Scam of the Day
Scam of the day – February 7, 2020 – Coronavirus Scams Part 1
Scammers are adept at manipulating anything that has captured the attention of the public and turning it into an opportunity to scam people. Today and tomorrow I will be telling you about scams related to the worldwide coronavirus outbreak. Earlier this week the Securities and Exchange Commission (SEC) issued a warning in which it said that it had become aware of “a number of Internet promotions, including on social media, claiming that the products or services of publicly-traded companies can prevent, detect or cure coronavirus, and that the stock of these companies will dramatically increase in value as a result.” Everyone would like to be able to invest in a stock while the price is still low, but can be expected to rise dramatically. This desire for the quick hit is exploited by scam artists in a scam called the “pump and dump.” In this scam, you may receive an email often apparently intended for someone else informing you of a company with a low cost stock that is about to have its price rise tremendously. Other times the stock may be talked up in Internet chat rooms. Most often these companies are small capitalization companies, often referred to as penny stock companies. These stocks are often thinly traded. Following the advice, from someone they don’t know, the victim buys the stock and, sure enough, the stock value promptly rises, but then without warning, the stock plummets in value and you are left with a poor investment. This scam is created by criminals who buy the stock themselves at a low value and then influence others to buy the stock regardless of the fact that the stock would not be expected to rise in value were it not for the fact that the scammers misrepresent the stock to their victims and lure them into buying it. Once the stock has shot up in value, the criminals, knowing that the emperor has no clothes, sell their stock, make a profit and leave the victims with worthless stock certificates.
In regard to the coronavirus, the World Health Organization indicated this week that there are “no known effective therapeutics” available to prevent or treat the coronavirus.
TIP
Always consider the sources of any investment advice that you receive. How reliable is the source? What are their credentials? What do they stand to gain? Some particular red flags that the stock offer is a scam include unregistered investment advisers approaching you. You can find out if a particular investment adviser is registered by going to the SEC’s Investment Adviser Public Disclosure database. Here is a link to that data base. https://www.investor.gov/
Also, be wary of promises of huge profits with little or no risk. That is a common thread with many scams.
Finally, be skeptical when you receive a stock solicitation by way of an email, text message, phone call or any other communication that you have not initiated. Also, be particularly skeptical if the promoter of the stock tells you that he has inside information because trading on inside information is a criminal violation and as Martha Stewart would tell you, that is not a good thing.
Scam of the day – February 6, 2020 – Google Docs Phishing Scam
A phishing email is presently being sent to unsuspecting victims that urges you to click on a Google Docs link. A copy of one version of the email is reproduced below. Clicking on the link will turn over your email account to the scammer which not only will give the hacker access to all of your emails, but also your contact list which will enable the hacker to contact your friends with emails that appear to come from you and will be used to lure your trusting friends into clicking on links that can download keystroke logging malware that can lead to identity theft or ransomware. It is important to remember that it is very simple for a scammer to include the Google logo and a logo for Norton Security so you can’t trust an email merely because it carries such logos. A strong indication that this email was a phishing scam was that the address from which it was sent was the email address of an individual who had no connection to Google Docs. Most likely the email account used to send the phishing email was part of a botnet of computers that had been compromised and used by scammers to send out such phishing emails without the person whose email account is being used even being aware that his or her email was being used for this purpose.
Here is a copy of the email that is presently being circulated. DO NOT CLICK ON THE LINK TO VIEW THE DOCUMENT.
|
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
 |
 |
TIPS
Never click on links or download attachments regardless of from where they may appear to originate unless you have verified that the email is legitimate. In addition, even people who fell for this scam, would be safe if they used dual factor authentication for their Gmail account which would prevent someone who had your password from accessing your account. With dual factor authentication, when you go to access your account a special code is sent to your cell phone if the request to access your account comes from a different computer or device that you generally use. You can sign up for Google’s dual factor authentication by clicking on this link: https://www.google.com/landing/2step/
Scam of the day – February 5, 2020 – Mavis Wanczyk Instagram Scam
Many people may not remember the name of Mavis L. Wanczyk, but she was the lucky winner of a 758 million dollar Powerball drawing in 2017. Not long after she claimed her prize, a scam started appearing in which many people received an email with the message line referring to the Mavis L. Wanczyk Cash Grant. The email indicated that you were chosen to receive a large cash grant from Mavis L. Wanczyk. All the lucky strangers receiving the emails had to do was provide personal information in order to qualify for the grant. In addition, phony social media accounts on Twitter, Facebook and Instagram were also set up in Ms. Wanczyk’s name through which people were contacted with the same phony offer of free money informing them that in order to qualify for the grant they merely needed to provide personal information. Of course, people providing the personal information ended up becoming victims of identity theft.
