Scam of the Day
Scam of the day – April 15, 2025 – Mavis Wanczyk Lottery Scams Continue to Snare Victims
She’s back! Actually, she has never left. I have been writing about scams related to Mavis Wanczyk for eight years but recently I have received many emails from Scamicide readers telling me about various new incarnations of a variety of scams that share the same hook which is that Mavis Wanczyk is giving money away to lucky people. Many of you may not remember the name of Mavis Wanczyk, but she was the lucky winner of a 758 million dollar Powerball drawing in 2017. Not long after she claimed her prize, a scam started appearing in which many people received emails with the message line referring to the Mavis Wanczyk Cash Grant. The email indicated that you were chosen to receive a large cash grant from Mavis Wanczyk. All the lucky strangers receiving the emails had to do was provide personal information in order to qualify for the grant. In addition, phony social media accounts on Twitter, Facebook and Instagram were also set up in Ms. Wanczyk’s name through which people were contacted with the same phony offer of free money informing them that in order to qualify for the grant they merely needed to provide personal information.
Numerous Scamicide readers have told me that they have encountered the phony Mavis Wanczyk scammers on Instagram including one Instagram post that reads “I’m Mavis Wanczyk, the mega winner of $758 Million in Mega Millions Jackpot. I’m donating $50,000 to first 100 followers as a lucky winners.” Apparently, the fake Mavis Wanczyk is not very good at grammar or even remembering that the real Mavis Wanczyk won Powerball not Mega Millions. Instagram takes down the phony Mavis Wanczyk accounts as soon as they learn about them, but they continue to reappear shortly thereafter.
TIPS
It is difficult to win a lottery you have entered. It is impossible to win one that you have never entered and neither lottery winners, nor anyone else is sending out messages through the Internet offering free money to anyone who responds with personal information. Never give out personal information that can make you vulnerable to identity theft unless you have absolutely verified that the party requesting the personal information is legitimate and has a legitimate need for the information. Also never pay anything to a lottery claiming you owe fees in order to claim your prize. This is a telltale sign of a scam. No legitimate lottery requires the payment of a fee to collect your winnings or requires you to pay the lottery income taxes on the prize. While income taxes are due on lottery winnings, those taxes are either deducted by the lottery sponsor before giving you your prize or the prize is given to you in full and you are responsible for the payment of any taxes. No lottery collects taxes on behalf of the IRS.
You should never give anyone access to your social media accounts because scammers use your account to scam others who trust you and fall for scams that appear to come from you.
Finally and most importantly, remember neither Mavis Wanczyk nor any other lottery winner is giving away money to strangers.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it indicates “Sign up for this blog.”
Scam of the day – April 14, 2025 – Hacking Your Computer Through Your Smoke Detector
I have been warning you about dangers in the rapidly expanding Internet of things for more than eleven years. The Internet of Things is made up of a broad range of devices connected to the Internet including home thermostats, security systems, medical devices, refrigerators, televisions, cars and toys. Our homes have become filled with these devices including Alexa and Siri. The FBI has longed warned consumers about the dangers of posed by hacking of various devices that makeup the Internet of Things.
Cybercriminals hack into your devices that are a part of the Internet of Things to enable them to enlist your devices as a part of a botnet by which they can distribute malware while maintaining their anonymity. They also can hack into your Internet of Thing devices to access your home computers or cell phones to steal information for purposes of identity theft or to implant malware on your home computers and cell phones. Any device you have in your home that is connected to the Internet poses a threat. One device that people hardly give any thought to is your smoke detector. Newer, sophisticated smoke detectors have the capability to send data to your phone or the manufacturer which they do through your router and this make them vulnerable to being hacked.
TIPS
Most of the devices that make up the Internet of Things come with preset passwords that can easily be discovered by hackers. Change your password as soon as you set up the product. Also, set up a guest network on your router exclusively for your Internet of Things devices. This is important so that you can keep the sensitive personal information you have on your computer or cell phone from being accessible through a hacking of any of your Internet of Things devices.
