Scam of the Day
Scam of the day – September 14, 2023 – Bank Text Message Scam
Phony text messaging, called smishing, which purport to be from your bank is a scam about which I have been warning you for years, but appears to be a scam that is dramatically increasing. Recently, I received a text message that appeared to come from Citizens Bank which read “Account on hold: Reason unverifiable profile. Please update your profile below immediately to avoid blockage.” A link then appeared in the text message that had no obvious connection to Citizens Bank.
Phony text messages like this can be particularly problematic if you have signed up to receive text message alerts from your bank. Whenever you receive a text message you can never be sure who is really sending it to you, so you should never call a telephone number indicated in the text message, provide information or click on links in such text messages which may either download ransomware malware on to your phone or keystroke logging malware that can lead to your becoming a victim of identity theft.
The best course of action when you receive such a text message, if you have a concern that it may be legitimate, is to merely independently contact your bank to determine whether or not the text message was a scam, but be careful that you do not misdial the telephone number of your bank as some scammers purchase phone numbers similar to those of legitimate banks and credit card companies hoping that they will receive calls from unwary consumers who may have merely misdialed the telephone number of their bank or credit card company.
TIPS
Regardless of how official such a text message may appear, you should never provide personal information to anyone in response to a telephone call, email or text message because in none of those situations can you be sure that the person contacting you is legitimate. If you do receive a communication from a bank, government agency or any other person or entity that you think might have a legitimate need for personal information from you, you should call the real entity at a telephone number that you know is legitimate in order to ascertain the truth.
Banks do not call, text or email their customers asking for personal information. You should always be skeptical of anyone asking for such information. Of course, if you receive a text message that appears to come from a bank at which you do not have an account, you can be confident it is a scam. If the text message provides for you to respond to stop future texts, don’t do it. Sending such a message to a scammer merely alerts them to the fact that yours is an active phone number.
Finally, although today’s Scam of the day focuses on phony bank text messages, it is a good idea to sign up to receive text alerts from your bank which can be customized for your own particular needs. In regard to the text message that I received, a close examination of the sender would indicate that it came from “Citizen Bank” rather than “Citizens Bank” which is the name of the legitimate bank (and not one at which I have an account.)
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it indicates “Sign up for this blog.”
Scam of the day – September 13, 2023 – Bed, Bath & Beyond Sales Scams
For many years Bed, Bath & Beyond was a popular housewares and specialty items store. I always enjoyed shopping there and if you ever shopped there you may remember their receipts with ream upon ream of coupons. In any event, the company came upon hard times and declared bankruptcy earlier this year and closed the last of their physical locations in August. However, the company, which was bought by Overstock.com continues to operate as an online store and therein lies the scam. Effective scams often have a kernel of truth to lure you in. In this case, people are aware that Bed, Bath & Beyond went bankrupt so they are susceptible to postings on Facebook and other social media that appear to be from Bed, Bath & Beyond offering tremendous online bargains in their going out of business sale. If you click on the posts, they take you to a website that appears to be that of Bed, Bath & Beyond. However, if you purchase anything from the counterfeit site, you don’t get anything in return.
TIPS
I have often warned you about counterfeit websites. The less sophisticated ones can be immediately identified by URLs that have nothing to do with the company or poor grammar. However, some of the counterfeit sites appear quite legitimate and with the use of AI it is even easier for a scammer to create a legitimate looking site. The best thing to do if you are considering whether to make a purchase from any website that appears to be of a legitimate company is to check if the URL really is that of the company. One way to do this is to go to ICANN which registers domain names and put in the URL of the site you are directed to in order to see if it is owned by the real company or a scammer. An ICANN lookup will let you know who really owns the particular website. Here is a link to ICANN’s lookup tool. https://lookup.icann.org/enIf what appears to be a website of Bed, Bath & Beyond ends up being owned by someone in North Korea, for example, you know it is a scam.
As for Bed, Bath & Beyond, their website in the United States is http://www.bedbathandbeyond.com and in Canada is http://www.bedbathandbeyond.ca.
It is also important to point out that whenever you shop whether online or in a brick and mortar store, you should use your credit card rather than your debit card. The laws protecting you from fraudulent purchases made using your credit card are much stronger than those when you use your debit card.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it states “Sign up for this blog.”
