Scam of the Day
Scam of the day – October 1, 2025 – Amazon Prime Day Scams
October 7th through 8th are Amazon Prime Day which is odd to say. Amazon really should change the name for the four day event to Amazon Prime Days. Amazon Prime Day is a global promotion of Amazon featuring sales on a variety of items available solely to Amazon Prime members. There is always great interest in Amazon Prime Day and as with everything else that attracts great interest by the public, it also attracts great interest by scammers who are eager to take advantage of people participating in Amazon Prime Day.
Scammers, posing as Amazon are sending phishing emails and text messages in which they attempt to lure their victims into either providing account information that will give the scammer access to the victim’s Amazon account or to make a payment under some pretext or click on a link that will download dangerous malware such as keystroke logging malware or ransomware. They do so by representing to the targeted victim that their account has expired or that a recent order needs to be confirmed or some other emergency related to their account.
TIPS
Much malware including ransomware comes as links in phishing emails. text messages or tainted attachments. Generally, you should never click on links or download attachments that come in emails or text messages unless you have absolutely verified that the email is legitimate. You also should never provide personal information in response to an email, text message or phone call unless you have absolutely confirmed that the communication is legitimate.
Phishing emails and more specifically tailored spear phishing emails can often appear quite legitimate initially, so it is important to be skeptical. Because Amazon Prime Day will be going on soon, many people expect emails from Amazon which is even more reason for you to be skeptical. Trust me, you can’t trust anyone. Check the email address of any communication that appears to have come from anyone to make sure that it is the real email address. All Amazon emails end in @amazon.com. Many phishing emails come from email addresses that have no relation to the real email address of the company they purport to be while others look very legitimate unless you carefully examine the email.
Through spoofing, text messages may appear to come from a legitimate Amazon phone number, so you can’t trust your Caller ID.
As always, it is a good idea to set up dual factor authentication for your Amazon account so that even in the event that you are tricked into providing your username and password, no one will be able to access your account. Here is a link that provides information about how to set up dual factor authentication for your Amazon account. https://www.amazon.com/gp/help/customer/display.html?nodeId=G3PWZPU52FKN7PW4
When going to what purports to be an Amazon page, the URL should end with “Amazon.com.” To be sure that you are actually on the real Amazon website, you can check the domain name to make sure that it is not a counterfeit by going to the website https://www.whois.com/whois/ where you can type in the domain name and learn who actually owns it. If your Amazon website appears to be owned by someone in Nigeria, for example, you know you have a problem. The security company Check Point recently identified 1,500 counterfeit Amazon websites.
It is also important to remember that you should not use your debit card for anything other than as an ATM card. Use your credit card for online and offline purchases because the law protects you much more from fraudulent purchases than a debit card does. If you do not promptly report misuse of your debit card, you could potentially lose the entire bank account tied to your debit card while the maximum liability for misuse of your credit card is only fifty dollars and most credit card companies don’t even charge you that amount.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in our email address on the tab that states “Sign up for this blog.”
Scam of the day – September 30, 2025 – Telephone Call From No One Scam
We have all experienced telephone calls where you pick up the phone and there is no one on the other end of the line. This is a scam, but how does it work and how are you harmed? With computers that can be programmed to make massive amounts of telephone calls, scammers will often first test their lists of telephone numbers by making these calls to determine which telephone numbers are valid numbers for them to call back later with automated robocalls by which they will attempt to either sell you something worthless or gather information from you that can be used to make you a victim of identity theft.
In another version of this scam, people with Caller ID are often tempted into calling back the number to see who called them, thinking that the call was legitimate. Instead, unwittingly they make an expensive premium service call to an adult entertainment service that charge as much as $20 for the first minute or information services such as weather updates that have hefty charges. Many of these calls originate in the Caribbean Islands from area codes such as 268, 284,809, 473,876 or 649.
TIPS
It often is a good idea not to answer the phone if you have Caller ID and you do not recognize the number calling you. If it is legitimate, they will generally leave a message. In any event, if you do answer the phone and there is no one on the other end of the line, do not call the number back. The chances of your getting assessed charges for a premium phone call are too great.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – September 29, 2025 – Why You Should Keep Your Cell Phone Number Private
Sometimes we are our own worst enemy when it comes to posting too much personal information on social media that can be leveraged by a criminal for purposes of identity theft. During the early days of the pandemic many people posted photos of their vaccination cards on social media showing their date of birth. Your birthdate is a significant piece of information that, in the wrong hands can lead to identity theft.
Identity thieves use legal and illegal online sources to gather their victims’ personal information, such as their Social Security number, address, and date of birth and use that information for purposes of identity theft which is a significant threat to everyone. One important piece of information that many people don’t realize should be kept as private as possible is their cell phone number. These days your cell phone number is tied to so much of what we do.
