Scam of the Day
Scam of the day – January 9, 2026 – Car Dealer Cloning Scams: How Fake Dealership Websites Steal Your Money
Car dealer cloning is a rapidly expanding scam. It occurs when a scammer sets up a website or social media profile in which they pose as a legitimate car dealer. The website and social media posts use images and photographs of legitimate car dealers to make them look legitimate and, with the increased availability of AI to assist the scammers in setting up their phony car dealer websites and social media presence, they appear quite legitimate. On these phony sites the scammers offer tremendous discounts on cars. Generally, the scammers require the purchase price for the non-existent cars to be wired to them. Wiring funds is a favorite choice of payment of scammers because it can be difficult to reverse and is easy for the scammers to disguise their identity. While the warning came from the Wisconsin Department of Transportation, this scam is going on throughout the country.
TIPS
Research any car dealer you are considering to confirm their actual phone number, email address and other contact information to make sure you are communicating with the real dealer and not a scammer posing as the legitimate dealer. Confirm with your state Department of Transportation that the dealer with whom you are dealing is a properly registered. Never buy a car without actually seeing and inspecting it. Before wiring money. confirm with the seller’s bank the identity of the company you are sending the funds to. You can tell the bank that you want to verify the company’s identity before wiring funds.
Scam of the day – January 8, 2026 – $2,000 Tariff Rebate Texts Are a Scam — Here’s How to Stay Safe
Recently the Idaho Attorney General issued a warning about scammers sending texts and emails claiming you are eligible for a $2,000 tariff rebate check and instructing you to click on a link to claim your check. The truth is that although President Trump has mentioned giving a $2,000 check to Americans using tariff revenues, no law authorizing these payments has been passed or even proposed in Congress and the president does not have the authority to order such payments on his own. Anyone clicking on the links provided in the emails would end up either providing personal information to scammers that would be used for purposes of identity theft or downloading dangerous malware that could also lead to identity theft.
Here are a couple of examples of a text message and email that are presently circulating:
Scam of the day – January 7, 2026 – The Rising Danger of Homograph Attacks: What You Need to Know to Stay Safe
Chances are you haven’t heard of the term, “homograph attack,” but it refers to a cyberthreat that can easily result in your becoming a victim of identity theft or a scam victim. A homograph attack is a type of cyber attack where attackers exploit look alike characters, often from different alphabets to create misleading domain names, usernames, or URLs that appear legitimate but actually lead to malicious sites. Homograph attacks have been around since the early 2000s, but have increased dramatically since 2020 when the federal government first warned about them. The attack starts with an email from what appears to be a legitimate source such as your bank informing you of an emergency requiring you to either click on a link or provide personal information.
Homograph attacks exploit similarities between the Roman alphabet used in the English language and the Cyrillic alphabet developed for Slavic speaking people which is used in more than 50 languages including Russian. In the example below in the real email address the Roman “a” is used while in the second phony email address the Cyrillic version is used which is easy to miss. Similarly without even changing the alphabet, some scammers will replace a lowercase L “l” with the number “1” which can also be easily missed.
Recently scammers have been sending phishing emails posing as Microsoft and using the email address rnicrosoft.com which at first glance appears legitimate, but instead of the letter “m” at the start of the email address it uses the letters “r” and “n” which give the appearance of an “m.”
TIPS
Remember my motto, “trust me, you can’t trust anyone.” You have to be skeptical whenever you receive an email or text message asking for personal information or requesting you to click on a link because you can never be sure if the communication is legitimate or not at initial viewing. Always absolutely confirm whether the communication is legitimate before ever providing personal information or clicking on a link that could contain harmful malware. Phishing emails will always make it appear that there is an emergency to which you must respond immediately, but it is important to take your time to make sure that the communication is legitimate before responding.
