Scam of the Day
Scam of the day – April 21, 2024 – Canadian Loses $86,000 to Imposter Scam
A woman from Ontario, Canada identified by CTV News by the first name Anjira recently was scammed out of $86,000 through an imposter scam. Imposter scams are one of the most frequent scams throughout the world. In this case Anjira received a call from a scammer posing as an investigator for the Canada Revenue Agency (CRA), the Canadian version of the IRS. The scammer told her that her bank accounts were involved in a money laundering scheme being investigated by the CRA. He directed her to withdraw money from her bank accounts as well as take money from a line of credit she had at her bank and deposit the funds into a Bitcoin account given to her by the scammer. She was told to use a Bitcoin ATM to transfer the funds, which she was told needed to be done in order to protect her funds. As often is the case in this kind of scam, she was also told not to tell anyone at the bank why she was withdrawing the money. Too late she realized that she had been scammed and the money is most likely lost forever.
TIPS
As I often tell you whenever you get a phone call, email or text message, you cannot be sure who is actually contacting you so you should never click on a link, provide personal information or make any payment in response to any communication unless you have absolutely confirmed that the communication was legitimate.
In this case there were a number of red flags that Anjira missed. Even if there was an investigation as to her bank accounts being used for money laundering, there would be no reason for her to withdraw her money. Also, there would be no reason whatsoever to withdraw money from a line of credit which could not possibly have been involved with money laundering. In addition, no legitimate government agency requests payments be made through a Bitcoin ATM, however, Bitcoin ATMs are a favorite payment method for scammers due to their privacy. Also, in making the withdrawals, she was told to make multiple withdrawals of $5,000 rather than withdraw all of the money at once. The only reason for this was to make the individual withdrawals less suspicious to the bank. Finally, being advised not to say anything to the bank clerks of officials is a strong indication that the entire thing was a scam.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
#imposterscam
Scam of the day – April 20, 2024 – Roku Data Breach Affects 576,000 Customers
Recently, the streaming service Roku announced that it had suffered a data breach in which personal information of 576,000 of its customers was compromised. This was the second data breach affecting Roku this year. However, the fault is not primarily with Roku as the attack was accomplished through credential stuffing which occurs when hackers use usernames and passwords obtained through other data breaches which are sold on the Dark Web, that part of the Internet where criminals buy and sell goods and services. Using the same username and password for multiple accounts is a recipe for disaster.
Last year, there were more than 1,800 reported data breaches and probably many more that were not reported affecting 422 million people. The question is not if you will become a victim of a data breach. The question is when.
So what can you do to protect yourself from these data breaches that will be occurring?
TIPS
You should also make sure that you have a unique password for each of your online accounts so that if one of your passwords is compromised in a data breach, all of your accounts will not be in danger. If your information is compromised in a data breach, you should immediately change the password for that account. You also should use dual factor authentication whenever offered by any site you use to protect your security even if your password is compromised. Here is a link to how you can set up dual factor authentication on your Roku account.
One way to get strong unique passwords for all of your accounts is to use a password manager. If you are interested in using a password manager, here is a link to an article from PC magazine that compares many of the legitimate password managers available to you. https://www.pcmag.com/picks/the-best-password-managers
If you do decide to use a password manager, you should remember not to use your password manager master password for any of your other accounts. You also should use dual factor authentication so that even if someone were to gain access to your password manager master password, your password manager account could not be accessed.
However, if you would like to use the helping hand you find at the end of your own arm and generate unique, complex passwords for each of your accounts that are easy to remember, here is a strategy that is very effective. You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords that has capital letters, small letters and a symbol, add a few symbols at the end so it may read IDon’tLikePasswords!!! and then adapt it with a few letters for each particular account you have so that you will have a secure and easy to remember password for each of your online accounts. Thus, your Amazon password could be IDon’tLikePasswords!!!AMA
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
#rokudatabreach #dual factor authentication
Scam of the day – April 19, 2024 – Securing Your Smart Home
I have been warning you about dangers in the rapidly expanding Internet of things for more than eleven years. The Internet of Things is made up of a broad range of devices connected to the Internet including home thermostats, security systems, medical devices, refrigerators, televisions, cars and toys. Our homes have become filled with these devices including Alexa and Siri. The FBI has longed warned consumers about the dangers of posed by hacking of various devices that makeup the Internet of Things.
