Scam of the Day
Scam of the day – November 23, 2024 – Important Apple Security Updates
It is always important to update all of the software you use with the latest security updates and patches as soon as they are available. Numerous hacks and data breaches could have been avoided if individuals as well as companies installed security updates as soon as they became available. Hackers take advantage of the fact that many of us procrastinate installing security software to our great detriment. The major data breach at Equifax in 2018 that affected 148 million people involved a security flaw in Apache software for which a patch had already been issued months earlier, but Equifax had not yet installed at the time of the data breach.
Apple has just released critical security updates for iPhones, iPads and Macs to patch two recently identified vulnerabilities.
TIPS
Here is a link to the Apple updates: https://www.cisa.gov/news-events/alerts/2024/11/20/apple-releases-security-updates-multiple-products
Apple also provides the option of you being able to install the latest security updates automatically whenever they are issued. In order to enable automatic iOS updates open the “Settings” app and tap “General.” Then tap “Software Update” and then go to “Automatic Updates.” Enable the switch next to “Download iOS Updates” which will take you to the switch for installing iOS Updates which you can then enable. Once you do this, you will see a confirmation message confirming that your device will now automatically install iOS software updates when they become available.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – November 22, 2024 – Chinese Scammers Construct 4,695 Phony Shopping Websites
We are still a few days away from the traditional Black Friday shopping day, but many people have already started their holiday shopping and scammers are already targeting these people with fake retail shopping websites designed to steal credit card information. According to cybersecurity researcher Arda Buyukkaya, a Chinese criminal gang known as Silk Specter has created 4,695 phony counterfeit retail websites that appear to offer big discounts on popular items. The sites appear to be those of popular, legitimate retailers such as North Face, IKEA, L.L. Bean and Wayfair. The counterfeit websites even use Google Translate to automatically change the language on the website depending upon the location of the targeted victim.
Victims of the scam are prompted to enter their credit or debit card number, card expiration date and CVV code as well as their phone number. All of this information can be used to access the victim’s credit or debit card and the phone number can be later used for text message scams.
TIPS
Scam of the day – November 21, 2024 – QR Codes in Phishing Emails are Particularly Dangerous
Quick Response codes or QR codes have been around since 1994, but they have become much more popular in recent years and can be commonly found on parking meters, in restaurants and in advertising. When you can a QR code with your phone, it will take you to a website. Unfortunately as the popularity of QR codes has increased with the public, its popularity has also increased with scammers who are setting up phony QR codes to lure you to their bogus website where they solicit personal information used for identity theft or persuade you to make a payment with a credit card or even in some instances, merely by scanning the phony QR code, you will download harmful malware such as ransomware or even malware that will enable the scammer to take over your email account. I have written about QR code scams called “quishing” since 2021.
The most common places where you will find phony QR codes is on parking meters where the phony QR code is put on as a sticker over the legitimate QR code, in restaurants, in phishing emails, on social media posts or on unordered packages delivered to your home. Now, however, scammers are using QR codes to scam you in a new way. The new QR code scam starts with an email that appears to come from a company with which you do business informing you that you need to update your account or your account will be closed. In order to update your account, you are instructed to scan the QR code in the email which takes you to a website that looks like the real website for the company that the scammer is posing as and asks you to input your username and password. People falling for this scam end up giving access to their account to the scammer.
What makes this QR code scam particularly dangerous is that more and more scammers are using QR codes in phishing emails rather than malware infected links or links that take you to phony websites where you are lured into providing personal information because while security software is able to recognize and screen out malicious links, it cannot recognize malicious QR codes thereby making those phishing emails likely to avoid detection by your security software.
TIPS
As I often say, “trust me, you can’t trust anyone.” If you receive such an email the first thing you should do is check the email address of the sender. If it doesn’t appear legitimate or does not appear to have a relation to the company it purports to be from, you can be confident that it is a scam. However, in many instances the email address may look legitimate even though it is not. In that case, you still shouldn’t trust the QR code, but rather should contact the company at a phone number or website that you have confirmed is legitimate to confirm that you don’t have to update your account.
This scam also points out the importance of using dual factor authentication on all of your accounts because even if someone manages to steal your username and password, they will not be able to access your account.
Finally, there are companies that have free QR code scanner apps that will not only scan the QR code, but also let you know if it is legitimate and prevent the downloading of malware from bogus QR codes.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it indicates “Sign up for this blog.”
Scam of the day – November 20, 2024 – Chase Phishing Email
Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new. They are a staple of identity thieves and scammers and with good reason because they work. Reproduced below is a copy of a new phishing email presently circulating that appears to come from Chase bank. It was forwarded to me by a Scamicide reader.
Chase is a popular target for this type of phishing email because it is one of the largest banks in the United States. Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond. As phishing emails go, this one is pretty good. It looks legitimate and the version appearing in your email comes with a legitimate appearing Chase logo. As so often is the case with these type of phishing emails, it does not contain your account number in the email nor is it personally addressed to the receiver of the email, but merely uses your email address.
