Scam of the Day
Scam of the day – October 11, 2023 – Medicaid’s Children’s Health Insurance Program Scams
As we all know, health insurance can be complicated and expensive. During the Covid pandemic eligible families were able to turn to Medicaid’s Children’s Health Insurance Program (CHIP) for help, but now that the pandemic has ended some state CHIP programs are contacting CHIP recipients to update their enrollment. Unfortunately, scammers posing as CHIP workers are also reaching out and they can be pretty convincing when they ask for personal information such as your credit card number or bank account number which they then use to make you a victim of identity theft.
TIPS
The real CHIP program in your state may well reach out to you by email, phone or text message, however, it is important to remember that they will never ask you to pay to continue enrollment in the program and they will never ask you for your bank account number or credit card number.
Even if your Caller ID indicates the call is coming from your state’s CHIP program, scammers can use a technique called “spoofing” to manipulate your Caller ID to make it appear that the call is legitimate when it is not.
It is a good policy to never click on a link in an email or text message unless you have absolutely confirmed that the communication is legitimate. In this case, even if the email or text message appears to come from your state’s CHIP program, the better option is to go directly to your state’s Medicaid website which you can find here https://www.medicaid.gov/about-us/beneficiary-resources/index.html#statemenu
You also can go to https://www.healthcare.gov/ to compare insurance plans, coverage and eligibility requirements.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – October 10, 2023 – The Lessons of the 23andMe Data Breach
Scam of the day – October 9, 2023 – Amazon Prime Day Scams
October 10th and 11th are Amazon Prime Day which is odd to say. Amazon really should change the name for the two day event to Amazon Prime Days. Amazon Prime Day is a global promotion of Amazon featuring sales on a variety of items available solely to Amazon Prime members. There is always great interest in Amazon Prime Day and as with everything else that attracts great interest by the public, it also attracts great interest by scammers who are eager to take advantage of people participating in Amazon Prime Day.
The security company McAfee identified a phishing kit specifically tailored for Amazon customers. This kit is called 16Shop and its creator uses the alias DevilScreaM. Following the business model of the creators of much of today’s malware, DevilScreaM makes his or her money by leasing the malware created by him or her on the Dark Web to other less sophisticated cybercriminals. The Dark Web is that part of the Internet where criminals buy and sell good services. The 16Shop malware can be used to create an official looking email that appears to come from one of the major tech companies. This email comes with a PDF attached that appears to be an Amazon log-in page. Anyone who falls for the scam and provides his or her Amazon password and account information will have turned over that information to a scammer who will use it to buy items that will be charged to the credit card of the Amazon account holder.
TIPS
Much of malware including ransomware comes as links in phishing emails or tainted attachments. As a general rule you should never click on links or download attachments that come in emails unless you have absolutely verified that the email is legitimate. You also should never provide personal information in response to an email, text message or phone call unless you have absolutely confirmed that the communication is legitimate.
Phishing emails and more specifically tailored spear phishing emails can often appear quite legitimate initially so it is important to be skeptical. Because Amazon Prime Day is now going on, many people expect emails from Amazon which is even more reason for you to be skeptical. Trust me, you can’t trust anyone. Check the email address of any communication that appears to have come from anyone to make sure that it is the real email address. Many phishing emails come from email addresses that have no relation to the real email address of the company they purport to be while others look very legitimate unless you carefully examine the email.
When going to what purports to be an Amazon page, the URL should begin with “Amazon.com.” To be sure that you are actually on the real Amazon website, you can check the domain name to make sure that it is not a counterfeit by going to the website https://www.whois.com/whois/ where you can type in the domain name and learn who actually owns it. If your Amazon website appears to be owned by someone in Nigeria, for example, you know you have a problem. The security company Check Point recently identified 1,500 counterfeit Amazon websites.
It is also important to remember that you should not use your debit card for anything other than as an ATM card. Use your credit card for online and offline purchases because the law protects you much more from fraudulent purchases than a debit card does. If you do not promptly report misuse of your debit card, you could potentially lose the entire bank account tied to your debit card while the maximum liability for misuse of your credit card is only fifty dollars and most credit card companies don’t even charge you that amount.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in our email address on the tab that states “Sign up for this blog.”
