Scam of the Day
Scam of the day – December 29, 2024 – FTC Refunding Victims of Phantom Debt Collector
Receiving a telephone call from a debt collector is not a pleasant experience. Being hounded by someone attempting to collect a debt you do not owe is fraud. In the Scam of the day for December 19, 2021 I told you that the Federal Trade Commission (FTC) had settled its complaint against phantom debt collector National Landmark Logistics, LLC. The FTC accused National Landmark Logistics LLC with using illegal robocalls to leave deceptive messages that consumers would face imminent legal action or even arrest for unpaid debts that in many instances did not even exist. Collecting payments for debts that are not owed is often referred to as phantom debt collection. According to the FTC, National Landmark Logistics, LLC collected on debts that didn’t exist or that National Landmark knew it had no right to collect. Debt collection through robocalls is always illegal. One of the conditions of the settlement is that National Landmark Logistics will be permanently barred from the debt collection business. Now the FTC is sending refunds to victims of the scam. For more information about the refund program go to the “FTC Scam Refund” tab on the first page of the Scamicide website.
TIPS
Subject to strict federal laws, legitimate debt collectors are permitted to call debtors, however, the law prohibits them from attempting to collect a debt that the debt collector knows is bogus.
It can be difficult to know when someone calls attempting to collect a debt if indeed they are legitimate or not, so the best course of action if you receive such a call is to not discuss the debt with the person calling, but instead demand that they send you a written “validation notice” by regular mail which describes the debt they allege you owe and includes a listing of your rights under the Federal Fair Debt Collection Practices Act. Never give personal information over the phone to anyone who calls you attempting to collect a debt. You can never be sure who they are. If you receive the validation notice and it appears to be legitimate, you may be better off contacting your creditor directly because the person who called you may not be representing the creditor, but may merely have information about the debt.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”
Scam of the day – December 28, 2024 – CFPB Sues Zelle Banks for Failing to Protect Their Customers
Peer to Peer Payment Payment Service Zelle is used by many people to quickly and conveniently send money electronically from their credit card or bank account. Sending money through Zelle only requires you to enter the recipient’s phone number or email address. Zelle is an app created by the company Early Warning Services (EWS) which is owned by seven of the biggest banks in the United States including Bank of America and Capital One. Presently 2,400 banks and credit unions offer Zelle as a service.
Unfortunately, Zelle has proven to be easily exploited by scammers and unlike scams targeting your credit cards directly, you may not have as much protection under the law to get your money back if you do get scammed. In addition to scammers luring their victims to pay for worthless items through Zelle, scammers are also sending phishing emails and text messages in which they lure their victims into providing their Zelle usernames, passwords and PINs thereby enabling the scammers to take over their victims’ bank accounts through their Zelle accounts. Ironically, if your Zelle account is hacked, you are protected by law, but if you are tricked by a scammer into sending a Zelle payment, you have little protection.
Now after an intensive investigation, the Consumer Financial Protection Bureau (CFPB) has sued Bank of America, JP Morgan Chase and Wells Fargo for not providing effective safeguards to protect its Zelle users from being scammed.
Some of the critical failures which the CFPB accuses the banks of committing include:
- Limited identity verification methods that enable scammers to quickly create accounts and target Zelle users, making it easy for a scammer to link a victim’s token which is an email address or a cell phone number to the scammer’s deposit account.
- Allowing repeat offenders to easily move from bank to bank exploiting multiple accounts across the Zelle network by failing to track scammers and share information about scammers with other banks that make up the Zelle network.
- Most significantly, the CFPB alleges that the banks ignored hundreds of thousands of fraud complaints instead of either responding in a manner to help their customers or using that data to help recognize and prevent further scams.
- Ignoring their obligations under the Electronic Fund Transfer Act and Regulation E to properly investigate complaints of Zelle customers who were scammed and take appropriate action to reimburse them for their losses.
TIPS
Meanwhile if you are a Zelle user what can you do to protect yourself?
Before signing up for any Zelle you should familiarize yourself with their fraud protection rules. In the fine print you may find that you have little, if any, protection if you use the account to purchase something that ends up being a scam. Consumers should recognize that Zelle should not be used for commercial transactions, but only to transfer small amounts of money to people you know.
In order to protect your account from being hacked and being taken over by a scammer who could access your credit card or bank account, you should use a PIN or other dual factor authentication for your Zelle account.
