Scam of the Day
Scam of the day – February 16, 2025 – Securing Your Smart Home
I have been warning you about dangers in the rapidly expanding Internet of things for more than twelve years. The Internet of Things is made up of a broad range of devices connected to the Internet including home thermostats, security systems, medical devices, refrigerators, televisions, cars and toys. Our homes have become filled with these devices including Alexa and Siri. The FBI has longed warned consumers about the dangers presented by hacking of various devices that makeup the Internet of Things.
Cybercriminals hack into your devices that are a part of the Internet of Things to enable them to enlist your devices as a part of a botnet by which they can distribute malware while maintaining their anonymity. They also can hack into your Internet of Thing devices to access your home computers or cell phones to steal information for purposes of identity theft or to implant malware on your home computers and cell phones. The risks are extreme, but there are some basic steps you can take to protect yourself.
TIPS
Most of the devices that make up the Internet of Things come with preset passwords that can easily be discovered by hackers. Change your password as soon as you set up the product. Also, set up a guest network on your router exclusively for your Internet of Things devices. This is important so that you can keep the sensitive personal information you have on your computer or cell phone from being accessible through a hacking of any of your Internet of Things devices.
Configure network firewalls to block traffic from unauthorized IP addresses and disable port forwarding. Make sure that you install the latest security patches as soon as they become available. Use encryption software for the transmission of data and find out where data is stored and what steps are taken to secure the information.
Make sure your router is secure and use its whitelisting capabilities which will prevent your device from connecting to malicious networks. Routers are a critical part of your smart home security. Make sure it will automatically download and install the latest security updates from its manufacturer. If your router is an older router that does not have this capability, you can check the manufacturer’s website regularly for the latest updates, but frankly, you are probably better served by getting a newer, more secure router. Make sure you have a unique password for each of your Internet of Things devices and use dual factor authentication whenever you can for all of these devices.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – February 15, 2025 – Geek Squad Phishing Scam
Last year I told you that the FTC disclosed that the company most impersonated by scammers in an attempt lure people into making a payment was Geek Squad. Geek Squad is a subsidiary of big box store chain Best Buy and it offers excellent tech support for electronic devices including televisions and computers. They are a popular company used by many people. Lately, scammers have been sending phishing emails that appear to be Geek Squad invoices. Reproduced below is one of those imposter phishing emails presently circulating. These types of phishing emails are intended to lure you into contacting the scammers where you will be prompted to provide information that will lead to your becoming a victim of identity theft. This email is intended to get you to respond by calling the phone number contained in the email to dispute the bill. If you do call the number you will be prompted to provide personal information that would be used to make you a victim of identity theft.
Here is the email that is presently circulating:
|
TIPS
Never click on links or download attachments in emails or text messages unless you have absolutely confirmed that they are legitimate and don’t call companies at telephone numbers that appear in the email such as this one. Instead, if the email appears to come from a legitimate company, you can call them at a telephone number you confirm is legitimate. In the case of Geek Squad their customer service number is actually 800-433-5778. The phone number in the email is not that of the Geek Squad and the area code is that of San Diego. Never call the number that appears in these types of emails.
An indication that this is not legitimate and is a phishing email is the fact that nowhere in the email does your name appear.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – February 14, 2025 – Evolution of the Brushing Scam
I first told you about “brushing” in August of 2020 after many people in the United States, Canada and the United Kingdom reported receiving unordered packages of seeds sent from China. A wide variety of conspiracy theories quickly surfaced to explain what was happening, but the truth was that it was an example of a scam called “brushing.” Brushing was the name given to using false orders for products to boost the prominence of an online vendor.
Vendors pay brushers to make large orders of their product and ship them to strangers to make the sales appear to be legitimate. The brushers follow up on these purchases by posting glowing reviews of the vendor’s product. This combination of increased sales volume and positive reviews will, in turn, result in the increased prominence of the vendor in online marketplaces and result in increased sales. Brushing is illegal in the United States and China, however, it is quite commonly used by Chinese companies.
Now we are seeing a resurgence of this scam, but in a more threatening manner. While in the original brushing scam, people receiving the unordered items did not suffer any financial harm, now scammers are sending unordered goods, most often through Amazon to people with a QR code and instructions to scan the QR code in order to see who sent the goods. If you scan the QR code either you will be taken to a phony, but legitimate appearing website where you will be prompted to provide personal information that will be used to make you a victim of identity theft or, even worse, merely by scanning the QR code you may download malware that will steal personal information from your phone that can lead to identity theft.
