Scam of the Day
Scam of the day – October 4, 2023 – TikTok Cryptocurrency Scam
I have been writing about various cryptocurrency scams since 2014 and they only appear to be getting worse. The most recent cryptocurrency scam involves an AI created deepfake video that is turning up on TikTok that appears to show Elon Musk being interviewed on Fox News promoting a free cryptocurrency giveaway. In the TikTok post you are prompted to register a cryptocurrency account using a promo code provided in the TikTok video. At that point it will appear as if Bitcoin is deposited into your cryptocurrency wallet. However, when you try to withdraw the free Bitcoins, you are instructed that you must activate your account by depositing Bitcoins worth approximately $132. Of course, you never receive any free Bitcoins, but the Bitcoins you deposit in the account go directly to the scammer.
TIPS
This is an easy scam to avoid. Regardless of how legitimate a video you may see on TikTok or any other social media may appear, no one is giving away free cryptocurrencies. If you still think that Elon Musk or anyone else is actually doing so, you can merely do a search engine search to confirm that this is a scam.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – October 3, 2023 – Class Actions Filed Against MGM Resorts and Caesars Entertainment
The recent ransomware attacks against both MGM Resorts which operates 19 casinos in the United States and Caesars Entertainment the largest casino owner in the world, with more than 65 million Caesars Rewards members and properties in 18 states and Canada under the Caesars, Harrah’s, Horseshoe and Eldorado brands has resulted in six class actions recently being filed against the two entertainment giants alleging that they were negligent to take basic precautions to protect the personal information of their customers and loyalty club members including names, birthdates, addresses and Social Security numbers.
Specifically, the lawsuits allege that the two companies failed to take basic security steps including failing to encrypt or redact sensitive information. In addition to possible liability that the companies face from these class actions, they also may well face actions from the Federal Trade Commission (FTC) for failing to comply with the FTC’s Safeguard Rule which requires companies to implement and maintain data security programs.
TIPS
So what does this mean to you and me?
More than anything, these ransomware attacks and data breaches are another reminder that regardless of how careful we may be protecting our personal information, we are only as secure as the companies with which we do business with the worst security. About the only way to reduce the risk is to limit the personal information we provide to these companies. Don’t leave your credit card on file with any company and don’t provide your Social Security number to every company that asks for it unless it is truly required. Your doctor does not need your Social Security number, but they often ask for it.
It also is important to freeze your credit reports to help protect you when data breaches do occur. Freezing your credit is something everyone should do. It is free and easy to do. In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number. If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
Also, if you are in the mood to get scared you can go to the free website haveibeenpawned where you can find out what data breaches have affected you personally. https://haveibeenpwned.com/
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – October 2, 2023 – Password Manager Linked to Loss of Millions of Dollars of Cryptocurrency
Having unique, complicated passwords for each of your accounts is an essential element of online security. However, remembering all of your passwords can be a difficult task for many people, which is why so many people use online password managers, which store all of your passwords for you. These companies, however, are tempting targets for identity thieves. In January, I told you about a data breach at the password manager company LastPass that suffered a data breach in which 33 million people had much personal information stolen that could lead to identity theft.
Now researchers have found evidence that tends to indicate that passwords of Last Pass users were used by cybercriminals to steal more than 35 million dollars worth of cryptocurrencies from the crypto wallets of Last Pass users.
In 2018 researchers at Aalto University and the University of Helsinki discovered security flaws affecting the technology used by all of the password managers. The researchers disclosed their findings to the affected companies which took steps to remedy the problem, but the bottom line is that while using a password manager is helpful, it will always be a target of hackers and you may be more comfortable using unique, complex passwords for each account that you can readily remember without using a password manager. This is not as difficult as it sounds as you will read below.
TIPS
First, if you are interested in using a password manager, here is a link to an article from PC magazine that compares many of the legitimate password managers available to you. https://www.pcmag.com/picks/the-best-password-managers
If you do decide to use a password manager, you should remember not to use your password manager master password for any of your other accounts. You also should use dual factor authentication so that even if someone were to gain access to your password manager master password, your password manager account could not be accessed.
However, if you would like to use the helping hand you find at the end of your own arm and generate unique, complex passwords for each of your accounts that are easy to remember, here is a strategy that is very effective. You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords that has capital letters, small letters and a symbol, add a few symbols at the end so it may read IDon’tLikePasswords!!! and then adapt it with a few letters for each particular account you have so that you will have a secure and easy to remember password for each of your online accounts. Thus, your Amazon password could be IDon’tLikePasswords!!!AMA.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – October 1, 2023 – Another Major Data Breach
The University of Minnesota has become the latest school to disclose that their computers had been hacked and personal information including Social Security numbers of students, faculty, staff, former students and even people who merely applied to the school was compromised. The information stolen goes back to 1989 and was only discovered last July. This is just the latest instance of a college or university being hacked. It also is another breach in which the university still maintained personal information in its data banks on former students, and in this case, mere applicants although the university had absolutely no reason to maintain Social Security numbers for such people. The University of Minnesota has been sued in a potential class action alleging the school was negligent in protecting sensitive personal data.
