Scam of the Day
Scam of the day – December 10, 2024 – MOVEit Supply Chain Attack Claims 760,000 More Victims
Repeatedly since 2023 I have been telling you about cybercriminals, exploiting a vulnerability found in MOVEit file transfer software used by 620 organizations including American Airlines, TD Ameritrade, Johns Hopkins University and other users of the same software who can be assumed to also have suffered data breaches affecting an estimated 40 million people.
This supply chain attack brings back memories of the 2020 SolarWinds supply chain security breach. SolarWinds is a company that provides system management software to 30,000 companies and government agencies. Hackers exploited a vulnerability in its software that, in turn, led to data breaches at thousands of governmental and private entities.
In the last month, personal information that appears to have been stolen through the MOVEit software of 760,000 employees of Xerox, Koch, Nokia, Bank of America, Bridgewater, Morgan Stanley and JLL were made available on the Dark Web by hackers who call themselves Nam3L3ss.
As I have reminded you many times, we are only as safe and secure as the security of the companies, government agencies and websites that have our personal information. Even if you are extremely diligent in protecting your personal information, you can be in danger of identity theft and scams if your personal information falls into the hands of hackers.
Even when the leaked information does not directly lead to identity theft, the information is often used by scammers and identity thieves to create convincing socially engineered phishing emails and text messages to lure people into becoming scam or identity theft victims.
So what can you do to protect yourself from these data breaches that will be occurring?
TIPS
One important lesson is to limit the amount of personal information that you provide to companies and websites whenever possible. For example, your doctor doesn’t need your Social Security number for his or her records.
You should make sure that you have a unique password for each of your online accounts so that if one of your passwords is compromised in a data breach, all of your accounts will not be in danger. If your information is compromised in a data breach, you should immediately change the password for that account.
If you have not already done so, set up dual factor authentication for each of you accounts where it is available. This will protect you from having those accounts stolen by someone who may have access to your password.
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 9, 2024 – Job Offer Text Scam
I have been warning you about job scams for twelve years. These scams appear in many platforms including social media, emails, and even on legitimate online employment websites. In a recent version of the job scam, scammers are texting people posing as recruiters for a company with which you may be familiar offering you full or part time employment. In the text message the scammers asks for personal or financial information or to click on a link. In order to be hired, you need to provide your Social Security number which is not particularly unusual since you would have to provide it to any legitimate employer. However, being required to provide it after one initial contact is certainly unusual.
There is no job and if you provide your Social Security number or other information, it will be used to make you a victim of identity theft.
In some instances the scammers will copy outdated online job postings of legitimate companies, but include the scammers contact information. Once you contact them, the scammers request your Social Security number or in other instances request your bank account information in order to send you an advance payment, when in reality the scammers merely want to gain access to your bank account.
TIPS
Being offered a job for which you didn’t apply for is like the lottery scam where you are told that you have won a lottery that you never entered. They are scams. If you have any thought that the offer may be legitimate, merely contact the company through its real website or phone number which you can find online. Don’t click on the link in the text message or call the number provided in the text.
If you are looking for work a good place to start is with your state’s job bank. Here is a link that you can use to find the job bank for your state. https://www.careeronestop.org/jobsearch/findjobs/state-job-banks.aspx
you also may want to block text messages from the scammer from contacting you in the future. Here is a link that lets you know how to block unwanted text messages. https://consumer.ftc.gov/articles/how-recognize-and-report-spam-text-messages#what_to_do
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 8, 2024 – Dual Factor Authentication Scam
The headline of this Scam of the day may be a bit confusing because dual factor authentication is not itself a scam, but rather a tool to avoid being scammed. It is not unusual for passwords to be compromised, particularly if you use the same password for all of your accounts, which we strongly urge you not to do. Using the same password puts all of your accounts in jeopardy if a data breach at one account results in your password being stolen. Here is a link to a Scam of the day in which I describe how to choose strong, unique passwords that are easy to remember. https://scamicide.com/2021/12/29/scam-of-the-day-december-30-2021-millions-of-passwords-stolen-how-does-that-affect-you/
However, regardless of how careful you are to protect your passwords, it is inevitable that your passwords will become compromised which is why I always suggest that people use dual factor authentication which protects your accounts even if your password is stolen. In the most common form of dual factor authentication, when you go to an online account and put in your password, a text message with a one-time code is sent to your cell phone for you to provide in addition to your password to gain access to your account. This system works well, but nothing is foolproof. Never underestimate the power of a fool.
