Scam of the Day
Scam of the day – April 9, 2024 – Facebook Cloning Continues to be a Problem
Recently I got a Facebook friend request from a good friend of mine. The only problem was that we were already were Facebook Friends.
If one of your friends received a Facebook friend request that appeared to come from you, it does not mean that your account was hacked. It does mean however that, most likely, your account was cloned in the sense that someone has set up a Facebook account or some other social media account in your name or a slight variation of it in order to trick people into trusting messages that they post, to lure them into scams or to trick them into clicking on links containing malware.
This is nothing new. Facebook estimates that there are as many as 60 million phony cloned Facebook accounts including hundreds of its founder Mark Zuckerberg. Facebook tries to remove the cloned accounts when it becomes aware of them, but they consistently spring up again soon thereafter. You also should let your friends know that your account has been cloned and warn them not to accept any new friend requests from you. If you do find that someone has set up a Facebook account in your name, you should contact Facebook as soon as possible in order for Facebook to take action to cancel the phony cloned account. Here is a link you can use to report such a phony or cloned account. https://www.facebook.com/help/306643639690823?helpref=uf_permalink
TIPS
As indicated above, if you do receive a friend request from someone who already is a Facebook friend of yours, you should contact the friend to let them know that their Facebook account has been cloned so they can report it to Facebook and get the phony, cloned account taken down. It is also important to remember that there will be times that you are contacted by what appear to be real friends or acquaintances where the truth is that it really is not them contacting you, but someone posing as them. Never click on links in any email or text message unless you have absolutely confirmed that the communication is legitimate. Never provide personal information in response to any communication as well until you have confirmed that it is legitimate. As I always warn you, trust me, you can’t trust anyone.
This is probably also a good time to remind you about steps you can take to actually make your Facebook account more impervious to actually being hacked. The first thing you should do is make sure you have a strong password. For some advice about choosing a strong password, go to the Search scams tab in http://www.scamicide.com and write in “strong password” which will bring up a number of Scams of the day in which I described how to pick a strong password.
You should also enable two factor authentication for your account which will dramatically strengthen the security of your Facebook account. Here is a link with more information about how to install dual factor authentication for your Facebook account. https://m.facebook.com/help/148233965247823?helpref=faq_content
You also may want to review your privacy settings on Facebook to make them less vulnerable to hackers. Here is a link with more information about adjusting your privacy settings on Facebook. https://m.facebook.com/help/193677450678703?helpref=hc_fnav&refid=69
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it indicates “Sign up for this blog.”
#facebookclone
Scam of the day – April 8, 2024 – FTC and Ten States Sue Phony Charity
Phony charities are big business for scammers who prey upon generous people who think they are contributing to help those in need. I have written many times over the years about a wide variety of phony charities and the efforts of the Federal Trade Commission (FTC) and others to shut them down. Recently the FTC along with the Attorneys General of California, Florida, Maryland, Massachusetts, North Carolina, Oklahoma, Oregon, Texas, Virginia, and Wisconsin sue the Cancer Recovery Foundation International which also uses the name Women’s Cancer Fund along with its principal, Gregory B. Anderson alleging they took in 18 million dollars in charitable contributions, but only paid $194,809 in support of cancer patients. The phony charity solicited contributions primarily through telemarketing. It is important to note that even if you are on the Do-Not-Call list you can legally be called by charities. It is equally important to note that whenever you are contacted on the phone, you can never be sure as to who is really calling you so you may be contacted either by a phony charity or a scammer posing as a legitimate charity. Similarly, when you are solicited for a charitable contribution by email or text message you cannot be sure as to whether the person contacting you is legitimate or not.
TIPS
Never provide credit card information over the phone to anyone whom you have not called or in response to an email or text message. Before you give to any charity, you may wish to check out the charity with http://www.charitynavigator.org where you can learn whether or not the charity itself is a scam. You can also see how much of the money that the charity collects actually goes toward its charitable purposes and how much it uses for fund raising and administrative costs. Charitynavigator.org will also let you know how to most effectively contribute to particular charities you may be interested in.
