Scam of the Day
Scam of the day – November 22, 2023 – Protecting Yourself When Shopping Online
Every year, the number of people shopping online and the money spent through online shopping grows significantly. And why not? The convenience alone of being able to shop from the comfort and privacy of your home is reason enough for many of us to shop online. But how safe is it? According to the FTC the number one reported fraud is online shopping scams. However, following some basic precautions can go a long way in protecting you from being scammed when shopping online
TIPS
Here is a list of some online shopping tips:
1. Make sure that the computer, laptop, tablet or phone you use is equipped with the anti-virus and anti-malware software and that you have updated the software with the latest security patches.
2. As with shopping at brick and mortar stores, don’t use a debit card for online purchases, as well. In the event of a data breach, the consumer protection laws in regard to fraudulent use of your debit card are not as protective as those that apply when your credit card is fraudulently used.
3. Don’t supply your credit card number unless the address of the website is preceded by the letters “https.” That additional letter “s” indicates that the transmission of your data is encrypted and secure.
4. Don’t leave your credit card number on record with the online retailers you use for the sake of convenience. Doing so only makes you more likely to become a victim of identity theft if the company suffers a data breach (and many of them will).
5. Don’t click on coupons or ads that you may receive by way of an email or text message regardless of how good they appear. They may be loaded with malware that will be downloaded on to your computer, tablet or phone if you click on the link. That malware can steal all of your personal information and lead to your becoming a victim of identity theft. Any legitimate coupon you might receive through an email or a text message will also be available on the website of the company where you want to shop.
6. Limit your online shopping to companies that you know and trust. Merely because a company comes up high on a Google search does not mean that the company is legitimate. Any company offering a price that appears too good to be true, should be particularly suspect. In tomorrow’s Scam of the day I will tell you how to confirm if a retail website is legitimate or a counterfeit website.
7. Use distinct and complex passwords for each online company with which you shop and use dual factor authentication whenever possible.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – November 21, 2023 – Black Friday Scams
While Thanksgiving is still two days away, many people already have their hearts and minds focused on one of the biggest shopping days of the year – Black Friday, the day after Thanksgiving. Black Friday is the unofficial start of the holiday shopping season although I have been seeing holiday shopping displays since Halloween. The fact that Black Friday is such a huge shopping day is not lost on scammers who will be as pervasive as ever. Over the next few weeks, I will be focusing the Scams of the day on the many holiday season scams about which we should all be aware.
If you are shopping in a brick and mortar store Friday or any other day throughout the year, you should use a credit card rather than a debit card because of the possibility of skimmers which are small devices being used by criminals working as sales clerks that will capture your credit card number which will then be used to make fraudulent purchases. As for using your credit card rather than your debit card, it is important to remember that while your liability for fraudulent use of your credit card is limited by federal law to no more than $50, your liability for fraudulent use of your debit card which is tied to your bank account is unlimited if you do not promptly discover and report the fraud which is why you should always use your credit card for shopping rather than your debit card.
I will be discussing safe practices for online shopping in a future Scam of the day, but in the last couple of years the problem of what the FBI calls E-skimming has become more serious. E-skimming occurs when criminals infect the websites of numerous retailers in a manner that they are able to capture your credit card or debit card information when you enter it into the website. It is important to note that while your chip card will protect you if you use your chip card to make purchases at a brick and mortar store that has updated its credit card processing equipment to handle chip credit cards, you cannot use your chip for online purchases. However, as I indicated in the previous paragraph, the most you are responsible for if your credit card is used fraudulently is $50 and quite frankly I have never seen a credit card company even charge its customers that amount.
TIPS
For the reasons discussed above, try to use your credit card as a chip card whenever possible and always watch your credit card when it is being processed at a brick and mortar store. Don’t let it out of your sight because that is when you run the risk of a rogue clerk running it through a portable skimmer, which will steal the number of your card. Refrain from using your debit card except as an ATM card. Finally, in regard to the E-skimming threat, you should regularly monitor your credit card statement online rather than waiting for a monthly paper bill to be delivered to you so that if your credit card was compromised and your data stolen, you will be able to discover and report the problem to your credit card issuer quickly and avoid more problems.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – November 20, 2023 – Thanksgiving Electronic Greeting Card Scam
Thanksgiving is just three days away and I want to wish everyone a happy and scam-free Thanksgiving to everyone.
Electronic greeting cards have become very popular and with good reason. Even if you don’t remember a birthday or delay sending a holiday card until the last minute, you can send an electronic greeting card, often for free, and have it delivered immediately. Many electronic greeting cards are quite creative with videos and music, as well. But, unfortunately, you can always count on scam artists and identity thieves to try to spoil anything and electronic greeting cards are no exception. The scam starts when you get a phony electronic greeting card that requires you to click on a link to read the card. If you click on one of these phony greeting cards, you may end up downloading a keystroke logging malware program that will steal all of the information from your computer and end up with you becoming a victim of identity theft or alternatively you may download dangerous malware such as ransomware.
