Scam of the Day
Scam of the day – March 15, 2025 – Health Care Data Breaches Reaching Epidemic Levels
Data breaches are all too common and according to a 2023 report by IBM, healthcare companies account for approximately 27% of all data breaches. An analysis of the health care breach data base maintained by the Department of Health and Human Services done by Security Week indicated that in 2024 there were 720 data breaches affecting as many as 186 million people. And just this week we learned of four more healthcare data breaches affecting more than 560,000 people. The four organizations affected were Hillcrest Convalescent Center, Gastroenterology Associates of Central Florida, Community Care Alliance and Sunflower Medical Group.
Healthcare companies are targeted for a number of reasons including the general lack of security of many healthcare companies and the extensive personal and medical information they store including health insurance information that can be sold by criminals on the dark web for large prices enabling other people to access your health insurance. Having your health insurance policy used by an identity thief is particularly dangerous because it can result in your medical records being corrupted by the medical information of the identity thief and the difficulty in getting this information removed from your medical records. Having the medical information of an identity thief on your medical records could even result in your getting a blood transfusion of the wrong blood type.
TIPS
This is a good time to remind you that although various health care providers often ask for your Social Security number, they do not need it. You should politely refuse to provide it when asked. The fewer places that have your Social Security number the less vulnerable you are to identity theft.
As for the victims of these data breaches, the first thing they should do is freeze their credit if they have not already done so. Freezing your credit is actually something everyone should do. It is free and easy to do. In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at each of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – March 14, 2025 – TD Bank Text Message Scam
According to the Federal Trade Commission (FTC) last year more scams originated through text messages than phone calls and text message scams in which the scammers pose as your bank were the most common text message scam. Phony text messaging, called smishing, which purport to be from your bank is a scam about which I have been warning you for years, but is a scam that has dramatically increased recently. Recently scammers have been posing as TD Bank and sending text messages indicating that a major charge has been made to your account and providing you with a link to click on to dispute the charge. If you click on the link you will be taken to a website that appears to be a legitimate website of TD Bank which prompts you to provide your user name and passwword. Unfortunately, if you do so you will be providing the scammer with full access to your bank account. Here is a copy of the text message being sent.
![DailyMail.com obtained one of the messages that reads: 'TD Alert. There's a pending charge of $1,298.99 on your account, ignore if you initiated, if not follow [link]'](https://i.dailymail.co.uk/1s/2025/03/07/19/95962651-14474399-image-a-38_1741376145511.jpg)
Phony text messages like this can be particularly problematic if you have signed up to receive text message alerts from your bank. Whenever you receive a text message you can never be sure who is really sending it to you, so you should never call a telephone number indicated in the text message, provide information or click on links in such text messages which may either download ransomware malware on to your phone or keystroke logging malware that can lead to your becoming a victim of identity theft.
The best course of action when you receive such a text message, if you have a concern that it may be legitimate, is to merely independently contact your bank to determine whether or not the text message was a scam, but be careful that you do not misdial the telephone number of your bank as some scammers purchase phone numbers similar to those of legitimate banks and credit card companies hoping that they will receive calls from unwary consumers who may have merely misdialed the telephone number of their bank or credit card company.
TIPS
Regardless of how official such a text message may appear, you should never provide personal information to anyone in response to a telephone call, email or text message because in none of those situations can you be sure that the person contacting you is legitimate. If you do receive a communication from a bank, government agency or any other person or entity that you think might have a legitimate need for personal information from you, you should call the real entity at a telephone number that you know is legitimate in order to ascertain the truth.
Banks do not call, text or email their customers asking for personal information. You should always be skeptical of anyone asking for such information. Of course, if you receive a text message that appears to come from a bank at which you do not have an account, you can be confident it is a scam. If the text message provides for you to respond to stop future texts, don’t do it. Sending such a message to a scammer merely alerts them to the fact that yours is an active phone number.
Another step you should take to prevent your account from being taken over even if someone manages to get your user name and password is to set up dual factor authentication on your bank account.
Finally, although today’s Scam of the day focuses on phony bank text messages, it is a good idea to sign up to receive text alerts from your bank which can be customized for your own particular needs.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it indicates “Sign up for this blog.”