Never trust your Caller ID to indicate the identity of who is really calling you because it is quite simple for a scammer to use a technique called “spoofing” to manipulate your Caller ID into making it appear that their calls are coming from a legitimate source.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
#charityscam, #women’scancerfund
Scam of the day – April 7, 2024 – FTC Sending Refunds to Victims of Business Opportunity Scam
In November of 2022 I first told you that the Federal Trade Commission (FTC) sued DK Automation, LLC and its principals, Kevin David Hulse and David Arnett alleging they promised huge returns to trick people into buying business opportunities and training programs through which they said they would teach you how to operate fantastically profitable stores on Amazon. According to the FTC, those claims were deceptive or outright lies and most people who bought the programs never made any profit and often lost money. According to the FTC DK Automation also sold bogus cryptocurrency investment training programs for as much as $85,000 that also were worthless.
Now the FTC has settled its lawsuit with the defendants turning over 2.8 million dollars to the FTC which it is refunding to victims of the scam. For more information about the refund program go to the opening page of Scamicide.com to the section titled “FTC Scam Refunds.”
TIPS
The sale of business opportunities is regulated by the FTC’s Business Opportunity Rule which requires the sellers of business opportunities to provide a one-page disclosure document outlining important facts about the offering including informing you about any legal actions in which the sellers have been involved. The disclosure also has to provide you with details as to any refund policy and provide a list of references. Additionally, as is always the case with these types of scams, if they make claims about how much money you can earn through their scheme, they must provide you with an Earnings Claim Statement that indicates in detail the specifics of those claims and the opportunity to see written proof of the claims.
Before considering any kind of business opportunity, you should have a lawyer review these required disclosures and if the person offering you the business opportunity does not provide these documents, you should consider that a red flag that this is a scam. You also should investigate the people behind the offering as well as the particular type of business opportunity.
You also can do a Google or other search engine search of any company from which you are considering making a purchase in which you type in the company’s name along with the words “scam” or “complaints” and see what you come up with.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
#businessopportunityscam #ftcrefunds
Scam of the day – April 6, 2024 – City of Hope Cancer Center Suffers Data Breach
Earlier this week Cancer treatment and research center City of Hope disclosed that it had suffered a data breach affecting 820,000 patients whose personal information was compromised. The data breach occurred between September and October of 2023, but was only disclosed this week. Included in the compromised information was names, email addresses, phone numbers, birth dates, Social Security numbers, bank account numbers, credit card numbers and more. The extent of the personal information stolen puts the patients in serious danger of identity theft.
Last year, there were more than 1,800 reported data breaches and probably many more that were not reported affecting 422 million people. The question is not if you will become a victim of a data breach. The question is when.
As I have reminded you many times, we are only as safe and secure as the security of the companies, government agencies and websites that have our personal information. Even if you are extremely diligent in protecting your personal information, you can be in danger of identity theft and scams if your personal information falls into the hands of hackers.
So what can you do to protect yourself from these data breaches that will be occurring?
TIPS
One important lesson is to limit the amount of personal information that you provide to companies and websites whenever possible. For example, your doctor doesn’t need your Social Security number for his or her records.
You should also make sure that you have a unique password for each of your online accounts so that if one of your passwords is compromised in a data breach, all of your accounts will not be in danger. If your information is compromised in a data breach, you should immediately change the password for that account.
If you have not already done so, set up dual factor authentication for each of you accounts where it is available. This will protect you from having those accounts stolen by someone who may have access to your password.
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
#databreach #cityofhopedatabreach
Scam of the day – April 5, 2024 – Social Security Scams
I have been warning you about scams related to Social Security benefits for many years. In one Social Security related scam, the scammers call their targeted victim on the phone posing as employees of the Social Security Administration and tell their intended victims that their Social Security numbers have been suspended due to the number being used by criminals for fraudulent purposes. They then ask you to confirm personal information including your Social Security number in order to correct the problem and to enable lifting of the suspension of the victims’ Social Security numbers as well as to avoid arrest. This is a scam intended to lure people into providing personal information including their Social Security number which will then be used for purposes of identity theft.
