Scam of the Day
Scam of the day – September 1, 2025 – Scammer Poses as Country Music Rapper Jelly Roll on Facebook
Posing as a famous person on social media such as Facebook, Twitter and Instagram has proven to be quite lucrative for many scammers who are able to convince unsuspecting victims to rely on the phony accounts. Setting up a social media account is easy to do for a scammer requiring merely a name, a photo and an email address, all of which can be done to make it appear that the account is that of the real celebrity when, in truth it is that of the scammer. Sometimes the scammer will add a middle initial or a slight misspelling of the name of the celebrity to avoid detection. There are even companies that for a few dollars will set up phony celebrity social media accounts for scammers. Despite the efforts of the various social media companies to try to stop this practice, it continues in great numbers. Facebook estimates that there are as many as 60 million phony Facebook accounts including hundreds of its founder Mark Zuckerberg. Facebook tries to remove the accounts when it becomes aware of them, but they spring up soon again like a game of whack-a-mole.
Recently, Ronnie Flint of Springfield, Ohio got a message on the Messenger App of Facebook that appeared to come from country music rapper Jelly Roll informing Flint that he had won a new car in a lottery. He then received a video which appeared to show Jelly Roll informing him that to claim his prize he needed to send money to pay for shipping costs for the car. This was followed up another video in which Jelly Roll told Flint by name that he needed to send the money through Apple gift cards. Flint who is on disability was convinced and sent the money. Unfortunately, this was an AI created video sent from a phony Jelly Roll Facebook acount and the money was lost forever. This scam is being done throughout the country including in Morrisville, Pennsylvania earlier this summer.
AI has made deepfake videos such as the one used in this scam readily available to scammers in which the voice and image will appear to be that of the celebirty when it is all fake.
TIPS
Facebook has a blue verification badge program that helps people know that a celebrity Facebook page is authentic. The blue check verification badge is used by public figures and media organizations to indicate that Facebook has verified the account as legitimate. Many of the Facebook and other social media scams involve getting something for nothing. Whenever you see one of these free giveaways appear in social media be a little skeptical and don’t provide any personal information. Certainly don’t give away any credit card information and don’t click on unverified links. You should never trust a social media account of a celebrity or anyone for that matter that promises to give you something for nothing. As for Facebook accounts of celebrities always look for the blue check verification. In regard to any contest or giveaway attributed to a celebrity, go to the celebrity’s website in order to confirm if it is legitimate.
Also, it is hard to win a lottery, it is impossible to win one that you have not enterred which was the basis of this scam.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – August 31, 2025 – Back to School Shopping Scams
The new school year is just around the corner and school shopping is in high gear for many parents and students. Much of back to school shopping, like other shopping, is done online and people are constantly looking for bargains from trusted companies such as Walmart and Dick’s Sporting Goods. Scammers are constantly setting up phony retail websites. Some of these phony websites are for totally made up companies that you have never heard of, but which are offering tremendous discounts on popular goods while other phony websites are counterfeit websites of legitimate online retailers. Unfortunately, it is very easy for scammers using AI to construct phony websites with legitimate appearing logos of companies you trust. Last year the cybersecurity software company Trend Micro announced that it had found more than 205,000 phony websites touting back to school sales.
So how do you determine if you are on a legitimate website?
TIPS
Steve Weisman Forbes Column on Tech Support Scams
In addition to Scamicide, I write a weekly column for Forbes Magazine.
Here is a link to an important column I wrote about tech support scams which I urge you to read.
https://www.forbes.com/sites/steveweisman/2025/08/30/tech-support-scams-dramatically-increasing/
Scam of the day – August 30, 2025 – Credit Reporting Bureau TransUnion Data Breach Affects 13 Million People
Data breaches are a common occurence which is disturbing because they can readily lead to your identity being stolen or you becoming a victim of a scam as the hackers leverage the data they steal to lure you into a scam. Credit reporting agency TransUnion is the latest company to be a victim of a data breach in which sensitive personal information including names, addresses, email addresses phone numbers birth dates and, most troubling, Social Security numbers of more than 13 million people was compromised. Similar to recent data breaches at Google, Farmers Insurance, Allianz Life, Workday, Pandora, Cisco, Chanel, Dior, Louis Vuitton, Tiffany and Qantas,the data was stolen not from TransUnion’s computer networks, but rather from Salesforce, a cloud-based customer relationship management (CRM) company used by TransUnion and many other companies to manage their customer data. The ransomware gang ShinyHunters managed to do this not by hacking Salesforce, but rather by using social engineering to trick TransUnion employees to enable access to the company’s Salesforce account containing its customer data.
Companies must do a better job of protecting themselves from not just technologically sophisticated cyberattacks, but less sophisticated, but equally effective social engineering attacks where the cybercriminals use psychology to manipulate employees to giving them access to important data.
