Scam of the Day
Scam of the day – December 17, 2024 – Critical Adobe Updates
It is always important to update all of the software you use with the latest security updates and patches as soon as they are available. Numerous hacks and data breaches could have been avoided if individuals as well as companies installed security updates as soon as they became available. Hackers take advantage of the fact that many of us procrastinate installing security software to our great detriment. The major data breach at Equifax in 2018 that affected 148 million people involved a security flaw in Apache software for which a patch had already been issued months earlier, but Equifax had not yet installed at the time of the data breach.
Adobe has just issued critical updates to a wide variety of their software. Failure to promptly update your software leaves you vulnerable to cyberattacks. Here is a link to those updates. https://www.cisa.gov/news-events/alerts/2024/12/10/adobe-releases-security-updates-multiple-products
TIPS
Adobe also provides the option of you being able to install the latest security updates automatically whenever they are issued. Here is a link to instructions as to how to set up automatic updates, which I strongly recommend. https://justcreative.com/how-to-update-adobe/
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 16, 2024 – Publishers Clearing House Lottery Scams Increasing
In the last few years there has been an increase in reports of scammers calling people on the telephone and telling them that they have won one of the Publishers Clearing House lotteries, but that they have to pay fees or taxes before being able to claim their prize. In addition there are reports of targeted victims receiving phony notifications by regular mail that they have won a Publishers Clearing House lottery, but that again they must pay fees or taxes before being able to receive their prize.
It is hard to win any lottery. It is impossible to win one that you have not even entered and yet scam artists have found that it is extremely lucrative to scam people by convincing them that they have won various lotteries. With so many people entered into the Publishers Clearing House lotteries, it is easier for scammers to convince people that they have won.
Most lottery scams involve the victim being told that they need to pay taxes or administrative fees directly to the lottery sponsor; however no legitimate lottery requires you to do so.
As with many effective scams, the pitch of the scammer may seem legitimate. Income taxes are due on lottery winnings, but with legitimate lotteries they are either deducted from the lottery winnings before you receive your prize or you are responsible for paying the taxes directly to the IRS. No legitimate lottery collects taxes on behalf of the IRS from lottery winners. Other times, the scammer tell the “winners” that in order to collect their prizes, they need to pay administrative fees. Often, the victims are told to send the fees back to the scammer by gift cards. Gift cards are a favorite of scammers because they are the equivalent of sending cash. They are impossible to stop or trace. Again, no legitimate lottery requires you to pay administrative fees in order to claim your prize.
TIPS
Fortunately, there is an easy way to know, when you are contacted by Publishers Clearing House by phone, email or text message informing you that you have won one of its major multi-million dollar prizes, whether you have been contacted by the real Publishers Clearing House. Publishers Clearing House only contacts major prize winners in person or by regular mail. They do not contact winners by phone, email or text message so if you do receive a notification of your winning one of their major multi-million dollar prizes by those means of communication you know it is a scam.
Even if the Caller ID on your phone indicates the call is from Publishers Clearing House, it is very easy for a scammer to use a technique called “spoofing” to make it appear that the call is coming from Publishers Clearing House rather than the scammer who is really making the call. Trust me, you can’t trust anyone.
In addition, no winners of the Publishers Clearinghouse sweepstakes are ever required to make a payment of any kind to claim their prize so if you are told that you have won, but are required to make any kind of payment before you can claim your prize, you can be sure that it is a scam. As for other lotteries, remember, you can’t win a lottery you haven’t entered and no legitimate lottery asks you to pay them administrative fees or taxes.
Also, as I often tell you, it is always a red flag that you are involved with a scam when you are asked to pay for anything with gift cards. Gift cards are a favorite method of payment for scammers because they are easy to convert into cash and impossible to trace.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 15, 2024 – Senior Dating App Data Breach Affects 700,000 People
The 40+ dating website Senior Dating has shut down after recently suffering a data breach on November 23rd. The compromised and stolen personal information of 765,517 of the apps users included biographies, birth dates, drinking habits, education levels, email addresses, gender, geographic occupations, profile photos relationship status, smoking habits and social media profiles and while this information is not directly likely to be used for purposes of identity theft and scams such as would be the case if Social Security numbers were compromised, this information is very valuable to a scammer or identity thief who can use this to create convincing spear phishing emails, text messages and phone calls that can lure the targeted victims into clicking on malware infected links, make payments or provide information that would lead to identity theft.
