Scam of the Day
Scam of the day – August 21, 2023 – The Hidden Danger of Drive-By Downloads
We all generally know to avoid sketchy websites that may be infected with malware that can lead to serious problems if you unwittingly download the malware such as ransomware, keystroke logging malware that can lead to identity theft or other types of malware. However, even if you make a concerted effort to avoid websites that may be likely to contain malware, you still may find yourself in danger. According to a study by Menlo Security 42% of the most visited websites on the Internet were vulnerable to malware being planted on these thought-to-be safe websites.
A major problem is that many popular websites use outdated servers that make them vulnerable to malware and data breaches. Another problem comes from many websites including content from third parties such as companies that provide advertising. Malvertising is the name for malware infected advertising that can turn up on legitimate websites and can be downloaded on to your computer or phone by either clicking on links in the advertising or even, in some cases, by merely going to the website where the tainted advertising appears even if you never click on the ad.
In other instances scammers infect legitimate websites with malware by exploiting security flaws. Merely by going to an infected website you can end up downloading the malware without clicking on any links.
TIPS
The first thing to do to protect yourself from being victimized by malware found on websites is to avoid those websites that may appear not to be legitimate. You also should have strong security software on all of your electronic devices including your computer and cell phone, making sure that you update your security software with the latest security patches as soon as they are made available. Keeping your browser updated with the latest versions is also important as many browsers provide some level of protection from malware infected sites.. Finally, you may wish to install ad blocking software that prevents you from becoming victimized by malvertising in all forms.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”
Scam of the day – August 20, 2023 – DIRECTV Phishing Email
Phishing emails are perhaps the most common way people are scammed or become victims of identity theft. Phishing emails appear to come from a legitimate company with which you may do business and lure you into clicking on malware infected links or provide personal information that leads to your becoming a victim of identity theft.
The particular phishing email shown below which was sent to me by a savvy Scamicide reader is very sophisticated, having a legitimate appearing DIRECTV logo. The grammar and punctuation are good and even the email address of the sender looks like it is a legitimate email address of DIRECTV although it is not.. Often a telltale sign that the email is a part of a scam is that the email address of the sender has absolutely nothing to do with the real company, but is the email address of a hacked email account made a part of a botnet.
|
||||||||||
|
||||||||||
 |
||||||||||
|
||||||||||
|
||||||||||
|
||||||||||
|
||||||||||
|
TIPS
Never click on links or provide information in response to an email you receive unless you have absolutely confirmed that it is legitimate. If you have any questions you can always call or email the real company at a phone number or email address that you know is correct. Never use an email address or phone number provided in the email. Trust me, you can’t trust anyone.
If you are not a subscriber to Scamicide.com and would like to receive free receive daily emails with the Scam of the day, all you need to do is sign up using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – August 19, 2023 – Google Phishing Email
Today’s Scam of the day is about a phishing email that appears to come from Google and informs you that your phone, computer or laptop is infected with a virus and attempts to lure you into clicking on a link that purports to help you remove the virus. The email makes for compelling reading and carries the Google logo, but it is a scam. As for the logo, it is a very simple matter to counterfeit a logo in an email.
Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new. They are a staple of identity thieves and scammers and with good reason because they work. As always, they lure you by making it appear that there is an emergency that requires your immediate attention or else dire consequences will occur.
TIPS
As with all phishing emails, two things can happen if you click on the links provided. Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.
Whenever you get an email that asks you for information or to click on links and may appear to be legitimate, do not provide the information or click on the link. Rather, contact the company by phone or by email at a phone number or email address that you have confirmed is legitimate.
A telltale sign that this is a scam is that the email address of the sender of the email has nothing to do with Google, but instead reads “postmaster@favorablecheerful.net.”
Finally, a good indication that this is a scam is that Google doesn’t send emails informing people that their computers, phones or other devices have been infected with viruses.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it states “Sign up for this blog.”
Scam of the day – August 18, 2023 – U.S. Marshall Impostor Scam
Impostor scams have long been among the most lucrative for scammers. While there are many variations of this scam, the most common variations have involved scammers calling their intended victims on the telephone posing as some governmental agency such as the IRS or the Social Security Administration. The scammer then, under a wide variety of pretenses, demands an immediate payment by gift cards, credit card or wired funds. Being asked to pay by gift cards is a definite indication that the call is a scam since no governmental agency requests or accepts payments by gift cards. Alternatively, the scammer demands the victim supply the phony governmental agent with personal information such as your Social Security number which will then be used for identity theft purposes.