Scam of the day – September 12, 2023 – Facebook Marketplace Zelle Scam
Facebook Marketplace is a popular and convenient place for people to buy and sell things so, of course, scammers are drawn to it. Scams on Facebook Marketplace increased 184% last year. A new scam turning up on Facebook Marketplace starts when you list an item for more than a few hundred dollars. Shortly thereafter you are contacted by a scammer posing as a legitimate buyer who wants you to use Zelle, Venmo or some other P2P Service to pay you for the item. Peer to Peer Payment Payment Services (P2P) such a Zelle are used by many people to quickly and conveniently send money electronically from your credit card or bank account. Sending money through Zelle only requires you to enter the recipient’s phone number or email address.
Then the fun begins (for the scammer). You next receive an email that purports to have been sent by Zelle indicating that the buyer paid you through a Zelle “business account” and that you need to upgrade your personal Zelle account to a business account in order to receive the payment from the scammer posing as the buyer. You are then told that in order to upgrade your account, the amount sent to you needs to be increased by $300. The scammer then tells you that he or she will gladly send you an additional $300 through Zelle in order to enable the transaction if you merely refund the excess payment to them through Zelle. Of course, soon after refunding the $300, which was never paid by the scammer to begin with, the scam victim realizes he or she has just been scammed out of $300.
TIPS
Unfortunately, Zelle has proven to be easily exploited by scammers and unlike scams targeting your credit cards directly, you may not have as much protection under the law to get your money back if you do get scammed. Although the Consumer Financial Protection Bureau issued guidelines last year indicating that all online money transfers such as this that were done as a scam should be reimbursed by the bank, many banks are refusing to refund money lost by the scam victims.
Following many complaints from scammed Zelle customers about the difficulty in getting their money back from their banks after being scammed, Senators Elizabeth Warren and Robert Menendez contacted EWS, the network that operates Zelle, telling it that it had to provide “appropriate redress to defrauded customers.” As I reported to you in a December Scam of the day, it appears that the banks that operate Zelle appear to be close to enacting rules to provide for better protection of consumers from Zelle fraud, however, those new rules have not yet been put into effect. https://scamicide.com/2022/12/23/scam-of-the-day-december-24-2022-new-rules-to-protect-victims-of-zelle-scams-appear-to-be-coming/
Also, while Zelle has business accounts, you don’t need to upgrade your account in order to receive a payment from a Zelle business account. Frankly, I don’t think anyone should use Zelle, Venmo or any of the other P2P services for anything other than sending small amounts to friends and family. The potential for scams is too great and your ability to get reimbursed is low.
Finally, anytime someone sends you an overpayment for whatever reason and asks for you to send funds back, you should be skeptical as this is always a scam.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – September 11, 2023 – Phony Amazon Invoice Scam
Shopping on Amazon, has been popular for a long time, but particularly during the continuing pandemic shopping on Amazon has increased dramatically and with so many people shopping on Amazon, scammers are using Amazon as the basis for a variety of scams. According to the Federal Trade Commission (FTC) Amazon based scams have increased 500% in the last year I have warned you many times over the years about scammers who send various types of phishing emails which purport to be from Amazon attempting to lure you into either clicking on links which can download malware, such as ransomware or providing personal information that can be used to make you a victim of identity theft.
I recently received an Amazon phishing email that is copied below. The email below is typical of many of those presently circulating. The latest Amazon phishing scam appears to be an invoice for an Amazon Prime order, which I, of course, did not order. The phony email contains a telephone number to call if there are issues with your order and that is exactly what the scammer wants you to do, namely call them to dispute the invoice. If you call the number, you will be asked for personal information that will lead to your becoming a victim of identity theft.
This particular phishing email is very sophisticated. The grammar is relatively good without glaring errors and the logo used appears legitimate, but it is very simple to counterfeit a legitimate appearing logo. Often a telltale sign that the email is a part of a scam is that the email address of the sender has absolutely nothing to do with Amazon and that was the situation in this case. All legitimate Amazon emails end in amazon.com. The email of the sender of this phony email has nothing to do with Amazon and is, most likely, that of someone whose email account was hacked and made a part of a botnet to send out large numbers of scam emails.
It is also noteworthy that neither your name or account number ever appears in the email.