Scam of the day – October 8, 2023 – FTC Stops Online Business Coaching Scam
Business coaches are people that advise and guide business owners and people wanting to start a business in the operating and growing of their businesses. They can be quite helpful, particularly to entrepreneurs. However, scammers posing as business coaches take advantage of trusting business owners by selling worthless services to their unwary victims. I have reported on this type of scam numerous times in the past, but it is timely again with the FTC’s settlement of charges against the operators of Lurn, an online business coaching seller who made outrageous unfounded claims that people who bought their programs could make large incomes from operating various businesses they touted. Lurn scammed millions of dollars from consumers by falsely promising their victims that they could easily earn huge incomes each month if they bought the business coaching services offered.
Lurn’s false claims about their programs including where they told consumers that they could fail 98% of the time and still be able to make $11,453 per month without any evidence to support these claims violated the FTC’s Telemarketing Sales Rule. As a result of a settlement of the charges brought by the FTC against Lurn it must pay 2.5 million dollars to the FTC to be used for refunds to consumer. Lurn is also requried to give notice to anyone who bought any of their programs since May 1, 2019 informing them of the FTC’s action against Lurn.
TIPS
Before hiring the services of a business coach, you may want to find out what helpful advice you can get for free through government agencies such as the Small Business Administration. http://www.sba.gov/starting-managing-business
If you do decide to hire a business coach, you should find out if there are any complaints filed against him or her. An easy way to do this is to just do a search engine search in which you look up the person’s name with the words “scam” or “complaint” and see what comes up. Also, be wary of paying up front for the services of business coaches before they provide any services.
When more information becomes available in regard to the processing of the refunds to victims of Lurn’s scam, I will let you know.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – October 7, 2023 – Mobile Banking App Scams
75% of Americans used mobile bank apps to some degree for their personal banking needs. This fact has not been lost on hackers and scammers who have, in recent years, increasingly focused much of their attention on phone scams and hacking of mobile phones. One of the more effective tactics used by hackers is to create malicious apps called banking trojans which appear to the targeted victim to be a legitimate app such as a game or tool which the victim downloads.
Once downloaded, the malicious app stays dormant until the victim goes to use their legitimate banking app at which time it creates a phony version of the victim’s bank’s login page which appears on top of the legitimate app. The victim then inputs his or her username and password into the malicious app thereby providing this information to the hacker. Making this crime even more devious is the fact that once the victim has inputted his or her information, the banking trojan sends the victim to the real banking app login page so the victims do not become immediately aware that they have been hacked .
Another technique used by hackers is to create phony banking apps that appear to be the banking apps of major banks and offer them on major legitimate app stores. People using these counterfeit apps think that they are providing their username and password to their bank when they use these apps, but instead are providing them to a hacker. Despite the best efforts of the major legitimate app stores to police their sites, thousands of phony banking apps have been found to be available on the legitimate major app stores.
TIPS
As you can see, it can be very easy to become a victim of a mobile banking app attack. Although the major legitimate app stores try to vet the apps that are offered on their sites, they are not perfect. I suggest that when possible you obtain the banking app for your particular bank directly from the website of your bank. Most banks will provide a link to their mobile banking app on their website.
As I often suggest, you also should use dual factor authentication whenever possible to protect the security of your online activities, particularly banking. Through the use of dual factor authentication using biometrics, hardware tokens, authentication apps or text messages to your cell phone you can protect the security of your transaction even if someone is able to hijack your username and password.
Also, remember your bank will not call you or text you asking for dual factor passcodes. Hackers often pose as your bank and will call you or text message you and ask for this information under some pretext. Don’t give it to them.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – October 6, 2023 – Danger of E-Skimming
Regular readers of Scamicide are certainly familiar with skimmers which are devices installed on ATMs as well as credit and debit card processors that steal information from credit and debit cards thereby enabling criminals to use that information to make charges on those cards. The increased use in recent years of cards with chip technology has dramatically decreased the amount of fraudulent purchases made through stolen credit and debit card information because the chip card creates a new authorization number each time the card is used thereby negating the value of skimming a credit card with a computer chip. Scanning your card rather than inserting it into a card reader has also made such purchases safer.
