Scam of the Day
Scam of the day – April 16, 2025 – Sophisticated Airbnb Scam
Airbnb is a deservedly popular service that connects homeowners wishing to rent a room or their entire house with vacationers and other travelers in 191 countries around the world. I have used Airbnb many times. Unfortunately, anything popular with the public is also popular with scammers and reports are increasing about scams involving people paying scammers for renting a non-existent room or a home that the scammer does not own. Many of the victims of these scams do not find out that they have been scammed until they show up at the rental,which may be far away, only to learn that it is not for rent and their money is gone.
Generally, a telltale sign that the Airbnb listing is a scam occurs when the “homeowner” or “host” as they are referred to in Airbnb asks to communicate with the victim off of the Airbnb website. They also ask for the money to be wired to the scammer’s account . As I have told you many times before, once you have wired funds, they are gone forever.
However, in the last six years a more sophisticated Airbnb scam has arisen. Computer savvy criminals created a subscription service called Land Lordz which they lease to less sophisticated criminals to assist them in victimizing Airbnb customers. Land Lordz helps criminals create and manage phony listings on phony websites that look like Airbnb. The phony listings are generally copied from legitimate Airbnb listings and will include fake reviews as well. The phony Airbnb site emphasizes that all payments will go through Airbnb and will therefore be safe and secure. If someone asks for further details, which is common, the scammers email a response with a link that appears to take you to the real Airbnb website, but instead takes you to a phony website that merely appears legitimate and with the use of AI, it is a simple matter for a criminal to create a legitimate appearing website. When the targeted victim of the scam logs into the phony Airbnb website, the scammers are notified and respond by demanding a deposit be wired to them. Once the money is wired, the funds are lost forever.
TIPS
Only communicate with hosts through the Airbnb website and use the Airbnb payment system with a credit card. The credit card companies are quite good at refunding funds lost to scams. Airbnb does not forward payment to the host sooner than 24 hours after the guest checks in. Never use wired funds, certified checks, debit cards or any other method of payment other than a credit card through the Airbnb payment system to pay for accommodations. Always check your browser’s address bar to make sure that you are indeed on the real Airbnb website and don’t click on links to go to a website, but rather always type in the website address independently. Airbnb also provides for dual factor authentication which I urge you to use if you have an Airbnb account for greater for protection.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type your email address on the tab that states “Sign up for this blog.”
Scam of the day – April 15, 2025 – Mavis Wanczyk Lottery Scams Continue to Snare Victims
She’s back! Actually, she has never left. I have been writing about scams related to Mavis Wanczyk for eight years but recently I have received many emails from Scamicide readers telling me about various new incarnations of a variety of scams that share the same hook which is that Mavis Wanczyk is giving money away to lucky people. Many of you may not remember the name of Mavis Wanczyk, but she was the lucky winner of a 758 million dollar Powerball drawing in 2017. Not long after she claimed her prize, a scam started appearing in which many people received emails with the message line referring to the Mavis Wanczyk Cash Grant. The email indicated that you were chosen to receive a large cash grant from Mavis Wanczyk. All the lucky strangers receiving the emails had to do was provide personal information in order to qualify for the grant. In addition, phony social media accounts on Twitter, Facebook and Instagram were also set up in Ms. Wanczyk’s name through which people were contacted with the same phony offer of free money informing them that in order to qualify for the grant they merely needed to provide personal information.
Numerous Scamicide readers have told me that they have encountered the phony Mavis Wanczyk scammers on Instagram including one Instagram post that reads “I’m Mavis Wanczyk, the mega winner of $758 Million in Mega Millions Jackpot. I’m donating $50,000 to first 100 followers as a lucky winners.” Apparently, the fake Mavis Wanczyk is not very good at grammar or even remembering that the real Mavis Wanczyk won Powerball not Mega Millions. Instagram takes down the phony Mavis Wanczyk accounts as soon as they learn about them, but they continue to reappear shortly thereafter.