Here is a copy of the email presently being circulated
amazon prime
Shipping Information
Date : April 06, 2022
|
|
Dear Customer,
Apple MacBook Pro with Apple M1 Chip has been order successfully.
Product Details
Apple MacBook Air Pro with Apple M1 Chip (13-inch, 8GB RAM, 256GB SSD Storage) – Space Gray
Arrival Date April 6th to 7th
You can view more details with the Tracking Editor Track Your Package Invoice No: KUYHJ896 Total : $1148.78
Tax Collected : $97.00
Shipment Total: $1245.78
|
|
Your order has been successfully ordered if need any changes please get in touch with us +1(866) 224-3650
TIPS
While this is a very legitimate appearing email that uses the Amazon logo and is written with acceptable grammar and punctuation, it is clearly a scam. Never click on a link in an email or text message or provide personal information unless you have confirmed that the email or text message is legitimate. The telephone number to call if you suspect Amazon related fraud is 866-216-1075 or you can call their real customer service number 888-280-4331 Never call the numbers that appears in phishing emails.
Also, because any of us can be scammed, it is a good idea to use dual factor authentication whenever possible to protect your various accounts so that even if someone actually had your password they would not be able to access your account. In order to set up dual factor authentication for your Amazon account use this link. https://www.amazon.com/gp/help/customer/display.html?nodeId=G3PWZPU52FKN7PW4
If you are not a subscriber to Scamicide.com and would like to free receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – September 10, 2023 – Delivery Text Message Scam
The Federal Trade Commission is reporting a substantial increase in a scam by which people are receiving text messages that appear to come from UPS, Federal Express or the U.S. Postal Service indicating that there is a package that has been waiting to be delivered and needs to be claimed. Reproduced below is a copy of one of these text messages. The text message lures you into clicking on a link to provide information to schedule the delivery. In one version of this scam the link takes you to what appears to be an Amazon website where you are asked to take a customer satisfaction survey. You are told that if you will be sent a prize for merely taking the survey and they ask for a credit card number from you to pay for the shipping of your “free” prize. In other versions of this scam, you are asked under other pretenses for your credit card number for verification purposes. In both of these instances, the scammer is merely interested in getting your credit card number and making unauthorized charges. In yet another version of the scam, merely clicking on the link provided will download dangerous malware such as ransomware or keystroke logging malware that can lead to your becoming a victim of identity theft.
TIPS
There are a lot of red flags to indicate that this is a scam. Many of the text messages don’t provide the name of who they purport to be. If you got a legitimate message from a delivery service, it would indicate which delivery service was sending you the text message. In addition, the phone number sending you the text message is generally not a phone number used by the USPS, Federal Express or UPS although more sophisticated criminals would be able to “spoof” the number of these legitimate delivery services to make it appear that the text message was trustworthy. The bottom line is that you should never click on any link in a text message unless you are absolutely sure and have confirmed that it is indeed legitimate.
If you have any concerns that such a text message might be legitimate, you can do a reverse phone lookup to see who actually owns the phone number used to text you or, more simply, call the USPS, Federal Express or UPS to see if anyone actually did send you such a text message whereupon you will be told that they did not. Federal Express specifically has indicated that it does not send unsolicited text messages. Neither the USPS nor UPS will send you a text message unless you have already signed up for their text message service.
Scam of the day – September 9, 2023 – Nevada Detectives Recover Funds for Victim of Impostor Scam
Impostor scams have long been among the most lucrative for scammers. While there are many variations of this scam, the most common variations have involved scammers calling their intended victims on the telephone posing as some governmental agency such as the, FBI, IRS or the Social Security Administration. The scammer then, under a wide variety of pretenses, demands an immediate payment by gift cards, credit card or wired funds. Being asked to pay by gift cards is a definite indication that the call is a scam since no governmental agency requests or accepts payments by gift cards. Alternatively, the scammer demands the victim supply the phony governmental agent with personal information such as your Social Security number which will then be used for identity theft purposes.
Recently Detectives in Washoe County, Nevada disclosed that they learned of a local resident who had been contacted electronically and by phone by a scammer posing as law enforcement who told the targeted scam victim that his bank account had been linked to criminal activity and that in order to stop the crime, the scam victim had to withdraw the $15,000 he had in his account and deposit it into a designated cryptocurrency account through a Bitcoin ATM. Fortunately, while the fearful scam victim complied with the directions of the scammers, he also recognized that it was a scam immediately thereafter and promptly notified the police who were able to recover the funds from the Bitcoin ATM. Washoe County detectives indicated that other country residents have been less fortunate, losing more than $500,000 to this scam already this year.