Recently scammers have been sending text messages that appear to come from a company with which you do business informing you that there has been suspicious activity on your account and that you need to confirm your identity or else your account will be locked. You are then told that in order to do so, you will receive a text message with a code that you should, in turn, text back as a reply to the scammer. Unfortunately, what is actually happening is that the scammer has already managed to obtain your password and has just tried to log in to your account which is protected by dual factor authentication, so if you do send the code to the scammer, you will have defeated dual factor authentication and enabled the scammer to access your account.
TIPS
This is an easy scam to avoid. First of all, as I have said many times, whenever you receive an email, phone call or text message, you cannot be sure as to who is really contacting you so you should never provide personal information of any kind or click on a link provided unless you have absolutely confirmed that the text message was legitimate. You can do this by contacting the real company that the text message purports to be from. However, if you receive a text message such as the one described above, you can be sure that it is a scam because no company will ever ask for your dual factor authentication code through an email or text message.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – December 7, 2024 – CFPB Refunding 1.8 Billion Dollars to Victims of Credit Repair Scam
Credit repair scams are very common as scammers take advantage of people with debt problems and promise to fix their credit and clear their credit reports of adverse information for up front fees. I have been warning you about these scams for twelve years. In September of 2023, I first told you that the Consumer Financial Protection Bureau (CFPB) entered into a settlement with the companies operating the largest credit repair operations in the country including Lexington Law and CreditRepair.com. The CFPB alleged that these companies violated a range of violations including demanding illegal advance fees for credit repair services. According to the terms of the settlement these companies were banned from telemarketing their credit repair services and also assessed a multi-billion dollar fine.
Your credit report is one of the most important documents in your financial life. The information in your credit report as maintained by the three major credit reporting agencies, Equifax, TransUnion and Experian is used to calculate your credit score. This is used by financial institutions to evaluate your creditworthiness and can affect your ability to get a credit card, mortgage loan or a car loan. It also can affect the rate that you will be charged on such loans. In addition, your credit score is used in many states by companies in making hiring decisions and landlords consider credit scores when determining whether or not to rent an apartment or home to someone.
The CFPB announced earlier this week that it is now sending out refunds averaging $435 to 4.3 million victims of the scam. If you were a victim of the scam, you don’t have to do anything to receive your check. For more information about the refund program use this link.https://www.cfpb-lexlaw.org/
TIPS
Don’t fall prey to scammers operating phony credit repair companies and never pay an upfront fee to one of these companies. Advance fees for credit repair companies that operate for profit are banned by the Credit Repair Organizations Act.
Negative information on your credit report remains on your credit report for seven years and bankruptcies for ten years. Anyone who tells you otherwise is just trying to scam you. Many of the scam credit repair companies use illegal tactics such as applying for a federal employer ID to use as your Social Security number when applying for credit. This is illegal.
If you need real credit counseling you can go to this section of the Department of Justice’s website where it lists agencies approved to assist consumers with debt problems. https://www.justice.gov/ust/list-credit-counseling-agencies-approved-pursuant-11-usc-111 You also may consider contacting companies that are affiliated with the National Foundation for Credit Counseling at this link https://www.nfcc.org/
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – December 6, 2024 – Late Delivery Scams
The holiday shopping season is in full swing and many people are doing their shopping online which means that their packages will be delivered by the United States Postal Service, Federal Express, UPS or Amazon. With so many packages being delivered at this time of year, it is inevitable that some packages will be delayed. In this case, scammers, posing as the United States Postal Service, Federal Express and UPS and Amazon are contacting people apologizing for the delay in receiving their orders and offering a refund of their money. The emails contain a link for you to click on to process your claim for a refund, but unfortunately, if you click on the link either you will automatically download harmful malware or you will be prompted to provide information that will be used to make you a victim of identity theft.
