Scam of the Day
Scam of the day – August 19, 2025 – Phony Norton Invoice Scam
The phony invoice scam is a common scam popular with scammers because it is quite effective. It starts when you receive an email that purports to be from a popular company with which many of us do business that indicates that you owe them a significant payment. The scammers count on people being concerned that they are being wrongfully charged for a product they did not order. You are provided a telephone number to call if you dispute the bill. If you call the number, you will be prompted to provide personal information that will be used to make you a victim of identity theft.
Recently, a loyal Scamicide reader sent me a phony Norton invoice she received similar to many I have seen in the past. Norton is a company that provides a wide range of digital security services and identity theft protection services. As always, the purpose of a phishing email is to lure you into clicking on links contained within the email or providing personal information, in this case by phone if you call to dispute the phony bill . If you click on links in phishing emails, you end up downloading malware and if you provide the requested information, it ends up being used to make you a victim of identity theft. This particular phishing email provides a phone number to call if you wish to dispute the obviously phony invoice. If you call the number in the phishing email you will be asked for personal information that will be used to make you a victim of identity theft. The phone number is not that of Norton customer service The real phone number of Norton customer service is the toll free number 1 (855) 815-2726. The number in the phony invoice is not a toll free number.
There are a number of red flags that indicate that this is a scam. Your name does not appear anywhere in the invoice. Also, the email was sent from an email address that has no relation to Norton.
Scam of the day – August 18, 2025 – New Twist on the Jury Duty Scam
I have been warning you about the jury duty scam for twelve years, but it continues to snare many unwary victims. This scam generally starts with a phone call from someone posing as a police officer or court official telling you that you have missed jury duty and must pay a fine or risk being arrested. Often in these scams you are told that you can pay the fine through a credit card or, as is being done more and more, by a gift card or cryptocurrency which you are told to pay through a cryptocurrency ATM. Other times they ask for your Social Security number to confirm your identity. Of course, the phone call is a scam. Even if you have missed jury duty, you will never be called by legitimate court officers and shaken down for a payment.
Scammers will use a technique called “spoofing” to make the call appear on your Caller ID as if it is coming from a legitimate law enforcement agency or court. In some instances of the scam you are asked to confirm your identity by providing your Social Security number which will then be used to make you a victim of identity theft. The scam has evolved to where people are also being contacted by text messages or emails from scammers posing as a representative of the local court system.
Now in a new twist on this scam the caller directs you to a phony website that appears to be a legitimate government website (you can thank AI for that) where you are prompted to insert your birthdate and Social Security number for identification purposes. The website then prompts you to either pay the fine on the site or sends you to a cryptocurrency ATM to make the payment.
TIPS
Initial contacts from courts regarding jury duty are always in writing through the mail although some systems will permit you to receive future notices through email. Under no circumstances will you receive telephone calls or text messages indicating that you have failed to report for jury duty. No court will demand payment over the phone for failing to appear for jury duty and no court ever requires a payment be made via cryptocurrencies or gift cards. If you do receive such a call and you think that there is even the possibility that you might have forgotten to report for jury duty, merely call the local clerk of courts in order to get accurate information. Of course anyone calling you and telling you that you can pay your fine to them over the phone using your credit card or a gift card is a scammer.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”
Scam of the day – August 17, 2025 – Landline Identity Theft
A new scam that takes advantage of old technology is landline identity theft which has rececently been used by scammers to hack into someone’s bank account without knowing the password for the account. Many people no longer use landlines, but may not have noticed that an old landline number of theirs is still tied for security purposes to their bank account. Scammers will contact the phone company posing as the consumer to have their landline number moved to the cell phone of the scammer. The scammer then asks the bank to change his password whereupon the bank using its security protocol sends a verification code to the old landline phone number now controlled by the scammer which enables the scammer to then change the password and access the victim’s bank account.
Many people neglect or fail to remember to update their security settings for their accounts and an old phone number or email address in the hands of a scammer can lead to disaster.
