Scam of the Day
Scam of the day – December 28, 2019 – Phony Kidnapping Scam Spreading
I have been warning you about phony kidnapping scams, also known as virtual kidnapping, for seven years. The scam starts with a telephone call informing the person answering the phone that a child or other relative has been kidnapped and if they do not respond by wiring money right away, the relative will be killed. As with so many scams, we are often our own worst enemy and this scam is no exception. In many instances, the scammers gather personal information about the intended scam victims from information that the intended victims or members of their families post on social media. Information harvested from social media may indicate that someone is traveling on vacation making it easier to make the phony kidnapping appear legitimate. Armed with personal information gathered from social media, a scammer can describe the supposed kidnapped victim or provide personal information that would make it appear that indeed they actually do have the person in their custody. Sometimes the phony kidnappers manipulate your Caller ID through a technique called “spoofing” to make it appear that the call is coming from the supposedly kidnapped family member’s cell phone.
The Boone County Kentucky Sheriff’s Office recently warned people about this scam following a number of incidents. Reports of this scam are also coming from other parts of the country as well.
Many of the fake kidnapping scams, according to the FBI. are originating with calls from Mexican prisons, where in most instances the calls are being made by prisoners who have bribed guards to supply them with cell phones.
TIPS
Always be skeptical if you receive such a call. Never wire money to anyone for anything unless you are totally convinced that what you are doing is legitimate because unlike paying for something with a credit card, once your wired funds have been sent, they are impossible to get back. Talk to the alleged kidnapper as long as possible, thereby giving someone else with you the time to call or text the alleged kidnap victim on his or her smartphone. If the purported kidnapping victim is a young child, call the school to confirm that he or she is safe. You also could ask the kidnapper to describe your relative as well as provide information, such as his or her birth date, which could be found on a driver’s license, however, it is important to remember that much of this kind of information may be available through social media or elsewhere on the Internet. It also can be helpful for the family to have a code word to use to immediately recognize that this is a scam. If the kidnapper can’t provide the code word, it is clear that it is a scam.
Many of these kidnapping scams are originating in Mexico so be particularly skeptical if you receive the telephone call from Mexico which has many area codes which can be found by clicking on this link. http://dialcode.org/North_America/Mexico/
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – December 27, 2019 – Another Mystery Shopper Scam
I have written many times over the last seven years about the mystery shopper scam because it continues to ensnare unwary victims including a Massachusetts woman Lisa Zais who responded to a text message that appeared to come from Whole Foods asking her if she wanted to work as a mystery shopper. The company sent her a check which she deposited into her checking account and then followed her assignment of purchasing $2,450 worth of gift cards and sending the card numbers back to the mystery shopping company. Of course the check was counterfeit and when it bounced, Zais had lost $2,450 from her bank account.
Mystery shoppers are people hired to shop at a particular store and report on the shopping experience for purposes of quality control. Unlike many scams, there actually are legitimate mystery shopper companies, but they never advertise or recruit through emails, text messages or letters.
The manner in which the scam generally works is that when you answer an advertisement, or respond to a letter, email or a text message to become a mystery shopper, you are sent a bank check. You spend some of the money on the goods that you purchase which you are allowed to keep and also are directed to keep some of the balance of the check as payment for your services. Often you are instructed to return the remaining funds by a wire transfer. In a recent Walmart themed mystery shopper scam that targeted a Scamicide reader, the targeted victim was told to wire $1,225 of a $1,595 check back to the scammer. The problem is that the check or money order sent to you is counterfeit, but the money you send by wire from your bank account or through prepaid cards is real and is lost forever.
Here also is a link to a news story from ABC’s Western Mass News in which I was interviewed about this type of scam. https://www.westernmassnews.com/news/pittsfield-woman-warning-others-of-mystery-shopper-scheme/article_af658312-45ca-11e9-855b-777f943a69e1.html
TIPS
One reason why this scam fools so many people is that there really are mystery shopping jobs although the actual number is quite few and they do not go looking for you. An indication that you are involved with a scam is when you receive a check for more than what is owed you and you are asked to wire the difference back to the sender. This is the basis of many scams. Whenever you receive a check, wait for your bank to tell you that the check has fully cleared before you consider the funds as actually being in your account. Don’t rely on provisional credit which is given after a few days, but which will be rescinded once a check bounces and never accept a check for more than what is owed with the intention to send back the rest. That is always a scam. Also be wary whenever you are asked to wire funds or send gift cards because this is a common theme in many scams because it is difficult to trace and impossible to stop. Legitimate companies do not use gift cards as payments.
