Scam of the Day
Scam of the day – Augut 25, 2020 – Experian Data Breach in South Africa Affects 24 Million People
Although Scamicide is written in the USA, many of the scams about which I report are universal in nature and are perpetrated upon unwary victims in every country on Earth. I will on occasion also report about specific scams,identity theft schemes and cybersecurity issues that may be limited to a particular country both in order to help people in countries outside the United States as well as to serve as warnings to people in the United States and other countries not directly affected by the particular problem.
Today’s Scam of the day involves a data beach at Experian in South Africa where the personal information of 24 million South Africans was compromised when Experian was recently hacked. We don’t yet know how the data breach occurred. As more information becomes available, I will let you know. Experian, like Equifax and TransUnion, the other major credit reporting agencies gather tremendous amounts of personal information on consumers that is used by banks, retailers and others for a wide variety of reasons including determining whether to grant credit to someone. I am sure all Americans remember the massive Equifax data breach that occurred in 2017 and affected 148 million people (including me)
TIPS
The South African Banking Risk Centre (SABRIC) advised South Africans who may be victims of the data breach “should you suspect that your identity has been compromised, apply immediately for a free Protective Registration listing with Southern Africa Fraud Prevention Service (SAFPS). This service alerts SAFPS members, which includes banks and credit providers, that your identity has been compromised and that additional care needs to be taken to confirm that they are transacting with the legitimate identity holder. Consumers wanting to apply for a Protective Registration can contact SAFPS at protection@safps.org.za.”
This incident can also serve as a reminder to Americans to protect themselves from similar breaches of credit reporting bureaus in the United States by freezing their credit if they have not already done so.
To get the maximum protection from identity theft, it is important to freeze your credit at each of the three major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp
https://www.transunion.com/credit-freeze/place-credit-freeze
https://www.experian.com/freeze/center.html
Once you have frozen your credit, be sure to keep the PIN and information on how to unfreeze your credit report in a safe place.
Scam of the day – August 24, 2020 – Not All Nigerian Email Scams Come From Nigeria
Today’s Scam of the day is another version of the Nigerian email scam that continues to plague the online community. Although it may seem that the Nigerian email scam began in the era of the Internet, the basis of the scam actually goes back to 1588 when it was known as the Spanish Prisoner Scam. In those days, a letter was sent to the victim purportedly from someone on behalf of a wealthy aristocrat who was imprisoned in Spain under a false name. The identity of the nobleman was not revealed for security reasons, but the victim was asked to provide money to obtain the release of the aristocrat, who, it was promised, would reward the money-contributing scam victim with a vast reward that included, in some circumstances, the Spanish prisoner’s beautiful daughter in marriage.
In the most common versions of this scam circulating on the Internet today, you are promised great sums of money if you assist a Nigerian or someone elsewhere in his effort to transfer money out of his country. Other variations include the movement of embezzled funds by corrupt officials, a dying gentleman who wants to make charitable gifts, or a minor bank official trying to move the money of deceased foreigners out of his bank without the government taking it. The example below of the email received by a Scamicide reader involves a program to compensate fraud victims. In most variations of this scam, although you are told initially that you do not need to contribute anything financially to the endeavor, you soon learn that it is necessary for you to contribute continuing large amounts of money for various reasons, such as fees, bribes, insurance or taxes before you can get anything. Of course, the victim ends up paying money to the scammer, but never receives anything in return. This particular version of the scam requires you to pay $100 through gift cards. Asking to be paid by a gift card is a common request of scammers and a request that is never made by the agencies and companies that they pretend to be. This particular version of the scam email contains numerous indications that it is a scam. It is not addressed to you by name and the email address from which it is sent does not have any relationship to the purported sender.
Here is a copy of the email presently being circulated.
TIPS
This is a simple scam to avoid. It preys upon people whose greed overcomes their good sense. If you receive such an email, the first thing you should ask yourself is how does this possibly relate to you and why would you be singled out to be so lucky to be asked to participate in this arrangement. Since there is no good answer to either question, you should merely hit delete and be happy that you avoided a scam. As with many such scams, which originate outside of the United States, the punctuation and grammar are often not good. Often the emails are sent from an email address that has no relation to the purported sender which is an indication that the email is being sent through a botnet of hacked computers. In addition, it is important to note that nowhere in this particular version of the scam email is your name mentioned. The scam email is obviously being sent out as a mass mailing. The entire email is merely a hoax intended to sound official and legitimate.