Last year, in the United States there were more than 1,800 reported data breaches and probably many more that were not reported affecting 422 million people. The question is not if you will become a victim of a data breach. The question is when.
As I have reminded you many times, we are only as safe and secure as the security of the companies, government agencies and websites that have our personal information. Even if you are extremely diligent in protecting your personal information, you can be in danger of identity theft and scams if your personal information falls into the hands of hackers.
So what can you do to protect yourself from these data breaches that will be occurring?
TIPS
One important lesson is to limit the amount of personal information that you provide to companies and websites whenever possible. For example, your doctor doesn’t need your Social Security number for his or her records.
You should make sure that you have a unique password for each of your online accounts so that if one of your passwords is compromised in a data breach, all of your accounts will not be in danger. If your information is compromised in a data breach, you should immediately change the password for that account.
If you have not already done so, set up dual factor authentication for each of you accounts where it is available. This will protect you from having those accounts stolen by someone who may have access to your password.
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
Also, if you are in the mood to get scared you can go to the free website haveibeenpawned where you can find out what data breaches have affected you personally. https://haveibeenpwned.com/
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – September 30, 2023 – FTC Sending Another Round of Payments to Lifelock Customers
In 2015 the Federal Trade Commission (FTC) settled a lawsuit it initiated against identity theft protection company, Lifelock about which I reported to you in a Scam of the day earlier that year. In the lawsuit, Lifelock was accused of not living up to the terms of an earlier 2010 settlement with the FTC as well as 35 state attorneys general regarding charges that Lifelock used misleading and deceptive advertising as well as failed to adequately protect the security of the personal data of its customers including Social Security numbers and credit card numbers. According to the FTC, Lifelock violated the 2010 settlement by failing to maintain a comprehensive information security program to protect its users’ sensitive personal data, including credit card numbers, Social Security numbers and bank account numbers as well as by falsely advertising that it protected consumers’ sensitive data with the same high-level safeguards as financial institutions.
At the time of the settlement FTC Chairwoman Edith Ramirez said, “The fact that consumers paid Lifelock for help in protecting their sensitive personal information makes the charges in this case particularly troubling.” This fine represents the largest fine ever collected by the FTC for the failure to live up to a previous agreement with the FTC. The funds collected from Lifelock were returned to eligible Lifelock customers in 2019, 2021 and in January of this year. Those distributions totaled more than 28.5 million dollars, however because there is still additional money available from the fine paid by Lifelock, the FTC is sending 2.3 million dollars of additional payments to 159,146 people who had previously received a payment. The payments will be sent by PayPal. For more information go to the middle of the opening page of Scamicide.com to the tab “FTC Refunds.”
TIPS
The charges of failing to protect customers’ personal information is very disturbing to Lifelock customers because any company holding such tremendous amounts of personal information would be a prime target of hackers and identity thieves. It is also important to remember that neither Lifelock nor any of the other identity theft protection services are able to truly protect you from identity theft. They merely help you take certain steps to reduce your chances of becoming a victim of identity theft and help you monitor your accounts to let you know sooner if you become a victim of identity theft.
In fact, none of the identity theft protection services assist you in putting a credit freeze on your credit report which may be the single best step you can take to protect yourself from identity theft. You can find instructions for putting a credit freeze on your credit reports here on Scamicide by putting the words “credit freeze” into the “Search this Website” section of the first page of Scamicide.com.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – September 29, 2023 – FBI Warns About Wrong Number Text Scam
The FBI recently issued a warning about the wrong number text message scam. The scam starts when you receive a text message that was obviously intended for someone else. Wanting to be a responsible person, many people respond to the text message telling the sender that it had been sent to the wrong number. At this point, the scammer sending the original text message says that he is always looking for more friends and attempts to start a conversation.
According to the FBI’s press release, “The scammers behind the wrong number text messages are counting on you to continue the conversation. They want to exploit your friendliness. Once they’ve made a connection, they’ll work to become friends or even cultivate a remote romantic relationship. It’s all a ruse, designed to get you to relax your mistrust so you’ll be more susceptible to falling for their scam, such as a cryptocurrency investment or many others targeting victims.”
