Scam of the Day
Scam of the day – June 12, 2026 – Why You Should Have Unique Passwords for All Your Accounts
Identity theft is a serious crime that can result in financial harm and tremendous disruption of the lives of its victims. We are presently in an era of constant major data breaches so no matter how careful you are about protecting your personal information, you are only as safe as the security at the companies and government agencies that have your personal information. While often people are less concerned when data breaches do not result in the theft of their Social Security number or credit card number, a data breach in which merely your email address and password were compromised can result in major problems. If, as many people you use your email address as your user name for all of your accounts and you also use the same password for all of your accounts, you are in serious jeopardy if a data breach occurs which results in that information becoming known to criminals. Criminals use “checking” software which will search the Internet to find companies, banks and other institutions where you have used your email address as your username. Once they find these companies, they will try to log in using the password that was obtained through a data breach. If that other account is an account such as your bank account, you are in serious trouble. It is for this reason that it is important to use unique passwords for each of your online accounts.
TIPS
You should have a unique, strong password for each of your online accounts so that in the event that there is a data breach and the password for one of your accounts becomes compromised, all of your accounts will not become vulnerable to being hacked. Creating and remembering strong, unique passwords for each of your accounts is not as difficult as it may appear. You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords. Add a few symbols like !!! and then adapt it for each account you have so that you will have a secure and easy to remember password for each of your online accounts. Thus, your Amazon password could be IDon’tLikePasswords!!!AMA.
Whenever possible use dual factor authentication for your accounts so that when you attempt to log in, a one-time code will be sent to your cell phone to insert in order to get access to your account. For convenience sake you can set up dual factor authentication so that it is only required if you are logging in from a different computer or device than you normally use.
An easy solution to the problem of the answers to knowledge based authentication security questions being too readily available on the Internet is to make the answer to your security question nonsensical. For instance, if your security question is what is your mother’s maiden name, you can pick something ridiculous, such as “firetruck” as the answer. No hacker will ever be able to find the answer to this security question online and it is so silly that you will remember it.
Also, with your email address commonly known by many scammers, you can expect to receive more phishing and even more dangerous, specifically targeted spear phishing emails that attempt to lure you into clicking on links containing malware or try to convince you to provide personal information that can be used to make you a victim of identity theft. Never click on links or provide personal information in response to an email or text message unless you are absolutely sure that the email or text message is legitimate.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – June 12, 2026 – Docusign Phishing Scam
DocuSign is a company that provides technology for the transmission of contracts and other documents with features for electronic signatures and is used by many businesses. There has been an increasing number of scams in which phony DocuSign messages are being used to send malware infected links luring people into providing personal information that is used for identity theft purposes.
Copied below is an email I received that purports to be sent related to an unspecified business transaction This phishing email prompts me to click on a link to open a document that needed my signature. The phishing email looked very professional and contained the DocuSign logo and appeared legitimate. However, the email address of the sender was one totally unrelated to either DocuSign or anyone with whom I do business.
This phishing email was designed to lure the person receiving the email to click on the link and either provide personal information that could be used for identity theft, or, as more likely in this particular phishing attempt, merely by clicking on the link would have downloaded malware such as ransomware or keystroke logging malware into the computer of the person clicking on the link. Keystroke logging malware would have enabled the cybercriminal to steal all of the personal information from the computer and make that person a victim of identity theft. I removed the link from the email displayed below.
 |
||
|
||
Good Day, All executed documents are now available for download. The vendor release forms and contract waivers marked for approval have been finalized and are ready for your review. Please download the complete documentation package, which includes all signed agreements, updated W-9 forms, and current Certificates of Insurance (COI). All files have been compiled into a single file for your convenience. Should you require any clarification regarding these documents, please don’t hesitate to reach out. Thank you. |
||
| Do Not Share This Email This email contains a secure DocuSign link. Do not share it.Alternate Signing Method Visit docusign.com and enter code: EC58F45534624BA28B6853A8C0A05FE73About DocuSign Secure, legally binding electronic signatures in minutes. |
TIPS
In this case, I actually followed my own advice as to never click on a link regardless of how legitimate the email or text message may appear until confirming that the message is legitimate. In this case I didn’t even need to confirm that it was not legitimate because of the telltale evidence of the email address of the sender.
