Scam of the Day
Scam of the day – December 19, 2024 – How to Keep Your Cryptocurrency Wallet Safe
I have been writing about cryptocurrency scams for years. There a variety of scams that attempt to steal your cryptocurrencies from you. One of the most important decisions anyone should make when deciding whether to invest in cryptocurrencies is what kind of a wallet they will hold their investment in. Many cryptocurrency scams involve people being tricked into turning over access to their cryptocurrency wallets and losing all of their funds.
Your digital wallet is where the key that allows you to access your cryptocurrency account is found. If your key falls into the hands of a hacker, you can easily lose all of your cryptocurrency account so it is of paramount importance to secure your digital wallet. Digital wallets can either be hot wallets or cold wallets. Hot wallets are connected to the Internet which makes them more susceptible to being hacked which is why a cold wallet which is not connected to the Internet, but rather is is kept in a portable hard drive is your best bet.
TIPS
When doing cryptocurrency transactions online, use a Virtual Private Network (VPN) to provide encryption for your communications which will make the transactions more secure and refrain from using public WIFI for cryptocurrency transactions. Use a strong, complex password for your account and consider using a password manager or store your password on a portable hard drive that you keep in a secure spot.
Use dual factor authentication for your account for additional security, however, it is important to note that many cryptocurrency thefts have occurred when hackers were able to defeat dual factor authentication through SIM swapping whereby they contact the cell phone service provider of their victim, answer a security question and manage to get the cell phone service provider to switch the phone number of the victim to a phone controlled by the criminal thus defeating the dual factor authentication.
The best thing you can do to protect your SIM card from being swapped is to set up a PIN or password to be used for access to your mobile service provider account. This will help prevent a criminal from calling your carrier posing as you and convincing your mobile carrier to swap your SIM card to the criminal’s phone merely by providing personal identifying information or answering a security question.
Finally, I strongly urge anyone considering investing in cryptocurrencies as well as any investment to research the investment thoroughly before investing. No one should ever invest in anything they do not fully understand.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 18, 2024 – California Man Loses $38,000 Through SIM Swapping
Recently, Justin Chan of California had $38,000 stolen from his bank account which he thought he had protected through dual factor authentication. A Subscriber Identity Module, more commonly known as a SIM card, is an integrated circuit that stores information used to authenticate subscribers on mobile devices, such as a cell phone. The SIM card is able to be transferred between different devices, and often is, when people update into a newer cell phone. SIM Swapping is the name for the crime where someone convinces your phone carrier to transfer your SIM card to a phone controlled by the criminal.
Identity thieves with access to their victims’ SIM cards are increasingly becoming able to intercept security codes sent by text messages for online banking as part of dual factor authentication and thereby providing the identity thief with the opportunity to empty their victims’ bank accounts and cause other financial havoc.
The best thing you can do to protect your SIM card from SIM swapping is to set up a PIN or password to be used for access to your mobile service provider account. This will help prevent a criminal from calling your carrier posing as you and convincing your mobile carrier to swap your SIM card to the criminal’s phone merely by providing personal identifying information or answering a security question.
TIPS
I have written in the past about how to avoid SIM swaps by setting up a passcode or PIN on your mobile service carrier account to avoid a scammer being able to access the account merely by answering a security question.
AT&T will allow you to set up a passcode for your account that is different from the password that you use to log into your account online. Without this passcode, AT&T will not swap your SIM card. Here is a link with instructions as to how to set up the passcode. https://www.att.com/esupport/article.html#!/wireless/KM1051397?gsi=9bi24i
Verizon enables customers to set up a PIN or password to be used for purposes of authentication when they contact a call center. Here is a link with information and instructions for setting up a PIN with Verizon. https://www.verizonwireless.com/support/account-pin-faqs/
T-Mobile will allow you to set up a passcode that is different from the one you use to access your account online. This new passcode is used when changes to your account are attempted to be made such as swapping a SIM card. This code will not only protect you from criminals attempting to call T-Mobile and swap your SIM card, but will also prevent someone with a fake ID from making changes to your account at a T-Mobile store. Here is a link to information and instructions for adding a new passcode to your account. https://www.t-mobile.com/customers/secure
Sprint customers can establish a PIN that must be provided when doing a SIM swap, in addition to merely answering a security question, the answer to which may be able to be learned by a clever identity thief. Here is a link to information about adding a PIN to your Sprint account. https://www.sprint.com/en/support/solutions/account-and-billing/update-your-pin-and-security-questions-on-sprint-com.html
And if you are particularly paranoid, like me, you can arrange with your cell phone service carrier that your SIM card cannot be switched except in person by you.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – December 17, 2024 – Critical Adobe Updates
It is always important to update all of the software you use with the latest security updates and patches as soon as they are available. Numerous hacks and data breaches could have been avoided if individuals as well as companies installed security updates as soon as they became available. Hackers take advantage of the fact that many of us procrastinate installing security software to our great detriment. The major data breach at Equifax in 2018 that affected 148 million people involved a security flaw in Apache software for which a patch had already been issued months earlier, but Equifax had not yet installed at the time of the data breach.
