Scam of the Day
Scam of the day – February 3, 2023 – Facebook Quizzes Can be Dangerous
Quizzes on Facebook and other social media are very popular, but they can be exploited by identity thieves. A good example of this was the “10 Concerts, but there is one act that I haven’t seen live. Which is it?” Facebook quiz. While this may appear harmless, the information you provide may tell more about you than is safe to make public. It may provide information about your approximate age and preferences in music which can then be used by a scammer to send you a spear phishing email tailored to appeal to your particular interests that you may trust and click on a link contained in the email that contains either keystroke logging malware that can be used to steal your identity or ransomware.
Quizzes that ask about your favorite place to live or favorite movie characters may seem like simple fun, but may have been posted by an identity thief seeking to gather information the identity thief can use to make you a victim of identity theft. In addition, providing this type of personal information can help an identity thief determine your passwords or the answers to security questions that would enable the identity thief to change your passwords. Particularly problematic is when a pop up appears when you start the quiz requiring you to agree to allow a third-party application access to your Facebook profile. If you agree to this, you are permitting the quiz poster to gain access to your Facebook profile information, your location and much more. Don’t do it.
Last year, Louisiana Attorney General Jeff Landry issued a warning about social media quizzes and surveys. According to Landry, “Online surveys and quizzes may seem harmless enough, but the truth is they can expose you to hackers and scammers. It is difficult to tell which are innocent fun and which are coves for bad actors trying to steal your identity or worse.”
TIPS
We all tend to put too much personal information on social media that can be exploited by scammers and identity thieves to our detriment. My advice is to avoid the problem entirely and not play these online games. However, if you, as many people do, find these quizzes and games to be fun to play, you may want to just adjust your privacy setting to “friends only” so that you limit who gets to see your answers. While you are at it, you also may want to check out your Facebook profile and remove personal information such as your phone number or home address.
Be particularly aware not to provide information that can answer common security questions, such as your mother’s maiden name, the name of your first pet, your childhood street address, your favorite food or the name of the elementary school you attended. A good practice when it comes to security questions is to use a nonsensical answer when you provide an answer when setting up your security question. Thus, the answer to the security question as to the name of your first pet can be “stapler.” This is so silly you will remember it and no hacker will ever be able to guess it from social media posts or quiz answers.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – February 2, 2023 – Cryptocurrency ATM Scam
While not as popular as prior to the meltdown of various cryptocurrency exchanges such as FTX, cryptocurrencies remain popular with many people including scammers who find the anonymity provided by cryptocurrencies as a tremendously helpful way to launder funds obtained through a variety of scams. The Federal Trade Commission (FTC) is warning people about a cryptocurrency related scam that begins when you are contacted by a scammer posing as either a government official, a law enforcement officer or some legitimate company demanding payment under some guise. However, rather than ask you to send a check, credit card, gift card or wire funds, you are instructed to withdraw cash from your bank account and then go to a cryptocurrency ATM, purchase cryptocurrency and the using a QR code provided by the scammer, send the funds to the scammer.
The Quick Response (QR) code is a two dimensional barcode that can be scanned and read by your cellphone. They have been around since 1994 and like a link that you click on, they can take you to a website or some other source of information quickly and easily. QR codes can be used, as in this scam, to send funds to someone’s cryptocurrency wallet.
TIPS
This is an easy scam to avoid, as Cristina Miranda of the FTC has said, “Here the main thing to know: nobody from the government, law enforcement, utility company or prize promoter will ever tell you to pay them with cryptocurrency. If someone does, it’s a scam every time.”
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – February 1, 2023 – Microsoft Ends Windows 7 Security Updates
We all remember the massive 2017 WannaCry ransomware attack that affected computers in 100 countries including the UK where its entire health care system was affected. Ransomware is the name for malware that once installed on a computer, often unwittingly through clicking on links in spear phishing emails, encrypts and locks all of the victim’s data. The cybercriminal then threatens to destroy the data unless a ransom is paid. A little discussed aspect of the massive WannaCry attack was that it exploited a a vulnerability in the Windows XP operating system which is extremely outdated and should not be used. Technical support and updates for Windows XP ceased in 2014.
Just about all computer software has a lifecycle. Much like a car which at some point becomes more difficult and expensive to fix rather than dispose of and get a new car, software vulnerabilities are constantly being patched, but at some point in time the software reaches the end of its life cycle and becomes too difficult and expensive to continue patching. While you can choose to continue to use such software, it is extremely risky to do so because such unsupported software is a prime target for a myriad of cyberattacks.
