Scam of the Day
Scam of the day – June 2, 2023 – South Carolina Passes Sextortion Legislation
I have been warning you about sextortion scams for seven years. Last January, the FBI issued a new warning about sextortion https://www.justice.gov/usao-sdin/pr/fbi-and-partners-issue-national-public-safety-alert-sextortion-schemes and more recently, the South Carolina Legislature passed a bill called Gavin’s Law that is expected to be signed into law soon by Governor Henry McMaster. This law would further criminalize extorting minors or at-risk adults. It was named after the son of a South Carolina legislator whose teenage son committed suicide after being a victim of sextortion. Criminal actions have been brought against sextortion scammers including against Buster Hernandez who was sentenced to 75 years in prison who extorted more than 375 people.
Some sextortion scams begin with an email in which you are told that your computer and web cam have been hacked and that the scammers have video of you watching porn online. In the email, the scammer threatens to send the videos to people on his contact list unless you pay a ransom in Bitcoin or some other cryptocurrency.
More recently, as the FBI warns, adult predators, often posing as young girls, contact teenage boys on a variety of online platforms such as games or social media and then convincine the teenage boys to engage in explicit sexual activity while unbeknownst to the teenaged boy, the predator is recording it. The scammer then reveals to the teenager that the scammer has the recording and threatens to post it online unless a substantial payment is made. According to the FBI there has been a significant increase in the instances of his scam with law enforcement receiving more than 7,000 sextortion complaints with the true number of instances of this scam thought to be much higher, but unreported. Many of these scams are organized and based outside the United States, primarily in West African countries such as Nigeria and the Ivory Coast.
TIPS
The FBI advises parents to tell their children to be very careful as to what they share online. Social media accounts which are open to everyone provide predators and scammers with a lot of information that the scammers can use to lure people into scams. Discuss the appropriate privacy settings with your children for all of their accounts.
The FBI also tells parents to remind their children that they can never be sure as to who they are communicating with online and they should be particularly skeptical if they meet someone on a game or app who then asks to communicate with them on a different platform.
In regard to your web cam being hacked, while often this is merely a threat and the scammer has not hacked your web cam, web cams can be hacked. One thing you can do to protect your webcam from being hacked is to make sure that you change the default password on your webcam when you first install it. Another simple thing I do and you can, as well, is to merely put a post-it note over your webcam when it is not in use.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – June 1, 2023 – Mega Millions Scams
Over the years, I have written many times about lottery and sweepstakes scams, which continue to be one of the most popular and profitable scams for scammers. Scammers use lottery and sweepstakes scams to cheat people out of millions of dollars each year by tricking their victims into sending money to the scammers after convincing their victims that they have won a lottery, but are required to pay some fees or taxes in order to collect their prize. It is hard to win any lottery. It is impossible to win one that you have not even entered and yet scam artists, the only criminals we refer to as artists have found that it is extremely lucrative to scam people by convincing them that they have won various lotteries.
Most lottery scams involve the victims being told that they need to pay taxes or administrative fees directly to the lottery sponsor; however no legitimate lottery requires you to do so. As with many effective scams, the pitch of the scammer seems legitimate. Income taxes are due on lottery winnings, but with legitimate lotteries they are either deducted from the lottery winnings before you receive your prize or you are responsible for paying the taxes directly to the IRS. No legitimate lottery collects taxes on behalf of the IRS from lottery winners. Other times, the scammer tell the “winners” that in order to collect their prizes, they need to pay administrative fees. Often, the victims are told to send the fees back to the scammer by prepaid gift cards or prepaid cards. Prepaid cards are a favorite of scammers because they are the equivalent of sending cash. They are impossible to stop or trace. Again, no legitimate lottery requires you to pay administrative fees in order to claim your prize.
Recently the real Mega Millions issued a warning about a number of scams using Mega Millions as a hook. Scammers contact their targeted victims by phone, email, regular snail mail or text messages informing their targeted victims that they have won a Mega Millions prize, but then ask for payments of various fees or taxes that they say are necessary in order for the victim to claim his or her prize.
