Scam of the Day
Scam of the day – October 18, 2024 – Frightening Development in Imposter Scams
Imposter scams have long been among the most lucrative for scammers. While there are many variations of this scam, the most common variations have involved scammers calling, texting or emailing their victims posing as a popular company with which we all do business or posing as some governmental agency such as the FBI, IRS or the Social Security Administration. The scammer then, under a wide variety of pretenses, demands an immediate payment by gift cards, credit card or wired funds. Being asked to pay by gift cards is a definite indication that the call is a scam since no company or governmental agency requests or accepts payments by gift cards.
Recently many of the imposter scams involve the scammer posing as an FBI agent contacting the targeted victim and telling them that their identity had been used in perpetrating a crime, such as drug arrests in Texas or a cyberattack on the FBI’s office in Sacramento, California which are two of the supposed crimes used by scammers in recent scams. The phony FBI agent then tells the targeted victim that his or her assets will shortly be frozen and that they should liquidate their assets and send them to the phony FBI agent for safekeeping.
Now in a frightening new development in this scam, the scammers are sending accomplices to the homes of their targeted victims to actually pick up the money in person. Recently in Oregon, the FBI arrested Ramaraj Ganesan who they say was attempting to pick up funds from a targeted victim who had recognized the scam and alerted authorities. In his car when he was arrested were gold bars worth $85,000 obtained from a similar scam victim. According to court filings, Ganesan admitted doing similar pickups in South Carolina, Florida, Utah and Washington. Millions are lost to these scams each year and many of the scams are done by cybercriminal groups outside of the United States who use people like Ganesan as “money mules” to pick up the funds directly from their victims.
TIPS
As I have often reminded you, whenever you are contacted by phone call, email or a text message you can never be sure who is actually contacting you. B.S. Be skeptical. Through the simple technique of “spoofing” it is very easy for a scammer to manipulate your Caller ID to make a call coming to you appear legitimate when it is not. Therefore you can never truly trust your Caller ID. Trust me, you can’t trust anyone. Email addresses can also be made to appear legitimate as can text messages when they are actually coming from a scammer.
Never click on a link, download an attachment, provide personal information or make a payment in response to an email, text message or phone call unless you have absolutely confirmed that the communication is legitimate.
Finally and most importantly, no law enforcement agency will ever tell you to liquidate your assets and turn them over to the law enforcement agent for safekeeping. That is always a scam.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – October 17, 2024 – FTC Settles Action Against Marriott Over Multiple Data Breaches
I have often written that our personal information is only as safe and secure as the companies with the worst security measures that hold that information. While there have been a number of class actions by disgruntled consumers whose information was compromised in preventable data breaches, the federal government has not often taken action against such companies. However, I am happy to report that recently the Federal Trade Commission (FTC) settled a legal action it had brought against Marriott International. Marriott also agreed to pay a 52 million dollar penalty to 49 states and the District of Columbia to settle similar data security allegations.
According to Samuel Levine, the director of the FTC’s Bureau of Consumer Protection, “Marriott’s poor security practices led to multiple breaches affecting hundreds of millions of customers.”
TIPS
As a result of the settlement Marriott customers can ask for review of their Bonvoy account for unauthorized or suspicious activity and for the restoration of loyalty points lost through unauthorized access to the account. Marriott is also required to implement a policy to retain personal information for only as long as reasonably necessary to fulfill the purpose for which it was collected. This is something all companies should do. Also, the settlement allow customers to request deletion of personal information associated with an email address and/or a loyalty rewards number. Marriott is also now required to put in place a comprehensive information security program including dual factor authentication, encryption and other safeguards. Again this is something all companies should be required to do.
If you are not a subscriber to Scamicide.com and would like to free receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”
Scam of the day – October 16, 2024 – Mystery Shopper Scams
I have written many times over the last twelve years about the mystery shopper scam because it continues to ensnare unwary victims. These scams continue to be effective and are increasing in number so it is important to remind you about them again. Mystery shoppers are people hired to shop at a particular store and report on the shopping experience for purposes of quality control. Unlike many scams, there actually are legitimate mystery shopper companies, but they never advertise or recruit through emails, text messages or letters.
The manner in which the scam generally works is that when you answer an advertisement, or respond to a letter, email or a text message to become a mystery shopper, you are sent a bank check. You deposit the check into your own account and spend some of the money on the goods that you purchase which you are allowed to keep and also are directed to keep some of the balance of the check as payment for your services. You are instructed to return the remaining funds by a wire transfer.
