Scam of the Day
Scam of the day – April 12, 2025 – Why You Should Keep Your Cell Phone Number Private
Sometimes we are our own worst enemy when it comes to posting too much personal information on social media that can be leveraged by a criminal for purposes of identity theft. During the earlier days of the pandemic many people posted photos of their vaccination cards on social media showing their date of birth. Your birthdate is a significant piece of information that, in the wrong hands can lead to identity theft.
Identity thieves use legal and illegal online sources to gather their victims’ personal information, such as their Social Security number, address, and date of birth and use that information for purposes of identity theft which is a significant threat to everyone. One important piece of information that many people don’t realize should be kept as private as possible is their cell phone number. These days your cell phone number is tied to so much of what we do.
When a criminal knows your cell phone number, he or she can leverage that number through commonly available legal databases such as White Pages Premium and learn information such as your current address, past addresses, the names of your family members and more. The criminal can also use the number to gain access to your social media accounts and can most significantly use the information gained to answer security questions that would allow the criminal to do a SIM swap whereby your cell phone number would be transferred to a phone of the criminal and thereby defeat dual factor authentication where you get a text message or a code sent to your phone when you go to access your bank account online or any other account that requires significant security.
So what can you do to protect yourself?
TIPS
Limit providing your cell phone number to people and companies as much as possible. You also may want to consider getting a second phone to use when you have concerns about security. You also can use apps such as Google Voice https://voice.google.com/about or Burner https://www.burnerapp.com/ that will enable you to create different numbers to use for calls and text messages.
As for dual factor authentication, while sending a code or text message to your cell phone is a simple and effective method of dual factor authentication, you may wish to consider other forms of dual factor authentication such as apps that will generate temporary security codes such as Authy https://authy.com/ or Google Authenticator https://support.google.com/accounts/answer/1066447?co=GENIE.Platform%3DAndroid&hl=en
Perhaps the best thing you can do to protect your SIM card from SIM swapping is to set up a PIN or password to be used for access to your mobile service provider account. This will help prevent a criminal from calling your carrier posing as you and convincing your mobile carrier to swap your SIM card to the criminal’s phone merely by providing personal identifying information or answering a security question.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – April 11, 2025 – Facebook Messenger Scam
A variation on an old Facebook scam has recently resurfaced. In the new scam you receive a Facebook Message that merely says “look what I found” and is followed by a link that leads you to a website where you are prompted to provide personal information that will be used to make you a victim of identity theft. Alternatively, merely clicking on the link, in some instances, has downloaded destructive malware to your phone, computer or tablet.
This new scam is a variation of one about which I have written about previously in which you receive a Facebook Message that contains a video and the words “Is it you in the video” as a prompt to get you to click on the video which either takes you to a website where you are prompted to provide personal information that will be used to make you a victim of identity theft or, again, merely by clicking on the link, you will download malware.
TIPS
Remember my motto, BS – Be skeptical. Whenever you get a Facebook message, email, or text message you can never be sure who is really contacting you. The “friend” you think is communicating with you may well be a criminal who has managed to hack your friend’s Facebook account, email account or phone and use these accounts to send out phishing messages that lure you into clicking on infected links. Never click on a link unless you have absolutely confirmed that it is legitimate.
In the case of this particular Facebook Messenger scam, instead of clicking on the link or providing your user name and password, you should contact your real friend to determine if they sent the message to you. Additionally, it is always a good idea to use dual factor authentication whenever possible for all of your online accounts so that if somehow you are tricked into providing your user name and password, the criminal still wouldn’t be able to gain access to your account. Here is a link to information about setting up dual factor authentication on your Facebook account. https://www.facebook.com/help/148233965247823
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – April 10, 2025 – Insidious PayPal Docusign Scam
Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new. They are a staple of identity thieves and scammers and with good reason because they work. As always, they lure you by making it appear that there is an emergency that requires your immediate attention or else dire consequences will occur.
Here is the email presently circulating. I have deleted a link to click on to “Review the Document.”:
|
TIPS
Legitimate emails from a company with which you do business would include the last four digits of your account and include your name. The email looks legitimate and has the logos for Docusign and PayPal, but logos are easily counterfeited and AI can be used to make the email appear to be legitimate.
What makes this phishing email particular insidious is that it actaully comes from a PayPal account. Scammers set up accounts posing as legitimate companies so that the email address will appear legitmate. This also enables them to avoid spam filters used by your email provider.
As with all phishing emails, two things can happen if you click on the links provided or contact the scammer by a phone number provided. Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download malware such as keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.
