Scam of the Day
Scam of the day – December 23, 2024 – Ascension Data Breach Affects More Than 5 Million People
Data breaches are all too common and according to a 2023 report by IBM, healthcare companies account for approximately 27% of all data breaches. Healthcare companies are targeted for a number of reasons including the general lack of security of many healthcare companies and the extensive personal and medical information they store including health insurance information that can be sold by criminals on the dark web for large prices enabling other people to access your health insurance. Having your health insurance policy used by an identity thief is particularly dangerous because it can result in your medical records being corrupted by the medical information of the identity thief and the difficulty in getting this information removed from your medical records. Having the medical information of an identity thief on your medical records could even result in your getting a blood transfusion of the wrong blood type.
Recently Ascension, a healthcare company that operates 140 hospital and 40 senior care facilities accross the United States disclosed that it had suffered a data breach affecting 5,599,699 of its patients and employees. The compromised information varies depending on the individual, but includes medical information, credit card information, bank account numbers, medical insurance information, Social Security numbers and other personal information which provides a treasure trove for scammers and identity thieves. Ascension is notifying victims of the data breach by mail starting this week and are offering 24 months of identity theft protection services.
Ascension was hacked through a social engineering email from a ransomware gang that lured an employee of Ascension to download malware that enabled the hacker to steal Ascension’s data.ascensio
TIPS
Victims of this data breach should freeze their credit if they have not already done so. Freezing your credit is actually something everyone should do. It is free and easy to do. In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 22, 2024 – Facebook Copyright Violation Scam
Scammers love to take over Facebook accounts because people generally trust the posts put up by their friends that appear on their Facebook page. These people forget my motto of “trust me, you can’t trust anyone” and often click on links in these posts or provide information in response to these posts which generally don’t present a problem, but when the post that you think is that of your friend is really from a scammer who has taken over your friend’s Facebook account, the link you click on may download dangerous malware and the information you provide may enable the criminal to make you a victim of identity theft.
There are many ways that cybercriminals take over Facebook accounts, but one that has been occurring recently begins when you get an email that reads “Your Facebook account has been disabled for violating the Facebook Terms. If you believe that this decision is incorrect, you may file an appeal at this link.” Sometimes the email implies that the violation is a copyright violation for a post you put up that contained copyright protected music. People clicking on the link to begin the appeal process are taken to an official looking page that asks for your name, username and password. If you provide that information, you have just turned over your Facebook account to a cybercriminal and if you use the same password for all of your online accounts, you have also put yourself in jeopardy as to every account in which you use the same password.
TIPS
The first thing to always look at when you get an email that requests information or instructs you to click on a link is the email address of the sender. If it has nothing to do with the company that is being represented as sending you the email, the email is a phishing email being sent through a botnet of computers whose email accounts have been hacked and used to send out these phishing emails.
Sometimes, however, the email address of the sender may appear to be legitimate, but even then you cannot trust it. A sophisticated cybercriminal can make the email address appear legitimate when it is not. The best course of action if you are ever asked for personal information or to click on a link is to confirm that the communication is legitimate. The best way to do that is to check with the real company that the scammer is posing as. In this case you could and should go directly to Facebook through its help center where you will learn that this and similar phishing emails are scams. https://www.facebook.com/help
You also should use dual factor authentication so that even if someone gets your username and password, they won’t be able to get control of your account. Here is a link to Facebook’s information about installing dual factor authentication. https://www.facebook.com/help/148233965247823
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 21, 2024 – Imposter Scammer Indicted
Xiao Kun Cheung was indicted in Federal Court in Georgia on charges related to a tech support scam allegedly perpetrated by Cheung and co- conspirators targeting the elderly in Georgia, Florida and Tennessee in which seniors were contacted by phone or through pop-up messages on their computers informing them that their financial accounts had been compromised and that to protect their assets they needed to withdraw large sums of money, purchase gift cards or buy gold bars to deliver to the scammers who posed as federal agents for safekeeping. Cheung, a previously deported Chinee national was arrested when he attempted to pick up approximately $132,000 in gold bars from a scam victim in Georgia.
TIPS
Primary in this scam is the scammer posing as a law enforcement or government agent who under a variety of pretenses manipulates the victim into doing as they are told. Scam victims often trust scammers posing as authority figures. The scam may also seem more believable when the initial phone call appears to come from a legitimate law enforcement agent or other governmental official because the scammer uses “spoofing’ to manipulate the victim’s Caller ID to make the call look as if it indeed is coming from a legitimate source. Imposter scams are among the most common scams.
