Scam of the Day
Scam of the day – February 23, 2025 – Clever PayPal Phony Invoice Scam
Today’s Scam of the day is one I first warned you about in the Scam of the day for March 3, 2023, but it is still being effectively used by scammers. Just yesterday I warned you about a PayPal scam in which you receive a phony invoice that appears to come from Paypal or some other company with which you do business, but if you look at the email from which it is sent, you will see that the email was sent from someone who has no relation to the company it purports to be. However, in this new scam, you get a phony invoice that not only appears to come from PayPal, but actually does come from PayPal and a link in the email to “View and Pay Invoice” that actually would take you to PayPal and an active invoice. The email has a phone number for you to call if you have a question about the invoice and if you do call the phone number, a scammer will promptly answer the phone where you will be advised to download a remote administration tool that gives the scammer remote access to your computer purportedly to help find the problem, but in actuality what you will have done is give the scammer access to your computer and all of the passwords to all of your accounts.
The truth is that the scammers open PayPal Business accounts which enables them to be able to send invoices from PayPal which makes them appear legitimate when they indeed are sent to you by PayPal. The customer service number that they provide in the invoice does not, however, take you to PayPal, but rather to the scammer who then asks you to give them remote access to your computer to straighten the matter out.
TIPS
Whenever you get an email or invoice such as this which appears to come from a legitimate source, don’t click on links or call the phone numbers in the invoice. Rather call the real customer service number which you can get online. It is also interesting to note that if you call the real customer service number for PayPal, you will have to go through a number of prompts before you get to speak to a real person, however, the scammers customer service number is immediately answered by a person.
This scam and many tech support scams ask you to give remote access to your computer which is something you should not do under almost all circumstances. Giving someone remote access to your computer gives them access to everything on your computer and can lead to serious identity theft.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it states “Sign up for this blog.”
Scam of the day – February 22, 2025 – PayPal – Docusign Phishing Scam
Here is another good example of a phishing email that is presently being circulated and one that I personally received. Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new. They are a staple of identity thieves and scammers and with good reason because they work. As always, they lure you by making it appear that there is an emergency that requires your immediate attention or else dire consequences will occur. An indication that this is a scam is that the email address of the sender, while it appears to come from docusign ends with docusign.net and the email for customer care indicated in the email ends in gmail.com.
Here is the email presently circulating. I have deleted a link to click on to “Review the Document.”:
 |
||||
|
||||
We’ve identified an unauthorized transaction made from your PayPal account to Coinbase: Amount: $594.45 To safeguard your account and ensure a full refund, Our representatives are available 24/7 to assist you in resolving this issue and preventing any additional unauthorized activity. Your account’s security is our top priority, and we’re fully committed to helping you address this matter swiftly. We appreciate your immediate attention to this alert. Best regards, |
TIPS
Legitimate emails from a company with which you do business would include the last four digits of your account and include your name. The email looks legitimate and has the logos for both docusign and PayPal, but both of those logos are easily counterfeited and AI can be used to maket the email appear to be legitimate.
As with all phishing emails, two things can happen if you click on the links provided or contact the scammer by a phone number provided. Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download malware such as keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.
If you call a phone number contained in the email, you will be prompted to provide credit card information or other personal information that will lead to your becoming a victim of identity theft. If you receive an email like this and think it may possibly be legitimate, merely call the company from which the email purports to originate at a telephone number that you know is accurate and you will be able to confirm that it is a scam. The phone number for customer service contained in the email is not a phone number used by PayPal. The customer service number for PayPal is 888-221-1161
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – February 21, 2025 – New York DMV Warns About Staged Automobile Accidents
Staging of automobile accidents is often a well organized scam involving criminal doctors, lawyers, auto repair shops and others. Scammers will stage automobile accidents in many ways, such as slamming on their brakes while driving in front of you without giving you an opportunity to stop, causing you to hit them from behind. Generally, the scammers will have phony witnesses to bolster their case. Sometimes they are willing to settle with you for cash rather than involve your insurance company, but other times they are looking to defraud your insurance company for a bigger payout.
Recently, the New York Division of Motor Vehicles issued a new warning about staged automobile accident scams. According to the NY DMV there were 1,729 staged automobile accidents in New York in 2023 placing New York second only to California which had 5,366 incidents.
