Scam of the Day

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Scam of the day – August 7, 2022 – Bank Remote Access Scam

Remote access scams are increasing and when a scammer posing as your bank lures you into providing remote access to your bank account, the result can be disastrous.  In one instance, the scam started with a phone call from a scammer posing as an employee of Avast, a popular security software company.  The scammer told his victim that due to the Coronavirus, the company could not continue to provide services to him and that they would be refunding him $500.  The scammers then told him that they had mistakenly refunded thousands of dollars into his account and therefore needed to get remote access to his bank account in order to withdraw the excess amount “mistakenly” sent to him.  The victim fell for the scam and provided them remote access to his account whereupon they emptied all of his bank accounts.  By the time the victim realized he had been scammed and reported it to his bank, the money had been already withdrawn from both his bank and the bank to which the scammers had the funds in his account transferred.

TIPS

Whenever you get a phone call, you can never be sure who is really contacting you. Even if your Caller ID indicates the call is legitimate, scammers can use a simple technique called “spoofing” to manipulate your Caller ID so that the call looks legitimate when it is not.  It is highly unlikely that any company is going to call you to tell you that they are sending you a refund and even if one did, you could not trust that the call was legitimate.

Even if you thought that the call was legitimate, you should still hang up and call the real company at a telephone number that you know is correct to determine the truth.

Most importantly, never give anyone remote access to your bank account by providing your username and password.  In addition, you should use dual factor authentication on your online banking account so that even if someone got your username and password they could not access your account.

Finally, even if everything the scammer said were true, there would be no reason for anyone to give the scammer remote access to their bank account.  The person being targeted could refund the money himself or herself without having to give access to the account to a stranger.

If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”

Scam of the day – August 6, 2022 – FTC Refunding Money to Victims of Phantom Debt Collection Scam

Receiving a telephone call from a debt collector is not a pleasant experience. Being hounded by someone attempting to collect a debt you do not owe constitutes fraud. In 2019 the Federal Trade Commission (FTC) settled a complaint that it had brought against the operators of several phony debt collection services using names such as GAFS Group, Global Mediation Group and Mediation Services and now the FTC is sending money to the victims of the scam by either a PayPal payment or a check in the mail.

These scammers used false claims and threats to compel people to pay debts which were largely either non-existent or which the defendants had no authority to collect. They also violated federal law by illegally failing to provide proper notices and disclaimers also required by federal law.

TIPS
Subject to strict federal laws, legitimate debt collectors are permitted to call debtors, however, the law prohibits them from threatening imprisonment for the failure to pay a debt and attempting to collect a debt that the debt collector knows is bogus. The law also prohibits debt collectors from communicating information about a debt to the consumer’s employer although they can contact the employer merely to obtain contact information about the employee

It can be difficult to know when someone calls attempting to collect a debt if indeed they are legitimate or not, so the best course of action if you receive such a call is to not discuss the debt with the person calling, but instead demand that they send you a written “validation notice” by regular mail which describes the debt they allege you owe and includes a listing of your rights under the Federal Fair Debt Collection Practices Act.

Never give personal information over the phone to anyone who calls you attempting to collect a debt. You can never be sure who they are.  If you receive the validation notice and it appears to be legitimate, you may be better off contacting your creditor directly because the person who called you may not be representing the creditor, but may merely have information about the debt.

For more information about the GAFS refunds, you can call the refund administrator at 866-948-2713

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”

Scam of the day – August 5, 2022 – Mystery Shopper Scams Continue

I have written many times over the last ten years about the mystery shopper scam because it continues to ensnare unwary victims. Unfortunately, these scams continue to be effective and are increasing in number so it is important to remind you about them again.   Mystery shoppers are people hired to shop at a particular store and report on the shopping experience for purposes of quality control. Unlike many scams, there actually are legitimate mystery shopper companies, but they never advertise or recruit through emails, text messages or letters.

The manner in which the scam generally works is that when you answer an advertisement, or respond to a letter, email or a text message to become a mystery shopper, you are sent a bank check. You  deposit the check into your own account and spend some of the money on the goods that you purchase which you are allowed to keep and also are directed to keep some of the balance of the check as payment for your services. You are instructed to return the remaining funds by a wire transfer.

