Scam of the Day

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Scam of the day – January 27, 2025 – PowerSchool Data Breach Update

by | Jan 26, 2025 |

I first told you about the massive data breach at PowerSchool a major education technology software company used by 16,000 educational institutions with 50 million students earlier this month, but now more information is becoming known about the data breach and it is worse than originally thought.  The hackers are claiming to have harvested sensitive personal information of 62.4 million students and 9.5 million teachers.  In one typical instance the Toronto, Canada School board has notified students, parents and former students involved with the school district since 1985 to the present time that their information had been compromised.  The compromised information included the names, addresses, Social Security numbers and medical information along with much additional personal informaion of students and teachers.  PowerSchool paid a ransom to the hackers to prevent the publication of the stolen information, but regardless, the data breach still presents the threat of identity theft to the children and teachers whose information was stolen.

While we know that identity theft is a major problem for adults, it is also a huge problem for children.  According to Michael Bruemmer the Vice President of Consumer Protection for Experian 25% of minors will have their identities stolen before they turn 18. Identity thieves steal the identity of a child and then run up large debts using the credit of the child, who generally does not become aware that his or her identity has been stolen until he or she reaches older teen years when the teenager might first apply for a car loan or financial aid for college.

TIPS

If you find out that you or your children have become a victim of identity theft, notify each of the three credit reporting agencies, Equifax, Experian and TransUnion of the crime and ask them to investigate and remove the false information from your files.

Parents also should, as much as possible, try to limit the places that have their child’s Social Security number and become familiar with the Family Educational Rights Privacy Act which helps you protect the privacy of your child’s school records and enables you to opt out of information sharing by the school with third parties.  You also should freeze the credit reports of your children.  Until 2018 there was no national law that allowed the credit reports of children to be frozen, but in the wake of the major Equifax data breach, Congress passed laws that now permit children’s credit reports to be frozen and unfrozen for free.

Here are the links to information about how to freeze your child’s credit reports at each of the three major credit reporting agencies.

https://www.transunion.com/credit-freeze

https://www.experian.com/blogs/ask-experian/requesting-a-security-freeze-for-a-minor-childs-credit-report/

https://www.equifax.com/personal/education/identity-theft/freezing-your-childs-credit-report-faq

Everyone also should monitor their credit reports regularly for indications of identity theft.  The three major credit reporting agencies now provide free weekly access to your credit reports so you can monitor your credit reports easily on your own.  Here is the only link to use to get your free credit reports.https://www.annualcreditreport.com/index.action
Some scammers have websites that appear to offer “free” credit reports, but if you read the fine print, you often may find that you have signed up for unnecessary services.
Finally, be wary of anyone who calls you purporting to help you in regard to the data breach who  asks for personal information in regard to this data breach as that is a favorite tactic of hackers to lure you into providing additional personal information that can lead to your becoming a victim of identity theft.  Also, as always, never click on a link or download an attachment to an email or text message unless you have absolutely confirmed that it is legitimate and don’t provide personal information in response to an email, text message or phone call unless you have absolutely confirmed that the communication was legitimate.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/

Scam of the day – January 26, 2025 – Danger of Skimmers on Gas Pumps

by | Jan 25, 2025 |

In 2020 the Federal Trade Commission (FTC)  issued a warning about the dangers presented by skimmers on gas pumps.  I have warned you about the dangers of skimmers for many years.   Skimmers are small electronic devices that are easily installed by an identity thief on gas pumps, ATMs and other card reading devices.  The skimmer steals all of the information from old style magnetic strip credit card or debit cards which then enables the identity thief to use that information to access the victim’s credit card or bank account when the skimmer is used on a debit card.  Each skimmer can hold information on as many as 2,400 cards.

MasterCard and Visa announced in December of 2016 that the deadline for the installation of EMV chip card readers on gas pumps was being delayed three years to October 1, 2020.    This deadline was further delayed due to the Coronavirus pandemic to April 17, 2021 at which time less than half of the gas pumps in the United States complied with the requirement to install EMV chip card readers. And although that deadline has long since passed, due to the cost involved, many gas pumps still are not enabled for your chip credit card.

Wider implementation of the use of EMV chip cards at retail stores where their use has been mandated since 2015 has resulted in a dramatic reduction in data breaches and credit card fraud at retailers using this equipment.  EMV  chip cards are far safer than the old-style magnetic strip cards.    Around the country there has been a dramatic increase in the use of skimmers installed by criminals at gas pumps and while the deadline for gas pumps to install chip readers has passed, many gas pumps still do not use EMV chip card readers and so skimmers at gas pumps continue to be a problem.