If you receive a mystery shopper scam solicitation or check through the mail you can report it to the United States Postal Service at
http://about.usps.com/publications/pub300a/pub300a_tech_024.htm
You also can report the scam to the Federal Trade Commission (FTC) which investigates these scams at https://www.ftccomplaintassistant.gov/#crnt&panel1-1
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – December 26, 2019 – Words With Friends Data Breach Affects more than 172 Million People
Zynga, the company that owns the popular game Words With Friends has disclosed that information on 172,869,660 Words With Friends accounts was stolen in a data breach earlier this year. Zynga had announced the data breach in September, but had not indicated how many people were victimized in the data breach until now. Included in the stolen information were email addresses, usernames and passwords. If you are a Words With Friends user, you can find out if your account was affected by going to the website https://haveibeenpwned.com/
Many of us are suffering from what is being called “data breach fatigue” as a result of which we may not tend to take seriously the threat that data breaches present, but it is dangerous to ignore the threats that these data breaches present. Fortunately there are some things you can and should do to protect yourself from future data breaches that will affect you.
TIPS
One of the biggest lessons from the myriad of data breaches is to make sure that you use unique passwords for every online account that you have in order to avoid having a sensitive account, such as your online banking account compromised because you use the same password as you do for another relatively meaningless account that had poor security which led to a data breach in which your password was stolen. This is also a reason for deleting old accounts you don’t use that could expose your passwords and other information. The hacking of thousands of Disney + accounts only a few days after the new streaming service was launched is a good example of why it is important to have unique passwords for all of your accounts. It appears at this time that Disney + wasn’t hacked and did not suffer a data breach. The primary reason for the accounts being hacked appears to be that the people who had their accounts hacked were using passwords they used for other accounts at sites that have suffered data breaches thereby enabling the cybercriminals to use those stolen passwords to access their victims’ Disney + accounts.
Creating and remembering strong, unique passwords for each of your accounts is not as difficult as it may appear. You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords. Add a few symbols like !!! and then adapt it for each account you have so that you will have a secure and easy to remember password for each of your online accounts. Thus, your Amazon password could be IDon’tLikePasswords!!!AMA.
Also, use dual factor authentication whenever possible so that even if your passwords are compromised, no one can access your account.
In addition, you should be aware that with your email address commonly known by many scammers, you can expect to receive more phishing and more dangerous, specifically targeted spear phishing emails that attempt to lure you into clicking on links containing malware or try to convince you to provide personal information that can be used to make you a victim of identity theft. Never click on links or provide personal information in response to an email or text message unless you are absolutely sure that the email or text message is legitimate.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – December 25, 2019 – Star Wars: The Rise of Skywalker Scam
The final Star Wars movie, “Star Wars: The Rise of Skywalker” was released into theaters on December 19th and it is very popular with movie goers. It seems many people are anxious to see this movie, however, there are people who want to see the movie, but don’t want to pay for it. Legitimate streaming services won’t be able to provide the movie to their customers for quite a while, but that doesn’t stop illegal streamers from offering the movie online, often for free. Don’t be tempted. Attempting to stream an illegal version of the movie is not only illegal and unethical, but it could also lead to your being scammed out of money. An online search for websites promising to provide the movie for free will take you to as many as thirty fraudulent websites that appear to provide the movie, but a few moments after the movie starts, it stops and a pop up appears requiring you to set up an account. The pop up says that the account is free and that all you need to do is provide your email address and a password. Once you do this, you are then instructed to provide a credit card number and the CVC security code on the back of the card merely to verify that you are located in a country where the website is licensed to distribute the movie. Unfortunately, the website does not provide the Star Wars movie. The few minutes of what you initially see of the movie is just scenes taken from the readily available trailers for the movie. So not only do people falling for this scam not get to see the movie, they end up providing their credit card information to the scammers in addition to providing a password, which, in too many instances, is the same password the scam victim uses for other online services such as online banking. The moral of this story is that trying to view a pirated version of a popular movie for free will only cause to put you into a predicament that even a Jedi Knight couldn’t get you out of.