In a recent Walmart themed mystery shopper scam, the targeted victim was sent a legitimate appearing, but counterfeit check for $2,940 and told to keep $540 as payment and then go to the nearest Walmart and use the remainder of the check to buy six $400 Kroger gift cards and provide the numbers to the scammer.  The scam victim was then told to keep the gift cards for their next assignment although there never is another assignment and the scammers use the numbers on the Kroger gift cards to make purchases, making the actual cards worthless.  The victim of the scam loses the $2,400 used to purchase the gift cards from the victim’s own bank account when the check bounces.

Recently,I received the following text message attempting to lure me into a mystery shopper scam.  I disarmed the link. “We have a store evaluation job near you.  Pay is $400 per evaluation and additional benefit, to participate fill the form https:xxxxxxx.”

TIPS

One reason why this scam fools so many people is that there really are mystery shopping jobs although the actual number is quite few and the companies that do mystery shopping do not go looking for you. A firm indication that you are involved with a scam is when you receive a check for more than what is owed you and you are asked to wire the difference back to the sender. This is the basis of many scams. Whenever you receive a check, wait for your bank to tell you that the check has fully cleared before you consider the funds as actually being in your account. Don’t rely on provisional credit which is given after a few days, but which will be rescinded once a check bounces and never accept a check for more than what is owed with the intention to send back the rest. That is always a scam. Also be wary whenever you are asked to wire funds or send gift cards because this is a common theme in many scams because it is difficult to trace and impossible to stop. Legitimate companies do not use gift cards as payments.

For more information about legitimate mystery shoppers, you can go to the website of the Mystery Shopping Professional Association https://www.mspa-americas.org/scam-alerts/

If you receive a mystery shopper scam solicitation or check through the mail you can report it to the United States Postal Service at
http://about.usps.com/publications/pub300a/pub300a_tech_024.htm

You also can report the scam to the Federal Trade Commission (FTC) which investigates these scams at https://www.ftccomplaintassistant.gov/#crnt&panel1-1

If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”

Scam of the day – August 4, 2022 – Phony Coupon Scams

Everyone loves coupons and like many things in our lives, coupons which used to be found commonly in newspapers and magazines have migrated online.  In recent years scammers have been perpetrating phony coupon scams on social media.  Among the companies affected by these phony coupons were Bath and Body Works, Costco, Aldi, Starbucks and Trader Joe’s. As I have warned you many times in the past, Facebook has become a hotbed for phony online coupons. The phony coupons looks quite legitimate which means nothing because it is very easy to copy the company logos and make the coupons appear to be genuine.

The way that many phony coupon scams work is that in order to qualify for the coupon, you must complete a survey in which you are required to provide much personal information that is used to make you a victim of identity theft. In other versions of the scam, the scammer actually asks for your credit card numbers. In yet another version of the scam you are required to buy many costly items in order to claim your “free” coupon. Many of the coupon scams also require you to forward the coupon to friends which make the phony coupons appear more trustworthy when they are received by your friends. Ultimately, in all of these scams, the coupons are worthless and you get nothing but the opportunity to become a victim of identity theft.  Here is  a copy of a phony coupon appearing online.  It was provided by the Identity Theft Resource Center.

A screenshot of a Facebook post showing the fake Costco coupon used by scammers. (Identity Theft Resource Center)

TIPS

If the coupon appears too good to be true, it usually is a scam. No company could cover the cost of giving away vast numbers of $75 coupons although sometimes, participants in legitimate surveys are promised a chance to win a prize in a drawing.  Facebook is a favorite venue for scammers perpetrating this type of scam because often unwary victims will unwittingly share the scam with their friends.  One way to determine if a coupon is legitimate is to look for the expiration date found on most coupons.  The phony Costco coupon shown above like most phony coupons does not carry an expiration date. The best place to go to find out if a coupon is legitimate is to go to the company’s website to see what real coupons are being offered.

If you are not a subscriber to Scamicide.com and would like to receive  free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”

Scam of the day – August 3, 2022 – Pandemic Scammers Ordered to Make Refunds to Customers

Since the start of the pandemic, many people turned to online merchandisers to buy Personal Protective Equipment (PPE) such as masks, face shields and sanitizers.  Unfortunately, some online merchandisers who promised customers quick delivery either did not deliver the products in a timely fashion, or, even worse, failed to send anything at all.  In August of 2020 I told you that the FTC filed lawsuits against the companies Glowyy and American Screening, LLC alleging these companies failed to deliver their products as advertised and in some instances did not deliver the products at all.  According to the FTC, these companies also failed to notify customers of delayed shipments, failed to offer refunds, failed to honor refund requests and in some instances sent defective items.