TIPS
Victims of this data breach should freeze their credit if they have not already done so. Freezing your credit is actually something everyone should do. It is free and easy to do. In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 14, 2024 – Fake Weight Loss Drugs
The popular weight loss Ozempic is in low supply and high demand even at a cost of almost $1,000 per month if it is not covered by insurance. As a result scammers are using social media, phishing emails and phony online pharmacy websites to sell worthless phony Ozempic or what they say is generic Ozempic to unsuspecting victims. Earlier this year the security software company McAfee recently issued a report in which they found 176,871 phishing emails and 449 phony pharmacy websites related to selling phony Ozempic just between January and April. Scammers also used fake profiles on Facebook and advertisements on legitimate websites to sell their worthless, counterfeit Ozempic. Often the scammers will try to appear to be Canadian pharmacies.
No generic form of the drug has been approved by the FDA, and what people are receiving may be either ineffectual or even harmful. The National Association of Boards of Pharmacy has a list of websites selling fraudulent and unsafe medications. Before even considering buying a prescription drug online, you should see if the site you are considering is legitimate.
In many instances, the scammers ask for payment through cryptocurrencies, gift cards Zelle and Venmo, which are indications of a scam since legitimate businesses do not demand payment in this manner although scammers do because of the anonymity of these payments and the difficulty in stopping the payments. Some scammers operating these phony websites appear to offer the option to pay by credit card, but when you try to do so an error message appears and you are compelled to pay in one of the methods preferred by the scammers.
TIP
Although it is still technically illegal to purchase prescription drugs from Canada either directly or over the internet, federal officials using enforcement discretion as provided by law generally do not get involved with prescription drug shipments for personal consumption. The first thing anyone considering ordering prescription drugs from Canada should do is make sure that they are dealing with a legitimate Canadian pharmacy that requires a prescription from an American doctor. It is easy to research this online. Any online pharmacy that promises to sell you prescription drugs without your obtaining a prescription is a scam, plain and simple.
Some security software can recognize websites of scammers and are worth getting.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 13, 2024 – The Good, the Bad and the Ugly of Artificial Intelligence
“The Good, the Bad and the Ugly” is a classic 1967 Western movie that starred a young Clint Eastwood. It also can describe the effects of Artificial Intelligence (AI) on scams due to the fact that it can be “good” and helpful in defending against scams, but it also very much can be both “bad” and “ugly” because it can be readily used by even unsophisticated scammers to make their scams more convincing.
Let’s start with the good. Ai can be used to detect unusual transaction patterns in banking and spending activities. It is also used extensively by credit card companies to flag and even block suspicious purchases. AI also can be used to recognize phishing emails and smishing text messages and block them. In regard to robocalls AI is used by services such as Nomorobo and Truecaller to block robocalls.
However, AI has also proven to be a tool for even unsophisticated scammers to perpetrate very sophisticated and convincing scams. The FBI recently issued a Public Service Announcement in which it warned about criminal use of AI to facilitate scams. https://www.ic3.gov/PSA/2024/PSA241203
Among the scams, they warn people about are scams which we have been warning you about here at Scamicide for years including scammers using AI to create believable phishing emails and text messages that correct grammar and spelling errors that often appeared in phishing emails and text messages sent by scammers in foreign countries; using AI to construct sophisticated counterfeit websites of online retailers; using voice cloning to make the family emergency or grandparent scam more believable; using AI deepfake technology to create videos of public figures to enhance scams and many, many more.
TIPS
So how do you protect yourself from AI enhanced scams. It starts with my motto, “trust me, you can trust anyone.” Certainly you should install security software on all of your electronic devices and install updates as soon as they are available. But even the best security software will be at least a month behind the latest scams exploiting “zero day defects” which are software vulnerabilities not previously discovered. Therefore remember whenever you get a phone call, text message or email asking for personal information, a payment or to click on a link you should be skeptical. B.S. Be skeptical. Never respond to any such communication until you have independently confirmed that it is legitimate. To protect yourself further from family emergency scams, create a safe word that everyone in the family knows to verify your identity in the event of an emergency.
As for phony websites, AI has made them easy to construct. The Google Safe Browsing Transparency Report is a terrific free service where you can type in the URL and learn if Google’s research indicates the website is a fake. Here is a link to it. https://transparencyreport.google.com/safe-browsing/search
Scam of the day – December 12, 2024 – Equifax Data Breach Update
I have been reporting to you about the about the avoidable Equifax data breach in which personal data of more than 147 million people was stolen and legal actions related to the data breach since 2017 when the data breach occurred. The personal information compromised in the data breach included the names, dates of birth and Social Security numbers of 147 million people putting them in serious danger of identity theft for the rest of their lives. Equifax settled the claims brought by the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB) and all but two of the states’ Attorneys General related to the data breach long ago.
