Scam of the Day

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Scam of the day – June 19, 2019 – GandCrab Ransomware Continues to be a Problem

I have written many times about ransomware because it continues to be a major problem to business, governments and individuals alike.  Ransomware is the name for malware that once installed on a computer, often unwittingly through clicking on links in spear phishing emails, encrypts and locks all of the victim’s data.  The cybercriminal then threatens to destroy the data unless a bounty is paid.  In 2017 we experienced two massive ransomware attacks against millions of computers around the world.  These were the infamous WannaCry and Peta ransomware attacks. Later, the city government of Atlanta becoming a victim of ransomware when some of its systems were frozen using the infamous SamSam family of malware that has been used successfully against a number of companies and municipalities. In its 2018 Verizon Data Breach Report, Verizon, which gathered data from 65 organizations in 65 countries, found that ransomware, which was only the 22nd most common malware in 2014, is now the number one most common malware used by cybercriminals.  GandCrab is a common form of ransomware that continues to evolve and become more sophisticated.  According to security firm Kaspersky, GandCrab accounts for 40% of the current ransomware market and it is a market because the developers of GandCrab like the developers of other types of malware create their malware and then sell or lease it to less sophisticated criminals on the Dark Web which is that part of the Internet where criminals buy and sell goods and services.

Like all malware, ransomware must be downloaded on to your computer in order to cause problems.  This is generally done by luring people to click on links or download infected attachments contained in spear phishing emails.  Many of the spear phishing emails containing links to the GandCrab ransomware come with subject lines that read, “My love letter to you,” “Fell in love with you,” or “Wrote my thoughts down about you” or other similarly themed subject lines.  Other times the ransomware may come with an attachment that appears to be an invoice.

TIPS

Because ransomware attacks as well as most other types of malware attacks are spread through phishing emails that lure unsuspecting people into clicking on malware infected links or downloading attachments tainted with malware, you should never click on links in emails  or download attachments unless you have absolutely confirmed that the email is legitimate.

You also should update all of your electronic devices with the latest security updates and patches as soon as they become available, preferably automatically.  Many past ransomware attacks exploited vulnerabilities for which patches had already been issued.   The No More Ransom Project has a website that provides decryption tools for some of the older versions of ransomware that are still being used.  Here is a link to their website  https://www.nomoreransom.org/en/decryption-tools.html  It is important, however, to remove the ransomware before downloading and using the decryption tools.  This can be done using readily available antivirus software.  It is also important to remember that even if you have the most up to date security software on your computer and phone, it will not protect you from the latest zero day defect malware which is malware that exploits previously undiscovered vulnerabilities.

As for protecting yourself from ransomware, you should regularly back up all of your data on at least two different platforms, such as in the Cloud and on a portable hard drive.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of www.scamicide.com and click on the tab that states “Sign up for this blog.”

Scam of the day – June 18, 2019 – Apple iTunes Identity Theft

The phrase “canaries in the coal mine” refer to the practice years ago of bringing canaries into coal mines because they were sensitive to small amounts of dangerous carbon dioxide and were useful in recognizing early the presence of dangerous carbon dioxide.  So it is with your Apple iTunes account when it comes to identity theft.  Often identity thieves will test out stolen credit and debit cards by using the cards for minor purchases on iTunes to see if the stolen credit or debit card information was for active accounts and if the card owners were vigilant in monitoring their accounts.

TIPS

There are a number of lessons to be learned from this scam.  First you should regularly monitor all of your accounts where you make purchases both large and small.  For iTunes, you should check your history of purchases.  Here is a link from Apple that explains how to do this.  https://support.apple.com/en-us/HT204088    It is important to remember, however, that if you have a Family Sharing plan you will only be able to see specific information about charges made with your own personal Apple ID.  Other family members will have to check their own accounts for information about purchases made in their names.  If you find fraudulent charges, someone has either compromised your account and used the credit card or debit card tied to your account to make iTunes purchases or they have made other charges that have been made to appear as iTunes charges.  Either way, you will need to dispute the charges with your credit card issuer or  the bank that issued your debit card, which leads to the next piece of advice.  If your credit card is used for fraudulent purchases, the law limits your liability to no more than $50 and most credit card issuers don’t charge you anything for fraudulent purchases.  However, debit cards are tied directly to your bank account and if you are not vigilant in spotting fraudulent charges, you run the risk of losing your entire bank account which is why I always advice you to never use your debit card for anything other than an ATM card.