Configure network firewalls to block traffic from unauthorized IP addresses and disable port forwarding. Make sure that you install the latest security patches as soon as they become available. Use encryption software for the transmission of data and find out where data is stored and what steps are taken to secure the information.
Make sure your router is secure and use its whitelisting capabilities which will prevent your device from connecting to malicious networks. Routers are a critical part of your smart home security. Make sure it will automatically download and install the latest security updates from its manufacturer. If your router is an older router that does not have this capability, you can check the manufacturer’s website regularly for the latest updates, but frankly, you are probably better served by getting a newer, more secure router. Make sure you have a unique password for each of your Internet of Things devices and use dual factor authentication whenever you can for all of these devices.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – April 13, 2025 – Is the American Community Survey a Scam?
Many people are receiving letters, phone calls and even visits from people representing that they are with the United States Census Bureau taking a survey known as the American Community Survey. While it is true that the official United States Census is only done once every ten years, the Census Bureau does a limited survey of 3.5 million randomly selected people in all of the states as well as Washington D.C. and Puerto Rico each year.
So how can you tell if you are being contacted and solicited for information by a legitimate census worker or by a scammer merely using the American Community Survey as a ruse to gather personal information from you in order to make you a victim of identity theft? First of all, the real American Community Survey does not ask for your Social Security number or credit card information. If you are asked for that information, it is a scam.
TIPS
It is important to note that the Census Bureau will always initially contact you through a snail mail letter informing you that you have been selected to participate in the survey. The letter will also provide you with instructions as to how to complete the survey online. If you fail to complete the survey online a paper survey will be sent to you after three weeks. Once the survey has been completed either online or on paper, you may be called on the phone if the Census Bureau needs to clarify any information. You will not be asked for your Social Security number or any bank or credit card information.
A Census Bureau representative may come to your home to follow up on the survey. He or she will always have a photo ID with the U.S. Department of Commerce seal and an expiration date. If you are concerned that the person may be a scammer you can always contact your Census Bureau regional office to confirm that the visit is legitimate.
If you are contacted about participating in the American Community Survey, it is prudent to confirm that you have been selected to participate in the survey. You can do this by calling your Census Bureau regional office. Here is a link with the phone numbers for each region. https://www.census.gov/about/regions.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – April 12, 2025 – Why You Should Keep Your Cell Phone Number Private
Sometimes we are our own worst enemy when it comes to posting too much personal information on social media that can be leveraged by a criminal for purposes of identity theft. During the earlier days of the pandemic many people posted photos of their vaccination cards on social media showing their date of birth. Your birthdate is a significant piece of information that, in the wrong hands can lead to identity theft.
Identity thieves use legal and illegal online sources to gather their victims’ personal information, such as their Social Security number, address, and date of birth and use that information for purposes of identity theft which is a significant threat to everyone. One important piece of information that many people don’t realize should be kept as private as possible is their cell phone number. These days your cell phone number is tied to so much of what we do.
When a criminal knows your cell phone number, he or she can leverage that number through commonly available legal databases such as White Pages Premium and learn information such as your current address, past addresses, the names of your family members and more. The criminal can also use the number to gain access to your social media accounts and can most significantly use the information gained to answer security questions that would allow the criminal to do a SIM swap whereby your cell phone number would be transferred to a phone of the criminal and thereby defeat dual factor authentication where you get a text message or a code sent to your phone when you go to access your bank account online or any other account that requires significant security.
So what can you do to protect yourself?
TIPS
Limit providing your cell phone number to people and companies as much as possible. You also may want to consider getting a second phone to use when you have concerns about security. You also can use apps such as Google Voice https://voice.google.com/about or Burner https://www.burnerapp.com/ that will enable you to create different numbers to use for calls and text messages.