Some time ago, Microsoft announced that it was ending technical support and would no longer be issuing free technical support or software and security updates for the popular Windows 7 operating system on January 14, 2020. However, it did provide some extended security support to help maintain legacy or older equipment that wasn’t easy to upgrade. Now however, Microsoft has stopped all further security updates for Windows 7 thereby leaving Windows 7 users extremely vulnerable to dangerous hacking. It is estimated that 10% of Windows users still use Windows 7. If you are a Windows 7 user, you absolutely should update your software to Windows 10 to protect yourself.
TIPS
Whenever security updates are provided for any of the software you use, you should install the updates as soon as possible and when a particular software program you use is no longer being updated, such as with Windows 7, you should upgrade to the newer software or in this case operating system to avoid being subject to security threats.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – January 31, 2023 – George Santos Charity Scam
Among the many lies stated by Congressman George Santos of New York during his campaign was that he claimed that he created and ran an animal rescue charity called Friends of Pets United. According to Santos, his charity rescued 2,400 dogs and 280 casts and neutered and released more than 3,000 cats between 2013 and 2018. However, there is no record of the charity ever legally existing nor does it have a website. It is not registered with the Internal Revenue Service nor has it ever filed the IRS forms charities are required to file annually. It appears that anyone who donated to Santos’ charity were swindled.
Whenever you are solicited by a charity on the phone, you can never be sure who is really contacting you. Even if your Caller ID indicates that the call is coming from a legitimate charity, as I have mentioned many times, scammers use a simple technique called “spoofing” to manipulate your Caller ID to make their calls appear to come from a legitimate source when the truth is that the call is coming from a scammer. Similarly when you receive a text message or email solicitation for a charity, you have no way of knowing if the solicitation is from a scammer or a legitimate charity.
TIPS
Phony charities often have names that sound legitimate and it is difficult to know merely from a solicitation whether or not the charity is a fake. Other times, scammers will use the name of a legitimate charity when they solicit you by phone, email or text message and you can never be sure when you are contacted by email or text message whether or not the solicitation is legitimate. Prior to giving to any charity, I suggest you first look into whether indeed the charity is legitimate or not and the best way I know to do that is to go to http://www.charitynavigator.org where not only can you find out whether the charity is a scam, but also whether or not your donation will be tax deductible, how much of your donation goes toward the charitable purposes of a legitimate charity and how much goes toward salaries, administrative costs and fund raising. Charitynavigator.org will also give you access to the websites and phone numbers of legitimate charities you may wish to consider giving to so you can feel confident when you make a gift that it is going to the right place.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – January 30, 2023 – Another Password Manager Hacked
Having unique, complicated passwords for each of your accounts is an essential element of online security. However, remembering all of your passwords can be a difficult task for many people, which is why so many people use online password managers, which store all of your passwords for you. These companies, however, are tempting targets for identity thieves. Earlier this month, I told you about a data breach at the password manager company LastPass that suffered a data breach in which 33 million people had much personal information stolen that could lead to identity theft.
Now we have learned that a number of people using Norton’s Password Manager had their accounts hacked, but it should be emphasized that the fault was not with Norton, but with Norton users who used the same master password for their password manager account that they used for multiple other accounts, at least one of which suffered a data breach. Scammers and identity thieves purchase passwords compromised in data breaches that are sold, often in large batches on the Dark Web where criminals who have hacked into companies and stolen passwords and other personal information sell the stolen information to other criminals
In 2018 researchers at Aalto University and the University of Helsinki discovered security flaws affecting the technology used by all of the password managers. The researchers disclosed their findings to the affected companies which took steps to remedy the problem, but the bottom line is that while using a password manager is helpful, it will always be a target of hackers and you may be more comfortable using unique, complex passwords for each account that you can readily remember without using a password manager. This is not as difficult as it sounds as you will read below.
TIPS
First, if you are interested in using a password manager, here is a link to an article from PC magazine that compares many of the legitimate password managers available to you. https://www.pcmag.com/picks/the-best-password-managers
If you do decide to use a password manager, you should remember not to use your password manager master password for any of your other accounts. You also should use dual factor authentication so that even if someone were to gain access to your password manager master password, your password manager account could not be accessed.