If your iTunes account is hacked you also will need to change the password on your account.  Again, it is important to use strong, separate and distinct passwords for all of your online accounts so that if somehow the security of your password is compromised, such as in a data breach, the rest of your accounts are not in jeopardy.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of www.scamicide.com and click on the tab that states “Sign up for this blog.”

Scam of the day – June 17, 2019 – Phony Voicemail Message Phishing Scam

Ingenious identity thieves are always finding new ways to phish for your passwords and other personal information in order to use that information to make you a victim of identity theft.  I have written many times in the past about phishing emails and text messages that lure you into clicking on links and downloading dangerous malware that can steal your personal information or tricking you into providing the information directly to the identity thief through legitimate appearing email, websites and text messages.  Recently there has been a surge in phishing through fake voicemails.  The scam starts  with an email you receive that appears to come from your Microsoft Office 365 account or some other similar software you or your company may use.  The legitimate appearing email informs you that you have received a voicemail message from a “trusted source.”  Generally a portion of the alleged voicemail is transcribed and appears in the email.  You are then instructed to click on a link in the email to hear the message.  However, in one version of this scam, if you click on the link, you end up downloading keystroke logging malware, ransomware or a variety of other malware that can be harmful.  In another version of the scam, you will be directed, as shown below to enter your password.  Interestingly, when you first enter your password, it is rejected and you are required to enter it a second time.  The truth is that the cybercriminal is just making sure that you accurately provide them with your password by making you confirm it.  In some of these scams, you actually will be able to hear a generic voice mail message that some people have thought to merely be a wrong number.

Stating password was incorrect

TIPS

If your particular system does not provide email alerts as to voice mail messages, you can be confident that the email you received is a scam.  In any event, remember my motto, “trust me, you can’t trust anyone.”  Never click on links from anyone unless you have confirmed that the communication in which the link is contained is legitimate.  Even if the email appears to come from a friend of yours or other trusted source, you should be wary of that person’s email being hacked and used to send out malware.  As for accessing your voicemail, do it directly through your account and not through clicking on a link in an email.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of www.scamicide.com and click on the tab that states “Sign up for this blog.”

Scam of the day – June 16, 2019 – FTC Refunds to Victims of Credit Card Interest Rate Reduction Scam

The Federal Trade Commission (FTC) is mailing refunds to victims of a scam operated by a number of defendants doing business under the name of Payless Solutions. Payless Solutions used illegal robocalls to lure unsuspecting victims of their scam into paying between $300 and$4,999 for worthless credit card interest reduction programs,which did nothing for the consumers.  The FTC shut down the scam and  is now mailing refunds to victims of the scam.  For more information about this particular refund program check out the “FTC Scam Refunds” tab in the middle of the first page of www.scamicide.com. You also can find information there about the mailing of the refund checks.  There is no cost or fee to file a claim or get a refund.  Anyone who tells you differently is trying to scam you.

TIPS

It is important to remember that commercial robocalls are illegal so anyone calling you with an offer such as that of Payless Solutions is breaking the law and should not be trusted.

If you need real credit counseling you can go this section of the Department of Justice’s website where it lists agencies approved to assist consumers with debt problems. https://www.justice.gov/ust/list-credit-counseling-agencies-approved-pursuant-11-usc-111    You also may consider contacting companies that are affiliated with the National Foundation for Credit Counseling at this link https://www.nfcc.org/

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of www.scamicide.com and click on the tab that states “Sign up for this blog.”

