Scam of the Day
Scam of the day – August 5, 2021 – Another Geek Squad Tech Support Scam
Geek Squad is a subsidiary of big box store chain Best Buy and it offers excellent tech support for electronic devices including televisions and computers. They are a popular company used by many people including the Scamicide reader who forwarded the email copied below to us. Lately, I have been receiving a lot of Geek Squad related phishing emails sent to me by Scamicide readers. It looks like a legitimate email from Geek Squad, however the grammar is poor where it reads, “Today Subscription Will Be Auto Renewed automatically..”. The truth is that this particular email is a phishing email intended to lure someone into contacting the scammers where they will be lured into providing information that will lead to identity theft.
TIPS
Never click on links or download attachments in emails or text messages unless you have absolutely confirmed that they are legitimate and don’t call companies at telephone numbers that appear in the email such as this one. Instead, if the email appears to come from a legitimate company, you can call them at a telephone number you confirm is legitimate. In the case of Geek Squad their customer service number is actually 800-433-5778. Never call the number that appears in the email. An immediate indication that this is not legitimate and is a phishing email is the fact that the email address from which it was sent has nothing to do with Geek Squad. The email address appears to be that of some unfortunate person whose email account has been hacked, made a part of a botnet and used to send out spam and phishing emails such as this. Additionally, nowhere in the email does your name appear. The salutation is “Dear Customer.”
The fact that the email carries the logo of Geek Squad is not an indication that it is legitimate as it is quite simple to counterfeit a legitimate logo to give the email the appearance of legitimacy.
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide has been cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – August 4, 2021 – QR Code Scams
Even if we everyone doesn’t use them, we are all pretty much familiar with QR Codes such as the one shown below. The Quick Response (QR) code is a two dimensional barcode that can be scanned and read by your cellphone. They have been around since 1994 and like a link that you click on, they can take you to a website or some other source of information quickly and easily. Advertisers were fond of QR codes because they were easier for consumers to scan then type in a long URL. However, no good deed goes unpunished and scammers are always ready to turn anything into a scam so it is not surprising that QR codes have been used by scammers to perpetrate scams and QR code scams have increased dramatically during the pandemic. Often the scams come in the form of phishing emails that instead of attempting to lure you into clicking on infected links, try to persuade you to scan the QR code which can result in your downloading malware on to your phone, such as ransomware or keystroke logging malware that can lead to your becoming a victim of identity theft.
Bitcoin addresses are also often sent through QR codes which is why they have been turning up in Bitcoin and other cryptocurrency scams.
TIPS
Trust me, you can’t trust anyone. Just as I am always telling you not to click on links in emails regardless of how legitimate the communication may appear unless you have absolutely confirmed that the email is legitimate, so should you not scan QR codes unless you have absolutely confirmed that it is legitimate for the same reason. Downloading malware or being tricked by an apparently legitimate appearing website to provide personal information can lead easily to your becoming a scam victim or identity theft victim.
Fortunately, there are also apps such as the free Kaspersky QR code scanner app that will not only scan the QR code, but also let you know if it is legitimate and prevent downloading of malware from bogus QC codes. Here is a link to Kaspersky’s QR code scanner. https://www.kaspersky.com/qr-scanner
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide has been cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – August 3, 2021 – FTC Refunding 2.3 Million Dollars to Victims of Credit Card Debt Relief Scam
In 2019 I first told you that the Federal Trade Commission (FTC) in conjunction with the Attorney General of Ohio had brought legal action against Educare Centre Services, Inc. and Tripletel, Inc alleging that these companies worked together to sell bogus credit card interest rate reduction services through telemarketing. The defendants falsely promised their victims that they could significantly reduce the interest rate on their victims’ credit cards and offered a 100% money back guarantee. Not only did the victims of this scam not receive the promised rate reductions, but they also did not receive their money back when they requested refunds. In fact, in most instances, complaining customers were threatened with lawsuits. Now the defendants have settled the lawsuit and are refunding 2.3 million dollars to victims of the fraud. While the settlement is a positive development, the FTC had previously alleged that the victims of the scam were swindled out of more than 11 million dollars.