TIPS
One of the first things to notice when you receive an e greeting card is who is indicated as the person sending the card. If it states that the card is being sent by “a friend” or “an admirer,” you can be pretty sure that it is a phony card. However, even if the card uses the name of someone you know, it still is risky to open the card without confirming with an email or a phone call that your friend actually did send you the card. Remember, even paranoids have enemies. Scammers may pick a common name to use as the sender or may even have researched who your friends and family are.
It is also important to keep your security software including anti-virus software and anti-malware software installed and up to date at all times which can help if you unwittingly download malware. However, it is important to remember that the most up to date security software is always at least thirty days behind the latest strains of malware often referred to as those that exploit “zero day defects.”
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – November 19, 2023 – Check Washing Increasing
What is old is new again. Many people continue to pay their household bills by paper checks rather than electronic banking and even when shopping, some people prefer paying by check instead of using a credit card or cash. While there has been much discussion in the news about data breaches involving credit cards, the problems encountered through check washing are still substantial costing consumers and banks more than a billion dollars each year and the problem is getting worse.
Typically, the scam starts when someone pays a bill with a check, mails the envelope containing the check and then somewhere in transit the check is stolen and washed. Check washing is a process by which someone steals a check you have already written and “washes” or removes the name of the payee, often using simple bleach, and also changes the amount as well as the name of the payee. The criminal then cashes your altered check and steals your money.
It is a very simple thing for identity thieves to steal your check from your mailbox if you put it in an envelope to pay a bill and leave it in your mailbox outside your home for your mail carrier to pick up. Identity thieves also break into USPS mail collection boxes and steal mail with checks as well. Finally, rogue clerks at stores may steal your checks. It is then a simple thing to take ordinary bleach, acetone or other similar liquids to wash clean the name of the person to whom the check is made out as well as the amount of the check and insert the identity thief’s name and a new amount.
TIPS
While businesses can protect themselves from check washing quite readily by using higher technology checks such as those containing three dimensional reflective metallic holograms or checks treated with chemicals that will make the world “void” appear if the check is attempted to be altered, these are costly alternatives for individuals. Fortunately however, you are not powerless and the solution, in fact is quite simple. Instead of writing your checks using a common ball point pen, switch to a gel pen which is a commonly available type of pen whose ink will not vanish under chemical washes. Fountain pens also do not use the type of ink that can be readily washed, but the gel pen is simpler and easier to use (and also less messy).
Another important thing to remember is to cross shred your personal documents including checks that you no longer need and are discarding. Identity thieves go through your trash for their treasure including checks that they can use to make counterfeit checks using your account.
Finally, check your banks statements promptly after receiving them for signs of theft. If you do report checking account fraud more than thirty days after receiving your bank statement, the bank does not have to reimburse you for fraudulent, counterfeit checks. Finally, if you already aren’t doing so, you should consider paying your bills electronically which can be done in an extremely safe manner.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – November 18, 2023 – Steve’s Testimony on Senior Scams and AI Before the U.S. Senate Committee on Aging
Two days ago I testified before the U.S. Senate’s Select Committee on Aging. My testimony related to scams affecting the elderly and, in particular, how Artificial Intelligence is now being used by scammers. Here is a link to the hearing which shows myself and the other witnesses. I testified and then took questions from Senator Bob Casey, the chair of the Committee, Senator Elizabeth Warren and Senator Mark Kelly.
I also want to thank Alison Council, Sameer Chhetri and Dory Finney of the Committee for their tremendous help in arranging my testimony.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – November 17, 2023 – Lloyds Bank Cryptocurrency Scam Report
Although cryptocurrencies, such as Bitcoin, may seem to be new. I have been writing in Scamicide.com about cryptocurrency scams for nine years. Cryptocurrencies are legitimate, but scammers are increasingly taking advantage of the public’s fascination with cryptocurrencies to take old forms of scams and update them with a cryptocurrency twist. The perception of many in the public that cryptocurrencies offer an easy path to riches coupled with many people violating the cardinal rule of investing by investing in schemes that they do not understand creates a perfect storm for cryptocurrency scams.
Recently Lloyds Bank, a British bank issued a report in which it found that cryptocurrency scams in the UK increased by 23% in 2023 over the comparable period last year and that the average amount of money lost by victims of these scams was more than any other type of scam in the UK. Cryptocurrency scams are a huge problem in the United States and everywhere else as well.