Here is a link to the warning issued by Mega Millions which contains copies of letters sent by the scammers. https://www.megamillions.com/News/2023/Advisory-How-to-Recognize-the-Latest-Lottery-Scams.aspx
TIPS
As I have often told you, it is difficult to win a lottery you have entered. It is impossible to win one that you have not even entered. You should always be skeptical about being told that you have won a lottery you never entered. If you did play Mega Millions, you should check with the Mega Millions website to confirm that you indeed did win one of the prizes. Here is a link to the Mega Millions website that both provides the winning numbers for the jackpot as well as the prizes for lower payouts. https://www.megamillions.com/
No legitimate lottery requires you to pay a processing fee or any other fee in order to claim your prize. While it is true that income taxes are owed on lottery winnings, legitimate lotteries never collect tax money from winners. They either deduct the taxes from the winnings or leave it up to the winners to pay their taxes directly to the IRS.
It should also be noted that the real Mega Millions does not contact winners by phone, email, snail mail or text messages.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – May 31, 2023 – FBI Impostor Scam
Impostor scams have long been among the most lucrative for scammers. While there are many variations of this scam, the most common variations have involved scammers calling their intended victims on the telephone posing as some governmental agency such as the, FBI, IRS or the Social Security Administration. The scammer then, under a wide variety of pretenses, demands an immediate payment by gift cards, credit card or wired funds. Being asked to pay by gift cards is a definite indication that the call is a scam since no governmental agency requests or accepts payments by gift cards. Alternatively, the scammer demands the victim supply the phony governmental agent with personal information such as your Social Security number which will then be used for identity theft purposes.
Recently the FBI’s Pittsburgh office issued a warning about scam phone calls in which the scammer poses as an FBI agent demanding payment by a gift card to resolve a criminal investigation they say is being pursued against the targeted scam victim. In some of these calls, the scammer threatens arrest if you do not make immediate payment.
While the recent warning dealt with phone calls made in the Pittsburgh area, this scam is being done throughout the country.
TIPS
It is easy to recognize one of these impersonation scams. Neither the FBI, IRS or SSA will initiate communication with you by a phone call and they will never threaten you with arrest for non-payment of a claim. Neither does any government agency accept gift cards or cryptocurrency payments.
As I have often reminded you, through the simple technique of “spoofing” it is very easy for a scammer to manipulate your Caller ID to make a call coming to you appear legitimate when it is not. The calls being made by scammers in Pittsburgh appear on your Caller ID as if they were being made by the FBI although the call is being made from an entirely different number. Therefore you can never truly trust your Caller ID. Trust me, you can’t trust anyone. Even though your Caller ID may indicate that the call is coming from the FBI, the IRS or some other government agency the call is coming from a scammer.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – May 30, 2023 – MetaMask Phishing Email
Today’s Scam of the day is a phishing email that appears to come from MetaMask. MetaMask is a software cryptocurrency wallet used to interact with the Ethereum blockchain. The email makes for compelling reading, but it is a scam. Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new. They are a staple of identity thieves and scammers and with good reason because they work. As always, they lure you by making it appear that there is an emergency that requires your immediate attention or else dire consequences will occur.
Copied below is the email which contains the MetaMask logo, but was sent from an email account that had no relation to MetaMask which is a clear indication that this is a scam. Most likely the email address from which it was sent was from an email account of an innocent person whose email accounts was hacked and made a part of a botnet used to send out phishing emails. Another indication that this is a scam is that your name does not appear anywhere in the salutation.
TIPS
Legitimate emails from MetaMask or any company with which you do business would include your name and account number. This email had neither. Obviously, if you are not a MetaMask customer, you will recognize immediately that this is a scam.
As with all phishing emails, two things can happen if you click on the links provided. Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft. In this case if you clicked on the link and provided the information requested, your cryptocurrency account would be looted.
Whenever you get an email that asks you for information or to click on links and may appear to be legitimate, do not provide the information or click on the link. Rather, contact the company by phone or by email at a phone number or email address that you have confirmed is legitimate.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it states “Sign up for this blog.”
