Scam of the Day
Scam of the day – March 4, 2026 – Massachusetts Becomes Latest State to Sue Cryptocurrency ATM Company
A report from the Federal Trade Commission (FTC) indicates a 1,000 % increase in money lost to scammers through Bitcoin ATMs in the last three years with consumers reporting losses of around $333 million between January and November of 2025. Bitcoin and other cryptocurrency ATMs look just like traditional ATMs, but instead of distributing cash, they take cash in exchange for cryptocurrency and enable the transfer of the deposited cash turned into cryptocurrencies into crypto wallets. Due to the anonymity and immediacy of the cryptocurrency transfers done through a cryptocurrency ATM, it is a favorite method of payment for scammers.
Most of the scams using cryptocurrency ATMs involve imposter scams where the scammer poses as either a law enforcement officer, government official or someone providing tech support for a non-existent problem. What all of these imposter scams have in common is that they scare the targeted victim with a story about an emergency that requires them to take cash from their bank account and use a QR code provided by the scammer to deposit the money into the account of the scammer at a cryptocurrency ATM under the guise of protecting the funds. According to the FTC, people over 60 years old were more than three times more likely to report losing money to a cryptocurrency ATM scam with an average loss of $10,000.
Recently, Massachusetts became the latest state to sue a crypto ATM operator, in this case Bitcoin Depot for enabling criminals to use their machines to scam people. According to the lawsuit, more than half of the money that went through Bitcoin Depot ATMs between August 2023 and January 2025 was related to scams.
TIPS
Protecting yourself from these imposter scams starts with recognizing that you can never be sure who is actually contacting you when you are contacted by phone, email or text message so you should never click on a link, download an attachment or provide personal information in response to any of those communications unless you have absolutely confirmed that the communication was legitimate. Further there is no circumstance where you will be asked by anyone legitimate to withdraw funds from your bank, deposit them into a cryptocurrency ATM and transfer the funds to them. Only scammers make those requests.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – March 3, 2026 – New Development in QR Code Scams
Quick Response codes or QR codes have been around since 1994, but they have become much more popular in recent years and can be commonly found on parking meters, in restaurants and in advertising. When you can a QR code with your phone, it will take you to a website. Unfortunately as the popularity of QR codes has increased with the public, its popularity has also increased with scammers who are setting up phony QR codes to lure you to their bogus website where they solicit personal information used for identity theft or persuade you to make a payment with a credit card or even in some instances, merely by scanning the phony QR code, you will download harmful malware such as ransomware or even malware that will enable the scammer to take over your email account. I have written about QR code scams called “quishing” since 2021.
The most common places where you will find phony QR codes is on parking meters where the phony QR code is put on as a sticker over the legitimate QR code, in restaurants, in phishing emails, on social media posts or on unordered packages delivered to your home. Now, however, scammers are using QR codes to scam you in a new way. The new QR code scam starts with an email that appears to come from a company with which you do business informing you that you need to update your account or your account will be closed. In order to update your account, you are instructed to scan the QR code in the email which takes you to a website that looks like the real website for the company that the scammer is posing as and asks you to input your username and password. People falling for this scam end up giving access to their account to the scammer.
What makes this QR code scam particularly dangerous is that more and more scammers are using QR codes in phishing emails rather than malware infected links or links that take you to phony websites where you are lured into providing personal information because while security software is able to recognize and screen out malicious links, it cannot recognize malicious QR codes thereby making those phishing emails likely to avoid detection by your security software.
TIPS
As I often say, “trust me, you can’t trust anyone.” If you receive such an email the first thing you should do is check the email address of the sender. If it doesn’t appear legitimate or does not appear to have a relation to the company it purports to be from, you can be confident that it is a scam. However, in many instances the email address may look legitimate even though it is not. In that case, you still shouldn’t trust the QR code, but rather should contact the company at a phone number or website that you have confirmed is legitimate to confirm that you don’t have to update your account.
This scam also points out the importance of using dual factor authentication on all of your accounts because even if someone manages to steal your username and password, they will not be able to access your account.
Finally, there are companies that have free QR code scanner apps that will not only scan the QR code, but also let you know if it is legitimate and prevent the downloading of malware from bogus QR codes.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it indicates “Sign up for this blog.”