TIPS
It is important to remember that the FTC’s Telemarketing Sales Rules specifically prohibit charging advance fees before providing any debt relief services. Any company that requires an advance fee before they have completed their successful debt reduction services is breaking the law. You also may want to consider avoiding scams like this by enrolling in the federal Do Not Call List so that if you are contacted by a telemarketer, you already know it would be someone who is knowingly breaking the law and cannot be trusted. Registering for the Do Not Call List is easy and free. Merely go to http://www.donotcall.gov to register your phone number.
If you need real credit counseling you can go to this section of the Department of Justice’s website where it lists agencies approved to assist consumers with debt problems. https://www.justice.gov/ust/list-credit-counseling-agencies-approved-pursuant-11-usc-111 You also may consider contacting companies that are affiliated with the National Foundation for Credit Counseling at this link https://www.nfcc.org/
For more information about this refund program go to the tab in the middle of the Scamicide home page entitled “FTC Scam Refunds.” It is important to note that there is never a charge for obtaining a refund through the FTC or any of its refund administrators. Anyone who asks for such a payment is just another scammer.
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide was cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”
Scam of the day – August 2, 2021 – Expect an Increase in Student Loan Scams Soon
I have written many times over the last ten years about student loan scams because scammers have successfully targeted college students and their parents for a variety of scams related to these extensive loans. In October of 2017 the Federal Trade Commission, working with the Attorneys General of eleven states, launched what it cleverly calls, Operation Game of Loans to jointly target these various student loan scams. Some scammers promise dramatic reductions of debt of 50% or more in return for upfront fees of between $500 and $2,500. Often these scam companies have names that make it appear that they are endorsed by the federal government in order to trick people into trusting them. Another student loan scam involves promises related to consolidating student loans. Sometimes the scammers represent that they are associated with the U.S. Department of Education although the Department of Education does not associate with private lenders in regard to student loan consolidation. These scammers also charge significant fees for their student loan consolidation services when the truth is that there is no fee for legitimate student loan consolidation. It is also important to remember that consolidating your student loans does not lower your interest or monthly payment. Instead, after loan consolidation the student’s monthly payment is equal to a weighted average of the interest rates on the student’s current loans.
The present pause on student loan payments and interest put into effect during the pandemic is set to expire on October 1, 2021. The sudden resumption of payments by 40 million student loan borrowers is sure to prompt scammers to contact students and their families with a wide variety of scams related to repayment or forgiveness of student loans. Some scammers will be contacting students posing as the student’s loan servicer. In order to verify that you are being contacted by your real loan servicer, you can go to the Department of Education’s federal student aid website where you can get detailed information on your current student loan servicer including contact information. Here is that link. https://studentaid.gov/
TIPS
The old adage still is true. If it sounds too good to be true, it probably isn’t true. Many of these student loan debt relief scammers promise quick loan forgiveness, which is unrealistic. In addition, you should never pay any upfront fees for student loan debt relief assistance. Those fees are illegal and are a sure indication that you are being scammed. Also, remember my motto, “trust me, you can’t trust anyone.” Don’t trust scammers merely because they use names that sound like they are affiliated with the government.
For information you can trust about federal student loan repayment option, go to https://studentaid.ed.gov/sa/repay-loans . There you can learn about loan deferments, forbearance, repayment and loan forgiveness programs and there is never an application fee. If you owe private student loans, contact your loan servicer directly. You can also look into student loan refinancing rather than consolidating the loans. Refinancing student loans can result in a lower interest rate. For more information about student loans go to https://www.consumer.ftc.gov/articles/1028-student-loans Here is a link to a calculator that can help you determine whether you will save more by consolidating or refinancing student loans.https://www.makelemonade.co/calculators/student-loan-consolidation-refinancing-calculator/
Here also is a link to an FTC video that explains student loan scams and what you can do to protect yourself. https://www.youtube.com/watch?v=7TjSI4Q6ztQ
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide has been cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – August 1, 2021 – New Variation on Utility Scam
About a week ago I told you about Indiana Attorney General Todd Rokita issuing a warning about a dramatic increase in telephone scams involving scammers posing as utility company customer service representatives demanding immediate payments and threatening to turn off electrical power if a payment is not made immediately. Scams involving utility bills for electric, water or gas services have long been popular with scammers. Some of these scammers are so blatant that they even have asked for payments to be delivered to a laundromat.
