Scam of the Day
Scam of the day – December 2, 2019 – A Variety of Gift Card Scams
Buying a gift card as a gift is both an easy way to purchase a gift for someone and a good way to make sure that the gift is something that the receiver of the gift can actually use and enjoy. It definitely is a win-win situation. However, scammers are always ready to take any good thing and turn it into a scam. The most common gift card scam involves scammers going to racks of gift cards in stores and using handheld scanners that are easy to obtain, read the code on the strip of the card and the number on the front. They then put the card back in the display and periodically check with the retailer by calling its 800 number to find out whether the card has been activated and what the balance is on the card. Once they have this information they either create a counterfeit card using the information they have stolen or order material online without having the actual card in hand.
In some instances, the scammers don’t even bother to scan the barcode, but rather use what is called a brute force attack by using software that will try out huge numbers of possible bar code numbers and PINs to see if any of them match legitimately issued gift cards. They strike gold when they find one or more that match legitimate cards.
Another gift card scam occurs when scammers place a sticker with the barcode of a a gift card that the scammers possess over the actual barcode of the gift card in the rack. Thus when the card is taken by the gift card purchaser to the checkout counter to have the card activated, the funds used to purchase the gift card are credited to the card of the scammer. It is not until the gift card purchaser tries to use his or her card that it is discovered that there are no funds credited to the card.
Some retailers, in an effort to reduce gift card fraud put a PIN on the gift card so that if the card is used online, the user must have access to the PIN which is generally covered and must have the covering material scratched off in order to be visible. Unfortunately, many purchasers of gift cards are not aware of this so they don’t even notice that the PIN on the card that they are purchasing has already had the covering material scratched off by the scammer who has recorded the PIN.
Finally, you may be tempted to buy a gift card at a discounted rate at one of many online sites that enable people to sell their unwanted gift cards from particular retailers. While there are many legitimate sites that will allow you to do this, it is not a good idea to buy a card from these sites because the card you buy may have been stolen or the value of the card may already have been used.
TIPS
When buying a gift card, only purchase cards from behind the customer service desk and if the card is preloaded, always ask for the card to be scanned to show that it is still fully valued. This avoids all of the problems of tampering with the card before it is sold.
Always inspect the card carefully to make sure that the barcode has not been tampered with in any fashion and that the PIN is still covered.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – December 1, 2019 – Phony Retail Websites
Imagine Andy Williams singing, “It’s the Most Wonderful Time of the Year” and it may indeed be the most wonderful time of the year for many people, but it is not so wonderful if you have been scammed by cybercriminals who really do find the holiday shopping season to be the most wonderful time of the year – for them. Many of us do much of our gift shopping online, which is a simple and convenient way to shop, particularly with stores so crowded during the holiday season. Scam artists, the only criminals we refer to as artists are adept at constructing phony retail websites that appear to be legitimate. In these websites, which sometimes are counterfeit sites of legitimate retailers, they offer popular products at extremely low prices. However shopping at these bogus websites will only result in your credit or debit card information being stolen while you never get the product you ordered.
TIPS
If an offer sounds too good to be true, it usually is. Scammers always pick the most popular and expensive items to lure people into sending them money for goods that never are delivered. You may wish to restrict your shopping to well-known, legitimate retailers and even then, make sure you are actually on their websites and not that of a scammer. You can do this by going to https://www.whois.com/whois/ where you can find out who actually owns the website where you are considering shopping. If, for instance, the Target website you are considering using is registered as being owned by someone in Nigeria, you can be sure it is a scam. You also can go to http://www.resellerratings.com/ for reviews about particular merchants to find out if they are legitimate.
Even when shopping on a website that you are sure is legitimate, it is important to remember that while your liability for fraudulent use of your credit card is limited by federal law to no more than $50, your liability for fraudulent use of your debit card which is tied to your bank account is unlimited if you do not promptly discover and report the fraud so always use your credit card for shopping whether you are shopping online or offline.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – November 30, 2019 – A New Facebook Lottery Scam
During the years that I have been writing Scamicide I have written many times about various Facebook scams. The reason for this is that with 2.8 billion users, Facebook is obviously popular and anything popular with that many people will be sought after as a vehicle for scammers to scam people. People are reporting being contacted through Facebook and told that their name is included on a list of winners of a Facebook lottery. Often the message appears to come from a trusted friend when the truth is that the trusted friend’s account had been hacked and used to send out the message to lure people into becoming victims of the scam. Once you click on a link in the message, it takes you to a phony Facebook Lottery website filled with photos of other lucky winners. You are then prompted to search for your name on a winner’s list on the website. Of course, your name appears. You are then instructed to complete a Status Verification form, after which you are told that you will need to pay various delivery and insurance fees before you can receive you prize. You also may be asked for personal information. Ultimately, there is no prize, the money you send to cover insurance and delivery fees is lost forever and if you provide personal information, it is used to make you a victim of identity theft.