Here is a copy of the Chase phishing email presently being circulated.
ABOUT THIS MESSAGE © 2024 JPMorgan Chase & Co, N.A. Member FDIC |
TIPS
There are a number of indications that this is not a legitimate email from Chase, but instead is a phishing email. Most notably, the email address from which this phishing email was sent has no relation to Chase. It is also important to note that although the email contained a legitimate appearing Chase logo, such logos are very easy to counterfeit. In addition, the grammar in the second paragraph is faulty and the link which should read “Verify Your Account” reads “Verified Your Account.”
As with all phishing emails, two things can happen if you click on the links provided. Either you will be sent to a legitimate looking, but phony website where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or cellphone and use it to make you a victim of identity theft.
If you receive an email like this and think it may possibly be legitimate, merely call the customer service number where you can confirm that it is a scam, but make sure that you dial the telephone number correctly because scammers have been known to buy phone numbers that are just a digit off of the legitimate numbers for financial companies, such as Chase to trap you if you make a mistake in dialing the real number. Alternatively you can go to http://www.chase.com to check on your account.
I have disarmed section of the phishing email where it asks you to click on “Verified Your Account.”
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – November 19, 2024 – FTC Sending Additional Refunds to Victims of Business Opportunity Scam
In November of 2022 I first told you that the Federal Trade Commission (FTC) sued DK Automation, LLC and its principals, Kevin David Hulse and David Arnett alleging they promised huge returns to trick people into buying business opportunities and training programs through which they said they would teach you how to operate fantastically profitable stores on Amazon. According to the FTC, those claims were deceptive or outright lies and most people who bought the programs never made any profit and often lost money. According to the FTC DK Automation also sold bogus cryptocurrency investment training programs for as much as $85,000 that also were worthless.
In April of 2024 I informed you that the FTC had settled its lawsuit with the defendants turning over 2.8 million dollars to the FTC which it is refunding to victims of the scam. Now the FTC is sending a second round of refunds to victims of the scam. For more information about the refund program go to the opening page of Scamicide.com to the section titled “FTC Scam Refunds.”
TIPS
The sale of business opportunities is regulated by the FTC’s Business Opportunity Rule which requires the sellers of business opportunities to provide a one-page disclosure document outlining important facts about the offering including informing you about any legal actions in which the sellers have been involved. The disclosure also has to provide you with details as to any refund policy and provide a list of references. Additionally, as is always the case with these types of scams, if they make claims about how much money you can earn through their scheme, they must provide you with an Earnings Claim Statement that indicates in detail the specifics of those claims and the opportunity to see written proof of the claims.
Before considering any kind of business opportunity, you should have a lawyer review these required disclosures and if the person offering you the business opportunity does not provide these documents, you should consider that a red flag that this is a scam. You also should investigate the people behind the offering as well as the particular type of business opportunity.
You also can do a Google or other search engine search of any company from which you are considering making a purchase in which you type in the company’s name along with the words “scam” or “complaints” and see what you come up with.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – November 18, 2024 – Massive Data Breach at Hot Topic
Fashion retailer Hot Topic has suffered a massive data breach affecting 57 million of its customers. Among the data stolen was email addresses, home addresses, phone numbers, purchases, birth dates and partial credit card data, all of which can be used by scammers for identity theft purposes. The data breach occurred on October 19th and the hacker, who uses the name “Satanic” already has posted some of the information on the Dark Web site BreachForums, one of the sites used by cybercriminals to buy and sell goods and services. As of the writing of this Scam of the day, Hot Topics has not yet confirmed the data breach nor notified its customers or governmental officials of the data breach.
TIPS
Victims of this data breach should freeze their credit if they have not already done so. Freezing your credit is actually something everyone should do. It is free and easy to do. In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – November 17, 2024 – Federal Express Phishing Scam
Shown below is a copy of an email I received that purports to be from Federal Express urging me to click on a link (which I deleted when posting today’s Scam of the day) in order to confirm my signature. Clicking on the link in the email would download malware such as keystroke logging malware that can lead to your becoming a victim of identity theft or ransomware. If you look closely at the email, you will note that even though it has the Federal Express logo and looks quite official, there are a number of tip offs that this is indeed a phishing scam. What is not shown on the email as copied below is that it is sent from an address that is not that of Federal Express. The email of the sender is that of a private individual who, most likely, had his or her email account hacked and used as a part of a botnet to send out these types of phishing emails. The email also never refers to the recipient by name. It is also has poor grammar and is illogical in that it asks you to confirm your signature for a package that has not yet been delivered. Particularly with the holidays quickly approaching you can expect to receive many of these delivery phishing scams.
Scam of the day – November 16, 2024 – FTC Takes Action Against Phantom Debt Collector
Receiving a telephone call from a debt collector is not a pleasant experience. Being hounded by someone attempting to collect a debt you do not owe constitutes fraud. In recent years the Federal Trade Commission (FTC) has taken action against a number of these Phantom debt collection agencies. These scammers use false claims and threats to compel people to pay debts which are largely either non-existent or which the scammers have no authority to collect. They also violate federal law by illegally failing to provide proper notices and disclaimers also required by federal law.