Last year,  the Aurora, Colorado police department issued a warning that scammers were drilling holes in the contactless payment screens on gas pumps where you can merely scan your credit card with its RFID chip rather than insert it into any card reader.  By damaging the contactless payment screen, it becomes inoperable thereby requiring the customer to use the credit card reader on the gas pump where the identity thief had already installed a skimmer to steal your credit card or debit card information.

TIPS

Always look for signs of tampering on any machine you use to swipe your credit card or debit card although the more advanced forms of skimmers are installed in the gas pump’s interior and cannot be detected from an inspection of the outside of the pump. Keys to open the gas pumps to allow the installation of the skimmer are readily available online.  If the card inserting mechanism appears loose or in any other way tampered, don’t use it.  In regard to the contactless payment screen, if it is not working, there is a high likelihood that it may have been tampered with so in that instance pay for your gas inside the gas station office.

Debit cards, when compromised through a skimmer put the customers at risk of having the bank accounts tied to their cards entirely emptied if the theft is not promptly reported and even if the victim reports the theft immediately, the victim loses access to his or her bank account while the matter is investigated by the bank.  Debit cards should not be used for purchases at gas pumps. Instead use your credit card and monitor your account regularly to find out early if you have become a victim of this scam. With a credit card, your liability for fraudulent purchases is limited by law to no more than $50 and I am not aware of any credit card companies that hold their customers responsible for any fraudulent purchases. However, fraudulent debit purchases do not come with the same federal legal protection.

When choosing a particular gas pump, you may wish to pick the pump closest to the building and within the sight line of the attendant.  Criminals are less likely to install skimmers in pumps where they could be observed making the illegal installation of a skimmer.

If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/

Scam of the day – January 25, 2025 – Prisoner Indicted for Jury Duty Scam

by | Jan 24, 2025 |

I have been warning you about the jury duty scam for twelve years, but it continues to snare many unwary victims.   Recently Anthony Sanders and an accomplice were indicted on charges related to a jury duty scam in which Sanders called his victim, a 30 year nurse posing as a Sarasota, Florida sheriff  threatening arrest for failure to show up for jury duty and demanding a payment of more than $12,000 through what he referred to as a “Bonding Transition Center” which was actually a Bitcoin ATM which was used to direct the funds to Sanders’ account.  The call appeared on the victim’s Caller ID as coming from the Sarasota sheriff’s department and the victim paid the funds.  What makes this particular scam unusual was that Sanders is a prisoner in a Georgia prison who allegedly used a smuggled in cell phone to commit the crime.

Often in these scams you are told that you can pay the fine through a credit card or, as is being done more and more,  by a gift card.  And now more frequently you are told to pay the “fine” through a Bitcoin ATM. Other times they ask for your Social Security number to confirm your identity.  Of course, the phone call is a scam.  Even if you have missed jury duty, you will never be called by legitimate court officers and shaken down for a payment.

Often, as in this case,  the scammers will use a technique called “spoofing” to make the call appear on your Caller ID as if it is coming from a legitimate law enforcement agency or court.  In some instances of the scam you are asked to confirm your identity by providing your Social Security number which will then be used to make you a victim of identity theft.  Recently the scam has evolved to where people are also being contacted by text messages or emails from scammers posing as a representative of the local court system.

TIPS

Initial contacts from courts regarding jury duty are always in writing through the mail although some systems will permit you to receive future notices through email.  Under no circumstances will you receive telephone calls or text messages indicating that you have failed to report for jury duty.  No court will demand payment over the phone for failing to appear for jury duty and no court ever requires a payment be made via cryptocurrencies.  If you do receive such a call and you think that there is even the possibility that you might have forgotten to report for jury duty, merely call the local clerk of courts in order to  get accurate information. Of course anyone calling you and telling you that you can pay your fine to them over the phone using your credit card or a gift card is a scammer.

If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”

Scam of the day – January 24, 2025 – USPS Issues Warning About Text Message Scams

by | Jan 23, 2025 |

Although the name may not be as familiar as “phishing” which is the name for emails that lure you into clicking on malware infected links or providing personal information that will be used to make you a victim of identity theft, “smishing” is the name given to text messages that lure you into clicking on links or providing personal information in response to a text message from what appears to be a trusted source, such as a company with which you do business.

Smishing scams have increased in frequency over the last year.  Like phishing emails, the purpose of a smishing text message is to either lure you into providing personal information that will be used to make you a victim of identity theft or to click on a link in the text message that will download dangerous malware.

Recently, the United States Postal Service issued a warning about smishing text messages that appear to come from the United States Postal Service (USPS) alerting the targeted victim about a phony delayed package delivery.  These smishing messages lure people into clicking on malware infected links or providing personal information that can lead to identity theft.