Cybercriminals hack into your devices that are a part of the Internet of Things to enable them to enlist your devices as a part of a botnet by which they can distribute malware while maintaining their anonymity. They also can hack into your Internet of Thing devices to access your home computers or cell phones to steal information for purposes of identity theft or to implant malware on your home computers and cell phones. The risks are extreme, but there are some basic steps you can take to protect yourself.
TIPS
Most of the devices that make up the Internet of Things come with preset passwords that can easily be discovered by hackers. Change your password as soon as you set up the product. Also, set up a guest network on your router exclusively for your Internet of Things devices. This is important so that you can keep the sensitive personal information you have on your computer or cell phone from being accessible through a hacking of any of your Internet of Things devices.
Configure network firewalls to block traffic from unauthorized IP addresses and disable port forwarding. Make sure that you install the latest security patches as soon as they become available. Use encryption software for the transmission of data and find out where data is stored and what steps are taken to secure the information.
Make sure your router is secure and use its whitelisting capabilities which will prevent your device from connecting to malicious networks. Routers are a critical part of your smart home security. Make sure it will automatically download and install the latest security updates from its manufacturer. If your router is an older router that does not have this capability, you can check the manufacturer’s website regularly for the latest updates, but frankly, you are probably better served by getting a newer, more secure router. Make sure you have a unique password for each of your Internet of Things devices and use dual factor authentication whenever you can for all of these devices.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
#internetofthings
Scam of the day – April 18, 2024 – Income Tax Refund Scam
The filing deadline for your 2023 federal income tax return has just passed and the IRS is warning people about emails from scammers posing as IRS agents that lure victims into clicking on links and providing personal information that leads to identity theft. The subject line of the email reads “Claim your tax refund online. The grammar and spelling in many of these emails is pretty atrocious which is a red flag that you are dealing with a scammer.
One email presently being circulated reads: “We cheked an error in the calculation of your tax from the last payment, amounting to $927.22. In order for us to return the excess payment, you need to create a E-Refund after which the funds will be credited to your specified bank. Please click below to claim your tax refund. If we are unable to complete within 3 days, all pending will be cancelled.”
Of course, if you do click on the link it will either download malware such as ransomware or keystroke logging malware that will lead to your becoming a victim of identity theft or you will be taken to a phony IRS website where you will be prompted to provide personal information that will result in your becoming a victim of identity theft.
TIPS
This is an easy scam to avoid. As I often tell you, whenever you get a phone call, text message or email that purports to be from the IRS, you can be confident that it is a scam because the IRS does not initiate contact with taxpayers by phone, text messages or emails.
Also, you should never click on a link in an email or provide personal information in response to an email unless you have absolutely confirmed that the email was legitimate.
In regard to information about any refunds to which you may be entitled, you should go to the IRS website section which will provide you with information about any refunds to which you may be entitled. Here is the link.https://www.irs.gov/refunds
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
#irsrefunds #irsrefundscam
Scam of the day – April 17, 2024 – Amazon Prime Phishing Email
Recently a Scamicide reader received an email informing her that her Amazon Prime Membership was going to be suspended because the credit card tied to the account was no longer able to be used. The email contained a link for her to click on to provide a new credit card. I have removed the link from the copy of the email shown below.. This is a common scam in which the scammers attempt to lure people into providing their credit card information or Amazon user name and password to the scammer posing as an Amazon employee.
But how do you know if you get such an email whether or not the email is legitimate? For starters, the email address of the sender of the email to the Scamicide reader had no relation to Amazon. The best course of action if you receive such an email and you have any thoughts that it might be legitimate you should communicate directly with Amazon their website or mobile app rather than click on a link in the email that purports to take you to Amazon.