When a criminal knows your cell phone number, he or she can leverage that number through commonly available legal databases such as White Pages Premium and learn information such as your current address, past addresses, the names of your family members and more. The criminal can also use the number to gain access to your social media accounts and can most significantly use the information gained to answer security questions that would allow the criminal to do a SIM swap whereby your cell phone number would be transferred to a phone of the criminal and thereby defeat dual factor authentication where you get a text message or a code sent to your phone when you go to access your bank account online or any other account that requires significant security.
So what can you do to protect yourself?
TIPS
Limit providing your cell phone number to people and companies as much as possible. You also may want to consider getting a second phone to use when you have concerns about security. You also can use apps such as Google Voice https://voice.google.com/about or Burner https://www.burnerapp.com/ that will enable you to create different numbers to use for calls and text messages.
As for dual factor authentication, while sending a code or text message to your cell phone is a simple and effective method of dual factor authentication, you may wish to consider other forms of dual factor authentication such as apps that will generate temporary security codes such as Authy https://authy.com/ or Google Authenticator https://support.google.com/accounts/answer/1066447?co=GENIE.Platform%3DAndroid&hl=en
Perhaps the best thing you can do to protect your SIM card from SIM swapping is to set up a PIN or password to be used for access to your mobile service provider account. This will help prevent a criminal from calling your carrier posing as you and convincing your mobile carrier to swap your SIM card to the criminal’s phone merely by providing personal identifying information or answering a security question.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – September 28, 2025 – Senators Question Dating Apps About Vulnerability to Scams
Romance scams where scammers convince people that they are in love with them and once they have gained their trust and an emotional connection ask under a variety of pretenses for money has only gotten worse with AI being able to be used for scammers to appear as anyone they wish in videos or change their voice through AI voice cloning to appear legitimate. I have written many times about scammers posing as celebrities to scam people out of their money and this type of scam too has gotten worse with AI.
Senators Maggie Hassan of New Hampshire and Marsha Blackburn of Tennessee have sent a letter to Match Group which owns the dating apps Tinder, Hinge and OkCupid a letter requesting its records related to how scammers are using their platforms and what the company is doing to prevent romance scams. In particular the senators expressed concerns about how the algorithms used by Tinder, Hinge and OKCupid contribute to romance scams. The senators requested the documentation be provided to them by October 15th.
TIPS
I will follow up on this story when the Match Group provides the requested information to senators Hassan and Blackburn, but meanwhile there are various red flags to help you identify romance scams. I describe many of them in detail in my book “The Truth About Avoiding Scams.” The most important thing to remember is to always be skeptical of anyone who falls in love with you quickly online without ever meeting you and early into the relationship who then asks you to send money to assist them with a wide range of phony emergencies.
Here are a few other things to look for to help identify an online romance scam. Often their profile picture is stolen from a modeling website on the Internet. If the picture looks too professional and the person looks too much like a model, you should be wary. You also can check on the legitimacy of photographs or video images by seeing if they have been used elsewhere by doing a reverse image search using google.images.com or websites such as tineye.com.
Scammers often will ask to move your conversation to WhatsApp, email or text quickly, but you are better off maintaining your communication on the dating app. You can also suggest a video call early in the relationship. Last year a scam group called the “Yahoo Boys” based in Nigeria began using artificial intelligence to change their facial features in Zoom videos to appear to be the person they are posing as in the romance scam. They also can use AI to change their voice and accent to sound legitimate and while doing a video conference with a romance scammer in the past was a good way to see if the person was actually who they claimed to be, now scammers using this technology will be very difficult to recognize as scammers, however, not all romance scammers are using this sophisticated technology so it is still helpful to request a video call.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – September 27, 2025 – Stellantis Data Breach
Data breaches are a common occurrence which is disturbing because they can readily lead to your identity being stolen or you becoming a victim of a scam as the hackers leverage the data they steal to lure you into a scam. Stellantis, the parent company for automakers Chrysler, Dodge, and Fiat announced recently that it had suffered a data breach in which names and contact information of 18 million of its customers was stolen. Disturbingly, Stellantis indicated that the actual data breach occurred last May although it was only being reported now. Similar to recent data breaches at Google, TransUnion, Allianz Life, Workday, Pandora, Cisco, Chanel, Dior, Louis Vuitton, Tiffany, Farmers Insurance and Qantas, the data was stolen not from Stellantis’ computer networks, but rather from Salesforce, a cloud-based customer relationship management (CRM) company used by Stellantis and many other companies to manage their customer data. The ransomware gang ShinyHunters managed to do this not by hacking Salesforce, but rather by using social engineering to trick TransUnion employees to enable access to the company’s Salesforce account containing its customer data.