TIPS

As I always say, “trust me, you can’t trust anyone.”  You can never be truly sure when you receive a text message seeking personal information such as your credit card number whether or not the email is a scam. The risk of clicking on a link or providing the requested information is just too high. Instead, if you think that a text message that appears to come from the United States Postal Service might be legitimate, you should contact your local post office at a telephone number that you know is legitimate and find out whether or not the text message was a scam.

As for text messages from the USPS,  if you never signed up for a USPS tracking request for a specific package you won’t be receiving a text message from the USPS.  The Postal Service offers free tools to track specific packages, but customers are required to either register online, or initiate a text message, and provide a tracking number. The USPS will not send customers text messages or e-mails without a customer first requesting the service with a tracking number, and they will never contain a link so, if you did not initiate the tracking request for a specific package directly from USPS and it contains a link it is a smishing text and not from the USPS.

If you are not a subscriber to Scamicide.com and would like to free receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”

Scam of the day – January 23, 2025 – Johnny Depp Warns Fans About Scammers Impersonating Him

by | Jan 22, 2025 |

Johnny Depp is warning his fans about scammers posing as him and asking his fans for money.  According to Depp, “As part of their tactics they create multiple, deceptive social media and email accounts impersonating me and memers of my team.  Today, AI can create the illusion of my face and voice.  Scammers may look and sound jsut like the real me.  But, neither I, nor my team, will ask you for money or your personal information.”  Depp is one of many celebrities who scammers are impersonating and asking for money for a variety of reasons or endorsing fake products.  According to software security company McAfee, Scarlet Johannson is the most impersonated celebrity in these scams.

For years I have told you about scammers posing as various popular celebrities in ads and on social media luring people into making payments for worthless products or sending money under some other guise to the scammer posing as the celebrity.  However, with the increased of Artificial Intelligence these phony ads and scams have become both more believable looking and more frequent as  deepfake and other AI technology become readily available to less technologically savvy scammers.  Scammers pose as celebrities in a variety of scams including phony celebrity endorsed products, cryptocurrency investment scams and videos in which the scammers lure unsuspecting victims into downloading malware that can lead to identity theft.

TIPS

Trust me, you can’t trust anyone.  Always confirm any endorsement or connection between a celebrity and any product or program or request for payment.  Confirm on the celebrity’s website to see if they really do endorse a particular product or program.

While it can be difficult to do, you can also identify many deepfake videos in a number of ways.  One unusual thing that deepfakes often get wrong is how they show fingers.  Often deepfakes have a sixth finger or leave off a thumb. Teeth, eyes and ears may also be flawed in appearance.   Another flaw often that appears in deepfakes is accessories such as necklaces, earrings, scarves and even shirt buttons may appear warped.

If you are not a subscriber to Scamicide.com and would like to receive  free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”

Scam of the day – January 22, 2025 – Dead People Becoming Victims of Identity Theft

by | Jan 21, 2025 |

Not even the dead are immune from identity theft and this particular type of identity theft is now on the rise.  Until regulations were enacted in 2014 scammers merely checked out the latest obituaries and then went to a free totally available data bank called the Death Master File maintained by the Social Security Administration.  Using the Death Master File, the scammer was readily able to obtain the deceased person’s Social Security number which would then be used along with the information gained from the obituary to establish credit, make purchases or take out loans in the name of the deceased person.  Since 2014 regulations have greatly limited the access to the Death Master File, but identity theft from the dead remains a serious problem because it is still easy for criminals to obtain Social Security numbers of dead people. Income tax identity theft using the Social Security numbers of dead people is a popular scam with income tax identity thieves because the IRS may not be alerted that the victim of the identity theft has died and is not filing an income tax return. Income tax identity theft from the dead can severely complicate the estate settlement process and threaten the deceased’s assets.

TIPS

Limit the amount of personal information contained in any obituary in order to not provide information exploitable by an identity thief.  Also, the executor or personal representative of the estate should contact the major credit reporting bureaus, Experian, TransUnion and Equifax and notify them that the person is deceased and not to issue any further credit.   All creditors, such as credit card companies of the deceased should also be notified of the death and the accounts closed as soon as possible.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”

Scam of the day – January 21, 2025 – Unpaid Parking Ticket Text Scam

by | Jan 20, 2025 |

The Boston Police Department is warning people about a new scam involving text messages that appear to come from the City of Boston indicating the person receiving the text message has an overdue parking ticket.  The text message contains at the top of the message  the seal of the City of Boston and reads “This is a notice from City of Boston.  Your vehilce has an unpaid parking invoice of $4.35.  To avoide a late fee of 35$, please settle your balance promptly.  To avoid late fees acess your file by typing the following link in your browser.”  The message then provides a link that appears to be legitimate, but is not.  If you go to the site provided to pay the ticket you will be prompted to provide your credit card or debit card number which the identity thief will use to charge you much more than $4.35.  While this particular text message scam relates to Boston, similar parking ticket text message scams have been reported in other cities as well.

