Scam of the Day
Scam of the day – January 29, 2025 – CDC Phishing Email
Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new. They are a staple of identity thieves and scammers and with good reason because they work. Reproduced below is a copy of a new phishing email presently circulating that appears to come from DataTransfer.com a legitimate data transfer service.
As phishing emails go, this one is pretty good. It looks legitimate and the version appearing in your email comes with a legitimate appearing Data Transfer.com logo. Even the email address of the sender does not have obvious indications that it is a scam.
Here is a copy of the DataTransfer.com phishing email presently being circulated.
| Hi xxxxxxxxxx@aol.com, you have received some file(s) from cdc-support@cdc.gov with a total size of 56.49 KB. The file(s) will be deleted after 1 week. Files:Secure Archive.rar Message: The Centers for Disease Control and Prevention (CDC) has issued an urgent public health update. Please download and open the attached file immediately to review essential information and guidelines.
Nice day! |
TIPS
There are a number of indications that this is not a legitimate email from DataTransfer.com, but instead is a phishing email. Most notably, the salutation is addressed to the email address of the recipient rather than their name. in addition, the Center for Disease Control is not sending unsolicited emails to people and it is unlikely that if they did, they would conclude their message with “Nice Day!”
As with all phishing emails, two things can happen if you click on the links provided. Either you will be sent to a legitimate looking, but phony website where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or cellphone and use it to make you a victim of identity theft.
If you receive an email like this and think it may possibly be legitimate, merely call the company or organization it purports to be from which in this case is the CDC where you can confirm that it is a scam.
I have disarmed section of the phishing email where it asks you to click on “Download.”
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Also, I have received reports of subscribers having their subscriptions somehow cancelled without their knowledge. If this happens to you, you can resubscribe as indicated above or if you have difficulties doing so, contact Scamicide and we will resubscribe you.
Scam of the day – January 28, 2025 – LinkedIn Job Scams Getting Worse
LinkedIn is the world’s largest professional network and, as such, has long been attractive to scammers seeking to piggy-back on the sites good reputation. Recently the number of job scams being found on LinkedIn has increased dramatically. A recent development is scammers using the name of legitimate companies that are hiring and approaching their victims through LinkedIn’s direct messaging feature. They then create counterfeit websites that look like the websites of the legitimate companies they are posing as and ask the job seekers for personal information as part of the hiring process before holding a job interview by Zoom. The personal information which may include the job seeker’s Social Security number is used for purposes of identity theft. They also may ask for money or your credit card number to pay for background investigations or equipment for the company which legitimate businesses do not do. In other instances, the job seeker is required to pay for equipment or training which the scammer promises to reimburse, but, of course, the money is never paid back. Making the problem even worse is the use of AI to make the photos and websites even more legitimate appearing.
TIPS
Although LinkedIn, Indeed and other websites that carry job postings try to identify and either prevent or remove phony ads from appearing on their websites, you cannot depend on these companies to fully protect you. Trust me, you can’t trust anyone. Certainly a little skepticism helps when you see a job posting for a job that sounds too good to be true. Ads that ask for you to pay upfront costs for any reason should be considered to be a scam as well as any company that requests your credit card information for any reason whatsoever.
To check on the legitimacy of photographs in these ads you can do a reverse image search using Google or websites such as tineye.com. You can also check to see if the wording of the advertisement has been used elsewhere by merely copying a substantial amount of the text into your search engine and see what comes up. Also, research the company itself to determine if it is a legitimate company. Check out the website of the company supposedly offering you a job to see if the legitimate company is offering such a job. Make sure you are using a domain name that you have confirmed is legitimate and not just the one contained in the email sent to you by the scammer. If the job doesn’t appear on the real company’s website, you know it is a scam. It also is a good idea to confirm any job offer you might receive with the HR department of the real company before providing personal information such as your Social Security number.