The truth is that under no circumstances will a government agent or law enforcement officer ever tell anyone to withdraw funds from their accounts in put them into a “safe government account.”
Scammers are aware that scaring people with phony emergencies triggers the amygdala which is a part of the brain also called the lizard brain which makes us act quickly and emotionally without rationally considering the situation which is why so many people are able to be victimized by scams like this. It is for this reason that whenever you are asked to make a payment in response to some emergency, you should take your time and analyze the situation and confirm the legitimacy of the emergency.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – December 20, 2024 – Clever PayPal Invoice Scam
Today’s Scam of the day is one I first warned you about in the Scam of the day for March 3, 2023, but it is still being effectively used by scammers. I have warned you numerous times about scams in which you receive a phony invoice that appears to come from a company you do business, but if you look at the email from which it is sent, you will see that the email was sent from someone who has no relation to the company it purports to be. However, in this new scam, you get a phony invoice that not only appears to come from PayPal, but actually does come from PayPal and a link in the email to “View and Pay Invoice” that actually would take you to PayPal and an active invoice. The email has a phone number for you to call if you have a question about the invoice and if you do call the phone number, a scammer will promptly answer the phone where you will be advised to download a remote administration tool that gives the scammer access to your computer purportedly to help find the problem, but in actuality what you will have done is give the scammer access to your computer and all of the passwords to all of your accounts.
The truth is that the scammers open PayPal Business accounts which enables them to be able to send invoices from PayPal which makes them appear legitimate when they indeed are sent to you by PayPal. The customer service number that they provide in the invoice does not, however, take you to PayPal, but rather to the scammer who then asks you to give them remote access to your computer to straighten the matter out.
TIPS
Whenever you get an email or invoice such as this which appears to come from a legitimate source, don’t click on links or call the phone numbers in the invoice. Rather call the real customer service number which you can get online. It is also interesting to note that if you call the real customer service number for PayPal, you will have to go through a number of prompts before you get to speak to a real person, however, the scammers customer service number is immediately answered by a person.
This scam and many tech support scams ask you to give remote access to your computer which is something you should not do under almost all circumstances. Giving someone remote access to your computer gives them access to everything on your computer and can lead to serious identity theft.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it states “Sign up for this blog.”
Scam of the day – December 19, 2024 – How to Keep Your Cryptocurrency Wallet Safe
I have been writing about cryptocurrency scams for years. There a variety of scams that attempt to steal your cryptocurrencies from you. One of the most important decisions anyone should make when deciding whether to invest in cryptocurrencies is what kind of a wallet they will hold their investment in. Many cryptocurrency scams involve people being tricked into turning over access to their cryptocurrency wallets and losing all of their funds.
Your digital wallet is where the key that allows you to access your cryptocurrency account is found. If your key falls into the hands of a hacker, you can easily lose all of your cryptocurrency account so it is of paramount importance to secure your digital wallet. Digital wallets can either be hot wallets or cold wallets. Hot wallets are connected to the Internet which makes them more susceptible to being hacked which is why a cold wallet which is not connected to the Internet, but rather is is kept in a portable hard drive is your best bet.
TIPS
When doing cryptocurrency transactions online, use a Virtual Private Network (VPN) to provide encryption for your communications which will make the transactions more secure and refrain from using public WIFI for cryptocurrency transactions. Use a strong, complex password for your account and consider using a password manager or store your password on a portable hard drive that you keep in a secure spot.
Use dual factor authentication for your account for additional security, however, it is important to note that many cryptocurrency thefts have occurred when hackers were able to defeat dual factor authentication through SIM swapping whereby they contact the cell phone service provider of their victim, answer a security question and manage to get the cell phone service provider to switch the phone number of the victim to a phone controlled by the criminal thus defeating the dual factor authentication.
The best thing you can do to protect your SIM card from being swapped is to set up a PIN or password to be used for access to your mobile service provider account. This will help prevent a criminal from calling your carrier posing as you and convincing your mobile carrier to swap your SIM card to the criminal’s phone merely by providing personal identifying information or answering a security question.
