Scam of the Day
Scam of the day- November 27, 2024 – Department of Homeland Security Going After Gift Card Drainers
This year the Department of Homeland Security launched a task force to combat gift card draining, a scam in which criminals use stolen or altered gift card numbers to drain money from gift cards before the purchaser of the gift card can spend it. The task force named “Project Red Hook” is focused on Chinese organized crime involvement in this scam. In perpetrating the crime, criminals referred to as “runners” remove, tamper and then restock gift cards. According to Homeland Security assistant special agent Adam Parks, a runner can go from store to store tampering with cards. One accused runner, Ming Xue in a single day went to 14 Walmarts before being arrested. Law enforcement found 2,260 Visa, Apple and Mastercard gift cards in his car.
The most common way gift card draining occurs involves scammers going to racks of gift cards in stores and using handheld scanners that are easy to obtain, read the code on the strip of the card and the number on the front. They then put the card back in the display and periodically check with the retailer by calling its 800 number to find out whether the card has been activated and what the balance is on the card. Once they have this information they either create a counterfeit card using the information they have stolen or order material online without having the actual card in hand.
Another common way gift card draining occurs is when scammers place a sticker with the barcode of a a gift card that the scammers possess over the actual barcode of the gift card in the rack. Thus when the card is taken by the gift card purchaser to the checkout counter to have the card activated, the funds used to purchase the gift card are credited to the card of the scammer. It is not until the gift card purchaser tries to use his or her card that it is discovered that there are no funds credited to the card.
Some retailers, in an effort to reduce gift card fraud put a PIN on the gift card so that if the card is used online, the user must have access to the PIN which is generally covered and must have the covering material scratched off in order to be visible. Unfortunately, many purchasers of gift cards are not aware of this so they don’t even notice that the PIN on the card that they are purchasing has already had the covering material scratched off by the scammer who has recorded the PIN.
TIPS
When buying a gift card, only purchase cards from behind the customer service desk and if the card is preloaded, always ask for the card to be scanned to show that it is still fully valued. This avoids all of the problems of tampering with the card before it is sold.
Always inspect the card carefully to make sure that the barcode has not been tampered with in any fashion and that the PIN is still covered.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – November 26, 2024 – Gift Cards are a Scammers Best Friend
Scammers are big fans of gift cards because they are easy to purchase, easy to send to the scammer and impossible to trace to the scammer. According to the FTC, consumers lost 228 million dollars to gift card scams last year. It is not even necessary for the scammer to be in possession of the actual gift card to use it. Sending the gift card numbers or taking a picture on your phone and transmitting it to the scammer is sufficient for the scammer to use the gift card to buy things that can then be sold and converted into cash.
In many instances the scams involved scammers posing as large companies or government agencies such as the IRS demanding payments. It is important to remember that no legitimate company and no government agencies asks for or accepts gift cards as a payment method so anytime you are asked for a payment by gift card, you can be confident it is a scam.
In an interesting development, the FTC noted that Target gift cards were the most popular choice for scammers with scammers asking specifically for Target gift cards in twice as many instances as the next most popular gift card and even when the gift card requested by the scammers was not a Target gift card, the scammers asked their victims to purchase the particular gift cards at a Target store.
TIPS
Although it is impossible to stop payment on a gift card or trace the user after the scammer has used it, if you recognize immediately that you have provided a gift card to a scammer, you can report it to the issuer to cancel the card. Here is contact information for some popular gift cards.
Amazon
- Call 1 (888) 280-4331.
- Keep the Amazon card itself and your receipt for the Amazon card.
- Learn about Amazon gift card scams and how to report them. Click on “Contact us.”
Google Play
- Report the gift card scam to Google.
- Keep the Google Play card itself and your receipt for the Google Play card.
- Learn about Google Play gift card scams and how to report them.
iTunes
- Call Apple Support right away at 1 (800) 275-2273. Say “gift card” to connect with a live representative.
