Scam of the Day
Scam of the day – April 1, 2023 – SIM Swapping is No April Fools Joke
A Subscriber Identity Module, more commonly known as a SIM card, is an integrated circuit that stores information used to authenticate subscribers on mobile devices, such as a cell phone. The SIM card is able to be transferred between different devices, and often is, when people update into a newer cell phone. SIM Swapping is the name for the crime where someone convinces your phone carrier to transfer your SIM card to a phone controlled by the criminal.
As more and more financial transactions, such as online banking, are now done through cell phones, identity thieves with access to their victims’ SIM cards are increasingly becoming able to intercept security codes sent by text messages for online banking as part of dual factor authentication and thereby providing the identity thief with the opportunity to empty their victims’ bank accounts and cause other financial havoc.
Recently Zena Elisa Dounson and Andrew Percy Trujillo were convicted of SIM Swapping charges. Dounson and Trujillo used the SIM swaps to manipulate the dual factor authentication used by their victims to access their victims’ cryptocurrency wallets.
TIPS
Perhaps the best thing you can do to protect your SIM card from SIM swapping is to set up a PIN or password to be used for access to your mobile service provider account. This will help prevent a criminal from calling your carrier posing as you and convincing your mobile carrier to swap your SIM card to the criminal’s phone merely by providing personal identifying information or answering a security question.
AT&T will allow you to set up a passcode for your account that is different from the password that you use to log into your account online. Without this passcode, AT&T will not swap your SIM card. Here is a link with instructions as to how to set up the passcode. https://www.att.com/esupport/article.html#!/wireless/KM1051397?gsi=9bi24i
Verizon enables customers to set up a PIN or password to be used for purposes of authentication when they contact a call center. Here is a link with information and instructions for setting up a PIN with Verizon. https://www.verizonwireless.com/support/account-pin-faqs/
T-Mobile will allow you to set up a passcode that is different from the one you use to access your account online. This new passcode is used when changes to your account are attempted to be made such as swapping a SIM card. This code will not only protect you from criminals attempting to call T-Mobile and swap your SIM card, but will also prevent someone with a fake ID from making changes to your account at a T-Mobile store. Here is a link to information and instructions for adding a new passcode to your account. https://www.t-mobile.com/customers/secure
Sprint customers can establish a PIN that must be provided when doing a SIM swap, in addition to merely answering a security question, the answer to which may be able to be learned by a clever identity thief. Here is a link to information about adding a PIN to your Sprint account. https://www.sprint.com/en/support/solutions/account-and-billing/update-your-pin-and-security-questions-on-sprint-com.html
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – March 31, 2023 – Critical Apple Updates
It is always important to update all of the software you use with the latest security updates and patches as soon as they are available. Numerous hacks and data breaches could have been avoided if individuals as well as companies installed security updates as soon as they became available. Hackers take advantage of the fact that many of us procrastinate installing security software to our great detriment. The major data breach at Equifax that affected 148 million people involved a security flaw in Apache software for which a patch had already been issued months earlier, but Equifax had not yet installed at the time of the data breach.
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device.
TIPS
Here is a link to Apple’s page with all of the security updates and instructions as to how to install them. https://www.cisa.gov/news-events/alerts/2023/03/28/apple-releases-security-updates-multiple-products
If you use any of the affected Apple devices, it is critical that you install these updates as soon as possible.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – March 30, 2023 – AI Voice Cloning Makes Grandparent Scam Worse
I am sure by now all of you are familiar with the grandparent scam where a grandparent receives a telephone call from someone purporting to be their grandchild who has gotten into some trouble, most commonly a traffic accident, legal trouble or medical problems in a far away place. The caller pleads for the grandparent to send money immediately to help resolve the problem. However the caller also begs the grandparent not to tell mom and dad. One would think that no one would be gullible enough to fall for this scam, but don’t be so hard on the victims of this scam. Scam artists have a knowledge of psychology of which Freud would have been envious and are able to use that knowledge to persuade their victims to send money right away. While this scam has been going on for approximately fourteen years, it continues to victimize people.
But now it is getting worse – far worse.
Through the use of readily available AI voice cloning technology, a scammer can obtain a recording of the grandchild’s voice from YouTube, TikTok, Instagram, Facebook or anywhere else the grandchild might post a video with audio and use that audio to create a call to the grandparent that sounds exactly like that of the grandchild and all it takes is AI voice-generating software and as little as 30 seconds worth of the grandchild’s audio. Recently, Ruth Card of Regina, Saskatchewan was swindled out of 3,000 Canadian dollars by a scammer who used AI voice cloning technology to make a call to Mrs. Card that appeared to come from her grandson, Brandon in which it sounded like Brandon was in jail and needed the money immediately for bail.