You also can use the website whois.com to compare the URL of the company that is hiring to see if it really is legitimate. Whois.com will tell you who actually owns the website and how long it has been active. In the case of a scammer’s website, the website may be owned by an entity unrelated to the company and often has only recently been created.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – January 27, 2025 – PowerSchool Data Breach Update
I first told you about the massive data breach at PowerSchool a major education technology software company used by 16,000 educational institutions with 50 million students earlier this month, but now more information is becoming known about the data breach and it is worse than originally thought. The hackers are claiming to have harvested sensitive personal information of 62.4 million students and 9.5 million teachers. In one typical instance the Toronto, Canada School board has notified students, parents and former students involved with the school district since 1985 to the present time that their information had been compromised. The compromised information included the names, addresses, Social Security numbers and medical information along with much additional personal informaion of students and teachers. PowerSchool paid a ransom to the hackers to prevent the publication of the stolen information, but regardless, the data breach still presents the threat of identity theft to the children and teachers whose information was stolen.
While we know that identity theft is a major problem for adults, it is also a huge problem for children. According to Michael Bruemmer the Vice President of Consumer Protection for Experian 25% of minors will have their identities stolen before they turn 18. Identity thieves steal the identity of a child and then run up large debts using the credit of the child, who generally does not become aware that his or her identity has been stolen until he or she reaches older teen years when the teenager might first apply for a car loan or financial aid for college.
TIPS
If you find out that you or your children have become a victim of identity theft, notify each of the three credit reporting agencies, Equifax, Experian and TransUnion of the crime and ask them to investigate and remove the false information from your files.
Parents also should, as much as possible, try to limit the places that have their child’s Social Security number and become familiar with the Family Educational Rights Privacy Act which helps you protect the privacy of your child’s school records and enables you to opt out of information sharing by the school with third parties. You also should freeze the credit reports of your children. Until 2018 there was no national law that allowed the credit reports of children to be frozen, but in the wake of the major Equifax data breach, Congress passed laws that now permit children’s credit reports to be frozen and unfrozen for free.
Here are the links to information about how to freeze your child’s credit reports at each of the three major credit reporting agencies.
https://www.transunion.com/credit-freeze
https://www.equifax.com/personal/education/identity-theft/freezing-your-childs-credit-report-faq
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – January 26, 2025 – Danger of Skimmers on Gas Pumps
In 2020 the Federal Trade Commission (FTC) issued a warning about the dangers presented by skimmers on gas pumps. I have warned you about the dangers of skimmers for many years. Skimmers are small electronic devices that are easily installed by an identity thief on gas pumps, ATMs and other card reading devices. The skimmer steals all of the information from old style magnetic strip credit card or debit cards which then enables the identity thief to use that information to access the victim’s credit card or bank account when the skimmer is used on a debit card. Each skimmer can hold information on as many as 2,400 cards.
MasterCard and Visa announced in December of 2016 that the deadline for the installation of EMV chip card readers on gas pumps was being delayed three years to October 1, 2020. This deadline was further delayed due to the Coronavirus pandemic to April 17, 2021 at which time less than half of the gas pumps in the United States complied with the requirement to install EMV chip card readers. And although that deadline has long since passed, due to the cost involved, many gas pumps still are not enabled for your chip credit card.
Wider implementation of the use of EMV chip cards at retail stores where their use has been mandated since 2015 has resulted in a dramatic reduction in data breaches and credit card fraud at retailers using this equipment. EMV chip cards are far safer than the old-style magnetic strip cards. Around the country there has been a dramatic increase in the use of skimmers installed by criminals at gas pumps and while the deadline for gas pumps to install chip readers has passed, many gas pumps still do not use EMV chip card readers and so skimmers at gas pumps continue to be a problem.
Last year, the Aurora, Colorado police department issued a warning that scammers were drilling holes in the contactless payment screens on gas pumps where you can merely scan your credit card with its RFID chip rather than insert it into any card reader. By damaging the contactless payment screen, it becomes inoperable thereby requiring the customer to use the credit card reader on the gas pump where the identity thief had already installed a skimmer to steal your credit card or debit card information.