In one common utility scam, potential victims receive telephone calls purportedly from their utility company informing them of a special company promotion for which they are eligible. They just need to provide some personal information. This, of course leads to identity theft.
In another version of the scam, potential victims are called on the phone and told that their utility service will be terminated for non-payment unless they pay by credit card, debit card or gift cards. A demand for payment by way of a gift card is a good sign that you are dealing with a scammer since legitimate utility companies never require payments or accept payments through git cards.
In a third version of this scam, potential victims receive an email that has a link to take them to their bill, but if you click on the link, you either download malware or are prompted to provide information that will be used to make you a victim of identity theft.
Now we are learning of a new version of the utility scam as reported by Duke Energy in North Carolina in which the scammers call targeted victims and tell them that their power will be cut off within an hour if they didn’t pay a deposit over the phone for a new “smart meter.” Of course it is a scam.
TIPS
You can never be sure when you get an email or a telephone call if it is really from a legitimate source. Email addresses can be hacked to appear legitimate and even if you have Caller ID, a scammer can use a technique called “spoofing” to make it appear that the call is from a legitimate caller. Trust me, you can’t trust anyone. Never provide personal or financial information to anyone in response to a telephone call, text message or email until you have independently confirmed that the communication was legitimate. In the case of a utility bill, merely call the number on the back of your bill and you will be able to confirm whether or not the communication was legitimate. Also, never click on links unless you have confirmed that they are legitimate. The risk is too great. It is also important to remember that no legitimate utility company will require you to immediately pay your bill over the phone through a gift card.
We are also seeing scammers demanding payments through Cash App, Venmo or Zelle, which should never be used to pay for anything other then sending small amounts of money to people you know and trust. These apps should not be used for business purchases. Scammers love wire payments, gift cards, Cash App, Venmo and Zelle because they are pretty much impossible to stop once payment has been made.
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide was cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”
Scam of the day – July 31, 2021 – Massive LinkedIn Data Breach
LinkedIn is a popular social media website used by business professionals to network with other professionals. LinkedIn is used by these people to get ideas, explore opportunities and even to list job postings. Anything popular with so many people is attractive to scam artists and identity thieves. Recently LinkedIn revealed that it had suffered a data breach through which 700 million users had considerable personal information stolen. This number represents 92% of all of the users of LinkedIn. The stolen information included email addresses, names, phone numbers, addressed and more. This information is presently being sold on the Dark Web to other cybercriminals who will use this information for purposes of identity theft and scams.
Personal information, such as the information contained in the data breach is used by cybercriminals not just to directly steal the identities of the affected people, but also to create specifically targeted spear phishing emails and text messages (called smishing) to lure people into clicking on malware infected links or providing personal information that will be used to make you a victim of identity theft. While many common phishing emails and text messages are easily recognized as phony, sophisticated spear phishing emails and text messages can be tailored by the criminals to our own interests using the information obtained through the data breach in order to appear to be trustworthy which makes them quite dangerous.
TIPS
One important lesson is to limit the amount of personal information that you provide to companies and websites whenever possible. It is also critical that we all remember that whenever we get an email, text message or phone call, we can never be sure who is really contacting us so you should never click on links or provide personal information in response to such communications unless you have absolutely confirmed that the communication was legitimate. Trust me, you can’t trust anyone.
https://www.transunion.com/credit-freeze/place-credit-freeze
https://www.experian.com/freeze/center.html
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide has been cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – July 30, 2021 – Informed Delivery Identity Thief Arrested
Identity theft can be high tech, low tech or no tech. Stealing mail from mailboxes for purposes of identity theft has been done by identity thieves for years. Numerous times over the last ten years I have warned you about the danger of having your mail, such as credit card bills or bank statements stolen from your personal mailbox. In addition, many people put themselves in great danger of identity theft by putting their outgoing mail in their mailbox and put up the red flag to alert the mail carrier that there is mail to be picked up. Unfortunately, that is also an alert to identity thieves cruising the neighborhood of mail to be easily stolen.