TIPS
The first and foremost tip is not to do use illegal streaming services. They are illegal and what they are doing is also unethical. Don’t trust search engine searches to provide you with legitimate websites for streaming services. A prominent position in a Google or other search engine search only means that the websites appearing high were adept at understanding the algorithms used to position websites. Never provide a credit card as a means of verification. It is only a means of payment and as for the justification in this particular scam that the credit card was needed to verify that you are located in a country where the website is licensed to distribute the movie, pirated versions are not licensed anywhere. Also, when downloading a video, the file’s extension should either be .avi, mkv or mp4 and not .exe which is used by cybercriminals for malware. Finally, as always, you should have unique passwords for all of your online accounts so that in the event that a password on one of your accounts is hacked or otherwise compromised, all of your accounts will not be in jeopardy.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – December 24, 2019 – Ring Camera Hacking Update
In the Scam of the day for December 14, 2019 I told you about a Tennessee family who reported the Ring camera installed in the bedroom of their three young girls was hacked and the hackers not only were able to spy on the children, but also actually spoke to the children through the Ring’s speakers. As disturbing as this story is, the problem is even more threatening than it appears. While it may seem that hacking into a child’s monitor may be an invasion of privacy and nothing more, the truth is that in many instances, if a hacker is able to gain access to one device that is part of the home’s WIFi network, he or she could also gain access to other connected devices, such as the parent’s computer containing personal financial information or even be able to connect to the computers of the company for which the parent works if the parent’s computer is networked in for working from home. Many hackers search the Internet for unsecured web cameras and baby monitors that have not changed the factory setting username and password which gives them easy access to these cameras.
Since I wrote the December 14, 2019 Scam of the day hackers have published the usernames and passwords of thousands of users of Ring cameras on the Dark Web, that part of the Internet where cybercriminals buy and sell goods and services. As expected, these usernames and passwords appear largely to have been obtained by hackers through data breaches at other companies. The problem is that many people make the mistake of using the same username and password for all of their accounts, which puts them in jeopardy whenever a data breach occurs at any of the companies where they have a username and password.
TIPS
Anyone who has a Ring camera or baby monitor should make sure that the camera and software are constantly updated with the latest security software from the company that manufactures the camera. It also is a good idea to, as I have advised many times previously, make sure that your router, which connects you to the Internet, is password protected and that you change the username and default password for each of your Internet of Things devices. In the case of the Tennessee family the problem does not appear to have been a flaw in the Ring security cameras, but most likely can be attributed to their failing to change the default password with which the Ring camera came. These default passwords are easily discovered by hackers. Internet of Things devices are also readily hacked when people use the same password for all of their accounts and one of those companies suffers a data breach in which the hacked passwords became available to cybercriminals. It is for this reason that it is always a good practice to have unique passwords for each of your accounts.
You should have a unique, strong password for each of your online accounts so that in the event that there is a data breach and the password for one of your accounts becomes compromised, all of your accounts will not become vulnerable to being hacked. Creating and remembering strong, unique passwords for each of your accounts is not as difficult as it may appear. You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords. Add a few symbols like !!! and then adapt it for each account you have so that you will have a secure and easy to remember password for each of your online accounts. Thus, your Ring password could be IDon’tLikePasswords!!!RING.
Another important way to enhance your security is to use dual factor authentication by which when your account is being accessed, the company sends a one-time code to your cell phone to use to be used to access your account so even if a hacker has your password they would not be able to access your account. Ring offers the option to use dual factor authentication. Here is the link to set up dual factor authentication on your Ring device. https://support.ring.com/hc/en-us/articles/360024818291-Using-Two-Factor-Security-Authentication-with-Your-Ring-Products
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the Day – December 23, 2019 – A Cryptocurrency Ponzi Scheme Uncovered
Although cryptocurrencies, such as Bitcoin, may seem to be new. I have been writing in Scamicide.com about cryptocurrency scams for five years. Cryptocurrencies are legitimate, but scammers are increasingly taking advantage of the public’s fascination with cryptocurrencies to take old forms of scams and update them with a cryptocurrency twist. The perception of many in the public that cryptocurrencies offer an easy path to riches coupled with many people violating the cardinal rule of investing by investing in schemes that they do not understand creates a perfect storm for cryptocurrency scams.
A good example of what a cryptocurrency scam looks like can be found by going to this website touting HoweyCoins. https://www.howeycoins.com/index.html
The bad news is that while HoweyCoins may appear to provide a lucrative investment opporunity, there is no such thing as HoweyCoins. It is a scam. Fortunately, it is a scam website that was set up by the Securities and Exchange Commission to serve as a warning to unwary investors about the dangers of cryptocurrency scams.
OneCoin is a cryptocurrency that was created in 2014 by Ruja Ignatova of Bulgaria. Through a website and live appearances, she lured millions of investors around the world into pouring billions of dollars into her creation, which has been found to be nothing more than a Ponzi scheme where early investors were paid with the investments of later investors to make the enterprise appear to be legitimate and profitable. Ultimately, as new investors dried up, the scam was uncovered and Ignatova who is a fugitive from justice has been charged with wire fraud and conspiracy to commit money laundering.