TIPS
The first thing to do to avoid becoming a victim of this scam is to review all of the recovery and security settings on all of your accounts to make sure they are up to date and delete any old phone numbers or email addresses. You also should contact your phone service provider and have a PIN put on your account so that your number cannot be transferred to another phone without the PIN being used. If you are particularly paranoid, which I am sometimes, you may even arrange with your phone service provider to not transfer your phone number to another phone unless you do it in person.
Consider using an authenticator app for your accounts such as Google Authenticator, Authy or Microsoft Authenticator for the dual factor authentication on your accounts rather than, as is most common, having a code sent to your phone.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – August 16, 2025 – New York AG Sues Zelle For Enabling Fraud
New York Attorney General Letitia James is not afraid of bringing legal actions against powerful corporations that put profit over the security of their customers. In the Scam of the day for February 4, 2024 I told you about the lawsuit she brought against Citibank for failing to protect its customers from scams. Now she is taking on Zelle, the sevice created by major banks in 2017 that enables people to quickly and easily send money from their bank accounts to other Zelle platform users. Unfortunately, as I have often reported to you, Zelle has been a favorite method for scammers to lure their victims into paying them through a variety of scams. According to Attorney General James, Zelle lacks important verification steps that would help prevent fraud such that scammers can sign up for Zelle using misleading email addresses that make them appear to be legitimate businesses or government agencies. In the lawsuit, James points out the example of someone posing as a Con Edison employee threatening to turn off electricity unless money was sent by Zelle to the scammer who was able to use the name “Coned Billing” for the account.
If this sounds familiar to you, the Consumer Financial Protection Bureau had filed a similar lawsuit against Zelle in December of 2024, but the Trump administration dismissed the lawsuit earlier this year.
TIPS
Meanwhile if you are a Zelle user what can you do to protect yourself?
Before signing up for any Zelle you should familiarize yourself with their fraud protection rules. In the fine print you may find that you have little, if any, protection if you use the account to purchase something that ends up being a scam. Consumers should recognize that Zelle should not be used for commercial transactions, but only to transfer small amounts of money to people you know.
In order to protect your account from being hacked and being taken over by a scammer who could access your credit card or bank account, you should use a PIN or other dual factor authentication for your Zelle account.
To avoid having your Zelle account and other accounts from being taken over by scammers, never provide your username, password or PIN in response to any email, text message or phone call unless you have absolutely confirmed that the request for this information is legitimate, which it never is. You can confirm this by contacting your bank by calling them at a telephone number you know is accurate. Even if you get a call that appears to come from your bank or other company with which you do business, your Caller ID can be tricked by a technique called spoofing to make the call appear legitimate when it is not.
Finally, remember no governmental agency asks for or accepts payment by Zelle.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – August 15, 2025 – Thirteen Men Charged With Transnational Grandparent Scam
This week Oscar Manuel Castanos Garcia of the Dominican Republic was charged with masterminding a sophisticated call center operation in the Dominican Republic that would target elderly people in the United States through the grandparent scam. Twelve other participants in the scam were also charged. Working through a call center in the Dominican Republic, the scammers would call elderly people in the United States posing as their grandchild who had gotten arrested and needed bail money. The scammers would first call posing as the grandchild and then a follow up call would be made by another scammer posing as the grandchild’s lawyer demanding money to pay for bail and legal expenses. The scammers then sent Uber drivers to the homes of the elderly victims to pick up the cash. None of the Uber driver were aware that they were being used for the scam, however, a suspicious Uber driver recognized it was a scam and reported it to the FBI which led to the arrests. According to prosecutors, the scammer stole more than $5 million from 400 victims.
Here is a copy of the scripts used by the scammers.
I am sure by now all of you are familiar with the grandparent scam where a grandparent receives a telephone call from someone purporting to be their grandchild who has gotten into some trouble, most commonly a traffic accident, legal trouble or medical problems in a far away place. The caller pleads for the grandparent to send money immediately to help resolve the problem. However the caller also begs the grandparent not to tell mom and dad. One would think that no one would be gullible enough to fall for this scam, but don’t be so hard on the victims of this scam. Scam artists have a knowledge of psychology of which Freud would have been envious and are able to use that knowledge to persuade their victims to send money right away. While this scam has been going on for approximately fifteen years, it continues to victimize people.