TIPS
It is difficult to win a lottery you have entered. It is impossible to win one that you have never entered and neither lottery winners, nor anyone else is sending out messages through the Internet offering free money to anyone who responds with personal information. Never give out personal information that can make you vulnerable to identity theft unless you have absolutely verified that the party requesting the personal information is legitimate and has a legitimate need for the information. Also never pay anything to a lottery claiming you owe fees in order to claim your prize. This is a telltale sign of a scam. No legitimate lottery requires the payment of a fee to collect your winnings or requires you to pay the lottery income taxes on the prize. While income taxes are due on lottery winnings, those taxes are either deducted by the lottery sponsor before giving you your prize or the prize is given to you in full and you are responsible for the payment of any taxes. No lottery collects taxes on behalf of the IRS.
You should never give anyone access to your social media accounts because scammers use your account to scam others who trust you and fall for scams that appear to come from you.
Finally and most importantly, remember neither Mavis Wanczyk nor any other lottery winner is giving away money to strangers.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it indicates “Sign up for this blog.”
Scam of the day – April 14, 2025 – Hacking Your Computer Through Your Smoke Detector
I have been warning you about dangers in the rapidly expanding Internet of things for more than eleven years. The Internet of Things is made up of a broad range of devices connected to the Internet including home thermostats, security systems, medical devices, refrigerators, televisions, cars and toys. Our homes have become filled with these devices including Alexa and Siri. The FBI has longed warned consumers about the dangers of posed by hacking of various devices that makeup the Internet of Things.
Cybercriminals hack into your devices that are a part of the Internet of Things to enable them to enlist your devices as a part of a botnet by which they can distribute malware while maintaining their anonymity. They also can hack into your Internet of Thing devices to access your home computers or cell phones to steal information for purposes of identity theft or to implant malware on your home computers and cell phones. Any device you have in your home that is connected to the Internet poses a threat. One device that people hardly give any thought to is your smoke detector. Newer, sophisticated smoke detectors have the capability to send data to your phone or the manufacturer which they do through your router and this make them vulnerable to being hacked.
TIPS
Most of the devices that make up the Internet of Things come with preset passwords that can easily be discovered by hackers. Change your password as soon as you set up the product. Also, set up a guest network on your router exclusively for your Internet of Things devices. This is important so that you can keep the sensitive personal information you have on your computer or cell phone from being accessible through a hacking of any of your Internet of Things devices.
Configure network firewalls to block traffic from unauthorized IP addresses and disable port forwarding. Make sure that you install the latest security patches as soon as they become available. Use encryption software for the transmission of data and find out where data is stored and what steps are taken to secure the information.
Make sure your router is secure and use its whitelisting capabilities which will prevent your device from connecting to malicious networks. Routers are a critical part of your smart home security. Make sure it will automatically download and install the latest security updates from its manufacturer. If your router is an older router that does not have this capability, you can check the manufacturer’s website regularly for the latest updates, but frankly, you are probably better served by getting a newer, more secure router. Make sure you have a unique password for each of your Internet of Things devices and use dual factor authentication whenever you can for all of these devices.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – April 13, 2025 – Is the American Community Survey a Scam?
Many people are receiving letters, phone calls and even visits from people representing that they are with the United States Census Bureau taking a survey known as the American Community Survey. While it is true that the official United States Census is only done once every ten years, the Census Bureau does a limited survey of 3.5 million randomly selected people in all of the states as well as Washington D.C. and Puerto Rico each year.
So how can you tell if you are being contacted and solicited for information by a legitimate census worker or by a scammer merely using the American Community Survey as a ruse to gather personal information from you in order to make you a victim of identity theft? First of all, the real American Community Survey does not ask for your Social Security number or credit card information. If you are asked for that information, it is a scam.