Similar to the United States, the Lloyd Bank report found that most cryptocurrency scams began as posts on social media with Facebook and Instagram being the social media where these scams primarily appeared. Phony advertisements and bogus celebrity endorsements are common elements of many of these social media based scams.
According to the report the two primary cryptocurrency scams are “The Illusion” and “The Takeover.” In “The Illusion” the victim is lured into investing in a phony cryptocurrency platform with the promise of huge returns when the truth is that once the victim invests in the non-existent cryptocurrency, his or her money is gone forever. In “The Takeover” the scammer posing as an investment advisor convinces the victim to set up a legitimate cryptocurrency account and then gives control of the account and the victim’s digital wallet to the scammer who then steals the money.
TIPS
As I have mentioned many times previously, you should never invest in anything that you do not fully understand. You also should not invest in anything without investigating the people offering the investments. In addition, as always, if the investment sounds too good to be true, it usually is. Some of the things to be on the lookout for in regard to cryptocurrency scams are promises of high, guaranteed returns on your investment, false claims of being SEC compliant, allowing you to invest using your credit card and pump and dump scams. For more information about pump and dump scams related to cryptocurrencies, check out the Scam of the day for April 11, 2018.
Also, as a general rule, investing based on social media posts is an invitation to disaster.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – November 16, 2023 – DocuSign Phishing Scam
DocuSign is a company that provides technology for the transmission of contracts and other documents with features for electronic signatures and is used by many businesses. There has been an increasing number of scams in which phony DocuSign messages are being used to send malware infected links luring people into providing personal information that is used for identity theft purposes.
Copied below is an email I received that purports to be sent by my landlord in regard to a change in the terms of my lease that required my immediate attention. This phishing email prompts me to click on a link to open a document that needed my signature. The phishing email looked very professional and contained the DocuSign logo and appeared legitimate. However, the email address of the sender was one totally unrelated to either DocuSign or anyone with whom I do business. Most likely it was the email address of someone whose email account had been hacked and made a part of a botnet used by the cybercriminal to send out large numbers of these emails. Additionally, I do not rent any real estate so the email couldn’t apply to me. Scammers send these emails out in large numbers hoping that many people who do rent their homes will be lured into clicking on the link
This phishing email was designed to lure the person receiving the email to click on the link and either provide personal information that could be used for identity theft, or, as more likely in this particular phishing attempt, merely by clicking on the link would have downloaded malware such as ransomware or keystroke logging malware into the computer of the person clicking on the link. Keystroke logging malware would have enabled the cybercriminal to steal all of the personal information from the computer and make that person a victim of identity theft. I removed the link from the email displayed below.
|
TIPS
In this case, I actually followed my own advice as to never click on a link regardless of how legitimate the email or text message may appear until confirming that the message is legitimate. In this case I didn’t even need to confirm that it was not legitimate because of the telltale evidence of the email address of the sender and the fact that I do not have any leases.
The lesson here is clear. You can never be sure when you receive an email as to who is really contacting you. Although sometimes it is obvious when the email address of the sender does not correspond to who is represented as sending the email, other times the email account of someone or some company you trust could have been hacked and used to send you the malware. Therefore you should never click on a link or download an attachment in an email until you have absolutely and independently confirmed that it is legitimate.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – November 15, 2023 – Millions Affected by Healthcare Data Breach
McLaren Health Care, a Michigan based hospital chain consisting of thirteen hospitals in Michigan and Indiana last week disclosed that it was a victim of a data breach that began on July 28th and lasted through the month of August. The company became aware of the data breach in early October, but did not disclose it for another month. The data breach affects more than two million people whose personal information has been compromised. McLaren has not provided details of the data breach, but the ransomware criminal group ALPHV/BlackCat has claimed responsibility although this has not been confirmed.
Here is a link to McLaren’s official response to the incident. https://www.mclaren.org/main/notification
Last year, in the United States there were more than 1,800 reported data breaches and probably many more that were not reported affecting 422 million people. The question is not if you will become a victim of a data breach. The question is when.
As I have reminded you many times, we are only as safe and secure as the security of the companies, government agencies and websites that have our personal information. Even if you are extremely diligent in protecting your personal information, you can be in danger of identity theft and scams if your personal information falls into the hands of hackers.
So what can you do to protect yourself from these data breaches that will be occurring?
TIPS
One important lesson is to limit the amount of personal information that you provide to companies and websites whenever possible. For example, your doctor doesn’t need your Social Security number for his or her records.
You should make sure that you have a unique password for each of your online accounts so that if one of your passwords is compromised in a data breach, all of your accounts will not be in danger. If your information is compromised in a data breach, you should immediately change the password for that account.
If you have not already done so, set up dual factor authentication for each of you accounts where it is available. This will protect you from having those accounts stolen by someone who may have access to your password.