Scam of the day – June 15, 2019 – Phony Text Message Scam

This scam starts as a text message that offers you $600 per week merely for displaying a small sticker on your car apparently for advertising purposes.  If you click on the link contained in the text message it will lead you to instructions as to how to get your sticker and first check.  The first check comes in an amount for more than $600 and you are instructed to deposit the legitimate appearing check into your bank account and wire the excess funds back to the company that sent you the check and sticker.  However, if you deposit the check and wire money to the scammer, the money that you wired to the scammer is gone from your account forever and the temporary credit to your bank account that you received when you deposited the check is rescinded.  Checks paid to you for more than what you are owed is the basis of many scams including the infamous mystery shopper scam.  Whenever you receive a check, wait for your bank to tell you that the check has fully cleared before you consider the funds as actually being in your account. When you first deposit a check, your bank is required by law to give you temporary credit for the check.  This is called provisional credit.  Many people are not only falling for this scam, but also sharing the text messaged offer on social media and thus unwittingly spreading the scam.

TIPS

These counterfeit checks look quite legitimate and you will not be able to readily determine that it is counterfeit.  So don’t ever depend on a check being legitimate until it has fully cleared.  Don’t rely on provisional credit which is given after a few days, but which will be rescinded once a check bounces and never accept a check for more than what is owed with the intention to send back the rest. That is always a scam. Also be wary whenever you are asked to wire funds  because this is a common theme in many scams because it is difficult to trace and impossible to stop. Never agree to any business arrangement without first checking out the company with which you are doing business.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of www.scamicide.com and click on the tab that states “Sign up for this blog.”

Scam of the day – June 14, 2019 – New Adobe Flash Security Update

Adobe has just issued new security updates for the popular, but intensely flawed Adobe Flash software. Last year Adobe confirmed that it will stop updating and distributing Adobe Flash at the end of 2020 although frankly, it would be wise for you to migrate away from this very vulnerable software program as soon as possible. In 2010 Steve Jobs loudly complained about Adobe Flash’s lack of security and would not allow it to used on iPhones, iPods and iPads due to its serious susceptibility to being hacked. Flaws in Adobe Flash have been exploited by hackers and identity thieves against individuals, companies and government agencies including the U.S. State Department and the White House. Adobe will still be issuing security patches until the end of 2020, but now is a good time to move away from Adobe Flash if you have not already done so.
It is always important to update all of the software you use with the latest security updates and patches as soon as they are available. Numerous hacks and data breaches could have been avoided if individuals as well as companies installed security updates when they became available. Hackers take advantage of the fact that many of us procrastinate installing security software to our great detriment. The major data breach at Equifax that affected 148 million people involved a security flaw in Apache software for which a patch had already been issued months earlier, but Equifax had not yet installed.

TIPS

If you are going to continue to use Adobe Flash, it is imperative that you update your software with the latest security patches when they are issued.  Here is a link to the latest updates for Adobe Flash.
https://helpx.adobe.com/security/products/flash-player/apsb19-30.html

However, it may well be time for you to replace Adobe Flash to avoid future problems.
Here is a link to a website with alternative plugins you may wish to consider to replace Adobe Flash.
http://alternativeto.net/software/flash-player/

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of www.scamicide.com and click on the tab that states “Sign up for this blog.”

Scam of the day – June 13, 2019 – Game of Thrones Scams

The final episode of HBO’s “Game of Thrones” was viewed legally by 19.3 million people, however millions more tried to and are continuing to try to illegally download the final episode as well as earlier episodes of the eight year series without paying.   Many of these websites that appear to offer free access to Games of Thrones episodes were created by scammers who use the promise of free Games of Thrones episodes to trick people into providing information that can be used for purposes of identity theft.  Many of these scammers are using the same methods I described in early May when scammers used similar tactics to scam people looking to illegally download and view the  Avengers: Endgame movie  Don’t be tempted to use these illegal sites.  Attempting to stream an illegal version of Game of Thrones is not only illegal and unethical, but it could also lead to your being scammed out of money.  An online search for websites promising to provide  Game of Thrones episodes for free will take you to sites  that appears to provide the show, but a few moments after the episode  starts, it stops and a pop up, shown below appears requiring you to set up an account.  The pop up says that the account is free and that all you need to do is provide your email address and a password.