TIP
If you are involved in an automobile accident, call the police. When you exchange license and registration information, be careful not to provide more information than necessary in order to protect yourself from identity theft. Report all accidents to your insurance company and make sure that you get the license and registration of the other driver or identifying information about pedestrians who may be involved. Make sure you see the actual license and registration rather than just take the information provided by the other driver or involved pedestrian.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – February 20, 2025 – The Danger of Pop-Up Ads
Pop-up advertisements that appear on your phone, computer or other device are considered by many people to be merely a nuisance, but they can also, in some circumstances, present a serious threat to your well being. While often the pop-up ads may be legitimate advertisements, in other cases they are created by scammers who lure you into clicking on links and being directed to websites that either convince you to provide personal information that can be used to make you a victim of identity theft or, in a worst case scenario, merely by either clicking on the link or being redirected to another website, you may unwittingly download malware such as ransomware or keystroke logging malware that can steal from your phone or computer sensitive personal information that can be used to access your bank account or make you a victim of identity theft in other ways.
Part of the problem is that many of these pop-up ads appear on websites that you trust, which is because the advertising on legitimate websites often originates with third party advertising companies that may not properly screen the advertising that they accept. A few years ago the Equifax website was infected with a phony Adobe Flash update pop-up that when clicked on downloaded malware.
TIPS
The major browsers such as Google Chrome, Bing, Internet Explorer and Firefox all permit you to adjust your settings to eliminate pop-up ads from appearing and I can personally attest to the fact that adjusting your browser settings to avoid pop-up ads can be very effective. Unfortunately, the software used by these browsers as well as specific ad blocker apps are never going to be fully effective at blocking all pop-up ads. Malicious pop-ups that take advantage of newly discovered vulnerabilities will always be a problem, however if you adjust your browser settings to avoid pop-ups and keep your phone and computer security software updated with the latest security patches, you will go a long way toward keeping yourself safe.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – February 19, 2025 – You Can’t Trust Alexa
Alexa is tremendously helpful for so many things. If you need to know the score of last night’s basketball game, if you want to know what the weather will be today or even to turn down your thermostat. for you. And it is not just Alexa. Siri or Google Home will do the same tasks for you. However, there is one task that you should not trust Alexa and the other devices to perform. You should never ask it to call a tech support or customer service number for you.
For years I have warned you about phony tech support scams done by scammers who establish bogus tech support websites for your favorite tech companies, such as Facebook and Instagram. By manipulating the algorithms used by Google and other search engines, the scammers manage to get their bogus websites into top positions in Google and other search engine searches. These phony tech support websites are used to scam you out of money or personal information which they use to make you a victim of identity theft. Scammers also use similar tactics to scam people looking for help with the repair of common household appliances, such as refrigerators and washing machines.
People looking through a search engine for a telephone number for customer service or a company’s warranty center are often taken to one of the phony websites and when they call the telephone number found in the phony website they are told that they can set up an appointment for a repair person by merely providing their name and location. Then they are often told that they need to pay a small fee which they can do by credit card or debit card for a speedy next-day expedited service call. Unfortunately, this is all a scam. No service person comes the next day, however, your credit card, or even worse, your debit card is used by the scammer. But it isn’t just people who are taken to these phony search engine listings. Alexa, Siri and Google Home are susceptible to being scammed by merely picking the top position in a search engine search and putting you in touch with a scammer.
TIPS
Don’t bother Alexa with looking up and calling tech support or customer service numbers. The best place to look for a telephone number for tech support, customer service or warranty information is on the company’s official website, on your bill or in the warranty documents that came with your appliance or device. Also, be careful when you call the real number for tech support or customer service. Clever scam artists, the only criminals we refer to as artists purchase telephone numbers that are a single digit off of the legitimate phone numbers for many companies’ tech support or customer service numbers in order to take advantage of common consumer misdials.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – February 18, 2025 – Facebook Marketplace Scam
Facebook Marketplace is a popular and convenient place for people to buy and sell things so, of course, scammers are drawn to it. Scams on Facebook Marketplace have increased dramatically in the last couple of years. A recent scam turning up on Facebook Marketplace starts when you list an item for more than a few hundred dollars. Shortly thereafter you are contacted by a scammer posing as a legitimate buyer who wants you to use Zelle, Venmo or some other P2P Service to pay you for the item. Peer to Peer Payment Payment Services (P2P) such a Zelle are used by many people to quickly and conveniently send money electronically from your credit card or bank account. Sending money through Zelle only requires you to enter the recipient’s phone number or email address.