Scam of the day – August 23, 2020 – Phony Job Termination Scam
As I have written many times since the start of the Coronavirus pandemic, scammers are quite adept at exploiting the pandemic to operate a wide variety of scams. With many people working remotely and many others being furloughed or losing their jobs, scammers have recently been sending phishing emails that appear to come from your employer in which you are told that you have been fired and are directed to click on a link in order to access information about your severance package. However, if you do click on the link, you will download keystroke logging malware that will steal your personal information from your computer or phone and use it to make you a victim of identity theft.
TIPS
The email address sending you the email may appear at first look to be that of your employer, but upon closer inspection, you will see that it is slightly different and not the legitimate email address of your employer. As I constantly preach, remember my motto, “trust me, you can’t trust anyone.” In order to avoid downloading a wide variety of malware, never click on any link unless you have absolutely confirmed that it is legitimate. In this case, a telephone call to your company’s HR department will inform you that the email is a scam.
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide was recently cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – August 22, 2020 – Michigan State University Online Store Suffers data breach
Michigan State University disclosed recently that its online store had suffered a data breach in which the names, addresses and credit card numbers of 2,600 people who had shopped at the store which sells the school’s branded merchandise between October 19, 2019 and June 26, 2020 were compromised. Data breaches at colleges and universities are common. The reason for targeting universities and colleges is simple. Generally they maintain tremendous amounts of personal information and many schools have not done a good job of securing the sensitive information they hold. Colleges and universities have much personal information that is often easily accessible within the school’s computer systems. Too often schools have permitted the information to be on unencrypted laptops and flash drives. In addition many schools do not have sufficient security programs in place to limit access to personal information, which the universities keep in their computers long after it is necessary to be kept, such as Social Security numbers for students who have long since graduated.
TIPS
Colleges and universities must make a greater commitment to data security. Data breach prevention systems should be implemented that include, but not be limited to updated firewalls, limited access to personal information, purging of unnecessary information and encryption. Personal information should not be as open and available as they presently are at this time at many universities. if you are someone who is a victim of the Michigan State data breach, you should contact the University and accept its offer of free credit monitoring. You also should put a credit freeze on your credit report because credit monitoring only tells you that you have become a victim of identity theft after the fact. A credit freeze can protect you from becoming a victim in many instances. This data breach is also a reminder to everyone not to use debit cards when making purchases either online or at a brick and mortar store because the law does not protect you nearly as much if your debit card is used for fraudulent purchases as the protection you get when your credit card is used by a scammer. This incident is also a reminder to us all that we are much safer using our EMV chip cards whenever possible. EMV chip credit cards when used in a brick and mortar store create a one time code to be used for each purchase that is worthless to a hacker. Unfortunately, EMV chip protection is not available when you use your credit card for online purchases.
Scam of the day – August 21, 2020 – Importance of Installing Security Updates
It is always important to update all of the software you use with the latest security updates and patches as soon as they are available. Numerous hacks and data breaches could have been avoided if individuals as well as companies installed security updates when they became available. Hackers take advantage of the fact that many of us procrastinate installing security software to our great detriment. Recently the makers of Apache Struts software issued a new security update. I generally would not be making you aware of this particular security patch because Apache Struts is a mainstream web framework, used primarily by Fortune 100 companies in education, government, financial services, retail and media. It is not the type of software that you or I would generally use. However, the recent release of a security patch for Apache Struts caught my eye because as I reported to you three years ago, the major data breach at Equifax that affected 148 million people involved a security flaw in Apache Struts software for which a patch had already been issued months earlier, but Equifax had not yet installed.
TIPS
I will often report to you about the latest important security updates and patches with links to the particular security patches and updates for you to access, however, whenever possible you should choose to have all of your software updates installed automatically so you never have to be concerned about delays in downloading and installing the latest critical updates. Here is a link that informs you how to do this for your Microsoft products. https://support.microsoft.com/en-us/help/311047/how-to-keep-your-windows-computer-up-to-date
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide was recently cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – August 20, 2020 – The Risks of Zelle, Venmo and Other Payment Service Apps
Peer to Peer Payment Payment Services (P2P) such as Zelle, Venmo, ApplePay, PayPal, Square Cash and PopMoney are popular ways to quickly and conveniently send money electronically from your credit card or bank account. These services are used by ninety million Americans. These services also provide easy ways to be scammed and unlike scams targeting your credit cards directly, you may not have as much protection under the law to get your money back if you do get scammed. Zelle which originated in 2017 is operated by a consortium of banks and appears on your mobile banking app. Sending money through Zelle only requires you to enter the recipient’s phone number or email address. In addition to scammers luring their victims to pay for worthless items through P2P services, scammers have also been sending phishing emails and text messages in which they lure their victims into providing their Zelle usernames, passwords and PINs to take over their victims’ bank accounts through their Zelle accounts.
Recently Money Crashers did a did a survey of users of P2P services and found that 52% of users were not even concerned with the security of these payment apps, which is disconcerting considering many instances of fraud involving these services.