TIPS
It is important to note that the Census Bureau will always initially contact you through a snail mail letter informing you that you have been selected to participate in the survey. The letter will also provide you with instructions as to how to complete the survey online. If you fail to complete the survey online a paper survey will be sent to you after three weeks. Once the survey has been completed either online or on paper, you may be called on the phone if the Census Bureau needs to clarify any information. You will not be asked for your Social Security number or any bank or credit card information.
A Census Bureau representative may come to your home to follow up on the survey. He or she will always have a photo ID with the U.S. Department of Commerce seal and an expiration date. If you are concerned that the person may be a scammer you can always contact your Census Bureau regional office to confirm that the visit is legitimate.
If you are contacted about participating in the American Community Survey, it is prudent to confirm that you have been selected to participate in the survey. You can do this by calling your Census Bureau regional office. Here is a link with the phone numbers for each region. https://www.census.gov/about/regions.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – April 12, 2025 – Why You Should Keep Your Cell Phone Number Private
Sometimes we are our own worst enemy when it comes to posting too much personal information on social media that can be leveraged by a criminal for purposes of identity theft. During the earlier days of the pandemic many people posted photos of their vaccination cards on social media showing their date of birth. Your birthdate is a significant piece of information that, in the wrong hands can lead to identity theft.
Identity thieves use legal and illegal online sources to gather their victims’ personal information, such as their Social Security number, address, and date of birth and use that information for purposes of identity theft which is a significant threat to everyone. One important piece of information that many people don’t realize should be kept as private as possible is their cell phone number. These days your cell phone number is tied to so much of what we do.
When a criminal knows your cell phone number, he or she can leverage that number through commonly available legal databases such as White Pages Premium and learn information such as your current address, past addresses, the names of your family members and more. The criminal can also use the number to gain access to your social media accounts and can most significantly use the information gained to answer security questions that would allow the criminal to do a SIM swap whereby your cell phone number would be transferred to a phone of the criminal and thereby defeat dual factor authentication where you get a text message or a code sent to your phone when you go to access your bank account online or any other account that requires significant security.
So what can you do to protect yourself?
TIPS
Limit providing your cell phone number to people and companies as much as possible. You also may want to consider getting a second phone to use when you have concerns about security. You also can use apps such as Google Voice https://voice.google.com/about or Burner https://www.burnerapp.com/ that will enable you to create different numbers to use for calls and text messages.
As for dual factor authentication, while sending a code or text message to your cell phone is a simple and effective method of dual factor authentication, you may wish to consider other forms of dual factor authentication such as apps that will generate temporary security codes such as Authy https://authy.com/ or Google Authenticator https://support.google.com/accounts/answer/1066447?co=GENIE.Platform%3DAndroid&hl=en
Perhaps the best thing you can do to protect your SIM card from SIM swapping is to set up a PIN or password to be used for access to your mobile service provider account. This will help prevent a criminal from calling your carrier posing as you and convincing your mobile carrier to swap your SIM card to the criminal’s phone merely by providing personal identifying information or answering a security question.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – April 11, 2025 – Facebook Messenger Scam
A variation on an old Facebook scam has recently resurfaced. In the new scam you receive a Facebook Message that merely says “look what I found” and is followed by a link that leads you to a website where you are prompted to provide personal information that will be used to make you a victim of identity theft. Alternatively, merely clicking on the link, in some instances, has downloaded destructive malware to your phone, computer or tablet.
This new scam is a variation of one about which I have written about previously in which you receive a Facebook Message that contains a video and the words “Is it you in the video” as a prompt to get you to click on the video which either takes you to a website where you are prompted to provide personal information that will be used to make you a victim of identity theft or, again, merely by clicking on the link, you will download malware.
TIPS
Remember my motto, BS – Be skeptical. Whenever you get a Facebook message, email, or text message you can never be sure who is really contacting you. The “friend” you think is communicating with you may well be a criminal who has managed to hack your friend’s Facebook account, email account or phone and use these accounts to send out phishing messages that lure you into clicking on infected links. Never click on a link unless you have absolutely confirmed that it is legitimate.
