Scam of the Day
Scam of the day – July 7, 2025 – Eleven Class Actions Filed Regarding Aflac Data Breach
On June 22nd I first informed you that Aflac had disclosed two days earlier that it had suffered a data breach that may have compromised sensitive personal information held by the company, which offers a range of insurance products to millions of people. According to Aflac, it noticed suspicious activity on its networks on June 12th and is still in the early stages of investigating the extent of the data breach. Aflac’s press release states that it had not been infected with ransomware, but doesn’t yet know the extent of the data breach which may include social security numbers and other sensitive information.
It is believed that this data breach was the work of the infamous hacking group called Scattered Spider which focuses its efforts on one specific industry at a time, often using ransomware. In the past it had focused on the retail sector and now, according to the Google Threat Intelligence Group is targeting the insurance industry. Earlier last month Erie Insurance suffered a data breach attributed to Scattered Spider.
Recently eleven separate class actions seeking to represent all of the victims of the Aflac data breach have been filed around the country by individual victims of the data breach. In situations like this the courts generally consolidate the cases into a Multidistrict Litigation Proceeding to decide whether to centralize the cases and what court should hear the case. As further developments occur in this matter, I will report them to you.
TIPS
Alfac is offering free credit monitoring and identity theft insurance to its customers for two years. If you are an Aflac customer and wish to get those free benefits, you should call Aflac’s Call Center at 1-855-0305.
Potential victims of this data breach should freeze their credit if they have not already done so. Freezing your credit is actually something everyone should do. It is free and easy to do. In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – July 6, 2025 – Booking.com Scam Continues to Snare Victims
Today’s Scam of the day is one that I first wrote about in April of 2024, but judging by an email I recently received from a Scamicide reader the problem does not appear to be resolved. Scams involving the popular travel website Booking.com have increased dramatically over the last two years worldwide with one hundred hotels in Japan among the hotels targeted last year. The scam starts with a phishing email to a hotel that uses social engineering to lure the unsuspecting hotel employee into clicking on a link and downloading malware that enables the scammer to access the hotel’s Booking.com account and obtain a list of upcoming reservations along with the email addresses of the future travelers. The scammers then use the hacked Booking.com management portal of the hotel to send an email to the future visitor in which they demand a credit card payment for the future stay. Thousands of victims of this scam have responded to the emails which appear totally legitimate by providing their credit card information which leads to identity theft and credit card fraud.
TIPS
The primary responsibility for this scam falls on the hotels whose lack of sufficient security enables the scammers to gain access to their Booking.com accounts, however there are things that we as consumers can do to protect ourselves from this sophisticated scam. Perhaps first and foremost, as I often advise you, you should never use your debit card for anything other than as an ATM card because while your liability for credit card fraud is limited to no more than $50 (and I have never seen a credit card company ever charge anything for fraudulent use), your risk of loss for fraudulent use of your debit card if it is not reported immediately could result in your entire bank account being stolen.
As always, you can never be sure when you get an email, text message or phone call as to who is really contacting you so you should never click on a link, make a payment or provide personal information in response to any communication unless you have absolutely confirmed that it is legitimate. In response to an email that appears to come from Booking.com, you can either use your Booking.com app to confirm whether the email was legitimate or call Booking.com at a phone number that you know is legitimate or go to the Help Center on the official Booking.com website. Finally, when making a payment for a reservation through Booking.com you should only make the payment on the official website or app.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – July 5, 2025 – Amazon Prime Day Scams
July 8th through 11th are Amazon Prime Day which is odd to say. Amazon really should change the name for the four day event to Amazon Prime Days. Amazon Prime Day is a global promotion of Amazon featuring sales on a variety of items available solely to Amazon Prime members. There is always great interest in Amazon Prime Day and as with everything else that attracts great interest by the public, it also attracts great interest by scammers who are eager to take advantage of people participating in Amazon Prime Day.
Scammers, posing as Amazon are sending phishing emails and text messages in which they attempt to lure their victims into either providing account information that will give the scammer access to the victim’s Amazon account or to make a payment under some pretext or click on a link that will download dangerous malware such as keystroke logging malware or ransomware. They do so by representing to the targeted victim that their account has expired or that a recent order needs to be confirmed or some other emergency related to their account.
TIPS
Much malware including ransomware comes as links in phishing emails. text messages or tainted attachments. As a general rule you should never click on links or download attachments that come in emails or text messages unless you have absolutely verified that the email is legitimate. You also should never provide personal information in response to an email, text message or phone call unless you have absolutely confirmed that the communication is legitimate.