TIPS
Before signing up for any P2P service, you should familiarize yourself with their fraud protection rules. In the fine print of many P2P services, you may find that you have little, if any, protection if you use the account to purchase something that ends up to be a scam. While PayPal offers significant protection from fraudulent transactions, Zelle and Venmo, for example do not offer such protection, which is why these services should never be used for commercial transactions, but only to transfer small amounts of money to people you know. In order to protect your account from being hacked and being taken over by a scammer who could access your credit card or bank account, you should use a PIN or other dual factor authentication whenever your particular service provides for it. In addition if your account is tied to a credit card, you should be able to get the amount fraudulently taken refunded from your credit card company in accordance with federal law and if it is tied to a bank account, you should be able to get the money refunded if you report it immediately pursuant to the Electronic Transfer Act. However, any delay in reporting the fraud from your bank account could cost you dearly.
To avoid having your Zelle account and other accounts from being taken over by hackers, never provide your username, password or PIN in response to any email, text message or phone call unless you have absolutely confirmed that the request for this information is legitimate, which it never is. You can confirm this by contacting your bank or other company by calling them at a telephone number you know is accurate. Even if you get a call that appears to come from your bank or other company with which you do business, your Caller ID can be tricked by spoofing to make the call appear legitimate when it is not.
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide was recently cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – August 19, 2020 – Iowa Derecho Scams
Until recently I had never heard of the term “derecho,” which is the name for a straight-line wind storm that accompanies severe thunderstorms with winds at a level that rivals hurricanes and tornadoes. Derechos often bring heavy rains and flooding as well. A derecho hit parts of Iowa earlier this month causing extensive damage. Now the Iowa Attorney General is warning people about “storm chasers” which is the name for scammers posing as contractors who come to the damaged homes of victims of the storms soliciting clean up and repair work. Unfortunately, many of these storm chasers either fail to do any work for the money they collect from their victims or provide shoddy work.
Natural disasters bring out the best in people who want to donate to charities to help the victims. Unfortunately natural disasters such as the Iowa derecho also bring out the worst in scammers who are quick to take advantage of the generosity of people by contacting them posing as charities, but instead of collecting funds to help the victims of the storms, these scam artists steal the money for themselves under false pretenses. Charities are not subject to the federal Do Not Call List so even if you are enrolled in the Do Not Call List, legitimate charities are able to contact you. The problem is that whenever you are contacted on the phone, you can never be sure as to who is really calling you so you may be contacted either by a phony charity or a scammer posing as a legitimate charity. Similarly, when you are solicited for a charitable contribution by email or text message you cannot be sure as to whether the person contacting you is legitimate or not.
Other natural disaster related scams that will occur involve identity thieves posing as Federal Emergency Management Association (FEMA) employees and insurance company representatives in order to take personal information from storm victims to turn them into victims of identity theft.
TIPS
Good advice to anyone following a natural disaster is to refrain from hiring any contractors, particularly those who contact you personally at your home, by phone or over the Internet,unless you have verified that they are properly licensed, insured and that there are not numerous complaints against them. This information can generally be obtained online from your state’s licensing board. Also check their references and do a search engine search in which you type in their name and the word “scam” and see what comes up.
As for charitable solicitations that you may receive either on the phone or online, never provide credit card information over the phone to anyone whom you have not called or in response to an email or text message. Before you give to any charity, you may wish to check out the charity with http://www.charitynavigator.org where you can learn whether or not the charity itself is a scam. You can also see how much of the money that the charity collects actually goes toward its charitable purposes and how much it uses for fund raising and administrative costs.
Never give out personal information to anyone unless you have confirmed that they are legitimate. Federal and state agencies will not ask for fees in order to be eligible for assistance and neither will insurance companies. Also beware of people who pass themselves off as insurance adjusters promising to get you more money. Insurance adjusters are licensed in each state and you should check out any person claiming to be an adjuster before hiring them. Make sure they are who they say they are and that there are not numerous complaints against them. Never give personal information to anyone passing themselves off as a FEMA or other emergency aid agency employee regardless of how good their identification card looks. ID cards can be forged. Rather, call FEMA or any other agency that they purport to represent and confirm whether or not they are legitimate. The same goes for a representative of your insurance company. Call your insurance company to confirm the identity of the person purporting to represent the insurance company.