TIPS
Scammers often use the nicknames of the grandchildren when speaking to their intended victims. Sometimes they get this information from social media while in other instances they get this information from reading obituaries which may contain the names of grandchildren so merely because the correct name is used in the call is no reason to believe the call. Don’t respond immediately to such a call without calling the real grandchild on his or her cell phone or call the parents and confirm the whereabouts of the grandchild. If a medical problem is the ruse used, you can call the real hospital. If legal problems are the hook you can call the real police. You can also test the caller with a question that could be answered only by the real grandchild, but make sure that it really is a question that only the real grandchild could answer and not just anyone who might read the real grandchild’ s social media postings. Prudent families can also come up with a code word to use in an emergency which a scammer will never know.
Never wire money unless you are absolutely sure about to whom you are wiring the money and it is not a scam. Once you have wired money, it is gone forever. Also, students traveling abroad should register with the State Department’s Smart Traveler Enrollment Program at https://travelregistration.state.gov/ibrs/ui/. This program can help with communications in an emergency situation.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it states “Sign up for this blog.”
Scam of the day – March 29, 2023 – Why You Should Shred Personal Documents
Recently in Minnesota, Cassie Cullen was arrested and charged with crimes related to her alleged stealing documents by “dumpster diving” and using those documents to facilitate identity theft. Much of your trash may be an identity thief’s treasure because of the personal information contained on those documents which can be leveraged by a criminal to make you a victim of identity theft. The best thing you can do to prevent the documents you are throwing out in the trash becoming a gift to identity thieves is to shred documents with sensitive personal information.
TIPS
So what should you shred?
Credit card offers you receive in the mail should be shredded as should old bank statements, old credit card statements, old investment statements, expired passports, old insurance records, old documents containing your Social Security number and tax returns that are more than seven years old. Basically, anything with personal information that you do not currently need or will need in the future should be shredded.
And not any shredder will do. Even paranoids have enemies and merely shredding documents with a horizontal or vertical cut shredder will not offer the protection provided by a cross cut shredder. Keep your trash from becoming an identity thief’s treasure.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it states “Sign up for this blog.”
Scam of the day – March 28, 2023 – Facebook Phishing Scam
A Scamicide reader recently received the phishing email reproduced below which had as the message line “Your F acebook Account is Temporary Blocked (Critical Login Attemp) Please Verification is NEEDED.” This is typical of phishing emails that they attempt to make it appear that there is an emergency that requires your immediate attention. Unfortunately, if you click on the links provided in the email one of two things can happen and they both are bad. Either you will be taken to a legitimate appearing website where you will be lured into providing personal information that can lead to your becoming a victim of identity theft or, even worse, merely by clicking on the link, you will download dangerous malware such as keystroke logging malware or ransomware.
|
|
||||||||||||||||||
|
||||||||||||||||||
|
||||||||||||||||||
|
||||||||||||||||||
|
||||||||||||||||||
|
||||||||||||||||||
TIPS
There are a number of indications that this is a scam, most notably that the email address of the sender has nothing to do with Facebook. Also, while Facebook will attempt to notify you if they believe someone has improperly accessed your account, Facebook does not send out messages like this with buttons that say “Report the user” and “Yes, me.” If you get such a message and think that there is the possibility that it might be legitimate, don’t click on any links in the email. Rather, Go to your Security and login settings on Facebook, click, “Settings & Privacy” then click “Settings” then click “Security and login” and scroll to “See recent emails from Facebook and click “View’ where you will see if a real Facebook email was sent to you.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day- March 27, 2023 – Phony Government Grant Scams
The U.S. Department of Health and Human Services Office of Inspector General is warning the public about an increase of phony grant scams. Recently there have been an increase in scams involving scammers convincing their victims that they are eligible for large government grants if they merely pay a processing fee. The federal government does not charge fees for applying for grants. Additionally, the scammers perpetrating this scam also often ask for personal information such as your birth date and Social Security number which they use to make you a victim of identity theft.
Many times Facebook is used as the medium through which people are contacted regarding this scam. It is not surprising that scammers use Facebook for these purposes. The very popularity of Facebook and the fact that on Facebook you are communicating with your friends is reason enough for scammers to use Facebook as a platform for scams.
There also has been a resurgence of a Facebook related scam that starts with a private message that appears to come from one of your friends telling you that he or she just received a large government grant and that it was easy to do. According to the Department of Health and Human Services, some of the key phrases used by scammers that you should be on the lookout for are “We do all the work. You just pay a processing fee;” and “You can’t get this information anywhere else.”
TIPS
Facebook accounts and email accounts are relatively easy for a skilled cybercriminal to hack so whenever you receive an email or message urging you to click on a link, provide personal information or, as in this scam, send money, you should always be skeptical and confirm that the communication is legitimate before responding. The message which appears to come from a Facebook friend of yours is most likely coming from a scammer who hacked into your real friend’s Facebook account and is hoping that your trust of your friend will outweigh your common sense. You should be particularly skeptical of any request to wire money or provide a cash card or gift card number because once funds have been transferred in this fashion, they are impossible to retrieve.