Scam of the day (Part 2) – March 2, 2026 – Steve’s Forbes Column About the Dangers Posed by Data Brokers
Some of you may know that in addition to Scamicide, I also write columns for Forbes and the Saturday Evening Post about white collar crime, scams and identity theft. Check out my latest column for Forbes in which I describe the tremendous and highly unregulated threat of scams and identity theft posed by legitimate data brokers being hacked by criminals and even selling our data to scammers.
Scam of the day – March 2, 2026 – Mavis Wanczyk Lottery Scams Continue to Snare Victims
She’s back! Actually, she has never left. I have been writing about scams related to Mavis Wanczyk for nine years but recently I have received emails from Scamicide readers telling me about various new incarnations of a variety of scams that share the same hook which is that Mavis Wanczyk is giving money away to lucky people. Many of you may not remember the name of Mavis Wanczyk, but she was the lucky winner of a 758 million dollar Powerball drawing in 2017. Not long after she claimed her prize, a scam started appearing in which many people received emails with the message line referring to the Mavis Wanczyk Cash Grant. The email indicated that you were chosen to receive a large cash grant from Mavis Wanczyk. All the lucky strangers receiving the emails had to do was provide personal information in order to qualify for the grant. In addition, phony social media accounts on Twitter, Facebook and Instagram were also set up in Ms. Wanczyk’s name through which people were contacted with the same phony offer of free money informing them that in order to qualify for the grant they merely needed to provide personal information.
Recently a Scamicide reader told me about receiving a message through Facebook that purported to be from Mavis Wanczyk informing him that she was giving him $10,000 and that all she needed was for him to set up a Cash App account and provide the details to her so that she could transfer the money to him. Fortunately, he recognized that this was a scam and did not send the account information requested which if sent would have enabled the scammer to access the bank account or debit card linked to the Cash App account and steal his money. Similarly another Scamicide reader communicated with another Mavis Wanczyk impersonating scammer on the question and answer website Quora who lured him into sending money for a variety of reasons such as insurance and delivery costs in order to receive his “free” gift of $10,000 from Mavis Wanczyk.
TIPS
It is difficult to win a lottery you have entered. It is impossible to win one that you have never entered and neither lottery winners, nor anyone else is sending out messages through the Internet offering free money to anyone who responds with personal information. Never give out personal information that can make you vulnerable to identity theft unless you have absolutely verified that the party requesting the personal information is legitimate and has a legitimate need for the information or payments to receive a supposedly free gift.
Finally and most importantly, remember neither Mavis Wanczyk nor any other lottery winner is giving away money to strangers.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it indicates “Sign up for this blog.”
Scam of the day – March 1, 2026 – Conduent Data Breach: Safepay Ransomware Attack Exposes 25 Million Victims’ Sensitive Personal Information
Conduent Incorporated is a company with which you may not be familiar, but the company recently began notifying victims of a data breach it suffered at the hand of the ransomware gang Safepay in which personal information of more than 25 million people was compromised. The compromised information was particularly sensitive, including name addresses, birth dates, Social Security numbers, medical information and health insurance details which can be used by scammers for identity theft, medical fraud and targeted scams. Conduent is a business process services and digital solution company that works with more than 600 government agencies, electronic toll systems and private companies including Blue Cross Blue Shield, Humana and Volvo Group North America.
Conduent is notifying victims by snail mail so if you do receive such a letter, it is legitimate. Here is a link to the letter that includes an offer of free identity theft monitoring. chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://www.mass.gov/doc/2026-150-conduent-business-services-llc/download
TIPS
Victims of this data breach should freeze their credit if they have not already done so. Actually, freezing your credit is actually something everyone should do. It is free and easy to do. In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – February 28, 2026 – FBI Warns of Outdated Routers: How to Protect Your Smart Home and IoT Devices
The Internet of Things is made up of a broad range of devices connected to the Internet including home thermostats, security systems, medical devices, refrigerators, televisions, cars and toys. Our homes have become filled with these devices including Alexa and Siri. The FBI has longed warned consumers about the dangers presented by hacking of various devices that makeup the Internet of Things.
Cybercriminals hack into your devices that are a part of the Internet of Things to enable them to enlist your devices as a part of a botnet by which they can distribute malware while maintaining their anonymity. They also can hack into your Internet of Thing devices to access your home computers or cell phones to steal information for purposes of identity theft or to implant malware on your home computers and cell phones. The risks are extreme, but there are some basic steps you can take to protect yourself.