Finally, I strongly urge anyone considering investing in cryptocurrencies as well as any investment to research the investment thoroughly before investing. No one should ever invest in anything they do not fully understand.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 18, 2024 – California Man Loses $38,000 Through SIM Swapping
Recently, Justin Chan of California had $38,000 stolen from his bank account which he thought he had protected through dual factor authentication. A Subscriber Identity Module, more commonly known as a SIM card, is an integrated circuit that stores information used to authenticate subscribers on mobile devices, such as a cell phone. The SIM card is able to be transferred between different devices, and often is, when people update into a newer cell phone. SIM Swapping is the name for the crime where someone convinces your phone carrier to transfer your SIM card to a phone controlled by the criminal.
Identity thieves with access to their victims’ SIM cards are increasingly becoming able to intercept security codes sent by text messages for online banking as part of dual factor authentication and thereby providing the identity thief with the opportunity to empty their victims’ bank accounts and cause other financial havoc.
The best thing you can do to protect your SIM card from SIM swapping is to set up a PIN or password to be used for access to your mobile service provider account. This will help prevent a criminal from calling your carrier posing as you and convincing your mobile carrier to swap your SIM card to the criminal’s phone merely by providing personal identifying information or answering a security question.
TIPS
I have written in the past about how to avoid SIM swaps by setting up a passcode or PIN on your mobile service carrier account to avoid a scammer being able to access the account merely by answering a security question.
AT&T will allow you to set up a passcode for your account that is different from the password that you use to log into your account online. Without this passcode, AT&T will not swap your SIM card. Here is a link with instructions as to how to set up the passcode. https://www.att.com/esupport/article.html#!/wireless/KM1051397?gsi=9bi24i
Verizon enables customers to set up a PIN or password to be used for purposes of authentication when they contact a call center. Here is a link with information and instructions for setting up a PIN with Verizon. https://www.verizonwireless.com/support/account-pin-faqs/
T-Mobile will allow you to set up a passcode that is different from the one you use to access your account online. This new passcode is used when changes to your account are attempted to be made such as swapping a SIM card. This code will not only protect you from criminals attempting to call T-Mobile and swap your SIM card, but will also prevent someone with a fake ID from making changes to your account at a T-Mobile store. Here is a link to information and instructions for adding a new passcode to your account. https://www.t-mobile.com/customers/secure
Sprint customers can establish a PIN that must be provided when doing a SIM swap, in addition to merely answering a security question, the answer to which may be able to be learned by a clever identity thief. Here is a link to information about adding a PIN to your Sprint account. https://www.sprint.com/en/support/solutions/account-and-billing/update-your-pin-and-security-questions-on-sprint-com.html
And if you are particularly paranoid, like me, you can arrange with your cell phone service carrier that your SIM card cannot be switched except in person by you.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – December 17, 2024 – Critical Adobe Updates
It is always important to update all of the software you use with the latest security updates and patches as soon as they are available. Numerous hacks and data breaches could have been avoided if individuals as well as companies installed security updates as soon as they became available. Hackers take advantage of the fact that many of us procrastinate installing security software to our great detriment. The major data breach at Equifax in 2018 that affected 148 million people involved a security flaw in Apache software for which a patch had already been issued months earlier, but Equifax had not yet installed at the time of the data breach.
Adobe has just issued critical updates to a wide variety of their software. Failure to promptly update your software leaves you vulnerable to cyberattacks. Here is a link to those updates. https://www.cisa.gov/news-events/alerts/2024/12/10/adobe-releases-security-updates-multiple-products
TIPS
Adobe also provides the option of you being able to install the latest security updates automatically whenever they are issued. Here is a link to instructions as to how to set up automatic updates, which I strongly recommend. https://justcreative.com/how-to-update-adobe/
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 16, 2024 – Publishers Clearing House Lottery Scams Increasing
In the last few years there has been an increase in reports of scammers calling people on the telephone and telling them that they have won one of the Publishers Clearing House lotteries, but that they have to pay fees or taxes before being able to claim their prize. In addition there are reports of targeted victims receiving phony notifications by regular mail that they have won a Publishers Clearing House lottery, but that again they must pay fees or taxes before being able to receive their prize.
It is hard to win any lottery. It is impossible to win one that you have not even entered and yet scam artists have found that it is extremely lucrative to scam people by convincing them that they have won various lotteries. With so many people entered into the Publishers Clearing House lotteries, it is easier for scammers to convince people that they have won.
Most lottery scams involve the victim being told that they need to pay taxes or administrative fees directly to the lottery sponsor; however no legitimate lottery requires you to do so.
