Scam of the Day
Scam of the day – January 18, 2025 – Phony Sirius XM Invoice Scam
The phony invoice scam is a common scam popular with scammers because it is quite effective. It starts when you receive an email that purports to be from a popular company with which many of us do business that indicates that you owe them a significant payment. The scammers count on people being concerned that they are being wrongfully charged for a product they did not order. You are provided a telephone number to call if you dispute the bill. If you call the number, you will be prompted to provide personal information that will be used to make you a victim of identity theft.
The copied email below was provided by a longtime Scamicide reader attempts to lure you into clicking on a link in order to renew an expired satellite radio Sirius XM account for free which right away should be a red flag that this is a scam. As always, the purpose of a phishing email is to lure you into clicking on links contained within the email or providing personal information. If you click on links in phishing emails, you end up either downloading malware or providing information used to make you a victim of identity theft.
There are a number of red flags that indicate that this is a scam. Your name does not appear anywhere in the invoice. Also, the email was sent from an email address that has no relation to Sirius XM.
Here is a copy of the invoice being circulated.
TIPS
Once, I received a large invoice from a company with which I do business for goods I did not order, but rather than click on the link provided in the email, I went directly to the company’s website to question the invoice. When the website came up, the first thing I saw was a large announcement that the invoice was a scam and that many people had received these phony invoices. If you ever receive a phony invoice such as this and you think that it may possibly be true, don’t click on links or call phone numbers provided in the email. Rather, contact the real company directly at a phone number or website that you know is legitimate where you can confirm that the phishing invoice was a scam.
If you receive this particular phishing email and want to check on your account, here is a link you can trust with contact information for Sirius XM. https://www.siriusxm.com/contact-us
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – January 17, 2025 – Microsoft Issues Critical Security Updates
It is always important to update all of the software you use with the latest security updates and patches as soon as they are available. Numerous hacks and data breaches could have been avoided if individuals as well as companies installed security updates as soon as they became available. Hackers take advantage of the fact that many of us procrastinate installing security software to our great detriment. The major data breach at Equifax in 2018 that affected 148 million people involved a security flaw in Apache software for which a patch had already been issued months earlier, but Equifax had not yet installed at the time of the data breach.
Recently Microsoft issued security updates patching 150 vulnerabilities including three critical Zero Day Defects already being used by hackers so it is critically important to update your Microsoft programs with the latest updates.
TIPS
Here is a link to the Microsoft updates:https://www.cisa.gov/news-events/alerts/2025/01/14/microsoft-releases-january-2025-security-updates
Here is a link with information about Microsoft updates including how to have updates installed automatically https://learn.microsoft.com/en-us/troubleshoot/windows-client/installing-updates-features-roles/keep-windows-up-to-date
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – January 16, 2025 – AI Enabled Brad Pitt Romance Scam Costs Woman $850.000
Romance scams where scammers convince people that they are in love with them and once they have gained their trust and an emotional connection ask under a variety of pretenses for money has only gotten worse with AI being able to be used for scammers to appear as anyone they wish in videos or change their voice through AI voice cloning to appear legitimate. I also have written many times about scammers posing as celebrities to scam people out of their money and this type of scam too has gotten worse with AI. Now we have a scam that combines both of these scams in the case of a 53 year old French woman who sent $850,000 to a scammer posing as Brad Pitt who convinced her to send him the money telling her that he needed the money for medial care because he had developed kidney cancer and his money ws tied up in his divorce from Angelina Jolie.
The scammer initially communicated with her through Facebook Messenger and then text messages. The scammer then sent AI created deepfake videos and photos including those shown below which were shown by French television station TF1 to convince his victim to send him money. It wasn’t until the victim read about Pitt’s new relationship with Ines DeRamon that she realized she had been scammed.
Last year a scam group called the “Yahoo Boys” based in Nigeria began using artificial intelligence to change their facial features in Zoom videos to appear to be the person they are posing as in the romance scam. They also can use AI to change their voice and accent to sound legitimate and while doing a video conference with a romance scammer in the past was a good way to see if the person was actually who they claimed to be, now scammers using this technology will be very difficult to recognize as scammers.
TIPS
There are various red flags to help you identify romance scams. I describe many of them in detail in my book “The Truth About Avoiding Scams.” The most important thing to remember is to always be skeptical of anyone who falls in love with you quickly online without ever meeting you and early into the relationship who then asks you to send money to assist them with a wide range of phony emergencies.
