Scam of the Day
Scam of the day – May 24, 2023 – Ransomware Attack Cripples Dallas
I have been warning you about the dangers of ransomware for eight years. Ransomware is a type of malware that when downloaded encrypts and make unavailable all of the data on your computer. Once this occurs the criminals then threaten to destroy the data if a ransom is not paid. Ransomware attacks have been made against government agencies, companies and individuals. Like all forms of malware, ransomware must be downloaded on to your computer in order to cause problems. This is generally done by luring people to click on links or download infected attachments contained in spear phishing emails. One of the most recent ransomware attacks started on May 3rd against the City of Dallas As a result of the attack, the Dallas government has had many of its services unavailable as well as sensitive data stolen.
For the last eight years protection from ransomware has focused on backing up your data daily so that if you do become a ransomware victim, you do not feel compelled to pay the ransom because your data has been protected. Some cybercriminals have changed their tactics in regard to ransomware. In 2020 the University of Utah announced that it had paid $457,059 to cybercriminals who used ransomware to attack the University’s computers and encrypt its data. What was unusual about this was the fact that the University of Utah had backed up all of its data and was in no danger of losing the data if it did not pay the ransom. However, in a relatively new tactic that has been employed against law firms and others recently, the cybercriminals threatened to make public the sensitive information they stole if a ransom was not paid. We are now seeing about 10% of ransomware attacks involve the making public of data accessed by the cybercriminals.
It is important to note that although major ransomware attacks against companies and governmental agencies have been newsworthy, a ransomware attack is also a very real threat to ordinary people.
TIPS
Because ransomware attacks as well as most other types of malware attacks are spread through phishing emails that lure unsuspecting people into clicking on malware infected links or downloading attachments tainted with malware, you should never click on links in emails or download attachments unless you have absolutely confirmed that the email is legitimate.
You also should update all of your electronic devices with the latest security updates and patches as soon as they become available, preferably automatically. Many past ransomware attacks exploited vulnerabilities for which patches had already been issued. The No More Ransom Project has a website that provides decryption tools for some of the older versions of ransomware that are still being used. Here is a link to their website https://www.nomoreransom.org/en/decryption-tools.html It is important, however, to remove the ransomware before downloading and using the decryption tools. This can be done using readily available antivirus software. It is also important to remember that even if you have the most up to date security software on your computer and phone, it will not protect you from the latest zero day defect malware which is malware that exploits previously undiscovered vulnerabilities.
Another precaution you should follow is to regularly back up all of your data on at least two different platforms, such as in the Cloud and on a portable hard drive. However, this will not protect you from a ransomware attack that threatens to make public your data, so everyone should truly focus on not just protecting data in the event of a ransomware attack, but on preventing such attacks through security software and training to recognize phishing and spear phishing emails.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – May 23, 2023 – FTC Sues Student Loan Debt Relief Scammers
More than forty-two million Americans have student loans with an outstanding balance of more than 1.4 trillion dollars so it is no surprise that scammers are focusing their attention on these students and former students through scams that falsely promise to provide debt relief.
Recently the Federal Trade Commission (FTC) filed a lawsuit against SL Finance LLC and its owners Michael Castillo and Chirstian Castillo as well as against BCO Consulting Services Inc. and SLA Consulting Services Inc. and their owners Gianni Oilang, Brandon Clores, Kishan Bhakta and Allan Radam alleging that they lured unsuspecting victims into paying approximately 12 million dollars in illegal upfront fees by lying about repayment programs and loan forgiveness programs that never existed. The companies also lied about being affiliated with the Department of Education as well as telling their victims that the money paid to them would be used to reduce their loans.
The FTC has obtained a temporary injunction shutting down the scammers while the cases against them proceed in court.
