Scam of the Day
Scam of the day – May 4, 2023 – Danger of E-Skimming
Regular readers of Scamicide are certainly familiar with skimmers which are devices installed on ATMs and credit and debit card processors that steal information from credit and debit cards thereby enabling criminals to use that information to make charges on those cards. The increased use in recent years of cards with chip technology has dramatically decreased the amount of fraudulent purchases made through stolen credit and debit card information because the chip card creates a new authorization number each time the card is used thereby negating the value of skimming a credit card with a computer chip.
Chip card technology, however, offers no protection when credit and debit cards are used for online purchases. The FBI has warned about what it calls E-Skimming which occurs when criminals infect the websites of businesses and government agencies with malware that allows the criminal to steal credit card and debit card information and then use it to make charges using the victim’s credit card or debit card.
TIPS
There are many steps that businesses and government agencies should take to protect their sites from this type of crime. They should update their security software with the most recent security updates; change default login credentials on their systems; segment their network systems to limit access by criminals and educate their employees to the dangers of phishing and spear phishing emails because it is through these phishing and spear phishing emails that most malware is delivered. A good rule for us all to follow is to never click on links in emails unless you have absolutely confirmed that the email is legitimate.
What, can we as consumers do, however, to protect ourselves from becoming a victim of E-Skimming?
First and foremost, while it may be more convenient to leave your credit card on file with an online retailer you regularly use, this is not a good thing to do because it leaves you more vulnerable to having your credit card data stolen in the event of a data breach and as we all know, data breaches are and will continue to be very common.
Consumers should refrain from using their debit cards for anything other than as an ATM card. Use a credit card for all of your card purchases to achieve greater consumer protection. The holder of a credit card used for fraudulent purposes cannot be assessed more than $50 for such use and most credit card companies charge nothing. However, the potential liability of a person whose debit card has been compromised can reach his or her entire bank account tied to the card if the card owner does not report the crime promptly and even if the card owner does report the theft promptly, the debit card owner’s access to his or her own bank account is frozen while the bank investigates the crime.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – May 3, 2023 – The Danger of Facebook Farming
Many of you may not be familiar with the term “Facebook farming”, but we have all seen Facebook postings urging us to click that we “like” them. Sometimes it is an emotional appeal to show support for a sick child. Sometimes it is to show support for a political message. Often what appears to be a familiar company promises a chance at a substantial prize merely for liking or sharing a post.
While some of the postings described above urging people to click on links or share the posting are legitimate, unfortunately often they are not. Often they are done to take advantage of Facebook’s algorithms that value the popularity measured by likes and shares which causes the posts to appear on the Facebook pages of more people. Although the original content liked or shared may appear sincere or entertaining, the scammers who use this technique, which is called “farming,” then are able to change the content of the post to something entirely different from what was originally shared or liked. This is done for purposes of sending advertising or gathering marketing information, but, at its worst, it also can be used to send malware infected content such as keystroke logging malware that can steal personal information from your computer and use it to make you a victim of identity theft.
TIPS
So what should you do?
Posts that promise some sort of prize for sharing or liking their post are most likely scams. If you think that the posting of a company offering a contest might be legitimate, you should go to the company’s website to find out if indeed it is legitimate or not.
As for the other farming scams, you may wish to be a bit skeptical before automatically sharing or liking a post. You may wish to even do a little research yourself to find out if the posting is legitimate. A 2007 photo of a seven year old Pennsylvania girl with Stage IV cancer posing in her cheerleading uniform has been used numerous times for Facebook farming. Today that girl is a cancer free young woman whose family is understandably outraged that their daughter’s photograph has been abused by scammers through Facebook farming.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – May 2, 2023 – Watch Our for Delivery Scams
Delivery scams have been with us for a long time, however, the pandemic brought a tremendous increase of deliveries by UPS, Federal Express, Amazon of online purchases and this increase continues even as the pandemic wanes. with many of us still finding the convenience of online shopping very attractive. Scammers are always taking advantage of whatever is popular with people so it is not surprising that there are many scams related to deliveries following online purchases.
