Scam of the Day

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Scam of the day – November 26, 2019 – Ten People Charged in Huge Romance Scam

Over the years I have warned you many times about romance scams, but it is important to do so again because these scams are getting worse.  According to the Federal Trade Commission (FTC) Americans lost more money to romance scams last year than to any other scam and the situation is getting more serious.  It is also important to note that romance scams are not limited to the United States, but occur worldwide. Recent figures from Hong Kong show the incidents of romance scams have also increased dramatically in the past year. Last October a joint operation of Hong Kong, Malaysian and Singaporean law enforcement arrested 52 people involved in an international online romance scam in which millions of dollars were stolen from their victims.  Recently ten people in Oklahoma, New York, California and Texas were charged by federal law enforcement with conspiring to launder money obtained in a romance scam that targeted women around the world.   Following a familiar patter, the scammers would establish relationships with women online through various legitimate dating websites and social media using fake names, locations and images.  The scammers would pose as Americans working abroad.  After building trust with their victims, they would ask for money to help them through some sort of emergency.  Americans lost 143 million dollars to romance scams last year with one woman losing $546,000.

The FBI recently reported that romance scams increased 70% in the past year.  While anyone can be the victim of a romance scam, according to the FBI, the elderly, women and people who have been widowed are particular vulnerable.   Most romance scams are online and involve some variation of the person you meet through an online dating site or social media quickly falling in love with you and then, under a wide variety of pretenses, asking for money.



There are various red flags to help you identify romance scams.  I describe many of them in detail in my book “The Truth About Avoiding Scams.” The most important thing to remember is to always be skeptical of anyone who falls in love with you quickly online without ever meeting you and early into the relationship who then asks you to wire money to assist them with a wide range of phony emergencies.

Here are a few other things to look for to help identify an online romance scam.  Often their profile picture is stolen from a modeling website on the Internet.  If the picture looks too professional and the person looks too much like a model, you should be wary. You also can check on the legitimacy of photographs by seeing if they have been used elsewhere by doing a reverse image search using Google or websites such as  Particular phrases, such as “Remember the distance or color does not matter, but love matters a lot in life” is a phrase that turns up in many romance scam emails.  Also be on the lookout for bad spelling and grammar as many of the romance scammers claim to be Americans, but are actually foreigners lying about where they are and who they are.  Of course you should be particularly concerned if someone falls in love with you almost immediately.  Often they will ask you to use a webcam, but will not use one themselves.  This is another red flag.  One thing you may want to do is ask them to take a picture of themselves holding up a sign with their name on it.  In addition, ask for a number of pictures because generally when the scammers are stealing pictures of models from websites, they do not have many photographs. Ask for the picture to be at a particular place that you designate to further test them.  If you meet someone through a dating website, be particularly wary if they ask you to leave the dating service and go “offline.”

You also should be particularly wary of online relationships with people in the military because while many real military personnel do use social media and dating websites, they are a favorite disguise for scammers.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”

Scam of the day – November 25, 2019 – Sneaker Scams on Instagram

Sneakers can be extremely expensive.  For example, a pair of Air Jordan 2 OG  sneakers sells for $31,000.  While most sneakers are not that expensive, they are still a costly item.  Many young people collect sneakers and are looking for deals when they can.  Recently there have been reports of expensive sneaker scams on Instagram where posts or sponsored advertisements are appearing that offer rare sneakers for attractive prices.  The seller appears to have a lot of Instagram followers, but that is not a clear indication that the seller is legitimate.  The seller often sends photographs of the shoes to prospective customers/victims who respond to the scammers ads or post.  Once the victim is convinced to purchase the sneakers, the victim is told by the scammer to use Venmo or some other Peer to Peer Payment Service . Peer to Peer Payment Payment Services (P2P) such as Zelle, Venmo, ApplePay PayPal, Square Cash and PopMoney are popular ways to quickly and conveniently send money electronically from your credit card or bank account. They also are easy ways to be scammed and unlike with scams targeting your credit cards directly, you may not have as much protection under the law to get your money back if you do get scammed.  These P2P payment systems are useful for sending money to friends, family and others you know well, but they should not be used for commercial transactions.  People falling for the Instagram sneaker scam end up making payments without any recourse and never receiving anything in return.