In a Walmart themed mystery shopper scam, the targeted victim was sent a legitimate appearing, but counterfeit check for $2,940 and told to keep $540 as payment and then go to the nearest Walmart and use the remainder of the check to buy six $400 Kroger gift cards and provide the numbers to the scammer. The scam victim was then told to keep the gift cards for their next assignment although there never is another assignment and the scammers use the numbers on the Kroger gift cards to make purchases, making the actual cards worthless. The victim of the scam loses the $2,400 used to purchase the gift cards from the victim’s own bank account when the check bounces.
TIPS
One reason why this scam fools so many people is that there really are mystery shopping jobs although the actual number is quite few and the companies that do mystery shopping do not go looking for you. A firm indication that you are involved with a scam is when you receive a check for more than what is owed you and you are asked to wire the difference back to the sender. This is the basis of many scams. Whenever you receive a check, wait for your bank to tell you that the check has fully cleared before you consider the funds as actually being in your account. Don’t rely on provisional credit which is given after a few days, but which will be rescinded once a check bounces and never accept a check for more than what is owed with the intention to send back the rest. That is always a scam. Also be wary whenever you are asked to wire funds or send gift cards because this is a common theme in many scams because it is difficult to trace and impossible to stop. Legitimate companies do not use gift cards as payments.
For more information about legitimate mystery shoppers, you can go to the website of the Mystery Shopping Professional Association https://www.mspa-americas.org/scam-alerts/
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”
Scam of the day – October 15, 2024 – Bitcoin ATM Scams Surging
A recent report from the Federal Trade Commission (FTC) indicates a 1,000 % increase in money lost to scammers through Bitcoin ATMs in the last three years with consumers reporting losses of more than 110 million dollars in 2023. Bitcoin ATMs look just like traditional ATMs, but instead of distributing cash, they take cash in exchange for cryptocurrency.
Most of the scams using Bitcoin ATMs involve imposter scams where the scammer poses as either a law enforcement officer, government official or someone providing tech support for a non-existent problem. What all of these imposter scams have in common is that they scare the targeted victim with a story about an emergency that requires them to take cash from their bank account and use a QR code provided by the scammer to deposit the money into the account of the scammer at a Bitcoin ATM under the guise of protecting the funds.
According to the FTC, people over 60 years old were more than three times more likely to report losing money to a Bitcoin ATM scam with an average loss of $10,000.
TIPS
Protecting yourself from these imposter scams starts with recognizing that you can never be sure who is actually contacting you when you are contacted by phone, email or text message so you should never click on a link, download an attachment or provide personal information in response to any of those communications unless you have absolutely confirmed that the communication was legitimate. Further there is no legitimate circumstance where you will be asked by anyone legitimate to withdraw funds and deposit them into a Bitcoin ATM. Only scammers make those requests.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – October 14, 2024 – Data Breach at Fidelity Investments
Today’s Scam of the day involves yet another major data breach. This is the third major data breach I have warned you about in the last four days. This time the victim was Fidelity Investments where 77,099 of its customers had personal information including Social Security numbers and driver’s licenses compromised which can readily lead to identity theft. The data breach occurred between August 17 and 19th, but was not disclosed by Fidelity until October 9th. Fidelity has sent an email to the affected customers in which they offer free credit monitoring for two years..
So what can you do to protect yourself from these data breaches that will be occurring?
TIPS
One important lesson is to limit the amount of personal information that you provide to companies and websites whenever possible. For example, your doctor doesn’t need your Social Security number for his or her records.
You should make sure that you have a unique password for each of your online accounts so that if one of your passwords is compromised in a data breach, all of your accounts will not be in danger. If your information is compromised in a data breach, you should immediately change the password for that account.
If you have not already done so, set up dual factor authentication for each of you accounts where it is available. This will protect you from having those accounts stolen by someone who may have access to your password. However it should be noted that the malware responsible for this particular data breach is able to bypass password requirements and dual factor authentication.