Federal law requires a seller to ship orders within the time indicated in their ads or within 30 days if no time is indicated in the advertisement.  In addition, if a seller doesn’t ship within the promised time, the seller is required by law to offer customers the opportunity to cancel their orders and receive a full refund.

Now two years later, the FTC has won its cases against both Glowyy and American Screening.  Pursuant to the court’s judgment they will be required to pay more than 17.6 million dollars to the FTC to be refunded to defrauded customers.  As more details become known about the specifics of the refund program, I will report them to you.

TIPS

It is always a good idea when ordering something online from a company with which you are unfamiliar to do a search engine search in which you type in the company name with the words “scam” or “complaint” and see what comes up.  Also whenever you buy anything online, you should not use your debit card, but instead use your credit card.  Federal law provides you with the right to dispute charges for late shipments and have the charges removed from your credit card while debit cards do not provide the same protections.

For those of you receiving the Scam of the day through an email, I want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.”  Scamicide was cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”

Scam of the day – August 2, 2022 – Virginia State Police Warn About Phone Scam

Recently the Virginia State Police issued a warning about an increase in phone scams in which the caller poses as a law enforcement officer who tells the targeted victim of the scam that his or her identity has been stolen and used by someone who has committed a crime using their name and that there is an arrest warrant for the targeted scam victim.  The scammer then goes on to tell the targeted victim that the criminal charges will be dropped if the targeted victim makes a payment either through wiring funds or by sending gift card information.  While this warning was from the Virginia State Police, this scam has been widely reported around the country.

While the premise of the script used by scammers sounds ridiculous, including the fact that if the officer knew that the crimes were committed by someone using someone else’s name, how could the victim of identity theft be legally responsible, the scam may fool some people because the Caller ID of the targeted victim indicates that the call has come from the police.  Regular readers of Scamicide know that Caller ID can easily be manipulated by a technique called “spoofing” to appear to come from whatever number the scammer desires.

TIPS

Remember my motto, “trust me, you can’t trust anyone.”  No law enforcement agency calls people to clear outstanding warrants by phone and no law enforcement agency would ever under any circumstances request a payment by way of a gift card.  Anytime you are asked to pay for anything through a gift card, you can be confident that it is a scam.  Gift cards and wiring funds are favorite methods of payments for scammers because they can be done anonymously.

Whenever you get a phone call, email or text message you can never be sure who is really contacting you and so if you are ever asked in any communication for a payment or personal information, you should be skeptical and never provide the information or make a payment until you have absolutely and independently confirmed that the communication is legitimate.

If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”

Scam of the day – August 1, 2022 – Twitter Suffers a Major Data Breach

Data breaches continue to a major problem for all of us.  Regardless of how well you protect the security of your personal information on your own computers and devices, you are only as safe as the places that hold your information with the weakest security.  In just the last three weeks I have informed you about data breaches as T-Mobile, Neopets and Marriott affecting millions of people and now we have learned about a data breach at Twitter affecting 5.4 million Twitter users.  Compromised information includes email addresses and phone numbers which although not as threatening to your well being as Social Security numbers, bank account information and credit card numbers still puts you in jeopardy of identity theft.

Interestingly, Twitter first became aware of the vulnerability exploited by the hacker in January when the flaw was brought to their attention by a white hat hacker who was paid a bounty for bringing this to the attention of Twitter which said that it fixed the problem a few days after becoming aware of it.  Many companies and government agencies have bug bounty programs by which they invite white hat hackers to find vulnerabilities in their security and pay substantial bounties to those who bring them to the attention of the company or agency.

Unfortunately, in this case, Twitter didn’t fix it fast enough and the stolen personal information is being sold on the Dark Web, that part of the Internet where criminals buy and sell goods and services.