Often these phony text messages aren’t even coming from a real person, but are automated responses sent by a bot programmed to give specific responses. The scams involved with these calls are many, but they all start with establishing a relationship with the targeted victim such that the victim begins to trust the scammer. At this point, the scammer may ask for personal information that can be used to make you a victim of identity theft. In other instances, they will lure you into clicking on a malware infected link under some pretense. In yet another version of the scam, they will use the text message to advance a romance scam and either eventually ask for money or for you to send compromising photos that would be used for blackmail purposes. Finally, these phony text messages have also been used to lure people into cryptocurrency scams. The bottom line is that when you get a text message that appears to be intended for someone else, it often is a scam.
TIPS
This is an easy scam to avoid. The best thing to do is to merely not respond at all to the text message. The risk of getting involved in a scam is too great. You also should block the number from your phone. If your mobile service provider is AT&T, Verizon Wireless or T-Mobile you should forward the message to SPAM (7726) and report it as spam.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – September 28, 2023 – Student Loan Forgiveness for University of Phoenix Students
For profit universities have been a target of state and federal investigations for years. I have written about this topic since 2012. It should be noted that not all for profit colleges are scams, but there are a large number of for profit colleges, sometimes referred to as “diploma mills” that at times offer credit for your “life experience” and lure students in with promises of a helpful degree, but the students end up with a worthless degree and an empty wallet. Sometimes the names of these scamming colleges and universities are confusingly similar to legitimate colleges. For instance, Columbia State University is a diploma mill while Columbia University is an eminent Ivy League school.
In 2019, the University of Phoenix settled charges brought by the Federal Trade Commission (FTC) that it used deceptive advertising to attract students. These ads falsely implied that the University of Phoenix worked with companies such as AT&T, Yahoo and Microsoft to create job opportunities for students and to shape its programs for the jobs. Pursuant to the settlement, the University of Phoenix paid 50 million dollars to the FTC and in 2021 the FTC sent refunds to 147,500 former University of Phoenix students.
Now as a further part of the FTC’s action against the University of Phoenix, the U.S. Department of Education is forgiving approximately 37 million dollars of federal student loans to victims of the school’s deceptive practices outlined in the 2019 case. People interested in submitting a claim for loan forgiveness should to to the Department of Education’s Borrower Defense Loan Discharge page using this link https://studentaid.gov/manage-loans/forgiveness-cancellation/borrower-defense
TIP
If you are considering attending a for profit school, first check it out with the United States Department of Education’s website at www.ope.ed.gov/accreditation to make sure it is an accredited institution.
You also should investigate whether a local college, university or community college would be more cost effective for you. For profit colleges and universities are often more expensive than these other alternatives without offering any distinct advantages. Also, check out the graduation rates of any for profit college you are considering and finally, investigate the job prospects in your field of study. Don’t just take the word of the college.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – September 27, 2023 – New AI Social Security Scam
I have been warning you about scams related to Social Security benefits for many years. In one Social Security related scam, the scammers call their targeted victim on the phone posing as employees of the Social Security Administration and tell their intended victims that their Social Security numbers have been suspended due to the number being used by criminals for fraudulent purposes. They then ask you to confirm personal information including your Social Security number in order to correct the problem and to enable lifting of the suspension of the victims’ Social Security numbers as well as to avoid arrest. This is a scam intended to lure people into providing personal information including their Social Security number which will then be used for purposes of identity theft.
First and foremost, it is important to know that Social Security numbers are never suspended so right away you can be sure that a call informing you that your Social Security number has been suspended is a scam. The calls, however, can be very convincing and by using a technique called “spoofing” the call can manipulate your Caller ID into making it appear as if the call is coming from the Social Security Administration. Additionally, the Social Security Administration will not call you by phone if there is a problem with your Social Security. they will initiate contact by old fashioned snail mail.
Now, however the Office of the Inspector General for Social Security is warning about a new scam where Social Security customer service representatives receive AI powered chatbot calls that appear to come from a Social Security beneficiary asking for a change in the bank account where the monthly check is deposited.
TIPS
The Social Security Administration (SSA) has a tremendously helpful online service called My Social Security Account which allows you to set up a personal online account with the SSA that enables you to view your earnings history and estimates of benefits as well as manage your benefits online including changing your address or starting or changing direct electronic deposits of your check into a bank account you may designate. This is a tremendously convenient service, but it also provides a great opportunity for scammers who have been setting up My Social Security Accounts on behalf of seniors who have not already set up such accounts for themselves. The scammers then make changes to the victim’s account by directing their benefits checks to be sent to bank accounts controlled by the scammers. Even though the Social Security Administration requires verification of personal information by asking questions that only the Social Security recipient should know as part of the process for opening a My Social Security Account, too often this information is available to a determined identity thief who is thereby able to fraudulently open an account in the name of their intended victim.
