Scam of the Day
Scam of the day – May 18, 2025 – Mystery Shopper Scams
I have written many times over the last fourteen years about the mystery shopper scam because it continues to ensnare unwary victims. These scams continue to be effective and are increasing in number so it is important to remind you about them again. Mystery shoppers are people hired to shop at a particular store and report on the shopping experience for purposes of quality control. Unlike many scams, there actually are legitimate mystery shopper companies, but they never advertise or recruit through emails, text messages or letters.
The manner in which the scam generally works is that when you answer an advertisement, or respond to a letter, email or a text message to become a mystery shopper, you are sent a bank check. You deposit the check into your own account and spend some of the money on the goods that you purchase which you are allowed to keep and also are directed to keep some of the balance of the check as payment for your services. You are instructed to return the remaining funds by a wire transfer. Of course, the check that was sent to you is counterfeit and bounces, but the funds wired by the victim of the scam is gone forever from his or her bank account.
In a Walmart themed mystery shopper scam, the targeted victim was sent a legitimate appearing, but counterfeit check for $2,940 and told to keep $540 as payment and then go to the nearest Walmart and use the remainder of the check to buy six $400 Kroger gift cards and provide the numbers to the scammer. The scam victim was then told to keep the gift cards for their next assignment although there never is another assignment and the scammers use the numbers on the Kroger gift cards to make purchases, making the actual cards worthless. The victim of the scam loses the $2,400 used to purchase the gift cards from the victim’s own bank account when the check bounces.
TIPS
One reason why this scam fools so many people is that there really are mystery shopping jobs although the actual number is quite few and the companies that do mystery shopping do not go looking for you. A firm indication that you are involved with a scam is when you receive a check for more than what is owed you and you are asked to wire the difference back to the sender. This is the basis of many scams. Whenever you receive a check, wait for your bank to tell you that the check has fully cleared before you consider the funds as actually being in your account. Don’t rely on provisional credit which is given after a few days, but which will be rescinded once a check bounces and never accept a check for more than what is owed with the intention to send back the rest. That is always a scam. Also be wary whenever you are asked to wire funds or send gift cards because this is a common theme in many scams because it is difficult to trace and impossible to stop. Legitimate companies do not use gift cards as payments.
For more information about legitimate mystery shoppers, you can go to the website of the Mystery Shopping Professional Association https://www.mspa-americas.org/scam-alerts/
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”
Scam of the day – May 17, 2025 – Phantom Debt Collection Scams
Receiving a telephone call from a debt collector is not a pleasant experience. Being hounded by someone attempting to collect a debt you do not owe constitutes fraud. In recent years the Federal Trade Commission (FTC) has taken action against a number of these Phantom debt collection agencies. These scammers used false claims and threats to compel people to pay debts which were largely either non-existent or which the defendants had no authority to collect. They also violated federal law by illegally failing to provide proper notices and disclaimers also required by federal law.
TIPS
Subject to strict federal laws, legitimate debt collectors are permitted to call debtors, however, the law prohibits them from threatening imprisonment for the failure to pay a debt and attempting to collect a debt that the debt collector knows is bogus. The law also prohibits debt collectors from communicating information about a debt to the consumer’s employer although they can contact the employer merely to obtain contact information about the employee
It can be difficult to know when someone calls attempting to collect a debt if indeed they are legitimate or not, so the best course of action if you receive such a call is to not discuss the debt with the person calling, but instead demand that they send you a written “validation notice” by regular mail which describes the debt they allege you owe and includes a listing of your rights under the Federal Fair Debt Collection Practices Act.
Never give personal information over the phone to anyone who calls you attempting to collect a debt. You can never be sure who they are. If you receive the validation notice and it appears to be legitimate, you may be better off contacting your creditor directly because the person who called you may not be representing the creditor, but may merely have information about the debt.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – May 16, 2025 – The Danger of Trojan Subscribers
In Homer’s Odyssey, the Trojan horse hid soldiers that when brought through the gates and into the city of Troy led to the fall of Troy. Trojan subscribers are malware hidden within legitimate apps that while they won’t lead to the downfall of a city can cost the victims of a Trojan subscriber a lot of money.