Recently, in Tennessee Jennifer Shrum was arrested and charged with using the U.S. Postal Service’s Informed Delivery Program to learn when her targeted victims would be receiving important mail, such as credit card applications or bank statements that she would steal and use for purposes of identity theft. In one instance she applied for multiple credit cards in the name of one of her victims and used them to spend thousands of dollars at various local stores.
The Informed Delivery Program is a free service of the U.S. Postal Service that will send you an email each morning with images of the mail you will be receiving later that day. This service was first done on a pilot basis in 2014 in parts of California, Connecticut, Maryland, Virginia and Washington D.C. and became available to everyone three years later. Identity theft through the stealing of mail such as credit card statements and bank statements from your mailbox is a significant problem and this program both alerts you as to when to look for important mail, as well as let you know if such important mail has been stolen from your mailbox so you can respond more quickly. However, nothing is full proof. A few years ago I told you about the identity theft of more than thirty-five people living in the same Miramar, Florida neighborhood caused by criminals exploiting flaws in the program. These criminals signed up for the program in the names of their victims and were able to see when credit card statements and other mail containing personal information would be delivered so that they were alerted as to when to steal the mail from the mail boxes of their victims and gain access to their credit cards as well as sign her up for additional cards which they also exploited. While in order to set up an Informed Delivery account, you need to answer security questions, the information necessary to answer those questions can often be readily obtained online.
TIPS
In order to avoid becoming a victim of identity theft through your mailbox, you should make sure that it is securely locked so that it is not easily accessed by your friendly neighborhood identity thief and when it comes to outgoing mail, don’t put it in your mailbox for your mail carrier to pick up regardless of how convenient it may be to do so. In fact, identity thieves have been known to steal mail from the U.S. Postal Service mailboxes found on the corners of major streets so, in order to be safe, you should mail your outgoing mail at the post office. It may seem like this is being a bit excessive when it comes to protecting your mail, but remember, even paranoids have enemies.
The best way to avoid the problem of someone using the Informed Delivery Program to learn about your upcoming mail deliveries is to sign up for the Informed Delivery Program yourself before an identity thief does so in your name. Here is the link to go to sign up.
https://informeddelivery.usps.com/box/pages/intro/start.action
It is also important to note that if you do sign up for the service, you should use a unique and complex password to prevent identity thieves from hacking your account to let them know when important mail that they can exploit for identity theft purposes will be arriving to your home.
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide has been cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – July 29, 2021 – Church Email and Text Scams
I first warned you about this particular scam in June of 2017, but it has recently resurfaced in many places around the country including Florida recently where the Trinity Lutheran Church in Summerfield, Florida sent a note to it members saying someone had been using the name of their Senior Pastor Dan Kelm in emails and text messages requesting money. Generally in this scam, local church, synagogue or mosque members receive what appear to be emails from their religious leaders asking them to make contributions through gift cards and credit cards. In 2017 the scams primarily asked targeted victims to wire money to accounts and people named in the emails. The emails come from email addresses that appear at first glance to be that of the local religious leaders, but a closer inspection will disclose that it is coming from a different email provider than what their religious leader.
TIPS
The key to protecting yourself from this scam is to first be skeptical whenever you get a request to wire money or make a payment through gift cards because once money has been wired, it is gone forever which is why it is a favorite method of payment for scammers. As for gift cards, once you provide the numbers from the gift cards, the scammers utilize the gift cards to make purchases that they quickly sell in order to get cash. No religious institution solicits gift card payments nor does the IRS which is why when someone posing as a religious institution or the IRS asks for a payment through gift cards you can be sure it is a scam. The second thing that we all should do is to always confirm the legitimacy of any request for a donation of any kind before making a payment.