Many people are reporting receiving text messages that appear to come from UPS or Federal Express indicating that it is necessary for you to update your delivery preferences. In order to do so you are asked to click on a link and provide personal information. Unfortunately, if you click on the link one of two things will happen. Either you will be taken to a page where you provide your personal information to a criminal who will use the information to make you a victim of identity theft or you will download dangerous malware, such as ransomware, merely by clicking on the link.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – May 1, 2023 – PayPal Resolution Center Scam
PayPal is a popular payment service used successfully by many people particularly when making purchases through eBay. However, because it is so popular with the public, it is also popular with scammers who over the years have created numerous PayPal based scams about which I have reported to you in the past. Many of the scams involve phony invoices that lure you into clicking on malware infected links or providing personal information that is used to make you a victim of identity theft.
Today’s Scam of the day is one that has been around since 2018, but is resurfacing, as many scams do. It starts with a phony email purporting to be from PayPal that indicates that PayPal is investigating a payment reversal due to your receiving an unauthorized payment due to a transaction error. You are directed in the email to click on a link to login and access your PayPal Resolution Center. Don’t do it! Clicking on the link will take you to a phony PayPal website that will lure you into providing your password and other personal information that will lead to identity theft.
TIPS
Fortunately, this particular scam is easy to avoid. You should start out by being aware that this scam is active and remembering my motto, “BS – Be skeptical.” The easy way to avoid this scam is to never log into your PayPal account through a link in an email because to do so may merely take you to fake email account. Always access your PayPal account independently through your browser.
Legitimate emails from a company with which you do business would include the last four digits of your account and include your name rather than just your email address. Often these emails have neither.
Other telltale signs that this is a scam is that the email address of the sender has no relation to PayPal, but is merely the email address of someone whose email account was hacked and made a part of a botnet to send out these phishing emails. Also, merely because the email may contain a PayPal logo does not mean that the email is legitimate. It is easy to counterfeit a PayPal logo.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – April 30, 2023 – Watch Out for “Juice Jacking”
The colorful term “juice jacking” was first used in 2011 to describe the danger of data theft when you use a public charging station to recharge your phone or other mobile device. In 2019, the Los Angeles District Attorney issued a warning about the dangers of charging your phone at the USB chargers commonly found at airports, hotels and other public locations. More recently, earlier this month both the FBI and the Federal Communications Commission issued warnings about juice jacking. The problem with juice jacking is the fact that information is transferred between your smartphone and the charger as soon as you plug your cellphone into the charging station you are using to recharge your cellphone.
Among the information that is transferred is the name of your device, the manufacturer and model, serial number, firmware information, file system and electronic chip ID which would all be shared with a computer that you may be using to recharge your phone. And while this information may seem to be innocuous, this information is sufficient for a sophisticated hacker to use to gain much further information from your cellphone that could be used to your detriment. As for the charging stations at airports and elsewhere, they can be either infected with malware or be a fake charging station with the sole purpose of infecting your cellphone. Once you plug your phone into one of those already infected charging stations or a totally phony charging station, it can install and delete applications, including stealing your data or installing malware such as ransomware. Fortunately, however, the risk of having your information stolen through a malware infected public charger is not as bad as it used to be because the cell phone manufacturers have improved the security of their phones. Unfortunately, the technology used by criminals to hack public charging stations is easy to obtain and at little cost.
TIPS
So what can you do? Obviously, you should never use a strange computer to recharge your phone. The risk is too great. As for charging stations, it is better to be safe than sorry, so I advise that you avoid public charging stations and instead bring your own USB charger that you merely have to plug into an AC outlet rather than use any public charging station. This simple solution will solve any problems involved with juice jacking.
Make sure that your cellphone is secured with a password, fingerprint or iris scanners and do not unlock the cellphone while it is charging. Always protect the data on your cellphone with encryption programs and finally, use security software programs for your cellphone and make sure that it is updated with the latest security patches.
If you do decide to use a USB charger such as found at airports and other sites, watch your screen when you plug in your phone because phone makers have updated their technology such that you will immediately see a prompt asking if you want to trust the charger. The answer to that question is a resounding NO.
Scam of the day – April 29, 2023 – FTC Taking Action Against Robocallers
Over the years I have written numerous times about the problems presented by robocalls and with good reason. Automated robocalls which, for commercial purposes, are illegal, are the number one consumer complaint reported by the public to the Federal Trade Commission (FTC) at a cost to consumers of billions of dollars each year. Robocalls are used by scammers to perpetrate a wide variety of scams. The ease by which illegal robocalls may be made by computers using Voice over Internet Protocol (VoIP) accounts for much of the problem. Most of the robocalls received in the United States originate overseas.