The key to protecting yourself is having a secure router. The router is the networking device that is used to transfer data between your computer and the Internet. Last May the FBI issued a warning about 13 outdated, end-of-life routers, particularly routers manufactured before 2010 that are no longer supported by their manufacturers with software updates and patches to fix vulnerabilities. Cybercriminals, particularly Chinese cybercriminals are exploiting the lack of security of these routers to gain access to your computers and other devices and install malware and make it part of a botnet.
TIPS
In addition to replacing end-of-life routers with newer more secure routers there are also other steps you should be taking to provide better security. Disable remote management settings on your routers and make sure you are using a strong password as well as encryption. Also, make sure you are not using the default factory-set username and password, which would make your router quite vulnerable.
Configure network firewalls to block traffic from unauthorized IP addresses and disable port forwarding. Make sure that you install the latest security patches as soon as they become available. Use encryption software for the transmission of data and find out where data is stored and what steps are taken to secure the information.
Finally, make sure your router is secure and use its whitelisting capabilities which will prevent your device from connecting to malicious networks. Routers are a critical part of your smart home security. Make sure it will automatically download and install the latest security updates from its manufacturer. If your router is an older router that does not have this capability, you can check the manufacturer’s website regularly for the latest updates, but frankly, you are probably better served by getting a newer, more secure router. Make sure you have a unique password for each of your Internet of Things devices and use dual factor authentication whenever you can for all of these devices.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”
Scam of the day – February 27, 2026 – AOL Phishing Email Scam
Today’s Scam of the day is about a phishing email presently circulating that attempts to lure you into clicking on a link in order to continue using your AOL account. Millions of people still use AOL. One reason for this is that you get greater email privacy when compared to some other email carriers. Due to its popularity, scammers and identity thieves often send out phishing emails that appear to come from AOL, such as the one reproduced below that was sent to me by a Scamicide reader. If you click on the link in the email one of two things can occur and both are bad. Either you will end up providing personal information to an identity thief or you will, merely by clicking on the link, download dangerous malware such as ransomware on to your phone, computer or other device. I have deactivated the link.
Here is the email presently being circulated.
“Dear AOL Member, We recently upgraded our network server. The new AOL version of our software will be available on March 1, 2026.The new edition contains several changes. Your AOL account needs to be updated to avoid being disconnected
Please click on the link below to update your account now
Update Now
Regards,
© 2026 AOL Communications. All Rights Reserved.”
TIPS
When AOL communicates with its customers about their accounts, they do so by AOL Certified Mail, which will appear as a blue envelope in your inbox and will have an official AOL Mail seal on the border of the email. No official AOL Mail seal appears in the inbox for this phishing email. Also, this email also does not refer to you in the salutation, but merely addresses you as “Dear User.” In addition, the scammer was not very smart because the email that was intended to appear as if it was coming from AOL came from a yahoo.com email address.
Whenever you get an email, you cannot be sure who is really sending it. In the case of this email, the email address of the sender had no relation to AOL and most likely was the email address of someone whose email account was hacked and made a part of a botnet of computers used by cybercriminals to send such communications. Never click on a link unless you are absolutely sure that it is legitimate. If you think the email might be legitimate, the best thing to do is to contact the real company that the email purports to be from at an email address or phone number that you know is accurate in order to find out if the communication was legitimate or not.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – February 26, 2026 – Beware the Fake Stolen Car Reward Scam: How Criminals Steal Your Bank Information
Scammers take photos of cars and then post them on social media indicating that the car has been stolen and that a thousand dollar reward is being offered for information about the whereabouts of the car. When people respond to the social media post with information about the “stolen” car, they are then instructed to provide their bank account number and bank routing number in order to have the reward sent to their bank account.
Unfortunately, once the scammer has your bank account number and the routing number for your bank which is used for wire transfers, they are able to use that information to make purchases where money is wired from your account and the goods purchased are sent to the scammer who then can sell the goods thereby laundering the proceeds of the scam. Some scammers will even use your banking information to set up recurring payments such as for utilities.
TIPS
Never give your bank account information to anyone or any company that you have not thoroughly researched to make sure that they are legitimate. In fact, if you are a bit paranoid, like me (remembering even paranoids have enemies) you can avoid the problem altogether by not providing your bank account information to anyone and have payments sent to you by a check.