The federal government does not charge any fee to apply for a grant. Additionally, it is important to remember that government grants are not given for personal purposes, but only for public projects. People looking for legitimate information about grants, loans and financial aid information for higher education can go to the federal government’s website http://www.StudentAid.ed.gov. Information about federal loans for housing, disaster relief, education and veterans benefits can be found at the federal government’s website http://www.GovLoans.gov. Finally For information about a range of other federal benefits for which you may be eligible, you can go the federal government’s website http://www.Benefits.gov.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – March 26, 2023 – Major Data Breach Threatens Children
A recent data breach at iDTech a coding camp for children that provides on-campus as well as online tech and coding courses has resulted in the hacker offering for sale on the Dark Web approximately a million records including names, dates of birth, email addresses and more of hundreds of thousands of children who attended the camp. Making the matter worse is that as of today, iDTech has still not yet officially notified the parents about the data breach. Fortunately, the parents have been notified through the site Have I been Pwned (not a misprint, there is no “a”) of the data breach. According to a study last year by Javelin Strategy & Research more than 1.25 million children became victims of identity theft last year and the true number is probably much greater because in many instances child identity theft is not discovered until the child reaches age 18. Identity thieves steal the identity of a child and then run up large debts using the credit of the child, who generally does not become aware that his or her identity has been stolen until he or she reaches older teen years when the teenager might first apply for a car loan or financial aid for college.
Identity theft of children’s identities is a huge national problem. According to a study by the Carnegie Mellon CyLab, children are more than 51 times more likely to become a victim of identity theft than adults. Children are also the most common victims of “synthetic identity theft.” Many people are not familiar with the term “synthetic Identity theft,” but it poses a significant threat to many people particularly children.
Synthetic identity theft occurs when a criminal takes information from a variety of sources to create a new identity to take out loans, purchase goods and services, or fraudulently obtain credit cards. Synthetic identity thieves combine real and fake information to form a new fictional person. They may use your Social Security number and combine it with the name, address and phone number of someone else. The Federal Trade Commission (FTC) has said that synthetic identity theft is the fastest growing type of identity theft. Children are the most common victims of synthetic identity theft and it is often many years before the problem is discovered.
In synthetic identity theft criminals then build the credit score of the synthetic identity by having people use the credit cards and make regular payments until the credit score of the new synthetic identity is high enough for the ultimate payoff, which is referred to as the “bust out.” In the bust out phase, the identity thief uses the new synthetic identity to either make large purchases or take out big loans that are never paid back. Some synthetic identity thieves will take years to build the synthetic identity theft credit score by making payments on cell phone accounts, car loans and more.
TIPS
Some telltale signs of synthetic identity theft include being contacted about an account that you never opened or a debt that you didn’t incur. Also, look for aliases listed on your credit report that you do not use. A dramatic lowering of your credit score coupled with a lack of negative information on your primary credit reports are further indications of synthetic identity theft. The reason that your primary credit report will not show negative information due to synthetic identity theft is because when a criminal uses your Social Security number, but doesn’t use your name, the negative information caused by their actions does not appear on your regular credit report. Instead, the information is added to a sub-file of your credit report which will, however, cause your credit score to drop tremendously.
If you do find out that you or your children have become a victim of synthetic identity theft, notify each of the three credit reporting agencies, Equifax, Experian and TransUnion of the crime and ask them to investigate and remove the false information from your sub-files.
Parents also should, as much as possible, try to limit the places that have their child’s Social Security number and become familiar with the Family Educational Rights Privacy Act which helps you protect the privacy of your child’s school records and enables you to opt out of information sharing by the school with third parties. You also should freeze the credit reports of your children. Until 2018 there was no national law that allowed the credit reports of children to be frozen, but in the wake of the major Equifax data breach, Congress passed laws that now permit children’s credit reports to be frozen and unfrozen for free.
Here are the links to information about how to freeze your child’s credit reports at each of the three major credit reporting agencies.
https://www.transunion.com/credit-freeze
https://www.equifax.com/personal/education/identity-theft/freezing-your-childs-credit-report-faq/
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”
Scam of the day – March 25, 2023 – Increased Danger From Scammers Using AI
When I first started Scamicide more than ten years ago, “things aren’t as bad as you think… they are far worse” was prominently featured toward the top of the first page of the blog and unfortunately, that statement appears to be true evidenced by the increased use by scammers of Artificial Intelligence (AI) to help them create more convincing and effective scams.