Scam of the day – March 13, 2025 – FTC Sending Refunds to Victims of Student Loan Scam
I have written often about phony student loan debt relief companies and with good reason. More than forty-two million Americans have student loans with an outstanding balance of more than 1.4 trillion dollars so it is no surprise that scammers are focusing their attention on these students and former students through scams that falsely promise to provide debt relief. In 2019 I told you that the Federal Trade Commission sued Arete Financial Group alleging that Arete charged illegal upfront fees for their services. However, according to the FTC, Arete’s crimes did not end there. In its lawsuit, the FTC alleged that Arete would change their clients’ Federal Student Aid (FSA) login ID, password and contact information with their clients’ loan servicer which effectively eliminated contact between the borrowers and their loan servicers. This enabled Arete, according to the FTC, to place the borrower’s loans into temporary forbearance or deferment status without the borrower even being aware of this. Thus when the borrowers sent their payments to Arete that they were told would be credited toward their loans, the money actually was kept by Arete. Some of Arete’s clients saw their loans become delinquent and their income tax refunds garnished to pay for overdue loan payments. The victims of the scam also lost the money they paid to Arete that was intended to be applied toward their loans.
In 2020 I informed you that Arete and the FTC settled their case and as a part of the settlement would be paying funds to the FTC to distribute to the victims of the scam. Three years later the FTC sent 3.3 million dollars of checks to victims of Arete’s scam. Now the FTC is sendng a second round of payments to victims fo the scam. For more information about this settlement, go to the first page of the Scamicide.com website and click on the tab in the middle of the page entitled “FTC Refunds.”
TIPS
The old adage still is true. If it sounds too good to be true, it probably isn’t true. Many of these student loan debt relief scammers promise quick loan forgiveness, which is unrealistic. In addition, you should never pay any upfront fees for student loan debt relief assistance. Those fees are illegal and are a sure indication that you are being scammed. Also, remember my motto, “trust me, you can’t trust anyone.” Don’t trust scammers merely because they use names that sound like they are affiliated with the government. You also should never share your FSA ID with anyone.
For information you can trust about federal student loan repayment option, go to https://studentaid.ed.gov/sa/repay-loans . There you can learn about loan deferments, forbearance, repayment and loan forgiveness programs and there is never an application fee. If you owe private student loans, contact your loan servicer directly. You can also look into student loan refinancing rather than consolidating the loans. Refinancing student loans can result in a lower interest rate.
Here is a link to an FTC video that explains student loan scams and what you can do to protect yourself. https://www.youtube.com/watch?v=7TjSI4Q6ztQ
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – March 12, 2025 – Extortionist Scammers Pose as Russian Ransomware Gang
I have often written about imporster scams where scammers pose as legitimate companies or government agencies that you know and trust in an effort to lure you into providing personal information or making a payment under some pretext. Now, in an unusual twist on the usual imposter scam, the FBI is warning people about scammers posing as members of the infamous Russian ransomware gang BianLian. The real BianLian Group has developed ransomware and deploys it to unsuspecting companies and threatens to destroy their data or make embarrasing data public unless a ransom is paid. The phony BianLian scammers are sending snail mail letters to business executives telling them that they have infiltrated their companies’ computers and have stolen sensitive data files whtih they threaten to make public unless the targeted victim of the scam uses a QR code included in the letter to pay a ransom of between $250,000 and $500,000. According to the FBI, the letters have been mailed from Boston. The FBI says that there is no indication that the scammers sending these letters are in any way connected to the real BianLian Group or have infiltrated the computers of their targeted victims.
TIPS
Anyone receiving such a letter should first confirm through their security software that their computers have not been infected with malware although the chances of their being infected by the scammers sending this letter is pretty much non-existent. Ransomware, which is most often downloaded through links in spear phishing emails, delivers a notice to the screens of the targeted victims that their data has been stolen and encrypted and cannot be accessed by the targeted victim.
This scam does serve as a reminder to protect yourself from ransomware and other types of malware sent as links or attachments to emails or text messages by never clicking on links or downloading attachments unless you have absoluetly confirmed that they are legitimate.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – March 11, 2025 – X (Formerly Twitter) Hit by DDOS Attack
On March 10th, Elon Musk’s X (formerly Twitter) was hit by a series of apparent DDoS attacks denying access to thousands of users of X throughtout the day. A DDoS occurs when the Domain Name Sevice (DNS) provider for a site gets flooded with an overwhelming amount of traffic which causes the website to shut down. Often the traffic comes from an army of botnet computers which are computers of unsuspecting people that become infected and can be remotely used to send the huge amounts of communications necessary to cause a DDoS. This problem can become magnified as the cybercriminals infiltrate and incorporate into their botnet not just computers, but also the myriad of devices that make up the burgeoning Internet of Things. Anything that is connected to the Internet can be hacked and used to become a part of a botnet. Too often, many of these devices that make up the Internet of Things are poorly protected with weak passwords and are easily hacked.