To avoid having your Zelle account and other accounts from being taken over by scammers, never provide your username, password or PIN in response to any email, text message or phone call unless you have absolutely confirmed that the request for this information is legitimate, which it never is. You can confirm this by contacting your bank by calling them at a telephone number you know is accurate. Even if you get a call that appears to come from your bank or other company with which you do business, your Caller ID can be tricked by a technique called spoofing to make the call appear legitimate when it is not.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it states “Sign up for this blog.”
Scam of the day – December 27, 2024 – Hacking Into Your Bank Account Using Voice Cloning Technology
As we all know, passwords as a method of authentication for your accounts are not particularly secure. Passwords may be stolen or compromised in a data breach. Biometrics such as a finger print are a good tool for verification to open your phone, but what about accessing your bank account? Many banks offer voice verification whereby your voice on the phone acts as your password allowing you access to your account. Banks using this technology say that it is a safe and secure option. Banks saying this are wrong.
Due to now widely available AI voice cloning technology, it can be a simple matter for an identity thief to clone your voice from social media or anywhere else your voice appears and use it to access your bank account if you are using voice verification at your bank. The susceptibility of voice verification technology to AI voice cloning has been proven by tech researchers in numerous instances.
TIPS
It must be noted that there have not been reports of widespread hacking of bank accounts through voice cloning, but with the vulnerability of present voice verification systems at banks and elsewhere to readily available AI voice cloning technology, there will be. However, as I always urge you to do, you should use dual factor authentication whenever possible including if you are using voice verification for your bank account so that even if someone were to try to access your bank account using AI voice cloning technology, they would not be able to do so. Just as we all should be protective of personal information we post on social media that can be leveraged against us for scams and identity theft purposes, we should consider whether we wish to take the risk of posting audio.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – December 26, 2024 – Unclaimed Property Scams
A Scamicide reader recently forwarded to me an email that informed her that unclaimed money from a source not indicated was being held on her behalf and she needed to respond to the email in order to claim the money. This particular email was a total scam, however, you may receive a “legitimate” email or letter informing you that there are billions of dollars of unclaimed or abandoned money being held by the states and federal government and that some of that money is yours. For a fee, the person or company contacting you will assist you in locating that property and claiming it for you. In some instances, the letter or email may appear to come from the National Association of Unclaimed Property Administrators which is a legitimate organization, but not one that initiates communications to individuals whose funds they are holding.
The truth is that various state and federal agencies are indeed holding more than 24 billion dollars of unclaimed money that is waiting to be retrieved by the rightful owners. State laws require financial institutions, such as banks, to turn over money from inactive accounts. Among the assets held by these agencies are savings and checking accounts, stocks, uncashed dividend checks, certificates of deposit and utility security deposits. However, you don’t need the help of these companies contacting you offering their assistance in order to retrieve your unclaimed assets.
The “legitimate” companies that may contact you offering to assist you in getting back your missing money do not have any specific information as to what you are owed because of privacy regulations that prohibit them from obtaining that information.
TIP
The best place to find a helping hand to assist you in locating and getting back your abandoned property is at the end of your own arm. Go to the website of the National Association of Unclaimed Property Administrators at www.unclaimed.org where you can link on to the website for your own state’s agency that deals with abandoned property and take the steps necessary to claim your abandoned property at no cost to you. Other useful websites for locating money that you may be owed include www.irs.gov, the website for the IRS where you can find tax refund money you may be owed and www.pbgc.gov, the website of the Pension Benefits Guaranty Corporation, a federal agency that holds unclaimed pension funds. Finally, the federal government has a very convenient website with links to your state’s unclaimed property office, the Department of Labor where you can find if you are owed back wages from your employer and pensions from former employers, VA Life Insurance information, tax refunds, matured but uncashed savings bonds and more. Here is the link to that website. https://www.usa.gov/unclaimed-money?utm_campaign
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day- December 25, 2024 – Watch Out For Christmas Electronic Greeting Card Scams
Online greeting cards are a great product for anyone who tends to be a bit late in sending out holiday greeting cards by regular mail. You can even send one on Christmas day and not be late. They are easy to send and many are free. They also can be very entertaining and offer a chance to send a timely greeting even if you have forgotten an important holiday, birthday or anniversary until the last minute. However, they also are fraught with scams and dangers. Clicking on a phony online greeting card sent to you can result in your downloading a wide variety of malware including not only ransomware, but also a keystroke logging program that will steal all of the information from your computer and make you a victim of identity theft. An additional problem is that even if you have the most up to date security software on your computer or phone, it will not protect you from the latest “zero day” defect malware that exploit previously undiscovered software vulnerabilities. It generally takes security software companies at least thirty days after first becoming aware of new strains of malware to develop security software to combat those threats.