TIPS
A strong password and security question can help increase your security on Facebook. Unfortunately, however, a very simple flaw in Facebook procedures allows a hacker to get access to your account and the ability to change your password after the hacker is unable to answer your security question merely by having the hacker provide three “friends” with Facebook accounts to whom Facebook will send security codes that the hacker can use to gain access to your account and change your password. The hacker, of course, has already set up Facebook accounts for three phony “friends” to whom Facebook will send the security codes which can be used to hack your account. Other times, the personal information that is readily available about people on line is sufficient to answer the security question. Regardless of how the account is hacked into, the result can bring an increased risk of identity theft to your real friends who may trust a message from you that contains a link with dangerous keystroke logging malware that can result in your real friend’s computer being infiltrated and all of the information on it stolen such as Social Security number, account passwords and credit card numbers that can result in identity theft.
Be careful what personal information you put on Facebook. Always consider how that information can be used against you to make you a victim of identity theft. When setting up a security question, pick an answer that is nonsensical to protect it from hackers, such as “Where did I go to High School?” with an answer of “blue.” Finally and most importantly, never, and I mean never, click on links in messages that you receive unless you are absolutely sure that they are legitimate. Merely because a message appears to be from a friend does not mean that the friend actually sent it. His or her account may have been hacked or they may even be passing on tainted material without knowing it. Never click on a link until you are absolutely sure that it is legitimate. Call your friend to confirm that the message was from them and confirm from where they got the link they are sending to make sure that it is legitimate. It may seem paranoid, but even paranoids have enemies.
As for this phony lottery scam, as with all lottery scams, it is important to remember that it is hard to win a lottery and it is impossible to win one that you have never entered. Also, no legitimate lottery asks for payments in order to claim your prize.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – November 29, 2019 – Another Major Ransomware Attack
It has only been a couple of days since I wrote about another major ransomware attack and now there has been another to report to you about. Ransomware is the name for malware that once installed on a computer, often unwittingly through clicking on links in spear phishing emails, encrypts and locks all of the victim’s data. The cybercriminal who sent the ransomware then threatens to destroy the data unless a bounty is paid. This time the victim of the attack is the company Virtual Care Provider, Inc (VCPI) which provides computer services to 110 nursing homes in 45 states around the country. After infecting the 80,000 computers maintained by VCPI with the Ryuk malware strain through phishing emails, the cybercriminals are demanding a Bitcoin ransom equivalent to 14 million dollars. Among the records blocked by the ransomware are critical medical records for VCPI’s nursing home residents.
Like all forms of malware, ransomware must be downloaded on to your computer in order to cause problems. This is generally done by luring people to click on links or download infected attachments contained in spear phishing emails.
While we are aware of the many ransomware attacks targeting hospitals, government agencies and companies, it is important to remember that ransomware attacks also occur against individuals as well so it is important to take steps to protect yourself from this threat.
TIPS
Because ransomware attacks as well as most other types of malware attacks are spread through phishing emails that lure unsuspecting people into clicking on malware infected links or downloading attachments tainted with malware, you should never click on links in emails or download attachments unless you have absolutely confirmed that the email is legitimate. Ransomware attacks are not limited to cities and large institutions. They are also used to attack individuals and extort money from them.
You also should update all of your electronic devices with the latest security updates and patches as soon as they become available, preferably automatically. Many past ransomware attacks exploited vulnerabilities for which patches had already been issued. The No More Ransom Project has a website that provides decryption tools for some of the older versions of ransomware that are still being used. Here is a link to their website https://www.nomoreransom.org/en/decryption-tools.html It is important, however, to remove the ransomware before downloading and using the decryption tools. This can be done using readily available antivirus software. It is also important to remember that even if you have the most up to date security software on your computer and phone, it will not protect you from the latest zero day defect malware which is malware that exploits previously undiscovered vulnerabilities.