Now the scam appears to be resurfacing in large numbers as evidenced by emails I am receiving from Scamicide readers complaining of this scam. The scam has now migrated from emails to Instagram where a phony Mavis Wanczyk account is offering $10,000 to the first 2,000 people who respond to the post. A Scamicide reader responded to the offer and was informed he needed to send the numbers from a $100 eBay gift card in order to receive the $10,000 prize. Other versions of the scam have asked for Walgreens or CVS gift cards. The Scamicide reader who reported this scam to me knew this was a scam and did not buy the gift cards or lose any money, but other people are being tricked by this scam. The truth is that no one is offering you money for nothing.
TIPS
It is difficult to win a lottery you have entered. It is impossible to win one that you have never entered and neither lottery winners, nor anyone else is sending out messages through the Internet offering free money to anyone who responds. In addition, no legitimate lottery requires you to pay a fee to claim your prize and anytime you are asked to pay for something through a gift card, you should be suspicious of a scam. Scammers love gift cards because they are easy to use and impossible to trace.
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide was recently cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – February 4, 2020 – Wells Fargo Phishing Email
Here is another good example of a phishing email that is presently being circulated. It was sent to me by a Scamicide reader who received it. It makes for compelling reading, but it is a scam. Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new. They are a staple of identity thieves and scammers and with good reason because they work. As always, they lure you by making it appear that there is an emergency that requires your immediate attention or else dire consequences will occur. Copied below is a new phishing email presently being sent to unsuspecting people that appears to come from Wells Fargo. This particular one came with a Wells Fargo logo and was sent from an email address that, while not a real Wells Fargo email, did appear to be legitimate, which makes the scam even more tempting to more people.
Here is the email.
|
Secure message from Wells Fargo Online® We posted a new notice or letter to your “Statements & Document” on your account We recently detected an activity which seems unusual to your normal account activities. Therefore as a preventive measure we have limited your access to sensitive account functions. Please use your online access to sign on.
. If you have questions about your account, please refer to the contact information on your statement. For questions about viewing your statements online, Wells Fargo Customer Service is available 24 hours a day, 7 days a week. Call us at 1-800-956-4442 or sign on to send a secure email. |
| wellsfargo.com | Security Center
Please do not reply to this automated email. Sign on to send a secure email. 2d80b-150-ab54-712f3fdcf-a2658bb2_5e35a546_d15d-5211 |
TIPS
Legitimate emails from your bank would include the last four digits of your account and include your name. This email had neither. Often such phishing emails originate in countries where English is not the primary language and the spelling and grammar are poor. However this one appears grammatically correct. Obviously, if you are not a Wells Fargo customer, you will recognize immediately that this is a scam. As with most phishing emails, they lure you into clicking on a link (We have blocked the link and inserted xxx) by attempting to trick you into believing there is an emergency. However, if you hover on the sign in link contained in the actual phishing email, you will find it does not go to Wells Fargo.
As with all phishing emails, two things can happen if you click on the links provided. Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft. If you receive an email like this and think it may possibly be legitimate, merely call your bank or other institution from which the email purports to originate at a telephone number that you know is accurate and you will be able to confirm that it is a scam.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – February 3, 2020 – Social Engineering Hacking of WhatsApp Accounts
More than a billion people use the WhatsApp mobile messaging app that helps you send text messages, photographs, videos and audio. Due to its extreme popularity, it is not surprising that WhatsApp has become an attractive platform for scammers. I have reported to you for years about the various scams targeting WhatsApp users. The reports in the news recently pertaining to the hacking of Amazon founder Jeff Bezos’ phone are attributing the hacking to exploited vulnerabilities with his WhatsApp account. However, a more common WhatsApp scam that is happening frequently now involves social engineering used to hack your account and then use your account to scam other people. The scam starts when you receive a message through WhatsApp that appears to come from a friend of yours. The message from your trusted friend tells you that you are about to receive a text message and requests that you send that message back to your friend. The truth is that the message you received through WhatsApp is from an account taken over by a hacker who is looking to take over your account. The text message that you are sent on your phone is actually a dual factor authentication code sent to you because the hacker is trying to take over your WhatsApp account and if you sent it to your “friend” as requested, you are actually turning over that code to a hacker who can then use it to take over your WhatsApp account in order to send out messages with malware or lure your WhatsApp friends into becoming victims of scams because they believe the messages sent by the hacker with malware and scams are coming from you.