TIPS
If you get unordered goods with instructions to scan a QR code, report the package to Amazon using the form found at https://account-status.amazon.com/report-unwanted -packages. Do not scan the QR code, As with the initial instances of the brushing scam, you are legally entitled to keep any unordered goods sent to you.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – February 13, 2025 – Victims of Income Tax Identity Theft Wait Two Years for Tax Refund
For all of us procrastinating about filing our federal income tax returns it is important to remember that income tax identity theft, by which identity thieves file phony income tax returns with counterfeit W-2s using the Social Security number and name of their victim is still a major problem for the IRS and taxpayers costing us all billions of dollars each year. However, when someone has stolen your Social Security number and filed an income tax return using your name, the problem becomes particularly personal. The IRS’s Taxpayer Advocate Service recently disclosed that victims of income tax identity theft wait an average of 675 days for the IRS to process their legitimate tax return and get their tax refund.
So what can you do to protect yourself from income tax identity theft? First and foremost you should file your return as soon as possible because if you file your income tax return before the identity thief does you should be able to get your refund in a timely manner. However, income tax identity thieves are pretty prompt in filing their phony returns so you should also get a PIN from the IRS to use when filing your tax return.
In 2022 the IRS announced an expansion of its Identity Protection PIN Op-In Program that provides individual taxpayers with a six-digit code that is required to be included on the individual’s income tax return. This will protect someone whose Social Security number had been compromised from becoming a victim of identity theft because the identity thief will not know the six-digit code. Here is a link to the section of the IRS’ website where you can apply for a PIN. https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin The PIN is only valid for a single year but will automatically be renewed each year. The easiest way to get a PIN is through your online IRS account. Here is a link to information about getting an online IRS Account. https://www.irs.gov/payments/online-account-for-individuals
TIPS
In addition to protecting the privacy of your Social Security number, the best thing you can do to protect yourself from becoming a victim of income tax identity theft is to file your income tax return as early as possible. A criminal can successfully make you a victim of income tax identity theft only if he or she files an income tax return using your Social Security number before you file your legitimate income tax return. Therefore the earlier you file your income tax return, the more likely you are to avoid becoming a victim of this crime.
The IRS started the Identity Theft Protection PIN program almost ten years ago, but it was only available to people who were already victims of identity theft and to people living in a few specific states chosen by the IRS to test the program. Now anyone can and should obtain an Identity Theft Protection PIN.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – February 12, 2025 – New Amazon Text Message Scam
The Barnstable Massachusetts Police Department recently issued a warning about a new text message scam in which the scammers pose as Amazon. Recently there has been an increase in the number of people receiving phony text messages that purport to be sent from Amazon telling you that you are eligible for a “price difference refund” but that you need to click on a link to verify your account information in order to receive the payment. These phony text messages, called “smishing” generally either attempt to lure you into providing personal information that will be used to make you a victim or identity theft or try to persuade you to click on a link that will download malware.
A famous bank robber was once asked why he robbed banks to which he responded, “because that is where the money is” which is why it is not surprising that scammers have used Amazon as the basis for a wide variety of scams due to so many people buying products through Amazon.
Here is a copy of the presently circulating phony text message:
“(Amazon) Price Adjustment Refund Notification. We regret to infomr you that due to a price drop, your recent order is eligible for a price difference refund. Please click the link below to log into your Amazon account and verify your details, and we will process the refund promptly. (Note, I have removed the link) Once verified the refund will be processed to your account shortly. Thank you for choosing Amazon!”
One good indication that this is a scam is that it indicates that they regret to inform you that you are eligible for a refund, which makes no sense whatsoever.
You can provide a phone number for Amazon to text you alerts and notifications regarding your account so how can you tell if a text message is legitimate? The real Amazon will never ask for your password or personal information in a text message.
TIPS
If you have a question about your Amazon account, you can either contact them through their website at https://www.amazon.com/gp/help/customer/display.html or call them at 1 (888) 280-4331. Don’t trust any text message that purports to be from Amazon. Through the technique called “spoofing” scammers can make the text message appear to come from Amazon. If you think a text message you receive appearing to come from Amazon might be legitimate, merely call them at 1-(888) 280-4331.
It is a good practice to never click on a link in a text message or email unless you have absolutely confirmed that it is legitimate.
Here is a link to information Amazon provides about steps you can take to make your account more secure. https://www.amazon.com/b?ie=UTF8&node=21599686011
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – February 11, 2025 – Mystery Shopper Scam
I have written many times over the last thirteen years about the mystery shopper scam because it continues to ensnare unwary victims. These scams continue to be effective and are increasing in number so it is important to remind you about them again. Mystery shoppers are people hired to shop at a particular store and report on the shopping experience for purposes of quality control. Unlike many scams, there actually are legitimate mystery shopper companies, but they never advertise or recruit through emails, text messages or letters.