Never buy anything from an online seller unless you have thoroughly researched the seller to make sure that the seller is legitimate.  Some good places to do your research are the Better Business Bureau at,, and Reseller Ratings at

Whenever you shop either online or in a brick and mortar store you should use your credit card rather than a debit card or some other form of payment because you have much more protection under the law if the sale was a scam if you use a credit card than any other form of payment.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”

Scam of the day – November 24, 2019 – FTC Refunding Money to Victims of Skin Care Product Scam

The Federal Trade Commission (FTC) is mailing refunds to victims of a scam operated by  seven people and fifteen companies selling Auravie, Dellure, LeOR Skincare and Miracle Face Kit branded skincare products.  These scammers represented that the products were being offered through a “risk-free trial.,” but after convincing unwary consumers to provide their credit card numbers purportedly to cover a small shipping charge, billed their victims’ credit cards monthly for products never ordered by their victims.  The FTC shut down the scam and  is now mailing refunds to victims of the scam.  For more information about this particular refund program check out the “FTC Scam Refunds” tab in the middle of the first page of You also can find information there about the mailing of the refund checks.


It is always important to read the “fine print” in any contract for the ordering of products.  Rarely will you find anything “fine” in fine print, but in many scams, buried within the long agreement will be a term to which never agreed upon.  You should also research any skin care product as to whether it is effective before buying.  Finally, in regard to obtaining a refund from the FTC, there is no cost or fee to file a claim or get a refund.  Anyone who tells you differently is trying to scam you.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”

Scam of the day – November 23, 2019 – Macy’s Suffers Data Breach

Macy’s has announced that its website was hacked for one week in October resulting in a data breach in which customers’ names, addresses, credit card numbers and debit card numbers were stolen leaving them in significant danger of identity theft.  Macy’s has notified those customers affected by the data breach and are offering free credit monitoring to them.  This data breach provides a good warning to online shoppers as we start the holiday shopping season.

Many of us are suffering from what is being called “data breach fatigue” as a result of which we may not tend to take seriously the threat that data breaches present, but it is dangerous to ignore the threats that these data breaches present.  Fortunately there are some things you can and should do to protect yourself from future data breaches that will affect you.


One of the biggest lessons from the myriad of data breaches is to make sure that you use unique passwords for every online account that you have in order to avoid having a sensitive account, such as your online banking account compromised because you use the same password as you do for another relatively meaningless account that had poor security which led to a data breach in which your password was stolen.  This is also a reason for deleting old accounts you don’t use that could expose your passwords and other information.  The hacking of thousands of Disney + accounts only a few days after the new streaming service was launched is a good example of why it is important to have unique passwords for all of your accounts.  It appears at this time that Disney + wasn’t hacked and did not suffer a data breach.  The primary reason for the accounts being hacked appears to be that the people who had their accounts hacked were using passwords they used for other accounts at sites that have suffered data breaches thereby enabling the cybercriminals to use those stolen passwords to access their victims’ Disney + accounts.

Creating and remembering strong, unique passwords for each of your accounts is not as difficult as it may appear.  You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords. Add a few symbols like !!! and then adapt it for each account you have so that you will have a secure and easy to remember password for each of your online accounts.   Thus, your Amazon password could be IDon’tLikePasswords!!!AMA.

This is also a good time if you have not yet frozen your credit reports with each of the three major credit reporting agencies, Equifax, Experian and TransUnion, to do so now to protect yourself from possible identity theft. it is free and easy to do.

To get the maximum protection from identity theft, it is important to freeze your credit at each of the three major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:

Another important rule to follow is to refrain from using your debit card for online purchases.  Instead only use your credit card because the laws regarding fraudulent use of your credit card are much more consumer friendly than the laws regarding fraudulent debit card usage.

Also, use dual factor authentication whenever possible so that even if your passwords are compromised, no one can access your account.

In addition, you should be aware that with your email address commonly known by many scammers, you can expect to receive more phishing and more dangerous specifically targeted spear phishing emails that attempt to lure you into clicking on links containing malware or try to convince you to provide personal information that can be used to make you a victim of identity theft.  Never click on links or provide personal information in response to an email or text message unless you are absolutely sure that the email or text message is legitimate.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”

Scam of the day – November 22, 2019 – A New Scam Targeting Veterans

I have written many times over the years about scams targeting veterans and with good reason.  While scams affect us all, according to a witness at a recent Senate Committee on Aging hearing, veterans are twice as likely to be scammed than the general population and when they are scammed, according to the Federal Trade Commission (FTC) they lose 33% more money than scammed civilians.  I was informed about the new veterans scam that is the subject of today’s Scam of the day by nationally syndicated talk show host Jim Bohannon who is also a Vietnam War veteran.

