Scam of the Day

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Scam of the day – January 31, 2023 – George Santos Charity Scam

Among the many lies stated by Congressman George Santos of New York during his campaign was that he claimed that he created and ran an animal rescue charity called Friends of Pets United.  According to Santos, his charity rescued 2,400 dogs and 280 casts and neutered and released more than 3,000 cats between 2013 and 2018.  However, there is no record of the charity ever legally existing nor does it have a website.  It is not registered with the Internal Revenue Service nor has it ever filed the IRS forms charities are required to file annually.  It appears that anyone who donated to Santos’ charity were swindled.

Whenever you are solicited by a charity on the phone, you can never be sure who is really contacting you.  Even if your Caller ID indicates that the call is coming from a legitimate charity, as I have mentioned many times, scammers use a simple technique called “spoofing” to manipulate your Caller ID to make their calls appear to come from a legitimate source when the truth is that the call is coming from a scammer.    Similarly when you receive a text message or email solicitation for a charity, you have no way of knowing if the solicitation is from a scammer or a legitimate charity.

TIPS

Phony charities often have names that sound legitimate and it is difficult to know merely from a solicitation whether or not the charity is a fake.  Other times, scammers will use the name of a legitimate charity when they solicit you by phone, email or text message and you can never be sure when you are contacted by email or text  message whether or not the solicitation is legitimate.  Prior to giving to any charity, I suggest you first look into whether indeed the charity is legitimate or not and the best way I know to do that is to go to http://www.charitynavigator.org where not only can you find out whether the charity is a scam, but also whether or not your donation will be tax deductible,  how much of your donation goes toward the charitable purposes of a legitimate charity and how much goes toward salaries, administrative costs and fund raising.  Charitynavigator.org will also give you access to the websites and phone numbers of legitimate charities you may wish to consider giving to so you can feel confident when you make a gift that it is going to the right place.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/

Scam of the day – January 30, 2023 – Another Password Manager Hacked

Having unique, complicated passwords for each of your accounts is an essential element of online security.  However, remembering all of your passwords can be a difficult task for many people, which is why so many people use online password managers, which store all of your passwords for you.  These companies, however, are tempting targets for identity thieves.  Earlier this month, I told you about a data breach at the password manager company LastPass that suffered a data breach in which 33 million people had much personal information stolen that could lead to identity theft.

Now we have learned that a number of people using Norton’s Password Manager had their accounts hacked, but it should be emphasized that the fault was not with Norton, but with Norton users who used the same master password for their password manager account that they used for multiple other accounts, at least one of which suffered a data breach.  Scammers and identity thieves purchase passwords compromised in data breaches that are sold, often in large batches on the Dark Web where criminals who have hacked into companies and stolen passwords and other personal information sell the stolen information to other criminals

In 2018 researchers at Aalto University and the University of Helsinki discovered security flaws affecting the technology used by all of the password managers. The researchers disclosed their findings to the affected companies which took steps to remedy the problem, but the bottom line is that while using a password manager is helpful, it will always be a target of hackers and you may be more comfortable using unique, complex passwords for each account that you can readily remember without using a password manager. This is not as difficult as it sounds as you will read below.

TIPS

First, if you are interested in using a password manager, here is a link to an article  from PC magazine that compares many of the legitimate password managers available to you. https://www.pcmag.com/picks/the-best-password-managers

If you do decide to use a password manager, you should remember not to use your password manager master password for any of your other accounts.  You also should use dual factor authentication so that even if someone were to gain access to your password manager master password, your password manager account could not be accessed.

However, if you would like to use the helping hand you find at the end of your own arm and generate unique, complex passwords for each of your accounts that are easy to remember, here is a strategy that is very effective. You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords that has capital letters, small letters and a symbol, add a few symbols at the end so it may read IDon’tLikePasswords!!! and then adapt it with a few letters for each particular account you have so that you will have a secure and easy to remember password for each of your online accounts.   Thus, your Amazon password could be IDon’tLikePasswords!!!AMA.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”

Scam of the day – January 29, 2023 – Smishing Scams Increasing

Although the name may not be as familiar as “phishing” which is the name for emails that lure you into clicking on malware infected links or providing personal information that will be used to make you a victim of identity theft, “smishing” is the name given to text messages that lure you into clicking on links or providing personal information in response to a text message from what appears to be a trusted source, such as a company with which you do business.

Smishing scams have increased in frequency over the last year.  According to the Federal Trade Commission (FTC) 21% of fraud reports dealt with smishing.   Many smishing text messages appearing to come from Amazon, USPS, Federal Express, Cash App, Netflix and others. Like phishing emails, the purpose of a smishing text message is to either lure you into providing personal information that will be used to make you a victim of identity theft or to click on a link in the text message that will download dangerous malware.