Then the fun begins (for the scammer). You next receive an email that purports to have been sent by Zelle indicating that the buyer paid you through a Zelle “business account” and that you need to upgrade your personal Zelle account to a business account in order to receive the payment from the scammer posing as the buyer. You are then told that in order to upgrade your account, the amount sent to you needs to be increased by $300. The scammer then tells you that he or she will gladly send you an additional $300 through Zelle in order to enable the transaction if you merely refund the excess payment to them through Zelle. Of course, soon after refunding the $300, which was never paid by the scammer to begin with, the scam victim realizes he or she has just been scammed out of $300.
TIPS
Unfortunately, Zelle has proven to be easily exploited by scammers and unlike scams targeting your credit cards directly, you may not have as much protection under the law to get your money back if you do get scammed. Although the Consumer Financial Protection Bureau issued guidelines last year indicating that all online money transfers such as this that were done as a scam should be reimbursed by the bank, many banks are refusing to refund money lost by the scam victims.
Also, while Zelle has business accounts, you don’t need to upgrade your account in order to receive a payment from a Zelle business account. Frankly, I don’t think anyone should use Zelle, Venmo or any of the other P2P services for anything other than sending small amounts to friends and family. The potential for scams is too great and your ability to get reimbursed is low.
Finally, anytime someone sends you an overpayment for whatever reason and asks for you to send funds back, you should be skeptical as this is always a scam.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – February 17, 2025 – Check Washing Increasing
What is old is new again. Many people continue to pay their household bills by paper checks rather than electronic banking and even when shopping, some people prefer paying by check instead of using a credit card or cash. While there has been much discussion in the news about data breaches involving credit cards, the problems encountered through check washing are still substantial costing consumers and banks more than a billion dollars each year and the problem is getting worse.
Typically, the scam starts when someone pays a bill with a check, mails the envelope containing the check and then somewhere in transit the check is stolen and washed. Check washing is a process by which someone steals a check you have already written and “washes” or removes the name of the payee, often using simple bleach, and also changes the amount as well as the name of the payee. The criminal then cashes your altered check and steals your money.
It is a very simple thing for identity thieves to steal your check from your mailbox if you put it in an envelope to pay a bill and leave it in your mailbox outside your home for your mail carrier to pick up. Identity thieves also break into USPS mail collection boxes and steal mail with checks as well. Finally, rogue clerks at stores may steal your checks. It is then a simple thing to take ordinary bleach, acetone or other similar liquids to wash clean the name of the person to whom the check is made out as well as the amount of the check and insert the identity thief’s name and a new amount.
TIPS
While businesses can protect themselves from check washing quite readily by using higher technology checks such as those containing three dimensional reflective metallic holograms or checks treated with chemicals that will make the world “void” appear if the check is attempted to be altered, these are costly alternatives for individuals. Fortunately however, you are not powerless and the solution, in fact is quite simple. Instead of writing your checks using a common ball point pen, switch to a gel pen which is a commonly available type of pen whose ink will not vanish under chemical washes. Fountain pens also do not use the type of ink that can be readily washed, but the gel pen is simpler and easier to use (and also less messy).
Another important thing to remember is to cross shred your personal documents including checks that you no longer need and are discarding. Identity thieves go through your trash for their treasure including checks that they can use to make counterfeit checks using your account.
Finally, check your banks statements promptly after receiving them for signs of theft. If you do report checking account fraud more than thirty days after receiving your bank statement, the bank does not have to reimburse you for fraudulent, counterfeit checks. Finally, if you already aren’t doing so, you should consider paying your bills electronically which can be done in an extremely safe manner.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – February 16, 2025 – Securing Your Smart Home
I have been warning you about dangers in the rapidly expanding Internet of things for more than twelve years. The Internet of Things is made up of a broad range of devices connected to the Internet including home thermostats, security systems, medical devices, refrigerators, televisions, cars and toys. Our homes have become filled with these devices including Alexa and Siri. The FBI has longed warned consumers about the dangers presented by hacking of various devices that makeup the Internet of Things.