TIPS

As always, you should never make a payment, click on a link or provide personal information in response to a text message regardless of how legitimate it may appear  unless you have absolutely confirmed that it is legitimate.  In this case there are a number of red flags to indicate that the text message is a scam.  The cell  phone number used to send the text message has an area code outside of Massachusetts.  This is a particularly glaring mistake because it is quite simple for a scammer to “spoof” a phone number to make it appear to come from whatever number the scammer wishes.  Also, this particular text message has flawed grammar and described the late fee as 35$ with the dollar sign on the right of the figure which is not done in the United States, but is done in this manner in France and French speaking countries.  Finally, parking tickets are never referred to as parking invoices in the United States, but is used in European countries.

If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”

Scam of the day – January 20, 2025 – Trojan Subscribers Can Cost You Money

by | Jan 19, 2025 |

In Homer’s Odyssey, the Trojan horse hid soldiers that when brought through the gates and into the city of Troy led to the fall of Troy.  Trojan subscribers are malware hidden within legitimate apps that while they won’t lead to the downfall of a city can cost the victims of a Trojan subscriber a lot of money.

Trojan subscribers are malicious code that cybercriminals add to legitimate apps and then upload them to app stores under a different name.  The apps can be for a variety of purposes, such as monitoring blood pressure or scanning documents.  When someone downloads one of these infected apps, he or she doesn’t realize that the Trojan subscriber will automatically subscribe to a paid service without the person who downloaded the app being aware of it.

Generally, the cybercriminals who create and use Trojan subscribers get paid a commission on each new subscription to a paid service.

There have been a number of different Trojan subscribers found during the past few years including the Jocker Trojan subscriber, the MobOk Trojan subscriber, the Vesub Trojan subscriber and the GriftHorse.ae Trojan subscribers.  While they all work slightly differently they all manage to effectively sign up their victims to unwanted and costly subscription services.

Google Play and other app stores try to identify apps with Trojan subscribers, but as soon as they take one down, another pops up.  In other instances, Trojan subscribers are found in apps that are not allowed on the regular official app stores.

TIPS

So what can you do to protect yourself from Trojan subscribers?

First and foremost, don’t install apps from unofficial sources.  The risk is far too great that you will be downloading malware.  However, even if you stick to legitimate sources for your apps such as Google Play, you must recognize that getting your app from a legitimate source does not guarantee that the app is malware-free.

Always check out the reviews and ratings of particular apps before you download them.  Also, the longer an app has appeared on a legitimate source such as Google Play, the better the chance that it has been properly vetted and does not contain any malware.  Therefore be a bit wary of apps that have only recently appeared on a legitimate app store.

Another good policy to follow when you download apps is to give the apps only the minimal access to your device that is needed to perform properly.

Finally, make sure that you have installed strong security software on your cellphone and keep it updated with the latest security updates and patches as they become available to protect you from not only Trojan subscribers, but also other threats as well.

If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”

Scam of the day – January 18, 2025 – Phony Sirius XM Invoice Scam

by | Jan 17, 2025 |

The phony invoice scam is a common scam popular with scammers because it is quite effective.  It starts when you receive an email that purports to be from a popular company with which many of us do business that indicates that you owe them a significant payment.   The scammers count on people being concerned that they are being wrongfully charged for a product they did not order.  You are provided a telephone number to call if you dispute the bill. If you call the number, you will be prompted to provide personal information that will be used to make you a victim of identity theft.

The copied email below was provided by a longtime Scamicide reader attempts to lure you into clicking on a link in order to renew an expired satellite radio  Sirius XM account for free which right away should be a red flag that this is a scam.  As always, the purpose of a phishing email is to lure you into clicking on links contained within the email or providing personal information. If you click on links in phishing emails, you end up either downloading malware or providing information used to make you a victim of identity theft.

There are a number of red flags that indicate that this is a scam.  Your name does not appear anywhere in the invoice.  Also, the email was sent from an email address that has no relation to Sirius XM.

Here is a copy of the invoice being circulated.

TIPS

Once, I received a large invoice from a company with which I do business for goods I did not order, but rather than click on the link provided in the email, I went directly to the company’s website to question the invoice.  When the website came up, the first thing I saw was a large announcement that the invoice was a scam and that many people had received these phony invoices.  If you ever receive a phony invoice such as this and you think that it may possibly be true, don’t click on links or call phone numbers provided in the email.  Rather, contact the real company directly at a phone number or website that you know is legitimate where you can confirm that the phishing invoice was a scam.

If you receive this particular phishing email and want to check on your account, here is a link you can trust with contact information for Sirius XM. https://www.siriusxm.com/contact-us

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/

  • Categories

Archives