TIPS
Always look for signs of tampering on any machine you use to swipe your credit card or debit card although the more advanced forms of skimmers are installed in the gas pump’s interior and cannot be detected from an inspection of the outside of the pump. Keys to open the gas pumps to allow the installation of the skimmer are readily available online. If the card inserting mechanism appears loose or in any other way tampered, don’t use it. In regard to the contactless payment screen, if it is not working, there is a high likelihood that it may have been tampered with so in that instance pay for your gas inside the gas station office.
Debit cards, when compromised through a skimmer put the customers at risk of having the bank accounts tied to their cards entirely emptied if the theft is not promptly reported and even if the victim reports the theft immediately, the victim loses access to his or her bank account while the matter is investigated by the bank. Debit cards should not be used for purchases at gas pumps. Instead use your credit card and monitor your account regularly to find out early if you have become a victim of this scam. With a credit card, your liability for fraudulent purchases is limited by law to no more than $50 and I am not aware of any credit card companies that hold their customers responsible for any fraudulent purchases. However, fraudulent debit purchases do not come with the same federal legal protection.
When choosing a particular gas pump, you may wish to pick the pump closest to the building and within the sight line of the attendant. Criminals are less likely to install skimmers in pumps where they could be observed making the illegal installation of a skimmer.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – January 25, 2025 – Prisoner Indicted for Jury Duty Scam
I have been warning you about the jury duty scam for twelve years, but it continues to snare many unwary victims. Recently Anthony Sanders and an accomplice were indicted on charges related to a jury duty scam in which Sanders called his victim, a 30 year nurse posing as a Sarasota, Florida sheriff threatening arrest for failure to show up for jury duty and demanding a payment of more than $12,000 through what he referred to as a “Bonding Transition Center” which was actually a Bitcoin ATM which was used to direct the funds to Sanders’ account. The call appeared on the victim’s Caller ID as coming from the Sarasota sheriff’s department and the victim paid the funds. What makes this particular scam unusual was that Sanders is a prisoner in a Georgia prison who allegedly used a smuggled in cell phone to commit the crime.
Often in these scams you are told that you can pay the fine through a credit card or, as is being done more and more, by a gift card. And now more frequently you are told to pay the “fine” through a Bitcoin ATM. Other times they ask for your Social Security number to confirm your identity. Of course, the phone call is a scam. Even if you have missed jury duty, you will never be called by legitimate court officers and shaken down for a payment.
Often, as in this case, the scammers will use a technique called “spoofing” to make the call appear on your Caller ID as if it is coming from a legitimate law enforcement agency or court. In some instances of the scam you are asked to confirm your identity by providing your Social Security number which will then be used to make you a victim of identity theft. Recently the scam has evolved to where people are also being contacted by text messages or emails from scammers posing as a representative of the local court system.
TIPS
Initial contacts from courts regarding jury duty are always in writing through the mail although some systems will permit you to receive future notices through email. Under no circumstances will you receive telephone calls or text messages indicating that you have failed to report for jury duty. No court will demand payment over the phone for failing to appear for jury duty and no court ever requires a payment be made via cryptocurrencies. If you do receive such a call and you think that there is even the possibility that you might have forgotten to report for jury duty, merely call the local clerk of courts in order to get accurate information. Of course anyone calling you and telling you that you can pay your fine to them over the phone using your credit card or a gift card is a scammer.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”
Scam of the day – January 24, 2025 – USPS Issues Warning About Text Message Scams
Although the name may not be as familiar as “phishing” which is the name for emails that lure you into clicking on malware infected links or providing personal information that will be used to make you a victim of identity theft, “smishing” is the name given to text messages that lure you into clicking on links or providing personal information in response to a text message from what appears to be a trusted source, such as a company with which you do business.