The new scam starts with a phone call that through “spoofing” manipulates your Caller ID to make it appear that the call is coming from “Department of Veterans affairs, 1-800-827-1000.”  However, as I have indicated numerous times in the past, it is simple for a criminal to trick your Caller ID to make it appear that a call is coming from a legitimate source, when it is actually coming from a scammer. Posing as Department of Veterans Affairs employees, the scammers leave voice messages such as “Your VA profile was flagged for two potential benefits to the changes in the VA program.  These are time sensitive entitlements.  Please call us back at your earliest convenience.”  The scammers leave a phone number for the targeted veterans to return the call.  Upon returning the phone call, the veteran is told about various benefits, such as mortgage modifications.  The scammer then asks the targeted victim for his or her Social Security number, birth date and bank account numbers.  This information is used for purposes of identity theft and to steal from the victim’s bank account.


In regard to calls that you may receive purporting to be from the VA or any other governmental agency requesting information, you should never provide information over the phone to anyone calling you because, as I indicated above, you can never be sure who is really calling.  In this case, if you think the original call may be legitimate, you should contact the VA at a telephone number that you know is accurate to confirm whether or not the request for personal information was legitimate or not.  Here is  link to the Veterans Administration website where in the top right hand corner is a section providing you with information as to how to contact the VA.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”

Scam of the day – November 21, 2019 – Disney+ Accounts Hacked

Within hours of the launch of the new Disney+ streaming service thousands of account holders discovered their accounts had been hacked and their access to their accounts denied.  In many instances, the cybercriminals hacked into the Disney + accounts of their victims and then changed the account’s email and password which prevented their victims from being able to access their own accounts.  Many of the hacked accounts were being offered for sale on the Dark Web, that part of the Internet were cybercriminals buy and sell goods and services.    Many of the hacked accounts used the same passwords of other accounts of the victims, which is a problem when a data breach occurs in which hackers obtain your password. You should have a unique, strong password for each of your online accounts so that in the event that there is a data breach and the password for one of your accounts becomes compromised, all of your accounts will not become vulnerable to being hacked.  In other instances, the computers, tablets and cellphones of Disney + subscribers who used unique passwords for all of their accounts are thought to have clicked on links in phishing emails that downloaded keystroke logging malware that enabled the hackers to find and steal the password for their Disney + accounts.  One of the primary ways that identity thieves steal from your online accounts such as your online banking is by luring you with phishing emails or more targeted spear phishing emails to either click on links that download keystroke logging malware that will search your computer for the passwords to your accounts or by prompting you to click on a link that takes you to a phony, but legitimate looking website that appears to be that of your bank or some other company where you have an account where you are instructed to insert your password.  Mere passwords have not proven to be a particular secure method of authentication. Many people use simple to guess passwords and even what may appear to be complex passwords can often be identified by sophisticated hackers using password cracking software.  Regardless, however of how strong your password is, if you provide it to an identity thief, the criminal will be able to access your account.  It is for this reason that many companies offer dual factor authentication, by which when your password is used to access your account, a special code is sent to your smartphone by text message that must be used in order to complete access to the account. This provides dramatically enhanced security.  While this may seem to be inconvenient, some dual factor authentication protocols do not require it to be used when you are accessing your account from the computer or smartphone that you usually use, but only require its use if the request to access the account comes from a different device.


Passwords are just too vulnerable to be the sole method of authentication for important apps or accounts.  Whenever you are able to use dual factor authentication for a particular website, account or app, you should do so.  Unfortunately, it does not appear that Disney + provides for dual factor authentication at this time.  Whenever possible use dual factor authentication for your accounts so that when you attempt to log in, a one-time code will be sent to your cell phone to insert in order to get access to your account.  For convenience sake you can set up dual factor authentication so that it is only required if you are logging in from a different computer or device than you normally use.

Creating and remembering strong, unique passwords for each of your accounts is not as difficult as it may appear.  You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords. Add a few symbols like !!! and then adapt it for each account you have so that you will have a secure and easy to remember password for each of your online accounts.   Thus, your Amazon password could be IDon’tLikePasswords!!!AMA.

Also, avoid phishing and spear phishing by never clicking onlinks in emails and text messages unless you have absolutely confirmed that the communication was legitimate.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”

Scam of the day – November 20, 2019 – SIM Swapping Arrests

SIM card swapping is a major problem.  A Subscriber Identity Module, more commonly known as a SIM card, is an integrated circuit that stores information used to authenticate subscribers on mobile devices, such as a cell phone.  The SIM card is able to be transferred between different devices, and often is, when people update into a newer cell phone.  However, as more and more financial transactions, such as online banking, are now done through cell phones, identity thieves with access to their victims’ SIM cards are also increasingly becoming able to intercept security codes sent by text messages for online banking as part of dual factor authentication and thereby providing the identity thief with the opportunity to empty their victims’ bank accounts and cause other financial havoc.