If, however, you do become a victim of this type of scam where a scammer has your bank account information, freeze your accounts immediately and notify the police and the fraud department of your bank. Change your online banking password and make sure you are using dual factor authentication as well.
The good news is that for this type of wiring of funds fraud, you are not liable for the money withdrawn from your account if you notify the bank within 60 days of when you receive your monthly statement. Frankly you should notify your bank within 60 seconds of receiving your monthly statement indicating the crime. Banks are required to investigate the crime promptly and replace the money into your account within one business day of determining that the loss of funds from your account was fraudulent.
If you are not a subscriber to Scamicide.com and would like to free receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – February 25, 2026 – Turbo Tax Imposter Scam
With the due date for filing you federal income tax return approaching, many people are filing their taxes at this time with almost 94% of individual income tax returns being filed electronically. TurboTax is a popular online tax preparation service and so identity thieves will take advantage of that popularity and call people posing as TurboTax employees informing the targeted victim that his or her electronically filed income tax return has been rejected by the IRS. The identity thief then attempts to lure you into providing personal information including your Social Security number that will be used to make you a victim of identity theft.
In order to make their call appear legitimate, the identity thieves will use a technique called “spoofing” to manipulate your Caller ID so that the call looks like it has come from TurboTax.
TIPS
As I often say, trust me, you can’t trust anyone, particularly someone who asking for you to provide sensitive personal information. In this case it is important to unote that TurboTax will not call you if your tax return has been rejected unless you have specifically requested a call. If you do receive such a call and think that it might be legitimate, merely hang up and call TurboTax at its customer service number of 1-800-446-8848..
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – February 24, 2026 – Romance Meets Crypto Fraud: Inside the Explosive Growth of Pig‑Butchering Scams
I have been warning you about romance scams for many years. More recently I have been warning you about cryptocurrency scams since 2017. In the last few years a new scam combining the romance scam and cryptocurrency scams has surfaced.
Romance scams generally follow a familiar pattern with the scammers establishing relationships with people, generally women, online through various legitimate dating websites and social media using fake names, locations and images. In the last few years the FBI identified a trend in romance scams in which the scammer tells his victim that he or she has inside knowledge about cryptocurrency investing and directs the victim to a phony website that purports to be a legitimate cryptocurrency trading site. Not long after “investing” in the cryptocurrencies provided, the victim soon finds that there is no investment and that she or he has lost all of the invested money. This scam originated in China in 2019 and is called sha zhu pan or pig butchering in English. The name is derived from the practice of luring in victims, “fattening them up” by convincing them to continually “invest” more money and then stealing all of the money.
The scammers initially contact their victims on dating or social media apps and pretend to develop a close relationship. After a while the scammer informs the targeted victim that he or she is making a lot of money investing in cryptocurrencies and suggests the victim download and use a cryptocurrency app used by the scammer. Generally, the victims are lured into investing more and more money by what appears to be both dramatic increases in the value of their account and their ability to withdraw some of their profits. However, once the victim has been persuaded to invest larger and larger sums of money, the scammers steal the money and the victim is left with nothing.
You might be surprised to learn that typically the victims of this scam are highly educated people. Unfortunately, they also are targeted because they may have also recently gone through a divorce or some other personal difficulty. While the victims are people of all ages, most victims are anywhere from their mid-30s to their early fifties with the average loss per victim averaging $121.926 with one victim, according to the IRS losing two million dollars to the scammers.
Recently New York Attorney General Letitia James issued a warning about the dangers of pig butchering in which she mentions how many pig butchering scammers request their victims to communicate with them exclusively on WeChat, WhatsApp or other encrypted platforms to make it more difficult for law enforcement to trace who they are.
TIPS
It is important to remember that you should never invest in something that you do not completely understand. This was a mistake that many of Bernie Madoff’s victims made. Cryptocurrency scams quite often involve complicated language and investment terms that is purposefully unclear in an effort to confuse potential investors from understanding the real facts. You also may want to check out the SEC’s investor education website at www.investor.gov. Scammers can be very convincing and it may sound like there is a great opportunity for someone to make some money, but you must be careful that the person making money is not the scam artist taking yours.
Also, the apps used in the pig butchering scam may appear to be legitimate, but they are not found on official app platforms such as Google Play or the Apple App Store. Do your homework before investing in cryptocurrencies and only do business with well established cryptocurrency exchanges. Never invest merely because of the recommendation of someone you may have met online.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/