TIPS
It is easy to recognize one of these impersonation scams. Neither the FBI, IRS, SSA or any federal agency will initiate communication with you by a phone call. Neither does any government agency suggest transferring money into cryptocurrency.
As I have often reminded you, through the simple technique of “spoofing” it is very easy for a scammer to manipulate your Caller ID to make a call coming to you appear legitimate when it is not. Therefore you can never truly trust your Caller ID. Trust me, you can’t trust anyone. Even though your Caller ID may indicate that the call is coming from the FBI, the IRS or some other government agency the call is coming from a scammer.
As for the scam that snared the Nevada scam victim, no law enforcement officer would ever advise anyone to withdraw their funds and deposit them into a Bitcoin account. Bitcoin and other cryptocurrencies are a favorite of scammers because they are readily transferred anonymously.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – September 8, 2023 – CFPB Settles with Credit Repair Scammers
Credit repair scams are very common as scammers take advantage of people with debt problems and promise to fix their credit and clear their credit reports of adverse information for up front fees. I have been warning you about these scams for eleven years. Recently the Consumer Financial Protection Bureau (CFPB) entered into a settlement with the companies operating the largest credit repair operations in the country including Lexington Law and CreditRepair.com. The CFPB alleged that these companies violated a range of violations including demanding illegal advance fees for credit repair services. According to the terms of the settlement, which still must be approved by a judge, these companies are banned from telemarketing their credit repair services and imposes a 2.7 billion dollar judgment against the defendants.
Your credit report is one of the most important documents in your financial life. The information in your credit report as maintained by the three major credit reporting agencies, Equifax, TransUnion and Experian is used to calculate your credit score. This is used by financial institutions to evaluate your creditworthiness and can affect your ability to get a credit card, mortgage loan or a car loan. It also can affect the rate that you will be charged on such loans. In addition, your credit score is used in many states by companies in making hiring decisions and landlords consider credit scores when determining whether or not to rent an apartment or home to someone.
TIPS
Don’t fall prey to scammers operating phony credit repair companies and never pay an upfront fee to one of these companies. Advance fees for credit repair companies that operate for profit are banned by the Credit Repair Organizations Act.
Negative information on your credit report remains on your credit report for seven years and bankruptcies for ten years. Anyone who tells you otherwise is just trying to scam you. Many of the scam credit repair companies use illegal tactics such as applying for a federal employer ID to use as your Social Security number when applying for credit. This is illegal.
If you need real credit counseling you can go to this section of the Department of Justice’s website where it lists agencies approved to assist consumers with debt problems. https://www.justice.gov/ust/list-credit-counseling-agencies-approved-pursuant-11-usc-111 You also may consider contacting companies that are affiliated with the National Foundation for Credit Counseling at this link https://www.nfcc.org/
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”
Scam of the day – September 7, 2023 – Gordon Ramsay HexClad Cookware Scam
As you can well expect, many scams are perpetrated through social media. One current scam appearing on social media uses a fake endorsement of celebrity chef Gordon Ramsay to scam people who think they are getting free upscale cookware, but instead become a scam victim. Posts like the one shown below promise a free set of HexClad cookware in return for merely paying $9.95 for shipping and handling. The particular scam ad shown below appears to be a story from Fox News, but it is fake. Anyone responding to the posts which have appeared on Facebook and elsewhere are taken to a website where they need to provide their credit card number to cover the $9.95 shipping and handling cost, however, anyone providing their credit card number will soon find that there card gets charged for much more than $9.95 and they never receive any cookware or anything other than a lesson in being scammed.
TIPS
Of course, anything too good to be true is generally not true and the offer of expensive cookware for free should immediately arouse skepticism. In cases such as this, if you had any thought that the offer might be legitimate you should confirm the offer by going to the website of the endorser and the company involved. If the offer was in any way legitimate, it would appear on the websites of both the endorser and the maker of the product. In this case you could go to Gordon Ramsay’s website http://www.gordonramsay.com or HexClad’s website of hexclad.com.