Porting is the name for the crime where someone convinces your phone carrier to transfer your SIM card to a phone controlled by the criminal. To prevent someone from stealing access to your phone through porting, you should have a PIN added to your account so that no one can call your cell phone provider posing as you and ask to have your SIM card transferred.

Recently Eric Meiggs and Declan Harrington were arrested and charged in Boston with conspiracy, wire fraud, computer fraud and identity theft related to SIM swapping that according to the indictments enabled the defendants to steal more than $500,000 from their victims’ online accounts including cryptocurrency accounts.


The best protection for your phone starts with a strong password, facial recognition or fingerprint scanner.  Also, set your phone so that it locks when you are not using it.  Make sure that you back up everything in your phone regularly. Install the Find My iPhone app if you have an iPhone or the Find My Device app if you have an Android phone.  These will enable you to locate your cellphone if it is lost or stolen and also allow you to send a command to erase everything in your cellphone even if the phone has been turned off.  If your phone is lost or stolen, you should immediately contact your wireless provider to have them disable the SIM card in your phone so that your phone cannot be used by someone else.  As for protecting your phone from cyberattacks, it is important to both download and continually update security software.

Perhaps the best thing you can do to  protect your SIM card from porting is to set up a PIN or password to be used for access to your mobile service provider account. This will help prevent a criminal from calling your carrier posing as you and convincing your mobile carrier to swap your SIM card to the criminal’s phone merely by providing personal identifying information or answering a security question.

AT&T will allow you to set up a passcode for your account that is different from the password that you use to log into your account online.   Without this passcode, AT&T will not swap your SIM card.   Here is a link with instructions as to how to set up the passcode.!/wireless/KM1051397?gsi=9bi24i

Verizon enables customers to set up a PIN or password to be used for purposes of authentication when they contact a call center.  Here is a link with information and instructions for setting up a PIN with Verizon.

T-Mobile will allow you to set up a passcode that is different from the one you use to access your account online.  This new passcode is used when changes to your account are attempted to be made such as swapping a SIM card.  This code will not only protect you from criminals attempting to call T-Mobile and swap your SIM card, but will also prevent someone with a fake ID from making changes to your account at a T-Mobile store.  Here is a link to information and instructions for adding a new passcode to your account.

Sprint customers can establish a PIN that must be provided when doing a SIM swap, in addition to merely answering a security question, the answer to which may be able to be learned by a clever identity thief.  Here is a link to information about adding a PIN to your Sprint account.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”

Scam of the day – November 19, 2019 – Are Public USB Chargers at Airports Safe?

Recently, the Los Angeles District Attorney issued a warning about the dangers of charging your phone at the USB chargers commonly found at airports, hotels and other public locations.  A few years ago cyber security company Kaspersky Lab issued a report detailing the dangers posed by the simple act of recharging your phone through someone else’s computer or at a public charging station.  The problem stems from the fact that information is transferred between your smartphone and the charger as soon as you plug your cellphone into the computer or charging station you are using to recharge your cellphone.  Among the information that is transferred is the name of your device, the manufacturer and model, serial number, firmware information, file system and electronic chip ID which would all be shared with a computer that you may be using to recharge your phone.  And while this information may seem to be innocuous, this information is sufficient for a sophisticated hacker to use to gain much further information from your cellphone that could be used to your detriment.  As for the charging stations at airports and elsewhere, they can be either infected with malware or be a fake charging station with the sole purpose of infecting your cellphone.  Once you plug your phone into one of those already infected charging stations or a totally phony charging station, it can install and delete applications, including stealing your data or installing ransomware.  Fortunately, however, the risk of having your information stolen through a malware infected public charger is not as bad as it used to be because the cell phone manufacturers have improved the security of their phones.


So what can you do?  Obviously, you should never use a strange computer to recharge your phone.  The risk is too great.  As for charging stations, it is better to be safe than sorry, so I advise that you avoid public charging stations and instead bring your own USB charger that you merely have to plug into an AC outlet rather than use any public charging station.   Make sure that your cellphone is secured with a password, fingerprint or iris scanners and do not unlock the cellphone while it is charging.  Always protect the data on your cellphone with encryption programs and finally, use security software programs for your cellphone and make sure that it is updated with the latest security patches.