TIPS
As always, the first thing you should look at when you get such an email is the address from which it was sent. In many instances the email address of the sender has no relation to the United States Postal Service, Federal Express, UPS or Amazon. Often the email is that of someone whose email account has been hijacked by the scammer and made a part of a botnet of zombie computers used to send out such phishing emails. However, in other instances, the email address may appear legitimate. But remember my motto, “trust me, you can’t trust anyone.” Even if the email address of the sender looks legitimate, you should never click on a link unless you have absolutely confirmed that the email is legitimate. In this case it is important to remember that none of these companies are contacting people by email or text messages offering refunds.
For information about refunds for late deliveries of UPS use this link https://www.ups.com/no/en/support/shipping-support/legal-terms-conditions/ups-service-guarantee.page
For information about refunds for late deliveries of Federal Express use this link https://www.fedex.com/en-us/service-guide/money-back-guarantee.html
For information about refunds for late deliveries of Amazon use this link https://www.amazon.com/gp/help/customer/display.html?nodeId=GZ5R2Y8QHENSLW75
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 5, 2024 – The Danger of Holiday Data Breaches
The federal government has often warned business leaders to be ready for inevitable cyberattacks during the Christmas and New Year period. Many times in recent years, major cyberattacks and data breaches occurred over the holidays when businesses, government agencies and individuals are not paying as much attention to cybersecurity as they should be. According to former National Cyber Director Chris Inglis, “Historically we have seen breaches around national holidays because criminals know that security operations centers are often short-staffed , delaying the discovery of intrusions.”
As I have reminded you many times, we are only as safe and secure as the security of the companies, government agencies and websites that have our personal information. So even if you are extremely diligent in protecting your personal information, you can be in danger of identity theft and scams if your personal information falls into the hands of hackers.
So what can you do to protect yourself from these data breaches that will be occurring?
TIPS
One important lesson is to limit the amount of personal information that you provide to companies and websites whenever possible. For example, your doctor doesn’t need your Social Security number for his or her records.
You should make sure that you have a unique password for each of your online accounts so that if one of your passwords is compromised in a data breach, all of your accounts will not be in danger. If your information is compromised in a data breach, you should immediately change the password for that account.
If you have not already done so, set up dual factor authentication for each of you accounts where it is available. This will protect you from having those accounts stolen by someone who may have access to your password.
Freezing your credit is something everyone should do. It is free and easy to do. In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.equifax.com/personal/credit-report-services/credit-freeze/ https://www.transunion.com/credit-freeze/place-credit-freeze
https://www.experian.com/freeze/center.html
Even after freezing your credit reports, you should still regularly monitor them to look for indications of identity theft which you can now do for free on a weekly basis using this link https://www.annualcreditreport.com/index.action
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 4, 2024 – Holiday Puppy Scams
Scams involving sales of non-existent puppies had already increased dramatically in the last few years. Now the holiday season is bringing even more instances of puppy scams as people attempt to buy dogs as holiday gifts. People buy dogs or other pets online and, although they think they are taking proper precautions, they often end up getting nothing in return for the money that they wire to the scammer who may have a website or some other way of marketing their non-existent pets with photographs and false information.
Often the scammers hook their victims for more and more money, such as when even after the victims has paid for the non-existent dog, the victim is asked for additional payments for a special crate to transport the dog along with additional transportation company fees.