In the case of this particular Facebook Messenger scam, instead of clicking on the link or providing your user name and password, you should contact your real friend to determine if they sent the message to you. Additionally, it is always a good idea to use dual factor authentication whenever possible for all of your online accounts so that if somehow you are tricked into providing your user name and password, the criminal still wouldn’t be able to gain access to your account. Here is a link to information about setting up dual factor authentication on your Facebook account. https://www.facebook.com/help/148233965247823
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – April 10, 2025 – Insidious PayPal Docusign Scam
Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new. They are a staple of identity thieves and scammers and with good reason because they work. As always, they lure you by making it appear that there is an emergency that requires your immediate attention or else dire consequences will occur.
Here is the email presently circulating. I have deleted a link to click on to “Review the Document.”:
|
TIPS
Legitimate emails from a company with which you do business would include the last four digits of your account and include your name. The email looks legitimate and has the logos for Docusign and PayPal, but logos are easily counterfeited and AI can be used to make the email appear to be legitimate.
What makes this phishing email particular insidious is that it actaully comes from a PayPal account. Scammers set up accounts posing as legitimate companies so that the email address will appear legitmate. This also enables them to avoid spam filters used by your email provider.
As with all phishing emails, two things can happen if you click on the links provided or contact the scammer by a phone number provided. Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download malware such as keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.
If you call a phone number contained in the email, you will be prompted to provide credit card information or other personal information that will lead to your becoming a victim of identity theft. If you receive an email like this and think it may possibly be legitimate, merely call the company from which the email purports to originate at a telephone number that you know is accurate and you will be able to confirm that it is a scam. The phone number for customer service contained in the email is not a phone number used by PayPal. The customer service number for PayPal is 888-221-1161
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – April 9, 2025 – How Scammers Defeat Dual Factor Authentication
A Subscriber Identity Module, more commonly known as a SIM card, is an integrated circuit that stores information used to authenticate subscribers on mobile devices, such as a cell phone. The SIM card is able to be transferred between different devices, and often is, when people update into a newer cell phone. SIM Swapping is the name for the crime where someone convinces your phone carrier to transfer your SIM card to a phone controlled by the criminal.
Identity thieves with access to their victims’ SIM cards are increasingly becoming able to intercept security codes sent by text messages for online banking as part of dual factor authentication and thereby providing the identity thief with the opportunity to empty their victims’ bank accounts and cause other financial havoc.
The best thing you can do to protect your SIM card from SIM swapping is to set up a PIN or password to be used for access to your mobile service provider account. This will help prevent a criminal from calling your carrier posing as you and convincing your mobile carrier to swap your SIM card to the criminal’s phone merely by providing personal identifying information or answering a security question.
Now, however, clever scammers are avoiding even having to do a SIM swap by using social engineering to convince their victims to provide the security code sent when dual factor authentication is used. The scam starts with the scammer getting the password of their targeted victim either through purchasing passwords stolen through data breaches that are sold on the Dark Web or by using social engineering through spear phishing emails or text messages to lure the victim into providing the password. The next step is a phone call from the scammer posing as security for your bank or another company with which you have an online account telling you that there has been unusual activity on your account and that they are sending you a security code to your phone for you to provide to confirm your identity. Of course, this is a total scam. The scammer has just used the stolen password to start access to the account. At that point the dual factor authentication on the account sends a security code to the targeted victim’s phone which the concerned victim provides to the scammer thereby enabling the scammer to get the security code and hack the account without even having to do a SIM swap.
TIPS
I have written in the past about how to avoid SIM swaps by setting up a passcode or PIN on your mobile service carrier account to avoid a scammer being able to access the account merely by answering a security question, however, that will not protect you from this type of social engineering method of defeating dual factor authentication.
B.S. Be skeptical. Whenever you receive a phone call, text message or email, you can never be sure who is actually contacting you. Even if your Caller ID indicates the call is from a trusted source, such as your bank, scammers can use a technique called “spoofing” to make their call or text appear to come from whatever number or source they wish. Therefore, whenever you are asked for personal information, to make a payment or click on a link you should refrain from doing so until you have absolutely confirmed that the communication is legitimate.