TIPS
When a legitimate e card is sent to you, the email message will state the name of the person who is sending you the card. When the message states that it is from “a friend” or a “secret admirer” you should not click on the link because if you do so, you will end up downloading any of a wide variety of dangerous malware. As an additional precaution you should also make sure that your firewall and security software are constantly kept current and up to date. Finally, if you get an online greeting card from a name that is a common name, you should contact that person before opening the card to make sure that the card is legitimate.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 24, 2024 – Google Voice Code Scam
Today’s Scam of the day was originally sent to me by a Scamicide reader who listed a small item for sale on Craigslist along with his cell phone number for people to contact him. Someone responded to his ad through a text message in which they indicated that they were interested in purchasing the item but wanted to verify that the Scamicide reader was a real person by having the Scamicide reader send a 6 digit code that the Scammers would send in a separate text message. The Scamicide reader’s Scamdar (a word I invented to describe when you are suspicious of a scam, similar to radar) was activated and he did not provide the 6 digit code which was a good thing because the person answering the advertisement was indeed a scammer.
The scam involves the Google Voice/Google Phone service which is a free phone number provided to you by Google. Calls to that number are forwarded to your cell phone. In order to set up a Google Phone number you need to provide your phone number for verification purposes. Google then texts or calls you with a 6 digit code that you must enter online to finish the process. The good news is that if you fall for the scam and send the 6 digit code to the scammer, you won’t lose any money, however, you can be sure that a scammer will be using your phone number to perpetrate scams and hide his or her tracks.
TIPS
If you do fall for the scam, you need to get your personal number back. This is a somewhat complicated process. Here is a link to help you. https://support.google.com/voice/answer/159519?hl=en#zippy=%2Cyour-linked-number-was-claimed%2Cyour-google-voice-number-was-reclaimed
A good rule to remember to avoid this problem is to never enter any 6 digit code on calls or text messages from Google unless you have initiated the process and requested that your number be used for your Google Voice Account.
Scam of the day – December 23, 2024 – Ascension Data Breach Affects More Than 5 Million People
Data breaches are all too common and according to a 2023 report by IBM, healthcare companies account for approximately 27% of all data breaches. Healthcare companies are targeted for a number of reasons including the general lack of security of many healthcare companies and the extensive personal and medical information they store including health insurance information that can be sold by criminals on the dark web for large prices enabling other people to access your health insurance. Having your health insurance policy used by an identity thief is particularly dangerous because it can result in your medical records being corrupted by the medical information of the identity thief and the difficulty in getting this information removed from your medical records. Having the medical information of an identity thief on your medical records could even result in your getting a blood transfusion of the wrong blood type.
Recently Ascension, a healthcare company that operates 140 hospital and 40 senior care facilities accross the United States disclosed that it had suffered a data breach affecting 5,599,699 of its patients and employees. The compromised information varies depending on the individual, but includes medical information, credit card information, bank account numbers, medical insurance information, Social Security numbers and other personal information which provides a treasure trove for scammers and identity thieves. Ascension is notifying victims of the data breach by mail starting this week and are offering 24 months of identity theft protection services.
Ascension was hacked through a social engineering email from a ransomware gang that lured an employee of Ascension to download malware that enabled the hacker to steal Ascension’s data.ascensio
TIPS
Victims of this data breach should freeze their credit if they have not already done so. Freezing your credit is actually something everyone should do. It is free and easy to do. In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 22, 2024 – Facebook Copyright Violation Scam
Scammers love to take over Facebook accounts because people generally trust the posts put up by their friends that appear on their Facebook page. These people forget my motto of “trust me, you can’t trust anyone” and often click on links in these posts or provide information in response to these posts which generally don’t present a problem, but when the post that you think is that of your friend is really from a scammer who has taken over your friend’s Facebook account, the link you click on may download dangerous malware and the information you provide may enable the criminal to make you a victim of identity theft.
There are many ways that cybercriminals take over Facebook accounts, but one that has been occurring recently begins when you get an email that reads “Your Facebook account has been disabled for violating the Facebook Terms. If you believe that this decision is incorrect, you may file an appeal at this link.” Sometimes the email implies that the violation is a copyright violation for a post you put up that contained copyright protected music. People clicking on the link to begin the appeal process are taken to an official looking page that asks for your name, username and password. If you provide that information, you have just turned over your Facebook account to a cybercriminal and if you use the same password for all of your online accounts, you have also put yourself in jeopardy as to every account in which you use the same password.