Scam of the day – May 29, 2023 – Federal Court Shuts Down Pyramid Schemer
In the Scam of the day for January 19, 2020 I first told you that the Federal Trade Commission (FTC) had sued multi-level marketer “Success By Health” and its executives alleging that the company operated an illegal pyramid scheme. At that time the United States Federal Court for Arizona granted a temporary restraining order shutting down the operation of “Success by Health” while the litigation progressed. According to the FTC, “Success By Health” cheated their victims out of more than seven million dollars. The flagship product of “Success By Health” is an instant coffee product called “MyocoCafe” that contains a mushroom that “Success By Health” represented as providing significant health benefits although there is no evidence to that effect.
“Success By Health” operated as a multi-level marketing company, however, rather than a legitimate multi-level marketing company such as Amway, the FTC alleges that “Success By Health” operated as an illegal pyramid scheme through which its distributors made money by recruiting new distributors rather than through selling products which is the hallmark of an illegal pyramid scheme. As Andrew Smith the FTC’s Director of Consumer Protection has said, “Participants in legitimate multi-level marketing companies earn money based on actual sales to real customers rather than recruitment. But pyramid schemes depend on recruitment of new participants to pay out to existing participants, meaning that the vast majority of participants will ultimately lose money.” “Success By Health” executives told prospective distributors that they could earn more than a million dollars per month, however, in order to do so they would have to recruit more than 100,000 affiliates working under them to achieve that level of profit.
Sometimes a legitimate multilevel marketing business may look quite similar to an illegitimate pyramid scheme, which is one of the reasons that so many people fall prey to these scams. For every legitimate multilevel marketing company, such as Mary Kay and Amway, there are many that are just scams. In a legitimate multilevel marketing company, investors make money by selling products to the public and by recruiting new salespeople. In a pyramid scheme the source of profits is based primarily on the recruiting of new members or salespeople.
Now the Federal Court for Arizona has ruled that Success by Health and its principal, Jay Noland and others violated a range of federal laws and have banned them from ever participating in multi level marketing operations and also imposed a 7.3 million dollar judgment against them. This money will be used to pay back the victims of the scam. As more information becomes available about the refunds, I will inform you.
TIPS
Anyone who is considering investing in what is represented to be a multilevel marketing business should always investigate the company and the terms of investment carefully before investing any money. In addition, you should also check out the company with the FTC and your state’s attorney general to make sure that the company is legitimate before investing any money. Here is a link to information from the FTC that you should consider before investing in a multilevel marketing business. http://www.consumer.ftc.gov/articles/0065-multilevel-marketing
As for supplements that purport to provide health benefits, you should never buy them or sell them unless you have thoroughly investigated the legitimacy of the claims.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – May 28, 2023 – Memorial Day Scams
As we honor our veterans on Memorial Day, May 29th it is important to remember that scammers take Memorial Day as just another opportunity to scam veterans and others. In the case of Memorial Day, you can expect to be solicited by scammers by phone (remember legitimate charities can call you by phone even if you have enrolled in the Do Not Call List because charities are exempt from the Do Not Call List), email or letters asking for your money for various veterans causes or charitable ventures tied to Memorial Day.
Another common scam targets veterans and starts with a telephone call in which the veteran is told that in order to continue to receive various benefits, it is necessary to verify personal information such as the veteran’s birth date, Social Security number or bank account information. Of course, the call is not from the Veterans Administration and the call is not to verify information, but rather to gain information to be used to make the veteran a victim of identity theft.
TIPS
You never know who is on the other line of a telemarketing call, so never trust them. Remember my motto, “trust me, you can’t trust anyone.” If you are at all interested in what the caller appears to be selling or soliciting, ask them to send you written materials that you can then check out to see if it is legitimate. When it comes to charities, a good place to go is www.charitynavigator.org where you can see if a charity is legitimate or a scam as well as actually how much of the money they collect goes toward their charitable purposes and how much towards salaries and administrative costs.