TIPS
The old adage still is true. If it sounds too good to be true, it probably isn’t true. Many of these student loan debt relief scammers promise quick loan forgiveness, which is unrealistic. In addition, you should never pay any upfront fees for student loan debt relief assistance. Those fees are illegal and are a sure indication that you are being scammed. Also, remember my motto, “trust me, you can’t trust anyone.” Don’t trust scammers merely because they use names that sound like they are affiliated with the government.
For information you can trust about federal student loan repayment option, go to https://studentaid.ed.gov/sa/repay-loans . There you can learn about loan deferments, forbearance, repayment and loan forgiveness programs and there is never an application fee. If you owe private student loans, contact your loan servicer directly.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – May 22, 2023 – Taylor Swift Concert Ticket Scams
It is not an overstatement to say that Taylor Swift is one of the most popular singers of all time. Tickets to her concert tour are in great demand with many of her fans (called Swifties) desperate to buy tickets to her concerts. This desperation is not missed by scammers who have been selling phony tickets to her fans who end up going to the concert only to be doubly disappointed as they are turned away at the door and lose the money they used to pay for the tickets.
Scammers are selling their phony tickets on Craigslist, social media such as Facebook marketplace, through unsolicited emails and text messages as well as through pop-up ads.
TIPS
Always buy your tickets from legitimate sources that you have confirmed are legitimate with your local state’s attorney general. Buying tickets directly from the venue box office or reputable ticket sale or exchange sites is the safest way to buy tickets. Even then, check with the Federal Trade Commission for any complaints against these companies offering ticket sales. Never wire money for tickets because once money is wired, it is gone forever, leaving you with no recourse if the tickets are phony. Only pay through a credit card where you would be in a good position to get your money back if the sale is a scam. Never pay with a debit card where you have far less legal protection in the event of fraud. Nor should you pay by a gift card or services like Venmo. When buying tickets on-line using your credit card, make sure that the connection is secure. Always look for the prefix https rather than http in order to confirm that the data is encrypted as it is being transferred.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type your email address on the tab that states “Sign up for this blog.”
Scam of the day – May 21, 2023 – Federal Prosecutors Against Alleged Crypto and Metaverse Scammers
Two days ago, federal prosecutors unsealed charges against Bryan Lee in regard to an investment scam where Lee and the previously indicted Neil Chandran operated companies that purported to be developing metaverse technologies and cryptocurrencies. They promised investors huge returns which they said would occur when their companies would be bought by Jeff Bezos of and Elon Musk. Lee and Chandran managed to convince 10,000 people to invest more than 45 million dollars in these fraudulent companies.
Convicted Ponzi schemer Bernie Madoff who stole 50 billion dollars from unsuspecting victims may be the last person from whom you would accept investing advice, but in fact, his advice, as contained in a 2014 jailhouse interview Madoff gave to the Wall Street Journal is helpful to people hoping to avoid the fate of Madoff’s many victims. With great “chutzpah,” Madoff blamed his victims for their losses. He said that his investors were “sophisticated people” who should have known better. “People asked me all the time, how did I do it. And I refused to tell them, and they still invested. Things have to make sense to you. You should ask good questions.” About this he is correct. No one should ever invest in anything that they do not totally understand.
TIPS
The bottom line is that Bernie Madoff was right about one thing. No one should ever invest in anything without totally understanding the investment and the inherent risks. Cryptocurrencies and virtual reality products for the metaverse are extremely complicated. No one should invest in companies involved in these activities unless you firmly understand what you are investing in. You may want to check out the SEC’s investor education website at www.investor.gov. as well as the SEC’s website for information about cryptocurrencies. https://www.sec.gov/oiea/investor-alerts-and-bulletins/exercise-caution-crypto-asset-securities-investor-alert
Before investing with anyone, you should also investigate the person offering to sell you the investment with FINRA’s Central Registration Depository. http://www.finra.org/industry/crd This will tell you if the broker is licensed and if there have been disciplinary procedures against him or her. You can also check with your own state’s securities regulation office for similar information. Many investment advisers will not be required to register with the SEC, but are required to register with your individual state securities regulators. You can find your state’s agency by going to the website of the North American Securities Administrators Association.http://www.nasaa.org/2709/how-to-check-out-your-broker-or-investment-adviser/
Anyone investigating Neil Chandran would have been able to find that he was a convicted felon and securities law violator.