Phishing emails and more specifically tailored spear phishing emails can often appear quite legitimate initially so it is important to be skeptical. Because Amazon Prime Day will be going on soon, many people expect emails from Amazon which is even more reason for you to be skeptical. Trust me, you can’t trust anyone. Check the email address of any communication that appears to have come from anyone to make sure that it is the real email address. All Amazon emails end in @amazon.com. Many phishing emails come from email addresses that have no relation to the real email address of the company they purport to be while others look very legitimate unless you carefully examine the email.
Through spoofing, text messages may appear to come from a legitimate Amazon phone number, so you can’t trust your Caller ID.
As always, it is a good idea to set up dual factor authentication for your Amazon account so that even in the event that you are tricked into providing your username and password, no one will be able to access your account. Here is a link that provides information about how to set up dual factor authentication for your Amazon account. https://www.amazon.com/gp/help/customer/display.html?nodeId=G3PWZPU52FKN7PW4
When going to what purports to be an Amazon page, the URL should end with “Amazon.com.” To be sure that you are actually on the real Amazon website, you can check the domain name to make sure that it is not a counterfeit by going to the website https://www.whois.com/whois/ where you can type in the domain name and learn who actually owns it. If your Amazon website appears to be owned by someone in Nigeria, for example, you know you have a problem. The security company Check Point recently identified 1,500 counterfeit Amazon websites.
It is also important to remember that you should not use your debit card for anything other than as an ATM card. Use your credit card for online and offline purchases because the law protects you much more from fraudulent purchases than a debit card does. If you do not promptly report misuse of your debit card, you could potentially lose the entire bank account tied to your debit card while the maximum liability for misuse of your credit card is only fifty dollars and most credit card companies don’t even charge you that amount.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in our email address on the tab that states “Sign up for this blog.”
Scam of the day – July 4, 2025 – Delivery Tracking Email Scam
Online purchases which already were sizable grew tremendously during the Coronavirus pandemic and now are extremely commonplace so it is not surprising that scammers are attempting to use that fact to create scams. I have reported to you about delivery scams for years. Today’s version of a delivery scam involves a phishing email sent by a Scamicide reader, reproduced below made to look like a tracking order which are sent in large numbers to people with the hope and expectation that people expecting a delivery will fall for the scam. If you click on the “Track my order,” “Click to review,” or “Click to view” links you will either be lured into providing personal information that will lead to identity theft or even worse, merely by clicking on the links you will download dangerous malware. I have disabled the links in the email below. If you had hovered your mouse over the links you would see that the address it would be taking you to a site that had nothing to do with any of the major delivery companies such as Federal Express or UPS.
Your Order is on the Move! 🚚 Hello xxxxxxx@aol.com, We’ve got great news — your order has shipped and is on its way to you! Click below to follow your package in real-time: Track my order Order Number: Click to review Estimated Delivery Date: Click to view Questions or need help? Our support team is here 24/7. Contact us Thanks for shopping with us. We hope you love your purchase!
TIPS
This particular phony delivery tracking email is easy to spot as a scam. The email address of the sender does not indicate the name of any particular delivery company nor does any company name appear in the email. Even if it did, however, it is a simple matter for a scammer to insert the name and logo of a legitimate delivery company into such an email
If you are expecting a delivery, merely use the app or go to the website of the delivery company being used where you will be able to track packages.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – July 3, 2025 – Dangerous Docusign-Paypal Phishing Scam
Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new. They are a staple of identity thieves and scammers and with good reason because they work. As always, they lure you by making it appear that there is an emergency that requires your immediate attention or else dire consequences will occur.
Here is the email presently circulating. I have deleted a link to click on to “Review the Document.”:
|
TIPS
Legitimate emails from a company with which you do business would include the last four digits of your account and include your name. The email looks legitimate and has the logos for Docusign and PayPal, but logos are easily counterfeited and AI can be used to make the email appear to be legitimate.
What makes this phishing email particular insidious is that it actaully comes from a PayPal account. Scammers set up accounts posing as legitimate companies so that the email address will appear legitmate. This also enables them to avoid spam filters used by your email provider.
As with all phishing emails, two things can happen if you click on the links provided or contact the scammer by a phone number provided. Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download malware such as keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.
