Scam of the Day
Scam of the day – April 24, 2023 – New Medicare Card Scam
For many years Medicare used a person’s Social Security number as his or her Medicare number which put Medicare recipients in serious danger of identity theft, Medicare resisted changing the Medicare number to a safer random number for many years. Finally, in April 2018, new cards began being sent by regular mail to all 60 million Americans enrolled in Medicare and since 2020 the switch over to new more secure Medicare card numbers was complete.
But this has not stopped identity thieves. Many older Americans are receiving emails or phone calls purporting to be from Medicare either offering new plastic cards to replace their paper cards or new Medicare cards with microchips. All the targeted victim has to do is merely verify their Medicare number. And while your Medicare number is no longer your Social Security number, giving it to an identity thief can cause you substantial problems when you try to access Medicare as well as cost the American taxpayers millions of dollars.
TIPS
It is easy to determine when you receive a phone call, email or text message from Medicare. They don’t contact you by email, text message or by phone so anytime you are contacted in this manner, you can be confident it is a scam. As for phone calls purporting to be from Medicare, you should never provide your Medicare number, Social Security number, credit card number or any other personal information to anyone who calls you on the phone because you can never be sure they are legitimate. Even if your Caller ID indicates the call is from Medicare, the IRS or some other legitimate organization, through a technique called “spoofing” your Caller ID can be tricked into making it appear that the call is legitimate.
The real Medicare also will not contact you and ask you to verify your Medicare number and there are no new plastic cards or Medicare cards with microchips. If you get a call asking for personal information that appears legitimate, merely hang up and call the company or agency at a number that you independently know is legitimate to find out the truth.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – April 23, 2023 – Facebook Privacy Settlement
Let’s start out by stating that the class action settlement that you may have heard about between Facebook and a group representing all Facebook users between May 2007 and December 2022 is not a scam. The class action relates to Facebook’s negligence in allowing Cambridge Analytica access to personal information of Facebook users which Cambridge Analytica used to produce voter profiles which the company used on behalf of former president Donald Trump’s 2016 campaign.
Anyone who used Facebook in the United States between May 2007 and December 2022 is eligible to claim a share of the 725 million dollar settlement. Your share, however, is likely to be quite small considering that lawyers’ fees most likely will be approximately 181 million dollars and with 200 million people using Facebook, the amount individual Facebook users will get will undoubtedly be little. The exact amount that claimants will receive is dependent upon how many people actually file claims. If you do not file a claim, you will not receive benefits pursuant to this settlement. Many people are expected not to bother since the amount they will receive will be so low. The deadline for filing a claim is August 25th and the settlement itself still requires court approval. A court date for approval by the Federal District Court for Northern California is set for September 7th.
So where is the scam? You can expect that there will be scammers setting up phony settlement websites in which they seek personal information that they can use for purposes of identity theft.
TIPS
If you do decide to claim a share of the settlement, the only website to use to make that claim is https://facebookuserprivacysettlement.com/#submit-claim You will note at this official site, you are not asked for your Social Security number or a credit card number. The site allows you to determine how you want your payment to be made. One of the option is to have the payment made directly to your bank account which would require you to provide your banking information. Frankly, I may be a bit paranoid, but I don’t see the upside to doing this. The simplest way to get your payment is to take it as a prepaid MasterCard in which case you do not have to provide any sensitive information.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – April 22, 2023 – Home Buying Scam Costs Family $160,000
I have been reporting to you about this particular scam preying upon home buyers for seven years, however since the start of the Coronavirus pandemic in 2020 this scam has gotten worse. Scammers have been quick to take advantage of so much of home buying and selling being done virtually with Zoom meetings replacing in person meetings, online home tours and digital signing of documents with states even allowing notarizations to be done online.