Here are a few other things to look for to help identify an online romance scam. Often their profile picture is stolen from a modeling website on the Internet. If the picture looks too professional and the person looks too much like a model, you should be wary. You also can check on the legitimacy of photographs or video images by seeing if they have been used elsewhere by doing a reverse image search using google.images.com or websites such as tineye.com.
Recently, the dating sites Match, Tinder, Hinge and Plenty of Fish started a new public awareness program to help people recognize romance scams. One tip they give is to use the verification check on your matches to help confirm they are the person who appears in the profile photo.
As for celebrity based romance scam, it is important to recognize that celebrities aren’t reaching out online to people they have never met to start romantic relationships.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – January 15, 2025 – Unpaid Toll Scam Getting Worse
The E-Z Pass transponder system is available to drivers in nineteen states and enables the drivers to avoid stopping to pay tolls when driving on toll roads. Instead they merely drive through a special lane where their transponder is electronically read. The tolls are then charged to a credit card on file with E-Z Pass. It is a very efficient system that works well. It also works well for scammers. In 2014 I told you about scammers sending phishing emails to residents of New York, New Jersey, Massachusetts and even Canada where they system is also used. The emails appeared official looking and carried the easily counterfeited logo of E-Z Pass. The message was short and read: “Dear customer, You have not paid for driving on a toll road. This invoice is sent repeatedly, please service your debt in the shortest possible time.” The phishing email of 2014 lured people into clicking on an infected link and providing personal information that would lead to identity theft.
Times have changed, but not that much. Recently officials in, Massachusetts, Pennsylvania, Florida and California have issued warnings about the new text message scams, however, the scam is being perpetrated throughout the country. Phishing text messages are called “smishing.” Again, the text message indicates that the account is overdue and provides a link to a fraudulent page where victims of the scam provide their credit card information to the scammers.
TIPS
Never click on links or download attachments in emails or text messages regardless of how official they may appear. You can never be sure as to whether it is legitimate or not. Your best course of action is, if you have any inclination that it may be legitimate, to contact the real company or agency and inquire as to the legitimacy of the contact. The websites the scammers lure you into going to in order to pay the phony overdue tolls often look legitimate, such as myturnpiketollservices.com. You can’t trust them.
It is also important to remember that scammers can manipulate your Caller ID through a technique called spoofing to make their text message appear to come from the legitimate number of a legitimate source. Trust me, you can’t trust anyone. If you have any concerns that you may owe tolls, call your E-Z Pass provider for your state making sure you are calling the real number or go the real website.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – January 14, 2025 – Scammers Posing as Kim Kardashian in California Wildfire Charity Scam
In the Scam of the day for January 11th I told you about some of the phony charity scams being perpetrated by scammers posing as charities helping the victims of the devastating California wildfires. In a new variation of these scams, Kim Kardashian is warning her fans that emails they are receiving that appear to come from her asking them to send her money to help the victims of the California wildfires are scams. It is a simple thing for a scammer to set up an email address that appears to be that of a celebrity. For years I have told you about scammers posing as various popular celebrities in ads and on social media luring people into making payments for worthless products or sending money under some other guise to the scammer posing as the celebrity.
TIPS
Trust me, you can’t trust anyone. Always confirm any endorsement or connection between a celebrity and any product or program or request for payment. Confirm on the celebrity’s website to see if they really do endorse a particular product or program. In this case, none of Kim Kardashian’s official social media platforms mention her collecting for the victims of the fires.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – January 13, 2025 – Data Breach at PowerSchool Threatens Children With Identity Theft
PowerSchool a major education technology software company used by 16,000 educational institutions with 50 million students recently announced that it had suffered a data breach that compromised the names, addresses, Social Security numbers and medical information of students and teachers. Some reports indicate that PowerSchool paid a ransom to the hackers to prevent the publication of the stolen information, but regardless of whether this was done or not, the data breach still presents the threat of identity theft to the children and teachers whose information was stolen.
While we know that identity theft is a major problem for adults, it is also a huge problem for children. According to Michael Bruemmer the Vice President of Consumer Protection for Experian 25% of minors will have their identities stolen before they turn 18. Identity thieves steal the identity of a child and then run up large debts using the credit of the child, who generally does not become aware that his or her identity has been stolen until he or she reaches older teen years when the teenager might first apply for a car loan or financial aid for college.