If you call a phone number contained in the email, you will be prompted to provide credit card information or other personal information that will lead to your becoming a victim of identity theft. If you receive an email like this and think it may possibly be legitimate, merely call the company from which the email purports to originate at a telephone number that you know is accurate and you will be able to confirm that it is a scam. The phone number for customer service contained in the email is not a phone number used by PayPal. The customer service number for PayPal is 888-221-1161
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – April 9, 2025 – How Scammers Defeat Dual Factor Authentication
A Subscriber Identity Module, more commonly known as a SIM card, is an integrated circuit that stores information used to authenticate subscribers on mobile devices, such as a cell phone. The SIM card is able to be transferred between different devices, and often is, when people update into a newer cell phone. SIM Swapping is the name for the crime where someone convinces your phone carrier to transfer your SIM card to a phone controlled by the criminal.
Identity thieves with access to their victims’ SIM cards are increasingly becoming able to intercept security codes sent by text messages for online banking as part of dual factor authentication and thereby providing the identity thief with the opportunity to empty their victims’ bank accounts and cause other financial havoc.
The best thing you can do to protect your SIM card from SIM swapping is to set up a PIN or password to be used for access to your mobile service provider account. This will help prevent a criminal from calling your carrier posing as you and convincing your mobile carrier to swap your SIM card to the criminal’s phone merely by providing personal identifying information or answering a security question.
Now, however, clever scammers are avoiding even having to do a SIM swap by using social engineering to convince their victims to provide the security code sent when dual factor authentication is used. The scam starts with the scammer getting the password of their targeted victim either through purchasing passwords stolen through data breaches that are sold on the Dark Web or by using social engineering through spear phishing emails or text messages to lure the victim into providing the password. The next step is a phone call from the scammer posing as security for your bank or another company with which you have an online account telling you that there has been unusual activity on your account and that they are sending you a security code to your phone for you to provide to confirm your identity. Of course, this is a total scam. The scammer has just used the stolen password to start access to the account. At that point the dual factor authentication on the account sends a security code to the targeted victim’s phone which the concerned victim provides to the scammer thereby enabling the scammer to get the security code and hack the account without even having to do a SIM swap.
TIPS
I have written in the past about how to avoid SIM swaps by setting up a passcode or PIN on your mobile service carrier account to avoid a scammer being able to access the account merely by answering a security question, however, that will not protect you from this type of social engineering method of defeating dual factor authentication.
B.S. Be skeptical. Whenever you receive a phone call, text message or email, you can never be sure who is actually contacting you. Even if your Caller ID indicates the call is from a trusted source, such as your bank, scammers can use a technique called “spoofing” to make their call or text appear to come from whatever number or source they wish. Therefore, whenever you are asked for personal information, to make a payment or click on a link you should refrain from doing so until you have absolutely confirmed that the communication is legitimate.
In this particular scam, remember that security code are only sent as part of dual factor authentication and if you get such a code sent to you, it is an indication that your password has been compromised and someone is trying to access your account. A call to your bank will confirm that the confirm that it was a scammer and not the bank that called you.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – April 8, 2025 – Watch Out For CAPTCHA Scams
It is rare that after 12 years of writing Scamicide I find entirely new scams, but today is one of those days. We are all familiar with CAPTCHA tests which appear on many websites that we use and are intended to confirm that you are not a robot, but a real person. CAPTCHA is an acronym for “completely automated public Turing Test to tell computers and humans apart.” The name Turing refers to early British computer scientist Alan Turing. CAPTCHA tests generally take the form of having to recognize scrambled letters or numbers or to recognize patterns in a number of pictures such as which pictures have traffic lights. People are familiar with CAPTCHA tests and although many people find them mildly annoying, people trust them and there is the problem. Scammer are setting up legitimate appearing websites with fake CAPTCHA tests that require you to click on a box to solve a simple test, but when you follow the insructions, you end up downloading dangerous malware.
It should be noted that even “legitimate” CAPTCHA tests sometime are used by the websites to collect data from you such as your IP address and browser history without telling you that your information is being gathered This information is then sold to companies looking to use that information.
TIPS
Trust me, you can’t trust anyone. Particularly when going to unfamliar websites you should be wary of CAPTCHA tests that appear there. Additionally, you should make sure that you have good security software on all of your electronic devices that you update whenever security patches are issued to protect you from known malware threats.
If you are not a subscriber to Scamicide.com and would like to free receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”
Scam of the day – April 7, 2025 – REAL ID Scams
The most effective scams are the ones that capitalize on real things that apply to you. Many people are familiar with the REAL ID, which is a new version of your driver’s license mandated by federal law. The federal REAL ID Act established new security requirements for driver’s licenses and identification cards with which all states must comply and which will eventually be needed by you if you wish to board an airplane or enter certain federal facilities although you can still do so if you have a passport.