Smishing scams have increased in frequency over the last year. Like phishing emails, the purpose of a smishing text message is to either lure you into providing personal information that will be used to make you a victim of identity theft or to click on a link in the text message that will download dangerous malware.
Recently, the United States Postal Service issued a warning about smishing text messages that appear to come from the United States Postal Service (USPS) alerting the targeted victim about a phony delayed package delivery. These smishing messages lure people into clicking on malware infected links or providing personal information that can lead to identity theft.
TIPS
As I always say, “trust me, you can’t trust anyone.” You can never be truly sure when you receive a text message seeking personal information such as your credit card number whether or not the email is a scam. The risk of clicking on a link or providing the requested information is just too high. Instead, if you think that a text message that appears to come from the United States Postal Service might be legitimate, you should contact your local post office at a telephone number that you know is legitimate and find out whether or not the text message was a scam.
As for text messages from the USPS, if you never signed up for a USPS tracking request for a specific package you won’t be receiving a text message from the USPS. The Postal Service offers free tools to track specific packages, but customers are required to either register online, or initiate a text message, and provide a tracking number. The USPS will not send customers text messages or e-mails without a customer first requesting the service with a tracking number, and they will never contain a link so, if you did not initiate the tracking request for a specific package directly from USPS and it contains a link it is a smishing text and not from the USPS.
If you are not a subscriber to Scamicide.com and would like to free receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – January 23, 2025 – Johnny Depp Warns Fans About Scammers Impersonating Him
Johnny Depp is warning his fans about scammers posing as him and asking his fans for money. According to Depp, “As part of their tactics they create multiple, deceptive social media and email accounts impersonating me and memers of my team. Today, AI can create the illusion of my face and voice. Scammers may look and sound jsut like the real me. But, neither I, nor my team, will ask you for money or your personal information.” Depp is one of many celebrities who scammers are impersonating and asking for money for a variety of reasons or endorsing fake products. According to software security company McAfee, Scarlet Johannson is the most impersonated celebrity in these scams.
For years I have told you about scammers posing as various popular celebrities in ads and on social media luring people into making payments for worthless products or sending money under some other guise to the scammer posing as the celebrity. However, with the increased of Artificial Intelligence these phony ads and scams have become both more believable looking and more frequent as deepfake and other AI technology become readily available to less technologically savvy scammers. Scammers pose as celebrities in a variety of scams including phony celebrity endorsed products, cryptocurrency investment scams and videos in which the scammers lure unsuspecting victims into downloading malware that can lead to identity theft.
TIPS
Trust me, you can’t trust anyone. Always confirm any endorsement or connection between a celebrity and any product or program or request for payment. Confirm on the celebrity’s website to see if they really do endorse a particular product or program.
While it can be difficult to do, you can also identify many deepfake videos in a number of ways. One unusual thing that deepfakes often get wrong is how they show fingers. Often deepfakes have a sixth finger or leave off a thumb. Teeth, eyes and ears may also be flawed in appearance. Another flaw often that appears in deepfakes is accessories such as necklaces, earrings, scarves and even shirt buttons may appear warped.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – January 22, 2025 – Dead People Becoming Victims of Identity Theft
Not even the dead are immune from identity theft and this particular type of identity theft is now on the rise. Until regulations were enacted in 2014 scammers merely checked out the latest obituaries and then went to a free totally available data bank called the Death Master File maintained by the Social Security Administration. Using the Death Master File, the scammer was readily able to obtain the deceased person’s Social Security number which would then be used along with the information gained from the obituary to establish credit, make purchases or take out loans in the name of the deceased person. Since 2014 regulations have greatly limited the access to the Death Master File, but identity theft from the dead remains a serious problem because it is still easy for criminals to obtain Social Security numbers of dead people. Income tax identity theft using the Social Security numbers of dead people is a popular scam with income tax identity thieves because the IRS may not be alerted that the victim of the identity theft has died and is not filing an income tax return. Income tax identity theft from the dead can severely complicate the estate settlement process and threaten the deceased’s assets.