Also, don’t rely on your security software to totally protect you because while it is critical to have good security software on all of your devices and to keep it up to date with the latest updates, the most updated security software will not protect you from malware that exploits zero day defects which are software vulnerabilities not yet discovered. It generally takes the security software companies about a month before to come up with defenses against the latest strains of malware.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”
Scam of the day – January 6, 2026 – Why Pop‑Up Ads Are More Than a Nuisance: The Malware Threat You Need to Know About
Pop-up advertisements that appear on your phone, computer or other device are considered by many people to be merely a nuisance, but they can also, in some circumstances, present a serious threat to your well being. While often the pop-up ads may be legitimate advertisements, in other cases they are created by scammers who lure you into clicking on links and being directed to websites that either convince you to provide personal information that can be used to make you a victim of identity theft or, in a worst case scenario, merely by either clicking on the link or being redirected to another website, you may unwittingly download malware such as ransomware or keystroke logging malware that can steal from your phone or computer sensitive personal information that can be used to access your bank account or make you a victim of identity theft in other ways.
Part of the problem is that many of these pop-up ads appear on websites that you trust, which is because the advertising on legitimate websites often originates with third party advertising companies that may not properly screen the advertising that they accept. A few years ago the Equifax website was infected with a phony Adobe Flash update pop-up that when clicked on downloaded malware.
TIPS
The major browsers such as Google Chrome, Bing, Internet Explorer and Firefox all permit you to adjust your settings to eliminate pop-up ads from appearing and I can personally attest to the fact that adjusting your browser settings to avoid pop-up ads can be very effective. Unfortunately, the software used by these browsers as well as specific ad blocker apps are never going to be fully effective at blocking all pop-up ads. Malicious pop-ups that take advantage of newly discovered vulnerabilities will always be a problem, however if you adjust your browser settings to avoid pop-ups and keep your phone and computer security software updated with the latest security patches, you will go a long way toward keeping yourself safe.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – January 5, 2026 – The Hidden Dangers of Low‑Tech Identity Theft — And Why Your Shredder May Not Protect You
Identity theft can be high tech, low tech or no tech. As we all know, it can result from sophisticated computer hacking, but it also can come from as old fashioned a manner as pickpocketing your wallet or stealing your purse in which you may be carrying credit cards, your Social Security card or other identifying information that can be transformed into you becoming a victim of identity theft. In addition, identity thieves will also go through your trash to find material with information that can make you a victim of identity theft such as old checks, tax records, bank statements or old credit card bills. Many people do not give enough thought to their vulnerability to identity theft through these no tech methods of stealing your identity although the results can be every bit as devastating as becoming a victim of identity theft through computer malware.
Many people think that the common strip shredder which shreds your documents in long strips will protect you from identity theft. The truth is it does not. This fact was reinforced in 2023 when North Carolina television station WFMY did an experiment with a group of fifth graders at the Northern Guilford Elementary School who were given shredded documents which they were able to piece together sufficiently to recognize account numbers and other information which in the wrong hands could lead to identity theft.
TIPS
When disposing of old or no longer needed documentation that has identifying information about you such as old bank statements, medical insurance bills, credit card bills or anything with your Social Security number on it, you should make sure that you shred these documents before disposing of them and make sure that you use a cross shredder because shredders that only shred in one direction do not provide sufficient security. One directional shredded material can be pieced together to provide an identity thief with information that can result in your becoming a victim of identity theft. For years methamphetamines addicts have carefully taken the time to reconstruct documents that were only shredded vertically. The lesson is that everyone should use a shredder when disposing of sensitive documents and the only type of shredder to use is a cross shredder.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – January 4, 2026 – Fake Apple ‘Special Investigations Unit’ Calls: How This Dangerous Scam Works
People are reporting receiving calls that purport to be from Apple’s Special Investigations Unit telling them that illegal child pornography has been discovered on their cloud account. The phony investigator is sympathetic when you inform them that you never stored child pornography on the cloud or anywhere else. He tells you that most likely the child pornography was somehow planted by a hacker on your computer and it is being backed up in the cloud. In order to remedy the problem, the phony Apple investigator tells you he needs remote access to your computer in order to locate and remove the child pornography from your computer. The cost of this service can be as high as thousands of dollars which the phony investigator requests be paid through Amazon gift cards. This scam presents a double whammy. Victims of the scam not only pay the scammer for services they don’t need, but by providing remote access to their computers, they enable the scammer to install a wide variety of malware that can lead to identity theft and further scams.