Pursuant to the settlement Equifax offered those affected $125 or ten years of free credit monitoring. Now years later because there is money remaining in the Consumer Restitution Fund set up in accordance with the settlement, the court appointed administrator is offering additional payments to eligible people. These payments will be made by pre-paid electronic cards. Eligible people will receive this email this week.
“Dear XXXXXXXXXXXXX:
The Equifax Data Breach Settlement Agreement says any remaining funds in the Consumer Restitution Fund will be distributed to Settlement Class Members with valid claims.
You have a valid claim and are eligible for an additional payment. It will be sent to you by electronic pre-paid card.
You will receive an email from distribution@EquifaxBreachSettlement.com the week of December 16th, 2024 with instructions to redeem your electronic pre-paid card.
For more information about the Settlement, please visit the Settlement Website at www.EquifaxBreachSettlement.com.
This notice is from the Court-appointed Settlement Administrator (JND Legal Administration), not Equifax. Please do not contact Equifax with questions. You may contact JND by email at info@EquifaxBreachSettlement.com, by phone toll-free at 1-833-759-2982, or by mail at Equifax Data Breach Settlement, c/o JND Legal Administration, P.O. Box 91318, Seattle, WA 98111-9418.”
TIPS
In addition, to following up on your benefits pursuant to the settlement as indicated above, this is also a good time to remind you that if you haven’t frozen your credit reports at all three of the major credit reporting bureaus, you should do so at this time.
Here are the links to do so.
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
Scam of the day – December 11, 2024 – The Danger of E-Skimmers
Regular readers of Scamicide are certainly familiar with skimmers which are devices installed on ATMs as well as credit and debit card processors that steal information from credit and debit cards thereby enabling criminals to use that information to make charges on those cards. The increased use in recent years of cards with chip technology has dramatically decreased the amount of fraudulent purchases made through stolen credit and debit card information because the chip card creates a new authorization number each time the card is used thereby negating the value of skimming a credit card with a computer chip. Scanning your card rather than inserting it into a card reader has also made such purchases safer.
Chip card technology, however, offers no protection when credit and debit cards are used for online purchases. The FBI has warned about what it calls E-Skimming which occurs when criminals infect the websites of businesses and government agencies with malware that allows the criminal to steal credit card and debit card information and then use it to make charges using the victim’s credit card or debit card.
TIPS
There are many steps that businesses and government agencies should take to protect their sites from this type of crime. They should update their security software with the most recent security updates; change default login credentials on their systems; segment their network systems to limit access by criminals and educate their employees to the dangers of phishing and spear phishing emails because it is through these phishing and spear phishing emails that most malware is delivered. A good rule for us all to follow is to never click on links in emails unless you have absolutely confirmed that the email is legitimate.
What, can we as consumers do, however, to protect ourselves from becoming a victim of E-Skimming?
First and foremost, while it may be more convenient to leave your credit card on file with an online retailer you regularly use, this is not a good thing to do because it leaves you more vulnerable to having your credit card data stolen in the event of a data breach and as we all know, data breaches are and will continue to be very common.
Consumers should refrain from using their debit cards for anything other than as an ATM card. Use a credit card for all of your card purchases to achieve greater consumer protection. The holder of a credit card used for fraudulent purposes cannot be assessed more than $50 for such use and most credit card companies charge nothing. However, the potential liability of a person whose debit card has been compromised can reach his or her entire bank account tied to the card if the card owner does not report the crime promptly and even if the card owner does report the theft promptly, the debit card owner’s access to his or her own bank account is frozen while the bank investigates the crime.
Finally, you should monitor your credit card statement regularly to determine if your credit card has been compromised.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – December 10, 2024 – MOVEit Supply Chain Attack Claims 760,000 More Victims
Repeatedly since 2023 I have been telling you about cybercriminals, exploiting a vulnerability found in MOVEit file transfer software used by 620 organizations including American Airlines, TD Ameritrade, Johns Hopkins University and other users of the same software who can be assumed to also have suffered data breaches affecting an estimated 40 million people.
This supply chain attack brings back memories of the 2020 SolarWinds supply chain security breach. SolarWinds is a company that provides system management software to 30,000 companies and government agencies. Hackers exploited a vulnerability in its software that, in turn, led to data breaches at thousands of governmental and private entities.
In the last month, personal information that appears to have been stolen through the MOVEit software of 760,000 employees of Xerox, Koch, Nokia, Bank of America, Bridgewater, Morgan Stanley and JLL were made available on the Dark Web by hackers who call themselves Nam3L3ss.