If you call a phone number contained in the email, you will be prompted to provide credit card information or other personal information that will lead to your becoming a victim of identity theft. If you receive an email like this and think it may possibly be legitimate, merely call the company from which the email purports to originate at a telephone number that you know is accurate and you will be able to confirm that it is a scam. The phone number for customer service contained in the email is not a phone number used by PayPal. The customer service number for PayPal is 888-221-1161
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – July 2, 2025 – Watch Out For Fourth of July Scams
Every season is scam season and every day provides unique opportunity for scam artists, the only criminals that we call artists, to try to scam us out of our hard earned money. Here are a few scams that you should be aware of that are related to the upcoming Fourth of July holiday
Many scammers send out emails or text messages purportedly from the IRS or any of a number of state and federal agencies in which they require you to provide personal information under the guise of some emergency. They do this because if they can frighten you enough to act during the holiday in some instances you will be unable to confirm with the real entity as to whether the communication is legitimate because all of these entities will be closed on the Fourth of July. If you provide the requested information, it will be used against you to make you a victim of identity theft.
You also should be wary of Fourth of July electronic greeting cards that you may receive. These can be loaded with keystroke logging malware that will steal all of the information from your computer or portable device if you download the malware by clicking on the link.
Finally, be on the lookout for messages that appear on your social media such as your Facebook page with links to Fourth of July themed videos that arouse your curiosity. Again, the links contained within these messages may be loaded with keystroke logging malware.
TIPS
The IRS and many other state and federal agencies will not initiate communications with you through email so you can disregard that email from the IRS or other similar entities. It is important to be skeptical of any email or text message that you receive that requests personal information. Never provide such information or click on links in such emails unless you are absolutely sure that the request is legitimate and you can’t be sure unless you have confirmed with the person or entity that purportedly sent it that it is indeed legitimate. If you can’t confirm on the Fourth of July, let it wait until you can.
As for e cards, never click on a link to an e card unless the message specifically indicates from whom it is being sent and only then after you have confirmed with that person that they indeed did send you an e card.
Also remember that messages that you get on Facebook may appear to come from friends, but may actually be coming from scammers who have hacked your real friend’s Facebook account or cloned an account using the name of your friend. In addition, unfortunately, sometimes you actually will get videos sent to you by your real friends who are unwittingly passing on malware infected material. Trust me, you can’t trust anyone.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it states “Sign up for this blog.”
Scam of the day – July 1, 2025 – Police Issue Warning About the Danger of Spoofing
The New York State Police have issued a warning about the danger of spoofing. https://troopers.ny.gov/news/new-york-state-police-warn-public-phone-number-spoofing-scam-targeting-personal-information Spoofing is a funny sounding word, but there is nothing funny about spoofing, which is the name for the scam tactic used by scammers by which they are able to fool your caller ID such that when you receive a call, it appears to come from a legitimate company, governmental agency, such as the IRS or even your own telephone number. The New York State Police warning specifically warned people about scammers and identity thieves posing as law enforcement officials demanding personal information including Social Security numbers and threatening legal action if the targeted victim doesn’t provide it.
Sometimes the spoofed calls are automated robocalls in which you are asked for financial information in order to assist you in obtaining a lower interest on your credit card or some tempting ruse. Other times there will actually be someone on the line purporting to be from a legitimate company or governmental agency. Using either the carrot or stick approach, they either try to instill fear in you in order to lure you into providing personal information in order to avoid a problem with your bank, the IRS or some other entity or they use the carrot and try to entice you to provide your personal information in order to receive a prize or some other financial benefit. In all cases you risk identity theft when you provide personal information by phone in response to any telephone call you receive.
TIPS
There are some basic precepts to remember to help protect you from being scammed by spoofed calls. First, remember that your caller ID is not fool proof. You cannot trust your caller ID to accurately inform you as to who is really calling you. Second, the IRS does not initiate contact with taxpayers by email, text messages or phone calls so if you receive such a communication, you can be sure that it is a scam. Third, robocalls are illegal except from charities or politicians so whenever you receive a robocall that purports to be from a company or governmental agency, you can be sure it is a scam. Fourth, no law enforcement agency will ever demand your Social Security number over the phone and threaten you if you do not comply. You should never provide personal information to anyone over the phone whom you have not called. If you ever receive a communication requesting personal information and you think it might possibly be legitimate, merely hang up and call the entity back at a number that you know is accurate and even then do not provide personal information unless there is a real need for it.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – June 30, 2025 – How to Recognize a Scam
Scam artists, the only criminals we refer to as artists have a knowledge of psychology that Freud would have envied. They know how to appeal to every human emotion to lure us into becoming a scam victim. Scam artists can adapt their art to paint whatever picture they sense will make us vulnerable to their con. They know how to appeal to our own particular weaknesses and psychological makeup.
They appeal to whatever works. They construct a network of “people like us” whom we trust; they trumpet legitimate and impressive-sounding business connections; they appeal to our fears; they appeal to our friendship; they appeal to our optimism; they appeal to our desire for quick and easy solutions to life’s problems; they appeal to our generosity; and they appeal to our greed.