The lesson here is clear. You can never be sure when you receive an email as to who is really contacting you. Although sometimes it is obvious when the email address of the sender does not correspond to who is represented as sending the email, other times the email account of someone or some company you trust could have been hacked and used to send you the malware. Therefore you should never click on a link or download an attachment in an email until you have absolutely and independently confirmed that it is legitimate.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – June 11, 2026 – SIM Swaps Put You in Danger
Recently, Patricia Escriva was shocked to see that she had lost control of her cell phone and that scammers had emptied her bank account of $18,000. What made this more troubling was that her account was protected by dual factor authentication. She was the victim of a SIM swap. A Subscriber Identity Module, more commonly known as a SIM card, is an integrated circuit that stores information used to authenticate subscribers on mobile devices, such as a cell phone. The SIM card is able to be transferred between different devices, and often is, when people update into a newer cell phone. SIM Swapping is the name for the crime where someone convinces your phone carrier to transfer your SIM card to a phone controlled by the criminal.
Identity thieves with access to their victims’ SIM cards are increasingly becoming able to intercept security codes sent by text messages for online banking as part of dual factor authentication and thereby providing the identity thief with the opportunity to empty their victims’ bank accounts and cause other financial havoc. Passwords may be compromised in data breaches or otherwise become known to scammers, but so long as dual factor authentication is used, a scammer should not be able to access the account unless dual factor authentication is thwarted by a SIM swap.
The best thing you can do to protect your SIM card from SIM swapping is to set up a PIN or password to be used for access to your mobile service provider account. This will help prevent a criminal from calling your carrier posing as you and convincing your mobile carrier to swap your SIM card to the criminal’s phone merely by providing personal identifying information or answering a security question.
TIPS
I have written in the past about how to avoid SIM swaps by setting up a passcode or PIN on your mobile service carrier account to avoid a scammer being able to access the account merely by answering a security question.
AT&T will allow you to set up a passcode for your account that is different from the password that you use to log into your account online. Without this passcode, AT&T will not swap your SIM card. Here is a link with instructions as to how to set up the passcode. https://www.att.com/esupport/article.html#!/wireless/KM1051397?gsi=9bi24i
Verizon enables customers to set up a PIN or password to be used for purposes of authentication when they contact a call center. Here is a link with information and instructions for setting up a PIN with Verizon. https://www.verizonwireless.com/support/account-pin-faqs/
T-Mobile will allow you to set up a passcode that is different from the one you use to access your account online. This new passcode is used when changes to your account are attempted to be made such as swapping a SIM card. This code will not only protect you from criminals attempting to call T-Mobile and swap your SIM card, but will also prevent someone with a fake ID from making changes to your account at a T-Mobile store. Here is a link to information and instructions for adding a new passcode to your account. https://www.t-mobile.com/customers/secure
And if you are particularly paranoid, like me, you can arrange with your cell phone service carrier that your SIM card cannot be switched except in person by you.
It is important to note that a SIM swap can only be done if the scammer knows the targeted victim’s cell phone number which is a reason for keeping your cell phone number private. See the Scam of the day for September 29, 2025 for more information about keeping your cell phone number private.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – June 10, 2026 – Car Rental Scams
Since 2019, the cost of renting a car on vacation has increased dramatically. However, scammers are more than willing to help you out. They are setting up phony car rental company websites and websites that appear to be those of legitimate car rental companies such as Avis or Hertz.
Often these phony websites appear high on a Google or other search engine search because the more sophisticated scammers are able to manipulate the algorithms used by search engines to position a website high in a search result. In other instances, the scammers take out ads for their phony websites that place them at the top of the first page in a Google or other search engine search. Victims of this scam are finding themselves without a car and losing the money they paid for the non-existent car rental.