Adobe has just issued critical updates to a wide variety of their software. Failure to promptly update your software leaves you vulnerable to cyberattacks. Here is a link to those updates. https://www.cisa.gov/news-events/alerts/2024/12/10/adobe-releases-security-updates-multiple-products
TIPS
Adobe also provides the option of you being able to install the latest security updates automatically whenever they are issued. Here is a link to instructions as to how to set up automatic updates, which I strongly recommend. https://justcreative.com/how-to-update-adobe/
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 16, 2024 – Publishers Clearing House Lottery Scams Increasing
In the last few years there has been an increase in reports of scammers calling people on the telephone and telling them that they have won one of the Publishers Clearing House lotteries, but that they have to pay fees or taxes before being able to claim their prize. In addition there are reports of targeted victims receiving phony notifications by regular mail that they have won a Publishers Clearing House lottery, but that again they must pay fees or taxes before being able to receive their prize.
It is hard to win any lottery. It is impossible to win one that you have not even entered and yet scam artists have found that it is extremely lucrative to scam people by convincing them that they have won various lotteries. With so many people entered into the Publishers Clearing House lotteries, it is easier for scammers to convince people that they have won.
Most lottery scams involve the victim being told that they need to pay taxes or administrative fees directly to the lottery sponsor; however no legitimate lottery requires you to do so.
As with many effective scams, the pitch of the scammer may seem legitimate. Income taxes are due on lottery winnings, but with legitimate lotteries they are either deducted from the lottery winnings before you receive your prize or you are responsible for paying the taxes directly to the IRS. No legitimate lottery collects taxes on behalf of the IRS from lottery winners. Other times, the scammer tell the “winners” that in order to collect their prizes, they need to pay administrative fees. Often, the victims are told to send the fees back to the scammer by gift cards. Gift cards are a favorite of scammers because they are the equivalent of sending cash. They are impossible to stop or trace. Again, no legitimate lottery requires you to pay administrative fees in order to claim your prize.
TIPS
Fortunately, there is an easy way to know, when you are contacted by Publishers Clearing House by phone, email or text message informing you that you have won one of its major multi-million dollar prizes, whether you have been contacted by the real Publishers Clearing House. Publishers Clearing House only contacts major prize winners in person or by regular mail. They do not contact winners by phone, email or text message so if you do receive a notification of your winning one of their major multi-million dollar prizes by those means of communication you know it is a scam.
Even if the Caller ID on your phone indicates the call is from Publishers Clearing House, it is very easy for a scammer to use a technique called “spoofing” to make it appear that the call is coming from Publishers Clearing House rather than the scammer who is really making the call. Trust me, you can’t trust anyone.
In addition, no winners of the Publishers Clearinghouse sweepstakes are ever required to make a payment of any kind to claim their prize so if you are told that you have won, but are required to make any kind of payment before you can claim your prize, you can be sure that it is a scam. As for other lotteries, remember, you can’t win a lottery you haven’t entered and no legitimate lottery asks you to pay them administrative fees or taxes.
Also, as I often tell you, it is always a red flag that you are involved with a scam when you are asked to pay for anything with gift cards. Gift cards are a favorite method of payment for scammers because they are easy to convert into cash and impossible to trace.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 15, 2024 – Senior Dating App Data Breach Affects 700,000 People
The 40+ dating website Senior Dating has shut down after recently suffering a data breach on November 23rd. The compromised and stolen personal information of 765,517 of the apps users included biographies, birth dates, drinking habits, education levels, email addresses, gender, geographic occupations, profile photos relationship status, smoking habits and social media profiles and while this information is not directly likely to be used for purposes of identity theft and scams such as would be the case if Social Security numbers were compromised, this information is very valuable to a scammer or identity thief who can use this to create convincing spear phishing emails, text messages and phone calls that can lure the targeted victims into clicking on malware infected links, make payments or provide information that would lead to identity theft.
TIPS
Victims of this data breach should freeze their credit if they have not already done so. Freezing your credit is actually something everyone should do. It is free and easy to do. In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 14, 2024 – Fake Weight Loss Drugs
The popular weight loss Ozempic is in low supply and high demand even at a cost of almost $1,000 per month if it is not covered by insurance. As a result scammers are using social media, phishing emails and phony online pharmacy websites to sell worthless phony Ozempic or what they say is generic Ozempic to unsuspecting victims. Earlier this year the security software company McAfee recently issued a report in which they found 176,871 phishing emails and 449 phony pharmacy websites related to selling phony Ozempic just between January and April. Scammers also used fake profiles on Facebook and advertisements on legitimate websites to sell their worthless, counterfeit Ozempic. Often the scammers will try to appear to be Canadian pharmacies.