TIPS
It is simple for a scammer to construct a website that appears to be legitimate and scammers can readily steal the name of a legitimate animal breeder. Always check into the reputation of the breeder with the Better Business Bureau, your state’s attorney general and even Google the name of the breeder with the word “scam” to see if a legitimate breeder’s name that is being used has been stolen for scams previously.
Be wary of anyone who asks you to wire money because that is a telltale sign that a scam is going on because once the money is wired, it is impossible to get it back. If you are told that a courier company is being used to transport the animal, check out the company to make sure it is legitimate and actually shipping the dog.
There also are a number of ways such as using the website http://www.tineye.com to search the photos sent to you of the dog to see if they appear elsewhere other than the website attempting to sell you a puppy. If so, this is a good indication that you are being scammed. Also, always get a veterinarian report on any animal before you consider buying it. Finally, you are always going to be better off buying a pet that you can see in person prior to buying the pet.
Some phony breeders claim they are certified by the American Kennel Club (AKC) however, the AKC doesn’t certify breeders. Legitimate breeders will however, register their litters with the AKC and you can find out by calling the AKC’s customer service line 919-233-9767 if a particular litter has been registered.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – December 3, 2024 – FTC Sending Refunds to Victims of Warrior Trading Scam
In 2022 I first told you that the Federal Trade Commission (FTC) settled its lawsuit against Warrior Trading, a company that put on “free” webinars that promised to show you “a quick and simple way to get your dream of day-trading success going.” Warrior Trading promised that you could make $100,000 or more in less than 45 days. While the initial webinar was free, people taking the webinar were lured into paying thousands for its worthless trading programs.
In 2023 as part of the settlement, Warrior Trading paid $2.9 million to the FTC which, in turn, sent refunds to victims of the scam. Now the FTC is sending a second round of refunds to victims of the scam. For more information about the refund program go to the “FTC Scam Refunds” section on the first page of Scamicide.com.
TIPS
Never rush into any investment or other opportunity being sold through a seminar until you have carefully investigated the people selling their investment or system as well as the investment or system itself. Always be a bit skeptical as to testimonials which should also be carefully investigated before being relied upon. Before investing with anyone, you should investigate the person offering to sell you the investment with the Securities and Exchange Commission’s Central Registration Depository. This will tell you if the broker is licensed and if there have been disciplinary procedures against him or her.
Remember my motto, “BS – Be skeptical.” Take with a grain of salt any testimonials and success stories touted by investment promotors. Scammers often create phony websites with glowing videos and reviews that are totally bogus.
Do a search engine search of the company’s name with the word “scam” or “complaint” and see what comes up.
It is also important to remember that you should never invest in something that you do not completely understand. This was a mistake that many of Bernie Madoff’s victims made. Day trading, in particular is a very risky investment strategy. You also may want to check out the SEC’s investor education website at www.investor.gov. Scammers can be very convincing and it may sound like there is a great opportunity for someone to make some money, but you must be careful that the person making money is not the scam artist taking yours.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type your email address on the tab that states “Sign up for this blog.”
Scam of the day -December 2, 2024 – Police and Fire Department Charity Scams
The holiday season is now in full swing. This is a time when many people give to charities. In particular, you will most likely be contacted by numerous people soliciting charitable contributions on behalf of organizations purporting to support the brave men and women who make up our police and fire departments. Unfortunately, many of those solicitations will be from scammers merely looking to steal money under false pretenses. Whenever you are solicited by email or phone, you can never be sure who is really contacting you. In addition, even if you are on the Federal Do No Call List, the law permits charities to call you, however, unfortunately you can never be sure when you receive a call that purports to be from a charity whether the call is legitimate or not. Similarly when you receive a text message or email solicitation for a charity, you have no way of knowing if the solicitation is from a scammer or a legitimate charity.
TIPS
Whenever you get an email, call or a text message, you can’t be sure as to who is really contacting you. Even if the call appears to come from your local police department, scammers can manipulate your Caller ID through a technique called “spoofing” to make it appear that the call is legitimate when it is not and email addresses used by scammers can also appear legitimate. If you think the email, call or text message may be legitimate, merely contact your local police department at a telephone number you know is legitimate to determine whether or not the email, call or text message was a scam.