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
Also, if you are in the mood to get scared you can go to the free website haveibeenpawned where you can find out what data breaches have affected you personally. https://haveibeenpwned.com/
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – November 14, 2023 – Nebraska Attorney General Warns About Bank Scams
Nebraska Attorney General Mike Hilgers recently warned people about a dramatic increase in bank scams being perpetrated through phony emails and phony text messages purporting to come from your bank. And this warning is certainly not limited to Nebraska. According to the Federal Trade Commision (FTC) these types of scams have increased by 1,000% over the last three years.
Phony text messaging, called smishing, which purport to be from your bank is a scam about which I have been warning you for years, but appears to be a scam that is dramatically increasing. Recently, I received a text message that appeared to come from Citizens Bank which read “Account on hold: Reason unverifiable profile. Please update your profile below immediately to avoid blockage.” A link then appeared in the text message that had no obvious connection to Citizens Bank.
Phony text messages like this can be particularly problematic if you have signed up to receive text message alerts from your bank. Whenever you receive a text message you can never be sure who is really sending it to you, so you should never call a telephone number indicated in the text message, provide information or click on links in such text messages which may either download ransomware malware on to your phone or keystroke logging malware that can lead to your becoming a victim of identity theft.
The best course of action when you receive such a text message, if you have a concern that it may be legitimate, is to merely independently contact your bank to determine whether or not the text message was a scam, but be careful that you do not misdial the telephone number of your bank as some scammers purchase phone numbers similar to those of legitimate banks and credit card companies hoping that they will receive calls from unwary consumers who may have merely misdialed the telephone number of their bank or credit card company.
TIPS
Regardless of how official such a text message may appear, you should never provide personal information to anyone in response to a telephone call, email or text message because in none of those situations can you be sure that the person contacting you is legitimate. If you do receive a communication from a bank, government agency or any other person or entity that you think might have a legitimate need for personal information from you, you should call the real entity at a telephone number that you know is legitimate in order to ascertain the truth.
Banks do not call, text or email their customers asking for personal information. You should always be skeptical of anyone asking for such information. Of course, if you receive a text message that appears to come from a bank at which you do not have an account, you can be confident it is a scam. If the text message provides for you to respond to stop future texts, don’t do it. Sending such a message to a scammer merely alerts them to the fact that yours is an active phone number.
Finally, although today’s Scam of the day focuses on phony bank text messages, it is a good idea to sign up to receive text alerts from your bank which can be customized for your own particular needs. In regard to the text message that I received, a close examination of the sender would indicate that it came from “Citizen Bank” rather than “Citizens Bank” which is the name of the legitimate bank (and not one at which I have an account.)
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it indicates “Sign up for this blog.”
Scam of the day – November 13, 2023 – Annual Report of Do Not Call Registry
Since it began in 2003, the National Do Not Call list has grown to include more than 249 million phone numbers. When you register your phone number with the Do Not Call list it becomes illegal for telemarketers to contact you by phone. The Do Not Call list does not apply to charities so you still may be contacted by charities even if you have registered for the Do Not Call list. However, when you receive a call from someone purporting to be representing a charity, you can never be sure who is really calling so you should never give your credit card number to someone who calls you allegedly from a charity. If you are interested in a particular charity, contact the charity directly to make your contribution.
If you are registered for the Do Not Call list and you do receive a call from a telemarketer, you can be confident that the call is a scam because no legitimate telemarketer would call you if you are enrolled in the Do Not Call list. It is also important to note that while telemarketing is not in and of itself illegal, telemarketing through robocalls is always illegal. Registering for the Do Not Call list will not stop robocalls. Illegal automated robocalls continue to be a major source of complaint for many people with the most common subjects of illegal robocalls being debt reduction, vacation and timeshares and warranty plans. Recently Congress passed a new law intended to reduce robocalls, but the new legislation is not expected to totally resolve the problem.
Each year, the Federal Trade Commission issues an annual report for the Do Not Call List and this year’s report for 2022, the previous year, shows the greatest number of scam calls relate to impostor scams where the scammer poses as government employee such as of the IRS or the Social Security Administration or of a legitimate company with which you may do business.
The FTC is also reporting that people are now receiving emails informing them that their registration in the Do Not Call list is expiring and that they have to register their phone numbers again. They are then directed to a phony website that gathers information that can be used for purposes of identity theft. The important thing to know is that you never have to reregister your phone number with the Do Not Call list. Once you have registered a number it is permanently on the Do Not Call list until the number is disconnected or you ask for your number to be removed.
TIPS
Registering for the do not call list is easy and free. Merely go to http://www.donotcall.gov to register your phone number.
Finally, you can just choose to ignore any calls that come from numbers you do not recognize. This is a good option. If they are legitimate calls, they will leave a message and you can call them back.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”