As for dual factor authentication, while sending a code or text message to your cell phone is a simple and effective method of dual factor authentication, you may wish to consider other forms of dual factor authentication such as apps that will generate temporary security codes such as Authy https://authy.com/ or Google Authenticator https://support.google.com/accounts/answer/1066447?co=GENIE.Platform%3DAndroid&hl=en
Perhaps the best thing you can do to protect your SIM card from SIM swapping is to set up a PIN or password to be used for access to your mobile service provider account. This will help prevent a criminal from calling your carrier posing as you and convincing your mobile carrier to swap your SIM card to the criminal’s phone merely by providing personal identifying information or answering a security question.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – April 11, 2025 – Facebook Messenger Scam
A variation on an old Facebook scam has recently resurfaced. In the new scam you receive a Facebook Message that merely says “look what I found” and is followed by a link that leads you to a website where you are prompted to provide personal information that will be used to make you a victim of identity theft. Alternatively, merely clicking on the link, in some instances, has downloaded destructive malware to your phone, computer or tablet.
This new scam is a variation of one about which I have written about previously in which you receive a Facebook Message that contains a video and the words “Is it you in the video” as a prompt to get you to click on the video which either takes you to a website where you are prompted to provide personal information that will be used to make you a victim of identity theft or, again, merely by clicking on the link, you will download malware.
TIPS
Remember my motto, BS – Be skeptical. Whenever you get a Facebook message, email, or text message you can never be sure who is really contacting you. The “friend” you think is communicating with you may well be a criminal who has managed to hack your friend’s Facebook account, email account or phone and use these accounts to send out phishing messages that lure you into clicking on infected links. Never click on a link unless you have absolutely confirmed that it is legitimate.
In the case of this particular Facebook Messenger scam, instead of clicking on the link or providing your user name and password, you should contact your real friend to determine if they sent the message to you. Additionally, it is always a good idea to use dual factor authentication whenever possible for all of your online accounts so that if somehow you are tricked into providing your user name and password, the criminal still wouldn’t be able to gain access to your account. Here is a link to information about setting up dual factor authentication on your Facebook account. https://www.facebook.com/help/148233965247823
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – April 10, 2025 – Insidious PayPal Docusign Scam
Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new. They are a staple of identity thieves and scammers and with good reason because they work. As always, they lure you by making it appear that there is an emergency that requires your immediate attention or else dire consequences will occur.
Here is the email presently circulating. I have deleted a link to click on to “Review the Document.”:
|
TIPS
Legitimate emails from a company with which you do business would include the last four digits of your account and include your name. The email looks legitimate and has the logos for Docusign and PayPal, but logos are easily counterfeited and AI can be used to make the email appear to be legitimate.
What makes this phishing email particular insidious is that it actaully comes from a PayPal account. Scammers set up accounts posing as legitimate companies so that the email address will appear legitmate. This also enables them to avoid spam filters used by your email provider.
As with all phishing emails, two things can happen if you click on the links provided or contact the scammer by a phone number provided. Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download malware such as keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.
If you call a phone number contained in the email, you will be prompted to provide credit card information or other personal information that will lead to your becoming a victim of identity theft. If you receive an email like this and think it may possibly be legitimate, merely call the company from which the email purports to originate at a telephone number that you know is accurate and you will be able to confirm that it is a scam. The phone number for customer service contained in the email is not a phone number used by PayPal. The customer service number for PayPal is 888-221-1161
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – April 9, 2025 – How Scammers Defeat Dual Factor Authentication
A Subscriber Identity Module, more commonly known as a SIM card, is an integrated circuit that stores information used to authenticate subscribers on mobile devices, such as a cell phone. The SIM card is able to be transferred between different devices, and often is, when people update into a newer cell phone. SIM Swapping is the name for the crime where someone convinces your phone carrier to transfer your SIM card to a phone controlled by the criminal.
Identity thieves with access to their victims’ SIM cards are increasingly becoming able to intercept security codes sent by text messages for online banking as part of dual factor authentication and thereby providing the identity thief with the opportunity to empty their victims’ bank accounts and cause other financial havoc.