Four years ago, the Consumer Financial Protection Bureau (CFPB) issued a warning about the scam and its dramatic increase. The scam targets people involved in the purchase and sales of residential real estate. The scam begins with the hacking into the email accounts of any of the various people involved in the sale. This can be either the buyer, seller, lawyers, title company, real estate agent or mortgage banker. Unfortunately, hacking into email accounts is a relatively easy thing for a skilled identity thief to do. The hackers then monitor the communications regarding the progress of the sale of a particular piece of real estate and when the time is right, generally posing as one of the lawyers, title company or bank mortgage officer, the scammer will email the buyer, telling him or her that funds necessary to complete the sale need to be wired to the phony lawyer’s, title company’s or banker’s account provided in the email. Everything appears normal so unsuspecting buyers too often are wiring the money to the cyberthieves who then launder the money by moving the funds from account to account to make it difficult to trace the funds.
Earlier this year in Ohio, Maverick Sun and his wife Emily Sun were scammed out of $160,000 when the responded to an email from a scammer posing as their title company requesting that they wire money to the scammers posing as the title company which the Suns did. It wasn’t until the next day that the Suns learned that they had been scammed. The story may have a happy ending, however, as Chase, the bank where the funds were wired to, flagged the account as fraudulent and froze the account. However, six months later, the funds have not been returned to the Suns. Chase has indicated that they are still investigating the incident.
TIPS
Even if you are not involved in buying or selling a home, it is always a good idea to protect your email account from being hacked. This means having a strong password and security question. You can find information about how to pick strong passwords and security questions here in the Scamicide archives as well as in my book “Identity Theft Alert.” Maintain good anti-virus and anti-malware software on all of your electronic devices including your computer as well as your cellphone and keep your security software up to date with the latest security patches as soon as they are made available. Don’t click on links in emails or text messages that may contain malware that can steal your personal information from your electronic devices.
Also, enterprising hackers are able to change passwords of their intended victims by answering a security question and then being able to change the victim’s password and take over the account. This was what happened years ago to Sarah Palin when a hacker answered the security question for her email account and was able to change the password and take over the account. Her question was where did she meet her husband and the answer was Wasilla High School which was found by the hacker by going to Sarah Palin’s Wikipedia page.
You may think that you are not famous and that information to answer your security question is not readily available, but you might be surprised by both how much personal information you and others post about you on social media that could be used to provide the answers to you security questions as well as the wide array of information about you that is available online such as your mother’s maiden name which is a common security question. The solution to this problem is simple. When you initially set up your security question, use a nonsensical answer. Thus the answer to your mother’s maiden name question could be “firetruck.” It is silly enough for you to remember and no hacker will ever be able to guess it. You should also use dual factor authentication whenever possible to provide a much greater level of protection even if your password is compromised, such as through a data breach.
Don’t use public WiFi for any financial or business purposes. Use a virtual private network to encrypt your data when using your electronic devices in public. Never provide personal information in response to an email regardless of how legitimate it may appear until you have independently confirmed that the email is legitimate.
Finally, whenever you are asked through an email or text message to wire funds as a part of a real estate or other business transaction, don’t do so until you have confirmed that the request and the account to which you are being asked to wire the funds are legitimate. Appearances can be deceiving so always confirm. It may seem a bit paranoid, but remember, even paranoids have enemies.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – April 21, 2023 – Pig Butchering Scammers Thwarted
I have been warning you about romance scams for many years. More recently, I have been warning you for the last few years about the myriad of scams involving cryptocurrencies such as Bitcoin. In the last couple of years a new scam combining the romance scam and cryptocurrency scams has surfaced.
Romance scams generally follow a familiar pattern with the scammers establishing relationships with people, generally women, online through various legitimate dating websites and social media using fake names, locations and images. The FBI has issued a warning about a new trend in romance scams in which the scammer tells his victim that he or she has inside knowledge about cryptocurrency investing and directs the victim to a phony website that purports to be a legitimate cryptocurrency trading site. Not long after “investing” in the cryptocurrencies provided, the victim soon finds that there is no investment and that she or he has lost all of the invested money. This scam originated in China in 2019 and is called sha zhu pan or pig butchering in English. The name is derived from the practice of luring in victims, “fattening them up” by convincing them to continually “invest” more money and then stealing all of the money.