First and foremost, it is important to know that Social Security numbers are never suspended so right away you can be sure that a call informing you that your Social Security number has been suspended is a scam. The calls, however, can be very convincing and by using a technique called “spoofing” the call can manipulate your Caller ID into making it appear as if the call is coming from the Social Security Administration. Additionally, the Social Security Administration will not call you by phone if there is a problem with your Social Security. they will initiate contact by old fashioned snail mail.
The Social Security Administration (SSA) has a tremendously helpful online service called My Social Security Account which allows you to set up a personal online account with the SSA that enables you to view your earnings history and estimates of benefits as well as manage your benefits online including changing your address or starting or changing direct electronic deposits of your check into a bank account you may designate. Unfortunately, this program has been abused when identity thieves manage to set up a My Social Security Account on behalf of their victim and redirect the check to the identity thief’s account. In other instances, they hack into the My Social Security Account of their victim and again redirect the check to their own account.
TIPS
My Social Security Account is a tremendously convenient service, but it also provides a great opportunity for scammers who have been setting up My Social Security Accounts on behalf of seniors who have not already set up such accounts for themselves. The scammers then make changes to the victim’s account by directing their benefits checks to be sent to bank accounts controlled by the scammers. Even though the Social Security Administration requires verification of personal information by asking questions that only the Social Security recipient should know as part of the process for opening a My Social Security Account, too often this information is available to a determined identity thief who is thereby able to fraudulently open an account in the name of their intended victim.
In order to improve the security of the accounts, the SSA is now requiring people to use dual factor authentication to access their accounts once they have been set up. At the user’s option, the dual factor authentication is done by the SSA sending a one time code either to the user’s email or cell phone. Using an email address for dual factor authentication may prove to be problematic because it is not particularly difficult for a sophisticated hacker to gain access to someone’s email account.
Just as the best defense against income tax identity theft is to file your income tax return before an identity thief attempts does so in your name, so the best defense against the fraudulent setting up of a My Social Security Account in your name is for you to set one up first and protect its safety with a strong username and password. For information about signing up for a My Social Security Account go to https://ssa.gov/myaccount/
A My Social Security Account can also prevent a scammer from using AI to impersonate you and have your check diverted to the scammers bank account by indicating on your My Social Security Account that any changes to the bank account into which your check is electronically deposited only be done in person at a Social Security branch office and not on your online account or over the phone.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
#socialsecurityidentitytheft #mysocialsecurityaccount
Scam of the day – April 4, 2024 – Electric Company Warns Consumers About Utility Scams
Scams involving utility bills for electric, water or gas services have long been popular with scammers. Recently, the West coast utility company PG&E released figures indicating that they received 43,000 reports from its customers claiming they were contacted by scammers posing as PG&E employees resulting in losses to the customers of $875,000 last year. While the scams reported by PG&E were limited to utility scams affecting its customers, these scams are being perpetrated throughout the company by scammers posing as other utility companies.
In one common utility related scam, people are called informing them that they are eligible for a special promotion that will lower their utility costs, but they need to provide personal information in order to qualify for the promotion.
In another scam, potential victims are called on the phone and told that their utility service will be terminated for non-payment unless they pay by credit card or gift cards over the phone.
In a third scam, potential victims receive an email that has a link to take them to their bill.
All of these are scams. In the first, there is no special promotion and the victim ends up providing personal information that leads to identity theft. In the second, the victim is coerced into giving their credit card or gift card information to a scammer and in the third, merely by clicking on the link to go to the phony bill, the victim ends up downloading keystroke logging malware or ransomware that can lead to identity theft or worse.
TIPS
You can never be sure when you get an email or a telephone call if it is really from a legitimate source. Email addresses can be hacked to appear legitimate and even if you have Caller ID, a scammer can use a technique called “spoofing” to make it appear that the call is from a legitimate caller. Trust me, you can’t trust anyone. Never provide personal or financial information to anyone in response to a telephone call, text message or email until you have independently confirmed that the communication was legitimate. In the case of a utility bill, merely call the number on the back of your bill and you will be able to confirm whether or not the communication was legitimate. Also, never click on links unless you have confirmed that they are legitimate. The risk is too great. It is also important to remember that no legitimate utility company will require you to immediately pay your bill over the phone with a gift card.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
#imposterscams #utilityscams
Scam of the day – April 3, 2024 – Australian HSBC Customers Losing Millions to Bank Text Message Scam
A month ago I told you about a man in Australia who was scammed out of $22,000 through a sophisticated text message scam. It started with a text message that appeared to be an alert from his bank informing him that someone had just tried to setup a payment from his account to a new payee. The text message went on to indicate that if the new account payment was not legitimate to contact the bank at a phone number provided in the email. One reason that scams like this are often successful is that people do sign to receive text message alerts from their banks and the phone number shown as sending the text message appeared to be that of the Australian’s bank.