While Elon Musk posted that he believes the attack was done by “a large, coordinated roup and/or a country,” the fact is that botnets sufficient to perpetrate such an attack can be found for lease on the Dark Web, that part of the Internet where criminals buy and sell goods and services and do not require the level of sophistication of nation-state cyber resources. DDoS attacks are generally not much more than a nuisance and do not indicate that the attacked site has been hacked in any way or had data stolen. In the past we have seen the threats of DDoS attacks used to extort money from companies
TIPS
While there is nothing that we as consumers can do to stop DDoS other than to maintain the security of our own computers and devices connected to the Internet to keep them from becoming a part of a botnet, there are a number of steps that companies should be taking to protect themselves from future DDoS attacks in addition to the regular Firewalls and routers configured as best they can be to reject malicious traffic including the use of load balancers to spread traffic across multiple servers within a network to create additional capacity to handle the traffic as well as cloud based programs to identify and divert malicious traffic.
There are steps you can take, however, to keep your router from not being a part of a botnet including changing the default password as soon as you install a new router.
Most of the devices that make up the Internet of Things come with preset passwords that can easily be discovered by hackers. Change your password as soon as you set up the product. Also, set up a guest network on your router exclusively for your Internet of Things devices. This is important so that you can keep the sensitive personal information you have on your computer or cell phone from being accessible through a hacking of any of your Internet of Things devices.
Configure network firewalls to block traffic from unauthorized IP addresses and disable port forwarding. Make sure that you install the latest security patches as soon as they become available. Use encryption software for the transmission of data and find out where data is stored and what steps are taken to secure the information.
Make sure your router is secure and use its whitelisting capabilities which will prevent your device from connecting to malicious networks. Routers are a critical part of your smart home security. Make sure it will automatically download and install the latest security updates from its manufacturer. If your router is an older router that does not have this capability, you can check the manufacturer’s website regularly for the latest updates, but frankly, you are probably better served by getting a newer, more secure router. Make sure you have a unique password for each of your Internet of Things devices and use dual factor authentication whenever you can for all of these devices.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – March 10, 2025 – USAA Data Breach Settlement
USAA, the insurance and banking company that provides services to members of the military, veterans and their families which many people may be most familiar through their television advertisements featuring Rob Gronkowski and Sam Elliott suffered a data brach in 2021 in which personal information of thousands of its customers was compromised. The compromised information included names, addresses, phone numbers, email addresses, birth dates, driver’s license numbers bank account information and the last four digits of Social Security numbers.
Now a class action brought on behalf of victims of the data breach has been settled with people affected by the data breach being notified by mail or email with a unique ID and confirmation code to file a claim. The deadline to submit a claim is April 7, 2025. People receiving the notice may be skeptical as to whether the notice and the email link to to the settlement website is legitimate. Here is a link you can trust if you wish to file a claim. https://www.usaadatasettlement.com/home
TIPS
So how do you protect yourself from becoming a victim of data breaches like this.
More than anything, these data breaches are another reminder that regardless of how careful we may be protecting our personal information, we are only as secure as the companies with which we do business with the worst security. About the only way to reduce the risk is to limit the personal information we provide to these companies. Don’t leave your credit card on file with any company and don’t provide your Social Security number to every company that asks for it unless it is truly required. Your doctor does not need your Social Security number, but they often ask for it.
It also is important to freeze your credit reports to help protect you when data breaches do occur. Freezing your credit is something everyone should do. It is free and easy to do. In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
Also, if you are in the mood to get scared you can go to the free website haveibeenpawned where you can find out what data breaches have affected you personally. https://haveibeenpwned.com/
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – March 9, 2025 – CFPB Drops Zelle Lawsuit
Peer to Peer Payment Payment Service Zelle is used by many people to quickly and conveniently send money electronically from their credit card or bank account. Sending money through Zelle only requires you to enter the recipient’s phone number or email address. Zelle is an app created by the company Early Warning Services (EWS) which is owned by seven of the biggest banks in the United States including Bank of America and Capital One. Presently 2,400 banks and credit unions offer Zelle as a service.