Companies must do a better job of protecting themselves from not just technologically sophisticated cyberattacks, but less sophisticated, but equally effective social engineering attacks where the cybercriminals use psychology to manipulate employees to giving them access to important data.
TIPS
Victims of this data breach should freeze their credit if they have not already done so. Actually, freezing your credit is actually something everyone should do. It is free and easy to do. In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – September 26, 2025 – Mail Theft and Bank Fraud
Cameron Martinas Curry and Quavaun Enreco Rhodes of Georgia were recently convicted of stealing mail from collection boxes in the Augusta, Georgia area and altering checks that had been mailed to have the money paid to them. Criminals around the country are increasingly stealing mail with checks in them from U.S. Postal Service mailboxes, “washing” the checks with simple nail polish remover to remove the name of the person or company to whom the check was made out and then writing in their own name. In other instances, the criminals will also change the amount of the check. In recent years Boston and New Orleans, for example, had large numbers of such mailbox thefts of checks that were then altered and cashed.
Identity theft is a high tech, low tech and no tech crime and while we often tend to focus our attention on high tech identity theft tactics such as spear phishing, no tech tactics such as fishing for mail with a plastic bottle covered in glue that is lowered into blue public mailboxes to capture mail being sent with checks is making a comeback. In other instances criminals, as was done here, can either steal or buy a USPS mailbox key which are sold on the Dark Web, that part of the Internet where criminals buy and sell goods and services, for as much as $1,000. Some criminals, rather than use the “washed” checks themselves are now selling the checks on the Dark Web to other criminals directly. In addition, criminals can also can use the account number of your check to create counterfeit checks to access your checking account.
I have warned you for years about leaving mail with checks or credit card information in your personal mailbox outside of your home with the flag raised to alert your postal carrier that there is mail in your box to be retrieved is a bad idea because it also alerts identity thieves who can easily steal the mail. However, mailing checks in official U.S. Postal Service blue mailboxes we now know is also problematic.
TIPS
This is an easy crime to avoid. The best course of action is to pay your bills electronically and avoid the problem altogether. However, if you cannot do so or prefer to send a paper check by mail, you should use a gel pen that is not easily “washed” to write your checks and you should mail envelopes with checks in them directly from inside the post office.
Unfortunately, more sophisticated criminals will scan your check into their computer and use special software to keep the signature from the original check, but delete the amount and the name of the payee on the check thereby allowing them to make perfect counterfeit checks which they can make payable to themselves for any amount they choose thereby defeating the gel pen as a defense to check washing so electronic banking is still your best bet.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – September 25, 2025 – Georgia Prisoner Operates Scam While in Prison
Recently Russell Tafron Weatherspoon, was convicted of masterminding a multistate scam between March 2022 and April 2024 in which he and other co-conspirators called targeted victims throughout the country posing as local law enforcement officers using an app that allowed them to spoof the phone numbers of legitimate law enforcement agencies so that their calls would manipulate their targeted victims’ Caller ID to make the calls appear to be actually coming from real law enforcement officers. The scammers told their victims that arrest warrants had been issued for them due to their failure to appear to testify in a court proceeding that they had been subpoenaed to attend. The scammers, conversant with legal terminology, directed their victims to obtain a bond to avoid arrest.
What makes this case somewhat different from similar scams is the fact that Weatherspoon was directing this scam while serving time in a Georgia state prison for a 2020 conviction of aggravated assault and violation of the Street Gang Terrorism and Prevention Act. The calls were made by Weatherspoon and other inmates using cellphones that were delivered to Weatherspoon by drones.
TIPS
No legitimate law enforcement agency will call you on the phone and threaten arrest unless a payment is made. Official notices for missing a court appearance would be sent by mail rather than a phone call. In this instance, anyone receiving such a call who might be concerned that the call was legitimate should call the clerk’s office for the court where the trial was alleged to have occurred to confirm that indeed this was a scam.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – September 24, 2025 – Beware of Evil Twins
Whether we are at the airport, a hotel, a shopping mall, a coffee shop or almost anywhere else, you will usually find free public Wi-Fi service offered so that we can use our cell phones, laptops or tablets to connect to the Internet. However with this convenience can come danger. Too many people assume that the Wi-Fi that they are using is secure and this is not always the case. In fact, often an identity thief will go to the same coffee shop or other venue and set up his or her own Wi-Fi which is what you may unwittingly be tapping into when you think you are connecting to the Wi-Fi of the particular coffee shop or other place you find yourself at. Technologically, it is easy to set up a phony Wi-Fi that can steal data from your cell phone, laptop or tablet and use that information to make you a victim of identity theft. Last year, Florida Attorney General Ashley Moody issued a warning about these scammer created phony Wi-Fi networks which she calls “Evil twins.”
So what can you do to make using public Wi-Fi safe?