TIPS
The first thing to always look at when you get an email that requests information or instructs you to click on a link is the email address of the sender. If it has nothing to do with the company that is being represented as sending you the email, the email is a phishing email being sent through a botnet of computers whose email accounts have been hacked and used to send out these phishing emails.
Sometimes, however, the email address of the sender may appear to be legitimate, but even then you cannot trust it. A sophisticated cybercriminal can make the email address appear legitimate when it is not. The best course of action if you are ever asked for personal information or to click on a link is to confirm that the communication is legitimate. The best way to do that is to check with the real company that the scammer is posing as. In this case you could and should go directly to Facebook through its help center where you will learn that this and similar phishing emails are scams. https://www.facebook.com/help
You also should use dual factor authentication so that even if someone gets your username and password, they won’t be able to get control of your account. Here is a link to Facebook’s information about installing dual factor authentication. https://www.facebook.com/help/148233965247823
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 21, 2024 – Imposter Scammer Indicted
Xiao Kun Cheung was indicted in Federal Court in Georgia on charges related to a tech support scam allegedly perpetrated by Cheung and co- conspirators targeting the elderly in Georgia, Florida and Tennessee in which seniors were contacted by phone or through pop-up messages on their computers informing them that their financial accounts had been compromised and that to protect their assets they needed to withdraw large sums of money, purchase gift cards or buy gold bars to deliver to the scammers who posed as federal agents for safekeeping. Cheung, a previously deported Chinee national was arrested when he attempted to pick up approximately $132,000 in gold bars from a scam victim in Georgia.
TIPS
Primary in this scam is the scammer posing as a law enforcement or government agent who under a variety of pretenses manipulates the victim into doing as they are told. Scam victims often trust scammers posing as authority figures. The scam may also seem more believable when the initial phone call appears to come from a legitimate law enforcement agent or other governmental official because the scammer uses “spoofing’ to manipulate the victim’s Caller ID to make the call look as if it indeed is coming from a legitimate source. Imposter scams are among the most common scams.
The truth is that under no circumstances will a government agent or law enforcement officer ever tell anyone to withdraw funds from their accounts in put them into a “safe government account.”
Scammers are aware that scaring people with phony emergencies triggers the amygdala which is a part of the brain also called the lizard brain which makes us act quickly and emotionally without rationally considering the situation which is why so many people are able to be victimized by scams like this. It is for this reason that whenever you are asked to make a payment in response to some emergency, you should take your time and analyze the situation and confirm the legitimacy of the emergency.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – December 20, 2024 – Clever PayPal Invoice Scam
Today’s Scam of the day is one I first warned you about in the Scam of the day for March 3, 2023, but it is still being effectively used by scammers. I have warned you numerous times about scams in which you receive a phony invoice that appears to come from a company you do business, but if you look at the email from which it is sent, you will see that the email was sent from someone who has no relation to the company it purports to be. However, in this new scam, you get a phony invoice that not only appears to come from PayPal, but actually does come from PayPal and a link in the email to “View and Pay Invoice” that actually would take you to PayPal and an active invoice. The email has a phone number for you to call if you have a question about the invoice and if you do call the phone number, a scammer will promptly answer the phone where you will be advised to download a remote administration tool that gives the scammer access to your computer purportedly to help find the problem, but in actuality what you will have done is give the scammer access to your computer and all of the passwords to all of your accounts.
The truth is that the scammers open PayPal Business accounts which enables them to be able to send invoices from PayPal which makes them appear legitimate when they indeed are sent to you by PayPal. The customer service number that they provide in the invoice does not, however, take you to PayPal, but rather to the scammer who then asks you to give them remote access to your computer to straighten the matter out.
TIPS
Whenever you get an email or invoice such as this which appears to come from a legitimate source, don’t click on links or call the phone numbers in the invoice. Rather call the real customer service number which you can get online. It is also interesting to note that if you call the real customer service number for PayPal, you will have to go through a number of prompts before you get to speak to a real person, however, the scammers customer service number is immediately answered by a person.
This scam and many tech support scams ask you to give remote access to your computer which is something you should not do under almost all circumstances. Giving someone remote access to your computer gives them access to everything on your computer and can lead to serious identity theft.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it states “Sign up for this blog.”