Unfortunately, Zelle has proven to be easily exploited by scammers and unlike scams targeting your credit cards directly, you may not have as much protection under the law to get your money back if you do get scammed. In addition to scammers luring their victims to pay for worthless items through Zelle, scammers are also sending phishing emails and text messages in which they lure their victims into providing their Zelle usernames, passwords and PINs thereby enabling the scammers to take over their victims’ bank accounts through their Zelle accounts. Ironically, if your Zelle account is hacked, you are protected by law, but if you are tricked by a scammer into sending a Zelle payment, you have little protection.
In the Scam of the day for December 28, 2024 I informed you that the Consumer Financial Protection Bureau (CFPB) sued Bank of America, JP Morgan Chase and Wells Fargo for not providing effective safeguards to protect its Zelle customers from being scammed. Now, the newly Trump appointed director of the CFPB has dismissed the case.
Some of the critical failures which the CFPB accused the banks of committing included:
- Limited identity verification methods that enable scammers to quickly create accounts and target Zelle users, making it easy for a scammer to link a victim’s token which is an email address or a cell phone number to the scammer’s deposit account.
- Allowing repeat offenders to easily move from bank to bank exploiting multiple accounts across the Zelle network by failing to track scammers and share information about scammers with other banks that make up the Zelle network.
- Most significantly, the CFPB alleges that the banks ignored hundreds of thousands of fraud complaints instead of either responding in a manner to help their customers or using that data to help recognize and prevent further scams.
- Ignoring their obligations under the Electronic Fund Transfer Act and Regulation E to properly investigate complaints of Zelle customers who were scammed and take appropriate action to reimburse them for their losses.
TIPS
Meanwhile if you are a Zelle user what can you do to protect yourself?
Before signing up for any Zelle you should familiarize yourself with their fraud protection rules. In the fine print you may find that you have little, if any, protection if you use the account to purchase something that ends up being a scam. Consumers should recognize that Zelle should not be used for commercial transactions, but only to transfer small amounts of money to people you know.
In order to protect your account from being hacked and being taken over by a scammer who could access your credit card or bank account, you should use a PIN or other dual factor authentication for your Zelle account.
To avoid having your Zelle account and other accounts from being taken over by scammers, never provide your username, password or PIN in response to any email, text message or phone call unless you have absolutely confirmed that the request for this information is legitimate, which it never is. You can confirm this by contacting your bank by calling them at a telephone number you know is accurate. Even if you get a call that appears to come from your bank or other company with which you do business, your Caller ID can be tricked by a technique called spoofing to make the call appear legitimate when it is not.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it states “Sign up for this blog.”
Scam of the day – March 8, 2025 – Car Dealer Cloning Scam
The Wisconsin Department of Transportation issued a warning recently about an increase in car dealer cloning. Car dealer cloning occurs when a scammer sets up a website or social media profile as a legitimate car dealer. The website and social media posts use images and photographs of legitimate car dealers to make them look legitimate and, with the increased availability of AI to assist the scammers in setting up their phony car dealer websites and social media presence, they appear quite legitimate. On these phony sites the scammers offer tremendous discounts on cars. Generally, the scammers require the purchase price for the non-existent cars to be wired to them. Wiring funds is a favorite choice of payment of scammers because it can be difficult to reverse and is easy for the scammers to disguise their identity. While the warning came from the Wisconsin Department of Transportation, this scam is going on throughout the country.
TIPS
Research any car dealer you are considering to confirm their actual phone number, email address and other contact information to make sure you are communicating with the real dealer and not a scammer posing as the legitimate dealer. Confirm with your state Department of Transportation that the dealer with whom you are dealing is a properly registered. Never buy a car without actually seeing and inspecting it. Before wiring money. confirm with the seller’s bank the identity of the company you are sending the funds to. You can tell the bank that you want to verify the company’s identity before wiring funds.