TIPS
In 2017 WhatsApp added dual factor authentication capabilities and you should use this if you are a WhatsApp users. Passwords are just too vulnerable to be the sole method of authentication for important apps or accounts. Whenever you are able to use dual factor authentication for a particular website, account or app, you should take advantage of this. Some dual factor authentication protocols do not require it to be used when you are accessing the account from the computer or smartphone that you usually use, but only if the request to access the account comes from a different device, which still provides security without even having to use the special code. However, as indicated in the scam I referred to above, dual factor authentication is not foolproof. Never estimate the power of a fool. Fortunately, there is a way to protect yourself from this scam by setting up a PIN for your WhatsApp account so that even if someone got your dual factor authentication code, they could not access your account. You can set up a PIN by going to the Settings-Account section of the app. Of course, you should also remember to never under any circumstances provide to anyone the dual factor authentication code sent to your phone.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – February 2, 2020 – Fraudulent Social Security Phone Calls
Last week the Senate Aging Committee released its annual report in which it indicated that fraudulent phone calls where scammers pose as Social Security Administration employees asking for personal information were the number one phone scam last year. Phony calls purporting to be from the IRS were the top scam phone calls for the previous five years. Scammers call on the phone under a variety of pretexts and ask for the Social Security numbers of the people they call. In the hands of an identity thief, it is very simple matter for a criminal to take a person’s Social Security number and use it to make the person a victim of identity theft. Some of the excuses given by the scammers calling are that criminal activity has been linked to the particular number and they need to confirm that you are not a criminal or that there has been a computer problem at the Social Security Administration and they need to confirm your Social Security number. Making the problem worse is that through a technique called “spoofing” scammers are able to manipulate your Caller ID so that the call you receive appears to come from the Social Security Administration.
TIPS
An easy way to avoid becoming a victim of this scam is to remember that the Social Security Administration will never initiate any contact with you by telephone call, email or text message. Any communication you receive in this manner that is not in response to your own telephone call or email is a scam. On a larger scale, it is important to remember that you can never be sure whenever you get an email, text message or phone call as to who is really contacting you so you should never provide personal information to anyone in response to an email, text message or phone call unless you have independently confirmed that the communication was legitimate and that information from you is absolutely required.
Many of these fraudulent calls come as robocalls. It is important to remember that the Social Security Administration will never contact you through a robocall. Seniors are particularly vulnerable to robocalls and should install anti-robocall programs on their phones. Here are some ways to stop robocalls:
Verizon has implemented new services to help its customers avoid illegal robocalls. The new Call Filter service offers spam alerts and new protections from robocalls for its wireless customers. Customers will receive alerts when a call is most likely a scam. The new Call Filter service will also automatically block robocalls based of the customer’s preferred risk level. The Call Filter service is offered in a free version and an enhanced version that among other things will enable customers to create a personal robocall block list. For more information about the Call Filter Services and how to sign up go to https://www.verizonwireless.com/solutions-and-services/call-filter/
There are a number of other options for preventing robocalls including a number of apps that for free or a small fee will reduce and in some instances prevent robocalls.
Samsung’s SmartCall informs you if the call you are receiving is from a known robocaller. This feature is available with newer Samsung Galaxy phones. Here is a link to information about SmartCall and instructions as to how to activate this app.
http://www.samsung.com/levant/apps/smart-call/
Google also has a spam blocker that will warn you when you are receiving a robocall and your screen will turn red. Here is a link to information about the app and how to install it.
https://play.google.com/store/apps/details?id=com.google.android.dialer&hl=en
AT&T also offers free apps to block robocalls on iPhones and Android phones. Here is a link to information about these apps.
https://www.att.com/features/security-apps.html?partner=LinkShare&siteId=TnL5HPStwNw-yrUS1uDw9WGvN._xt67yew&source=ECay0000000CEL00O
Verizon’s CallerName ID is a free service for iPhones and Android phones that will alert you to suspected robocallers. Here is a link to Verizon’s app.
https://www.verizonwireless.com/solutions-and-services/caller-name-id/
T-Mobile offers a free scam blocker of known robocallers for Android phones which you can activate by merely dialing #662#
Sprint offers a paid service to protect your iPhone or Android phone from robocalls. For more information, use this link
http://explore.t-mobile.com/callprotection
For landlines as well as smartphones there are a number of apps such as Nomorobo, Truecaller, Hiya, RoboKiller and YouMail that offer robocall blocking for free or for small monthly charges. Here is a link to those apps. I have used Nomorobo for years and find it to be tremendously useful
https://www.nomorobo.com/
https://www.truecaller.com/
https://hiya.com/
https://www.robokiller.com/
https://play.google.com/store/apps/details?id=com.youmail.android.vvm&hl=en_US https://www.youmail.com/home/apps
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – February 1, 2020 – Super Bowl Merchandise Scams
The Super Bowl, which will be played tomorrow in Miami between the Kansas City Chiefs and the San Francisco 49ers promises to be a hugely popular event with an estimated viewing audience of well more than a hundred million people. Following the game, many people will be be purchasing official Super Bowl merchandise, such as jerseys and caps. While it is relatively easy to examine merchandise when you purchase it at a brick and mortar store for the substandard quality of counterfeit merchandise as shown by low quality fabrics, loose stitching and off-center logos, you can never be sure when you buy Super Bowl merchandise online as to whether it is legitimate or not. Official NFL merchandise will have a hologram tag attached to the item, which is readily apparent in a store, but not when purchasing online.