Creating an account on a fake Game of Thrones requires providing e-mail address and a password

Once you do this, you are then instructed to provide a credit card number and the CVC security code on the back of the card merely to verify that you are located in a country where the website is licensed to distribute the show.   Unfortunately, the website does not provide Game of Thrones episodes.  The few minutes of what you initially see of the movie are just scenes taken from the readily available trailers for the show.  So not only do people falling for this scam not get to see the movie, they end up providing their credit card information to the scammers in addition to providing a password, which, in too many instances, is the same password the scam victim uses for other online services such as online banking.  The moral of this story is that trying to view a pirated version of a popular  show or movie for free will only cause to put you in danger of identity theft.

TIPS

The first and foremost tip is not to do use illegal streaming services.  They are illegal and what they are doing is also unethical.  Don’t trust search engine searches to provide you with legitimate websites for streaming services.  A prominent position in a Google or other search engine search only means that the websites appearing high were adept at understanding the algorithms used to position websites.  Never provide a credit card as a means of verification.  It is only a means of payment and as for the justification in this particular scam that the credit card was needed to verify that you are located in a country where the website is licensed to distribute the movie, pirated versions are not licensed anywhere.  Finally, as always, you should have unique passwords for all of your online accounts so that in the event that a password on one of your accounts is hacked or otherwise compromised, all of your accounts will not be in jeopardy.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of www.scamicide.com and click on the tab that states “Sign up for this blog.”

Scam of the day – June 12, 2019 – Romance Scams Getting Worse

Looking for love and romance are basic human drives and scammers take advantage of this with numerous romance scams. According to the Federal Trade Commission (FTC) in 2015 8,500 romance scams were reported to the FTC.  Last year that number rose to 21,000 and that figure is probably lower than the real number of people who were victims of these scams.  According to recent FBI statistics, this scam has become the second most common scam with losses to victims increasing to more than 262 million dollars last year. Most of these  romance scams are online and involve some variation of the person you meet through an online dating site quickly falling in love with you and then, under a wide variety of pretenses, asking for money.

However sometimes, as just recently occurred in Georgia the scams are done in person rather than totally online.  In the Georgia case a woman lost $80,000 to a romance scam that was done in person by a man who told his victim that his name was John Hill, but who police say has used five different names in perpetrating this scam over the last two and half years in Delaware, Maryland, New Jersey and Virginia.  The victim met Hill through Match.com.  Hill told his victim that he was a millionaire and immediately after meeting her professed his love and they were engaged within a week.  He told her that they should buy a home to live in together, which is the pretense he used to get her to pay him $80,000.  As soon as she turned the money over to him, he vanished.  Police are still looking for him.

Romance scams, however,  are not limited to the United States, but occur worldwide. Recent figures from Hong Kong show the incidents of romance scams have also increased dramatically in the past year. Last October a joint operation of Hong Kong, Malaysian and Singaporean law enforcement arrested 52 people involved in an international online romance scam in which millions of dollars were stolen from their victims.

TIPS

There are various red flags to help you identify romance scams.  I describe many of them in detail in my book “The Truth About Avoiding Scams.” The most important thing to remember is to always be skeptical of anyone who falls in love with you quickly online without ever meeting you and early into the relationship who then asks you to wire money to assist them with a wide range of phony emergencies.

Here are a few other things to look for to help identify an online romance scam.  Often their profile picture is stolen from a modeling website on the Internet.  If the picture looks too professional and the person looks too much like a model, you should be wary.  Particular phrases, such as “Remember the distance or color does not matter, but love matters a lot in life” is a phrase that turns up in many romance scam emails.  Also be on the lookout for bad spelling and grammar as many of the romance scammers claim to be Americans, but are actually foreigners lying about where they are and who they are.  Of course you should be particularly concerned if someone falls in love with you almost immediately.  Often they will ask you to use a webcam, but will not use one themselves.  This is another red flag.  One thing you may want to do is ask them to take a picture of themselves holding up a sign with their name on it.  In addition, ask for a number of pictures because generally when the scammers are stealing pictures of models from websites, they do not have many photographs. Ask for the picture to be at a particular place that you designate to further test them.  If you meet someone through a dating website, be particularly wary if they ask you to leave the dating service and go “offline.”

In the case of the Georgia woman who met her scammer in person, you should still check out his photo using Google’s “search by image” feature in order to see if he or she turns up as a different person.  Both online and offline, be wary of anyone who falls so completely in love with you quickly and follows that up with any request for money.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of www.scamicide.com and click on the tab that states “Sign up for this blog.”