Cybercriminals hack into your devices that are a part of the Internet of Things to enable them to enlist your devices as a part of a botnet by which they can distribute malware while maintaining their anonymity. They also can hack into your Internet of Thing devices to access your home computers or cell phones to steal information for purposes of identity theft or to implant malware on your home computers and cell phones. The risks are extreme, but there are some basic steps you can take to protect yourself.
TIPS
Most of the devices that make up the Internet of Things come with preset passwords that can easily be discovered by hackers. Change your password as soon as you set up the product. Also, set up a guest network on your router exclusively for your Internet of Things devices. This is important so that you can keep the sensitive personal information you have on your computer or cell phone from being accessible through a hacking of any of your Internet of Things devices.
Configure network firewalls to block traffic from unauthorized IP addresses and disable port forwarding. Make sure that you install the latest security patches as soon as they become available. Use encryption software for the transmission of data and find out where data is stored and what steps are taken to secure the information.
Make sure your router is secure and use its whitelisting capabilities which will prevent your device from connecting to malicious networks. Routers are a critical part of your smart home security. Make sure it will automatically download and install the latest security updates from its manufacturer. If your router is an older router that does not have this capability, you can check the manufacturer’s website regularly for the latest updates, but frankly, you are probably better served by getting a newer, more secure router. Make sure you have a unique password for each of your Internet of Things devices and use dual factor authentication whenever you can for all of these devices.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – February 15, 2025 – Geek Squad Phishing Scam
Last year I told you that the FTC disclosed that the company most impersonated by scammers in an attempt lure people into making a payment was Geek Squad. Geek Squad is a subsidiary of big box store chain Best Buy and it offers excellent tech support for electronic devices including televisions and computers. They are a popular company used by many people. Lately, scammers have been sending phishing emails that appear to be Geek Squad invoices. Reproduced below is one of those imposter phishing emails presently circulating. These types of phishing emails are intended to lure you into contacting the scammers where you will be prompted to provide information that will lead to your becoming a victim of identity theft. This email is intended to get you to respond by calling the phone number contained in the email to dispute the bill. If you do call the number you will be prompted to provide personal information that would be used to make you a victim of identity theft.
Here is the email that is presently circulating:
|
TIPS
Never click on links or download attachments in emails or text messages unless you have absolutely confirmed that they are legitimate and don’t call companies at telephone numbers that appear in the email such as this one. Instead, if the email appears to come from a legitimate company, you can call them at a telephone number you confirm is legitimate. In the case of Geek Squad their customer service number is actually 800-433-5778. The phone number in the email is not that of the Geek Squad and the area code is that of San Diego. Never call the number that appears in these types of emails.
An indication that this is not legitimate and is a phishing email is the fact that nowhere in the email does your name appear.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – February 14, 2025 – Evolution of the Brushing Scam
I first told you about “brushing” in August of 2020 after many people in the United States, Canada and the United Kingdom reported receiving unordered packages of seeds sent from China. A wide variety of conspiracy theories quickly surfaced to explain what was happening, but the truth was that it was an example of a scam called “brushing.” Brushing was the name given to using false orders for products to boost the prominence of an online vendor.
Vendors pay brushers to make large orders of their product and ship them to strangers to make the sales appear to be legitimate. The brushers follow up on these purchases by posting glowing reviews of the vendor’s product. This combination of increased sales volume and positive reviews will, in turn, result in the increased prominence of the vendor in online marketplaces and result in increased sales. Brushing is illegal in the United States and China, however, it is quite commonly used by Chinese companies.
Now we are seeing a resurgence of this scam, but in a more threatening manner. While in the original brushing scam, people receiving the unordered items did not suffer any financial harm, now scammers are sending unordered goods, most often through Amazon to people with a QR code and instructions to scan the QR code in order to see who sent the goods. If you scan the QR code either you will be taken to a phony, but legitimate appearing website where you will be prompted to provide personal information that will be used to make you a victim of identity theft or, even worse, merely by scanning the QR code you may download malware that will steal personal information from your phone that can lead to identity theft.
TIPS
If you get unordered goods with instructions to scan a QR code, report the package to Amazon using the form found at https://account-status.amazon.com/report-unwanted -packages. Do not scan the QR code, As with the initial instances of the brushing scam, you are legally entitled to keep any unordered goods sent to you.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/