TIPS
Victims of this data breach should freeze their credit if they have not already done so. Actually, freezing your credit is actually something everyone should do. It is free and easy to do. In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – August 29, 2025 – Georgia Woman Loses $2,650 to Mystery Shopper Scam
I have written many times over the last fifteen years about the mystery shopper scam because it continues to ensnare unwary victims. Recently a Georgia woman lost $2,650 when she responded to a letter sending her a check for $2,650 with an offer to become a mystery shopper. All she had to do was purchase $2,000 worth of gift cards and provide the numbers to the phony mystery shopper company, keeping $650 as her fee for acting as a mystery shopper. Of course, it was a scam and she learned too late that the check sent her was a counterfeit and her own money that she used to purchase the gift cards was gone forever. These scams continue to be effective and are increasing in number so it is important to remind you about them again. Mystery shoppers are people hired to shop at a particular store and report on the shopping experience for purposes of quality control. Unlike many scams, there actually are legitimate mystery shopper companies, but they never advertise or recruit through emails, text messages or letters.
The manner in which the scam generally works is that when you answer an advertisement, or respond to a letter, email or a text message to become a mystery shopper, you are sent a bank check. You deposit the check into your own account and spend some of the money on the goods that you purchase which you are allowed to keep and also are directed to keep some of the balance of the check as payment for your services. You are instructed to return the remaining funds by a wire transfer. Of course, the check that was sent to you is counterfeit and bounces, but the funds wired by the victim of the scam is gone forever from his or her bank account.
TIPS
One reason why this scam fools so many people is that there really are mystery shopping jobs although the actual number is quite few and the companies that do mystery shopping do not go looking for you. A firm indication that you are involved with a scam is when you receive a check for more than what is owed you and you are asked to wire the difference back to the sender. This is the basis of many scams. Whenever you receive a check, wait for your bank to tell you that the check has fully cleared before you consider the funds as actually being in your account. Don’t rely on provisional credit which is given after a few days, but which will be rescinded once a check bounces and never accept a check for more than what is owed with the intention to send back the rest. That is always a scam. Also be wary whenever you are asked to wire funds or send gift cards because this is a common theme in many scams because it is difficult to trace and impossible to stop. Legitimate companies do not use gift cards as payments.
For more information about legitimate mystery shoppers, you can go to the website of the Mystery Shopping Professional Association https://www.mspa-americas.org/scam-alerts/
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”
Scam of the day – August 28, 2025 – Australian Bank Launches New App to Prevent Text Message Scams
According to the Federal Trade Commission (FTC) last year more scams originated through text messages than phone calls. Text message scams in which the scammers pose as your bank were the most common text message scam. Phony text messaging, called smishing, which purport to be from your bank is a scam about which I have been warning you for years, but is a scam that has dramatically increased recently. Scammers pose as your bank and send text messages informing you of an emergency such as a major charge has been made to your account and providing you with a link to click on to dispute the charge. If you click on the link you will be taken to a website that appears to be a legitimate website of your bank which prompts you to provide your user name and password. Unfortunately, if you do so you will be providing the scammer with full access to your bank account.
Now Australia’s Commowealth Banks has launched a new app powered by AI that allows you to send a screenshot of the message to the app which will then inform you if it is a scam.
Phony text messages like this can be particularly problematic if you have signed up to receive text message alerts from your bank. Whenever you receive a text message you can never be sure who is really sending it to you. Using a technique called “spoofing” the scammer can make the number that appears to be sending the text the same number as that of your bank. Making matters worse, this spoofed number text message may actually appear in a legitimate thread of text messages from your bank due to how messaging apps group conversations. Messaging apps like iMessage or Android Messages often group texts by sender ID not by the actual source of the message so if the scammers has spoofed the number it can appear in the same legitimate thread of the bank.
TIPS
The best course of action when you receive such a text message, if you have a concern that it may be legitimate, is to merely independently contact your bank to determine whether or not the text message was a scam, but be careful that you do not misdial the telephone number of your bank as some scammers purchase phone numbers similar to those of legitimate banks and credit card companies hoping that they will receive calls from unwary consumers who may have merely misdialed the telephone number of their bank or credit card company.
Regardless of how official such a text message may appear, you should never provide personal information to anyone in response to a telephone call, email or text message because in none of those situations can you be sure that the person contacting you is legitimate. If you do receive a communication from a bank, government agency or any other person or entity that you think might have a legitimate need for personal information from you, you should call the real entity at a telephone number that you know is legitimate in order to ascertain the truth.
Banks do not call, text or email their customers asking for personal information. You should always be skeptical of anyone asking for such information. Of course, if you receive a text message that appears to come from a bank at which you do not have an account, you can be confident it is a scam. If the text message provides for you to respond to stop future texts, don’t do it. Sending such a message to a scammer merely alerts them to the fact that yours is an active phone number.