Prime |
| Your account will be suspended! |
Please Update your Payment Detailswe were unable to validate your account |
| Hello we’ re having trouble with the current billing information we’ ll try again, but in the meantime you may want to update payment details |
Details information : |
||
Subscription ID |
: |
926265294 |
Product |
: |
Prime |
Expiration Date |
: |
Thu,28 Mar-2024 |
TIPS
While this particular email did not appear very official and did not contain the Amazon logo, other Amazon phishing emails use the Amazon logo and are written with acceptable grammar and punctuation. Some of these phishing emails, which in the past had poor grammar and spelling having been sent from scammers in a country where English is not their native language are now, through AI able to appear entirely legitimate. Never click on a link in an email or text message or provide personal information unless you have confirmed that the email or text message is legitimate. The telephone number to call if you suspect Amazon related fraud is 866-216-1075 or you can call their real customer service number 888-280-4331 Never call the numbers that appears in phishing emails.
Also, because any of us can be scammed, it is a good idea to use dual factor authentication whenever possible to protect your various accounts so that even if someone actually had your password they would not be able to access your account. In order to set up dual factor authentication for your Amazon account use this link. https://www.amazon.com/gp/help/customer/display.html?nodeId=G3PWZPU52FKN7PW4
If you are not a subscriber to Scamicide.com and would like to free receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
#phishingemail #amazonphishingemail
Scam of the day – April 16, 2024 – E-Z Pass Text Message Scam
The E-Z Pass transponder system is available to drivers in seventeen states and enables the drivers to avoid stopping to pay tolls when driving on toll roads. Instead they merely drive through a special lane where their transponder is electronically read. The tolls are then charged to a credit card on file with E-Z Pass. It is a very efficient system that works well. It also works well for scammers. In 2014 I told you about scammers sending phishing emails to residents of New York, New Jersey, Massachusetts and even Canada where they system is also used. The emails appeared official looking and carried the easily counterfeited logo of E-Z Pass. The message was short and read: “Dear customer, You have not paid for driving on a toll road. This invoice is sent repeatedly, please service your debt in the shortest possible time.” The phishing email of 204 lured people into clicking on an infected link and providing personal information that would lead to identity theft.
Times have changed, but not that much. Recently the Pennsylvania Turnpike Commission issued a warning about a similar phishing message being sent as a text message. Phishing text messages are called “smishing.” Again, the text message indicates that the account is overdue and provides a link to a fraudulent page where victims of the scam provide their credit card information to the scammers. This scam is also being reported in other states as well.
TIPS
Never click on links or download attachments in emails or text messages regardless of how official they may appear. You can never be sure as to whether it is legitimate or not. Your best course of action is, if you have any inclination that it may be legitimate, to contact the real company or agency and inquire as to the legitimacy of the contact. In the case of the Pennsylvania E-Z Pass program, their website is https://www.paturnpike.com/e-zpass
It is also important to remember that scammers can manipulate your Caller ID through a technique called spoofing to make their text message appear to come from the legitimate number of a legitimate source. Trust me, you can’t trust anyone.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
#e-zpasstextmessagescam #smishing
Scam of the day – April 15, 2024 – Massive Booking.com Scam
Scams involving the popular travel website Booking.com have increased dramatically over the last year worldwide with one hundred hotels in Japan among the most recent targets. The scam starts with a phishing email to a hotel that lures the unsuspecting hotel employee into clicking on a link and downloading malware that enables the scammer to access the hotel’s Booking.com account and obtain a list of upcoming reservations along with the email addresses of t the future travelers. The scammers then use the hacked Booking.com management portal to send an email to the future visitor in which they demand a credit card payment for the future stay. Thousands of victims of this scam have responded to the emails which appear totally legitimate by providing their credit card information which leads to identity theft and credit card fraud.
TIPS
The primary responsibility for this scam falls on the hotels whose lack of sufficient security enables the scammers to gain access to their Booking.com accounts, however there are things that we as consumers can do to protect ourselves from this sophisticated scam. Perhaps first and foremost, as I often advise you, you should never use your debit card for anything other than as an ATM card because while your liability for credit card fraud is limited to no more than $50 (and I have never seen a credit card company ever charge anything for fraudulent use), your risk of loss for fraudulent use of your debit card if it is not reported immediately could result in your entire bank account being stolen.
