Scam of the Day
Scam of the day – May 25, 2025 – Massive Data Breach of 184 Million Accounts Discovered
Last month I told you that Verizon had issued its annual data breach report which appears to exemplify my motto that “things aren’t as bad as you think, they are far worse.” Regardless of how diligent you are in protecting your personal information such as your Social Security number, you are only as safe as the myriad of companies, institutions and government agencies with the worst and most vulnerable security practices that have your personal information. The report confirmed 12,195 data breaches last year, an increase of 34% over the previous year. Data breaches continue to be a major problem for all of us with more than 1.35 billion people affected in 2024.
Security researcher Jeremiah Fowler recently discovered a publicly available, unencrypted database containing 184 million unque account credentials including usernames, passwords, and URLs for many apps and websites including Google, Miocrosoft, Apple, Facebook, Instagram and Snapchat including credentials for bank and financial accounts. One particular problem Fowler noted is that many people use their email accounts to store years of sensitive documnts such as tax returns which if their email accounts are accessed can quickly lead to identity theft.
TIPS
This is a good time to remind everyone to make sure you use strong, unique passwords for each of your online accounts and enable dual factor authentication so that even if a cybercriminal has your user name and password, he or she would not be able to access your account.
Freezing your credit is actually something everyone should do. It is free and easy to do. It protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – May 24, 2025 – 19 Year Old College Student Pleads Guilty to Hacking PowerSchool
I first told you about the massive data breach at PowerSchool a major education technology software company used by 16,000 educational institutions with 50 million students in January. The hacker claimed to have harvested sensitive personal information of 62.4 million students and 9.5 million teachers. The compromised information included the names, addresses, Social Security numbers and medical information along with much additional personal informaion of students and teachers.
Now Matthew Lane, a 19 year old college student from Massachusetts has entered into a plea agreement and admitted that he hacked PowerSchool. He potentially faces a two year prison sentence.
While we know that identity theft is a major problem for adults, it is also a huge problem for children. According to Michael Bruemmer the Vice President of Consumer Protection for Experian 25% of minors will have their identities stolen before they turn 18. Identity thieves steal the identity of a child and then run up large debts using the credit of the child, who generally does not become aware that his or her identity has been stolen until he or she reaches older teen years when the teenager might first apply for a car loan or financial aid for college.
TIPS
If you find out that you or your children have become a victim of identity theft, notify each of the three credit reporting agencies, Equifax, Experian and TransUnion of the crime and ask them to investigate and remove the false information from your files.
Parents also should, as much as possible, try to limit the places that have their child’s Social Security number and become familiar with the Family Educational Rights Privacy Act which helps you protect the privacy of your child’s school records and enables you to opt out of information sharing by the school with third parties. You also should freeze the credit reports of your children. Until 2018 there was no national law that allowed the credit reports of children to be frozen, but in the wake of the major Equifax data breach, Congress passed laws that now permit children’s credit reports to be frozen and unfrozen for free.
Here are the links to information about how to freeze your child’s credit reports at each of the three major credit reporting agencies.
https://www.transunion.com/credit-freeze
https://www.equifax.com/personal/education/identity-theft/freezing-your-childs-credit-report-faq
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – May 23, 2025 – Memorial Day Scams
As we honor our veterans on Memorial Day, May 26th it is important to remember that scammers take Memorial Day as just another opportunity to scam veterans and others. In the case of Memorial Day, you can expect to be solicited by scammers by phone (remember legitimate charities can call you by phone even if you have enrolled in the Do Not Call List because charities are exempt from the Do Not Call List), email or letters asking for your money for various veterans causes or charitable ventures tied to Memorial Day.
Another common scam targets veterans and starts with a telephone call in which the veteran is told that in order to continue to receive various benefits, it is necessary to verify personal information such as the veteran’s birth date, Social Security number or bank account information. Of course, the call is not from the Veterans Administration and the call is not to verify information, but rather to gain information to be used to make the veteran a victim of identity theft.
TIPS
You never know who is on the other line of a telemarketing call, so never trust them. Remember my motto, “trust me, you can’t trust anyone.” If you are at all interested in what the caller appears to be selling or soliciting, ask them to send you written materials that you can then check out to see if it is legitimate. When it comes to charities, a good place to go is www.charitynavigator.org where you can see if a charity is legitimate or a scam as well as actually how much of the money they collect goes toward their charitable purposes and how much towards salaries and administrative costs.
As for calls purporting to be from the Veterans Administration, they do not call you on the phone to verify information. If you receive such a call, you can never be sure who is really calling because clever identity thieves are able to use a technique called “spoofing” to make it appear on your Caller ID as if the call from the identity thief is coming from the VA.