TIPS
As I have mentioned many times previously, you should never invest in anything that you do not fully understand. You also should not invest in anything without investigating the people offering the investments. In addition, as always, if the investment sounds too good to be true, it usually is. Due to the fact that bitcoins are totally unregulated by any government, they are a questionable investment. Add to that fact, their digital character and its susceptibility to hackers and fraud and you have a dangerous investment at best.
Ignatova is just the latest in a long line of Ponzi schemers who make promises that are too good to be true backed up by an incomprehensible formula for investment success. You should always remember the prime rule of investing which is to never invest in anything or any investment strategy that you do not totally understand. Some of the things to be on the lookout for in regard to cryptocurrency scams are promises of high, guaranteed returns on your investment, false claims of being SEC compliant, allowing you to invest using your credit card and pump and dump scams. For more information about pump and dump scams related to cryptocurrencies, check out the Scam of the day for April 11, 2018.
Specifically in regard to OneCoin, if someone had investigated OneCoin before investing, they would have learned that OneCoin was not listed on any crytocurrency exchange. Its coins could only be sold back to the company and wallets for OneCoin that enable investors to transfer coins were not available. These are all red flags to the fact that OneCoin was a scam. In addition, OneCoin did not even use blockchain technology which is the basis of legitimate cryptocurrencies.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – December 22, 2019 – Massive Wawa Data Breach
While many of you may never have heard of Wawa, it is a convenience store chain of more than 850 stores around the country. Wawa recently disclosed that it had suffered a data breach that went undiscovered for nine months in which credit and debit card numbers, card expiration dates and cardholders’ names were stolen by hackers. In response to the data breach, the CEO of Wawa issued a detailed letter to affected customers in which you can find the information to activate free credit monitoring offered by Wawa. Here is a link to that letter. https://www.wawa.com/alerts/data-security
TIPS
This data breach is a lesson to us all to carefully monitor our credit card statements for indication of fraudulent use. If you find that your card has been used by a hacker, you should immediately report it to your credit card company. While federal law allows credit card companies to hold you responsible for fraudulent charges on your credit card to a maximum of $50, I have never heard of a credit card company that ever held a customer responsible for any amount of fraudulent charges promptly reported. This is a good time to remind you to also refrain from ever using your debit card for anything other than an ATM card because the laws do not protect you from fraudulent use of your credit card to the extent that you are protected when using your credit card. Potentially you risk losing the entire bank account tied to your debit card if you do not promptly report any fraudulent use.
This is also a good time if you have not yet frozen your credit reports with each of the three major credit reporting agencies, Equifax, Experian and TransUnion, to do so now to protect yourself from possible identity theft. it is free and easy to do.
To get the maximum protection from identity theft, it is important to freeze your credit at each of the three major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp
https://www.transunion.com/credit-freeze/place-credit-freeze
https://www.experian.com/freeze/center.html
If you have not enrolled in an identity theft protection service, this data breach is also a good reminder to us all to consider signing up for one. I have looked into many of these services and have given my endorsement to Identron, which I believe provides the best overall identity theft protection services including credit monitoring and much more. Here is a link to Identron https://www.identron.com/partner/steven-j-j-weisman-esq/
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – December 21, 2019 – Weight Loss Scam Refunds
Weight loss scams are among the most common scams and with good reason. Many people want to lose weight and most of the scam products promise to do that for you easily without diet or exercise. The unfortunate truth is that there is no magic formula for quick and easy weight loss without diet and exercise, but scammers continue to prey on people looking for that quick solution to their weight difficulties. In 2014 the Federal Trade Commission (FTC) and the State of Connecticut settled a case against the marketers of LeanSpa and refunded money to victims of this scam. Now the FTC is making further refunds to people who lost money in this scam.
LeanSpa used phony websites to promote ineffective acai berry and colon cleanse weight-loss products falsely telling consumers that they could get free samples of these products if they paid a small amount of money to cover shipping and handling costs. The truth is that the consumers were not only charged $79.95 for the “free” products, but also were billed monthly for additional products that were extremely difficult to cancel.
TIPS
For more information about this refund program go to the tab in the middle of the Scamicide home page entitled “FTC Scam Refunds.” It is important to note that there is never a charge for obtaining a refund through the FTC. Anyone who asks for such a payment is just another scammer.