The best thing you can do to protect your SIM card from SIM swapping is to set up a PIN or password to be used for access to your mobile service provider account. This will help prevent a criminal from calling your carrier posing as you and convincing your mobile carrier to swap your SIM card to the criminal’s phone merely by providing personal identifying information or answering a security question.
Now, however, clever scammers are avoiding even having to do a SIM swap by using social engineering to convince their victims to provide the security code sent when dual factor authentication is used. The scam starts with the scammer getting the password of their targeted victim either through purchasing passwords stolen through data breaches that are sold on the Dark Web or by using social engineering through spear phishing emails or text messages to lure the victim into providing the password. The next step is a phone call from the scammer posing as security for your bank or another company with which you have an online account telling you that there has been unusual activity on your account and that they are sending you a security code to your phone for you to provide to confirm your identity. Of course, this is a total scam. The scammer has just used the stolen password to start access to the account. At that point the dual factor authentication on the account sends a security code to the targeted victim’s phone which the concerned victim provides to the scammer thereby enabling the scammer to get the security code and hack the account without even having to do a SIM swap.
TIPS
I have written in the past about how to avoid SIM swaps by setting up a passcode or PIN on your mobile service carrier account to avoid a scammer being able to access the account merely by answering a security question, however, that will not protect you from this type of social engineering method of defeating dual factor authentication.
B.S. Be skeptical. Whenever you receive a phone call, text message or email, you can never be sure who is actually contacting you. Even if your Caller ID indicates the call is from a trusted source, such as your bank, scammers can use a technique called “spoofing” to make their call or text appear to come from whatever number or source they wish. Therefore, whenever you are asked for personal information, to make a payment or click on a link you should refrain from doing so until you have absolutely confirmed that the communication is legitimate.
In this particular scam, remember that security code are only sent as part of dual factor authentication and if you get such a code sent to you, it is an indication that your password has been compromised and someone is trying to access your account. A call to your bank will confirm that the confirm that it was a scammer and not the bank that called you.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – April 8, 2025 – Watch Out For CAPTCHA Scams
It is rare that after 12 years of writing Scamicide I find entirely new scams, but today is one of those days. We are all familiar with CAPTCHA tests which appear on many websites that we use and are intended to confirm that you are not a robot, but a real person. CAPTCHA is an acronym for “completely automated public Turing Test to tell computers and humans apart.” The name Turing refers to early British computer scientist Alan Turing. CAPTCHA tests generally take the form of having to recognize scrambled letters or numbers or to recognize patterns in a number of pictures such as which pictures have traffic lights. People are familiar with CAPTCHA tests and although many people find them mildly annoying, people trust them and there is the problem. Scammer are setting up legitimate appearing websites with fake CAPTCHA tests that require you to click on a box to solve a simple test, but when you follow the insructions, you end up downloading dangerous malware.
It should be noted that even “legitimate” CAPTCHA tests sometime are used by the websites to collect data from you such as your IP address and browser history without telling you that your information is being gathered This information is then sold to companies looking to use that information.
TIPS
Trust me, you can’t trust anyone. Particularly when going to unfamliar websites you should be wary of CAPTCHA tests that appear there. Additionally, you should make sure that you have good security software on all of your electronic devices that you update whenever security patches are issued to protect you from known malware threats.
If you are not a subscriber to Scamicide.com and would like to free receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”
Scam of the day – April 7, 2025 – REAL ID Scams
The most effective scams are the ones that capitalize on real things that apply to you. Many people are familiar with the REAL ID, which is a new version of your driver’s license mandated by federal law. The federal REAL ID Act established new security requirements for driver’s licenses and identification cards with which all states must comply and which will eventually be needed by you if you wish to board an airplane or enter certain federal facilities although you can still do so if you have a passport.