As always, you can never be sure when you get an email, text message or phone call as to who is really contacting you so you should never click on a link, make a payment or provide personal information in response to any communication unless you have absolutely confirmed that it is legitimate. In response to an email that appears to come from Booking.com, you can either use your Booking.com app to confirm whether the email was legitimate or call Booking.com at a phone number that you know is legitimate or go to the Help Center on the Booking.com website.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
#booking.comscam
Scam of the day – April 14, 2024 – Tech Support Scammers Pay 26 Million Dollar Settlement to FTC
Tech support scams in which consumers are tricked by scammers into believing there is a problem with their computers that require the expensive services of scammers constitute a major problem. Tech support scams are increasingly common and victimize consumers 60 years or older about five times more often than people between the ages of 20 and 59 according to the Federal Trade Commission (FTC).
The FTC recently settled charges against two Cyprus based companies, Restoro Cyprus Limited and Reimage Cyprus Limited who lured people into purchasing tech support through a phony Microsoft Windows pop-up indicating that the victim’s computer was infected with a virus or malware. After the victim paid for unnecessary software to remedy the problem, the scammers told their victims that they needed help from a Restoro or Reimage technician to fix the problem at an additional cost. Following a lawsuit initiated by the FTC, the two defendants settled and are paying 26 million dollars to the FTC which it will be refunding to victims of the scam. As more details become available about the refunds, i will let you know.
The most common tech support scams start with popups on your computer that provide notices of security problems that contain telephone numbers for you to call to fix the problem, Whenever you get a pop-up, email, or text message that appears to tell you that you have a security problem with your computer, you should never click on any links contained in the message or call the telephone number provided. If your screen freezes, all you need to do is just turn off your computer and restart it. If you are concerned that you may be experiencing a real security problem you can contact tech support at the real tech companies directly by phone or by email using the phone number and email addresses you find on their respective websites.
If you call the scammers in response to concerns about your security, they often ask for you to enable them to get remote access to your computer to assess the problem. Providing remote access to anyone to your computer can lead to a myriad of problems including identity theft and the downloading of ransomware. Neither AOL, Yahoo, Apple, Microsoft or any of the other tech companies ever ask for remote access to your computer to fix problems.
TIPS
Often when your computer is frozen and you receive a pop-up ad purporting to tell you that you have a major security problem and warning you that you should not shut down or restart your computer because, they tell you, it would cause serious damage to your computer, the best thing you can do is shut down your computer and restart it.
If you are truly concerned about a security problem, contact tech support at the real tech companies you use at a phone number or email address that you have confirmed is accurate rather than a number or email address from the pop-up.
Never download software or give remote access to your computer to anyone whom you have not contacted.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
#ftcrefunds #techsupportscams
Scam of the day – April 13, 2024 – Mexican Drug Cartel Operating Timeshare Scam
Timeshares are a legitimate vacation option for many people with about 9.6 million Americans owning timeshares. However, resales have often been difficult for timeshare owners and scammers have been preying upon timeshare owners trying to sell their interests with promises of buyers that never materialize after charging the timeshare owners upfront fees of sometimes thousands of dollars. Part of the problem is that the timeshare resale firms are largely unregulated although the Federal Trade Commission (FTC) has brought a number of lawsuits against timeshare resale companies for false and misleading marketing. Many older timeshare owners are specifically targeted by scammers through the mail, telemarketing and seminars in which they promise easy sales and big profits. Most of these companies charge upfront fees of between $2,500 and $10,000. Many of them provide a money back guarantee, but the guarantee of a scammer is worthless.
But now, as I often say, “things aren’t as bad as you think, they are far worse” because the Mexican drug cartel Jalisco New Generation has gotten in the timeshare resale scam business. According to federal officials, they have scammed Americans owning timeshares in Mexico whom they call by phone offering to sell their timeshare out of hundreds of millions of dollars over the last ten years. Most often they target elderly timeshare owners.