As for weight loss products in general, the truth is that there are no quick fixes when it comes to weight loss and you should be wary of any product that promises you can lose tremendous amounts of weight quickly without dieting or exercise. You should also be wary of any weight loss product that is sold exclusively either over the Internet or through mail-order advertisements. The best course of action is to ask your physician about the effectiveness of a particular weight loss product or program before you reduce your wallet in an effort to reduce your waistline.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – December 20, 2019 – New Threat at Gas Pumps
For years I have warned you about the dangers of skimmers installed on gas pumps. Skimmers are small electronic devices that are easily installed by an identity thief on gas pumps, ATMs and other card reading devices. The skimmer steals all of the information from old style magnetic strip credit card or debit cards which then enables the identity thief to use that information to access the victim’s bank account when the skimmer is used on a debit card. If a credit card is used, the identity thief can use the stolen information to access the victim’s credit card account. MasterCard and Visa announced in December of 2016 that the deadline for the installation of EMV chip card readers on gas pumps was being delayed three years to October 1, 2020. The deadline for the installation of EMV chip card readers at gas pumps was originally scheduled for October 1, 2017. Wider implementation of the use of EMV chip cards at retail stores where their use has been mandated for three years has resulted in a dramatic reduction in data breaches and credit card fraud at retailers using this equipment. Around the country there has been an increase in the use of skimmers installed by criminals at gas pumps.
Now we are learning of a new problem. According to Visa, an infamous hacking group known as Fin8 is using phishing emails to lure gas stations into downloading malware that enables the hackers to access the information from the gas stations internal point-of-sale networks to steal credit and debit card information. It is important to note that for gas pumps that use the EMV chip cards, the hackers efforts are ineffective, however, if you use a magnetic strip card at an infected gas pump, you are in danger of having your card compromised.
TIPS
There is no way for consumers to know if we are using a hacked gas pump. If the particular gas pump you are using has been updated to accept EMV chip cards, you will not have a problem, however, if as most gas pumps, the one you are using does not accept EMV chip cards, but only magnetic strip credit and debit cards, you are in danger of identity theft. Fortunately, the solution to this problem is simple. Refrain from using your debit card for anything other than an ATM card and use your credit card for all of your card purchases including those at gas pumps. Debit cards, when compromised put the customers at risk of having the bank accounts tied to their cards entirely emptied if the theft is not promptly reported and even if the victim reports the theft immediately, the victim loses access to his or her bank account while the matter is investigated by the bank. Instead use your credit card and monitor your account regularly to find out early if you have become a victim of this scam. With a credit card, your liability for fraudulent purchases is limited by law to no more than $50 and I am not aware of any credit card companies that hold their customers responsible for any fraudulent purchases. Unfortunately, fraudulent debit purchases do not come with the same legal protection.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – December 19, 2019 – Holiday Pet Scams
According to the Better Business Bureau (BBB) pet scams involving the online sale of non-existent dogs have increased 39% since 2017. People buy dogs or other pets online and although they think they are taking proper precautions, they often end up getting nothing in return for the money that they wire to the scammer who may have a website or some other way of marketing their non-existent pets with photographs and false information. Often the scammers hook their victims for more and more money, such as when even after the victims has paid for the non-existent dog, the victim is asked for further fees for a special crate to transport the dog along with additional transportation company fees.
A study of the Better Business Bureau entitled “Puppy Scams: How Fake Online Pet Sellers Steal from Unsuspecting Pet Buyers” describes this scam in detail and indicates that this scam largely originates in the the African country, Cameroon.
Click to access puppy-scams-bbb-study-20170901.pdf
TIPS
It is simple for a scammer to construct a website that appears to be legitimate and scammers can readily steal the name of a legitimate animal breeder. Always check into the reputation of the breeder with the Better Business Bureau, your state’s attorney general and even Google the name with the word “scam” to see if a legitimate breeder’s name that is being used has been stolen for scams previously. Be wary of anyone who asks you to wire money because that is a telltale sign that a scam is going on because once the money is wired, it is impossible to get it back. If you are told that a courier company is being used to transport the animal, check out the company to make sure it is legitimate and actually shipping the dog. There also are a number of ways such as using the website http://www.tineye.com to search the photos sent to you of the dog to see if they appear elsewhere other than the website attempting to sell you a puppy. If so, this is a good indication that you are being scammed. Also, always get a veterinarian report on any animal before you consider buying it. Finally, you are always going to be better off buying a pet that you can see in person prior to buying the pet.
Some phony breeders claim they are certified by the American Kennel Club (AKC) however, the AKC doesn’t certify breeders. Legitimate breeders will however, register their litters with the AKC and you can find out by calling the AKC’s customer service line 919-233-9767 if a particular litter has been registered.
Here is a link to a television interview I did about pet scams:https://turnto10.com/i-team/consumer-advocate/12-scams-of-christmas-phony-pet-breeder
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”