trade Commission (FTC) which is returning the funds to victims of the scam.  The checks being sent by the FTC must be cashed within 90 days of the date of the check.  For more specific information about these refunds go the “FTC Scam Refunds” tab in the middle of the initial page of Scamicide.com.

TIPS

Since commercial robocalls are illegal, if a product is being pitched to you in a robocall, you can’t trust the company so why should you buy the product?  As for medical alert services, if you are considering buying one, you should first check with your physician and then check out the company with the FTC, the Better Business Bureau, your state attorney general and even by just putting the name of the company into a Google search with the word “scam” and see what come up.

Last year the FTC refunded more than 483 million dollars to scam victims, however the U.S. Supreme Court unfortunately ruled this year that the FTC does not have the authority to make such refunds from money collected by the FTC from scammers.  The FTC has asked Congress to restore the FTC’s ability to get money from scammers and return it to scam victims.  Fortunately, there is pending legislation, H.R. 2668 which would return that authority to the FTC. I urge you to contact your representatives in Congress and the Senate and tell them to vote in favor of this legislation.  Here is a link you can use to contact your representative in Congress.  https://www.house.gov/representatives/find-your-representative  And here is a link you can use to contact your senator. https://www.senate.gov/senators/senators-contact.htm

For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.”  Scamicide was cited by the New York Times as one of three top sources for information about Coronavirus related scams.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”

Scam of the day – December 4, 2021 – TSA PreCheck Scam Increasing

Scams related to the Transportation Security Administration’s (TSA) PreCheck program have recently substantially increased.  I first warned you about this last August when the scams began.  For those people unfamiliar with the PreCheck program, the TSA has a long standing program called TSA PreCheck which enables you to go through an expedited screening at the airport in special lines without having to remove your shoes, belts or jackets.

In order to obtain PreCheck status you need to both apply online and then schedule an appointment at one of 380 enrollment centers.  The in-person appointment which includes fingerprinting and a background check is generally completed in ten minutes.

Unfortunately, scammers, of course, have been taking advantage of people trying to sign up for the TSA PreCheck program and are setting up phony websites that appear to be official websites of the TSA.  They then lure you into providing personal information they use to make you a victim of identity theft as well as steal the money they charge you online for a phony TSA PreCheck enrollment.  Recently we have seen the scammers charging $140 for their worthless services.  The actual enrollment price is $70.

TIPS

Part of the problem is that some sophisticated scammers are adept at manipulating the algorithms used by Google Chrome and other search engines so that the phony websites appear high on a search.  Merely because a website appears high on a search does not mean that it is legitimate.  The only legitimate sites where you can apply for the TSA PreCheck program are https://www.tsa.gov/precheck and https://universalenroll.dhs.gov/

Also, it is important to note that when you first apply for the TSA PreCheck program, you cannot pay online.  You can register for the program, but you pay when you have your in-person appointment.  Therefore any site that asks you to pay online for your initial TSA PreCheck status is a scam.  TSA PreCheck status is good for five years, but it can be renewed.  When you renew, you can do the entire process including payment online.  The renewal process also has been exploited by scammers sending you emails posing as the TSA encouraging you to click on links to renew your status.  This is problematic since when you actually need to renew your status, you will get an email from the real TSA, however, it can be difficult to distinguish the phony TSA email from that of the real TSA so you are best checking directly with the TSA to see about renewing your status.  You can use this link to find about your present status, whether you need to renew and how to do so properly.  https://www.tsa.gov/travel/frequently-asked-questions/how-do-i-renew-my-membership-when-it-expires

For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.”  Scamicide has been cited by the New York Times as one of three top sources for information about Coronavirus related scams.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/

Scam of the day – December 2, 2021 – Return of the Secret Sister Gift Exchange Scam

Fans of the old horror movie Poltergeist 2 remember the classic line “They’re back” and so it is with the classic Secret Sister scam which returns each holiday season.   I first reported to you about this scam in 2015. It seems harmless enough when you see it come up in your email or on social media, such as Facebook or Twitter where it has increasingly been found lately.  It is often titled the “Secret Sister Gift Exchange.”   Commonly it provides you with a list of six people and you are told to send a gift worth at least ten dollars to the first person on the list, remove that person’s name from the list, move the second person on the list to the first position, add your name to the end of the list and then send the list to six of your friends.  In theory, you will receive thirty-six gifts for your small contribution of ten dollars.

So where is the harm?