Another precaution you should follow is to regularly back up all of your data on at least two different platforms, such as in the Cloud and on a portable hard drive.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – November 28, 2019 – Get Ready for Black Friday
Happy Thanksgiving to everyone. We all have much for which we should be thankful. Tomorrow is the official start of the holiday shopping season. This day is often referred to as Black Friday, which traditionally is one of the biggest shopping days of the year. This fact is not lost on scammers who will be as pervasive as ever. Over the next few weeks, I will be focusing the Scams of the day on the many holiday season scams about which we should all be aware. If you are shopping in a brick and mortar store tomorrow or any other day throughout the year, you should use a credit card rather than a debit card because of the possibility of skimmers which are small devices being used by criminals working as sales clerks that will capture your credit card number which will then be used to make fraudulent purchases. Whenever possible you should use your chip credit card because it is not susceptible to skimmers, however, some retailers still have not switched to chip technology so your credit card’s vulnerable magnetic strip will be used to process the purchase . As for using your credit card rather than your debit card, it is important to remember that while your liability for fraudulent use of your credit card is limited by federal law to no more than $50, your liability for fraudulent use of your debit card which is tied to your bank account is unlimited if you do not promptly discover and report the fraud.
I will be discussing safe practices for online shopping in a future Scam of the day, but a new development this year warrants mention. The FBI has issued a warning about what it calls E-skimming, which occurs when criminals infect the websites of numerous retailers in a manner that they are able to capture your credit card or debit card information when you enter it into the website. It is important to note that while your chip card will protect you if you make purchases using it at a brick and mortar store that has updated its credit card processing equipment to handle chip credit cards, you cannot use your chip for online purchases.
TIPS
For the reasons discussed above, try to use your credit card as a chip card whenever possible and always watch your credit card when it is being processed at a brick and mortar store. Don’t let it out of your sight because that is when you run the risk of a rogue clerk running it through a skimmer. Refrain from using your debit card except as an ATM card. Finally, in regard to the E-skimming threat, you should regularly monitor your credit card statement online rather than waiting for a monthly paper bill to be delivered to you so that if your credit card was compromised and your data stolen, you will be able to discover and report the problem to your credit card issuer quickly and avoid more problems.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – November 27, 2019 – Ransomware Attacks Hundreds of Veterinary Hospitals Around the World
I have written many times about ransomware because it continues to be a major problem for businesses, governments and individuals alike. Ransomware is the name for malware that once installed on a computer, often unwittingly through clicking on links in spear phishing emails, encrypts and locks all of the victim’s data. The cybercriminal who sent the ransomware then threatens to destroy the data unless a bounty is paid. In 2017 we experienced two massive ransomware attacks against millions of computers around the world. These were the infamous WannaCry and Peta ransomware attacks. Later, the city government of Atlanta becoming a victim of ransomware when some of its systems were frozen using the infamous SamSam family of malware that has been used successfully against a number of companies and municipalities. In its 2018 Verizon Data Breach Report, Verizon, which gathered data from 65 organizations in 65 countries, found that ransomware, which was only the 22nd most common malware in 2014, is now the number one most common malware used by cybercriminals. Earlier this year, it was revealed that 23 municipalities in Texas were victimized by simultaneous ransomware attacks by a single hacker.
Now, National Veterinary Associates, a California company that operates more than 700 veterinary hospitals around the world was hit by a ransomware attack on more than half of their hospitals. The strain of ransomware used was the very effective Ryuk ransomware strain which was first used in August of 2018
Like all malware, ransomware must be downloaded on to your computer in order to cause problems. This is generally done by luring people to click on links or download infected attachments contained in spear phishing emails.
While we are aware of the many ransomware attacks targeting hospitals, government agencies and companies, it is important to remember that ransomware attacks also occur against individuals as well so it is important to take steps to protect yourself from this threat.
TIPS
Because ransomware attacks as well as most other types of malware attacks are spread through phishing emails that lure unsuspecting people into clicking on malware infected links or downloading attachments tainted with malware, you should never click on links in emails or download attachments unless you have absolutely confirmed that the email is legitimate. Ransomware attacks are not limited to cities and large institutions. They are also used to attack individuals and extort money from them.
You also should update all of your electronic devices with the latest security updates and patches as soon as they become available, preferably automatically. Many past ransomware attacks exploited vulnerabilities for which patches had already been issued. The No More Ransom Project has a website that provides decryption tools for some of the older versions of ransomware that are still being used. Here is a link to their website https://www.nomoreransom.org/en/decryption-tools.html It is important, however, to remove the ransomware before downloading and using the decryption tools. This can be done using readily available antivirus software. It is also important to remember that even if you have the most up to date security software on your computer and phone, it will not protect you from the latest zero day defect malware which is malware that exploits previously undiscovered vulnerabilities.