In an effort to stop these overseas VoIP calls the FTC is taking action against the VoIP service providers here in the United States and warning them that they must stop their services from being used to bring illegal robocalls into the United States. The FTC and its partners in law enforcement have identified 24 service providers responsible for routing and transmitting illegal robocalls during the last two years. The FTC then contacted these service providers and demanded that they stop their services from being used for illegal robocalls. To date 22 of the 24 have cooperated and one of the remaining uncooperative service providers is presently subject to an FCC law enforcement action.
TIPS
The actions of the FTC is reducing the number of robocalls originating outside of the United States. However, there also are a number of options we all have for preventing robocalls including a number of apps that for free or a small fee will reduce and, in some instances prevent, robocalls.
Samsung’s SmartCall informs you if the call you are receiving is from a known robocaller. This feature is available with newer Samsung Galaxy phones. Here is a link to information about SmartCall and instructions as to how to activate this app. https://www.samsung.com/global/galaxy/apps/smart-call/#:~:text=The%20Smart%20Call%20function%20lets,Suspected%20to%20be%20spam
Google also has a spam blocker that will warn you when you are receiving a robocall and your screen will turn red. Here is a link to information about the app and how to install it.
https://play.google.com/store/apps/details?id=com.google.android.dialer&hl=en
AT&T also offers free apps to block robocalls on iPhones and Android phones. Here is a link to information about these apps.
https://www.att.com/features/security-apps.html?partner=LinkShare&siteId=TnL5HPStwNw-yrUS1uDw9WGvN._xt67yew&source=ECay0000000CEL00O
Verizon’s CallerName ID is a free service for iPhones and Android phones that will alert you to suspected robocallers. Here is a link to Verizon’s app.
https://www.verizonwireless.com/solutions-and-services/caller-name-id/
T-Mobile offers a free scam blocker of known robocallers for Android phones which you can activate by merely dialing #662#
Sprint offers a paid service to protect your iPhone or Android phone from robocalls. For more information, use this link
https://www.sprint.com/en/landings/scamprotection.html
Finally, you can just choose to ignore any calls that come from numbers you do not recognize. This is a good option. If they are legitimate calls, they will leave a message and you can call them back.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – April 28, 2023 – LinkedIn Job Scams Getting Worse
LinkedIn is the world’s largest professional network and, as such, has long been attractive to scammers seeking to piggy-back on the sites good reputation. Recently the number of job scams being found on LinkedIn has increased dramatically. A recent development is scammers using the name of legitimate companies that are hiring and approaching their victims through LinkedIn’s direct messaging feature. They then create counterfeit websites that look like the websites of the legitimate companies they are posing as and ask the job seekers for personal information as part of the hiring process before holding a job interview by Skype. The personal information which may include the job seeker’s Social Security number is used for purposes of identity theft. They also may ask for money or your credit card number to pay for background investigations or equipment for the company which legitimate businesses do not do. In other instances, the job seeker is required to pay for equipment or training which the scammer promises to reimburse, but, of course, the money is never paid back. Making the problem even worse is the use of AI to make the photos and websites even more legitimate appearing.
TIPS
Although LinkedIn, Indeed and other websites that carry job postings try to identify and either prevent or remove phony ads from appearing on their websites, you cannot depend on these companies to fully protect you. Trust me, you can’t trust anyone. Certainly a little skepticism helps when you see a job posting for a job that sounds too good to be true. Ads that ask for you to pay upfront costs for any reason should be considered to be a scam as well as any company that requests your credit card information for any reason whatsoever.
To check on the legitimacy of photographs in these ads you can do a reverse image search using Google or websites such as tineye.com. You can also check to see if the wording of the advertisement has been used elsewhere by merely copying a substantial amount of the text into your search engine and see what comes up. Also, research the company itself to determine if it is a legitimate company. Check out the website of the company supposedly offering you a job to see if the legitimate company is offering such a job. Make sure you are using a domain name that you have confirmed is legitimate and not just the one contained in the email sent to you by the scammer. If the job doesn’t appear on the real company’s website, you know it is a scam. It also is a good idea to confirm any job offer you might receive with the HR department of the real company before providing personal information such as your Social Security number.