If you use an iPhone and you do decide (despite my warning) to use a USB charger such as found at airports and other sites, watch your screen when you plug in your phone because if the particular USB charger has been corrupted with malware that will steal information from your phone, your phone will ask you if you want to trust the device.  The answer to that question is a resounding NO.  If that message appears when you plug in your device to the charger, you should immediately unplug your phone.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”

Scam of the day – November 18, 2019 – Binary Option Scams

Convicted Ponzi schemer Bernie Madoff who stole 50 billion dollars from unsuspecting victims may be the last person from whom you would accept investing advice, but in fact, his advice, as contained in a 2014 jailhouse interview Madoff gave to the Wall Street Journal is helpful to people hoping to avoid the fate of Madoff’s many victims. With great “chutzpah,” Madoff blamed his victims for their losses.  He said that his investors were “sophisticated people” who should have known better.  “People asked me all the time, how did I do it.  And I refused to tell them, and they still invested.  Things have to make sense to you.  You should ask good questions.”  About this he is correct. No one should ever invest in anything that they do not totally understand. And this leads us to binary options.  Binary options are a legitimate form of investment, but while they offer the potential for great rewards, they also carry the risk of losing your entire investment.  Binary options are at their essence a bet on whether the price of a particular index or asset will rise or fall above or below a specific price.  The Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) regulate binary options platforms and trading.  Both of these agencies issued an alert in which they warned people that some online trading platforms for binary options trading fail to comply with federal regulations.  In many instances the sales of binary options have been done without complying with registration requirements and with fraudulent promotional advertising and improper disclosures.

People who have been the victims of binary options scams have also been targeted by scammers who promise to help you regain your lost money if you pay them an upfront fee.  Legitimate government agencies such as the SEC never charge for getting money from scammers to refund to victims.


The bottom line is that Bernie Madoff was right about one thing.  No one should ever invest in anything without totally understanding the investment and the inherent risks.  If you understand binary options and still wish to invest (I would say gamble) in them, that is fine, but all investment decisions should be made  only after being properly informed. You may want to check out the SEC’s investor education website at

Before investing with anyone, you should also investigate the person offering to sell you the investment with FINRA’s Central Registration Depository.   This will tell you if the broker is licensed and if there have been disciplinary procedures against him or her.  You can also check with your own state’s securities regulation office for similar information.  Many investment advisers will not be required to register with the SEC, but are required to register with your individual state securities regulators.   You can find your state’s agency by going to the website of the North American Securities Administrators Association.

Specifically in regard to binary options, if you are considering purchasing them you should check with the CFTC to see if the trading platform is a designated market which you can do through this section of the CFTC’s website

You also should check with the SEC’s EDGAR system to confirm that the binary options offering is properly registered with the SEC which you can do at this website

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”

Scam of the day – November 17, 2019 – National Utility Scam Awareness Week

Scams involving utility bills for electric, water or gas services have long been popular with scammers.  Utilities United Against Scams, a consortium of more than 100 American and Canadian utility companies has designated the week of November 17-23rd  as National Utility Scam Awareness Week.  In one common utility scam, potential victims receive telephone calls purportedly from their utility company informing them of a special company promotion for which they are eligible.  They just need to provide some personal information.

In another version of the scam, potential victims are called on the phone and told that their utility service will be terminated for non-payment unless they pay by credit card or prepaid cards such as iTunes cards over the phone.

In a third version of this scam, potential victims receive an email that has a link to take them to their bill.

All of these are scams.  In the first, there is no special promotion and the victim ends up providing personal information that leads to identity theft. In the second, the victim is coerced into giving their credit card or prepaid card information  to a scammer and in the third, merely by clicking on the link to go to the phony bill, the victim ends up downloading keystroke logging malware or ransomware that can lead to identity theft or worse.


You can never be sure when you get an email or a telephone call if it is really from a legitimate source.  Email addresses can be hacked to appear legitimate and even if you have Caller ID, a scammer can use a technique called “spoofing” to make it appear that the call is from a legitimate caller.  Trust me, you can’t trust anyone.  Never provide personal or financial information to anyone in response to a telephone call, text message or email until you have independently confirmed that the communication was legitimate.  In the case of a utility bill, merely call the number on the back of your bill and you will be able to confirm whether or not the communication was legitimate.  Also, never click on links unless you have confirmed that they are legitimate.  The risk is too great.  It is also important to remember that no legitimate utility company will require you to immediately pay your bill over the phone with a prepaid card such as an iTunes card or a gift card.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”

  • Categories