Scam of the Day
Scam of the day – December 26, 2025 – New SSA Email Scam: Fraudsters Posing as Social Security Administration
Scammers posing as the Social Security Administration (SSA) are sending emails such as the one shown below in an attempt to lure people into clicking on a malware infected link thinking that they will be provided their annual Social Security statement. The email shown below had the logo of the SSA at the top of the email and looked official, but it is a simple matter to counterfeit the logo. The truth is that the SSA does not send Social Security statements by email and never includes links for downloading.
Here is a copy of the email presently circulating:
This e-mail was sent with high priority.
Your updated Social Security statement is now ready for secure access. For your protection, we strongly recommend viewing your statement using our secure pc app.
Download Now
Thank you,
Social Security Administration..
Please do not reply to this email. If you need assistance, contact us through our official website.”
I have disarmed the “Download Now” link.
TIPS
The first indication that this is a scam is the email address of the sender which had no relationship to the SSA nor did it end in .gov as emails from the SSA would.
The SSA may send you an email reminding you to review your statement or telling you that you have a new message in your My Social Security Account. Your My Social Security Account can be reached through https://www.ssa.gov/myaccount. If you do not already have a My Social Security account, I strongly suggest you get one. You can get one at the same https://www.ssa.gov/myaccount address. Setting up an account has many advantages including additional protection from identity theft.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 25, 2025 – Massive University of Phoenix Data Breach Exposes 3.5 Million Victims in Clop Ransomware Attack
Today’s Scam of the day is yet another major data breach. This time the victim of the data breach is the University of Phoenix, a popular private for-profit primarily online university with 97% of its students attending through their computers. The university recently reported that it had been hacked through a zero-day defect in the Oracle E-Business Suite financial software it uses. The data breach is being attributed to the Clop ransomware gang, a Russian criminal gang has extorted more than $500 million from its victims since 2019. Other recent victims of data breaches attributed to the same Oracle E-Business Suite software vulnerability include Harvard University and the University of Pennsylvania. In the case of the University of Phoenix, sensitive information including names, dates of birth, Social Security numbers and bank account numbers of approximately 3.5 million curent and former students, employees, fculty and suppliers was compromised resulting in a substantial threat of identity theft for those people whose information was stolen.
TIPS
The University of Phoenix is offering free identity theft protection services, 12 months of credit monitoring, identity theft recovery assistance and dark web monitoring to affected individuals who will receive a letter from the University of Phoenix with instructions as to how to apply for these services.
Meanwhile, victims of the data breach should freeze their credit if they have not already done so. Freezing your credit is actually something everyone should do. It is free and easy to do. In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at each of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 24, 2025 – Online Greeting Card Scams: How to Avoid Malware and Identity Theft
Online greeting cards are a great product for anyone who tends to be a bit late in sending out holiday greeting cards by regular mail. You can even send one on Christmas day and not be late. They are easy to send and many are free. They also can be very entertaining and offer a chance to send a timely greeting even if you have forgotten an important holiday, birthday or anniversary until the last minute. However, they also are fraught with scams and dangers. Clicking on a phony online greeting card sent to you can result in your downloading a wide variety of malware including not only ransomware, but also a keystroke logging program that will steal all of the information from your computer and make you a victim of identity theft. An additional problem is that even if you have the most up to date security software on your computer or phone, it will not protect you from the latest “zero day” defect malware that exploit previously undiscovered software vulnerabilities. It generally takes security software companies at least thirty days after first becoming aware of new strains of malware to develop security software to combat those threats.
TIPS
When a legitimate e card is sent to you, the email message will state the name of the person who is sending you the card. When the message states that it is from “a friend” or a “secret admirer” you should not click on the link because if you do so, you will end up downloading any of a wide variety of dangerous malware. As an additional precaution you should also make sure that your firewall and security software are constantly kept current and up to date. Finally, if you get an online greeting card from a name that is a common name, you should contact that person before opening the card to make sure that the card is legitimate.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 23, 2025 – Holiday Cyberattack Warning: How to Protect Your Data from Seasonal Breaches
Yesterday I told you about the recent data breach at Pornhub and while that particular data breach was confirmed on December 12th, we can expect many more data breaches over the coming days. The federal government has warned business leaders to be ready for inevitable cyberattacks during the Christmas and New Year period. Many times in recent years, major cyberattacks and data breaches occurred over the holidays when businesses, government agencies and individuals are not paying as much attention to cybersecurity as they should be. Cybersecurity expert Chris Inglis has said previously, “Historically we have seen breaches around national holidays because criminals know that security operations centers are often short-staffed, delaying the discovery of intrusions.”
As I have reminded you many times, we are only as safe and secure as the security of the companies, government agencies and websites that have our personal information. So even if you are extremely diligent in protecting your personal information, you can be in danger of identity theft and scams if your personal information falls into the hands of hackers.
So what can you do to protect yourself from these data breaches that will be occurring?
TIPS
One important lesson is to limit the amount of personal information that you provide to companies and websites whenever possible. For example, your doctor doesn’t need your Social Security number for his or her records.