TIPS
Even if your Caller ID indicates that the call is coming from Apple, your Caller ID can be manipulated easily through a technique called “spoofing” by which the scammer can make your Caller ID read whatever he or she wants it to read. One way you can be sure if you receive such a call that it is a scam is that neither Apple nor any other tech company is going to call to inform you that there is child pornography on your computer. Also, Apple does not have a Special Investigations Unit. Additionally, legitimate tech companies do not accept Amazon gift cards or any other form of gift card as payment for their services. As for enabling someone to have remote access to your computer, you should never do so unless you have absolutely confirmed that the remote access is legitimately warranted and the person to whom you are giving the remote access is also legitimate.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – January 3, 2026 – The Hidden Dangers of the Internet of Things: How to Protect Your Smart Home from Hackers
I have been warning you about dangers in the rapidly expanding Internet of things for more than twelve years. The Internet of Things is made up of a broad range of devices connected to the Internet including home thermostats, security systems, medical devices, refrigerators, televisions, cars and toys. Our homes have become filled with these devices including Alexa and Siri. The FBI has longed warned consumers about the dangers presented by hacking of various devices that makeup the Internet of Things.
Cybercriminals hack into your devices that are a part of the Internet of Things to enable them to enlist your devices as a part of a botnet by which they can distribute malware while maintaining their anonymity. They also can hack into your Internet of Thing devices to access your home computers or cell phones to steal information for purposes of identity theft or to implant malware on your home computers and cell phones. The risks are extreme, but there are some basic steps you can take to protect yourself.
TIPS
Most of the devices that make up the Internet of Things come with preset passwords that can easily be discovered by hackers. Change your password as soon as you set up the product. Also, set up a guest network on your router exclusively for your Internet of Things devices. This is important so that you can keep the sensitive personal information you have on your computer or cell phone from being accessible through a hacking of any of your Internet of Things devices.
Configure network firewalls to block traffic from unauthorized IP addresses and disable port forwarding. Make sure that you install the latest security patches as soon as they become available. Use encryption software for the transmission of data and find out where data is stored and what steps are taken to secure the information.
Make sure your router is secure and use its whitelisting capabilities which will prevent your device from connecting to malicious networks. Routers are a critical part of your smart home security. Make sure it will automatically download and install the latest security updates from its manufacturer. If your router is an older router that does not have this capability, you can check the manufacturer’s website regularly for the latest updates, but frankly, you are probably better served by getting a newer, more secure router. Make sure you have a unique password for each of your Internet of Things devices and use dual factor authentication whenever you can for all of these devices.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it indicates “Sign up for this blog.”
Scam of the day – January 2, 2026 – New Wave of Mavis Wanczyk Scams: How Fake Cash Grants and Social Media Impersonators Target Victims
She’s back! Actually, she has never left. I have been writing about scams related to Mavis Wanczyk for nine years but recently I have received emails from Scamicide readers telling me about various new incarnations of a variety of scams that share the same hook which is that Mavis Wanczyk is giving money away to lucky people. Many of you may not remember the name of Mavis Wanczyk, but she was the lucky winner of a 758 million dollar Powerball drawing in 2017. Not long after she claimed her prize, a scam started appearing in which many people received emails with the message line referring to the Mavis Wanczyk Cash Grant. The email indicated that you were chosen to receive a large cash grant from Mavis Wanczyk. All the lucky strangers receiving the emails had to do was provide personal information in order to qualify for the grant. In addition, phony social media accounts on Twitter, Facebook and Instagram were also set up in Ms. Wanczyk’s name through which people were contacted with the same phony offer of free money informing them that in order to qualify for the grant they merely needed to provide personal information.
Recently a Scamicide reader told me about receiving a message through Facebook that purported to be from Mavis Wanczyk informing him that she was giving him $10,000 and that all she needed was for him to set up a Cash App account and provide the details to her so that she could transfer the money to him. Fortunately, he recognized that this was a scam and did not send the account information requested which if sent would have enabled the scammer to access the bank account or debit card linked to the Cash App account and steal his money. Similarly another Scamicide reader communicated with another Mavis Wanczyk impersonating scammer on the question and answer website Quora who lured him into sending money for a variety of reasons such as insurance and delivery costs in order to receive his “free” gift of $10,000 from Mavis Wanczyk.