As for calls purporting to be from the Veterans Administration, they do not call you on the phone to verify information. If you receive such a call, you can never be sure who is really calling because clever identity thieves are able to use a technique called “spoofing” to make it appear on your Caller ID as if the call from the identity thief is coming from the VA.
Since you cannot be sure who is calling you when you receive a call asking for personal information, you should never give that information out in response to a phone call, text message or email. Instead if you have the slightest thought that the communication may be legitimate, you should contact the real entity, in this case, the VA at a phone number that you know is accurate to inquire where you will learn that the initial contact was a scam.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – May 27, 2023 – FTC Refunding Money to Victims of Credit Card Interest Rate Reduction Scam
In 2020 I first told you about the FTC and the State of Florida suing GDP Network and its owners over allegations that they operated a credit card interest rate reduction scam. GDP contacted consumers through telemarketing cold calls promising to permanently and substantially reduce their credit card interest rates. After tricking consumers into believing they were affiliated with the consumer’s existing credit card companies or well-known credit card networks such as MasterCard or Visa, the defendants promised to save them thousands of dollars in credit card interest and enable them to pay off their credit card debt three to five times faster. The defendants charged upfront fees of as much as $3,995 for their bogus services, the agencies allege.
Many consumers who paid the defendants’ significant upfront fees received no permanent debt reduction and were left with more debt and worse credit. Instead of contacting the consumer’s credit card companies to negotiate permanently and substantially lower interest rates, the defendants applied for new credit cards in their names with temporarily lower “teaser” interest rates. They then executed balance transfers from the consumer’s existing cards to the new cards. These tactics not only failed to provide many consumers the savings they were promised, but also often left them saddled with substantial balance transfer fees, on top of the upfront fees they paid.
Now three years later the case has been settled with GDP Network being permanently banned from the debt relief industry and required to pay funds that are now being refunded to victims of the scam. The FTC has started sending refund checks to victims of the scam. For more information about the refunds, go to the middle of the opening page of Scamicide to the section entitled “FTC Scam Refunds.”
TIPS
It is important to remember that the FTC’s Telemarketing Sales Rules specifically prohibit charging advance fees before providing any debt relief services. Any company that requires an advance fee before they have completed their successful debt reduction services is breaking the law. You also may want to consider avoiding scams like this by enrolling in the federal Do Not Call List so that if you are contacted by a telemarketer, you already know it would be someone who is knowingly breaking the law and cannot be trusted. Registering for the Do Not Call List is easy and free. Merely go to http://www.donotcall.gov to register your phone number.
If you need real credit counseling you can go to this section of the Department of Justice’s website where it lists agencies approved to assist consumers with debt problems. https://www.justice.gov/ust/list-credit-counseling-agencies-approved-pursuant-11-usc-111 You also may consider contacting companies that are affiliated with the National Foundation for Credit Counseling at this link https://www.nfcc.org/
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – May 26, 2023 – Postal Workers Scammed Out of a Million Dollars
The American Postal Workers Union has disclosed that at least 460 of its members lost a million dollars in paychecks through a scam in which the scammers set up fake USPS HR websites that were used by the scammers to trick the postal workers who went to the phony websites to provide their usernames and passwords which the scammers then used to access the postal workers’ real accounts and have the paychecks sent to accounts controlled by the scammers.
Payroll diversion scams such as this are becoming a major problem, but can be avoided by taking a few precautions.
TIPS
Whenever you are going to a website you should never go by clicking on a link in an email or text message. Nor should you trust a search engine search to provide you with the real website. Algorithms used by search engine such as Google can be manipulated by sophisticated scammers to have their phony websites appear at the top of a search. Instead you should confirm the URL of the site you are looking for and enter it manually.