In a panic that someone was trying to access his bank account, the Australian called the number and taken through a long discussion with someone who sounded very much like a legitimate bank employee. At the end of the discussion, the phony bank employee told the targeted victim that it was necessary for the victim to transfer a randomly generated amount of money to an account manager at the bank. Why this would be something that should be done if someone’s account had really been hacked makes no sense at all, but by that time, the scammers, who often have a knowledge of psychology that Freud would have envied, had gained the confidence of their victim convinced the victim to transfer $22,000 to an account designated by the bank. He was told that following the transfer, he would receive a confirmation text and his account would be safe.
Of course, he didn’t receive a confirmation text. The entire process was a scam and the Australian has lost his $22,000. Recently, Mary Yu of Melbourne lost $50,000 to a bank text message scam in which the scammer spoofed the phone number of her bank, HSBC and, posing as her bank, lured her into providing access to her account. HSBC refuses to reimburse many of the victims of this type of scam because the victims provide the personal information to the scammers that enables them to gain access to the bank accounts. Ms. Yu is not alone as a victim of this scam. In the last eight months HSBC customers have lost 6.3 million dollars to this type of scam.
TIPS
At the crux of this scam is “spoofing” by which a scammer can make a phone call or text message appear to come from whatever number the scammer wishes use. In this case, although the text message did not come from the victim’s bank, the victim’s Caller ID showed the phone number of the bank as the sender. Trust me, you can’t trust anyone.
Legitimate bank text messages will never ask you to provide sensitive personal information or ask you to make a payment in the event of a possible security breach to your account. If you need to speak with someone in response to such a text message, don’t use the phone number contained in the text message, but rather call the bank at a telephone number you know is legitimate.
Banks throughout the world have got to do their part in helping to prevent this scam and should not be able to hide behind the fact that their customers are being tricked. In the UK recent legislation now allows banks to hold up payment transfers for an extra three days if they have reason to suspect a scam. In the case of Mary Yu, the scammers gaining control of her account raised her daily withdrawal amount to the maximum $50.000 and then withdrew that amount in the same day. This certainly should have raised some red flags.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up using this link. https://scamicide.com/scam-of-the-day/
#textmessagescam #HSBCtextscam
Scam of the day – April 1, 2024 – AT&T Resets Passwords of Millions of Customers Affected by Data Breach
A year ago I told you that AT&T notified nine million of its customers that some of their personal information was exposed when a marketing partner of AT&T was hacked. A few days ago I told you that names, addresses, phone numbers, birth dates and Social Security numbers of 70 million AT&T customers are being offered for free to cybercriminals on the Dark Web, that part of the Internet where criminals buy and sell goods and services. The data breach affects customers prior to August of 2021 and like the AT&T data breach I told you about last year, AT&T is telling its customers that its own computers were not hacked although they are not indicating from where the data was stolen.
Now AT&T has just announced that it is resetting the passwords of 7.6 million customers most affected by the data breach. It is also directing those customers to a site with details about how to reset their passwords to passwords of their own choosing. AT&T has also indicated that it is reaching out to people whose sensitive personal information had been compromised and offering free credit monitoring.
As I have reminded you many times, we are only as safe and secure as the security of the companies, government agencies and websites that have our personal information. Even if you are extremely diligent in protecting your personal information, you can be in danger of identity theft and scams if your personal information falls into the hands of hackers.
So what can you do to protect yourself from these data breaches that will be occurring?
TIPS
One important lesson is to limit the amount of personal information that you provide to companies and websites whenever possible. For example, your doctor doesn’t need your Social Security number for his or her records.