TIPS
Scammers often use the nicknames of the grandchildren when speaking to their intended victims. Sometimes they get this information from social media while in other instances they get this information from reading obituaries which may contain the names of grandchildren so merely because the correct name is used in the call is no reason to believe the call. Don’t respond immediately to such a call without calling the real grandchild on his or her cell phone or call the parents and confirm the whereabouts of the grandchild. If a medical problem is the ruse used, you can call the real hospital. If legal problems are the hook you can call the real police. You can also test the caller with a question that could be answered only by the real grandchild, but make sure that it really is a question that only the real grandchild could answer and not just anyone who might read the real grandchild’ s social media postings. Prudent families can also come up with a code word to use in an emergency which a scammer will never know.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it states “Sign up for this blog.”
Scam of the day – August 14, 2025 – Vikings Linebacker Loses $240,000 to Bank Scam
Imposter scams where the scammers pose as a government employee, such as with the IRS or a company with which you do business such as your bank are unfortunately often very successful in stealing your money. They generally convince you that there is an emergency that requires you to pay them money directly or, as is often the case, send money to designated accounts that you are told would be held for you to protect your funds. Last month, Minnesota Vikings linebacker Dallas Turner fell prey to an imposter scam where he received a phone call from a scammer posing as an employee of Chase, his bank informing him that someone had tried to access his bank account and that in order to protect his money he needed to wire it to two different accounts at two different Chase banks, which Turner did before he realized after speaking with a family member that he had been scammed.
Scammer are able to use a technique called spoofing to manipulate your Caller ID so that their call can be made to appear to come from whatever number and source they wish. In this case, the call appeared to come from Chase although if did not.
Minnesota police have identified several suspects, but charges have not been filed as of yet.
TIPS
The biggest red flag in this type of scam is to remember that no bank or governmental agency will ever under any circumstances direct you to withdraw your funds and put them into another account provided by the scammer.
If you do receive a call, text message or phone call about a threat to your account, you can never be sure that the person contacting you as legitimate, so you should never provide personal information, make a payment or click on a link in any such communication. Rather, if you think the communication may be legitimate, merely call your bank or other company involved at a phone number you know is accurate to find out the truth.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it indicates “Sign up for this blog.”
Scam of the day – August 13, 2025 – Massive Data Breach at Kidney Dialysis Company DaVita
The healthcare industry has long been a prime target for hackers and ransomware gangs due to a combination of factors including the vast amounts of valuable personal information healthcare companies hold and their increased vulnerability to attack due to so many companies including doctors, insurance companies and labs sharing data and access with each other making major health care providers as vulnerable as the third parties with the weakest security with which they share access and data. The latest data breach was of DaVita, one of the country’s largest providers of kidney dialysis. names, addresses, birth dates, Social Security numbers and more of 900,000 patients of DaVita was stolen leaving these people in serious danger of identity theft.
One of the key lessons for victims of this data breach is to limit the amount of personal information you provide to any company as much as possible. While many companies ask for your Social Security number, few actually have a need for it. Your Social Security number in the hands of a criminal can readily lead to identity thief so you should keep it private as much as possible. Your doctor or healthcare provider doesn’t need it. Don’t give it to them.
TIPS
DaVita is offering identity theft insurance to victims of the data breach who enroll by November 28, 2025. You can get more information about this by calling 833-931-7849.
Victims of this data breach should freeze their credit if they have not already done so. Actually, freezing your credit is actually something everyone should do. It is free and easy to do. In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – August 12, 2025 – Columbia University Data Breach Exposes Security Flaws
Columbia University recently disclosed that it had suffered a data breach in May that was discovered in June, but not disclosed until last week. According to public filings 868,969 people had their personal information compromised. The compromised information included names, Social Security numbers, birth dates and much more information that can readily lead to identity theft. If the number of people affected seems high considering the fact that Columbia only employs approximately 20,000 people and has an enrollment of approximately 35,000 students, this discrepancy is due to the fact that Columbia kept such personal information on both current and former students as well as applicants including people who never got accepted or attended Columbia.