TIPS

Among the topics of smishing text messages are free prizes, gift cards or coupons, credit card offers, student loan assistance, suspicious activity on an account of yours, or a need to update your payment information with a company with which you do business. Smishing emails that appear to come from your bank are also quite common.

As I always say, “trust me, you can’t trust anyone.”  You can never be truly sure when you receive a text message seeking personal information such as your credit card number whether or not the email is a scam. The risk of clicking on a link or providing the requested information is just too high. Instead, if you think that the text message might be legitimate, you should contact the company at a telephone number that you know is legitimate and find out whether or not the text message was a scam.

For some reason it appears that Verizon users are being targeted most frequently by smishing scams.

As for Netflix, which has been used as a hook in many recent smishing scams, the real Netflix will never ask in an email or text message for any of your personal information so anytime you get an email or text message purportedly from Netflix asking for your credit card number, Social Security number or any other personal information, it is a scam.  Here is a link to Netflix’s security page for information about staying secure in regard to your Netflix account. https://help.netflix.com/en/node/13243

If you are not a subscriber to Scamicide.com and would like to free receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”

Scam of the day – January 28, 2023 – FTC Refunding Money to Victims of Supplement and Beauty Product Scam

In 2016 the FTC settled a lawsuit it brought against NutraClick LLC a company that lured consumers with “free” samples of health and beauty products and then charged them a recurring monthly fee without their consent.  In 2020, the FTC sued NutraClick again for misleading consumers when they tried to cancel their “free” trial memberships to avoid monthly charges.  Now the FTC is returning $973,000 to 17,064 people who were victimized by NutraClick.  The funds for the refund were obtained from payments made by NutraClick pursuant to its settlement agreements with the FTC.  The FTC is now sending checks to people who were charged for unwanted memberships.

TIPS

For more information about this refund program go to the tab in the middle of the Scamicide home page entitled “FTC Scam Refunds.”  It is important to note that there is never a charge for obtaining a refund through the FTC or any of its refund administrators.  Anyone who asks for such a payment is just another scammer.

As for health care products in general, the truth is that there are no quick fixes when it comes to remedying a wide variety of health issues and you should be wary of any product that promises to do so.  You should also be wary of any health care product that is sold exclusively either over the Internet or through mail-order advertisements. The best course of action is to ask your physician about the effectiveness of a particular product or program before you consider buying it.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”

Scam of the day – January 27, 2023 – Critical Apple Security Updates

It is always important to update all of the software you use with the latest security updates and patches as soon as they are available. Numerous hacks and data breaches could have been avoided if individuals as well as companies installed security updates as soon as they became available. Hackers take advantage of the fact that many of us procrastinate installing security software to our great detriment. The major data breach at Equifax that affected 148 million people involved a security flaw in Apache software for which a patch had already been issued months earlier, but Equifax had not yet installed at the time of the data breach.

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device.

TIPS

Here is a link to Apple’s page with all of the security updates and instructions as to how to install them. https://www.cisa.gov/uscert/ncas/current-activity/2023/01/24/apple-releases-security-updates-multiple-products

If you use any of the affected Apple devices, it is critical that you install these updates as soon as possible.

If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up using this link. https://scamicide.com/scam-of-the-day/

Scam of the day – January 26, 2023 – Data Breach Threatens FanDuel Sportsbook Customers

The headline of today’s Scam of the day is very precisely worded.  FanDuel, the online sports gambling site did not suffer a data breach, however, its customers did.  This is because a data breach at Mail Chimp, an email marketing company used by FanDuel to send out FanDuel’s newsletters did result in FanDuel’s customers having their names and emails stolen.  While this information is not as directly harmful as having your Social Security number compromised, it is still significant because this information places FanDuel’s customers at an increased risk of spear phishing emails.  This data breach is just another example of the fact that regardless of how good you are at protecting your personal information, you are always at risk of having that information compromised by third parties who have your information.

We are all familiar with the term “phishing” which is when you receive an email from a scammer or identity thief posing as someone else to lure you into either clicking on malware infected links or provide personal information.  While phishing emails can be convincing, they are not nearly as convincing as a “spear phishing” email which is a phishing email specifically tailored to you and your interests.  Unlike phishing emails, spear phishing emails will contain your name and refer to a company with which you do business or some other topic that the scammer knows is something of great interest to you.

With the NFL playoffs continuing and the Super Bowl not far off there will certainly be increased interest in gambling on these games and users of FanDuel should expect to receive spear phishing emails from identity thieves and scammers posing as FanDuel that may appear quite legitimate.

TIPS

As always, you should never provide personal information or click on links in emails or text messages unless you have absolutely confirmed that the communication you receive is legitimate.  In the light of the Mail Chimp data breach, customers of FanDuel should be particularly skeptical of any emails they receive either asking for personal information or providing links.  In addition, if you are a FanDuel customer and haven’t already done so, in addition to making sure you have a strong, unique password for your FanDuel account, you should also set up dual factor authentication for further protection.