Trojan subscribers are malicious code that cybercriminals add to legitimate apps and then upload them to app stores under a different name. The apps can be for a variety of purposes, such as monitoring blood pressure or scanning documents. When someone downloads one of these infected apps, he or she doesn’t realize that the Trojan subscriber will automatically subscribe to a paid service without the person who downloaded the app being aware of it.
Generally, the cybercriminals who create and use Trojan subscribers get paid a commission on each new subscription to a paid service.
There have been a number of different Trojan subscribers found during the past few years including the Jocker Trojan subscriber, the MobOk Trojan subscriber, the Vesub Trojan subscriber and the GriftHorse.ae Trojan subscribers. While they all work slightly differently they all manage to effectively sign up their victims to unwanted and costly subscription services.
Google Play and other app stores try to identify apps with Trojan subscribers, but as soon as they take one down, another pops up. In other instances, Trojan subscribers are found in apps that are not allowed on the regular official app stores.
TIPS
So what can you do to protect yourself from Trojan subscribers?
First and foremost, don’t install apps from unofficial sources. The risk is far too great that you will be downloading malware. However, even if you stick to legitimate sources for your apps such as Google Play, you must recognize that getting your app from a legitimate source does not guarantee that the app is malware-free.
Always check out the reviews and ratings of particular apps before you download them. Also, the longer an app has appeared on a legitimate source such as Google Play, the better the chance that it has been properly vetted and does not contain any malware. Therefore be a bit wary of apps that have only recently appeared on a legitimate app store.
Another good policy to follow when you download apps is to give the apps only the minimal access to your device that is needed to perform properly.
Finally, make sure that you have installed strong security software on your cellphone and keep it updated with the latest security updates and patches as they become available to protect you from not only Trojan subscribers, but also other threats as well.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – May 15, 2025 – Medicare Card Verification Scam
For many years Medicare used a person’s Social Security number as his or her Medicare number which put Medicare recipients in serious danger of identity theft. Medicare resisted changing the Medicare number to a safer random number for many years. Finally, in April 2018, new random numbered cards began being sent by regular mail to all 60 million Americans enrolled in Medicare and in 2020 the switch over to new more secure Medicare card numbers was complete.
But this has not stopped identity thieves. Many older Americans are receiving emails or phone calls purporting to be from Medicare either offering various health services or new Medicare cards with microchips. All the targeted victim has to do is merely verify their Medicare number. And while your Medicare number is no longer your Social Security number, giving it to an identity thief can cause you substantial problems when you try to access Medicare as well as cost the American taxpayers millions of dollars.
TIPS
It is easy to determine when you receive a phone call, email or text message from Medicare if it is legitimate. They don’t contact you by email, text message or by phone so anytime you are contacted in this manner, you can be confident it is a scam. As for phone calls purporting to be from Medicare, you should never provide your Medicare number, Social Security number, credit card number or any other personal information to anyone who calls you on the phone because you can never be sure they are legitimate. Even if your Caller ID indicates the call is from Medicare, the IRS or some other legitimate organization, through a technique called “spoofing” your Caller ID can be tricked into making it appear that the call is legitimate.
The real Medicare also will not contact you and ask you to verify your Medicare number and there are no new Medicare cards with microchips. If you get a call asking for personal information that appears legitimate, merely hang up and call the company or agency at a number that you independently know is legitimate to find out the truth.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – Mary 14, 2025 – OneDrive Phishing Scam
OneDrive is a popular cloud storage system of Microsoft that allows you to sync and save documents, pictures and files. Scammers send emails purporting to be from OneDrive, such as the one copied below that I received recently. If you click on the View File, you will either be lured into providing personal information that can lead to your becoming a victim of identity theft or download malware such as ransomware or keystroke logging malware that leads to your becoming a victim of identity theft.