The scammers initially contact their victims on dating or social media apps and pretend to develop a close relationship. After a while the scammer informs the targeted victim that he or she is making a lot of money investing in cryptocurrencies and suggests the victim download and use a cryptocurrency app used by the scammer. Generally, the victims are lured into investing more and more money by what appears to be both dramatic increases in the value of their account and their ability to withdraw some of their profits. However, once the victim has been persuaded to invest larger and larger sums of money, the scammers steal the money and the victim is left with nothing.
You might be surprised to learn that typically the victims of this scam are highly educated people. Unfortunately, they also are targeted because they may have also recently gone through a divorce or some other personal difficulty. While the victims are people of all ages, most victims are anywhere from their mid-30s to their early fifties with the average loss per victim averaging $121.926.
Recently, the Justice Department seized cryptocurrency accounts of pig butchering scammers worth approximately 112 million dollars. According to Assistant U.S. Attorney General Kenneth Polite, Jr. these funds will now be returned to victims of the scammers. While in many instances, tracing cryptocurrency transactions can be difficult, it is generally not impossible and the FBI has had a number of recent successes in retrieving funds paid to scammers through cryptocurrencies.
TIPS
It is important to remember that you should never invest in something that you do not completely understand. This was a mistake that many of Bernie Madoff’s victims made. Cryptocurrency scams quite often involve complicated language and investment terms that is purposefully unclear in an effort to confuse potential investors from understanding the real facts. You also may want to check out the SEC’s investor education website at www.investor.gov. Scammers can be very convincing and it may sound like there is a great opportunity for someone to make some money, but you must be careful that the person making money is not the scam artist taking yours.
Also, the apps used in the pig butchering scam may appear to be legitimate, but they are not found on official app platforms such as Google Play or the Apple App Store. Do your homework before investing in cryptocurrencies and only do business with well established cryptocurrency exchanges. Never invest merely because of the recommendation of someone you may have met online.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – April 20, 2023 – Verified Social Media Account Scam
Posing as a famous person on social media such as Facebook, Twitter and Instagram is quite simple to do and has proven to be quite lucrative for many scammers who are able to convince unsuspecting victims to rely on the phony accounts.
Setting up a social media account is easy to do for a scammer requiring merely a name, a photo and an email address, all of which can be done to make it appear that the account is that of the real celebrity when, in truth it is that of the scammer. Sometimes the scammer will add a middle initial or a slight misspelling of the name of the celebrity to avoid detection as may have been the case with this particular Ellen DeGeneres scam. Despite the efforts of the various social media companies to try to stop this practice, it continues in great numbers. Facebook estimates that there are as many as 60 million phony Facebook accounts including hundreds of its founder Mark Zuckerberg. It tries to remove the accounts when it becomes aware of them, but they spring up soon again.
To combat this scam Twitter, Facebook and Instagram have all set up verification programs that provide for verification that the account is a legitimate one and then provide a badge or other symbol to indicate to everyone that the account is indeed a legitimate account. Now scammers are taking advantage of this and sending messages or emails that purport to come from Twitter, Facebook or Instagram indicating that there is a problem with your status and that unless you appeal, you will lose your verified account status. A link or download is provided for you to start the appeals process, but if you click on the link or download the attachment you will end up downloading malware that will steal your data from your device and put you in jeopardy of identity theft.