TIP
Anyone considering selling their timeshare unit should check out the legitimacy of any company proposing to help you sell your timeshare. You can check with your state’s attorney general and your local consumer protection agencies. You also can do a search engine search typing in the word “scam” along with the name of the company you are considering. Make sure you have a lawyer review any contract before you sign it and you should never pay in advance for the services of someone purporting to assist you in reselling your timeshare unit. Probably the best way to sell a timeshare unit is to deal with the resort management company or timeshare developer on your own.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
#timesharescams
Scam of the day – April 12, 2024 – Michigan Woman Loses $600,000 to Publishers Clearing House Scam
Last December I told you that the Federal Trade Commission (FTC) was reporting an increase in reports of scammers calling people on the telephone and telling them that they have won one of the Publishers Clearing House lotteries, but that they have to pay fees or taxes before being able to claim their prize. In addition there are reports of targeted victims receiving phony notifications by regular mail that they have won a Publishers Clearing House lottery, but that again they must pay fees or taxes before being able to receive their prize.
Recently a Michigan woman was contacted by someone posing as an attorney with the FTC who said he was contacting her on behalf of Publishers Clearing House to inform her that she had won 3.5 million dollars, a car and $7,000 a week for life, but, as is typical in these types of scams, she was repeatedly told that she had to send money in the form of cashier’s checks and deposits into a Bitcoin account through a Bitcoin ATM in order to claim her prize. Unfortunately, it wasn’t until she confided in a friend who told her that this appeared to be a scam that the victim stopped paying, but not until she had lost more than $600.000.
It is hard to win any lottery. It is impossible to win one that you have not even entered and yet scam artists have found that it is extremely lucrative to scam people by convincing them that they have won various lotteries. With so many people entered into the Publishers Clearing House lotteries, it is easier for scammers to convince people that they have won.
Most lottery scams involve the victim being told that they need to pay taxes or administrative fees directly to the lottery sponsor; however no legitimate lottery requires you to do so.
As with many effective scams, the pitch of the scammer may seem legitimate. Income taxes are due on lottery winnings, but with legitimate lotteries they are either deducted from the lottery winnings before you receive your prize or you are responsible for paying the taxes directly to the IRS. No legitimate lottery collects taxes on behalf of the IRS from lottery winners. Other times, the scammer tell the “winners” that in order to collect their prizes, they need to pay administrative fees. Often, the victims are told to send the fees back to the scammer by prepaid gift cards. Prepaid cards are a favorite of scammers because they are the equivalent of sending cash. They are impossible to stop or trace. Again, no legitimate lottery requires you to pay administrative fees in order to claim your prize.
TIPS
Fortunately, there is an easy way to know, when you are contacted by Publishers Clearing House by phone, email or text message informing you that you have won one of its major multi-million dollar prizes, whether you have been contacted by the real Publishers Clearing House. Publishers Clearing House only contacts major prize winners in person or by regular mail. They do not contact winners by phone, email or text message so if you do receive a notification of your winning one of their major multi-million dollar prizes by those means of communication you know it is a scam.
As for the FTC being used to award Publishers Clearinghouse winnings, not only does the FTC not do this. In fact, as I have told you in the past, the FTC has sued Publishers Clearing House for illegal practices and obtained a 18.5 million dollar settlement in 2023.
Even if the Caller ID on your phone indicates the call is from Publishers Clearing House, it is very easy for a scammer to use a technique called “spoofing” to make it appear that the call is coming from Publishers Clearing House rather than the scammer who is really making the call. Trust me, you can’t trust anyone.
In addition, no winners of the Publishers Clearinghouse sweepstakes are ever required to make a payment of any kind to claim their prize so if you are told that you have won, but are required to make any kind of payment before you can claim your prize, you can be sure that it is a scam. As for other lotteries, remember, you can’t win a lottery you haven’t entered and no legitimate lottery asks you to pay them administrative fees or taxes.
Also, as I often tell you, it is always a red flag that you are involved with a scam when you are asked to pay for anything with gift cards or a deposit into a Bitcoin ATM. Gift cards can cryptocurrencies are favorite methods of payment for scammers because they are easy to convert into cash and impossible to trace.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
#publishersclearinghousescam #lotteryscams