- Ask if the money is still on the iTunes card. If so, Apple can put a freeze on it. You might be able to get your money back from them.
- Keep the iTunes card itself and your receipt for the iTunes card.
- Learn about iTunes gift card scams and how to report them.
Target
- Call Target GiftCard Services at 1 (800) 544-2943
MoneyPak
- Report gift card scams to MoneyPak.
- Keep the MoneyPak card itself and your receipt for the MoneyPak card.
- Learn about MoneyPak gift card scams.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – November 25, 2024 – Thanksgiving Electronic Greeting Card Scam
Thanksgiving is just three days away and I want to wish everyone a happy and scam-free Thanksgiving..
Electronic greeting cards have become very popular and with good reason. Even if you don’t remember a birthday or delay sending a holiday card until the last minute, you can send an electronic greeting card, often for free, and have it delivered immediately. Many electronic greeting cards are quite creative with videos and music Unfortunately, you can always count on scam artists and identity thieves to try to spoil anything and electronic greeting cards are no exception. The scam starts when you get a phony electronic greeting card that requires you to click on a link to read the card. If you click on one of these phony greeting cards, you may end up downloading a keystroke logging malware program that will steal all of the information from your computer and end up with you becoming a victim of identity theft or alternatively you may download dangerous malware such as ransomware.
TIPS
One of the first things to notice when you receive an e greeting card is who is indicated as the person sending the card. If it states that the card is being sent by “a friend” or “an admirer,” you can be pretty sure that it is a phony card. However, even if the card uses the name of someone you know, it still is risky to open the card without confirming with an email or a phone call that your friend actually did send you the card. Remember, even paranoids have enemies. Scammers may pick a common name to use as the sender or may even have researched who your friends and family are and use their names..
It is also important to keep your security software including anti-virus software and anti-malware software installed and up to date at all times which can help if you unwittingly download malware. However, it is important to remember that even the most up to date security software is always at least thirty days behind the latest strains of malware often referred to as those that exploit “zero day defects.”
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – November 24, 2024 – Counterfeit Bourbon is Increasing
Bourbon has seen a large increase in popularity in the last ten years with bourbon sales reaching $5.1 billion in 2022. The increase is reflective of the wide range of people, including women and younger people, in particular, turning to bourbon as a spirit of choice. Along with the popularity of bourbon in general has been the demand for high end bourbons such as Pappy van Winkle. Of course, scammers are always ready to meet the consumer demand for anything and so it is no surprise that scammers are selling counterfeit bourbon of popular brands such as Pappy van Winkle for attractive prices. The scammers often purchase empty bottles of popular, expensive bourbons and fill them with cheap liquor which they sell online to unwary customers. The scammers use social media such as Facebook and Instagram to market their phony products as well as a variety of online marketplaces such as eBay and fake retail websites.
TIPS
As with anything you find for sale online, if the price seems too good to be true, it most often is a scam and you should be wary. A red flag indicating that an online bourbon seller is a scammer is that many of the phony websites offering to sell you upscale bourbons indicate that they ship anywhere in the United States without restrictions. Not all states allow alcoholic beverages to be shipped to their state so any website that indicates that they ship everywhere is a scam.
Scam of the day – November 23, 2024 – Important Apple Security Updates
It is always important to update all of the software you use with the latest security updates and patches as soon as they are available. Numerous hacks and data breaches could have been avoided if individuals as well as companies installed security updates as soon as they became available. Hackers take advantage of the fact that many of us procrastinate installing security software to our great detriment. The major data breach at Equifax in 2018 that affected 148 million people involved a security flaw in Apache software for which a patch had already been issued months earlier, but Equifax had not yet installed at the time of the data breach.
Apple has just released critical security updates for iPhones, iPads and Macs to patch two recently identified vulnerabilities.