However, if you would like to use the helping hand you find at the end of your own arm and generate unique, complex passwords for each of your accounts that are easy to remember, here is a strategy that is very effective. You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords that has capital letters, small letters and a symbol, add a few symbols at the end so it may read IDon’tLikePasswords!!! and then adapt it with a few letters for each particular account you have so that you will have a secure and easy to remember password for each of your online accounts. Thus, your Amazon password could be IDon’tLikePasswords!!!AMA.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – January 29, 2023 – Smishing Scams Increasing
Although the name may not be as familiar as “phishing” which is the name for emails that lure you into clicking on malware infected links or providing personal information that will be used to make you a victim of identity theft, “smishing” is the name given to text messages that lure you into clicking on links or providing personal information in response to a text message from what appears to be a trusted source, such as a company with which you do business.
Smishing scams have increased in frequency over the last year. According to the Federal Trade Commission (FTC) 21% of fraud reports dealt with smishing. Many smishing text messages appearing to come from Amazon, USPS, Federal Express, Cash App, Netflix and others. Like phishing emails, the purpose of a smishing text message is to either lure you into providing personal information that will be used to make you a victim of identity theft or to click on a link in the text message that will download dangerous malware.
TIPS
Among the topics of smishing text messages are free prizes, gift cards or coupons, credit card offers, student loan assistance, suspicious activity on an account of yours, or a need to update your payment information with a company with which you do business. Smishing emails that appear to come from your bank are also quite common.
As I always say, “trust me, you can’t trust anyone.” You can never be truly sure when you receive a text message seeking personal information such as your credit card number whether or not the email is a scam. The risk of clicking on a link or providing the requested information is just too high. Instead, if you think that the text message might be legitimate, you should contact the company at a telephone number that you know is legitimate and find out whether or not the text message was a scam.
For some reason it appears that Verizon users are being targeted most frequently by smishing scams.
As for Netflix, which has been used as a hook in many recent smishing scams, the real Netflix will never ask in an email or text message for any of your personal information so anytime you get an email or text message purportedly from Netflix asking for your credit card number, Social Security number or any other personal information, it is a scam. Here is a link to Netflix’s security page for information about staying secure in regard to your Netflix account. https://help.netflix.com/en/node/13243
If you are not a subscriber to Scamicide.com and would like to free receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – January 28, 2023 – FTC Refunding Money to Victims of Supplement and Beauty Product Scam
In 2016 the FTC settled a lawsuit it brought against NutraClick LLC a company that lured consumers with “free” samples of health and beauty products and then charged them a recurring monthly fee without their consent. In 2020, the FTC sued NutraClick again for misleading consumers when they tried to cancel their “free” trial memberships to avoid monthly charges. Now the FTC is returning $973,000 to 17,064 people who were victimized by NutraClick. The funds for the refund were obtained from payments made by NutraClick pursuant to its settlement agreements with the FTC. The FTC is now sending checks to people who were charged for unwanted memberships.
TIPS
For more information about this refund program go to the tab in the middle of the Scamicide home page entitled “FTC Scam Refunds.” It is important to note that there is never a charge for obtaining a refund through the FTC or any of its refund administrators. Anyone who asks for such a payment is just another scammer.
As for health care products in general, the truth is that there are no quick fixes when it comes to remedying a wide variety of health issues and you should be wary of any product that promises to do so. You should also be wary of any health care product that is sold exclusively either over the Internet or through mail-order advertisements. The best course of action is to ask your physician about the effectiveness of a particular product or program before you consider buying it.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – January 27, 2023 – Critical Apple Security Updates
It is always important to update all of the software you use with the latest security updates and patches as soon as they are available. Numerous hacks and data breaches could have been avoided if individuals as well as companies installed security updates as soon as they became available. Hackers take advantage of the fact that many of us procrastinate installing security software to our great detriment. The major data breach at Equifax that affected 148 million people involved a security flaw in Apache software for which a patch had already been issued months earlier, but Equifax had not yet installed at the time of the data breach.
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device.