Another precaution you should follow is to regularly back up all of your data on at least two different platforms, such as in the Cloud and on a portable hard drive.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – November 26, 2019 – Ten People Charged in Huge Romance Scam
Over the years I have warned you many times about romance scams, but it is important to do so again because these scams are getting worse. According to the Federal Trade Commission (FTC) Americans lost more money to romance scams last year than to any other scam and the situation is getting more serious. It is also important to note that romance scams are not limited to the United States, but occur worldwide. Recent figures from Hong Kong show the incidents of romance scams have also increased dramatically in the past year. Last October a joint operation of Hong Kong, Malaysian and Singaporean law enforcement arrested 52 people involved in an international online romance scam in which millions of dollars were stolen from their victims. Recently ten people in Oklahoma, New York, California and Texas were charged by federal law enforcement with conspiring to launder money obtained in a romance scam that targeted women around the world. Following a familiar patter, the scammers would establish relationships with women online through various legitimate dating websites and social media using fake names, locations and images. The scammers would pose as Americans working abroad. After building trust with their victims, they would ask for money to help them through some sort of emergency. Americans lost 143 million dollars to romance scams last year with one woman losing $546,000.
The FBI recently reported that romance scams increased 70% in the past year. While anyone can be the victim of a romance scam, according to the FBI, the elderly, women and people who have been widowed are particular vulnerable. Most romance scams are online and involve some variation of the person you meet through an online dating site or social media quickly falling in love with you and then, under a wide variety of pretenses, asking for money.
TIPS
There are various red flags to help you identify romance scams. I describe many of them in detail in my book “The Truth About Avoiding Scams.” The most important thing to remember is to always be skeptical of anyone who falls in love with you quickly online without ever meeting you and early into the relationship who then asks you to wire money to assist them with a wide range of phony emergencies.
Here are a few other things to look for to help identify an online romance scam. Often their profile picture is stolen from a modeling website on the Internet. If the picture looks too professional and the person looks too much like a model, you should be wary. You also can check on the legitimacy of photographs by seeing if they have been used elsewhere by doing a reverse image search using Google or websites such as tineye.com. Particular phrases, such as “Remember the distance or color does not matter, but love matters a lot in life” is a phrase that turns up in many romance scam emails. Also be on the lookout for bad spelling and grammar as many of the romance scammers claim to be Americans, but are actually foreigners lying about where they are and who they are. Of course you should be particularly concerned if someone falls in love with you almost immediately. Often they will ask you to use a webcam, but will not use one themselves. This is another red flag. One thing you may want to do is ask them to take a picture of themselves holding up a sign with their name on it. In addition, ask for a number of pictures because generally when the scammers are stealing pictures of models from websites, they do not have many photographs. Ask for the picture to be at a particular place that you designate to further test them. If you meet someone through a dating website, be particularly wary if they ask you to leave the dating service and go “offline.”
You also should be particularly wary of online relationships with people in the military because while many real military personnel do use social media and dating websites, they are a favorite disguise for scammers.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – November 25, 2019 – Sneaker Scams on Instagram
Sneakers can be extremely expensive. For example, a pair of Air Jordan 2 OG sneakers sells for $31,000. While most sneakers are not that expensive, they are still a costly item. Many young people collect sneakers and are looking for deals when they can. Recently there have been reports of expensive sneaker scams on Instagram where posts or sponsored advertisements are appearing that offer rare sneakers for attractive prices. The seller appears to have a lot of Instagram followers, but that is not a clear indication that the seller is legitimate. The seller often sends photographs of the shoes to prospective customers/victims who respond to the scammers ads or post. Once the victim is convinced to purchase the sneakers, the victim is told by the scammer to use Venmo or some other Peer to Peer Payment Service . Peer to Peer Payment Payment Services (P2P) such as Zelle, Venmo, ApplePay PayPal, Square Cash and PopMoney are popular ways to quickly and conveniently send money electronically from your credit card or bank account. They also are easy ways to be scammed and unlike with scams targeting your credit cards directly, you may not have as much protection under the law to get your money back if you do get scammed. These P2P payment systems are useful for sending money to friends, family and others you know well, but they should not be used for commercial transactions. People falling for the Instagram sneaker scam end up making payments without any recourse and never receiving anything in return.