TIPS
Here is a link to the Apple updates: https://www.cisa.gov/news-events/alerts/2024/11/20/apple-releases-security-updates-multiple-products
Apple also provides the option of you being able to install the latest security updates automatically whenever they are issued. In order to enable automatic iOS updates open the “Settings” app and tap “General.” Then tap “Software Update” and then go to “Automatic Updates.” Enable the switch next to “Download iOS Updates” which will take you to the switch for installing iOS Updates which you can then enable. Once you do this, you will see a confirmation message confirming that your device will now automatically install iOS software updates when they become available.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – November 22, 2024 – Chinese Scammers Construct 4,695 Phony Shopping Websites
We are still a few days away from the traditional Black Friday shopping day, but many people have already started their holiday shopping and scammers are already targeting these people with fake retail shopping websites designed to steal credit card information. According to cybersecurity researcher Arda Buyukkaya, a Chinese criminal gang known as Silk Specter has created 4,695 phony counterfeit retail websites that appear to offer big discounts on popular items. The sites appear to be those of popular, legitimate retailers such as North Face, IKEA, L.L. Bean and Wayfair. The counterfeit websites even use Google Translate to automatically change the language on the website depending upon the location of the targeted victim.
Victims of the scam are prompted to enter their credit or debit card number, card expiration date and CVV code as well as their phone number. All of this information can be used to access the victim’s credit or debit card and the phone number can be later used for text message scams.
TIPS
Scam of the day – November 21, 2024 – QR Codes in Phishing Emails are Particularly Dangerous
Quick Response codes or QR codes have been around since 1994, but they have become much more popular in recent years and can be commonly found on parking meters, in restaurants and in advertising. When you can a QR code with your phone, it will take you to a website. Unfortunately as the popularity of QR codes has increased with the public, its popularity has also increased with scammers who are setting up phony QR codes to lure you to their bogus website where they solicit personal information used for identity theft or persuade you to make a payment with a credit card or even in some instances, merely by scanning the phony QR code, you will download harmful malware such as ransomware or even malware that will enable the scammer to take over your email account. I have written about QR code scams called “quishing” since 2021.
The most common places where you will find phony QR codes is on parking meters where the phony QR code is put on as a sticker over the legitimate QR code, in restaurants, in phishing emails, on social media posts or on unordered packages delivered to your home. Now, however, scammers are using QR codes to scam you in a new way. The new QR code scam starts with an email that appears to come from a company with which you do business informing you that you need to update your account or your account will be closed. In order to update your account, you are instructed to scan the QR code in the email which takes you to a website that looks like the real website for the company that the scammer is posing as and asks you to input your username and password. People falling for this scam end up giving access to their account to the scammer.
What makes this QR code scam particularly dangerous is that more and more scammers are using QR codes in phishing emails rather than malware infected links or links that take you to phony websites where you are lured into providing personal information because while security software is able to recognize and screen out malicious links, it cannot recognize malicious QR codes thereby making those phishing emails likely to avoid detection by your security software.
TIPS
As I often say, “trust me, you can’t trust anyone.” If you receive such an email the first thing you should do is check the email address of the sender. If it doesn’t appear legitimate or does not appear to have a relation to the company it purports to be from, you can be confident that it is a scam. However, in many instances the email address may look legitimate even though it is not. In that case, you still shouldn’t trust the QR code, but rather should contact the company at a phone number or website that you have confirmed is legitimate to confirm that you don’t have to update your account.
This scam also points out the importance of using dual factor authentication on all of your accounts because even if someone manages to steal your username and password, they will not be able to access your account.
Finally, there are companies that have free QR code scanner apps that will not only scan the QR code, but also let you know if it is legitimate and prevent the downloading of malware from bogus QR codes.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it indicates “Sign up for this blog.”
Scam of the day – November 20, 2024 – Chase Phishing Email
Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new. They are a staple of identity thieves and scammers and with good reason because they work. Reproduced below is a copy of a new phishing email presently circulating that appears to come from Chase bank. It was forwarded to me by a Scamicide reader.