First of all, it is a blatantly illegal chain letter and violates Title 18 of the United States Code, Section 1302.  In addition, like all chain letters, ultimately, it is destined to fail because it is a pyramid scheme where ultimately we run out of people on the planet.  In one particular version of this illegal chain letter, you are required to provide personal information that can lead you to become more vulnerable to scams and identity theft schemes.

Holiday pyramid schemes come in a wide variety of disguises including exchanging bottles of wine and the Secret Santa Dog scam where you are lured into sending a gift to your “secret dog,” but they all are just scams that entice you into sending gift or money to scammers while participating in an illegal pyramid scheme.

TIPS

Avoid all chain letters regardless of the guise under which you receive them.  They are illegal.  In addition, although in some instances these chain letters are turning up on Facebook pages, it is a violation of your Facebook terms of agreement, so you potentially face the loss of your Facebook account if you participate in the scheme.

For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.”  Scamicide was recently cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type your email address in the tab that states “Sign up for this blog.”

Scam of the day – December 1, 2021 – Watch Out for Holiday Gift Card Scams

Buying a gift card as a gift is both an easy way to purchase a gift for someone and a good way to make sure that the gift is something that the receiver of the gift can actually use and enjoy.  However, scammers are always ready to take any good thing and turn it into a scam. The most common gift card scam involves scammers going to racks of gift cards in stores and using handheld scanners that are easy to obtain, read the code on the strip of the card and the number on the front.  They then put the card back in the display and periodically check with the retailer by calling its 800 number to find out whether the card has been activated and what the balance is on the card.  Once they have this information they either create a counterfeit card using the information they have stolen or order material online without having the actual card in hand.

In some instances, the scammers don’t even bother to scan the barcode, but rather use what is called a brute force attack by using software that will try out huge numbers of possible bar code numbers and PINs to see if any of them match legitimately issued gift cards.  They strike gold when they find one or more that match legitimate cards.

Another gift card scam occurs when scammers place a sticker with the barcode of a a gift card that the scammers possess over the actual barcode of the gift card in the rack.  Thus when the card is taken by the gift card purchaser to the checkout counter to have the card activated, the funds used to purchase the gift card are credited to the card of the scammer.  It is not until the gift card purchaser tries to use his or her card that it is discovered that there are no funds credited to the card.

Some retailers, in an effort to reduce gift card fraud put a PIN on the gift card so that if the card is used online, the user must have access to the PIN which is generally covered and must have the covering material scratched off in order to be visible.  Unfortunately, many purchasers of gift cards are not aware of this so they don’t even notice that the PIN on the card that they are purchasing has already had the covering material scratched off by the scammer who has recorded the PIN.

Finally, you may be tempted to buy a gift card at a discounted rate at one of many online sites that enable people to sell their unwanted gift cards from particular retailers.  While there are many legitimate sites that will allow you to do this, it is not a good idea to buy a card from these sites because the card you buy may have been stolen or the value of the card may already have been used.

TIPS

When buying a gift card, only purchase cards from behind the customer service desk and if the card is preloaded, always ask for the card to be scanned to show that it is still fully valued.  This avoids all of the problems of tampering with the card before it is sold.

Always inspect the card carefully to make sure that the barcode has not been tampered with in any fashion and that the PIN is still covered.

For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.”  Scamicide has been cited by the New York Times as one of three top sources for information about Coronavirus related scams.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/

Scam of the day – November 30, 2021 – New Danger Discovered in Online Shopping

Britain’s National Cyber Security Centre recently identified more than 4,000 online retailers who had their payment systems hacked in a manner that enabled the hackers to steal credit card and debit card information used by unwary online shoppers.  Most of the hacked retailers were small and medium sized businesses and all of them had not updated their card processing software with already issued security patches.  The particular software that was hacked was an e-commerce platform called Magento which is used not only in the United Kingdom, but also extensively in the United States as well as Germany, the Netherlands, Brazil and Italy.  With online shopping expected to be extensive during the holiday season it is critical that online merchants make sure that they install security updates as soon as they become available.

But what should we as shoppers do?

TIP

As a consumer, you can never be sure as to whether the site where you are doing your online shopping is using software that is vulnerable to being hacked so the most important thing you can do to protect yourself is to use your credit card rather than your debit card for online shopping. The holder of a credit card used for fraudulent purposes cannot be assessed more than $50 for such use and most credit card companies charge nothing. However, the potential liability of a person whose debit card has been compromised can reach his or her entire bank account tied to the card if the card owner does not report the crime promptly and even if the card owner does report the theft promptly, the debit card owner’s access to his or her own bank account is frozen while the bank investigates the crime.  While using your chip credit card in a brick and mortar store will provide you with protection even if the store’s card processing equipment is hacked, the chip cannot be used for online purchases so it is critical that you use your credit card for purchases rather than your debit card.