The manner in which the scam generally works is that when you answer an advertisement, or respond to a letter, email or a text message to become a mystery shopper, you are sent a bank check. You deposit the check into your own account and spend some of the money on the goods that you purchase which you are allowed to keep and also are directed to keep some of the balance of the check as payment for your services. You are instructed to return the remaining funds by a wire transfer. Of course, the check that was sent to you is counterfeit and bounces, but the funds wired by the victim of the scam is gone forever from his or her bank account.
In a Walmart themed mystery shopper scam, the targeted victim was sent a legitimate appearing, but counterfeit check for $2,940 and told to keep $540 as payment and then go to the nearest Walmart and use the remainder of the check to buy six $400 Kroger gift cards and provide the numbers to the scammer. The scam victim was then told to keep the gift cards for their next assignment although there never is another assignment and the scammers use the numbers on the Kroger gift cards to make purchases, making the actual cards worthless. The victim of the scam loses the $2,400 used to purchase the gift cards from the victim’s own bank account when the check bounces.
TIPS
One reason why this scam fools so many people is that there really are mystery shopping jobs although the actual number is quite few and the companies that do mystery shopping do not go looking for you. A firm indication that you are involved with a scam is when you receive a check for more than what is owed you and you are asked to wire the difference back to the sender. This is the basis of many scams. Whenever you receive a check, wait for your bank to tell you that the check has fully cleared before you consider the funds as actually being in your account. Don’t rely on provisional credit which is given after a few days, but which will be rescinded once a check bounces and never accept a check for more than what is owed with the intention to send back the rest. That is always a scam. Also be wary whenever you are asked to wire funds or send gift cards because this is a common theme in many scams because it is difficult to trace and impossible to stop. Legitimate companies do not use gift cards as payments.
For more information about legitimate mystery shoppers, you can go to the website of the Mystery Shopping Professional Association https://www.mspa-americas.org/scam-alerts/
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”
Scam of the day – February 10, 2025 – Cash App Ordered to Pay $175 Million For Failure to Protect its Customers From Fraud
Cash App is one of the largest peer-to-peer payment platroms with more than 56 million accounts. Similar to Zelle and Venmo, Cash App enables its customers to send money electronically. Recently the Consumer Financial Protection Bureau (CFPB) ordered Block, Cash App’s parent company to pay $120 million in refunds to its customers who had been defrauded while using the app and another $55 million to the CFPB’s victims relief fund. The basis for the order was Cash App’s failure to use sufficient security protocols to protect their customers from being scammed.
According to the CFPB, Cash App failed to properly investigate and resolve disputes about unauthorized transactions in violation of its obligations under federal law. Specifically, the CFPB said that CAsh App used intentionally shoddy investigation practices to cloe reports of unauthorized transactions int he company’s favor. Cash App included a telephone number on the back of its Cash Card and in its Cash App Terms of Service that for many years did not connect customers to any kind of customer support, but instead led to a pre-recorded message directing customers to contact customer support through the app. Customers attempting to contact Cash App through the app or mail were met with inadequate, confusing or inaccurate responses. If customers did a web search for a customer service number, they often found phony customer service information sites created by scammers who tricked customers into giving up their passwords or other personal information thereby giving the scammers access to their victims’ bank accounts tied to their Cash App accounts. According to the CFPB, Cash App knew its customers were being scammed in this manner, but neglected to act appropriately to address this problem.
TIPS
If you were a customer of Cash App who had lost money to a scammer and your case was not properly investigated by Cash App and were not reimbursed for your loss, you do not need to take any action at this time to receive your refund. The CFPB will be enforcing its order to ensure you get your refund. As more information becomes available about the refunds, I will let you know.
In regard to many of the scams affecting customers of Cash App, particularly where they were tricked into providing their passwords, these scams could have been avoided by using dual factor authentication for their account.
How to Enable 2FA on Cash App:
- Open Cash App on your device.
- Tap the profile icon (top right corner).
- Select Privacy & Security.
- Look for Two-Factor Authentication and toggle it on.
- Choose an authentication app (e.g., Google Authenticator) and follow the setup instructions.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – February 9, 2025 – Watch Out for Valentine’s Day Scams
Valentine’s Day is rapidly approaching. This is a very important day to many people including scammers and identity thieves who always manage to find an opportunity in whatever is current or popular to scam you out of your money. There are many Valentine’s day scams, but the most prevalent are phony florists, online dating scams, phony Valentine’s day electronic greeting cards and delivery scams.
Scammers set up phony florist websites or send you an email purporting to be from a local florist with a great deal you merely have to click on in order to save a great deal of money on flowers.
Online dating scams are plentiful with most revolving around scammers quickly professing true love for you and then asking for money.
Electronic greeting cards are a great way to send a Valentine’s day card at the last minute when you forget to get one ahead of time, but phony electronic greeting cards can be filled with malware and if you click on the link to open the card, you will infect your computer or other electronic device with malware that will steal your personal information and use it to make you a victim of identity theft.