The original date by which you had to get a REAL ID was set at October 1, 2021, however due to the Covid 19 pandemic, the deadline was postponed until May 3, 2023. However, in December of 2022, the deadline was extended again. The new deadline is May 7, 2025 which is now only a month away. In the face of this impending deadline, scammers are contacting people posing as governmental officials seeking your personal information under the guise of helping you apply for your REAL ID when their real purpose is to harvest your personal information and use it to make you a victim of identity theft.
The scam is turning up in many forms. such as emails, text messages and phone calls in which you are urged to either provide sensitive personal information or click on links taking you to websites that appear to be official where you will either unwittingly have downloaded malware such as ransomware by clicking on the link or, again, be prompted to provide personal information used to make you a victim of identity theft.
TIPS
No states are initiating contact with people by emails, text messages or phone calls asking for personal information to apply for your REAL ID. An important thing to remember is that whenever you get a phone call, text message or email, you can never be sure you is really contacting you even if the email address, phone number or Caller ID indicates that the communication is legitimate. This is why you should never provide personal information or click on a link in an email or text message unless you have absolutely confirmed that the communication is legitimate.
Sometimes, you may be able to pick up on obvious (or not so obvious) mistakes in the communications from scammers such as in text messages to residents of Illinois that purported to be from the Department of Motor Vehicles. This is a mistake because Illinois does not have a Department of Motor Vehicles. The name of its agency dealing with these matters is the Department of Driver Services. In any event, if you receive a communication pertaining to the REAL ID, your best choice is to contact your state agency that deals with them at an email address you know is legitimate.
Here is a link to a listing of the websites for all of the state agencies that deal with REAL IDs. https://www.dhs.gov/real-id
If you are not a subscriber to Scamicide.com and would like to free receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”
Scam of the day – April 6, 2025 – Arizona Advances Bill to Regulate Bitcoin ATMs
A report from the Federal Trade Commission (FTC) indicates a 1,000 % increase in money lost to scammers through Bitcoin ATMs in the last three years with consumers reporting losses of more than 111 million dollars last year. Bitcoin and other cryptocurrency ATMs look just like traditional ATMs, but instead of distributing cash, they take cash in exchange for cryptocurrency and enable the transfer of the deposited cash turned into Bitcoin into crypto wallets. Due to the anonymity and immediacy of the Bitcoin transfers done through a Bitcoin ATM, it is a favorite method of payment for scammers.
Most of the scams using Bitcoin ATMs involve imposter scams where the scammer poses as either a law enforcement officer, government official or someone providing tech support for a non-existent problem. What all of these imposter scams have in common is that they scare the targeted victim with a story about an emergency that requires them to take cash from their bank account and use a QR code provided by the scammer to deposit the money into the account of the scammer at a Bitcoin ATM under the guise of protecting the funds. According to the FTC, people over 60 years old were more than three times more likely to report losing money to a Bitcoin ATM scam with an average loss of $10,000.
Arizona state representative David Marshall has filed House Bill 2387 which would provide needed regulations for these cryptocurrency ATMs to help prevent people from being scammed. If passed into law, the bill would require warnings on the ATMs before the user could do a transaction. The warnings would also provide information about cryptocurrency scams. Additionally, the bill would require the ATMs to provide printed receipts that would include information useful to law enforcement in the event of a scam. The law would also limit the amount of funds someone could deposit into a new account or send in a 72 hour period. Scammers often require their victims to send repeated deposits. Finally, the law would require greater transparency in the operation of the ATMs. The bill passed unanimously out of committee and now goes to the Senate for consideration and eventually if passed by the House and Senate will become law when signed by the governor.
TIPS
Protecting yourself from these imposter scams starts with recognizing that you can never be sure who is actually contacting you when you are contacted by phone, email or text message so you should never click on a link, download an attachment or provide personal information in response to any of those communications unless you have absolutely confirmed that the communication was legitimate. Further there is no circumstance where you will be asked by anyone legitimate to withdraw funds from your bank, deposit them into a Bitcoin ATM and transfer the funds to them. Only scammers make those requests.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”