Scam of the day – June 11, 2019 – Are Binary Options a Scam?

Convicted Ponzi schemer Bernie Madoff who stole 50 billion dollars from unsuspecting victims may be the last person from whom you would accept investing advice, but in fact, his advice, as contained in a 2014 jailhouse interview Madoff gave to the Wall Street Journal does have good advice for people hoping to avoid the fate of Madoff’s many victims. With great “chutzpah,” in the interview Madoff blamed his victims for their losses.  He said that his investors were “sophisticated people” who should have known better.  “People asked me all the time, how did I do it.  And I refused to tell them, and they still invested.  Things have to make sense to you.  You should ask good questions.”  About this he is correct. No one should ever invest in anything that they do not totally understand. And this leads us to binary options.  Binary options are a legitimate form of investment, but while they offer potential rewards, they also carry the risk of losing your entire investment.  There also are many instances where the sales of binary options have been done without complying with registration requirements and with fraudulent promotional advertising  and improper disclosures.

TIPS

The bottom line is that Bernie Madoff was right about one thing.  No one should ever invest in anything without totally understanding the investment and the inherent risks.  If you understand binary options and still wish to invest (I would say gamble) in them, that is fine, but all investment decisions should be made  only after being properly informed. You may want to check out the SEC’s investor education website at www.investor.gov.

Before investing with anyone, you should also investigate the person offering to sell you the investment with FINRA’s Central Registration Depository.  http://www.finra.org/industry/crd   This will tell you if the broker is licensed and if there have been disciplinary procedures against him or her.  You can also check with your own state’s securities regulation office for similar information.  Many investment advisers will not be required to register with the SEC, but are required to register with your individual state securities regulators.   You can find your state’s agency by going to the website of the North American Securities Administrators Association.http://www.nasaa.org/2709/how-to-check-out-your-broker-or-investment-adviser/

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of www.scamicide.com and click on the tab that states “Sign up for this blog.”

Scam of the day – June 10, 2019 – Tech Support Refund Scam

Tech support scams are among the most common of scams and they cost consumers millions of dollars each year.  In the most common variations of this scam, the victim is scammed into responding to a pop-up on his or her computer or a telephone call purportedly from one of the major tech companies and is convinced that there is a problem with their computer that they need to pay for.  In a new version of the tech support scam, people are reporting receiving phone calls purportedly from Microsoft, Apple or other computer companies informing them that their company is going out of business and that the customer is due a refund on a tech support plan they have.  The scammer then asks for bank account information in order to be able to wire funds to the customer’s bank account.  In other instances the scammer asks for remote access to the customer’s computer.  This is a scam.  If you turn over your bank account information, it can lead to the scammer stealing money from your bank account and providing remote access to your computer can enable a scammer to steal information from your computer that can be used to make you a victim of identity theft.

TIPS

Providing remote access to anyone to your computer can lead to a myriad of problems including identity theft and the downloading of ransomware.  Neither Apple, Microsoft or any of the other tech companies ever  ask for remote access to your computer to fix problems.  The most common tech support scams start with popups on your computer that provide notices of security problems that contain telephone numbers for you to call to fix the problem,   Whenever you get a pop-up, email, or text message that appears to tell you that you have a security problem with your computer, you should never click on any links contained in the message or call the telephone number provided. If your screen freezes, all you need to do is just turn off your computer and restart it. If you are concerned that you may be experiencing a real security problem you can contact tech support at the real tech companies directly by phone or by email using the phone number and email addresses you find on their respective websites.

The refund scam may appear legitimate because your Caller ID may indicate the call is coming from Microsoft or some other legitimate company, but, as I have told you many times before, through “spoofing” the scammer can make the call appear to be legitimate when it is not.  The bottom line is you can never be sure who is calling you so you should never provide personal information to a caller unless you have absolutely confirmed the legitimacy of the call.

As for Microsoft or Apple going out of business, that is so unlikely that it would be a major news story so you can discount anyone calling and telling you that who also asks for personal information.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of www.scamicide.com and click on the tab that states “Sign up for this blog.”

  • Categories