TIPS
It is always a good idea to make sure that your cell phone, tablet or laptop has a good firewall and is protected by anti-virus and anti-malware security software that is updated with the latest security updates. It is also a good idea not to use public Wi-Fi for banking or other financial transactions or, for that matter, anything that requires you to provide login credentials. Sensitive data should not be sent over public Wi-Fi. If you are going to use public Wi-Fi, the first thing you should do is check the hotspot name. Identity thieves often set up their phony Wi-Fi with names that appear quite similar to the legitimate Wi-Fi. For example, the public Wi-Fi offered at your coffee shop may be named GoodCoffee while the phony one may be something that with a cursory look appears legitimate, such as Go0dCoffee.
Always make sure when using public Wi-Fi that you are on the legitimate Wi-Fi site before proceeding to use it. Many cell phones and other devices automatically connect to nearby networks, which can connect you to the identity thief’s phony Wi-Fi before you realize it. Therefore disable automatic connection to networks. Finally, the best thing you can do to protect your privacy and security when using public Wi-fi is to use a Virtual Private Network app which will encrypt all of your data before sending it through the Wi-Fi connection. Here is a link to an article I wrote about VPNs that will tell you all you need to know (and possibly more) about VPNs. https://au.norton.com/internetsecurity-wifi-how-does-a-vpn-work.html and here is a link to an article that lists ten good VPNs that you can get for free. https://www.techradar.com/vpn/best-free-vpn
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – September 23, 2025 – Social Security Phishing Email
Reproduced below is a very convincing phishing email sent by scammers posing as the Social Security Administration that attempts to lure you into clicking on a link that purports to provide a statement of your Social Security benefits. However, if you were to click on the link (which I have deleted) you would either be prompted to provide information that would lead to identity theft or download dangerous malware such as keystroke logging malware that can steal information from your computer including sensitive passwords and other information. The emails grammar is quite good, but that could merely reflect the use of AI to assist in creating the phishing email.
The Social Security Administration does not send emails or text messages generally. If you have set up a My Social Security Account online (which I strongly recommend) the SSA would have your email address and would send you an annual email reminder to encourage you to review your Social Security statement online, however, the SSA never sends links to download your statement, but rather would prompt you to log in securely at ssa.gov to view your information.
Even more telling, the email of the sender has nothing to do with the Social Security Administration.
From: Social Security Administration <contacto@kinestops.com>To:***********Date: 09/20/2025 4:45 PM EDTSubject: Stay Ahead: Download Your Updated Social Security Statement NowYour Social Security Statement is streamlined and easier to read than ever before. That is because we have redesigned the Statement to provide you the most useful information up front and at a glance.
We encourage you to view your Statement at least once a year to review:
Your earnings record (to make sure it is accurate and notify us if you see any errors); Your personalized monthly retirement benefit estimates (which display how much you can expect to receive depending on when you decide to start your benefits between ages 62 and 70); Other useful information that will explain your benefits and help you prepare for your future
You can view your latest Statement file to your account at :
www.************************We hope you find your Statement useful and informative.
TIPS
So how can you tell if an email is really from the Social Security Administration (SSA)? Fortunately, the answer to that question is easy. The SSA does not initiate contact with taxpayers by phone, email or text messages. Anyone contacting you by these methods of communication who claims to be an SSA employee is a scammer.
In addition, there are numerous red flags to indicate that this is a scam. First and foremost, the email address of the sender has no relation to the SSA, but was most likely the email address of someone whose email account has been hacked and made a part of a botnet to send out vast amounts of phishing emails. In addition, nowhere in the email does the name of the recipient appear, only his email address.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – September 22, 2025 – Farmers Insurance Data Breach Affects 1.1 Million Customers
Data breaches are a common occurrence which is disturbing because they can readily lead to your identity being stolen or you becoming a victim of a scam as the hackers leverage the data they steal to lure you into a scam. Farmers Insurance announced it has suffered a data breach affecting more than 1.1 million of its customers. Similar to recent data breaches at Google, TransUnion, Allianz Life, Workday, Pandora, Cisco, Chanel, Dior, Louis Vuitton, Tiffany and Qantas,the data was stolen not from Farmers computer networks, but rather from Salesforce, a cloud-based customer relationship management (CRM) company used by Farmers and many other companies to manage their customer data. The ransomware gang ShinyHunters managed to do this not by hacking Salesforce, but rather by using social engineering to trick TransUnion employees to enable access to the company’s Salesforce account containing its customer data.
Companies must do a better job of protecting themselves from not just technologically sophisticated cyberattacks, but less sophisticated, but equally effective social engineering attacks where the cybercriminals use psychology to manipulate employees to giving them access to important data.
TIPS
Victims of this data breach should freeze their credit if they have not already done so. Actually, freezing your credit is actually something everyone should do. It is free and easy to do. In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
#farmersdatabreach