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide was recently cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – August 18, 2020 – New Warning About the Grandparent Scam
Many of you are familiar with the grandparent scam where a grandparent receives a telephone call from someone purporting to be their grandchild who has gotten into some trouble, most commonly a traffic accident, legal trouble or medical problems in a far away place. The caller pleads for the grandparent to wire some money immediately to help resolve the problem. However the caller also begs the grandparent not to tell mom and dad. One would think that no one would be gullible enough to fall for this scam, but don’t be so hard on the victims of this scam. Scam artists, the only criminals we refer to as artists, have a knowledge of psychology of which Freud would have been envious and are able to use that knowledge to persuade their victims to send money right away. While this scam has been going on for twelve years, it continues to victimize people. Recently the Iowa Department of Public Safety issued a warning about an increase in reports of the scam. The Federal Trade Commission is now warning people about a new version of this scam in which the grandparents receive a call purportedly from a grandchild who is ill with the Coronavirus and needs immediate funds sent to him or her.
TIPS
Sometimes the scammers do not know the name of their victim’s grandchildren, but often they do. Sometimes they get this information from reading obituaries which may contain the names of grandchildren so merely because the correct name is used in the call is no reason to believe the call. Don’t respond immediately to such a call without calling the real grandchild on his or her cell phone or call the parents and confirm the whereabouts of the grandchild. If a medical problem is the ruse used, you can call the real hospital. If legal problems are the hook you can call the real police. You can also test the caller with a question that could be answered only by the real grandchild, but make sure that it really is a question that only the real grandchild could answer and not just anyone who might read the real grandchild’ s Facebook page or other social media.
Never wire money unless you are absolutely sure about to whom you are wiring the money and it is not a scam. Once you have wired money, it is gone forever. Also, students traveling abroad should register with the State Department’s Smart Traveler Enrollment Program at https://travelregistration.state.gov/ibrs/ui/. This program can help with communications in an emergency situation.
Here is a video created by the FTC that tells you more about the grandparent scam.
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide was recently cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – August 17, 2020 – FTC Sues Sellers of PPE for Failure to Deliver
As the coronavirus (COVID-19) continues to spread both in the United States and worldwide, many people are turning to online merchandisers to buy Personal Protective Equipment (PPE) such as masks, face shields and sanitizers. Unfortunately, some online merchandisers are promising customers quick delivery and then either not delivering the products in a timely fashion, or, even worse, failing to send anything at all. Recently the FTC filed lawsuits against three companies, QYK Brands which did business as Glowyy, Zaapaaz, Inc, and American Screening, LLC alleging these companies failed to deliver their products as advertised and in some instances did not deliver the products at all. According to the FTC, these companies also failed to notify customers of delayed shipments, failed to offer refunds, failed to honor refund requests and in some instances sent defective items.
Federal law requires a seller to ship orders within the time indicated in their ads or within 30 days if no time is indicated in the advertisement. In addition, if a seller doesn’t ship within the promised time, the seller is required by law to offer customers the opportunity to cancel their orders and receive a full refund.
TIPS
It is always a good idea when ordering something online from a company with which you are unfamiliar to do a search engine search in which you type in the company name with the words “scam” or “complaint” and see what comes up. Also whenever you buy anything online, you should not use your debit card, but instead use your credit card. Federal law provides you with the right to dispute charges for late shipments and have the charges removed from your credit card while debit cards do not provide the same protections.
Scam of the day – August 16, 2020 – New Report Highlights Coronavirus Related Fraud
Here at Scamicide.com we have been concerned about Coronavirus related scams since the earliest days of the pandemic with the first Scam of the day dealing with these scams published on February 7th. Scammers are always exploiting whatever has captured the public’s attention and the Coronavirus pandemic is no exception to that rule. I am happy to say that the New York Times has even cited Scamicide.com as one of the three best sources for information about Coronavirus related scams, of which there are many.
Recently Atlas VPN, a research company, published a study based on information obtained from the Federal Trade Commission (FTC) in regard to the extent of Coronavirus related scams since the beginning of the year. To date, 152,129 reports of Coronavirus related scams have been reported to the FTC and that number is probably lower than the actual number as many victims of scams don’t report being scammed. The age group with the most reported scams were people between the ages of 30 and 39 while people between the ages of 40 and 49 lost the most money to Coronavirus scams. Not surprisingly, the state with the most reported scams was our most highly populated state, California.
TIPS
The most highly reported Coronavirus related scams related to online shopping. In many instances, cybercriminals set up phony websites to sell a wide variety of products including totally bogus Coronavirus cures and treatments. Other phony websites offer a wide variety of merchandise at low prices, but never deliver the goods ordered. For information about safely shopping online check out the Scam of the day for December 12, 2019. Also, when shopping either online or in a brick and mortar store, you should never use your debit card. Instead use your credit card. The legal protections for fraudulent credit card use are much stronger than those for fraudulent use of your debit card.
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Presently there are more than 65 scams listed there and the list is growing. Scamicide was recently cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”