TIPS

Hackers who have your cell phone number or email address may use that information to formulate phishing phone calls referred to as Vishing or spear phishing emails to lure you into clicking on malware infected links or provide personal information. Because whenever you receive an email, phone call or text message you can never be sure who is actually contacting you, you should never click on a link or provide personal information in response to such communications until you have absolutely confirmed that the communication is legitimate.

Your phone number also provide other problems.  When a criminal knows your cell phone number, he or she can leverage that number through commonly available legal databases such as White Pages Premium and learn information such as your current address, past addresses, the names of your family members  and more.  The criminal can also use the number to gain access to your social media accounts and can most significantly use the information gained to answer security questions that would allow the criminal to do a SIM swap whereby your cell phone number would be transferred to a phone of the criminal and thereby defeat dual factor authentication where you get a text message or a code sent to your phone when you go to access your bank account online or any other account that requires significant security.  I wrote a Scam of the day for June 20, 2022 that goes into detail as to how to protect yourself in regard to the privacy of your cell phone number.  Here is a link to that Scam of the day. https://scamicide.com/2022/06/19/scam-of-the-day-june-20-2022-why-you-should-keep-your-cell-phone-number-private/

If you are a Twitter user (or not) you should freeze your credit at each of the three major credit reporting bureaus.

Here are links to each of them with instructions about how to get a credit freeze:

If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, you can sign up using this link. https://scamicide.com/scam-of-the-day/

Scam of the day – July 31, 2022 – Uber Settles Criminal Charges Related to 2016 Data Breach

I first reported to you about a massive data breach at Uber in a Scam of the day in November of 2017. Unfortunately, the data breach had actually occurred in 2016 and Uber did not disclose that it had suffered the data breach until 2017. Personal information including names, email addresses and mobile phone numbers of 20 million Uber users and employees was stolen.

There were a number of major concerns unique to this data breach, most prominently that the data breach occurred in 2016 and Uber did not publicly disclose that it had occurred until late in 2017.  This was a violation of federal and state laws and regulations.  In 2018 Uber agreed to pay 148 million dollars to the Attorneys General of all of the 50 states and the District of Columbia to settle charges brought against it for its failure to exercise proper security and its failure to promptly report the data breach as required by law. Also, under the terms of the settlement, Uber is required to comply with all state laws pertaining to protecting personal information and to immediately notify the appropriate authorities in the event of another data breach. Uber also agreed under the terms of the settlement to establish new stronger security protocols.

Now Uber has settled criminal charges with the Justice Department through a Non-Prosecution Agreement which effectively dismisses the charges if Uber continues to meet its obligations to better protect personal information and comply with state and federal laws in that regard.

TIPS
If you were a Uber user or employee in 2016 you are in jeopardy of identity theft.  Additionally, we do not know precisely how long the data breach actually occurred.  If indeed the information lost was limited to your name, email address and mobile phone number, the biggest threat to you will be from spear phishing emails and text messages that may appear quite legitimate because the come addressed to you by name and may appear to relate to a legitimate purpose.  Clicking on links contained in these emails and text messages puts you at risk of downloading malware that can lead to identity theft or ransomware malware.  As always, the best course of action is to never click on any link, regardless of how legitimate it may appear until you have confirmed that it is legitimate.

Everyone should freeze their credit reports at the three major credit reporting bureaus. But if you have been a victim of a data breach, it is even more important to do so.

Here are links to each of the three major credit reporting agencies with instructions about how to get a credit freeze:

If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”

Scam of the day – July 30, 2022 – Romance Scam Arrest

Federal law enforcement recently arrested Fola Alabi accusing him of conducting a romance scam in which he scammed women, most of whom were between 70 and 80 years old and widowed or divorced out of approximately a million dollars  According to the criminal complaint against him, Alabi contacted his victims on Facebook and other social media posing as an American Army General overseas.  Among the names he used were General Miller, General Welsh, General Berrier and General Goddard. As is typical of these types of scams, after convincing his victims of his love for them, he manipulated them into sending him money under a wide variety of pretenses.  One of the women sent him $334,000.

Romance scams continue to be a major problem.  As bad as they were prior to the pandemic, these scams increased dramatically during the Coronavirus pandemic.  According to the Federal Trade Commission (FTC) Americans lost more money to romance scams last year than to any other scam and the situation is getting more serious.  According to the FBI in 2021 24,299 people in the United States were victims of romance scams losing a billion dollars which was a 59% increase over the money lost in 2020.