TIPS
If you find out that you or your children have become a victim of identity theft, notify each of the three credit reporting agencies, Equifax, Experian and TransUnion of the crime and ask them to investigate and remove the false information from your files.
Parents also should, as much as possible, try to limit the places that have their child’s Social Security number and become familiar with the Family Educational Rights Privacy Act which helps you protect the privacy of your child’s school records and enables you to opt out of information sharing by the school with third parties. You also should freeze the credit reports of your children. Until 2018 there was no national law that allowed the credit reports of children to be frozen, but in the wake of the major Equifax data breach, Congress passed laws that now permit children’s credit reports to be frozen and unfrozen for free.
Here are the links to information about how to freeze your child’s credit reports at each of the three major credit reporting agencies.
https://www.transunion.com/credit-freeze
https://www.equifax.com/personal/education/identity-theft/freezing-your-childs-credit-report-faq
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – January 12, 2025 – Social Security COLA scam
The Social Security Administration (SSA) announces cost of living adjustments for Social Security payments in October of each year which become effective the following January. Last October a 2.5% cost-of-living adjustment (COLA) for Social Security recipients was announced which became effective this month. The Social Security Administration is reporting that people are receiving emails from scammers that appear to come from the SSA indicating that they will be receiving a $600 COLA. They tell their intended victim that in order to receive the new cost-of-living adjustment (COLA), they must confirm personal information including their name, birth date and Social Security number. The truth is that this information is not required for a person to receive a cost-of-living adjustment which is automatic and if the person does provide this personal information, the scammer will use it to make the person a victim of identity theft. This type of phishing email has always been a problem, but with the increased use of AI by scammers the phishing emails appear even more legitimate than previously.
TIPS
You do not have to confirm information or apply for any cost-of-living adjustment to your Social Security benefits. It is automatically added to a Social Security recipient’s payment. In addition, you should never give out personal information on the phone to someone you have not called unless you are absolutely sure that the call is legitimate and there is a legitimate need for that information. Scammers can manipulate your Caller ID through a technique called spoofing into making it appear that the call is from the Social Security Administration or any other entity they wish.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – January 11, 2025 – California Wildfire Charity Scams
Natural disasters such as wildfires, hurricanes and earthquakes are common occurrences. California is in the midst of devastating wildfires that is destroying the homes of thousands of people. Natural disasters, such as hurricanes, wildfires, tornadoes and earthquakes bring out the best in people who want to donate to charities to help the victims. Unfortunately natural disasters also bring out the worst in scammers who are quick to take advantage of the generosity of people by contacting them posing as charities, but instead of collecting funds to help the victims of these natural disasters, these scam artists steal the money for themselves under false pretenses.
Charities are not subject to the federal Do Not Call List so even if you are signed up for the federal Do Not Call List, legitimate charities are able to contact you by phone. The problem is that whenever you get a phone call, you can never be sure as to who is really calling you so you may be contacted either by a fake charity or a scammer posing as a legitimate charity. Using a technique called spoofing, the scammers can manipulate your Caller ID to make it appear that the call is coming from a legitimate charity when it is not. Similarly, when you are solicited for a charitable contribution by email, social media or text message you cannot be sure as to whether the person contacting you is legitimate or not.
Through the use of AI, scammers are contacting people through social media with pleas for charitable donations. Often these social media posts will contain AI enhanced photos and videos and you can never be sure if the posts are legitimate.
TIPS
Never provide credit card information over the phone to anyone whom you have not called or in response to an email or text message. Before you give to any charity, you may wish to check out the charity with http://www.charitynavigator.org where you can learn whether or not the charity itself is a scam. You can also see how much of the money that the legitimate charity collects actually goes toward its charitable purposes and how much it uses for fund raising and administrative costs.
Here is a link to charitynavigator’s picks for the best charities for donations to help the victims of the California wildfires. https://www.charitynavigator.org/discover-charities/where-to-give/palisades-fire-2025/
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email where it states “Sign up for this blog.”