TIPS
Through the use of AI, the phony websites can look quite legitimate and be hard to distinguish from the websites of real car rental companies. Always check the URL of the website you use carefully before responding to an offer for a car rental. You also may want to go the extra step and actually do a search to determine who owns the website you are on. There are a number of ways of doing this. One of the easiest is to go to ICANN and enter the domain name and click on “lookup.” This will enable you to find out who actually owns the website. So for instance, if you think you are renting from Hertz and the website you are on is owned by someone in Nigeria, you can be pretty confident it is a scam. Here is the link to ICANN https://lookup.icann.org/
One of the primary ways of knowing that you are dealing with a scammer is that often they ask for payment through gift cards. Gift cards are a favorite means of payment for scammers because once you give the scammer the gift card numbers over the phone or the Internet, the money is gone and cannot be easily traced or recovered. Some scammers tell you that you will get a special low rate on your car rental if you use a gift card. Legitimate companies never ask for payment by way of gift cards so anytime you are asked for payment through a gift card, you can be sure it is a scam. Asking for payment by Zelle or Venmo is also a good indication that it is a scam.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – June 9, 2026 – Mystery Shopper Scam Continues to Claim Victims
I have written many times over the last fifteen years about the mystery shopper scam because it continues to ensnare unwary victims. These scams continue to be effective and are increasing in number so it is important to remind you about them again. Mystery shoppers are people hired to shop at a particular store and report on the shopping experience for purposes of quality control. Unlike many scams, there actually are legitimate mystery shopper companies, but they never advertise or recruit through emails, text messages or letters.
The manner in which the scam generally works is that when you answer an advertisement, or respond to a letter, email or a text message to become a mystery shopper, you are sent a bank check. You deposit the check into your own account and spend some of the money on the goods that you purchase which you are allowed to keep and also are directed to keep some of the balance of the check as payment for your services. You are instructed to return the remaining funds by a wire transfer. Of course, the check that was sent to you is counterfeit and bounces, but the funds wired by the victim of the scam is gone forever from his or her bank account.
In a Walmart themed mystery shopper scam, the targeted victim was sent a legitimate appearing, but counterfeit check for $2,940 and told to keep $540 as payment and then go to the nearest Walmart and use the remainder of the check to buy six $400 Kroger gift cards and provide the numbers to the scammer. The scam victim was then told to keep the gift cards for their next assignment although there never is another assignment and the scammers use the numbers on the Kroger gift cards to make purchases, making the actual cards worthless. The victim of the scam loses the $2,400 used to purchase the gift cards from the victim’s own bank account when the check bounces.
TIPS
One reason why this scam fools so many people is that there really are mystery shopping jobs although the actual number is quite few and the companies that do mystery shopping do not go looking for you. A firm indication that you are involved with a scam is when you receive a check for more than what is owed you and you are asked to wire the difference back to the sender. This is the basis of many scams. Whenever you receive a check, wait for your bank to tell you that the check has fully cleared before you consider the funds as actually being in your account. Don’t rely on provisional credit which is given after a few days, but which will be rescinded once a check bounces and never accept a check for more than what is owed with the intention to send back the rest. That is always a scam. Also be wary whenever you are asked to wire funds or send gift cards because this is a common theme in many scams because it is difficult to trace and impossible to stop. Legitimate companies do not use gift cards as payments.
For more information about legitimate mystery shoppers, you can go to the website of the Mystery Shopping Professional Association https://www.mspa-americas.org/scam-alerts/
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”
Scam of the day – June 8, 2026 – Sirius-XM Phony Invoice Scam
The phony invoice scam is a common scam popular with scammers because it is quite effective. It starts when you receive an email that purports to be from a popular company with which many of us do business that indicates that you owe them a significant payment. The scammers count on people being concerned that they are being wrongfully charged for a product they did not order. You are provided a telephone number to call if you dispute the bill. If you call the number, you will be prompted to provide personal information that will be used to make you a victim of identity theft.
The copied email below, provided by a longtime Scamicide reader, attempts to lure you into clicking on a link in order to renew an expired satellite radio Sirius XM account for free which right away should be a red flag that this is a scam. As always, the purpose of a phishing email is to lure you into clicking on links contained within the email or providing personal information. If you click on links in phishing emails, you end up either downloading malware or providing information used to make you a victim of identity theft.