In order to improve the security of the accounts, the SSA is now requiring people to use dual factor authentication to access their accounts once they have been set up. At the user’s option, the dual factor authentication is done by the SSA sending a one time code either to the user’s email or cell phone. Using an email address for dual factor authentication may prove to be problematic because it is not particularly difficult for a sophisticated hacker to gain access to someone’s email account.
Just as the best defense against income tax identity theft is to file your income tax return before an identity thief attempts does so in your name, so the best defense against the fraudulent setting up of a My Social Security Account in your name is for you to set one up first and protect its safety with a strong username and password. For information about signing up for a My Social Security Account go to https://ssa.gov/myaccount/
A My Social Security Account can also prevent a scammer from using AI to impersonate you and have your check diverted to the scammers bank account by indicating on your My Social Security Account that any changes to the bank account into which your check is electronically deposited only be done in person at a Social Security branch office and not on your online account or over the phone.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – September 26, 2023 – New Apple Security Updates
It is always important to update all of the software you use with the latest security updates and patches as soon as they are available. Numerous hacks and data breaches could have been avoided if individuals as well as companies installed security updates as soon as they became available. Hackers take advantage of the fact that many of us procrastinate installing security software to our great detriment. The major data breach at Equifax in 2018 that affected 148 million people involved a security flaw in Apache software for which a patch had already been issued months earlier, but Equifax had not yet installed at the time of the data breach.
Recently Adobe issued multiple security updates which you should download as soon as possible.
TIPS
Here is a link to the Adobe updates: https://www.cisa.gov/news-events/alerts/2023/09/22/apple-releases-security-updates-multiple-products
Apple also provides the option of you being able to install the latest security updates automatically whenever they are issued. In order to enable automatic iOS updates open the “Settings” app and tap “General.” Then tap “Software Update” and then go to “Automatic Updates.” Enable the switch next to “Download iOS Updates” which will take you to the switch for installing iOS Updates which you can then enable. Once you do this, you will see a confirmation message confirming that your device will now automatically install iOS software updates when they become available.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – September 25, 2023 – Senator Blumenthal Spearheading Efforts Against phony PACs and Charities
Election season will soon be coming to a close and Political Action Committees (PACs) are busy raising money to funnel to candidates and organizations trying to influence legislation. Unfortunately, for the last ten years scammers have been setting up phony PACs that promise to use your money on behalf of your favored candidate or cause, but instead keep the money for their own use. Often the scammers use telemarketing to contact their victims.
One of the more notorious PAC scammers is Harold Taub who set up two phony PACs to appeal to both Republican and Democratic donors, but kept never registered the PACs with the the Federal Election Commission (FEC) as required by law and kept the money he received from donors for himself. Taub was convicted of wire fraud and of violating the Federal Election Campaign Act and was sentenced to three years in prison and order to pay back more than 1.1 million dollars to the victims of his crime.
In addition, phony charities are also using telemarketing to reach people to contribute to their scams.
It is important to note that even if you are on the federal Do Not Call List, you can be contacted by legitimate PACs and legitimate charities, but unfortunately, you can’t tell when you are contacted by a telemarketer whether or not the call is legitimate or not. Using a technique called “spoofing” a scammer can manipulate your Caller ID to make their calls appear to come from a legitimate PAC or charity.
Connecticut Senator Richard Blumenthal is spearheading efforts in Congress along with the Federal Election Commission and the Federal Trade Commission to crack down on these scams
TIPS
Legitimate PACs are required to file with the Federal Election Commission so before giving to any PAC you should check with the FEC to determine if the PAC has filed the necessary documents. If it isn’t registered it is a scam. Unfortunately, even if you find the PAC soliciting your donation is registered, scammers have registered phony PACs and falsify the financial documentation of their spending which they are required to file so merely because a PAC is registered does not mean that it is legitimate.
Limiting your donations to well established PACs is a good policy to avoid being scammed.
Also, if a PAC doesn’t ask for your employment information and citizenship status it is a scam because legitimate PACs are barred from taking donations from federal contractors or foreign nationals, which is why legitimate PACs will always inquire about your job status and citizenship.
As for charities, since you can’t be sure when you are contacted by a charity whether or not they are legitimate, the best course of action is to go to charitynavigator.org where you can find out if the charity is legitimate as well as how to contact legitimate charities to make a contribution.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up using this link. https://scamicide.com/scam-of-the-day/