Scam of the day – May 20, 2023 – Debt Collection Agency Data Breach
If it seems like I was just telling you about another major data breach a few days ago, you are correct. It was only three days ago that I wrote about another data breach. https://scamicide.com/2023/05/16/scam-of-the-day-may-17-2023-another-major-health-care-data-breach/
Today’s data breach involves Credit Control Corporation which is a debt collection agency specializing in debt collection on behalf of a number of hospitals and physicians. They have just announced that they suffered a data breach in March in which sensitive personal information of 286,699 people was stolen. This information included names, addresses and, most importantly, Social Security numbers. This information can be readily used to make the victims of the data breach also victims of identity theft.
As I have reminded you many times, we are only as safe and secure as the security of the companies, government agencies and websites that have our personal information. Even if you are extremely diligent in protecting your personal information, you can be in danger of identity theft and scams if your personal information falls into the hands of hackers.
So what can you do to protect yourself from these data breaches that will be occurring?
TIPS
One important lesson is to limit the amount of personal information that you provide to companies and websites whenever possible. For example, your doctor or hospital doesn’t need your Social Security number for its records. This is particularly significant because health care providers are the biggest targets for data breaches.
You should make sure that you have a unique password for each of your online accounts so that if one of your passwords is compromised in a data breach, all of your accounts will not be in danger. If your information is compromised in a data breach, you should immediately change the password for that account.
If you have not already done so, set up dual factor authentication for each of you accounts where it is available. This will protect you from having those accounts stolen by someone who may have access to your password.
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – May 19, 2023 – Ghanian Influencer Arrested for Romance Scam
Federal law enforcement recently arrested Mona Faiz Montrage on charges related to operating multiple romance scams in which she is accused of stealing more than two million dollars from her elderly victims. Montrage is a popular Instagram influencer who uses the name Haija4Reall and has had as many as 3.4 million Instagram followers. As with all romance scams, Montrage is accused of convincing her victims into believing they were in a serious romantic relationship and then luring them into sending money to her under a variety of pretenses including payments to assist a fake army officer in Afghanistan. In one particularly unusual instance, Montrage is accused of using her real name in establishing the romance scam and then sending the victim in the United States a tribal marriage certificate that indicated that she and the victim were married in Ghana. The victim later sent Montrage $89,000 to help with what Montrage told him were costs associated with her father’s farm in Ghana.
Romance scams continue to be a major problem. As bad as they were prior to the pandemic, these scams increased dramatically during the Coronavirus pandemic. According to the Federal Trade Commission (FTC) Americans lost more money to romance scams last year than to any other scam and the situation is getting more serious. In 2022, nearly 70,000 people reported a romance scam to the FTC, and reported losses hit a staggering $1.3 billion and as large as this figure is, it is probably understated as many victims out of embarrassment don’t report being scammed.
Romance scams generally follow a familiar pattern with the scammers establishing relationships with people, generally women, online through various legitimate dating websites and social media using fake names, locations and images. The scammers often pose as Americans working abroad or in the military serving abroad.
While anyone can be the victim of a romance scam, according to the FBI, the elderly, women and people who have been widowed are particular vulnerable. Most romance scams are online and involve some variation of the person you meet through an online dating site or social media quickly falling in love with you and then, under a wide variety of pretenses, asking for money.
TIPS
There are various red flags to help you identify romance scams. I describe many of them in detail in my book “The Truth About Avoiding Scams.” The most important thing to remember is to always be skeptical of anyone who falls in love with you quickly online without ever meeting you and early into the relationship who then asks you to send money to assist them with a wide range of phony emergencies.