TIPS
Here is a link to Apple’s page with all of the security updates and instructions as to how to install them. https://www.cisa.gov/uscert/ncas/current-activity/2023/01/24/apple-releases-security-updates-multiple-products
If you use any of the affected Apple devices, it is critical that you install these updates as soon as possible.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – January 26, 2023 – Data Breach Threatens FanDuel Sportsbook Customers
The headline of today’s Scam of the day is very precisely worded. FanDuel, the online sports gambling site did not suffer a data breach, however, its customers did. This is because a data breach at Mail Chimp, an email marketing company used by FanDuel to send out FanDuel’s newsletters did result in FanDuel’s customers having their names and emails stolen. While this information is not as directly harmful as having your Social Security number compromised, it is still significant because this information places FanDuel’s customers at an increased risk of spear phishing emails. This data breach is just another example of the fact that regardless of how good you are at protecting your personal information, you are always at risk of having that information compromised by third parties who have your information.
We are all familiar with the term “phishing” which is when you receive an email from a scammer or identity thief posing as someone else to lure you into either clicking on malware infected links or provide personal information. While phishing emails can be convincing, they are not nearly as convincing as a “spear phishing” email which is a phishing email specifically tailored to you and your interests. Unlike phishing emails, spear phishing emails will contain your name and refer to a company with which you do business or some other topic that the scammer knows is something of great interest to you.
With the NFL playoffs continuing and the Super Bowl not far off there will certainly be increased interest in gambling on these games and users of FanDuel should expect to receive spear phishing emails from identity thieves and scammers posing as FanDuel that may appear quite legitimate.
TIPS
As always, you should never provide personal information or click on links in emails or text messages unless you have absolutely confirmed that the communication you receive is legitimate. In the light of the Mail Chimp data breach, customers of FanDuel should be particularly skeptical of any emails they receive either asking for personal information or providing links. In addition, if you are a FanDuel customer and haven’t already done so, in addition to making sure you have a strong, unique password for your FanDuel account, you should also set up dual factor authentication for further protection.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – January 25, 2023 – Pyramid Schemes vs. Multilevel Marketing
Multilevel marketing companies, such as Amway, Avon and Mary Kay utilize a business model where you sign up with them to sell their products directly to consumers and earn commissions on your sales. In addition, you can earn money by recruiting other people to do the same thing and get a commission from their sales as well. You will often see social media used to recruit people to multilevel marketing companies with promises of big pay for your work.
While multilevel marketing is legitimate, pyramid schemes, which often resemble multilevel marketing businesses are not. The key difference is people involved in pyramid schemes make their money not primarily by selling products, but by recruiting other people to participate in the pyramid scheme. In October of 2019 I told you that the Federal Trade Commission (FTC) settled its legal action against AdvoCare International and its former CEO who under the terms of the settlement are banned from operating multilevel marketing businesses and were ordered to pay more than 149 million dollars to the FTC to be refunded to consumers.
AdvoCare promoted health and wellness products such as its Spark energy drink, but its profits came from recruiting new distributors rather than selling products which is the hallmark of a pyramid scheme. AdvoCare routinely misrepresented and lied to people about the operation of the company. Among their misrepresentations were that the distributorships would routinely provide hundreds of thousands or even millions of dollars of profit annually to people who signed up to be distributors. The truth is that in 2016, 72.3% of distributors earned nothing, 18% earned no more than $250 and 6% of distributors earned between $250 and $1,000 while the distributors paid thousands of dollars in fees to join and maintain their status each year with the company.
Sometimes a legitimate multilevel marketing business may look quite similar to an illegitimate pyramid scheme, which is one of the reasons that so many people fall prey to these scams. For every legitimate multilevel marketing company, such as Mary Kay and Amway, there are many that are just scams. In a legitimate multilevel marketing company, investors make money by selling products to the public and by recruiting new salespeople. In a pyramid scheme the source of profits is based primarily on the recruiting of new members or salespeople.
TIPS
Anyone who is considering investing in what is represented to be a multilevel marketing business should always investigate the company and the terms of investment carefully before investing any money. In addition, you should also check out the company with the FTC and your state’s attorney general to make sure that the company is legitimate before investing any money.
Here is a link to information from the FTC that you should consider before investing in a multilevel marketing business. http://www.consumer.ftc.gov/articles/0065-multilevel-marketing
In addition, even with “legitimate” multilevel marketing companies, according to research by the FTC few people make any money. According to the FTC in 2021 the average annual income for someone working for Amway was a mere $766 and that figure is before expenses are factored in. Here is a link to a study referred to by the FTC https://www.ftc.gov/sites/default/files/documents/public_comments/trade-regulation-rule-disclosure-requirements-and-prohibitions-concerning-business-opportunities-ftc.r511993-00008%C2%A0/00008-57281.pdf
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”