Romance scams generally follow a familiar pattern with the scammers  establishing relationships with people, generally women, online through various legitimate dating websites and social media using fake names, locations and images.  The scammers often pose as Americans working abroad or in the military serving abroad.

While anyone can be the victim of a romance scam, according to the FBI, the elderly, women and people who have been widowed are particular vulnerable.   Most romance scams are online and involve some variation of the person you meet through an online dating site or social media quickly falling in love with you and then, under a wide variety of pretenses, asking for money.

TIPS

There are various red flags to help you identify romance scams.  I describe many of them in detail in my book “The Truth About Avoiding Scams.” The most important thing to remember is to always be skeptical of anyone who falls in love with you quickly online without ever meeting you and early into the relationship who then asks you to send money to assist them with a wide range of phony emergencies.

Here are a few other things to look for to help identify an online romance scam.  Often their profile picture is stolen from a modeling website on the Internet.  If the picture looks too professional and the person looks too much like a model, you should be wary. You also can check on the legitimacy of photographs by seeing if they have been used elsewhere by doing a reverse image search using Google or websites such as tineye.com.

Particular phrases, such as “Remember the distance or color does not matter, but love matters a lot in life” is a phrase that turns up in many romance scam emails.  Also be on the lookout for bad spelling and grammar as many of the romance scammers claim to be Americans, but are actually foreigners lying about where they are and who they are.

Of course you should be particularly concerned if someone falls in love with you almost immediately.  Often they will ask you to use a webcam, but will not use one themselves.  This is another red flag.  One thing you may want to do is ask them to take a picture of themselves holding up a sign with their name on it.  In addition, ask for a number of pictures because generally when the scammers are stealing pictures of models from websites, they do not have many photographs. Ask for the picture to be at a particular place that you designate to further test them.  If you meet someone through a dating website, be particularly wary if they ask you to leave the dating service and go “offline.”

If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/

Scam of the day – July 29, 2022 – T-Mobile Agrees to $500 Million Dollar Settlement of 2021 Data Breach

In the summer of 2021 I reported to you about a data breach at T-Mobile in which personal information of 54.6 million customers, former customers and prospective customers was stolen. The compromised information includes names, phone numbers, Social Security numbers and addresses.  This type of information poses a tremendous threat to victims of the data breach, which is the sixth for T-Mobile in the last four years.  Social Security numbers in particular can be used by identity thieves to apply for credit cards and loans in your name.  In addition, the phone numbers and the fact that the victims of the data breach are known to be T-Mobile customers can be expected to be used by scammers to create phony phishing text messages, called smishing, posing as T-Mobile and luring the targeted victim into clicking on a link in the text message that can download destructive malware.

Now T-Mobile has settled a class action brought against it by victims of the data breach.  According to the terms of the settlement, the company will pay $350 million dollars to settle the claims of the victims and spend an additional $150 million dollars to improve its cybersecurity.  Typical in such settlements, T-Mobile did not admit any negligence or wrong doing, however, anytime a company pays a half a billion dollars to resolve a claim, it can be pretty much understood that it is an admission of liability even if not said so in so many words.

TIPS

It has not yet been determined exactly how much individual members of the class will receive from the settlement although the settlement agreement does indicate that individual payments will not exceed $2,500.  Far more likely are settlement checks of as little as $25 although individuals who suffered identity theft as a result of the data breach could receive a significant payment.  As more details become known, I will report them to you.

But regardless of the settlement, what should you do if you are a T-Mobile customer who may be affected by this data breach.  Perhaps the first thing you should do is something you should have already done, but as the Chinese proverb says, “the best time to plant a tree is twenty years ago, the second best time is now.”  Freeze your credit at each of the three major credit reporting bureaus.

Here are links to each of them with instructions about how to get a credit freeze:
You also should change your T-Mobile password and security PIN as soon as possible.
Finally, you should be particularly cognizant of not clicking on links in text messages (and emails as well) unless you have absolutely confirmed that the text message or email is legitimate.  Scammers may well send you emails with malware infected links that appear to relate to the data breach and settlement.

If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, you can sign up using this link. https://scamicide.com/scam-of-the-day/

  • Categories

Archives