Data breaches at colleges and universities are common. The reason for targeting universities and colleges is simple. Generally they maintain tremendous amounts of personal information and many schools have not done a good job of securing the sensitive information they hold. Colleges and universities have much personal information that is often easily accessible within the school’s computer systems. Too often schools have permitted the information to be on unencrypted laptops and flash drives. In addition many schools do not have sufficient security programs in place to limit access to personal information, which the universities keep in their computers long after it is necessary to be kept, such as Social Security numbers for students who have long since graduated or any information about applicants who were never admitted.
TIPS
Colleges and universities must make a greater commitment to data security. Data breach prevention systems should be implemented that include, but not be limited to updated firewalls, limited access to personal information, purging of unnecessary information, dual factor authentication and encryption. Personal information should not be as open and available as they presently are at this time at many universities.
Victims of this data breach should freeze their credit if they have not already done so. Actually, freezing your credit is actually something everyone should do. It is free and easy to do. In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
You also should put a credit freeze on your credit report because credit monitoring only tells you that you have become a victim of identity theft after the fact. A credit freeze can protect you from becoming a victim in many instances.
Scam of the day – August 11, 2025 – Amazon Refund Scam
Amazon’s popularity has not escaped scammers who tie many scams to Amazon including the phishing email copied below that can lead to identity theft and the hacking of your Amazon account. I have warned you many times over the years about scammers who send various types of phishing emails which purport to be from Amazon attempting to lure you into either clicking on links which can download malware, such as ransomware or providing personal information that can be used to make you a victim of identity theft.
The most recent Amazon phishing scam involves an email or a text message that appears to come from Amazon telling you that a product you recently bought has failed a routine quality inspection and therefore it is being recalled. You are further told that you do not have to even return the item and that you are eligible for a full refund. In order to claim your refund, you are instructed to click on a link in the email or text message which takes you to a phony Amazon login or refund page that asks for you Amazon credentials, payment information and personal details. Of course, there is no refund and if you supply the information you will enable the scammer to take over your Amazon account as well as make you a victim of identity theft.
TIPS
This is a very legitimate appearing email and text message that uses the Amazon logo, but it is a simple matter for a scammer to counterfeit the logo.. Never click on a link in an email or text message or provide personal information unless you have confirmed that the email or text message is legitimate. The telephone number to call if you suspect Amazon related fraud is 866-216-1075 or you can call their customer service number 888-280-4331 Never call telephone numbers that appear in phishing emails.
Also, because any of us can be scammed, it is a good idea to use dual factor authentication whenever possible to protect your various accounts so that even if someone actually had your password they would not be able to access your account. In order to set up dual factor authentication for your Amazon account use this link. https://www.amazon.com/gp/help/customer/display.html?nodeId=G3PWZPU52FKN7PW4
If you are not a subscriber to Scamicide.com and would like to receive free receive daily emails with the Scam of the day, all you need to do is sign up using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – August 10, 2025 – Pandora Data Breach Part of Bigger Problem
Danish jewelry chain Pandora which has 2,700 locations worldwide announced recently that it had suffered a data breach in which personal information of approximately 30,000 people was compromised. The compromised information included names, email addresses, phone numbers, home addresses and birth dates which although troubling is not as bad as data breaches in which financial information or passwords are compromised. The data was stolen not from Pandora’s computer networks, but rather from Salesforce, a cloud-based customer relationship management (CRM) company used by Pandora and many other companies to manage their customer data. The cybercriminals managed to do this not by hacking Salesforce, but rather by using social engineering to trick Pandora employees to enable access to the company’s Salesforce account containing its customer data. The cybercriminals in this case is a ransomware gang known as ShinyHunters who have used similar socially engineered attacks to gain access to the data of Alianz, Qantas, Louis Vuitton, Dior, Tiffany and even Google among other companies.
Companies must do a better job of protecting themselves from not just technologically sophisticated cyberattacks, but less sophisticated, but equally effective social engineering attacks where the cybercriminals use psychology to manipulate employees to giving them access to important data.
TIPS
Victims of this data breach should freeze their credit if they have not already done so. Actually, freezing your credit is actually something everyone should do. It is free and easy to do. In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/