TIPS
Never buy anything from an online seller unless you have thoroughly researched the seller to make sure that the seller is legitimate. Some good places to do your research are the Better Business Bureau at www.bbb.org,, and Reseller Ratings at http://www.resellerratings.com.
Whenever you shop either online or in a brick and mortar store you should use your credit card rather than a debit card or some other form of payment because you have much more protection under the law if the sale was a scam if you use a credit card than any other form of payment.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – November 24, 2019 – FTC Refunding Money to Victims of Skin Care Product Scam
The Federal Trade Commission (FTC) is mailing refunds to victims of a scam operated by seven people and fifteen companies selling Auravie, Dellure, LeOR Skincare and Miracle Face Kit branded skincare products. These scammers represented that the products were being offered through a “risk-free trial.,” but after convincing unwary consumers to provide their credit card numbers purportedly to cover a small shipping charge, billed their victims’ credit cards monthly for products never ordered by their victims. The FTC shut down the scam and is now mailing refunds to victims of the scam. For more information about this particular refund program check out the “FTC Scam Refunds” tab in the middle of the first page of http://www.scamicide.com. You also can find information there about the mailing of the refund checks.
TIPS
It is always important to read the “fine print” in any contract for the ordering of products. Rarely will you find anything “fine” in fine print, but in many scams, buried within the long agreement will be a term to which never agreed upon. You should also research any skin care product as to whether it is effective before buying. Finally, in regard to obtaining a refund from the FTC, there is no cost or fee to file a claim or get a refund. Anyone who tells you differently is trying to scam you.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – November 23, 2019 – Macy’s Suffers Data Breach
Macy’s has announced that its macys.com website was hacked for one week in October resulting in a data breach in which customers’ names, addresses, credit card numbers and debit card numbers were stolen leaving them in significant danger of identity theft. Macy’s has notified those customers affected by the data breach and are offering free credit monitoring to them. This data breach provides a good warning to online shoppers as we start the holiday shopping season.
Many of us are suffering from what is being called “data breach fatigue” as a result of which we may not tend to take seriously the threat that data breaches present, but it is dangerous to ignore the threats that these data breaches present. Fortunately there are some things you can and should do to protect yourself from future data breaches that will affect you.
TIPS
One of the biggest lessons from the myriad of data breaches is to make sure that you use unique passwords for every online account that you have in order to avoid having a sensitive account, such as your online banking account compromised because you use the same password as you do for another relatively meaningless account that had poor security which led to a data breach in which your password was stolen. This is also a reason for deleting old accounts you don’t use that could expose your passwords and other information. The hacking of thousands of Disney + accounts only a few days after the new streaming service was launched is a good example of why it is important to have unique passwords for all of your accounts. It appears at this time that Disney + wasn’t hacked and did not suffer a data breach. The primary reason for the accounts being hacked appears to be that the people who had their accounts hacked were using passwords they used for other accounts at sites that have suffered data breaches thereby enabling the cybercriminals to use those stolen passwords to access their victims’ Disney + accounts.
Creating and remembering strong, unique passwords for each of your accounts is not as difficult as it may appear. You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords. Add a few symbols like !!! and then adapt it for each account you have so that you will have a secure and easy to remember password for each of your online accounts. Thus, your Amazon password could be IDon’tLikePasswords!!!AMA.
This is also a good time if you have not yet frozen your credit reports with each of the three major credit reporting agencies, Equifax, Experian and TransUnion, to do so now to protect yourself from possible identity theft. it is free and easy to do.
To get the maximum protection from identity theft, it is important to freeze your credit at each of the three major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp
https://www.transunion.com/credit-freeze/place-credit-freeze
https://www.experian.com/freeze/center.html
Another important rule to follow is to refrain from using your debit card for online purchases. Instead only use your credit card because the laws regarding fraudulent use of your credit card are much more consumer friendly than the laws regarding fraudulent debit card usage.
Also, use dual factor authentication whenever possible so that even if your passwords are compromised, no one can access your account.
In addition, you should be aware that with your email address commonly known by many scammers, you can expect to receive more phishing and more dangerous specifically targeted spear phishing emails that attempt to lure you into clicking on links containing malware or try to convince you to provide personal information that can be used to make you a victim of identity theft. Never click on links or provide personal information in response to an email or text message unless you are absolutely sure that the email or text message is legitimate.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”