You should make sure that you have a unique password for each of your online accounts so that if one of your passwords is compromised in a data breach, all of your accounts will not be in danger. If your information is compromised in a data breach, you should immediately change the password for that account.
If you have not already done so, set up dual factor authentication for each of you accounts where it is available. This will protect you from having those accounts stolen by someone who may have access to your password.
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
#at&Tdata breach #creditfreeze #dualfactorauthentication
Scam of the day – March 31, 2024 – Minnesota Police Warning About New Bitcoin Scam
Recently the Blaine, Minnesota Police Department issued a warning about a scam in which scammers are luring people into emptying their bank accounts and sending the money to the scammers through Bitcoin ATMs. The scam starts when a pop-up appears on their computer screen telling them to use a phone number provided in the pop-up to contact Microsoft support about suspicious charges on their bank account. Upon calling the scammer, the victim is told that their bank would not be able to help them if the victim called the police and that if they did call the police, they would be put on a predatory offender list for Pornhub charges. The victim is then directed to withdraw thousands of dollars from their bank account and using a QR code sent to the victim send the withdrawn funds through a Bitcoin ATM to a safe account in order to protect their funds. Of course, the money sent by the victim through the Bitcoin ATM ends up in the digital wallet of the scammer who promptly cashes the account out and the funds are lost forever.
TIPS
This scam, like many scams, depends upon amygdala hijacking. The amygdala, sometimes called the lizard brain is a part of our brain associated with emotions such as fear, greed and urgency. Scammers will create the impression of an emergency that must be dealt with immediately and by hijacking the amygdala, people respond quickly without taking the time to rationally consider what is happening. The amygdala may have helped early mankind facing life or death emergencies that required immediate action and still may be useful in some instances today, but it can too easily be manipulated by scammers to convince their victims to act quickly without thinking.
Taking the time to think, a potential victim should recognize that Microsoft is not going to be sending pop-ups on your computer to inform you of problems with your bank account. If there were a problem with your bank account, the most obvious first call should be to your bank. Threats of the police putting someone on a non-existent predatory list for Pornhub charges is just another scare tactic appealing to the amygdala. Most importantly anytime you are told to withdraw your funds and deposit them into another account you have not set up, it is a scam. Plain and simple.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”
#bitcoinscam, #qrcodescam, #bitcoinatm, #lizard brain
Scam of the day – March 30, 2024 – Netflix Phishing Scam
The popularity of Netflix makes it a preferred subject for phishing emails sent to people appearing to come from Netflix in which you are told you need to update your credit card information or asking for other personal information. Reproduced below is a copy of an email received by a Scamicide reader. The email looks legitimate, but it is important to note that nowhere does your name or account number appear and it is sent from an email address that has nothing to do with Netflix. The Netflix logo appears on the email, but it is easy to counterfeit the Netflix logo and make the email appear to be legitimate when it is not.
Two things can happen if you click on the links in the email. Either you will be directed to a phony but legitimate looking website where you will be prompted to input your credit card information and thereby turn it over to an identity thief or, even worse, merely by clicking on the link, you will download keystroke logging malware that can steal all of the information from your computer and use it to make you a victim of identity theft. I have removed the links in the email below.
Netflix |
| Your account will be suspended! |
Please Update your Payment Detailswe were unable to validate your account |
| Hello we’ re having trouble with the current billing information we’ ll try again, but in the meantime you may want to update payment details |
Details information : |
||
Subscription ID |
: |
926265294 |
Product |
: |
Netflix |
Expiration Date |
: |
Sun,17 Mar-2024 |
|
||
|
|
TIPS
As I always say, “trust me, you can’t trust anyone.” You can never be truly sure when you receive an email seeking personal information such as your credit card number whether or not the email is a scam. The risk of clicking on a link or providing the requested information is just too high. Instead, if you think that the email might be legitimate, you should contact the company at a telephone number or email address that you know is legitimate and find out whether or not the email was a scam. In the case of Netflix you can go to their help center using this link https://help.netflix.com/en/
Another indication that this is a scam phishing email is that the email address from which it was sent has nothing to do with Netflix although it contained the word Netflix in it to trick someone into trusting it.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
#netflixphishing #imposterscam