Recently the FTC sued Global Circulation Inc. and obtained a court order temporarily shutting the company down while the FTC’s case against them for phantom debt collection proceeds. The judge in the case also ordered Global Circulation to turn over their assets to a court appointed receiver.
TIPS
Subject to strict federal laws, legitimate debt collectors are permitted to call debtors, however, the law prohibits them from threatening imprisonment for the failure to pay a debt and attempting to collect a debt that the debt collector knows is bogus. The law also prohibits debt collectors from communicating information about a debt to the consumer’s employer although they can contact the employer merely to obtain contact information about the employee
It can be difficult to know when someone calls attempting to collect a debt if indeed they are legitimate or not, so the best course of action if you receive such a call is to not discuss the debt with the person calling, but instead demand that they send you a written “validation notice” by regular mail which describes the debt they allege you owe and includes a listing of your rights under the Federal Fair Debt Collection Practices Act.
Never give personal information over the phone to anyone who calls you attempting to collect a debt. You can never be sure who they are. If you receive the validation notice and it appears to be legitimate, you may be better off contacting your creditor directly because the person who called you may not be representing the creditor, but may merely have information about the debt.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – November 15, 2024 – Letters to Santa Scams
I know that it is not even Thanksgiving yet for another thirteen days, but people are already getting into the holiday mood and children are writing their letters to Santa along with their wish list. Enterprising business people have set up a number of websites and posts on social media offering personalized letters from Santa Claus that you can purchase for your children. Unfortunately, while the spirit of Santa Claus is real, many of the companies offering these letters from Santa are not and all that you end up doing is turning over your credit card number to a scammer who then uses it to make fraudulent purchases while you receive no letter from Santa Claus or even the Grinch. There are some legitimate companies offering letters from Santa for a fee, but it is important to check them out thoroughly before hiring their services. An easy first step to do that is to merely Google the name of the company with the word “scam” and see what comes up.
TIPS
If you are interested in a free letter to Santa for your child, you can use the United States Postal Service’s Letters from Santa program which you can reach using this link https://about.usps.com/holidaynews/letters-from-santa.htm The United States Postal service advises you to send in your letter to them as early as November 23rd up to as late as December 1st although earlier is always better.
All you need to do is have your child write a letter to Santa Claus. Then write your own response from Santa Claus and mail both letters along with an envelope with the return address of “Santa, North Pole” and mail it to “North Pole Postmark Postmaster, 4141 Postmark Dr., Anchorage Alaska 99530-9998 and your child will get a personalized letter from Santa with a North Pole postmark at no cost to you. The only cost is your postage.
Also, as a reminder, whenever you order anything online (or in a brick and mortar store for that matter) you should use your credit card rather than your debit card because the law provides you with much more protection from fraud if you use your credit card.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – November 14, 2024 – Text Message Scams Getting Worse
Although the name may not be as familiar as “phishing” which is the name for emails that lure you into clicking on malware infected links or providing personal information that will be used to make you a victim of identity theft, “smishing” is the name given to text messages that lure you into clicking on links or providing personal information in response to a text message from what appears to be a trusted source, such as a company with which you do business.
Smishing scams have increased in frequency over the last year. According to the Federal Trade Commission (FTC) 23% of fraud reports dealt with smishing. Many smishing text messages appearing to come from Amazon, USPS, Federal Express, Cash App, Netflix and others. Like phishing emails, the purpose of a smishing text message is to either lure you into providing personal information that will be used to make you a victim of identity theft or to click on a link in the text message that will download dangerous malware.
Making matters worse, scammers are able to use bots to send thousands of smishing text messages in a matter of seconds and while many phones have anti-spam filters to recognize repetitive text patterns used by scammers, scammers are able to use AI go created slight variations of their smishing text messages to avoid detection.
TIPS
Among the topics of smishing text messages are free prizes, gift cards or coupons, credit card offers, student loan assistance, suspicious activity on an account of yours, or a need to update your payment information with a company with which you do business. Smishing emails that appear to come from your bank are also quite common.
As I always say, “trust me, you can’t trust anyone.” You can never be truly sure when you receive a text message seeking personal information such as your credit card number whether or not the email is a scam. The risk of clicking on a link or providing the requested information is just too high. Instead, if you think that the text message might be legitimate, you should contact the company at a telephone number that you know is legitimate and find out whether or not the text message was a scam.
As for Netflix, which has been used as a hook in many recent smishing scams, the real Netflix will never ask in an email or text message for any of your personal information so anytime you get an email or text message purportedly from Netflix asking for your credit card number, Social Security number or any other personal information, it is a scam. Here is a link to Netflix’s security page for information about staying secure in regard to your Netflix account. https://help.netflix.com/en/node/13243
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it states “Sign up for this blog.”