Finally, whenever you buy anything whether on line or in a brick an mortar store do not use your debit card. The laws that protect you from liability for fraudulent use of your credit card are far stronger for credit cards than debit cards.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – September 6, 2023 – Watch Out for Malicious Browser Extensions
As if we all didn’t have enough to worry about, recently there has been an increase in malicious browser extensions which when downloaded can lead to your being scammed out of money or becoming a victim of identity theft. Browsers, like Google Chrome allow you to efficiently search the Web, but while they can be very helpful, people often want to supplement their functionality by adding a browser extension. A browser extension customizes your browser to your own personal needs through such useful functions as encrypting email, storing passwords and blocking ads (which I use). Some extensions are actually made available through the browser you use, but many others come from third party developers. In order to be operate, extensions generally need you to grant permission to access your browsing activities and therein comes the problem.
You can run into problems in two separate scenarios. In one, you may download a legitimate browser extension that has been infected with malware that can steal your data . In the other, you may unwittingly download a malicious extension that is totally bogus, but appears to be legitimate that again steals your data. Depending on the permissions you grant the extension it can gain access to your email or steal your passwords and other sensitive information.
TIPS
So how do you protect yourself?
A good place to start is to limit your downloading of any extension from legitimate sources such as the Chrome Web Store although this is not a guarantee that you won’t be downloading a malicious browser extension as, despite the best efforts of Google, malicious apps have made their way to the Chrome Web Store. More than 30 malicious browser extensions were downloaded 75 million times before Google removed it from the Chrome Web Store.
No one likes reading fine print, but carefully review the permissions that the extensions require before you download any browser extension to see that the extension is not requiring access to privileges such as access to your email that it should not need.
Finally, can the extension through security software to determine if it is a malicious browser extension.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – September 5, 2023 – SIM Swapping Getting Worse
A Subscriber Identity Module, more commonly known as a SIM card, is an integrated circuit that stores information used to authenticate subscribers on mobile devices, such as a cell phone. The SIM card is able to be transferred between different devices, and often is, when people update into a newer cell phone. SIM Swapping is the name for the crime where someone convinces your phone carrier to transfer your SIM card to a phone controlled by the criminal.
As more and more financial transactions, such as online banking, are now done through cell phones, identity thieves with access to their victims’ SIM cards are increasingly becoming able to intercept security codes sent by text messages for online banking as part of dual factor authentication and thereby providing the identity thief with the opportunity to empty their victims’ bank accounts and cause other financial havoc.
The number of SIM swap attacks has increased dramatically in the last year with many high profile people among the victims. Recently the Department of Homeland Security’s Cyber Safety Review Board recommended that mobile service providers enhance their security protocols to combat this problem.
TIPS
Perhaps the best thing you can do to protect your SIM card from SIM swapping is to set up a PIN or password to be used for access to your mobile service provider account. This will help prevent a criminal from calling your carrier posing as you and convincing your mobile carrier to swap your SIM card to the criminal’s phone merely by providing personal identifying information or answering a security question.
AT&T will allow you to set up a passcode for your account that is different from the password that you use to log into your account online. Without this passcode, AT&T will not swap your SIM card. Here is a link with instructions as to how to set up the passcode. https://www.att.com/esupport/article.html#!/wireless/KM1051397?gsi=9bi24i
Verizon enables customers to set up a PIN or password to be used for purposes of authentication when they contact a call center. Here is a link with information and instructions for setting up a PIN with Verizon. https://www.verizonwireless.com/support/account-pin-faqs/
T-Mobile will allow you to set up a passcode that is different from the one you use to access your account online. This new passcode is used when changes to your account are attempted to be made such as swapping a SIM card. This code will not only protect you from criminals attempting to call T-Mobile and swap your SIM card, but will also prevent someone with a fake ID from making changes to your account at a T-Mobile store. Here is a link to information and instructions for adding a new passcode to your account. https://www.t-mobile.com/customers/secure
Sprint customers can establish a PIN that must be provided when doing a SIM swap, in addition to merely answering a security question, the answer to which may be able to be learned by a clever identity thief. Here is a link to information about adding a PIN to your Sprint account. https://www.sprint.com/en/support/solutions/account-and-billing/update-your-pin-and-security-questions-on-sprint-com.html
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”