Since you cannot be sure who is calling you when you receive a call asking for personal information, you should never give that information out in response to a phone call, text message or email. Instead if you have the slightest thought that the communication may be legitimate, you should contact the real entity, in this case, the VA at a phone number that you know is accurate to inquire where you will learn that the initial contact was a scam.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – May 22, 2025 – Celebrity Imposter Scams Increasing
For years I have told you about scammers posing as various popular celebrities luring unsuspecting people into scams However, with the increased of Artificial Intelligence these imposter scams, generally perpetrated through emails, text messages and social media have become both more believable looking and more frequent as the deepfake and other AI technology becomes readily available to less technologically savvy scammers. Scammers pose as celebrities in a variety of scams including phony celebrity endorsed products, cryptocurrency investment scams, romance scams and videos in which the scammers lure unsuspecting victims into downloading malware that can lead to identity theft.
Last summer, AI was used to make a video in which it appeared that Jennifer Lopez was endorsing a skincare product. She was probably even more upset than most celebrities whose names and images are used in phony endorsements and scams because in the skincare product video, the scammers used AI to add fake wrinkles to her face.
Last year a scam group called the “Yahoo Boys” based in Nigeria began using artificial intelligence to change their facial features in Zoom videos to appear to be the person they are posing as in the romance scam. They also can use AI to change their voice and accent to sound legitimate and while doing a video conference with a romance scammer in the past was a good way to see if the person was actually who they claimed to be, now scammers using this technology will be very difficult to recognize as scammers.
Investment scams in which the scammers pose as celebrities, often Elon Musk often appear on social media either offering free cryptocurrencies or phony cryptocurrency investment opportunities.
TIPS
In regard to celebrity endorsements, you should never take them at face value. Confirm on the celebrity’s website to see if they really do endorse a particular product.
Dating sites Match, Tinder, Hinge and Plenty of Fish have a public awareness program to help people recognize romance scams. One tip they give is to use the verification check on your matches to help confirm they are the person who appears in the profile photo.
As for celebrity based romance scam, it is important to recognize that celebrities aren’t reaching out online to people they have never met to start romantic relationships.
Never invest in anything that you do not understand. No one should invest in cryptocurrencies unless they are knowledgeable about the investment. As for trading sites, you should always investigate any site you are considering before investing. See if the platform is registered with the SEC and licensed. You can also look for reviews of the site on cryptocurrency watchdog sites such as CoinMarketCap or CoinGecko. Also, check with the domain registry site https://www.whois.com/ to see who set up the particular site and how long it has been in existence.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – May 21, 2025 – Watch Out For VIN Cloning When Buying a Used Car
Every car has a Vehicle Identification Number or VIN that is unique for each car. Scammers are taking photos of the VIN number which can be found just below the windshield on the driver’s side of a car that is the same make, model and year of a car that the scammers have stolen and then make a new metallic VIN plate with the cloned number and swap it out for the VIN number of the car the stolen car. They then offer their stolen car for sale. In December of 2019, Meril Bauter responded to an ad for a 2019 Toyota 4Runner on Facebook Marketplace. The scammer sent the VIN number which Ms. Bauter used to do a VIN search and a Carfax search and everything checked out fine even though the actual car was a stolen car whose real VIN had been removed. She then paid $40,000 in cash to the scammer and registered her car. It wasn’t until three years later that the scam was discovered and the car was seized by law enforcement due to its being a stolen car. Fortunately, Farmers Insurance, Bauter’s automobile insurance company paid her claim.
So how do you protect yourself from being a victim of VIN cloning?
TIPS
The VIN number is found not only on the dashboard by the windshield, but also in the front door. Make sure they both match. Also, run your finger over the VIN plate and look for signs that the VIN plate may have been switched. You also should compare the VIN number to the VIN number that appears on the Title and all other documents that relate to the car. It is also important to get a Carfax or other vehicle history report on the vehicle and review it carefully for any discrepancies. This scam often doesn’t involve cars that are the exact make model and year of the stolen car. Additionally, you should have a mechanic inspect any used car you are considering buying for indications that it is not as represented.
Trust me, you can’t trust anyone.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – May 20, 2025 – T-Mobile Data Breach Settlement Update
In August of 2021 I reported to you about a data breach at T-Mobile initially discovered when hackers started offering for sale on the Dark Web data of what they said was 100 million customers of phone carrier T-Mobile for sale. T- Mobile confirmed the data breach but said that the number of people affected was approximately 76 million people. The information being sold included names, phone numbers, Social Security numbers and addresses. Also being sold were the PINS used by some T-Mobile customers to protect their accounts from identity theft that now are in the hands of hackers. This type of information poses a tremendous threat to victims of the data breach, which is the sixth for T-Mobile in the last four years. Social Security numbers in particular can be used by identity thieves to apply for credit cards and loans in your name. In addition, the phone numbers and the fact that the victims of the data breach are known to be T-Mobile customers enables the hackers to create phony phishing text messages, called smishing, posing as T-Mobile and luring the targeted victim into clicking on a link in the text message that can download destructive malware.