Chip card technology, however, offers no protection when credit and debit cards are used for online purchases. The FBI has warned about what it calls E-Skimming which occurs when criminals infect the websites of businesses and government agencies with malware that allows the criminal to steal credit card and debit card information and then use it to make charges using the victim’s credit card or debit card.
TIPS
There are many steps that businesses and government agencies should take to protect their sites from this type of crime. They should update their security software with the most recent security updates; change default login credentials on their systems; segment their network systems to limit access by criminals and educate their employees to the dangers of phishing and spear phishing emails because it is through these phishing and spear phishing emails that most malware is delivered. A good rule for us all to follow is to never click on links in emails unless you have absolutely confirmed that the email is legitimate.
What, can we as consumers do, however, to protect ourselves from becoming a victim of E-Skimming?
First and foremost, while it may be more convenient to leave your credit card on file with an online retailer you regularly use, this is not a good thing to do because it leaves you more vulnerable to having your credit card data stolen in the event of a data breach and as we all know, data breaches are and will continue to be very common.
Consumers should refrain from using their debit cards for anything other than as an ATM card. Use a credit card for all of your card purchases to achieve greater consumer protection. The holder of a credit card used for fraudulent purposes cannot be assessed more than $50 for such use and most credit card companies charge nothing. However, the potential liability of a person whose debit card has been compromised can reach his or her entire bank account tied to the card if the card owner does not report the crime promptly and even if the card owner does report the theft promptly, the debit card owner’s access to his or her own bank account is frozen while the bank investigates the crime.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – October 5, 2023 – Capital One Data Breach Settlement Payments Beginning
What’s in someone else’s wallet may not be Capital One’s advertising slogan, but it may describe your personal information following the 2019 disclosure of a major data breach at Capital One affecting more than 100 million of its American customers and 6 million of its Canadian customers. Capital One is the third biggest credit card issuer in the United States. The stolen information was contained in credit card applications that were accessed by Paige A. Thompson who formerly worked for Amazon Web Services which hosts the Capital One data base. Thompson was convicted of criminal charges related to the hacking of Capital One.
The most sensitive information stolen was a million Canadian Social Insurance numbers which are the equivalent of American Social Security numbers. Ms. Thompson also stole 140,000 Social Security numbers. According to the FBI, Ms. Thompson obtained the sensitive data by exploiting a misconfiguration of a firewall on a web application that enabled her to access the server used by Capital One to store the data.
In the Scam of the day for August 18, 2022 I reported that the class action brought on behalf of the victims of the data breach had been settled. If your filed a claim pursuant to the class action, you ‘EpiqPay.’ began sending emails to eligible claimants last week. ‘EpiqPay’ is a trusted digital payment platform delivering the settlement payments.
TIPS
So what can you do now to protect yourself from future data breaches that will inevitably occur.
If you have not yet frozen your credit with each of the three major credit reporting agencies, Equifax, Experian and TransUnion, you should do so now to protect yourself from possible identity theft. it is free and easy to do.
To get the maximum protection from identity theft, it is important to freeze your credit at each of the three major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.equifax.com/personal/credit-report-services/credit-freeze/
https://www.transunion.com/credit-freeze/place-credit-freeze
https://www.experian.com/freeze/center.html
One of the biggest lessons from the myriad of data breaches is to make sure that you use unique passwords for every online account that you have in order to avoid having a sensitive account, such as your online banking account compromised because you use the same password as you do for another relatively meaningless account that had poor security which led to a data breach in which your password was stolen.
Creating and remembering strong, unique passwords for each of your accounts is not as difficult as it may appear. You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords. Add a few symbols like !!! and then adapt it for each account you have so that you will have a secure and easy to remember password for each of your online accounts. Thus, your Amazon password could be IDon’tLikePasswords!!!AMA.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – October 4, 2023 – TikTok Cryptocurrency Scam
I have been writing about various cryptocurrency scams since 2014 and they only appear to be getting worse. The most recent cryptocurrency scam involves an AI created deepfake video that is turning up on TikTok that appears to show Elon Musk being interviewed on Fox News promoting a free cryptocurrency giveaway. In the TikTok post you are prompted to register a cryptocurrency account using a promo code provided in the TikTok video. At that point it will appear as if Bitcoin is deposited into your cryptocurrency wallet. However, when you try to withdraw the free Bitcoins, you are instructed that you must activate your account by depositing Bitcoins worth approximately $132. Of course, you never receive any free Bitcoins, but the Bitcoins you deposit in the account go directly to the scammer.