Here are a few other things to look for to help identify an online romance scam. Often their profile picture is stolen from a modeling website on the Internet. If the picture looks too professional and the person looks too much like a model, you should be wary. You also can check on the legitimacy of photographs by seeing if they have been used elsewhere by doing a reverse image search using Google or websites such as tineye.com.
Particular phrases, such as “Remember the distance or color does not matter, but love matters a lot in life” is a phrase that turns up in many romance scam emails. Also be on the lookout for bad spelling and grammar as many of the romance scammers claim to be Americans, but are actually foreigners lying about where they are and who they are.
Of course you should be particularly concerned if someone falls in love with you almost immediately. Often they will ask you to use a webcam, but will not use one themselves. This is another red flag. One thing you may want to do is ask them to take a picture of themselves holding up a sign with their name on it. In addition, ask for a number of pictures because generally when the scammers are stealing pictures of models from websites, they do not have many photographs. Ask for the picture to be at a particular place that you designate to further test them. If you meet someone through a dating website, be particularly wary if they ask you to leave the dating service and go “offline.”
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – May 18, 2023 – Massachusetts Diploma Mill Resurfaces
For-profit colleges and universities have been a target of state and federal investigations for years. I have written about this topic since 2012. It should be noted that not all for-profit colleges are scams, but there are a large number of for-profit colleges, sometimes referred to as “diploma mills” that at times offer credit for your “life experience” and lure students in with promises of a helpful degree, but the students end up with a worthless degree and an empty wallet. Sometimes the names of these scamming colleges and universities are confusingly similar to legitimate colleges. For instance, Columbia State University is a diploma mill while Columbia University is an eminent Ivy League school.
Recently, a website for the non-existent Massachusetts Central University has resurfaced. The phony college claims on its website to have 10,000 students and 1,200 faculty members. The truth is that the college doesn’t exist in any form. The Massachusetts Department of Higher Education first became aware of the Massachusetts Central University in 2021 and ordered the taking down of its website, however, now that website, complete with fake photos of students, faculty and a non-existent campus has reappeared.
Members of the armed forces and student veterans are often targeted by deceptive marketing by some for-profit schools who falsely claim they are affiliated with the U.S. Military.
TIP
If you are considering attending a for-profit school, first check it out with the United States Department of Education’s website at www.ope.ed.gov/accreditation to make sure it is an accredited institution.
You also should investigate whether a local college, university or community college would be more cost effective for you. For-profit colleges and universities are often more expensive than these other alternatives without offering any distinct advantages. Also, check out the graduation rates of any for profit college you are considering and finally, investigate the job prospects in your field of study. Don’t just take the word of the college.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – May 17, 2023 – Another Major Health Care Data Breach
It was just less than a week ago that I told you about a data breach at NextGen healthcare, an electronic health record software company which recently notified a million patients that their personal data had been stolen in a major data breach that apparently occurred between March 29th and April 14th of this year. That particular data breach is extremely serious because the information stolen included names, dates of birth, Social Security numbers, and home addresses. Now, I must inform you of an even larger data breach again in the healthcare industry. This time the victim of the data breach is the national pharmacy network PharMerica. which is now sending out notification letters to more than 5.8 million people informing them that their data was compromised in a data breach that occurred in March, but is only now being disclosed.
The PharMerica data breach is serious because among the personal information stolen was names, addresses, birth dates, Social Security numbers, health insurance information and medical information. This sensitive data puts PharMerica’s customers in serious danger of identity theft. In an unusual twist, some of the information stolen relates to deceased people who were customers of PharMerica. Identity theft of dead people can still create problems. Here is a link to a Scam of the day in which I discussed this form of identity theft and what you need to do to correct the problem. https://scamicide.com/2023/02/27/scam-of-the-day-february-28-2023-dead-people-are-becoming-victims-of-identity-theft/
As I have reminded you many times, we are only as safe and secure as the security of the companies, government agencies and websites that have our personal information. Even if you are extremely diligent in protecting your personal information, you can be in danger of identity theft and scams if your personal information falls into the hands of hackers.