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – October 13, 2024 – Mavis Wanczyk Scams Continue On and On
She’s back! Actually, she has never left. I have been writing about scams related to Mavis Wanczyk for seven years but recently I have received emails from Scamicide readers telling me about various new incarnations of a variety of scams that share the same hook which is that Mavis Wanczyk is giving money away to lucky people. Many of you may not remember the name of Mavis Wanczyk, but she was the lucky winner of a 758 million dollar Powerball drawing in 2017. Not long after she claimed her prize, a scam started appearing in which many people received emails with the message line referring to the Mavis Wanczyk Cash Grant. The email indicated that you were chosen to receive a large cash grant from Mavis Wanczyk. All the lucky strangers receiving the emails had to do was provide personal information in order to qualify for the grant. In addition, phony social media accounts on Twitter, Facebook and Instagram were also set up in Ms. Wanczyk’s name through which people were contacted with the same phony offer of free money informing them that in order to qualify for the grant they merely needed to provide personal information.
Recently a Scamicide reader told me that after he had tweeted a message on X (formerly Twitter) he was contacted by a scammer posing as Mavis Wanczyk that she liked his tweet and that she was sharing some of her Powerball winnings with a select amount of people that follow her on social media. Fortunately, the Scamicide reader was smart enough to recognize that this was a scam.
TIPS
It is difficult to win a lottery you have entered. It is impossible to win one that you have never entered and neither lottery winners, nor anyone else is sending out messages through the Internet offering free money to anyone who responds with personal information. Never give out personal information that can make you vulnerable to identity theft unless you have absolutely verified that the party requesting the personal information is legitimate and has a legitimate need for the information.
Finally and most importantly, remember neither Mavis Wanczyk nor any other lottery winner is giving away money to strangers.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it indicates “Sign up for this blog.”
Scam of the day – October 12, 2024 – MoneyGram Suffers Major Data Breach
Today’s Scam of the day involves yet another major data breach. This time the victim was MoneyGram a popular company with more than 150 million customers that helps you send money electronically to bank accounts or mobile wallets. MoneyGram confirmed earlier this week that it had suffered a data breach that occurred between September 20th and September 22nd, but that the company did not become aware of the data breach until September 27th. It appears that hack occurred when through the use of social engineering a hacker impersonated a MoneyGram employee and contacted MoneyGram’s IT help desk and was able to convince the IT employee to provide access to MoneyGram’s networks.
The compromised data includes names, home addresses, phone numbers, email addresses, birthdays, bank account numbers and, most problematic, Social Security numbers of MoneyGram customers. Armed with your Social Security number, a criminal can make you a victim of costly identity theft quite readily.
So what can you do to protect yourself from these data breaches that will be occurring?
TIPS
One important lesson is to limit the amount of personal information that you provide to companies and websites whenever possible. For example, your doctor doesn’t need your Social Security number for his or her records.
You should make sure that you have a unique password for each of your online accounts so that if one of your passwords is compromised in a data breach, all of your accounts will not be in danger. If your information is compromised in a data breach, you should immediately change the password for that account.
If you have not already done so, set up dual factor authentication for each of you accounts where it is available. This will protect you from having those accounts stolen by someone who may have access to your password. However it should be noted that the malware responsible for this particular data breach is able to bypass password requirements and dual factor authentication.
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – October 11, 2024 – Hurricane Milton Charity Scams
Natural disasters such as hurricanes and earthquakes are common occurrences. It was only two weeks ago that Hurricane Helene wreaked havoc in Florida, Georgia and the Carolinas and now Hurricane Milton has caused massive damage to Florida. Natural disasters, such as hurricanes, wildfires, tornadoes and earthquakes bring out the best in people who want to donate to charities to help the victims. Unfortunately natural disasters also bring out the worst in scammers who are quick to take advantage of the generosity of people by contacting them posing as charities, but instead of collecting funds to help the victims of these natural disasters, these scam artists steal the money for themselves under false pretenses.
Charities are not subject to the federal Do Not Call List so even if you are signed up for the federal Do Not Call List, legitimate charities are able to contact you by phone. The problem is that whenever you are get a phone call, you can never be sure as to who is really calling you so you may be contacted either by a fake charity or a scammer posing as a legitimate charity. Using a technique called spoofing, the scammers can manipulate your Caller ID to make it appear that the call is coming from a legitimate charity when it is not. Similarly, when you are solicited for a charitable contribution by email or text message you cannot be sure as to whether the person contacting you is legitimate or not.
Through the use of AI, scammers are also contacting people through social media with pleas for charitable donations. Often these social media posts will contain AI enhanced photos and videos and you can never be sure if the posts are legitimate.
TIPS
Never provide credit card information over the phone to anyone whom you have not called or in response to an email or text message. Before you give to any charity, you may wish to check out the charity with http://www.charitynavigator.org where you can learn whether or not the charity itself is a scam. You can also see how much of the money that the legitimate charity collects actually goes toward its charitable purposes and how much it uses for fund raising and administrative costs.