|
|||||||||
|
TIPS
I was not expecting an email from the lawyer whose name appears in the email and so I contacted her office to confirm whether or not she had sent me documents through OneDrive. She had not. The lesson here is to never click on any links in any email unless you have absolutely confirmed that the email is legitimate. It is also important to remember that even if you have the most up to date security software, it will not protect you from the latest forms of malware which exploit what are called zero day defects. It generally takes the security software companies about a month to provide a security update for the particular malware which is why you should always install the latest security updates as soon as they become available.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”
Scam of the day – May 13, 2025 – The Best Way to Protect Yourself from Income Tax Identity Theft
With last year’s April 15th income tax deadline not even a month behind us, it may seem too early to think about income tax identity theft, but it is important to remember that income tax identity theft, by which identity thieves file phony income tax returns with counterfeit W-2s using the Social Security number and name of their victim is still a major problem for the IRS and taxpayers costing us all billions of dollars each year. However, when someone has stolen your Social Security number and filed an income tax return using your name, the problem becomes particularly personal. The IRS’s Taxpayer Advocate Service recently disclosed that victims of income tax identity theft wait an average of 675 days for the IRS to process their legitimate tax return and get their tax refund.
So what can you do to protect yourself from income tax identity theft? First and foremost you should file your return as soon as possible because if you file your income tax return before the identity thief does you should be able to get your refund in a timely manner. However, income tax identity thieves are pretty prompt in filing their phony returns so you should also get a PIN from the IRS to use when filing your tax return.
In 2022 the IRS announced an expansion of its Identity Protection PIN Op-In Program that provides individual taxpayers with a six-digit code that is required to be included on the individual’s income tax return. This will protect someone whose Social Security number had been compromised from becoming a victim of identity theft because the identity thief will not know the six-digit code. Recently the IRS urged people to get a PIN to protect themselves and it is good advice.Here is a link to the section of the IRS’ website that tells you all about the PIN program and where you can apply for a PIN. https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin The PIN is only valid for a single year but will automatically be renewed each year. The easiest way to get a PIN is through your online IRS account. Here is a link to information about getting an online IRS Account. https://www.irs.gov/payments/online-account-for-individuals
TIPS
In addition to protecting the privacy of your Social Security number, the best thing you can do to protect yourself from becoming a victim of income tax identity theft is to file your income tax return as early as possible. A criminal can successfully make you a victim of income tax identity theft only if he or she files an income tax return using your Social Security number before you file your legitimate income tax return. Therefore the earlier you file your income tax return, the more likely you are to avoid becoming a victim of this crime.
The IRS started the Identity Theft Protection PIN program almost ten years ago, but it was only available to people who were already victims of identity theft and to people living in a few specific states chosen by the IRS to test the program. Now anyone can and should obtain an Identity Theft Protection PIN.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – May 12, 2025 – FBI Issues Warning About Health Insurance Scams
Scam of the day – May 11, 2025 – Car Rental Scams
Since 2019, the cost of renting a car on vacation has increased dramatically. However, your friendly neighborhood scammer is more than willing to help you out. They are setting up phony car rental company websites and websites that appear to be those of legitimate car rental companies such as Avis or Hertz.
Often these phony websites appear high on a Google or other search engine search because the more sophisticated scammers are able to manipulate the algorithms used by search engines to position a website high in a search result. In other instances, the scammers take out ads for their phony websites that place them at the top of the first page in a Google or other search engine search. Victims of this scam are finding themselves without a car and losing the money they paid for the non-existent car rental.