TIPS
As always, whenever you get an email, text message or a DM on your social media account you can never be sure who is actually contacting you and so you should never click on a link, download an attachment or provide personal information unless you have absolutely confirmed that the communication is legitimate. Twitter, for example never sends emails with attachments. If you get such a communication and believe that it may be legitimate, your best course of action is to contact the particular social media directly at an email address that you know is accurate to determine if the communication was legitimate. You should also review the terms and conditions of the particular verification program for the social media where you have a verified account. They differ from social media to social media.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – April 19, 2023 – Scammers Are Hacking Your Phone
When I first started Scamicide more than ten years and more than 4,000 Scams of the day ago, I wondered if I would run out of scams and identity theft schemes to discuss, but I am totally convinced that unfortunately there is no end to scams and while many scams are tried and true scams that continue to be prevalent, there also are new scams and identity theft schemes constantly appearing. This is the situation with today’s Scam of the day. It involves scammers hacking into your phone and using it to access your apps. I was prompted to write about this when someone told me about their phone number being used to access their CVS coupons. The problem isn’t with CVS, however, the problem is with us. CVS, like many companies have apps you can use to make your shopping experience easier and therein lies the problem. Sophisticated scammers can access your phone remotely and then gain access to your apps to steal data and use your apps.
Regardless of whether you have an iPhone or an Android phone, your phone can be hacked and accessed remotely. Like so many scams, one way they install the spyware to let them access your phone is by luring you to click on an infected link in a phishing or spear phishing email or text message. In other instances the spyware is found in Trojan Horse apps that you download thinking they are a legitimate app, but not realizing the real purpose of the app is to get you to download the spyware that is a part of the otherwise innocuous appearing app.
TIPS
Start off by checking your phone for apps. Sometimes a spyware app may be downloaded on your phone about which you are unaware so go through your apps and delete any that you do not recognize or regularly use. If you think that you may have had your phone hacked, start by checking your activity on all of your apps to see if there is activity that you did not personally
A cardinal rule for cybersecurity on all of your devices is to never click on a link or download an attachment to an email or text message unless you have absolutely confirmed it is legitimate. Also, it is a good practice to only download apps from the major app stores and while they cannot guarantee that there are no bogus apps, they do a pretty good job of screening the apps that they offer.
Finally, and most importantly, install good anti-virus software on your phone to prevent such spyware from being installed. Although both Androids and iPhones have some level of security built into their operating systems, it is not enough for truly safe phone use. Here is a link to some good anti-virus apps for Android phones. https://www.tomsguide.com/best-picks/best-android-antivirus and here is a link to some good anti-virus apps for iPhones https://www.techradar.com/best/best-iphone-antivirus-app
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – April 18, 2023 – Hackers Stole More than 721 Million Passwords in 2022
Passwords are the key to accessing a myriad of your accounts, from Amazon to your bank to any company with which you do business online. Password security is obviously critically important, however, unfortunately, regardless of how protective you are as to the privacy and security of your passwords, you are only as safe as the places with the weakest security that have your passwords. Recently researchers found that 721.5 million passwords were compromised online in 2022 with most of these being stolen in data breaches of companies and then sold in batches to criminals on the Dark Web, that part of the Internet where criminals buy and sell goods and services.
Your passwords will be compromised. It is only a matter of when and how many.
So what can you do?
TIPS
First and foremost you should have a strong, unique password for each of your accounts so that even if your password is compromised at one account, it will not make all of your other accounts vulnerable. One way to do this is to use a password manager. If you are interested in using a password manager, here is a link to an article from PC magazine that compares many of the legitimate password managers available to you. https://www.pcmag.com/picks/the-best-password-managers
If you do decide to use a password manager, you should remember not to use your password manager master password for any of your other accounts. You also should use dual factor authentication so that even if someone were to gain access to your password manager master password, your password manager account could not be accessed.
In 2018 researchers at Aalto University and the University of Helsinki discovered security flaws affecting the technology used by all of the password managers. The researchers disclosed their findings to the affected companies which took steps to remedy the problem, but the bottom line is that while using a password manager is helpful, it will always be a target of hackers and you may be more comfortable using unique, complex passwords for each account that you can readily remember without using a password manager. This is not as difficult as it sounds as you will read below.