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide was recently cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”
Scam of the day – July 28, 2021 – New Banking Trojans Threat
In 2019, 75% of Americans used mobile bank apps to some degree for their personal banking needs. However, since the Coronavirus pandemic hit, even more people are using these apps to conveniently do their banking. This fact has not been lost on hackers and scammers who have in recent years increasingly focused much of their attention on scams and hacking of mobile phones. One of the more effective tactics used by hackers is to create malicious apps called banking trojans which appear to the targeted victim to be a legitimate app such as a game or tool which the victim downloads. Once downloaded, the malicious app stays dormant until the victim goes to use their legitimate banking app at which time it creates a phony version of the victim’s bank’s login page which appears on top of the legitimate app. The victim then inputs his or her username and password into the malicious app thereby providing this information to the hacker. Making this crime even more devious is the fact that once the victim has inputted his or her information, the banking trojan sends the victim to the real banking app login page so the victims do not become immediately aware that they have been hacked .
Recently the security software company, Kaspersky discovered two spam campaigns distributing two banking Trojans designated as IcedID and Qbot. These particular trojans were distributed through attachments in phishing emails that lured people into opening the tainted file and run the macro in it thereby downloading the banking trojans. Both of these banking trojans are readily sold by cybercriminals to other less sophisticated cybercriminals on the Dark Web, that part of the Internet where criminals buy and sell goods and services.
Another technique used by hackers is to create phony banking apps that appear to be the banking apps of major banks and offer them on major legitimate app stores. People using these counterfeit apps think that they are providing their username and password to their bank when they use these apps, but instead are providing them to a hacker. Despite the best efforts of the major legitimate app stores to police their sites, according to the FBI in 2018 there were close to 65,000 phony banking apps that were available on the legitimate major app stores.
TIPS
As you can see, it can be very easy to become a victim of a mobile banking app attack. Although the major legitimate app stores try to vet the apps that are offered on their sites, they are not perfect. I suggest that when possible you obtain the banking app for your particular bank directly from the website of your bank. Most banks will provide a link to their mobile banking app on their website. As I often suggest, you also should use dual factor authentication whenever possible to protect the security of your online activities, particularly banking. Through the use of dual factor authentication using biometrics, hardware tokens, authentication apps or text messages to your cell phone you can protect the security of your transaction even if someone is able to hijack your username and password. Also, remember your bank will not call you or text you asking for dual factor passcodes. Hackers often pose as your bank and will call you or text message you and ask for this information under some pretext. Don’t give it to them.
As for these two particular banking trojans, IcedID and Qbot, the lesson is the same as always – Trust me, you can’t trust anyone. Don’t click on links or download attachments and run macros unless you have absolutely confirmed that they are legitimate.
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.”
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – July 27, 2021 – Another Significant Data Breach
As I have reminded you many times, we are only as safe and secure as the security as the companies and websites that have our personal information. So even if you are extremely diligent in protecting your personal information, you can be in danger of identity theft and scams if your personal information falls into the hands of hackers which is just what happened to people whose information was contained in emails from employees of The Millennia Companies, a billion dollar Ohio based real estate management company. Between October 21, 2019 and December 8, 2019 a number of employee email accounts were hacked that included significant amounts of personal information such as names, Social Security numbers, credit card information and more that could lead to identity theft. While the data breach occurred in 2019, Millennia did not become aware of it until recently and on June 29, 2021 notified people whose information was compromised. The company also offered credit monitoring services to these people.
Personal information, such as the information contained in the hacked emails is used by cybercriminals not just to directly steal the identities of the affected people, but also to create specifically targeted spear phishing emails and text messages (called smishing) to lure people into clicking on malware infected links or providing personal information that will be used to make you a victim of identity theft. While many common phishing emails and text messages are easily recognized as phony, sophisticated spear phishing emails and text messages can be tailored by the criminals to our own interests using the information obtained through the data breach in order to appear to be trustworthy which makes them quite dangerous.
TIPS
One important lesson is to limit the amount of personal information that you provide to companies and websites whenever possible. It is also critical that we all remember that whenever we get an email, text message or phone call, we can never be sure who is really contacting us so you should never click on links or provide personal information in response to such communications unless you have absolutely confirmed that the communication was legitimate. Trust me, you can’t trust anyone.
https://www.transunion.com/credit-freeze/place-credit-freeze
https://www.experian.com/freeze/center.html
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide has been cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/