Additionally, because the risk of your user name and password being compromised is great, whenever possible you should use dual factor authentication so that even if someone manages to obtain your user name and password, they will not be able to access your account.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – May 25, 2023 – Two Million People Affected by Medical Equipment Company Data Breach
Once again I need to tell you about another major data breach. This time it is Apria Healthcare LLC a home medical equipment company who, we are just now learning was hacked in 2019 and 2021 by the same hackers. As a result of the data breach sensitive information including credit card and debit card numbers of two million of Apria Healthcare’s customers were stolen.
As I have reminded you many times, we are only as safe and secure as the security of the companies, government agencies and websites that have our personal information. Even if you are extremely diligent in protecting your personal information, you can be in danger of identity theft and scams if your personal information falls into the hands of hackers.
So what can you do to protect yourself from these data breaches that will be occurring?
TIPS
One important lesson is to limit the amount of personal information that you provide to companies and websites whenever possible. For example, your doctor or hospital doesn’t need your Social Security number for its records. This is particularly significant because health care providers are the biggest targets for data breaches.
You should make sure that you have a unique password for each of your online accounts so that if one of your passwords is compromised in a data breach, all of your accounts will not be in danger. If your information is compromised in a data breach, you should immediately change the password for that account.
If you have not already done so, set up dual factor authentication for each of you accounts where it is available. This will protect you from having those accounts stolen by someone who may have access to your password.
You also should limit your debit card use to using it at ATMs because the law regarding liability for fraudulent debit card charges is not as protective as the law regarding credit cards.
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – May 24, 2023 – Ransomware Attack Cripples Dallas
I have been warning you about the dangers of ransomware for eight years. Ransomware is a type of malware that when downloaded encrypts and make unavailable all of the data on your computer. Once this occurs the criminals then threaten to destroy the data if a ransom is not paid. Ransomware attacks have been made against government agencies, companies and individuals. Like all forms of malware, ransomware must be downloaded on to your computer in order to cause problems. This is generally done by luring people to click on links or download infected attachments contained in spear phishing emails. One of the most recent ransomware attacks started on May 3rd against the City of Dallas As a result of the attack, the Dallas government has had many of its services unavailable as well as sensitive data stolen.
For the last eight years protection from ransomware has focused on backing up your data daily so that if you do become a ransomware victim, you do not feel compelled to pay the ransom because your data has been protected. Some cybercriminals have changed their tactics in regard to ransomware. In 2020 the University of Utah announced that it had paid $457,059 to cybercriminals who used ransomware to attack the University’s computers and encrypt its data. What was unusual about this was the fact that the University of Utah had backed up all of its data and was in no danger of losing the data if it did not pay the ransom. However, in a relatively new tactic that has been employed against law firms and others recently, the cybercriminals threatened to make public the sensitive information they stole if a ransom was not paid. We are now seeing about 10% of ransomware attacks involve the making public of data accessed by the cybercriminals.
It is important to note that although major ransomware attacks against companies and governmental agencies have been newsworthy, a ransomware attack is also a very real threat to ordinary people.
TIPS
Because ransomware attacks as well as most other types of malware attacks are spread through phishing emails that lure unsuspecting people into clicking on malware infected links or downloading attachments tainted with malware, you should never click on links in emails or download attachments unless you have absolutely confirmed that the email is legitimate.
You also should update all of your electronic devices with the latest security updates and patches as soon as they become available, preferably automatically. Many past ransomware attacks exploited vulnerabilities for which patches had already been issued. The No More Ransom Project has a website that provides decryption tools for some of the older versions of ransomware that are still being used. Here is a link to their website https://www.nomoreransom.org/en/decryption-tools.html It is important, however, to remove the ransomware before downloading and using the decryption tools. This can be done using readily available antivirus software. It is also important to remember that even if you have the most up to date security software on your computer and phone, it will not protect you from the latest zero day defect malware which is malware that exploits previously undiscovered vulnerabilities.
Another precaution you should follow is to regularly back up all of your data on at least two different platforms, such as in the Cloud and on a portable hard drive. However, this will not protect you from a ransomware attack that threatens to make public your data, so everyone should truly focus on not just protecting data in the event of a ransomware attack, but on preventing such attacks through security software and training to recognize phishing and spear phishing emails.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”