Scam of the day – March 7, 2025 – Prisoners Arrested for Phone Scams
I have been warning you about the jury duty scam for twelve years, but it continues to snare many unwary victims. In the Scam of the day for January 25, 2025 I told you Anthony Sanders and an accomplice were indicted on charges related to a jury duty scam in which Sanders called his victim, a 30 year nurse posing as a Sarasota, Florida sheriff threatening arrest for failure to show up for jury duty and demanding a payment of more than $12,000 through what he referred to as a “Bonding Transition Center” which was actually a Bitcoin ATM which was used to direct the funds to Sanders’ account. The call appeared on the victim’s Caller ID as coming from the Sarasota sheriff’s department and the victim paid the funds. What makes this particular scam unusual was that Sanders is a prisoner in a Georgia prison who allegedly used a smuggled in cell phone to commit the crime.
Now, two more Georgia prisoners, Braindon Cayo and Deqquarius Thornton along with Alabama lifer Andrew Maresh were arrested for perpaetrating the jury duty scam while doing time in state prisons.
Often in these scams you are told that you can pay the fine through a credit card or, as is being done more and more, by a gift card. And now more frequently you are told to pay the “fine” through a Bitcoin ATM. Other times they ask for your Social Security number to confirm your identity. Of course, the phone call is a scam. Even if you have missed jury duty, you will never be called by legitimate court officers and shaken down for a payment.
Often, as in this case, the scammers will use a technique called “spoofing” to make the call appear on your Caller ID as if it is coming from a legitimate law enforcement agency or court. In some instances of the scam you are asked to confirm your identity by providing your Social Security number which will then be used to make you a victim of identity theft. Recently the scam has evolved to where people are also being contacted by text messages or emails from scammers posing as a representative of the local court system.
TIPS
Initial contacts from courts regarding jury duty are always in writing through the mail although some systems will permit you to receive future notices through email. Under no circumstances will you receive telephone calls or text messages indicating that you have failed to report for jury duty. No court will demand payment over the phone for failing to appear for jury duty and no court ever requires a payment be made via cryptocurrencies. If you do receive such a call and you think that there is even the possibility that you might have forgotten to report for jury duty, merely call the local clerk of courts in order to get accurate information. Of course anyone calling you and telling you that you can pay your fine to them over the phone using your credit card or a gift card is a scammer.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”
Scam of the day – March 6, 2025 – 25 Canadians Indicted for Grandparent Scam
Yesterday twenty-five Canadians were arrested and charged with operating the grandparent scam through a call center in Canada where they contacted elderly victims in 40 American states between 2021 and 2024 during which time they stole $21 million from their victims. The scammers posed as either the targeted victims’ grandchild or an attorney representing the grandchild asking for money to be paid for bail. The scammers sent couriers posing as bail bondsmen to collect the cash and told the elderly victims that there was a gag order that prevented the victims from discussing the phony charges.
I am sure by now all of you are familiar with the grandparent scam where a grandparent receives a telephone call from someone purporting to be their grandchild who has gotten into some trouble, most commonly a traffic accident, legal trouble or medical problems in a far away place. The caller pleads for the grandparent to send money immediately to help resolve the problem. However the caller also begs the grandparent not to tell mom and dad. One would think that no one would be gullible enough to fall for this scam, but don’t be so hard on the victims of this scam. Scam artists have a knowledge of psychology of which Freud would have been envious and are able to use that knowledge to persuade their victims to send money right away. While this scam has been going on for approximately fifteen years, it continues to victimize people.
TIPS
Scammers often use the nicknames of the grandchildren when speaking to their intended victims. Sometimes they get this information from social media while in other instances they get this information from reading obituaries which may contain the names of grandchildren so merely because the correct name is used in the call is no reason to believe the call. Don’t respond immediately to such a call without calling the real grandchild on his or her cell phone or call the parents and confirm the whereabouts of the grandchild. If a medical problem is the ruse used, you can call the real hospital. If legal problems are the hook you can call the real police. You can also test the caller with a question that could be answered only by the real grandchild, but make sure that it really is a question that only the real grandchild could answer and not just anyone who might read the real grandchild’ s social media postings. Prudent families can also come up with a code word to use in an emergency which a scammer will never know.
Due to AI voice cloning the scam has gotten worse with unsophisticated scammers able to use voice cloning technology to disguise their voices to sound like that of the grandchild. The scammers are able to obtain audio of the grandchild they are impersonating through social media posts to use to clone their voice.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it states “Sign up for this blog.”