Some scams can be so sophisticated that they can be hard to recognize, so how can you identify a scam before it is too late?
TIPS
One of the best ways of determining if you are involved with a scam is how the scammer requests payment.
If they ask for payment through a gift card, it is definitely a scam. No legitimate business transaction asks for payment by gift cards. No governmental agency accepts gift cards as payments.
If they send you a check for more than what is owed you and ask you under a variety of different pretexts to deposit the check and wire the excess money back to them, it is a scam. The overpayment check scam is used in many different scams, but it always ends up with the victim depositing the legitimate appearing check, getting provisional credit in the victim’s account, wiring money from the account and then having the counterfeit check bounce, the provisional credit rescinded and the money wired from the victim’s own funds in the account gone forever.
If they require payment by a wire from your bank, Western Union or other similar companies it is also a red flag that you are dealing with a scam. Wired payments are quick and easy for the scammer to maintain his or her anonymity.
If they ask you to go to a Cryptocurrency ATM and buy cryptocurrency and use a QR code to send it to the scammer’s account, it is a scam.
If they demand Zelle or Venmo for a business transaction, it is a scam.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – June 29, 2025 – Phony Bitdefender Website Downloads Malware
Bitdefender is a trusted cybersecurity and anti-virus software company that provides a variety of products to protect your computer and digital devices from malware and other online threats which is why it is particularly disturbing when scammers were recently discovered to have set up a phony Bitdefender website where if you go to download on the website what you think is protective security software, you actually are downloading malware that can steal your passwords and sensitive personal information from your computer or cell phone that will result in your becoming a victim of identity theft and your accounts, such as online bank accounts hacked.
Making this story even more disturbing is that the malware used as a part of this scam is readily available for sale on the Dark Web, that part of the Internet where criminals buy and sell goods and services so that even relatively unsophisticated scammers are able to access this malware. AI also makes the creation of phony websites such as done here simple for less sophisticated criminals as well.
Criminals are often able to get their phony websites listed high in a search engine search by either paying for a high position in a search or manipulating the algorithm used to place a website in a seach engine search to get a high position.
TIPS
There are a number of things you can do to protect yourself from this type of scam.
First of all, this scam points out the importance of having dual factor authentication on all of your important accounts so that even if someone managed to steal your username and password, they would be unable to access the account.
Trust me, you can’t trust anyone and with the ease that criminals using AI can create phony websites that appear to be websites of companies that you trust, it is more important than ever to make sure that you are on the legitimate websites you seek rather than a criminal’s counterfeit website. If you are sure of the URL of a website, make sure you type the URL in carefully to avoid going to a criminals’ website.
You can also confirm a website’s legitimacy by going to whois.com to see who actually owns the website and how long it has been in existence. The Google Transparency Report accessed at transparencyreport.google.com can also indicate whether a website is legitimate or not. Another very good tool is virustotal.com which is a free online service where you provide the URL of the website you are checking on and virustotal will send the file to dozens of antivirus companies including Bitdefender, Avast and Kaspersky to see if it is legitimate. Also Google Chrome has its AI powered Enhanced Safe Browsing mode which will allow you to check on the legitimacy of a particular URL and will warn you if it is a scam.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – June 28, 2025 – Wall Street Journal Reports 70% of Ads on Facebook are Scams
The Wall Street Journal recently did a scathing story that said that Meta, the parent company of Facebook and Instagram is becoming the “cornerstone of the internet fraud economy.” According to the story Meta accounted for nearly half of all reported scams on Zelle at major banks. The story also reported that 70% of new advertisers on Meta’s platforms promote scams or low quality products. Many of the scammers placing these ads, according to the Journal, were Southeast Asian crime networks. The article went on to say that Meta did a poor job of taking down fraudulent ads because it prioritized its 160 billion dollar profit from ads over protecting its users from being scammed. For its part, Meta says that according to federal law it is not responsible for scam ads on their sites. Lately, I have gotten many emails from Scamicide readers complaining about scams on Facebook marketplace.
TIPS
So how do you protect yourself from these phony ads?
You can start off by checking the profile page of the poster to see if it has many followers. Also, legitimate businesses will have websites. Check out these websites to see if they are legitimate.
Ads that ask for payments to be made by wired funds, gift cards, Venmo or Zelle is also a good indication that it is a scam. Venmo and Zelle should never be used for commercial transactions and gift cards are not an accepted method of payment for goods to anyone other than scammers.
Look for customer feedback and review sites such as Trustpilot.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”