As with many effective scams, the pitch of the scammer may seem legitimate. Income taxes are due on lottery winnings, but with legitimate lotteries they are either deducted from the lottery winnings before you receive your prize or you are responsible for paying the taxes directly to the IRS. No legitimate lottery collects taxes on behalf of the IRS from lottery winners. Other times, the scammer tell the “winners” that in order to collect their prizes, they need to pay administrative fees. Often, the victims are told to send the fees back to the scammer by gift cards. Gift cards are a favorite of scammers because they are the equivalent of sending cash. They are impossible to stop or trace. Again, no legitimate lottery requires you to pay administrative fees in order to claim your prize.
TIPS
Fortunately, there is an easy way to know, when you are contacted by Publishers Clearing House by phone, email or text message informing you that you have won one of its major multi-million dollar prizes, whether you have been contacted by the real Publishers Clearing House. Publishers Clearing House only contacts major prize winners in person or by regular mail. They do not contact winners by phone, email or text message so if you do receive a notification of your winning one of their major multi-million dollar prizes by those means of communication you know it is a scam.
Even if the Caller ID on your phone indicates the call is from Publishers Clearing House, it is very easy for a scammer to use a technique called “spoofing” to make it appear that the call is coming from Publishers Clearing House rather than the scammer who is really making the call. Trust me, you can’t trust anyone.
In addition, no winners of the Publishers Clearinghouse sweepstakes are ever required to make a payment of any kind to claim their prize so if you are told that you have won, but are required to make any kind of payment before you can claim your prize, you can be sure that it is a scam. As for other lotteries, remember, you can’t win a lottery you haven’t entered and no legitimate lottery asks you to pay them administrative fees or taxes.
Also, as I often tell you, it is always a red flag that you are involved with a scam when you are asked to pay for anything with gift cards. Gift cards are a favorite method of payment for scammers because they are easy to convert into cash and impossible to trace.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 15, 2024 – Senior Dating App Data Breach Affects 700,000 People
The 40+ dating website Senior Dating has shut down after recently suffering a data breach on November 23rd. The compromised and stolen personal information of 765,517 of the apps users included biographies, birth dates, drinking habits, education levels, email addresses, gender, geographic occupations, profile photos relationship status, smoking habits and social media profiles and while this information is not directly likely to be used for purposes of identity theft and scams such as would be the case if Social Security numbers were compromised, this information is very valuable to a scammer or identity thief who can use this to create convincing spear phishing emails, text messages and phone calls that can lure the targeted victims into clicking on malware infected links, make payments or provide information that would lead to identity theft.
TIPS
Victims of this data breach should freeze their credit if they have not already done so. Freezing your credit is actually something everyone should do. It is free and easy to do. In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 14, 2024 – Fake Weight Loss Drugs
The popular weight loss Ozempic is in low supply and high demand even at a cost of almost $1,000 per month if it is not covered by insurance. As a result scammers are using social media, phishing emails and phony online pharmacy websites to sell worthless phony Ozempic or what they say is generic Ozempic to unsuspecting victims. Earlier this year the security software company McAfee recently issued a report in which they found 176,871 phishing emails and 449 phony pharmacy websites related to selling phony Ozempic just between January and April. Scammers also used fake profiles on Facebook and advertisements on legitimate websites to sell their worthless, counterfeit Ozempic. Often the scammers will try to appear to be Canadian pharmacies.
No generic form of the drug has been approved by the FDA, and what people are receiving may be either ineffectual or even harmful. The National Association of Boards of Pharmacy has a list of websites selling fraudulent and unsafe medications. Before even considering buying a prescription drug online, you should see if the site you are considering is legitimate.
In many instances, the scammers ask for payment through cryptocurrencies, gift cards Zelle and Venmo, which are indications of a scam since legitimate businesses do not demand payment in this manner although scammers do because of the anonymity of these payments and the difficulty in stopping the payments. Some scammers operating these phony websites appear to offer the option to pay by credit card, but when you try to do so an error message appears and you are compelled to pay in one of the methods preferred by the scammers.
TIP
Although it is still technically illegal to purchase prescription drugs from Canada either directly or over the internet, federal officials using enforcement discretion as provided by law generally do not get involved with prescription drug shipments for personal consumption. The first thing anyone considering ordering prescription drugs from Canada should do is make sure that they are dealing with a legitimate Canadian pharmacy that requires a prescription from an American doctor. It is easy to research this online. Any online pharmacy that promises to sell you prescription drugs without your obtaining a prescription is a scam, plain and simple.
Some security software can recognize websites of scammers and are worth getting.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/