TIPS
Limit the amount of personal information contained in any obituary in order to not provide information exploitable by an identity thief. Also, the executor or personal representative of the estate should contact the major credit reporting bureaus, Experian, TransUnion and Equifax and notify them that the person is deceased and not to issue any further credit. All creditors, such as credit card companies of the deceased should also be notified of the death and the accounts closed as soon as possible.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – January 21, 2025 – Unpaid Parking Ticket Text Scam
The Boston Police Department is warning people about a new scam involving text messages that appear to come from the City of Boston indicating the person receiving the text message has an overdue parking ticket. The text message contains at the top of the message the seal of the City of Boston and reads “This is a notice from City of Boston. Your vehilce has an unpaid parking invoice of $4.35. To avoide a late fee of 35$, please settle your balance promptly. To avoid late fees acess your file by typing the following link in your browser.” The message then provides a link that appears to be legitimate, but is not. If you go to the site provided to pay the ticket you will be prompted to provide your credit card or debit card number which the identity thief will use to charge you much more than $4.35. While this particular text message scam relates to Boston, similar parking ticket text message scams have been reported in other cities as well.
TIPS
As always, you should never make a payment, click on a link or provide personal information in response to a text message regardless of how legitimate it may appear unless you have absolutely confirmed that it is legitimate. In this case there are a number of red flags to indicate that the text message is a scam. The cell phone number used to send the text message has an area code outside of Massachusetts. This is a particularly glaring mistake because it is quite simple for a scammer to “spoof” a phone number to make it appear to come from whatever number the scammer wishes. Also, this particular text message has flawed grammar and described the late fee as 35$ with the dollar sign on the right of the figure which is not done in the United States, but is done in this manner in France and French speaking countries. Finally, parking tickets are never referred to as parking invoices in the United States, but is used in European countries.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – January 20, 2025 – Trojan Subscribers Can Cost You Money
In Homer’s Odyssey, the Trojan horse hid soldiers that when brought through the gates and into the city of Troy led to the fall of Troy. Trojan subscribers are malware hidden within legitimate apps that while they won’t lead to the downfall of a city can cost the victims of a Trojan subscriber a lot of money.
Trojan subscribers are malicious code that cybercriminals add to legitimate apps and then upload them to app stores under a different name. The apps can be for a variety of purposes, such as monitoring blood pressure or scanning documents. When someone downloads one of these infected apps, he or she doesn’t realize that the Trojan subscriber will automatically subscribe to a paid service without the person who downloaded the app being aware of it.
Generally, the cybercriminals who create and use Trojan subscribers get paid a commission on each new subscription to a paid service.
There have been a number of different Trojan subscribers found during the past few years including the Jocker Trojan subscriber, the MobOk Trojan subscriber, the Vesub Trojan subscriber and the GriftHorse.ae Trojan subscribers. While they all work slightly differently they all manage to effectively sign up their victims to unwanted and costly subscription services.
Google Play and other app stores try to identify apps with Trojan subscribers, but as soon as they take one down, another pops up. In other instances, Trojan subscribers are found in apps that are not allowed on the regular official app stores.
TIPS
So what can you do to protect yourself from Trojan subscribers?
First and foremost, don’t install apps from unofficial sources. The risk is far too great that you will be downloading malware. However, even if you stick to legitimate sources for your apps such as Google Play, you must recognize that getting your app from a legitimate source does not guarantee that the app is malware-free.
Always check out the reviews and ratings of particular apps before you download them. Also, the longer an app has appeared on a legitimate source such as Google Play, the better the chance that it has been properly vetted and does not contain any malware. Therefore be a bit wary of apps that have only recently appeared on a legitimate app store.
Another good policy to follow when you download apps is to give the apps only the minimal access to your device that is needed to perform properly.
Finally, make sure that you have installed strong security software on your cellphone and keep it updated with the latest security updates and patches as they become available to protect you from not only Trojan subscribers, but also other threats as well.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”