TIPS
This is an easy scam to avoid. Regardless of how legitimate a video you may see on TikTok or any other social media may appear, no one is giving away free cryptocurrencies. If you still think that Elon Musk or anyone else is actually doing so, you can merely do a search engine search to confirm that this is a scam.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – October 3, 2023 – Class Actions Filed Against MGM Resorts and Caesars Entertainment
The recent ransomware attacks against both MGM Resorts which operates 19 casinos in the United States and Caesars Entertainment the largest casino owner in the world, with more than 65 million Caesars Rewards members and properties in 18 states and Canada under the Caesars, Harrah’s, Horseshoe and Eldorado brands has resulted in six class actions recently being filed against the two entertainment giants alleging that they were negligent to take basic precautions to protect the personal information of their customers and loyalty club members including names, birthdates, addresses and Social Security numbers.
Specifically, the lawsuits allege that the two companies failed to take basic security steps including failing to encrypt or redact sensitive information. In addition to possible liability that the companies face from these class actions, they also may well face actions from the Federal Trade Commission (FTC) for failing to comply with the FTC’s Safeguard Rule which requires companies to implement and maintain data security programs.
TIPS
So what does this mean to you and me?
More than anything, these ransomware attacks and data breaches are another reminder that regardless of how careful we may be protecting our personal information, we are only as secure as the companies with which we do business with the worst security. About the only way to reduce the risk is to limit the personal information we provide to these companies. Don’t leave your credit card on file with any company and don’t provide your Social Security number to every company that asks for it unless it is truly required. Your doctor does not need your Social Security number, but they often ask for it.
It also is important to freeze your credit reports to help protect you when data breaches do occur. Freezing your credit is something everyone should do. It is free and easy to do. In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
Also, if you are in the mood to get scared you can go to the free website haveibeenpawned where you can find out what data breaches have affected you personally. https://haveibeenpwned.com/
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – October 2, 2023 – Password Manager Linked to Loss of Millions of Dollars of Cryptocurrency
Having unique, complicated passwords for each of your accounts is an essential element of online security. However, remembering all of your passwords can be a difficult task for many people, which is why so many people use online password managers, which store all of your passwords for you. These companies, however, are tempting targets for identity thieves. In January, I told you about a data breach at the password manager company LastPass that suffered a data breach in which 33 million people had much personal information stolen that could lead to identity theft.
Now researchers have found evidence that tends to indicate that passwords of Last Pass users were used by cybercriminals to steal more than 35 million dollars worth of cryptocurrencies from the crypto wallets of Last Pass users.
In 2018 researchers at Aalto University and the University of Helsinki discovered security flaws affecting the technology used by all of the password managers. The researchers disclosed their findings to the affected companies which took steps to remedy the problem, but the bottom line is that while using a password manager is helpful, it will always be a target of hackers and you may be more comfortable using unique, complex passwords for each account that you can readily remember without using a password manager. This is not as difficult as it sounds as you will read below.
TIPS
First, if you are interested in using a password manager, here is a link to an article from PC magazine that compares many of the legitimate password managers available to you. https://www.pcmag.com/picks/the-best-password-managers
If you do decide to use a password manager, you should remember not to use your password manager master password for any of your other accounts. You also should use dual factor authentication so that even if someone were to gain access to your password manager master password, your password manager account could not be accessed.
However, if you would like to use the helping hand you find at the end of your own arm and generate unique, complex passwords for each of your accounts that are easy to remember, here is a strategy that is very effective. You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords that has capital letters, small letters and a symbol, add a few symbols at the end so it may read IDon’tLikePasswords!!! and then adapt it with a few letters for each particular account you have so that you will have a secure and easy to remember password for each of your online accounts. Thus, your Amazon password could be IDon’tLikePasswords!!!AMA.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”