If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”

Scam of the day – January 25, 2023 – Pyramid Schemes vs. Multilevel Marketing

Multilevel marketing companies, such as Amway, Avon and Mary Kay utilize a business model where you sign up with them to sell their products directly to consumers and earn commissions on your sales.  In addition, you can earn money by recruiting other people to do the same thing and get a commission from their sales as well.  You will often see social media used to recruit people to multilevel marketing companies with promises of big pay for your work.

While multilevel marketing is legitimate, pyramid schemes, which often resemble multilevel marketing businesses are not.  The key difference is people involved in pyramid schemes make their money not primarily by selling products, but by recruiting other people to participate in the pyramid scheme.  In October of 2019 I told you that the Federal Trade Commission (FTC) settled its legal action against AdvoCare International and its former CEO who under the terms of the settlement are banned from operating  multilevel marketing businesses and were ordered to pay more than 149 million dollars to the FTC to be refunded to consumers.

AdvoCare promoted health and wellness products such as its Spark energy drink, but its profits came from recruiting new distributors rather than selling products which is the hallmark of a pyramid scheme.    AdvoCare routinely misrepresented and lied to people about the operation of the company.  Among their misrepresentations were that the distributorships would routinely provide hundreds of thousands or even millions of dollars of profit annually to people who signed up to be distributors.  The truth is that in 2016, 72.3% of distributors earned nothing, 18% earned no more than $250 and 6% of distributors earned between $250 and $1,000 while the distributors paid thousands of dollars in fees to join and maintain their status each year with the company.

Sometimes a legitimate multilevel marketing business may look quite similar to an illegitimate pyramid scheme, which is one of the reasons that so many people fall prey to these scams.  For every legitimate multilevel marketing company, such as Mary Kay and Amway, there are many that are just scams.  In a legitimate multilevel marketing company, investors make money by selling products to the public and by recruiting new salespeople.  In a pyramid scheme the source of profits is based primarily on the recruiting of new members or salespeople.

TIPS

Anyone who is considering investing in what is represented to be a multilevel marketing business should always investigate the company and the terms of investment carefully before investing any money.  In addition, you should also check out the company with the FTC and your state’s attorney general to make sure that the company is legitimate before investing any money.

Here is a link to information from the FTC that you should consider before investing in a multilevel marketing business.  http://www.consumer.ftc.gov/articles/0065-multilevel-marketing

In addition, even with “legitimate” multilevel marketing companies, according to research by the FTC few people make any money.  According to the FTC in 2021 the average annual income for someone working for Amway was a mere $766 and that figure is before expenses are factored in.  Here is a link to a study referred to by the FTC https://www.ftc.gov/sites/default/files/documents/public_comments/trade-regulation-rule-disclosure-requirements-and-prohibitions-concerning-business-opportunities-ftc.r511993-00008%C2%A0/00008-57281.pdf

If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”

Scam of the day – January 24, 2023 – FBI Recovers 3 Million Dollars of Cryptocurrency from Scammers

Last Friday, the FBI announced that it had recovered almost 3 million dollars worth of Bitcoins that were the proceeds of a scam operated by as of yet unidentified scammers perpetrating an elaborate phone scam on elderly Americans and first generation American citizens.  The scammers used the technique of spoofing to make their phone calls which originated outside of the United States to appear on their victims’ Caller ID as being from American law enforcement agencies.  In these calls, the scammers would tell their victims that their identities had been stolen and that in order to be protected from further damage, they needed to transfer money to the scammers for “safekeeping.”   The victims were further told that when the non-existent identity thieves were captured, their money would be returned to them with interest.

Victims of the scam transferred money to the scammers who then laundered the money through multiple bank accounts and eventually converted the funds to Bitcoin and other cryptocurrencies.  Fortunately, the FBI and the U.S. Attorney’s Office were able to trace the funds and ultimately found a digital wallet holding the stolen funds that had been converted into cryptocurrencies.  Under the civil asset forfeiture laws of the United States, they were able to get a court order to recover all of the funds in the digital wallet while the investigation continues to identify and locate the scammers behind the scam.  Regardless of whether the scammers are ever found, the funds will still be able to be returned to the victims.

TIPS

Whenever you get a phone call, text message or email, you can never be sure as to who is really contacting you.  Phone calls can be spoofed to make the call appear as if it is coming from a legitimate source and emails and text messages can similarly be disguised to appear legitimate.  No one should ever make a payment or provide personal information in response to any phone call, email or text message unless they have absolutely confirmed that the communication was legitimate.  Families of elderly people or otherwise vulnerable people should impress upon their family members the importance of following these rules.