There are a number of red flags that indicate that this is a scam. Your name does not appear anywhere in the invoice. Also, the email was sent from an email address that has no relation to Sirius XM.
Here is a copy of the invoice being circulated.
TIPS
Once, I received a large invoice from a company with which I do business for goods I did not order, but rather than click on the link provided in the email, I went directly to the company’s website to question the invoice. When the website came up, the first thing I saw was a large announcement that the invoice was a scam and that many people had received these phony invoices. If you ever receive a phony invoice such as this and you think that it may possibly be true, don’t click on links or call phone numbers provided in the email. Rather, contact the real company directly at a phone number or website that you know is legitimate where you can confirm that the phishing invoice was a scam.
If you receive this particular phishing email and want to check on your account, here is a link you can trust with contact information for Sirius XM. https://www.siriusxm.com/contact-us
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – June 7, 2026 – Medicare Misdial Scam
Medicare coverage can be confusing. Fortunately, if you have a question regarding your coverage, you can always call the official Medicare phone number of 1-900-MEDICARE (1-800-633-4227) and speak to a Medicare representative who can answer your question. Unfortunately, scammers are aware that on occasion, people will misdial the phone number and scammers take advantage of this by purchasing telephone numbers that are a single digit off of the real phone number and wait to be called by unsuspecting Medicare recipients. The scammers then will ask the person calling for various information supposedly for verification purposes, such as your Medicare number, your Social Security number, your bank account information or your credit card information. Providing this information will lead to identity theft.
TIPS
The key to avoiding this scam beyond being extra careful when you dial the Medicare phone number is to remember that if you ask for coverage information, Medicare will not ask for your full Medicare number, your Social Security number, your bank account information or credit card information. Only scammers will ask for this information.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – June 6, 2026 – The Danger of Trojan Subscribers
In Homer’s Odyssey, the Trojan horse hid soldiers that when brought through the gates and into the city of Troy led to the fall of Troy. Trojan subscribers are malware hidden within legitimate apps that, while they won’t lead to the downfall of a city, can cost the victims of a Trojan subscriber a lot of money.
Trojan subscribers are malicious code that cybercriminals add to legitimate apps and then upload them to app stores under a different name. The apps can be for a variety of purposes, such as monitoring blood pressure or scanning documents. When someone downloads one of these infected apps, he or she doesn’t realize that the Trojan subscriber will automatically subscribe to a paid service without the person who downloaded the app being aware of it.
Generally, the cybercriminals who create and use Trojan subscribers get paid a commission on each new subscription to a paid service.
There have been a number of different Trojan subscribers found during the past few years including the Jocker Trojan subscriber, the MobOk Trojan subscriber, the Vesub Trojan subscriber and the GriftHorse.ae Trojan subscribers. While they all work slightly differently they all manage to effectively sign up their victims to unwanted and costly subscription services.
Google Play and other app stores try to identify apps with Trojan subscribers, but as soon as they take one down, another pops up. In other instances, Trojan subscribers are found in apps that are not allowed on the regular official app stores.
TIPS
So what can you do to protect yourself from Trojan subscribers?
First and foremost, don’t install apps from unofficial sources. The risk is far too great that you will be downloading malware. However, even if you stick to legitimate sources for your apps such as Google Play, you must recognize that getting your app from a legitimate source does not guarantee that the app is malware-free.
Always check out the reviews and ratings of particular apps before you download them. Also, the longer an app has appeared on a legitimate source such as Google Play, the better the chance that it has been properly vetted and does not contain any malware. Therefore be a bit wary of apps that have only recently appeared on a legitimate app store.
Another good policy to follow when you download apps is to give the apps only the minimal access to your device that is needed to perform properly.