ChatGPT, Microsoft’s popular artificial intelligence chatbot can generate articles, essays, stories and more in response to simple text prompts. It also can create more sophisticated and effective spear phishing emails that are more likely to convince an unwary targeted victim to either provide personal information that can lead to identity theft, click on a link and download dangerous malware or fall for a scam. Phishing emails that have originated overseas in countries where English is not the primary language often could easily be recognized by their lack of proper grammar, syntax or spelling, however with AI those problems are solved for the scammer and their phishing emails will now be more difficult to recognize.
We are all familiar with phishing emails which are emails that attempt to lure you into providing personal information or clicking on malware infected links. Fortunately, however, phishing emails are often easy to recognize because they may not be addressed to us personally or involve a subject matter that doesn’t relate to us. Spear phishing emails, however, are specifically tailored to appeal to the particular victim. They often address you by name and deal with subjects or companies with which you are involved or have an interest. Now, those spear phishing emails pose the threat of being even more dangerous as scammers are starting to use AI to make them even more believable.
TIPS
The best advice to avoid being a victim of a spear phishing email remains the same. B.S. Be skeptical. Following a zero trust protocol, you should never provide personal information or make a payment or click on a link in any email (or text message) unless you have absolutely confirmed that the communication is legitimate. Regardless of how legitimate it may appear, you should follow this rule.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – March 24, 2023 – Getting Scammed Through Your Smart TV
Smart TVs are terrific. Unlike old television sets that were not connected to the internet, smart TVs are connected to the internet which means that you can stream movies from Netflix and other streaming services, play video games and access a wide variety of apps. They do have a downside in that they often are gathering information about you and invading your privacy, but that is a topic for another column at another time. Today, I want to warn you about recent reports of people trying to log in to their streaming service only to find a pop-up that tells them that there is a problem with either your television or your streaming subscription. The pop-up provides either a phone number or a website to use to remedy the problem.
The problem is, however, that your smart TV has been hacked and the message is coming from a scammer. If you call the number or go to the website provided you will reach a customer service representative who asks for a small activation fee by credit card, debit card or gift card. Anytime you are asked for a payment by way of a gift card, you know it is a scam and if you provide your credit card or debit card information, the scammer will quickly proceed to run up charges. Anything that is connected to the Internet can be hacked and your smart TV is no exception, but many people don’t realize that their smart TV is vulnerable to being hacked.
TIPS
The key to hacking your smart TV is your router. Many people don’t bother to change the default password on their router and therefore leave themselves extremely vulnerable to hackers who use the readily available default passwords to get access to your router and the devices connected to it. As an additional line of defense you should also have a strong, complex password for your smart TV as well.
Also, many people ignore software updates for their smart TV although they wouldn’t do so for their computers, laptops or phones. It is important to update your smart TV’s software whenever such updates are made available to keep the smart TV more secure
If you have any thought that the pop-up may be legitimate, don’t call the phone number provided or go to the website provided. Instead call your streaming service’s customer service number which you can get from their real websites.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – March 23, 2023 – New AOL Phishing Scam
Today’s Scam of the day is about a phishing email presently circulating that attempts to lure you into clicking on a link in order to continue using your AOL account. Millions of people still use AOL. One reason for this is that you get greater email privacy when compared to some other email carriers. Due to its popularity, scammers and identity thieves often send out phishing emails that appear to come from AOL, such as the one reproduced below that was sent to me by a Scamicide reader. If you click on the link in the email one of two things can occur and both are bad. Either you will end up providing personal information to an identity thief or you will, merely by clicking on the link, download dangerous malware such as ransomware on to your phone, computer or other device. I have removed the link.
Here is the email presently being circulated.
|
||
| Dear User, Starting on March Eighth,2023. all old versions of accounts will no longer be able to log in via their email addresses due to recent security upgrades.
Follow below to Sign in and update your mailbox to avoid service interruption.
|
||
| Failure to do this, Will lead to permanent account closure
Sincerely, |
TIPS
When AOL communicates with its customers about their accounts, they do so by AOL Certified Mail, which will appear as a blue envelope in your inbox and will have an official AOL Mail seal on the border of the email. No official AOL Mail seal appears in the inbox for this phishing email. Also, this email also does not refer to you in the salutation, but merely addresses you as “Dear User.” In addition, the scammer was not very smart as the message line in the email reads “Verizon Account Management” which has nothing to do with AOL.
Whenever you get an email, you cannot be sure who is really sending it. In the case of this email, the email address of the sender had no relation to AOL and most likely was the email address of someone whose email account was hacked and made a part of a botnet of computers used by cybercriminals to send such communications. Never click on a link unless you are absolutely sure that it is legitimate. If you think the email might be legitimate, the best thing to do is to contact the real company that the email purports to be from at an email address or phone number that you know is accurate in order to find out if the communication was legitimate or not.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”