If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up using this link. https://scamicide.com/scam-of-the-day/

Scam of the day – January 23, 2023 – Romance Scammer Convicted

Recently in Dallas, Emanuel Stanley Orji, a Nigerian associated with Nigerian organized crime was sentenced to 37 months in federal prison for crimes related to romance scams he operated with others including his brother who had previously been convicted of the same crimes.  Orji particularly targeted elderly women who were either widowed or divorced and used dating sites like Match.com to find their victims.  His scam followed the usual pattern of quickly proclaiming love for his victims and then coming up with a variety of reasons that he needed the women to send him money.

Romance scams continue to be a major problem.  As bad as they were prior to the pandemic, these scams increased dramatically during the Coronavirus pandemic.  According to the Federal Trade Commission (FTC) Americans lost more money to romance scams last year than to any other scam and the situation is getting more serious.  According to the FBI in 2021 24,299 people in the United States were victims of romance scams losing a billion dollars which was a 59% increase over the money lost in 2020.

Romance scams generally follow a familiar pattern with the scammers  establishing relationships with people, generally women, online through various legitimate dating websites and social media using fake names, locations and images.  The scammers often pose as Americans working abroad or in the military serving abroad.

TIPS

There are various red flags to help you identify romance scams.  I describe many of them in detail in my book “The Truth About Avoiding Scams.” The most important thing to remember is to always be skeptical of anyone who falls in love with you quickly online without ever meeting you and early into the relationship who then asks you to send money to assist them with a wide range of phony emergencies.

Here are a few other things to look for to help identify an online romance scam.  Often their profile picture is stolen from a modeling website on the Internet.  If the picture looks too professional and the person looks too much like a model, you should be wary. You also can check on the legitimacy of photographs by seeing if they have been used elsewhere by doing a reverse image search using Google or websites such as tineye.com.

Of course you should be particularly concerned if someone falls in love with you almost immediately.  Often they will ask you to use a webcam, but will not use one themselves.  This is another red flag.  One thing you may want to do is ask them to take a picture of themselves holding up a sign with their name on it.  In addition, ask for a number of pictures because generally when the scammers are stealing pictures of models from websites, they do not have many photographs. Ask for the picture to be at a particular place that you designate to further test them.  If you meet someone through a dating website, be particularly wary if they ask you to leave the dating service and go “offline.”

Recently, the dating sites Match, Tinder, Hinge and Plenty of Fish started a new public awareness program to help people recognize romance scams.  One tip they give is to use the verification check on your matches to help confirm they are the person who appears in the profile photo.  Also they advise you to set up video chats to confirm the person who they claim to be.

If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/

Scam of the day – January 22, 2023 – T-Mobile Suffers Another Data Breach

In the summer of 2021 I reported to you about a data breach at T-Mobile in which personal information of 54.6 million customers, former customers and prospective customers was stolen. The compromised information included names, phone numbers, Social Security numbers and addresses.  This type of information poses a tremendous threat to victims of the data breach, which was the sixth for T-Mobile in the last four years.  Social Security numbers in particular can be used by identity thieves to apply for credit cards and loans in your name.

Last July T-Mobile settled a class action brought against it by victims of the data breach.  According to the terms of the settlement, the company will pay $350 million dollars to settle the claims of the victims and spend an additional $150 million dollars to improve its cybersecurity.  If you were a victim of this data breach, the deadline for filing a claim to receive payment through the class action settlement is tomorrow, January 23rd so if you haven’t filed yet, you should do so immediately.  Here is the link to submit a claim online.  https://www.t-mobilesettlement.com/DynamicForms2/1552/Form/e59afd33-d4b3-4445-bb07-1020158f3a44

Now, however, T- Mobile revealed in federal filings that it had suffered yet another massive data breach affecting 37 million of its customers.  This time while no Social Security numbers were compromised, the stolen information did include the names, billing addresses, email addresses, phone numbers, birth dates, T-Mobile account numbers and information about the specific plans of the affected customers. All of this information can be used to tailor spear phishing emails and text messages that threaten the security of the victims of the data breach.

TIPS

But regardless of the settlement, what should you do if you are a T-Mobile customer who may be affected by this latest data breach.  Perhaps the first thing you should do is something you should have already done, but as the Chinese proverb says, “the best time to plant a tree is twenty years ago, the second best time is now.”  Freeze your credit at each of the three major credit reporting bureaus.

Here are links to each of them with instructions about how to get a credit freeze:
You also should change your T-Mobile password and security PIN as soon as possible.
Finally, you should be particularly cognizant of not clicking on links in text messages and emails unless you have absolutely confirmed that the text message or email is legitimate.  Scammers may well send you emails with malware infected links that appear to relate to the data breach.

If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, you can sign up using this link. https://scamicide.com/scam-of-the-day/

  • Categories

Archives