TIPS
When buying Super Bowl merchandise online, the same rules for purchasing anything online apply. If the price looks too good to be true it generally is. Also, you are better off buying from established companies with good reputations and always pay with a credit card rather than a debit card because if it is a scam, it is simpler and easier to cancel the order with your credit card at less risk than if your debit card is used for such a purchase.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – January 31, 2020 – Critical New Apple Security Updates
As was made abundantly clear by 2017’s massive Wannacry ransomware attack that exploited a vulnerability in the Microsoft Windows operating system for which Microsoft had already issued a security update and the massive Equifax data breach that also occurred as a result of Equifax not installing security updates to one of its software programs, constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats. Whenever important new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices. Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use. Delay in updating your software could lead to disastrous results. However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update. Today’s security update involves serious vulnerabilities in a number of Apple devices and programs.
TIPS
Here is a link to this recent security update: https://www.us-cert.gov/ncas/current-activity/2020/01/28/apple-releases-multiple-security-updates
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – January 30, 2020 – Tax Identity Theft Awareness Week
February third is the start of Tax Identity Theft Awareness Week. Income tax identity theft, by which identity thieves file phony income tax returns with counterfeit W-2s using the Social Security number and name of their victims is still a major problem for the IRS and taxpayers costing us all billions of dollars each year. However, when someone has stolen your Social Security number and filed an income tax return using your name, the problem becomes particularly personal. In addition, there are numerous other tax related scams including most significantly IRS impersonation phone call scams in which the scammer calls his or her victim posing as the IRS demanding an immediate payment of allegedly overdue taxes, often by gift cards and threaten dire consequences unless the payment is made immediately.
TIPS
The most important thing to remember is that the IRS will not initiate any communications with you by email, text message or phone. Their logo is easy to counterfeit and any personal information in the phishing email was probably gathered through data breaches in which the information about you was stolen. Never provide personal information in response to an email, text message or phone call that purports to be from the IRS. If you have any thought that the communication may be legitimate, call the IRS a the numbers indicated here which also let you know what information you will need to confirm your identity. https://www.irs.gov/help/telephone-assistance
Below is a short video produced by the Federal Trade Commission that explains a number of different tax scams, how they work and how to avoid them.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – January 29, 2020 – Utility Scam
Scams involving utility bills for electric, water or gas services have long been popular with scammers. I recently received an email from a Florida Scamicide reader who received a phone call on her answering machine that indicated it was from Florida Power & Light threatening to terminate her electricity unless she called back in a half an hour and paid over the phone her overdue balance. The truth is that there was no outstanding balance and the Scamicide reader smartly called Florida Power & Electric at a telephone number that she got from her bill and was told that there was no problem and the call was a scam. Unfortunately, however, many people fall for scams such as this. This is a common scam where targeted victims are called on the phone and told that their utility service will be terminated for non-payment unless they pay by credit card or prepaid cards such as iTunes cards over the phone. In another utility scam, potential victims receive an email that has a link to take them to their bill where they are prompted to provide personal information or make a payment through a phony website. In another utility scam, people are called and told that they are eligible for a special promotion that will save them money. They just need to provide personal information.
All of these are scams. In the first, the targeted victim is coerced into giving their credit card or prepaid card information to a scammer. In the second, merely by clicking on the link to go to the phony bill, the victim ends up downloading keystroke logging malware or ransomware that can lead to identity theft or worse and in the third, there is no special promotion and the victim ends up providing personal information that leads to identity theft.
TIPS
You can never be sure when you get an email or a telephone call if it is really from a legitimate source. Email addresses can be hacked to appear legitimate and even if you have Caller ID, a scammer can use a technique called “spoofing” to make it appear that the call is from a legitimate caller. Trust me, you can’t trust anyone. Never provide personal or financial information to anyone in response to a telephone call, text message or email until you have independently confirmed that the communication was legitimate. In the case of a utility bill, merely call the number on the back of your bill and you will be able to confirm whether or not the communication was legitimate. Also, never click on links unless you have confirmed that they are legitimate. The risk is too great. It is also important to remember that no legitimate utility company will require you to immediately pay your bill over the phone with a prepaid card such as an iTunes card or a gift card.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”