Scam of the day – January 10, 2025 – Green Bay Packers Online Store Hacked
Regular readers of Scamicide are certainly familiar with skimmers which are devices installed on ATMs as well as credit and debit card processors that steal information from credit and debit cards thereby enabling criminals to use that information to make charges on those cards. The increased use in recent years of cards with chip technology has dramatically decreased the amount of fraudulent purchases made through stolen credit and debit card information because the chip card creates a new authorization number each time the card is used thereby negating the value of skimming a credit card with a computer chip. Scanning your card rather than inserting it into a card reader has also made such purchases safer.
Chip card technology, however, offers no protection when credit and debit cards are used for online purchases. The FBI has warned about what it calls E-Skimming which occurs when criminals infect the websites of businesses and government agencies with malware that allows the criminal to steal credit card and debit card information and then use it to make charges using the victim’s credit card or debit card.
On January 6th, six days before the Green Bay Packers face the Philadelphia Eagles in the opening round of the NFL playoffs, the Packers disclosed that their online store was hacked and an e-skimmer inserted into the site back in October stealing personal information including names, addresses, email addresses and credit card informaion of 8.514 Packer fans.
TIPS
There are many steps that businesses and government agencies should take to protect their sites from this type of crime. They should update their security software with the most recent security updates; change default login credentials on their systems; segment their network systems to limit access by criminals and educate their employees to the dangers of phishing and spear phishing emails because it is through these phishing and spear phishing emails that most malware is delivered. A good rule for us all to follow is to never click on links in emails unless you have absolutely confirmed that the email is legitimate.
What, can we as consumers do, however, to protect ourselves from becoming a victim of E-Skimming?
First and foremost, while it may be more convenient to leave your credit card on file with an online retailer you regularly use, this is not a good thing to do because it leaves you more vulnerable to having your credit card data stolen in the event of a data breach and as we all know, data breaches are and will continue to be very common.
Consumers should refrain from using their debit cards for anything other than as an ATM card. Use a credit card for all of your card purchases to achieve greater consumer protection. The holder of a credit card used for fraudulent purposes cannot be assessed more than $50 for such use and most credit card companies charge nothing. However, the potential liability of a person whose debit card has been compromised can reach his or her entire bank account tied to the card if the card owner does not report the crime promptly and even if the card owner does report the theft promptly, the debit card owner’s access to his or her own bank account is frozen while the bank investigates the crime.
Finally, you should monitor your credit card statement regularly to determine if your credit card has been compromised.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – January 9, 2025 – T- Mobile Sued by State of Washington Over 2021 Data Breach
In the summer of 2021 I reported to you about a data breach at T-Mobile in which personal information of 54.6 million customers, former customers and prospective customers was stolen. The compromised information included names, phone numbers, Social Security numbers and addresses. This type of information poses a tremendous threat to victims of the data breach, which is the sixth for T-Mobile in the last four years. Social Security numbers in particular can be used by identity thieves to apply for credit cards and loans in your name. In addition, the phone numbers and the fact that the victims of the data breach are known to be T-Mobile customers can be expected to be used by scammers to create phony phishing text messages, called smishing, posing as T-Mobile and luring the targeted victim into clicking on a link in the text message that can download destructive malware.
In the Scam of the day for July 29, 2022 I informed you that T-Mobile had settled a class action brought against it by victims of the data breach. According to the terms of the settlement, the company paid $350 million dollars to settle the claims of the victims and spend an additional $150 million dollars to improve its cybersecurity. Typical in such settlements, T-Mobile did not admit any negligence or wrong doing, however, anytime a company pays a half a billion dollars to resolve a claim, it can be pretty much understood that it is an admission of liability even if not said so in so many words.
Now the State of Washington has just sued T-Mobile alleging according to Washington Attorney General Bob Ferguson that T- Mobile “knew for years about certain cybersecurity vulnerabilites and did not do enough to address them.” Washington is suing under Washington’s counsumer protection laws and in addition to seeking money is also seeking an order from the court for T-Mobile to improve its cybersecurity.
TIPS
What should you do if you are a T-Mobile customer who may be affected by this data breach? Perhaps the first thing you should do is something you should have already done, but as the Chinese proverb says, “the best time to plant a tree is twenty years ago, the second best time is now.” Freeze your credit at each of the three major credit reporting bureaus.
https://www.transunion.com/credit-freeze/place-credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, you can sign up using this link. https://scamicide.com/scam-of-the-day/