Phony charities often have names that sound legitimate and it is difficult to know merely from a solicitation whether or not the charity is a fake. Other times, scammers will use the name of a legitimate charity when they solicit you by phone, email or text message and you can never be sure when you are contacted by email or text message whether or not the solicitation is legitimate. Prior to giving to any charity, I suggest you first look into whether indeed the charity is legitimate or not and the best way I know to do that is to go to http://www.charitynavigator.org where not only can you find out whether the charity is a scam, but also whether or not your donation will be tax deductible, how much of your donation goes toward the charitable purposes of a legitimate charity and how much goes toward salaries, administrative costs and fund raising. Charitynavigator.org will also give you access to the websites and phone numbers of legitimate charities you may wish to consider giving to so you can feel confident when you make a gift that it is going to the right place.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 1, 2024 – Meta Takes Down 2 Million Pig Butchering Accounts
I have been warning you about romance scams for many years. More recently I have been warning you for the last few years about the myriad of scams involving cryptocurrencies. In the last few years a new scam combining the romance scam and cryptocurrency scams surfaced about which I have also warned you since 2018.
Romance scams generally follow a familiar pattern with the scammers establishing relationships with people, generally women, online through various legitimate dating websites and social media using fake names, locations and images. The FBI has issued a warning about a new trend in romance scams in which the scammer tells his victim that he or she has inside knowledge about cryptocurrency investing and directs the victim to a phony website that purports to be a legitimate cryptocurrency trading site. Not long after “investing” in the cryptocurrencies provided, the victim soon finds that there is no investment and that she or he has lost all of the invested money. This scam originated in China in 2019 and is called sha zhu pan or pig butchering in English. The name is derived from the practice of luring in victims, “fattening them up” by convincing them to continually “invest” more money and then stealing all of the money.
The scammers initially contact their victims on dating or social media apps and pretend to develop a close relationship. After a while the scammer informs the targeted victim that he or she is making a lot of money investing in cryptocurrencies and suggests the victim download and use a cryptocurrency app used by the scammer. Generally, the victims are lured into investing more and more money by what appears to be both dramatic increases in the value of their account and their ability to withdraw some of their profits. However, once the victim has been persuaded to invest larger and larger sums of money, the scammers steal the money and the victim is left with nothing.
The Blockchain Data Platform Chainalysis issued its 2024 Crypto Crime Report in which it found that big butchering romance scams increased last year by 8500% from incidents of the crime in 2020.
You might be surprised to learn that typically the victims of this scam are highly educated people. Unfortunately, they also are targeted because they may have also recently gone through a divorce or some other personal difficulty. While the victims are people of all ages, most victims are anywhere from their mid-30s to their early fifties with the average loss per victim averaging $121.926 with one victim, according to the IRS losing two million dollars to the scammers.
Meta recently announced that it had taken down 2 million Facebook, Instagram, WhatsApp and Messenger accounts this year used for pig butchering scams with most of these accounts based in Myanmar, Laos, the UAE, the Philippines and Cambodia.
TIPS
It is important to remember that you should never invest in something that you do not completely understand. This was a mistake that many of Bernie Madoff’s victims made. Cryptocurrency scams quite often involve complicated language and investment terms that is purposefully unclear in an effort to confuse potential investors from understanding the real facts. You also may want to check out the SEC’s investor education website at www.investor.gov. Scammers can be very convincing and it may sound like there is a great opportunity for someone to make some money, but you must be careful that the person making money is not the scam artist taking yours.
Also, the apps used in the pig butchering scam may appear to be legitimate, but they are not found on official app platforms such as Google Play or the Apple App Store. Do your homework before investing in cryptocurrencies and only do business with well established cryptocurrency exchanges. Never invest merely because of the recommendation of someone you may have met online.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/