Here is a link to charitynavigator’s picks for the best charities for donations to help the victims of the storm. https://www.charitynavigator.org/discover-charities/where-to-give/hurricane-milton-2024/
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email where it states “Sign up for this blog.”
Scam of the day – October 10, 2024 – Comcast Data Breach Affects 230,000 Customers
In the over twelve years that I have been writing Scamicide, today and tomorrow represent the second time that I have ever had to write about data breaches on consecutive days. This is an indication of how common serious data breaches have become. This situation is very frustrating, but as I have reminded you many times, we are only as safe and secure as the security of the companies, government agencies and websites that have our personal information. Even if you are extremely diligent in protecting your personal information, you can be in danger of identity theft and scams if your personal information falls into the hands of hackers.
Today’s data breach involves 230,000 customers of Internet service provider Comcast Cable Communications which does business as Xfinity which disclosed this week that it had suffered a major data breach that goes back to 2021 in which names, addresses, birth dates, Comcast account numbers and, most disturbingly, Social Security numbers of more than 230,000 its customers were compromised. Armed with your Social Security number, a criminal can make you a victim of costly identity theft quite readily.
The data breach of Comcast was not the fault of Comcast but rather the fault of Financial Business and Consumer Solutions (FBCS) a debt collection agency that was formerly used by Comcast. The stolen data related to Comcast customers in 2020 and 2021. The data breach at FBCS occurred last February and originally was not believed to have compromised any Comcast customer data, however, this week it was determined that indeed Comcast customer data was compromised in a ransomware attack
So what can you do to protect yourself from these data breaches that will be occurring?
TIPS
One important lesson is to limit the amount of personal information that you provide to companies and websites whenever possible. For example, your doctor doesn’t need your Social Security number for his or her records.
You should make sure that you have a unique password for each of your online accounts so that if one of your passwords is compromised in a data breach, all of your accounts will not be in danger. If your information is compromised in a data breach, you should immediately change the password for that account.
If you have not already done so, set up dual factor authentication for each of you accounts where it is available. This will protect you from having those accounts stolen by someone who may have access to your password. However it should be noted that the malware responsible for this particular data breach is able to bypass password requirements and dual factor authentication.
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – October 9, 2024 – REAL ID Scams
The most effective scams are the ones that capitalize on real things that apply to you. Many people are familiar with the REAL ID, which is a new version of your driver’s license mandated by federal law. The federal REAL ID Act established new security requirements for driver’s licenses and identification cards with which all states must comply and which will eventually be needed by you if you wish to board an airplane or enter certain federal facilities although you can still do so if you have a passport.
The original date by which you had to get a REAL ID was set at October 1, 2021, however due to the Covid 19 pandemic, the deadline was postponed until May 3, 2023. However, in December of 2022, the deadline was extended again. The new deadline is May 7, 2025. This is both good news and bad news. It is good news because it gives you more time to get your REAL ID, but it is also bad news because it gives scammers more time to contact you posing as governmental officials seeking your personal information under the guise of helping you apply for your REAL ID when their real purpose is to harvest your personal information and use it to make you a victim of identity theft.
The scam is turning up in many forms. such as emails, text messages and phone calls in which you are urged to either provide sensitive personal information or click on links taking you to websites that appear to be official where you will either unwittingly have downloaded malware such as ransomware by clicking on the link or, again, be prompted to provide personal information used to make you a victim of identity theft.
TIPS
No states are initiating contact with people by emails, text messages or phone calls asking for personal information to apply for your REAL ID. An important thing to remember is that whenever you get a phone call, text message or email, you can never be sure you is really contacting you even if the email address, phone number or Caller ID indicates that the communication is legitimate. This is why you should never provide personal information or click on a link in an email or text message unless you have absolutely confirmed that the communication is legitimate.
Sometimes, you may be able to pick up on obvious (or not so obvious) mistakes in the communications from scammers such as in text messages to residents of Illinois that purported to be from the Department of Motor Vehicles. This is a mistake because Illinois does not have a Department of Motor Vehicles. The name of its agency dealing with these matters is the Department of Driver Services. In any event, if you receive a communication pertaining to the REAL ID, your best choice is to contact your state agency that deals with them at an email address you know is legitimate.
Here is a link to a listing of the websites for all of the state agencies that deal with REAL IDs. https://www.dhs.gov/real-id
If you are not a subscriber to Scamicide.com and would like to free receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”