The original date by which you had to get a REAL ID was set at October 1, 2021, however due to the Covid 19 pandemic, the deadline was postponed until May 3, 2023. However, in December of 2022, the deadline was extended again. The new deadline is May 7, 2025 which is now only a month away. In the face of this impending deadline, scammers are contacting people posing as governmental officials seeking your personal information under the guise of helping you apply for your REAL ID when their real purpose is to harvest your personal information and use it to make you a victim of identity theft.
The scam is turning up in many forms. such as emails, text messages and phone calls in which you are urged to either provide sensitive personal information or click on links taking you to websites that appear to be official where you will either unwittingly have downloaded malware such as ransomware by clicking on the link or, again, be prompted to provide personal information used to make you a victim of identity theft.
TIPS
No states are initiating contact with people by emails, text messages or phone calls asking for personal information to apply for your REAL ID. An important thing to remember is that whenever you get a phone call, text message or email, you can never be sure you is really contacting you even if the email address, phone number or Caller ID indicates that the communication is legitimate. This is why you should never provide personal information or click on a link in an email or text message unless you have absolutely confirmed that the communication is legitimate.
Sometimes, you may be able to pick up on obvious (or not so obvious) mistakes in the communications from scammers such as in text messages to residents of Illinois that purported to be from the Department of Motor Vehicles. This is a mistake because Illinois does not have a Department of Motor Vehicles. The name of its agency dealing with these matters is the Department of Driver Services. In any event, if you receive a communication pertaining to the REAL ID, your best choice is to contact your state agency that deals with them at an email address you know is legitimate.
Here is a link to a listing of the websites for all of the state agencies that deal with REAL IDs. https://www.dhs.gov/real-id
If you are not a subscriber to Scamicide.com and would like to free receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”
Scam of the day – April 6, 2025 – Arizona Advances Bill to Regulate Bitcoin ATMs
A report from the Federal Trade Commission (FTC) indicates a 1,000 % increase in money lost to scammers through Bitcoin ATMs in the last three years with consumers reporting losses of more than 111 million dollars last year. Bitcoin and other cryptocurrency ATMs look just like traditional ATMs, but instead of distributing cash, they take cash in exchange for cryptocurrency and enable the transfer of the deposited cash turned into Bitcoin into crypto wallets. Due to the anonymity and immediacy of the Bitcoin transfers done through a Bitcoin ATM, it is a favorite method of payment for scammers.
Most of the scams using Bitcoin ATMs involve imposter scams where the scammer poses as either a law enforcement officer, government official or someone providing tech support for a non-existent problem. What all of these imposter scams have in common is that they scare the targeted victim with a story about an emergency that requires them to take cash from their bank account and use a QR code provided by the scammer to deposit the money into the account of the scammer at a Bitcoin ATM under the guise of protecting the funds. According to the FTC, people over 60 years old were more than three times more likely to report losing money to a Bitcoin ATM scam with an average loss of $10,000.
Arizona state representative David Marshall has filed House Bill 2387 which would provide needed regulations for these cryptocurrency ATMs to help prevent people from being scammed. If passed into law, the bill would require warnings on the ATMs before the user could do a transaction. The warnings would also provide information about cryptocurrency scams. Additionally, the bill would require the ATMs to provide printed receipts that would include information useful to law enforcement in the event of a scam. The law would also limit the amount of funds someone could deposit into a new account or send in a 72 hour period. Scammers often require their victims to send repeated deposits. Finally, the law would require greater transparency in the operation of the ATMs. The bill passed unanimously out of committee and now goes to the Senate for consideration and eventually if passed by the House and Senate will become law when signed by the governor.
TIPS
Protecting yourself from these imposter scams starts with recognizing that you can never be sure who is actually contacting you when you are contacted by phone, email or text message so you should never click on a link, download an attachment or provide personal information in response to any of those communications unless you have absolutely confirmed that the communication was legitimate. Further there is no circumstance where you will be asked by anyone legitimate to withdraw funds from your bank, deposit them into a Bitcoin ATM and transfer the funds to them. Only scammers make those requests.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – April 5, 2025 – FTC Sending Refunds to Victims of Weight Loss Scam
For more than seven years I have written about various scammers selling green coffee bean extracts as a weight loss product through the use of false and misleading advertising. Some of the scammers have claimed green coffee bean extracts would enable users to lose 17 pounds and 16% of their body fat in 12 weeks without diet or exercise. In 2016 the Federal Trade Commission (FTC) settled its claim against NPB Advertising, Inc and a number of other companies it used to deceptively market its weight loss supplement Pure Green Coffee through phony news websites with fake testimonials. Pursuant to the settlement NPB was ordered to pay $30 million to the FTC to be returned to victims of the scam. Now nine years later that money is being returned to victims of the scam.