If you would like to use the helping hand you find at the end of your own arm and generate unique, complex passwords for each of your accounts that are easy to remember, here is a strategy that is very effective. You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords that has capital letters, small letters and a symbol, add a few symbols at the end so it may read IDon’tLikePasswords!!! and then adapt it with a few letters for each particular account you have so that you will have a secure and easy to remember password for each of your online accounts. Thus, your Amazon password could be IDon’tLikePasswords!!!AMA.
Finally ,since it is inevitable that some of your passwords will be compromised, you should use dual factor authentication on all of your accounts so that even if someone manages to get your password, they will not be able to access your account.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – April 17, 2023 – Credit Repair Scams
Last June I told you that the Federal Trade Commission (FTC) civilly sued Michael and Valerie Rando and their company The Credit Game for operating a bogus credit repair scheme. Credit repair scams are very common as scammers take advantage of people with debt problems and promise to fix their credit and clear their credit reports of adverse information for up front fees.
Your credit report is one of the most important documents in your financial life. The information in your credit report as maintained by the three major credit reporting agencies, Equifax, TransUnion and Experian is used to calculate your credit score. This is used by financial institutions to evaluate your creditworthiness and can affect your ability to get a credit card, mortgage loan or a car loan. It also can affect the rate that you will be charged on such loans. In addition, your credit score is used in many states by companies in making hiring decisions and landlords consider credit scores when determining whether or not to rent an apartment or home to someone.
In its lawsuit the FTC alleged that the Randos and their company illegally charged consumers thousands of dollars for worthless and illegal credit repair services including filing false identity theft reports. The Randos also charged their customers upfront fees of thousands of dollars for their credit repair services which violates the Credit Repair Organizations Act (CROA), At the FTC’s request the Florida Federal District Court initially issued a temporary restraining order halting their operation and freezing their assets.
Last December I told you that the Randos and their company had agreed to a settlement of the lawsuit brought by the FTC. Under the terms of the lawsuit the Randos are permanently barred from the credit repair service business and must turn over substantial assets to the FTC to be used to provide refunds to the Randos’ victims. I will report to you when the refunds will be made. While the FTC trumpeted this settlement as a major victory, it should be noted that the claims brought by the FTC were civil in nature and not criminal. Therefore the Randos, while suffering financially through the settlement totally avoided any jail time although the cheated many people.
TIPS
Don’t fall prey to scammers operating phony credit repair companies and never pay an upfront fee to one of these companies. Advance fees for credit repair companies that operate for profit are banned by the Credit Repair Organizations Act.
Negative information on your credit report remains on your credit report for seven years and bankruptcies for ten years. Anyone who tells you otherwise is just trying to scam you. Many of the scam credit repair companies use illegal tactics such as applying for a federal employer ID to use as your Social Security number when applying for credit. This is illegal.
If you need real credit counseling you can go to this section of the Department of Justice’s website where it lists agencies approved to assist consumers with debt problems. https://www.justice.gov/ust/list-credit-counseling-agencies-approved-pursuant-11-usc-111 You also may consider contacting companies that are affiliated with the National Foundation for Credit Counseling at this link https://www.nfcc.org/
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – April 16, 2023 – Update on Change of Address Scam
In March 7th’s Scam of the day I warned about the danger of identity theft that occurs when criminals steal your mail from your mailbox. Among the dangers of mail theft are criminals gathering personal information contained in your mail to set up accounts in your name or getting your credit card bill and using the information in your bill to access your credit card. However, sometimes criminals don’t even have to steal your mail, they can get the United States Postal Service (USPS) to deliver your mail directly to the criminal by submitting a change of address form with the post office on your behalf either in person or online that results in your mail being sent directly to the criminal.