So what can you do to protect yourself from these data breaches that will be occurring?
TIPS
One important lesson is to limit the amount of personal information that you provide to companies and websites whenever possible. For example, your pharmacy doesn’t need your Social Security number for its records. This is particularly significant because health care providers are the biggest targets for data breaches.
You should make sure that you have a unique password for each of your online accounts so that if one of your passwords is compromised in a data breach, all of your accounts will not be in danger. If your information is compromised in a data breach, you should immediately change the password for that account.
If you have not already done so, set up dual factor authentication for each of you accounts where it is available. This will protect you from having those accounts stolen by someone who may have access to your password.
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Invitation to Attend a Free Webinar on the Wild Wild World of Scams
I will be a speaker at a webinar entitled “the Wild Wild World of Scams: Crazy Scam Stories & How to Mitigate Your Risk on May 24th at 2:00 p.m. Eastern Time and I encourage Scamicide readers to attend this free webinar. Below is a link to click on for more information and to sign up.
Scam of the day – May 16, 2023 – Mavis Wanczyk Lottery Scams Continue
She’s back! I have been writing about scams related to Mavis Wanczyk for six years but recently I have received many emails from Scamicide readers telling me about various new incarnations of a variety of scams that share the same hook which is that Mavis Wanczyk is giving money away to lucky people. Many of you may not remember the name of Mavis Wanczyk, but she was the lucky winner of a 758 million dollar Powerball drawing in 2017. Not long after she claimed her prize, a scam started appearing in which many people received emails with the message line referring to the Mavis Wanczyk Cash Grant. The email indicated that you were chosen to receive a large cash grant from Mavis Wanczyk. All the lucky strangers receiving the emails had to do was provide personal information in order to qualify for the grant. In addition, phony social media accounts on Twitter, Facebook and Instagram were also set up in Ms. Wanczyk’s name through which people were contacted with the same phony offer of free money informing them that in order to qualify for the grant they merely needed to provide personal information.
Phony Mavis Wanczyk Instagram accounts continue to pop up as quick as Instagram learns about them and takes them down.
Another version of the Mavis Wanczyk lottery scam that victimized a Scamicide reader started with a text message purportedly from Mavis Wanczyk informing the targeted victim that she would give $15,000 to the targeted victim. All the victim had to do was pay some fees. After paying $3,786.68 through untraceable Bitcoin cryptocurrency, the victim still had not received anything who was then prompted to send an additional $300 for expedited delivery of his check. After paying that amount, the scammers still had not sent anything, but did demand access to the victim’s Facebook account. Finally, the greedy scammers even threatened to turn in the victim to the FBI unless they were paid $500. It does take quite a bit of gall for criminals to threaten victims with reporting them to law enforcement, but gall does not appear to be in short supply when it comes to scammers.
TIPS
It is difficult to win a lottery you have entered. It is impossible to win one that you have never entered and neither lottery winners, nor anyone else is sending out messages through the Internet offering free money to anyone who responds with personal information. Never give out personal information that can make you vulnerable to identity theft unless you have absolutely verified that the party requesting the personal information is legitimate and has a legitimate need for the information. Also never pay anything to a lottery claiming you owe fees in order to claim your prize. This is a telltale sign of a scam. No legitimate lottery requires the payment of a fee to collect your winnings or requires you to pay the lottery income taxes on the prize. While income taxes are due on lottery winnings, those taxes are either deducted by the lottery sponsor before giving you your prize or the prize is given to you in full and you are responsible for the payment of any taxes. No lottery collects taxes on behalf of the IRS.
You should never give anyone access to your social media accounts because scammers use your account to scam others who trust you and fall for scams that appear to come from you.
Finally and most importantly, remember neither Mavis Wanczyk nor any other lottery winner is giving away money to strangers.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it indicates “Sign up for this blog.”