No generic form of the drug has been approved by the FDA, and what people are receiving may be either ineffectual or even harmful. The National Association of Boards of Pharmacy has a list of websites selling fraudulent and unsafe medications. Before even considering buying a prescription drug online, you should see if the site you are considering is legitimate.
In many instances, the scammers ask for payment through cryptocurrencies, gift cards Zelle and Venmo, which are indications of a scam since legitimate businesses do not demand payment in this manner although scammers do because of the anonymity of these payments and the difficulty in stopping the payments. Some scammers operating these phony websites appear to offer the option to pay by credit card, but when you try to do so an error message appears and you are compelled to pay in one of the methods preferred by the scammers.
TIP
Although it is still technically illegal to purchase prescription drugs from Canada either directly or over the internet, federal officials using enforcement discretion as provided by law generally do not get involved with prescription drug shipments for personal consumption. The first thing anyone considering ordering prescription drugs from Canada should do is make sure that they are dealing with a legitimate Canadian pharmacy that requires a prescription from an American doctor. It is easy to research this online. Any online pharmacy that promises to sell you prescription drugs without your obtaining a prescription is a scam, plain and simple.
Some security software can recognize websites of scammers and are worth getting.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – December 13, 2024 – The Good, the Bad and the Ugly of Artificial Intelligence
“The Good, the Bad and the Ugly” is a classic 1967 Western movie that starred a young Clint Eastwood. It also can describe the effects of Artificial Intelligence (AI) on scams due to the fact that it can be “good” and helpful in defending against scams, but it also very much can be both “bad” and “ugly” because it can be readily used by even unsophisticated scammers to make their scams more convincing.
Let’s start with the good. Ai can be used to detect unusual transaction patterns in banking and spending activities. It is also used extensively by credit card companies to flag and even block suspicious purchases. AI also can be used to recognize phishing emails and smishing text messages and block them. In regard to robocalls AI is used by services such as Nomorobo and Truecaller to block robocalls.
However, AI has also proven to be a tool for even unsophisticated scammers to perpetrate very sophisticated and convincing scams. The FBI recently issued a Public Service Announcement in which it warned about criminal use of AI to facilitate scams. https://www.ic3.gov/PSA/2024/PSA241203
Among the scams, they warn people about are scams which we have been warning you about here at Scamicide for years including scammers using AI to create believable phishing emails and text messages that correct grammar and spelling errors that often appeared in phishing emails and text messages sent by scammers in foreign countries; using AI to construct sophisticated counterfeit websites of online retailers; using voice cloning to make the family emergency or grandparent scam more believable; using AI deepfake technology to create videos of public figures to enhance scams and many, many more.
TIPS
So how do you protect yourself from AI enhanced scams. It starts with my motto, “trust me, you can trust anyone.” Certainly you should install security software on all of your electronic devices and install updates as soon as they are available. But even the best security software will be at least a month behind the latest scams exploiting “zero day defects” which are software vulnerabilities not previously discovered. Therefore remember whenever you get a phone call, text message or email asking for personal information, a payment or to click on a link you should be skeptical. B.S. Be skeptical. Never respond to any such communication until you have independently confirmed that it is legitimate. To protect yourself further from family emergency scams, create a safe word that everyone in the family knows to verify your identity in the event of an emergency.
As for phony websites, AI has made them easy to construct. The Google Safe Browsing Transparency Report is a terrific free service where you can type in the URL and learn if Google’s research indicates the website is a fake. Here is a link to it. https://transparencyreport.google.com/safe-browsing/search
Scam of the day – December 12, 2024 – Equifax Data Breach Update
I have been reporting to you about the about the avoidable Equifax data breach in which personal data of more than 147 million people was stolen and legal actions related to the data breach since 2017 when the data breach occurred. The personal information compromised in the data breach included the names, dates of birth and Social Security numbers of 147 million people putting them in serious danger of identity theft for the rest of their lives. Equifax settled the claims brought by the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB) and all but two of the states’ Attorneys General related to the data breach long ago.
Pursuant to the settlement Equifax offered those affected $125 or ten years of free credit monitoring. Now years later because there is money remaining in the Consumer Restitution Fund set up in accordance with the settlement, the court appointed administrator is offering additional payments to eligible people. These payments will be made by pre-paid electronic cards. Eligible people will receive this email this week.
“Dear XXXXXXXXXXXXX:
The Equifax Data Breach Settlement Agreement says any remaining funds in the Consumer Restitution Fund will be distributed to Settlement Class Members with valid claims.
You have a valid claim and are eligible for an additional payment. It will be sent to you by electronic pre-paid card.
You will receive an email from distribution@EquifaxBreachSettlement.com the week of December 16th, 2024 with instructions to redeem your electronic pre-paid card.