As I have reminded you many times, we are only as safe and secure as the security of the companies, government agencies and websites that have our personal information. Even if you are extremely diligent in protecting your personal information, you can be in danger of identity theft and scams if your personal information falls into the hands of hackers.
Even when the leaked information does not directly lead to identity theft, the information is often used by scammers and identity thieves to create convincing socially engineered phishing emails and text messages to lure people into becoming scam or identity theft victims.
So what can you do to protect yourself from these data breaches that will be occurring?
TIPS
One important lesson is to limit the amount of personal information that you provide to companies and websites whenever possible. For example, your doctor doesn’t need your Social Security number for his or her records.
You should make sure that you have a unique password for each of your online accounts so that if one of your passwords is compromised in a data breach, all of your accounts will not be in danger. If your information is compromised in a data breach, you should immediately change the password for that account.
If you have not already done so, set up dual factor authentication for each of you accounts where it is available. This will protect you from having those accounts stolen by someone who may have access to your password.
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 9, 2024 – Job Offer Text Scam
I have been warning you about job scams for twelve years. These scams appear in many platforms including social media, emails, and even on legitimate online employment websites. In a recent version of the job scam, scammers are texting people posing as recruiters for a company with which you may be familiar offering you full or part time employment. In the text message the scammers asks for personal or financial information or to click on a link. In order to be hired, you need to provide your Social Security number which is not particularly unusual since you would have to provide it to any legitimate employer. However, being required to provide it after one initial contact is certainly unusual.
There is no job and if you provide your Social Security number or other information, it will be used to make you a victim of identity theft.
In some instances the scammers will copy outdated online job postings of legitimate companies, but include the scammers contact information. Once you contact them, the scammers request your Social Security number or in other instances request your bank account information in order to send you an advance payment, when in reality the scammers merely want to gain access to your bank account.
TIPS
Being offered a job for which you didn’t apply for is like the lottery scam where you are told that you have won a lottery that you never entered. They are scams. If you have any thought that the offer may be legitimate, merely contact the company through its real website or phone number which you can find online. Don’t click on the link in the text message or call the number provided in the text.
If you are looking for work a good place to start is with your state’s job bank. Here is a link that you can use to find the job bank for your state. https://www.careeronestop.org/jobsearch/findjobs/state-job-banks.aspx
you also may want to block text messages from the scammer from contacting you in the future. Here is a link that lets you know how to block unwanted text messages. https://consumer.ftc.gov/articles/how-recognize-and-report-spam-text-messages#what_to_do
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 8, 2024 – Dual Factor Authentication Scam
The headline of this Scam of the day may be a bit confusing because dual factor authentication is not itself a scam, but rather a tool to avoid being scammed. It is not unusual for passwords to be compromised, particularly if you use the same password for all of your accounts, which we strongly urge you not to do. Using the same password puts all of your accounts in jeopardy if a data breach at one account results in your password being stolen. Here is a link to a Scam of the day in which I describe how to choose strong, unique passwords that are easy to remember. https://scamicide.com/2021/12/29/scam-of-the-day-december-30-2021-millions-of-passwords-stolen-how-does-that-affect-you/
However, regardless of how careful you are to protect your passwords, it is inevitable that your passwords will become compromised which is why I always suggest that people use dual factor authentication which protects your accounts even if your password is stolen. In the most common form of dual factor authentication, when you go to an online account and put in your password, a text message with a one-time code is sent to your cell phone for you to provide in addition to your password to gain access to your account. This system works well, but nothing is foolproof. Never underestimate the power of a fool.
Recently scammers have been sending text messages that appear to come from a company with which you do business informing you that there has been suspicious activity on your account and that you need to confirm your identity or else your account will be locked. You are then told that in order to do so, you will receive a text message with a code that you should, in turn, text back as a reply to the scammer. Unfortunately, what is actually happening is that the scammer has already managed to obtain your password and has just tried to log in to your account which is protected by dual factor authentication, so if you do send the code to the scammer, you will have defeated dual factor authentication and enabled the scammer to access your account.
TIPS
This is an easy scam to avoid. First of all, as I have said many times, whenever you receive an email, phone call or text message, you cannot be sure as to who is really contacting you so you should never provide personal information of any kind or click on a link provided unless you have absolutely confirmed that the text message was legitimate. You can do this by contacting the real company that the text message purports to be from. However, if you receive a text message such as the one described above, you can be sure that it is a scam because no company will ever ask for your dual factor authentication code through an email or text message.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”