You should make sure that you have a unique password for each of your online accounts so that if one of your passwords is compromised in a data breach, all of your accounts will not be in danger. If your information is compromised in a data breach, you should immediately change the password for that account.
If you have not already done so, set up dual factor authentication for each of you accounts where it is available. This will protect you from having those accounts stolen by someone who may have access to your password.
Freezing your credit is something everyone should do. It is free and easy to do. In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.equifax.com/personal/credit-report-services/credit-freeze/ https://www.transunion.com/credit-freeze/place-credit-freeze
https://www.experian.com/freeze/center.html
Even after freezing your credit reports, you should still regularly monitor them to look for indications of identity theft which you can now do for free on a weekly basis using this link https://www.annualcreditreport.com/index.action
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 22, 2025 – Pornhub Data Breach: 200 Million Users Exposed – What You Need to Do Now
Pornhub, the most visited Internet pornography site has notified 200 million of its premium users that it had suffered a data breach in which personal data including email addresses, location, video titles and search keywords used by its premium users was compromised. The hacking group Shiny Hunters is claiming it had accomplished the data breach and is already extorting individuals whose information was stolen. Pornhub claims that the breach occurred through a third party analytics company, Mixpanel that Pornhub used to monitor site traffic although Mixpanel denies that it was the source of the data breach. Since email addresses were among the stolen information, affected Pornhub customers should be suspicious of any emails they get related to this data breach.
TIPS
While Pornhub has indicated that passwords and credit card information were not stolen in this data breach, affected customers should take the following precautions.
Victims of the data breach should freeze their credit if they have not already done so. Freezing your credit is actually something everyone should do. It is free and easy to do. In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at each of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 21, 2025 – Holiday Air Travel Scams: How to Avoid Fake Airline Customer Service on Social Media
The holiday season is always a busy one for air travel and we can expect delays and cancellations due to a variety of reasons. Unfortunately, scammers will be taking advantage of the situation. Delays and cancellations occur for a number of reasons including bad weather and air traffic control issues. Weary travelers are always looking for help and assistance from their airline. Often the inconvenienced travelers will turn to social media for help and scammers who monitor social media for posts from disgruntled travelers respond posing as airline customer service representatives. The scammers lure their targeted victims into clicking on links to go to phony airline websites where they are manipulated into providing personal information that can be used to make them victims of identity theft. Scammers are using AI to make these phony websites appear very legitimate and convincing.
TIPS
Never click on a link in any email, text message or social media post that purports to take you to a company with which you do business. The risk of it being a scam or downloading dangerous malware is too great. Instead, go directly to the website of the company through a URL that you know is legitimate. In the case of an airline, contact customer service through the airline’s official website or app or phone number you have confirmed is legitimate.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – December 20, 2025 – Cryptocurrency ATM Scams Surge 1,000%: How to Protect Yourself
A report from the Federal Trade Commission (FTC) indicates a 1,000 % increase in money lost to scammers through cryptocurrency ATMs in the last three years. Cryptocurrency ATMs look just like traditional ATMs, but instead of distributing cash, they take cash in exchange for cryptocurrency and enable the transfer of the deposited cash turned into cryptocurrency into crypto wallets. Due to the anonymity and immediacy of the cryptocurrency transfers done through a cryptocurrency ATM, it is a favorite method of payment for scammers.
Most of the scams using cryptocurrency ATMs involve imposter scams where the scammer poses as either a law enforcement officer, government official or someone providing tech support for a non-existent problem. What many of these imposter scams have in common is that they scare the targeted victim with a story about an emergency that requires them to take cash from their bank account and use a QR code provided by the scammer to deposit the money into the account of the scammer at a cryptocurrency ATM under the guise of protecting the funds. In other versions of the scams, victims are told they must make a payment through a cryptocurrency ATM to avoid prosecution for missing jury duty or some other pretense.
Florida is considering a bill similar to those passed in other states to help protect people from falling for scams involving cryptocurrency ATMs. If passed, the bill which has received bipartisan support would require the following notice on all cryptocurrency ATMs:
“WARNING: CONSUMER FRAUD OFTEN STARTS WITH CONTACT FROM A STRANGER. IF YOU HAVE BEEN DIRECTED TO THIS MACHINE BY SOMEONE CLAIMING TO BE A GOVERNMENT AGENT, BILL COLLECTOR, LAW ENFORCEMENT OFFICER, OR ANYONE YOU DO NOT KNOW PERSONALLY, STOP THIS TRANSACTION IMMEDIATELY AND CONTACT YOUR FINANCIAL ADVISOR OR LOCAL LAW ENFORCEMENT.”
The proposed law would also cap how much customers can deposit. New customers would be limited to $2,000 dollars per day. Existing customers would be limited to $10,500 dollars in a single day.