One of the ways that the Postal Service tries to prevent this type of fraud is by sending a letter to your old address confirming that you wanted your mail sent to a new address, however, this can be circumvented by clever scammers who merely submit a form to the post office on your behalf to hold your mail, as many people do when they are on vacation, which enables the scammer to get extra time before the scam is discovered. Other times, the identity thieves will steal the notice from your mail knowing it is coming.
Making the problem worse is the fact that despite a recommendation from the USPS Office of Inspector General back in 2018 to require some form of identification be presented when someone submits a change of address form, the USPS still does not do so making it extremely easy for an identity thief to perpetrate this crime.
Now, New Jersey Congressman Josh Gottheimer is taking action to remedy this problem. He has sent a letter to the Postmaster General demanding answers as to how the Postmaster General is going to deal with this problem. Congressman Gottheimer also included in his letter some common sense proposed changes to the present system including requiring a government issued ID in order to change an address, dual factor authentication when address changes are attempted to be made online and the ability for people to freeze address changes just as you can freeze your credit. All of these proposed changes make a lot of sense.
TIPS
Certainly if you get a notice that a change of address form has been filed on your behalf and you have not filed such a form, you should contact the United States Postal Service immediately. Also, if you fail to receive any mail whatsoever for a couple of days, it is important to contact the post office to make sure that no one has changed your address. Remember, even paranoids have enemies.
Another step you can take to protect your mail is to enroll in the Informed Delivery Program. The Informed Delivery Program is a free service of the U.S. Postal Service that will send you an email each morning with images of the mail you will be receiving later that day. In this way, if someone were to have changed your address, you would be alerted to it right away. Here is the link where you can sign up for Informed Delivery https://informeddelivery.usps.com/box/pages/intro/start.action
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – April 15, 2023 – Phony Bank Text Message Scams
Phony text messaging, called smishing, which purport to be from your bank is a scam about which I have been warning you for years, but appears to be a scam that is dramatically increasing. Recently, I received a text message that appeared to come from Citizens Bank which read “Account on hold: Reason unverifiable profile. Please update your profile below immediately to avoid blockage.” A link then appeared in the text message that had no obvious connection to Citizens Bank.
Phony text messages like this can be particularly problematic if you have signed up to receive text message alerts from your bank. Whenever you receive a text message you can never be sure who is really sending it to you, so you should never call a telephone number indicated in the text message, provide information or click on links in such text messages which may either download ransomware malware on to your phone or keystroke logging malware that can lead to your becoming a victim of identity theft.
The best course of action when you receive such a text message, if you have a concern that it may be legitimate, is to merely independently contact your bank to determine whether or not the text message was a scam, but be careful that you do not misdial the telephone number of your bank as some scammers purchase phone numbers similar to those of legitimate banks and credit card companies hoping that they will receive calls from unwary consumers who may have merely misdialed the telephone number of their bank or credit card company.
TIPS
Regardless of how official such a text message may appear, you should never provide personal information to anyone in response to a telephone call, email or text message because in none of those situations can you be sure that the person contacting you is legitimate. If you do receive a communication from a bank, government agency or any other person or entity that you think might have a legitimate need for personal information from you, you should call the real entity at a telephone number that you know is legitimate in order to ascertain the truth.
Banks do not call, text or email their customers asking for personal information. You should always be skeptical of anyone asking for such information. Of course, if you receive a text message that appears to come from a bank at which you do not have an account, you can be confident it is a scam. If the text message provides for you to respond to stop future texts, don’t do it. Sending such a message to a scammer merely alerts them to the fact that yours is an active phone number.
Finally, although today’s Scam of the day focuses on phony bank text messages, it is a good idea to sign up to receive text alerts from your bank which can be customized for your own particular needs. In regard to the text message that I received, a close examination of the sender would indicate that it came from “Citizen Bank” rather than “Citizens Bank” which is the name of the legitimate bank (and not one at which I have an account.)
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it indicates “Sign up for this blog.”