Chase is a popular target for this type of phishing email because it is one of the largest banks in the United States. Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond. As phishing emails go, this one is pretty good. It looks legitimate and the version appearing in your email comes with a legitimate appearing Chase logo. As so often is the case with these type of phishing emails, it does not contain your account number in the email nor is it personally addressed to the receiver of the email, but merely uses your email address.
Here is a copy of the Chase phishing email presently being circulated.
ABOUT THIS MESSAGE © 2024 JPMorgan Chase & Co, N.A. Member FDIC |
TIPS
There are a number of indications that this is not a legitimate email from Chase, but instead is a phishing email. Most notably, the email address from which this phishing email was sent has no relation to Chase. It is also important to note that although the email contained a legitimate appearing Chase logo, such logos are very easy to counterfeit. In addition, the grammar in the second paragraph is faulty and the link which should read “Verify Your Account” reads “Verified Your Account.”
As with all phishing emails, two things can happen if you click on the links provided. Either you will be sent to a legitimate looking, but phony website where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or cellphone and use it to make you a victim of identity theft.
If you receive an email like this and think it may possibly be legitimate, merely call the customer service number where you can confirm that it is a scam, but make sure that you dial the telephone number correctly because scammers have been known to buy phone numbers that are just a digit off of the legitimate numbers for financial companies, such as Chase to trap you if you make a mistake in dialing the real number. Alternatively you can go to http://www.chase.com to check on your account.
I have disarmed section of the phishing email where it asks you to click on “Verified Your Account.”
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – November 19, 2024 – FTC Sending Additional Refunds to Victims of Business Opportunity Scam
In November of 2022 I first told you that the Federal Trade Commission (FTC) sued DK Automation, LLC and its principals, Kevin David Hulse and David Arnett alleging they promised huge returns to trick people into buying business opportunities and training programs through which they said they would teach you how to operate fantastically profitable stores on Amazon. According to the FTC, those claims were deceptive or outright lies and most people who bought the programs never made any profit and often lost money. According to the FTC DK Automation also sold bogus cryptocurrency investment training programs for as much as $85,000 that also were worthless.
In April of 2024 I informed you that the FTC had settled its lawsuit with the defendants turning over 2.8 million dollars to the FTC which it is refunding to victims of the scam. Now the FTC is sending a second round of refunds to victims of the scam. For more information about the refund program go to the opening page of Scamicide.com to the section titled “FTC Scam Refunds.”
TIPS
The sale of business opportunities is regulated by the FTC’s Business Opportunity Rule which requires the sellers of business opportunities to provide a one-page disclosure document outlining important facts about the offering including informing you about any legal actions in which the sellers have been involved. The disclosure also has to provide you with details as to any refund policy and provide a list of references. Additionally, as is always the case with these types of scams, if they make claims about how much money you can earn through their scheme, they must provide you with an Earnings Claim Statement that indicates in detail the specifics of those claims and the opportunity to see written proof of the claims.
Before considering any kind of business opportunity, you should have a lawyer review these required disclosures and if the person offering you the business opportunity does not provide these documents, you should consider that a red flag that this is a scam. You also should investigate the people behind the offering as well as the particular type of business opportunity.
You also can do a Google or other search engine search of any company from which you are considering making a purchase in which you type in the company’s name along with the words “scam” or “complaints” and see what you come up with.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – November 18, 2024 – Massive Data Breach at Hot Topic
Fashion retailer Hot Topic has suffered a massive data breach affecting 57 million of its customers. Among the data stolen was email addresses, home addresses, phone numbers, purchases, birth dates and partial credit card data, all of which can be used by scammers for identity theft purposes. The data breach occurred on October 19th and the hacker, who uses the name “Satanic” already has posted some of the information on the Dark Web site BreachForums, one of the sites used by cybercriminals to buy and sell goods and services. As of the writing of this Scam of the day, Hot Topics has not yet confirmed the data breach nor notified its customers or governmental officials of the data breach.
TIPS
Victims of this data breach should freeze their credit if they have not already done so. Freezing your credit is actually something everyone should do. It is free and easy to do. In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/