TIPS
Protecting yourself from these imposter scams that form the basis of cryptocurrency ATM scams starts with recognizing that you can never be sure who is actually contacting you when you are contacted by phone, email or text message so you should never click on a link, download an attachment or provide personal information in response to any of those communications unless you have absolutely confirmed that the communication was legitimate. Further there is no circumstance where you will be asked by anyone legitimate to withdraw funds from your bank, deposit them into a cryptocurrency ATM and transfer the funds to them. Only scammers make those requests.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – December 19, 2025 – Holiday Hotel Scams: Beware of Fake Room Service and Pizza Flyers
During the holiday season many people will be traveling and staying at hotels. Scammers know this and target hotel customers for scams. Some scams are just so simple and effective that they remind us why scam artists are indeed the only criminals we refer to as artists. An old scam that is still being used effectively by scammers involves a flyer under your door in your hotel or motel room that purportedly is an advertisement for a local pizza parlor or, in a case last year of one family that lost $6,000 taken from their debit card, a phony room service menu slid under the door. The flyer gives a telephone number for the pizza parlor which conveniently delivers to your room or, again in this particular case the phone number for the hotel’s room service.
All you need to do is call the number, give them a credit card and they will promptly send you your fresh pizza or other food. Unfortunately, it is a scam. There is no pizza parlor and this is not the real room service telephone number The scammers have merely gone through the hotel and put their flyers under the doors. They then just wait for the telephone calls, steal your credit card number and use it to make charges to your card.
TIPS
A good rule to follow is not to order any food from a restaurant that puts flyers under the door of your hotel or motel room and don’t trust a room service menu that has been slid under your door. In regard to the pizza parlor or other restaurant you can confirm online or even with a quick call to the clerk at the front desk as to whether the particular restaurant described in the flyer is legitimate and whether indeed the telephone number is their actual number. Sometimes the scammers will use the name of a real restaurant, but substitute their phony telephone number. Never order or provide your credit card unless you have independently confirmed both that the restaurant is real and the telephone number is accurate.
As for room service, you can easily access them through the appropriate button on the room landline or through the number indicated in the booklet found in the room containing information about the hotel.
Finally, as I have often warned you, the protection you get from fraud when using your debit card is far less than what you get when using your credit card so you should never use your debit card for anything other than an ATM card.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – December 18, 2025 – Google Sues Chinese Cybercrime Gang Darcula Over Massive Phishing Scheme Using Magic Cat
Google filed a lawsuit in federal court this week against a Chinese criminal gang known as Darcula (which is not a Chinese word and may or may not be a criminal’s misspelling of Dracula). Darcula developed software that could be used to send phishing text messages in large numbers. The primary software program created by Darcula is called Magic Cat and it enables technologically unsophisticated criminals to send massive amounts of text messages in which the criminals pose as the IRS or other legitimate government agencies. Once of its most successful phishing campaigns using Magic Cat has been the phony text message in which you are told that you owe money for unpaid E-Z Pass tolls. Darcula leases the use of this software to other criminals on the Dark Web where it also provides technical support.
Darcula is based primarily in China which does not cooperate with American authorities in regard to cybercrime originating within its borders so one could question the advantage of bringing a lawsuit against Darcula or its leader Yucheng Chang who will not be extradited by Chinese authorities to the United States. However, bringing the lawsuit allows Google to apply for a restraining order which could enable them to shut down the websites used by Darcula to spread its malware.
In its lawsuit Google asserts that Darcula and criminals using its malware have stolen as many as 900,000 credit card numbers worldwide including 40,000 from Americans.
TIPS
This lawsuit highlights the imposter scams that come through text messages that appear to come from legitimate government agencies.
Never click on links or download attachments in emails or text messages regardless of how official they may appear. You can never be sure as to whether it is legitimate or not. Your best course of action is, if you have any inclination that it may be legitimate, to contact the real company or agency and inquire as to the legitimacy of the contact. The websites the scammers lure you into going to in order to pay the phony overdue tolls often look legitimate, such as myturnpiketollservices.com. You can’t trust them.
It is also important to remember that scammers can manipulate your Caller ID through a technique called spoofing to make their text message appear to come from the legitimate number of a legitimate source. Trust me, you can’t trust anyone. If you have any concerns that you may owe tolls, call your E-Z Pass provider for your state making sure you are calling the real number or go the real website.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 17, 2025 – FTC Warns of Fake Talent Scout Text Scam Targeting Aspiring Actors
The Federal Trade Commission is warning people about a new scam that starts when you receive a text message from a scammer posing as a talent scout offering auditions for a well-known movie or television show. The text message asks if you are available for a virtual open call audition the next day. The audition ends up being a high pressure sales pitch to get you to sign up for phony photo shoots or fake acting classes. Making matters worse, the scammers then ask for you to pay for services such as test shoots, head shots or even to “secure your spot” for an acting job. Of course, all of it is a scam. There are no jobs. There are no photo shoots and there are no acting jobs. Anyone paying for these services ends up losing their money.
TIPS
Particularly if you have never been a paid actor or actress, anyone receiving this initial text message should immediately know it is a scam. If you have any thoughts that it might be legitimate, you can do a search engine search of the name used by the phony talent agent. Type in scam next to the name used by the caller and see what comes up. Also, real talent agencies don’t charge for their services. They find jobs for their clients and get paid when their clients get paid.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it indicates “Sign up for this blog.”