For more information about the refund go to the “FTC Scam Refunds” section on the opening page of http://www.scamicide.com.
TIPS
The truth is that there are no quick fixes when it comes to weight loss and you should be wary of any product that promises you can lose tremendous amounts of weight quickly without dieting or exercise. You should also be wary of any weight loss product that is sold exclusively either over the Internet or through mail-order advertisements. It is also important to remember that no cream that you rub in your skin can help you lose substantial weight and no product can block the absorption of fat or calories. The best course of action is to ask your physician about the effectiveness of a particular weight loss product or program before you reduce your wallet in an effort to reduce your waistline.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – April 4, 2025 – Troubling Development in Sextortion
I have been warning you about sextortion scams for nine years. Some sextortion scams begin with an email in which you are told that your computer and web cam have been hacked and that the scammers have video of you watching porn online. In the email, the scammer threatens to send the videos to people on his contact list unless you pay a ransom in Bitcoin or some other cryptocurrency. In addition, adult predators, often posing as young girls, contact teenage boys on a variety of online platforms such as games or social media and then convince the teenage boys to engage in explicit sexual activity while unbeknownst to the teenaged boy, the predator is recording it. The scammer then reveals to the teenager that the scammer has the recording and threatens to post it online unless a substantial payment is made. According to the FBI there has been a significant increase in the instances of his scam. Many of these scams are organized and based outside the United States, primarily in West African countries such as Nigeria and the Ivory Coast.
Making the problem worse is the upsurge in sextortion assistance companies which charge thousands of dollars for their help in stopping and removing the photos and videos from appearing online. According to the FBI these companies provide no better assistance than you can get for free and, in some instances, actually are the same criminals perpetrating the sextotion scams themselves. Some offer to send cease and desits orders which sound good, but are totally unenforceable. Ads for sextortion assistance companies appear throughout social media and even in posts on victim support forums.
TIPS
The National Center for Missing and Exploited Children has a free service entitled Take It Down, which has been approved by the FBI, that can remove images from cooperating social media platforms, but not from text messaging platforms. Victims of sextortion who are over 18 can use a similar free platform StopHCII.org which uses similar technology to that used by the National Center for Missing and Exploited Children to remove videos and photos from social media platforms.
The FBI advises parents to tell their children to be very careful as to what they share online. Social media accounts which are open to everyone provide predators and scammers with a lot of information that the scammers can use to lure people into scams. Discuss the appropriate privacy settings with your children for all of their accounts.
The FBI also tells parents to remind their children that they can never be sure as to who they are communicating with online and they should be particularly skeptical if they meet someone on a game or app who then asks to communicate with them on a different platform.
In regard to your web cam being hacked, while often this is merely a threat and the scammer has not hacked your web cam, web cams can be hacked. One thing you can do to protect your webcam from being hacked is to make sure that you change the default password on your webcam when you first install it. Another simple thing I do and you can, as well, is to merely put a post-it note over your webcam when it is not in use.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – April 3, 2025 – Medicare Card Scams
For many years Medicare used a person’s Social Security number as his or her Medicare number which put Medicare recipients in serious danger of identity theft, Medicare resisted changing the Medicare number to a safer random number for many years. Finally, in April 2018, new cards began being sent by regular mail to all 60 million Americans enrolled in Medicare and since 2020 the switch over to new more secure Medicare card numbers was complete.
But this has not stopped identity thieves. Recently, many older Americans are receiving phone calls purporting to be from Medicare either offering new plastic cards to replace their paper cards or new Medicare cards with microchips. All the targeted victim has to do is merely verify their Medicare number. And while your Medicare number is no longer your Social Security number, giving it to an identity thief can cause you substantial problems when you try to access Medicare as well as cost the American taxpayers millions of dollars.
In other instances, the scammers posing on the phone as Medicare employees tell their targeted victims that they need to update or verify their personal information in order to maintain their Medicaid eligibilty. Often the scammes ask for Medicare card numbers, Social Security numbers and even bank account numbers.
TIPS
It is easy to determine when you receive a phone call, email or text message from Medicare. They don’t contact you by email, text message or by phone so anytime you are contacted in this manner, you can be confident it is a scam. You should never provide your Medicare number, Social Security number, credit card number or any other personal information to anyone who calls you on the phone because you can never be sure they are legitimate. Even if your Caller ID indicates the call is from Medicare, the IRS or some other legitimate organization, through a technique called “spoofing” your Caller ID can be tricked into making it appear that the call is legitimate.
The real Medicare also will not contact you and ask you to verify your Medicare number and there are no new plastic cards or Medicare cards with microchips.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”