In this particular scam, remember that security code are only sent as part of dual factor authentication and if you get such a code sent to you, it is an indication that your password has been compromised and someone is trying to access your account. A call to your bank will confirm that the confirm that it was a scammer and not the bank that called you.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – April 8, 2025 – Watch Out For CAPTCHA Scams
It is rare that after 12 years of writing Scamicide I find entirely new scams, but today is one of those days. We are all familiar with CAPTCHA tests which appear on many websites that we use and are intended to confirm that you are not a robot, but a real person. CAPTCHA is an acronym for “completely automated public Turing Test to tell computers and humans apart.” The name Turing refers to early British computer scientist Alan Turing. CAPTCHA tests generally take the form of having to recognize scrambled letters or numbers or to recognize patterns in a number of pictures such as which pictures have traffic lights. People are familiar with CAPTCHA tests and although many people find them mildly annoying, people trust them and there is the problem. Scammer are setting up legitimate appearing websites with fake CAPTCHA tests that require you to click on a box to solve a simple test, but when you follow the insructions, you end up downloading dangerous malware.
It should be noted that even “legitimate” CAPTCHA tests sometime are used by the websites to collect data from you such as your IP address and browser history without telling you that your information is being gathered This information is then sold to companies looking to use that information.
TIPS
Trust me, you can’t trust anyone. Particularly when going to unfamliar websites you should be wary of CAPTCHA tests that appear there. Additionally, you should make sure that you have good security software on all of your electronic devices that you update whenever security patches are issued to protect you from known malware threats.
If you are not a subscriber to Scamicide.com and would like to free receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”
Scam of the day – April 7, 2025 – REAL ID Scams
The most effective scams are the ones that capitalize on real things that apply to you. Many people are familiar with the REAL ID, which is a new version of your driver’s license mandated by federal law. The federal REAL ID Act established new security requirements for driver’s licenses and identification cards with which all states must comply and which will eventually be needed by you if you wish to board an airplane or enter certain federal facilities although you can still do so if you have a passport.
The original date by which you had to get a REAL ID was set at October 1, 2021, however due to the Covid 19 pandemic, the deadline was postponed until May 3, 2023. However, in December of 2022, the deadline was extended again. The new deadline is May 7, 2025 which is now only a month away. In the face of this impending deadline, scammers are contacting people posing as governmental officials seeking your personal information under the guise of helping you apply for your REAL ID when their real purpose is to harvest your personal information and use it to make you a victim of identity theft.
The scam is turning up in many forms. such as emails, text messages and phone calls in which you are urged to either provide sensitive personal information or click on links taking you to websites that appear to be official where you will either unwittingly have downloaded malware such as ransomware by clicking on the link or, again, be prompted to provide personal information used to make you a victim of identity theft.
TIPS
No states are initiating contact with people by emails, text messages or phone calls asking for personal information to apply for your REAL ID. An important thing to remember is that whenever you get a phone call, text message or email, you can never be sure you is really contacting you even if the email address, phone number or Caller ID indicates that the communication is legitimate. This is why you should never provide personal information or click on a link in an email or text message unless you have absolutely confirmed that the communication is legitimate.
Sometimes, you may be able to pick up on obvious (or not so obvious) mistakes in the communications from scammers such as in text messages to residents of Illinois that purported to be from the Department of Motor Vehicles. This is a mistake because Illinois does not have a Department of Motor Vehicles. The name of its agency dealing with these matters is the Department of Driver Services. In any event, if you receive a communication pertaining to the REAL ID, your best choice is to contact your state agency that deals with them at an email address you know is legitimate.
Here is a link to a listing of the websites for all of the state agencies that deal with REAL IDs. https://www.dhs.gov/real-id
If you are not a subscriber to Scamicide.com and would like to free receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”