A common delivery scam operating on Valentine’s day involves a delivery of a gift basket of wine and flowers to you, however the person delivering the gift basket requests a small payment, generally five dollars or less, as a delivery fee because alcohol is being delivered. The person delivering the basket will only accept a credit card as payment. When you turn over your credit card, the scammer then takes down the information and runs up charges on your credit card.
TIPS
Never trust an online florist or other retailer until you have checked them out to make sure that they are legitimate. Otherwise, you might be turning over your credit card information to a scammer. It is also important to remember, as I constantly warn you, that you can never be confident when you receive an email, particularly one with a link in it or an attachment to download, if the person sending you the email is who they claim to be. Clicking on links sent by scammers can download keystroke logging malware on to your computer or other electronic device that will, in turn, enable the identity thief to steal personal information from your computer and use it to make you a victim of identity theft. Always confirm the legitimacy of an email or text message before clicking on links contained in the message.
As for online dating scams, of course you should be wary of anyone who immediately indicates he or she is in love with you and then asks for money. Some other telltale signs of an online romance scam include wanting to communicate with you right away on an email account outside of the dating site, claiming to be working abroad, asking for your address and poor grammar which is often a sign of a foreign romance scammer although with the advent of AI, scammers are able to cure their former bad grammar and spelling. Many romance scams originate in Eastern Europe.
Be skeptical of any online greeting card, particularly if it does not indicate from whom it is being sent. Be very wary of a card sent by “an admirer.” Even if you recognize the name of the sender, confirm that it was really sent from that person before you click on the link and open the card. It could be filled with malware.
In regard to the delivery scam, there is no special delivery charge for alcohol so if someone requires a payment for such a delivery and on top of that won’t accept cash, merely decline the gift.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – February 8, 2025 – PayPal Phishing Email
Here is another good example of a phishing email that is presently being circulated. Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new. They are a staple of identity thieves and scammers and with good reason because they work. As always, they lure you by making it appear that there is an emergency that requires your immediate attention or else dire consequences will occur.
Here is the email presently circulating. I have deleted a link to click on to “Review the Document.”:
 |
|||
|
|||
We’ve detected an unauthorized Coinbase transaction on your PayPal account: Amount: $459.19 To ensure the security of your account and to receive a full refund, Customer Support team immediately at (888)X (356)X (2584) .Our team is available 24/7 to assist you and prevent any further unauthorized activity on your account. We take the security of your account very seriously and we are committed to helping you resolve this issue as soon as possible. Thank you for your prompt attention to this matter. Best regards, |
TIPS
Legitimate emails from a company with which you do business would include the last four digits of your account and include your name. The email looks legitimate and has the logos for both docusign and PayPal, but both of those logos are easily counterfeited and AI can be used to maket the email appear to be legitimate.
As with all phishing emails, two things can happen if you click on the links provided or contact the scammer by a phone number provided. Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download malware such as keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.
If you call a phone number contained in the email, you will be prompted to provide credit card information or other personal information that will lead to your becoming a victim of identity theft. If you receive an email like this and think it may possibly be legitimate, merely call the company from which the email purports to originate at a telephone number that you know is accurate and you will be able to confirm that it is a scam. The phone number for customer service contained in the email is not a phone number used by PayPal. The customer service number for PayPal is 888-221-1161
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – February 7, 2025 – Porn in the Cloud Scam
People are reporting receiving calls that purport to be from Apple’s Special Investigations Unit telling them that illegal child pornography has been discovered on their cloud account. The phony investigator is sympathetic when you inform them that you never stored child pornography on the cloud or anywhere else. He tells you that most likely the child pornography was somehow planted by a hacker on your computer and it is being backed up in the cloud. In order to remedy the problem, the phony Apple investigator tells you he needs remote access to your computer in order to locate and remove the child pornography from your computer. The cost of this service can be as high as thousands of dollars which the phony investigator requests be paid through Amazon gift cards. This scam presents a double whammy. Victims of the scam not only pay the scammer for services they don’t need, but by providing remote access to their computers, they enable the scammer to install a wide variety of malware that can lead to identity theft and further scams.
TIPS
Even if your Caller ID indicates that the call is coming from Apple, your Caller ID can be manipulated easily through a technique called “spoofing” by which the scammer can make your Caller ID read whatever he or she wants it to read. One way you can be sure if you receive such a call that it is a scam is that neither Apple nor any other tech company is going to call to inform you that there is child pornography on your computer. Also, Apple does not have a Special Investigations Unit. Additionally, legitimate tech companies do not accept Amazon gift cards or any other form of gift card as payment for their services. As for enabling someone to have remote access to your computer, you should never do so unless you have absolutely confirmed that the remote access is legitimately warranted and the person to whom you are giving the remote access is also legitimate.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”