Another step you should take to prevent your account from being taken over even if someone manages to get your user name and password is to set up dual factor authentication on your bank account.
Finally, although today’s Scam of the day focuses on phony bank text messages, it is a good idea to sign up to receive text alerts from your bank which can be customized for your own particular needs.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it indicates “Sign up for this blog.”
Scam of the day – August 27, 2025 – Scammers Love WhatsApp, Telegram and Signal
According to the Federal Trade Commission (FTC) more scams in the United States are started on social media than on any other platform at a cost of 1.9 billion dollars in 2024 and that figure is probably low because many victims, often out of embarrassment, do not report being victimized. A study done by the Fin Tech company Revolut found that 60% of all scams in the UK originated on the Meta platforms Facebook, Instagram and WhatsApp with investment scams being the most common form of scam. Revolut referred to social media as a “hotbed” for scams.
Social media based scams take many forms, but are often based on our trusting the people we encounter as friends on social media. Remember my motto, “trust me, you can’t trust anyone.” Scammers harvest information about you that you post on social media to learn about your identity and interests and use that information to target you with a wide variety of scams including investment scams, romance scams and sales of phony products.
One way to recognize a scam is when you start communication with someone on social media such as LinkedIn, Facebook or Instagram or even through email and they want to move your discussions to WhatsApp, Telegram or Signal which are all legitimate encrypted messaging platforms, but are favorites of scammers because they are encrypted and not monitored as well a other social media where the platforms may be using AI for scam detection.
TIPS
Don’t accept friend requests from everyone who asks to be your friend on social media and don’t trust communications on social media merely because they appear to come from your friends. Often social media accounts are hacked or cloned and the scammers, posing as your friends, leverage the trust that you have in your friends to lure you into phony investments, phony sales and romances. Further, even if a communication comes from a real friend, often people will forward scams that they have been fooled into thinking are legitimate.
Use your privacy settings to limit who can see the information you post on social media.
Remember it is good rule to never click on links that may appear on social media, text messages or emails unless you have absolutely confirmed that they are legitimate because the risk of downloading malware is too great.
As for WhatsApp, Telegram and Signal, no legitimate employer offering a job or financial advisor will switch platforms after they have made initial contact with you.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – August 26, 2025 – Embarrasingly Bad Nigerian Email Scam
Today’s Scam of the day comes from a regular Scamicide reader and is another version of the Nigerian email scam that continues to plague the online community. In the most common versions of this scam circulating on the Internet today, you are promised great sums of money if you assist a Nigerian or someone elsewhere in his effort to transfer money out of his country. While we refer to this type of scam as the Nigerian Email Scam, as indicated in the email below, not all versions of this scam have a connection to Nigeria as indicated in the email copied below.
Common variations of the scam include the movement of embezzled funds by corrupt officials, a dying man who wants to make charitable gifts, a minor bank official trying to move the money of deceased foreigners out of his bank without the government taking it or, as in this case, funds derived from an undescribed source. As illustrated by the email copied below, the Nigerian Email Scam often has nothing to do with Nigeria, but merely is a scam where you are promised a large amount of free money based on a ridiculous premise.
In most variations of this scam, although you are told initially that you do not need to contribute anything financially to the endeavor, you soon learn that it is necessary for you to contribute increasingly large amounts of money for various reasons, such as fees, bribes, insurance or taxes before you can get anything. Of course, the victim ends up paying money to the scammer, but never receives anything in return.
Here is a copy of the email presently circulating. I have deleted the email address used to send the email and the email address of the recipient. While the email purports to be sent from Merrick Garland, the attorney general of the United States, Garland has not been the attorney general since the end of the Biden administration. In addition, the email address of the sender is not a government email address, but a gmail address not used by government officials and is most likely the email address of someone whose email address was hacked and made a part of a botnet to send out these scam emails.
I’m sending you this text to let you know that the reason you haven’t been able to receive your funds either by bank transfer, delivery of cash or ATM card or bitcoin transfer is because your name was blacklisted by the United States Finance Department.
The U.S Department of Justice has decided to clear your name from the blacklist to enable you to receive your funds that has been seized or confiscated around the world including the $6,300,000.00 confiscated by the U.S Finance Department.
You are advised to send the following1, Full Name
2,Identity Card
3,phone number
Please send the above information so that your name can be cleared from the blacklist and for the $6,300,000.00to be sent to you.
I will be waiting for above details.