A class action on behalf of victims of the data breach was settled, following which, T-Mobile sent notices to affected customers. Customers could claim reimbursement for out-of-pocket losses and lost time due to dealing with the effects of hte data breach. In addition, anyone else could have made a claim for a cash payment of $25 or $100 if they were a California resident.
Now, finally checks are going out this month to victims of the data breach.
TIPS
Any funds left over from the $350 million dollars T-Mobile agreed to pay pursuant to the settlement after the disbursements are made this month will be split across the board to all victims of the data breach.
People should be wary of any text messages, phone calls or emails that they receive purportedly from T-Mobile, but sent by scammers, regarding the settlement that ask you to click on a link, to provide personal information or to make a payment to be eligible for the reimbursement. If you do have questions regarding the settlement go to the official settlement website
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – May 19, 2025 – FBI Issues Warning About Home Routers
The Internet of Things is made up of a broad range of devices connected to the Internet including home thermostats, security systems, medical devices, refrigerators, televisions, cars and toys. Our homes have become filled with these devices including Alexa and Siri. The FBI has longed warned consumers about the dangers presented by hacking of various devices that makeup the Internet of Things.
Cybercriminals hack into your devices that are a part of the Internet of Things to enable them to enlist your devices as a part of a botnet by which they can distribute malware while maintaining their anonymity. They also can hack into your Internet of Thing devices to access your home computers or cell phones to steal information for purposes of identity theft or to implant malware on your home computers and cell phones. The risks are extreme, but there are some basic steps you can take to protect yourself.
The key to protecting yourself is having a secure router. The router is the networking device that is used to transfer data between your computer and the Internet. Recently the FBI issued a warning about 13 outdated, end-of-life routers that are no longer supported by their manufacturers with software updates and patches to fix vulnerabilities. Cybercriminals, particularly Chinese cybercriminals are exploiting the lack of security of these routers to gain access to your computers and other devices and install malware and make it part of a botnet. Here is a link to the FBI warning which lists the vulnerable routers which should be replaced with more secure routers. chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://www.ic3.gov/CSA/2025/250507.pdf
TIPS
In addition to replacing end-of-life routers with newer more secure routers there are also other steps you should be taking to provide better security. Disable remote management settings on your routers and make sure you are using a strong password as well as encryption. Also, make sure you are not using the default factory-set username and password, which would make your router quite vulnerable.
Configure network firewalls to block traffic from unauthorized IP addresses and disable port forwarding. Make sure that you install the latest security patches as soon as they become available. Use encryption software for the transmission of data and find out where data is stored and what steps are taken to secure the information.
Finally, make sure your router is secure and use its whitelisting capabilities which will prevent your device from connecting to malicious networks. Routers are a critical part of your smart home security. Make sure it will automatically download and install the latest security updates from its manufacturer. If your router is an older router that does not have this capability, you can check the manufacturer’s website regularly for the latest updates, but frankly, you are probably better served by getting a newer, more secure router. Make sure you have a unique password for each of your Internet of Things devices and use dual factor authentication whenever you can for all of these devices.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”
Scam of the day – May 18, 2025 – Mystery Shopper Scams
I have written many times over the last fourteen years about the mystery shopper scam because it continues to ensnare unwary victims. These scams continue to be effective and are increasing in number so it is important to remind you about them again. Mystery shoppers are people hired to shop at a particular store and report on the shopping experience for purposes of quality control. Unlike many scams, there actually are legitimate mystery shopper companies, but they never advertise or recruit through emails, text messages or letters.
The manner in which the scam generally works is that when you answer an advertisement, or respond to a letter, email or a text message to become a mystery shopper, you are sent a bank check. You deposit the check into your own account and spend some of the money on the goods that you purchase which you are allowed to keep and also are directed to keep some of the balance of the check as payment for your services. You are instructed to return the remaining funds by a wire transfer. Of course, the check that was sent to you is counterfeit and bounces, but the funds wired by the victim of the scam is gone forever from his or her bank account.
In a Walmart themed mystery shopper scam, the targeted victim was sent a legitimate appearing, but counterfeit check for $2,940 and told to keep $540 as payment and then go to the nearest Walmart and use the remainder of the check to buy six $400 Kroger gift cards and provide the numbers to the scammer. The scam victim was then told to keep the gift cards for their next assignment although there never is another assignment and the scammers use the numbers on the Kroger gift cards to make purchases, making the actual cards worthless. The victim of the scam loses the $2,400 used to purchase the gift cards from the victim’s own bank account when the check bounces.