You also can use the website whois.com to compare the URL of the company that is hiring to see if it really is legitimate. Whois.com will tell you who actually owns the website and how long it has been active. In the case of a scammer’s website, the website may be owned by an entity unrelated to the company and often has only recently been created.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – April 27, 2023 – Google Voice Code Scam
Today’s Scam of the day was sent to me by a Scamicide reader who listed a small item for sale on Craigslist along with his cell phone number for people to contact him. Someone responded to his ad through a text message in which they indicated that they were interested in purchasing the item but wanted to verify that the Scamicide reader was a real person by having the Scamicide reader send a 6 digit code that the Scammers would send in a separate text message. The Scamicide reader’s Scamdar (a word I invented to describe when you are suspicious of a scam, similar to radar) was activated and he did not provide the 6 digit code which was a good thing because the person answering the advertisement was indeed a scammer.
The scam involves the Google Voice/Google Phone service which is a free phone number provided to you by Google. Calls to that number are forwarded to your cell phone. In order to set up a Google Phone number you need to provide your phone number for verification purposes. Google then texts or calls you with a 6 digit code that you must enter online to finish the process. The good news is that if you fall for the scam and send the 6 digit code to the scammer, you won’t lose any money, however, you can be sure that a scammer will be using your phone number to perpetrate scams and hide his or her tracks.
TIPS
If you do fall for the scam, you need to get your personal number back. This is a somewhat complicated process. Here is a link that takes you to the instructions found in the Google Voice Help Forum. https://support.google.com/voice/thread/845902?hl=en
A good rule to remember to avoid this problem is to never enter any 6 digit code on calls or text messages from Google unless you have initiated the process and requested that your number be used for your Google Voice Account.
Scam of the day – April 26, 2023 – Facebook Messenger Scam
A variation on an old Facebook scam has recently resurfaced. In the new scam you receive a Facebook Message that merely says “look what I found” and is followed by a link that leads you to a website where you are prompted to provide personal information that will be used to make you a victim of identity theft. Alternatively, merely clicking on the link, in some instances, has downloaded destructive malware to your phone, computer or tablet.
This new scam is a variation of one about which I have written about previously in which you receive a Facebook Message that contains a video and the words “Is it you in the video” as a prompt to get you to click on the video which either takes you to a website where you are prompted to provide personal information that will be used to make you a victim of identity theft or, again, merely by clicking on the link, you will download malware.
TIPS
Remember my motto, BS – Be skeptical. Whenever you get a Facebook message, email, or text message you can never be sure who is really contacting you. The “friend” you think is communicating with you may well be a criminal who has managed to hack your friend’s Facebook account, email account or phone and use these accounts to send out phishing messages that lure you into clicking on infected links. Never click on a link unless you have absolutely confirmed that it is legitimate.
In the case of this particular Facebook Messenger scam, instead of clicking on the link or providing your user name and password, you should contact your real friend to determine if they sent the message to you. Additionally, it is always a good idea to use dual factor authentication whenever possible for all of your online accounts so that if somehow you are tricked into providing your user name and password, the criminal still wouldn’t be able to gain access to your account. Here is a link to information about setting up dual factor authentication on your Facebook account. https://www.facebook.com/help/148233965247823
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – April 25, 2023 – Danger of Pop-Up Ads
Pop-up advertisements that appear on your phone, computer or other device are considered by many people to be merely a nuisance, but they can also, in some circumstances, present a serious threat to your well being. While often the pop-up ads may be legitimate advertisements, they also can lure you into clicking on links and being directed to websites that either convince you to provide personal information that can be used to make you a victim of identity theft or, in a worst case scenario, merely by either clicking on the link or being redirected to another website, you may unwittingly download malware such as ransomware or keystroke logging malware that can steal from your phone or computer sensitive personal information that can be used to access your bank account or make you a victim of identity theft in other ways.
Part of the problem is that many of these pop-up ads appear on websites that you trust, which is because the advertising on legitimate websites often originates with third party advertising companies that may not properly screen the advertising that they accept. A few years ago the Equifax website was infected with a phony Adobe Flash update pop-up that when clicked on downloaded malware.
TIPS
The major browsers such as Google Chrome, Bing, Internet Explorer and Firefox all permit you to adjust your settings to eliminate pop-up ads from appearing and I can personally attest that adjusting your browser settings to avoid pop-up ads can be very effective. Unfortunately, the software used by these browsers as well as specific ad blocker apps is never going to be fully effective at blocking all pop-up ads. Malicious pop-ups that take advantage of newly discovered vulnerabilities will always be a problem, however if you adjust your browser settings to avoid pop-ups and keep your phone and computer security software updated with the latest security patches, you will go a long way toward keeping yourself safe.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”