For more information about the Settlement, please visit the Settlement Website at www.EquifaxBreachSettlement.com.
This notice is from the Court-appointed Settlement Administrator (JND Legal Administration), not Equifax. Please do not contact Equifax with questions. You may contact JND by email at info@EquifaxBreachSettlement.com, by phone toll-free at 1-833-759-2982, or by mail at Equifax Data Breach Settlement, c/o JND Legal Administration, P.O. Box 91318, Seattle, WA 98111-9418.”
TIPS
In addition, to following up on your benefits pursuant to the settlement as indicated above, this is also a good time to remind you that if you haven’t frozen your credit reports at all three of the major credit reporting bureaus, you should do so at this time.
Here are the links to do so.
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
Scam of the day – December 11, 2024 – The Danger of E-Skimmers
Regular readers of Scamicide are certainly familiar with skimmers which are devices installed on ATMs as well as credit and debit card processors that steal information from credit and debit cards thereby enabling criminals to use that information to make charges on those cards. The increased use in recent years of cards with chip technology has dramatically decreased the amount of fraudulent purchases made through stolen credit and debit card information because the chip card creates a new authorization number each time the card is used thereby negating the value of skimming a credit card with a computer chip. Scanning your card rather than inserting it into a card reader has also made such purchases safer.
Chip card technology, however, offers no protection when credit and debit cards are used for online purchases. The FBI has warned about what it calls E-Skimming which occurs when criminals infect the websites of businesses and government agencies with malware that allows the criminal to steal credit card and debit card information and then use it to make charges using the victim’s credit card or debit card.
TIPS
There are many steps that businesses and government agencies should take to protect their sites from this type of crime. They should update their security software with the most recent security updates; change default login credentials on their systems; segment their network systems to limit access by criminals and educate their employees to the dangers of phishing and spear phishing emails because it is through these phishing and spear phishing emails that most malware is delivered. A good rule for us all to follow is to never click on links in emails unless you have absolutely confirmed that the email is legitimate.
What, can we as consumers do, however, to protect ourselves from becoming a victim of E-Skimming?
First and foremost, while it may be more convenient to leave your credit card on file with an online retailer you regularly use, this is not a good thing to do because it leaves you more vulnerable to having your credit card data stolen in the event of a data breach and as we all know, data breaches are and will continue to be very common.
Consumers should refrain from using their debit cards for anything other than as an ATM card. Use a credit card for all of your card purchases to achieve greater consumer protection. The holder of a credit card used for fraudulent purposes cannot be assessed more than $50 for such use and most credit card companies charge nothing. However, the potential liability of a person whose debit card has been compromised can reach his or her entire bank account tied to the card if the card owner does not report the crime promptly and even if the card owner does report the theft promptly, the debit card owner’s access to his or her own bank account is frozen while the bank investigates the crime.
Finally, you should monitor your credit card statement regularly to determine if your credit card has been compromised.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – December 10, 2024 – MOVEit Supply Chain Attack Claims 760,000 More Victims
Repeatedly since 2023 I have been telling you about cybercriminals, exploiting a vulnerability found in MOVEit file transfer software used by 620 organizations including American Airlines, TD Ameritrade, Johns Hopkins University and other users of the same software who can be assumed to also have suffered data breaches affecting an estimated 40 million people.
This supply chain attack brings back memories of the 2020 SolarWinds supply chain security breach. SolarWinds is a company that provides system management software to 30,000 companies and government agencies. Hackers exploited a vulnerability in its software that, in turn, led to data breaches at thousands of governmental and private entities.
In the last month, personal information that appears to have been stolen through the MOVEit software of 760,000 employees of Xerox, Koch, Nokia, Bank of America, Bridgewater, Morgan Stanley and JLL were made available on the Dark Web by hackers who call themselves Nam3L3ss.
As I have reminded you many times, we are only as safe and secure as the security of the companies, government agencies and websites that have our personal information. Even if you are extremely diligent in protecting your personal information, you can be in danger of identity theft and scams if your personal information falls into the hands of hackers.
Even when the leaked information does not directly lead to identity theft, the information is often used by scammers and identity thieves to create convincing socially engineered phishing emails and text messages to lure people into becoming scam or identity theft victims.
So what can you do to protect yourself from these data breaches that will be occurring?
TIPS
One important lesson is to limit the amount of personal information that you provide to companies and websites whenever possible. For example, your doctor doesn’t need your Social Security number for his or her records.
You should make sure that you have a unique password for each of your online accounts so that if one of your passwords is compromised in a data breach, all of your accounts will not be in danger. If your information is compromised in a data breach, you should immediately change the password for that account.
If you have not already done so, set up dual factor authentication for each of you accounts where it is available. This will protect you from having those accounts stolen by someone who may have access to your password.
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/