TIPS
One reason why this scam fools so many people is that there really are mystery shopping jobs although the actual number is quite few and the companies that do mystery shopping do not go looking for you. A firm indication that you are involved with a scam is when you receive a check for more than what is owed you and you are asked to wire the difference back to the sender. This is the basis of many scams. Whenever you receive a check, wait for your bank to tell you that the check has fully cleared before you consider the funds as actually being in your account. Don’t rely on provisional credit which is given after a few days, but which will be rescinded once a check bounces and never accept a check for more than what is owed with the intention to send back the rest. That is always a scam. Also be wary whenever you are asked to wire funds or send gift cards because this is a common theme in many scams because it is difficult to trace and impossible to stop. Legitimate companies do not use gift cards as payments.
For more information about legitimate mystery shoppers, you can go to the website of the Mystery Shopping Professional Association https://www.mspa-americas.org/scam-alerts/
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”
Scam of the day – May 17, 2025 – Phantom Debt Collection Scams
Receiving a telephone call from a debt collector is not a pleasant experience. Being hounded by someone attempting to collect a debt you do not owe constitutes fraud. In recent years the Federal Trade Commission (FTC) has taken action against a number of these Phantom debt collection agencies. These scammers used false claims and threats to compel people to pay debts which were largely either non-existent or which the defendants had no authority to collect. They also violated federal law by illegally failing to provide proper notices and disclaimers also required by federal law.
TIPS
Subject to strict federal laws, legitimate debt collectors are permitted to call debtors, however, the law prohibits them from threatening imprisonment for the failure to pay a debt and attempting to collect a debt that the debt collector knows is bogus. The law also prohibits debt collectors from communicating information about a debt to the consumer’s employer although they can contact the employer merely to obtain contact information about the employee
It can be difficult to know when someone calls attempting to collect a debt if indeed they are legitimate or not, so the best course of action if you receive such a call is to not discuss the debt with the person calling, but instead demand that they send you a written “validation notice” by regular mail which describes the debt they allege you owe and includes a listing of your rights under the Federal Fair Debt Collection Practices Act.
Never give personal information over the phone to anyone who calls you attempting to collect a debt. You can never be sure who they are. If you receive the validation notice and it appears to be legitimate, you may be better off contacting your creditor directly because the person who called you may not be representing the creditor, but may merely have information about the debt.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – May 16, 2025 – The Danger of Trojan Subscribers
In Homer’s Odyssey, the Trojan horse hid soldiers that when brought through the gates and into the city of Troy led to the fall of Troy. Trojan subscribers are malware hidden within legitimate apps that while they won’t lead to the downfall of a city can cost the victims of a Trojan subscriber a lot of money.
Trojan subscribers are malicious code that cybercriminals add to legitimate apps and then upload them to app stores under a different name. The apps can be for a variety of purposes, such as monitoring blood pressure or scanning documents. When someone downloads one of these infected apps, he or she doesn’t realize that the Trojan subscriber will automatically subscribe to a paid service without the person who downloaded the app being aware of it.
Generally, the cybercriminals who create and use Trojan subscribers get paid a commission on each new subscription to a paid service.
There have been a number of different Trojan subscribers found during the past few years including the Jocker Trojan subscriber, the MobOk Trojan subscriber, the Vesub Trojan subscriber and the GriftHorse.ae Trojan subscribers. While they all work slightly differently they all manage to effectively sign up their victims to unwanted and costly subscription services.
Google Play and other app stores try to identify apps with Trojan subscribers, but as soon as they take one down, another pops up. In other instances, Trojan subscribers are found in apps that are not allowed on the regular official app stores.
TIPS
So what can you do to protect yourself from Trojan subscribers?
First and foremost, don’t install apps from unofficial sources. The risk is far too great that you will be downloading malware. However, even if you stick to legitimate sources for your apps such as Google Play, you must recognize that getting your app from a legitimate source does not guarantee that the app is malware-free.
Always check out the reviews and ratings of particular apps before you download them. Also, the longer an app has appeared on a legitimate source such as Google Play, the better the chance that it has been properly vetted and does not contain any malware. Therefore be a bit wary of apps that have only recently appeared on a legitimate app store.
Another good policy to follow when you download apps is to give the apps only the minimal access to your device that is needed to perform properly.
Finally, make sure that you have installed strong security software on your cellphone and keep it updated with the latest security updates and patches as they become available to protect you from not only Trojan subscribers, but also other threats as well.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”