Thank you
Merrick B. Garland
U.S Attorney General
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – August 25, 2025 – Scattered Spider Hacker Sentenced to 10 Years in Prison
Regular readers of Scamicide are familiar with Scattered Spider which is the name of a hacking group largely made up of teens and young men in their twentys in the United States and the UK who have managed, primarily through social engineering rather than sophisticated technologically based hacking to perpetrate massive ransomware attacks against companies such as Caesars Entertainment and MGM resorts. Last week, Noah Michael Urban, a 20 year old Floridian became the first member of Scattered Spider to be convicted and sentenced for his crimes related to a variety of crimes including, most notably stealing more than $13 million of crytocurrencies from at least 59 victims. Along with financial penalties, he was sentenced to serve 10 years in prison, which is most notable since the prosecutors had only requested an 8 year prison sentence.
The method he used to steal cryptocurrencies from his victims’ cryptowallets was through SIM swapping. A Subscriber Identity Module, more commonly known as a SIM card, is an integrated circuit that stores information used to authenticate subscribers on mobile devices, such as a cell phone. The SIM card is able to be transferred between different devices, and often is, when people update into a newer cell phone. SIM swapping is the name for the crime where someone convinces your phone carrier to transfer your SIM card to a phone controlled by the criminal. Sim swapping is a way for a criminal to defeat dual factor authentication where to access an account, in addition to a password, a security code is required. The new security code is created each time the holder of an account goes to access his or her account and it is generally sent to the cell phone of the account holder which is why if the criminal is able to swap the victim’s SIM card to the criminal’s phone, he or she can get access to the account.
In order to do a SIM swap, the criminal uses harvested information to answer security questions asked when the criminal, posing as the real account holder when the scammer contacts the cell phone service provider posing as the account holder and asks to do a SIM swap into a new phone. Much of this harvested information came from data breaches done by Scattered Spider.
The best thing you can do to protect your SIM card from SIM swapping is to set up a PIN or password to be used for access to your mobile service provider account. This will help prevent a criminal from calling your carrier posing as you and convincing your mobile carrier to swap your SIM card to the criminal’s phone merely by providing personal identifying information or answering a security question.
TIPS
I have written in the past about how to avoid SIM swaps by setting up a passcode or PIN on your mobile service carrier account to avoid a scammer being able to access the account merely by answering a security question.
AT&T will allow you to set up a passcode for your account that is different from the password that you use to log into your account online. Without this passcode, AT&T will not swap your SIM card. Here is a link with instructions as to how to set up the passcode. https://www.att.com/esupport/article.html#!/wireless/KM1051397?gsi=9bi24i
Verizon enables customers to set up a PIN or password to be used for purposes of authentication when they contact a call center. Here is a link with information and instructions for setting up a PIN with Verizon. https://www.verizonwireless.com/support/account-pin-faqs/
T-Mobile will allow you to set up a passcode that is different from the one you use to access your account online. This new passcode is used when changes to your account are attempted to be made such as swapping a SIM card. This code will not only protect you from criminals attempting to call T-Mobile and swap your SIM card, but will also prevent someone with a fake ID from making changes to your account at a T-Mobile store. Here is a link to information and instructions for adding a new passcode to your account. https://www.t-mobile.com/customers/secure
Sprint customers can establish a PIN that must be provided when doing a SIM swap, in addition to merely answering a security question, the answer to which may be able to be learned by a clever identity thief. Here is a link to information about adding a PIN to your Sprint account. https://www.sprint.com/en/support/solutions/account-and-billing/update-your-pin-and-security-questions-on-sprint-com.html
And if you are particularly paranoid, like me, you can arrange with your cell phone service carrier that your SIM card cannot be switched except in person by you.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – August 24, 2025 – The Hidden Danger of Drive By Downloads
We all generally know to avoid sketchy websites that may be infected with malware that can lead to serious problems if you unwittingly download the malware such as ransomware, keystroke logging malware that can lead to identity theft or other types of malware. However, even if you make a concerted effort to avoid websites that may be likely to contain malware, you still may find yourself in danger. According to a study by Menlo Security 42% of the most visited websites on the Internet were vulnerable to malware being planted on these thought-to-be safe websites.
A major problem is that many popular websites use outdated servers that make them vulnerable to malware and data breaches. Another problem comes from many websites including content from third parties such as companies that provide advertising. Malvertising is the name for malware infected advertising that can turn up on legitimate websites and can be downloaded on to your computer or phone by either clicking on links in the advertising or even, in some cases, by merely going to the website where the tainted advertising appears even if you never click on the ad.
In other instances scammers infect legitimate websites with malware by exploiting security flaws. Merely by going to an infected website you can end up downloading the malware without clicking on any links.
TIPS
The first thing to do to protect yourself from being victimized by malware found on websites is to avoid those websites that may appear not to be legitimate. You also should have strong security software on all of your electronic devices including your computer and cell phone, making sure that you update your security software with the latest security patches as soon as they are made available. Keeping your browser updated with the latest versions is also important as many browsers provide some level of protection from malware infected sites.. Finally, you may wish to install ad blocking software that prevents you from becoming victimized by malvertising in all forms.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”