For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.”  Scamicide was recently cited by the New York Times as one of three top sources for information about Coronavirus related scams.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”

Scam of the day – November 29, 2021 – Auto Loan Refinancing Scams

People who are having difficulty paying their car loans often turn to companies that promise that they can get their payments lowered.  While some refinancing companies are legitimate, many unfortunately are scammers who make big promises and take your money, but provide no services in return.

These scammers lure people by representing that they have strong relationships with the lenders when the truth is that they have no relationships with the lenders.  Their ads often feature testimonials from “satisfied’ customers, but these testimonials are bogus.  They often appear to offer a money back guarantee, but the guarantee is worthless.  Once someone is lured into doing business with one of these scam auto loan refinancers, the soon-to-be scam victim is told that they have to pay a few hundred dollars as an “enrollment fee.”  Often the scammers tell you that you should stop making your car payments while the company negotiates on your behalf or, even worse, some of the scammers tell you to make your payment to the scammer who promises to pay your lender on your behalf.

The truth is that these scammers aren’t negotiating with anyone.  They money you pay as an enrollment fee gets you nothing, but a reduced bank account and money you pay to the scammer that the scammer represents will be paid on your behalf to the lender is pocketed by the scammer.

TIPS

It can be difficult to initially determine if a company offering auto loan relief is a scammer, however an easy way to tell if it is a scam is through the requirement of an advance fee before services have been rendered.  Regardless of whether this advance fee is called an “enrollment fee” or something else, it is a violation of federal law for any company to charge you any kind of advance fee for an auto loan renegotiation before providing any results.

When considering whether to use a particular company for debt relief services, you should do a search engine search and see if there have been complaints or allegations of fraud against them.  You also can check with the Federal Trade Commission or your state’s Attorney General to find out if any legal action has been taken against them.

Finally, if you do have trouble making your car payments, the best thing you can do is to contact your lender directly to see what options they may provide.  Some will add payments to the end of the loan or extend the term of the loan.  Unfortunately, despite what scammers will tell you, lenders rarely reduce the interest rate on their loans.

For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.”  Scamicide was cited by the New York Times as one of three top sources for information about Coronavirus related scams.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”

Scam of the day – November 28, 2021 – Beware of Phony Police and Firefighter Charities

The holiday season is a time when many people give to charities.    In particular, you will most likely be contacted by numerous people soliciting charitable contributions on behalf of organizations purporting to support the brave men and women who make up our police and fire departments.  Unfortunately, many of those solicitations will be from scammers merely looking to steal money under false pretenses.  Whenever you are solicited by phone, you can never be sure who is really contacting you.  Even if your Caller ID indicates that the call is coming from a legitimate source, as I have mentioned many times scammers use a simple technique called “spoofing” to manipulate your Caller ID to make their calls appear to come from a legitimate source when the truth is that the call is coming from a scammer.  In addition, even if you are on the Federal Do No Call List, the law permits charities to call you, however, unfortunately you can never be sure when you receive a call that purports to be from a charity whether the call is legitimate or not.  Similarly when you receive a text message or email solicitation for a charity, you have no way of knowing if the solicitation is from a scammer or a legitimate charity.

TIPS
Phony charities often have names that sound legitimate and it is difficult to know merely from a solicitation whether or not the charity is a fake.  Other times, scammers will use the name of a legitimate charity when they solicit you by phone, email or text message and you can never be sure when you are contacted by email or text  message whether or not the solicitation is legitimate.  Prior to giving to any charity, I suggest you first look into whether indeed the charity is legitimate or not and the best way I know to do that is to go to http://www.charitynavigator.org where not only can you find out whether the charity is a scam, but also whether or not your donation will be tax deductible,  how much of your donation goes toward the charitable purposes of a legitimate charity and how much goes toward salaries, administrative costs and fund raising.  Charitynavigator.org will also give you access to the websites and phone numbers of legitimate charities you may wish to consider giving to so you can feel confident when you make a gift that it is going to the right place.

For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.”  Scamicide has been cited by the New York Times as one of three top sources for information about Coronavirus related scams.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/

  • Categories