On this past Christmas Eve, someone in Arkansas won a Powerball jackpot of $1.817 billion, but under Arkansas law, winners are able to keep their names anonymous. If he or she decides not to be anonymous, you can be sure that scammers will latch on to the winner’s name for similar scams.
TIPS
It is difficult to win a lottery you have entered. It is impossible to win one that you have never entered and neither lottery winners, nor anyone else is sending out messages through the Internet offering free money to anyone who responds with personal information. Never give out personal information that can make you vulnerable to identity theft unless you have absolutely verified that the party requesting the personal information is legitimate and has a legitimate need for the information or payments to receive a supposedly free gift.
Finally and most importantly, remember neither Mavis Wanczyk nor any other lottery winner is giving away money to strangers.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it indicates “Sign up for this blog.”
Scam of the day – January 1, 2026 – New Debit Card Chip Scam: How Criminals Steal Your PIN and Empty Your Bank Account
For years identity thieves and scammers would use skimmers installed at ATMs and on card processing equipment such as at gas pumps (where this is still a problem) and at retail checkouts to steal the debit or credit card information from the magnetic strip on the card and then use it to access the victim’s account. The development of the chip credit card where a computer chip is contained on the card which provides a new number each time the card is used dramatically reduced the amount of credit and debit card theft with the exception of online purchases where the chip cannot be used (well, nobody’s perfect). Now however, clever criminals have come up with a new way to access your bank account through your debit card.
The scam starts when you get a phone call that appears to come from your bank informing you that there has been fraudulent activity on your debit card. Using a technique called “spoofing” the scammers are able to manipulate your Caller ID so that it indicates that your bank is calling you. The scammer then goes on to tell you that you need to cut up your card, but keep the chip from the card to be picked up by a bank employee. The phony bank employee then shows up to pick up the chip and using social engineering lures the victim into providing his or her PIN.
Once the scammer has your PIN and the chip, he or she can create a debit card and go to any ATM and empty your bank account.
TIPS
Whenever you get a phone call, you can never be sure who is actually calling you. If you get a call that purports to be from your bank informing you of some problem, you should hang up and call your bank at a telephone number that you know is accurate to determine if the call was a scam. You also can go online to your bank account to determine that no fraudulent access had occurred.
In addition, no bank will ever ask you to give them back the chip on your credit card or ask for your PIN.
B.S. Be skeptical!
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 31, 2025 – Brushing Scam Is Back: How New QR‑Code Tricks Turn Free Packages Into Identity Theft Traps
I first told you about “brushing” in August of 2020 after many people in the United States, Canada and the United Kingdom reported receiving unordered packages of seeds sent from China. A wide variety of conspiracy theories quickly surfaced to explain what was happening, but the truth was that it was an example of a scam called “brushing.” Brushing was the name given to using false orders for products to boost the prominence of an online vendor.
Vendors pay brushers to make large orders of their product and ship them to strangers to make the sales appear to be legitimate. The brushers follow up on these purchases by posting glowing reviews of the vendor’s product. This combination of increased sales volume and positive reviews will, in turn, result in the increased prominence of the vendor in online marketplaces and result in increased sales. Brushing is illegal in the United States and China, however, it is quite commonly used by Chinese companies.
Now we are seeing a resurgence of this scam, but in a more threatening manner. While in the original brushing scam, people receiving the unordered items did not suffer any financial harm, now scammers are sending unordered goods, most often through Amazon to people with a QR code and instructions to scan the QR code in order to see who sent the goods. If you scan the QR code either you will be taken to a phony, but legitimate appearing website where you will be prompted to provide personal information that will be used to make you a victim of identity theft or, even worse, merely by scanning the QR code you may download malware that will steal personal information from your phone that can lead to identity theft.
TIPS
As I often say, “trust me, you can’t trust anyone.” If you receive such a package with no sender information, but merely a QR code, it is a scam and you should not scan the QR code.
If you get unordered goods with instructions to scan a QR code, report the package to Amazon using the form found at https://account-status.amazon.com/report-unwanted -packages. Do not scan the QR code, As with the initial instances of the brushing scam, you are legally entitled to keep any unordered goods sent to you.
Finally, there are companies that have free QR code scanner apps that will not only scan the QR code, but also let you know if it is legitimate and prevent the downloading of malware from bogus QR codes.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/