Finally, make sure that you have installed strong security software on your cellphone and keep it updated with the latest security updates and patches as they become available to protect you from not only Trojan subscribers, but also other threats as well.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – June 5, 2026 – Vacation Home Rental Scam
It is June and many people are looking into renting a summer vacation home. Renting vacation homes rather than going to hotels has been increasingly popular in recent years. There are many excellent websites such as VRBO and Homeaway that offer wonderful vacation homes. Others will go to Craigslist and similar sites. These websites can be easy and efficient ways to find a great vacation home.
Unfortunately, they are also a great way for scam artists to steal money from unwary people looking for a vacation home. The scam usually starts with a listing that looks quite legitimate and there is a good reason for that. The listing is often a real on-line listing that has been copied by the scammer who merely puts in his or her name and contact information. The price is usually very low which attracts a lot of potential renters. The potential renters are sometimes told that the owner is out of the country and that there are many people interested in the property so if the tenant wants to be considered for renting it, the tenant has to wire money to the landlord somewhere outside of the country. As I have warned you many times, wiring money is a scammer’s first choice because it is all but impossible to retrieve once you have found out that you have been scammed. Too often, unwary potential tenants wire the money and never hear anything further from the scam landlord. And as for the money, it is gone forever.
TIPS
There are a number of red flags to look for in vacation home rental scams. First, as always, if the price is too good to be true, it usually is just that – not true. Also be wary of landlords who are out of the country.
Never send your payment by a wire transfer, Zelle, Venmo or a cashier’s check. Use a credit card, PayPal or any other payment system with which you can retrieve your funds if the transaction is fraudulent. It is usually best to deal with websites that specialize in vacation homes, but you must remember that they cannot possibly monitor every listing to ensure that it is legitimate.
A great and easy way to determine if the listing is a scam is to check out who really is the owner by going on line to the tax assessor’s office of the city or town where the property is located and look up who the real owner is. If it doesn’t match the name of the person attempting to rent you the home, you should not go through with the rental. Also Google the name of the owner with the word “scam” next to his or her name and see if anything comes up to make you concerned.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – June 4, 2026 – San Antonio Passes Law Requiring Warnings on Cryptocurrency ATMs.
A report from the Federal Trade Commission (FTC) indicates a 1,000 % increase in money lost to scammers through Bitcoin ATMs in the last three years with consumers reporting losses of around $333 million between January and November of 2025. Bitcoin and other cryptocurrency ATMs look just like traditional ATMs, but instead of distributing cash, they take cash in exchange for cryptocurrency and enable the transfer of the deposited cash turned into cryptocurrencies into crypto wallets. Due to the anonymity and immediacy of the cryptocurrency transfers done through a cryptocurrency ATM, it is a favorite method of payment for scammers.
Most of the scams using cryptocurrency ATMs involve imposter scams where the scammer poses as either a law enforcement officer, government official or someone providing tech support for a non-existent problem. What all of these imposter scams have in common is that they scare the targeted victim with a story about an emergency that requires them to take cash from their bank account and use a QR code provided by the scammer to deposit the money into the account of the scammer at a cryptocurrency ATM under the guise of protecting the funds. According to the FTC, people over 60 years old were more than three times more likely to report losing money to a cryptocurrency ATM scam with an average loss of $10,000.
Earlier this year, Massachusetts became the latest state to sue a crypto ATM operator, in this case Bitcoin Depot for enabling criminals to use their machines to scam people. According to the lawsuit, more than half of the money that went through Bitcoin Depot ATMs between August 2023 and January 2025 was related to scams. Indiana and Tennessee have gone so far as to ban cryptocurrency ATMs.
Now San Antonio, Texas has passed an ordinance effective July 1st requiring a sign be put on all cryptocurrency ATMs in both English and Spanish warning users about common cryptocurrency scams and instructing anyone being pressured to send money to call 911.
TIPS
Protecting yourself from these imposter scams starts with recognizing that you can never be sure who is actually contacting you when you are contacted by phone, email or text message so you should never click on a link, download an attachment or provide personal information in response to any of those communications unless you have absolutely confirmed that the communication was legitimate. Further there is no circumstance where you will be asked by anyone legitimate to withdraw funds from your bank, deposit them into a cryptocurrency ATM and transfer the funds to them. Only scammers make those requests.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”