TIPS
The phony websites can look quite legitimate and be hard to distinguish from the websites of real car rental companies. Always check the URL of the website you use carefully before responding to an offer for a car rental. You also may want to go the extra step and actually do a search to determine who owns the website you are on. There are a number of ways of doing this. One of the easiest is to go to ICANN and enter the domain name and click on “lookup.” This will enable you to find out who actually owns the website. So for instance, if you think you are renting from Hertz and the website you are on is owned by someone in Nigeria, you can be pretty confident it is a scam. Here is the link to ICANN https://lookup.icann.org/
One of the primary ways of knowing that you are dealing with a scammer is that often they ask for payment through gift cards. Gift cards are a favorite means of payment for scammers because once you give the scammer the gift card numbers over the phone or the Internet, the money is gone and cannot be easily traced or recovered. Some scammers tell you that you will get a special low rate on your car rental if you use a gift card. Legitimate companies never ask for payment by way of gift cards so anytime you are asked for payment through a gift card, you can be sure it is a scam.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – May 10, 2025 – FTC Sending Refunds to Victims of Publishers Clearing House Scam
Over the years, I have written many times about scammers posing as Publishers Clearing House to scam people they convince that they have won one of their lotteries, but have to pay administrative fees or income taxes in order to claim their prize. As I have often told you, no legitimate lottery charges administrative fees and income taxes are never collected by a legitimate lottery. Either the lottery deducts the taxes before paying the prize or they pay the full prize with the winner responsible for paying his or her own income taxes due on the lottery winnings.
In the Scam of the day for November 28, 2023 I informed you that the real Publisher Clearing House had settled fraud charges brought by the Federal Trade Commission (FTC) alleging multiple fraud claims. Specifically, Publishers Clearing House misled people into thinking that if they made a purchase it would increase their chances of winning, added surprise shipping and handling fees that increased the cost of their customers’ orders by an outrageous average of 40% and charged customers fees to return products despite representing that the ordering process was “risk free.”
According to the terms of the settlement, 18.5 million dollars was paid by Publishers Clearing House to the FTC for refunds to eligible customers. Checks will be sent to people who ordered a product from Publishers Clearing House after receiving and clicking on one of the emails that the FTC alleged were deceptive.
TIPS
In regard to this and any other FTC refund to scam victims, there is never a fee involved to the scam victim. Scammers will often take notice of refunds being provided to scam victims by the FTC and contact the scam victims by email, phone or text message posing as an FTC representative asking for a fee in order to process the refund. This is always just another scam. Even if you get a phone call and your Caller ID indicates the call is from the FTC, scammers are able to use a technique called “spoofing” to manipulate your Caller ID to make it appear as if the call is coming from the FTC when it is actually coming from the scammer. The FTC is not contacting anyone at this time in regard to the refund program.
For more information about this refund go to the first page of Scamicide.com and click on the icon for “FTC Scam Refunds.”
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – May 9, 2025 – Major Data Breach Affects 4 Million People
Last month I told you that Verizon had issued its annual data breach report which appears to exemplify my motto that “things aren’t as bad as you think, they are far worse.” Regardless of how diligent you are in protecting your personal information such as your Social Security number, you are only as safe as the myriad of companies, institutions and government agencies with the worse and most vulnerable security practices that have your personal information. The report confirmed 12,195 data breaches last year, an increase of 34% over the previous year.
Data breaches continue to be a major problem for all of us with more than 1.35 billion people affected in 2024. Recently, Verisource Services a major provider of HR outsourcing and employee benefits adminstration announced that the total people affected by a data breach at the company is approximately 4 million people. This data breach was first discovered in February of 2024 and it took the company until April 17, 2025 to complete its digital forensic investigation which indicated that the amount of people who were affected by the data breach was much more than had been originally thought. In May of 2024 Verisource notified 55,00 people that they had been affected and then 112,000 additional victims were notified in September of 2024, but now Verisource is quite belatedly notifying up to 4 million people that their information including their Social Security numbers was compromised putting them in serious danger of identity theft.
TIPS
One of the best things you can do to protect yourself from data breaches is to not provide your Social Security number to every company that asks for it as an identifier. Your doctor has no need for your Social Security number so whenever possible refuse to provide it.
Freezing your credit is actually something everyone should do. It is free and easy to do. It protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/