Recently the United States Marshals Service for the Middle District of Georgia issued a warning that scammers posing as U.S. Marshals are calling people and threatening to arrest them for violating federal law unless they make a payment. In order to appear legitimate, some of these scammers provide badge numbers and names of actual U.S. Marshals. A big indication that this is a scam is that they offer to take payments by bitcoin or other cryptocurrencies, gift cards or wire transfers to resolve the phony charges. The U.S. Marshals office does not demand payments by phone and never asks for payment by bitcoin, gift cards or wire transfers.
TIPS
As I have often reminded you, through the simple technique of “spoofing” it is very easy for a scammer to manipulate your Caller ID to make a call coming to you appear legitimate when it is not. Therefore you can never truly trust your Caller ID. Trust me, you can’t trust anyone. Even though your Caller ID may indicate that the call is coming from the Office of the U.S. Marshal, the call is coming from a scammer.
If you have any concerns that the call is legitimate, merely hang up and call the court where the supposed case and subpoena was issued to confirm that the original call was an attempt to scam you.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – August 17, 2023 – Bank Remote Access Scam
Remote access scams are increasing and when a scammer posing as your bank lures you into providing remote access to your bank account, the result can be disastrous. In one instance, the scam started with a phone call from a scammer posing as an employee of Avast, a popular security software company. The scammer told his victim that the company could not continue to provide services to him and that they would be refunding him $500. The scammers then told him that they had mistakenly refunded thousands of dollars into his account and therefore needed to get remote access to his bank account in order to withdraw the excess amount “mistakenly” sent to him. The victim fell for the scam and provided them remote access to his account whereupon they emptied his account. By the time the victim realized he had been scammed and reported it to his bank, the money had been already withdrawn from both his bank and the bank to which the scammers had the funds in his account transferred.
TIPS
Whenever you get a phone call, you can never be sure who is really contacting you. Even if your Caller ID indicates the call is legitimate, scammers can use a simple technique called “spoofing” to manipulate your Caller ID so that the call looks legitimate when it is not. It is highly unlikely that any company is going to call you to tell you that they are sending you a refund and even if one did, you could not trust that the call was legitimate.
Even if you thought that the call was legitimate, you should still hang up and call the real company at a telephone number that you know is correct to determine the truth.
Most importantly, never give anyone remote access to your bank account by providing your username and password. In addition, you should use dual factor authentication on your online banking account so that even if someone got your username and password they could not access your account.
Finally, even if everything the scammer said were true, there would be no reason for anyone to give the scammer remote access to their bank account. The person being targeted could refund the money himself or herself without having to give access to the account to a stranger.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
Scam of the day – August 16, 2023 – Scammers Posing as NFT Developers
The FBI recently issued a warning about scammers posing as NFT developers in order to perpetrate cryptocurrency theft. NFT stands for Non-Fungible Tokens which are assets that have been tokenized on a blockchain to make them unique. Many NFTs involve digital art and collectibles such as trading cards and art and while the popularity of NFTs has somewhat waned in the last couple of years, NFTs still are looked upon by some people as valuable investments. The FBI has found that scammers are both hacking the social media accounts of NFT developers or creating cloned social media accounts that appear to be websites of legitimate NFT developers on which they promote the sale of valuable, “limited supply” NFTs. The scammers then lure their victims into connecting their cryptocurrency wallets to cryptocurrency wallets of the scammers in order to purchase the NFTs. Victims falling for the scam who connect their cryptocurrency wallets to the cryptocurrency wallets of the scammers end up having their cryptocurrency wallets emptied.
TIPS
Check the social media account of a NFT developer to make sure it is legitimate and not a cloned account. In particular check for spelling or grammar errors, account history, screen name and creation date to confirm that the site is legitimate. Whenever accessing a website that requests you connect your cryptocurrency wallet, make sure the website is legitimate. One way to do this is to go to ICANN which registers domain names and put in the URL of the site you are directed to in order to see if it is owned by the real developers or scammers. An ICANN lookup will let you know who really owns the particular website. Here is a link to ICANN’s lookup tool. https://lookup.icann.org/en
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – August 15, 2023 – Critical Adobe and Microsoft Security Updates
It is always important to update all of the software you use with the latest security updates and patches as soon as they are available. Numerous hacks and data breaches could have been avoided if individuals as well as companies installed security updates as soon as they became available. Hackers take advantage of the fact that many of us procrastinate installing security software to our great detriment. The major data breach at Equifax in 2018 that affected 148 million people involved a security flaw in Apache software for which a patch had already been issued months earlier, but Equifax had not yet installed at the time of the data breach.
Recently both Adobe and Microsoft issued multiple security updates which you should download as soon as possible.
TIPS
Here is a link to the Adobe updates: https://www.cisa.gov/news-events/alerts/2023/08/08/adobe-releases-security-updates-multiple-products
Here is a link to the Microsoft updates:https://www.cisa.gov/news-events/alerts/2023/08/08/microsoft-releases-august-2023-security-updates
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – August 14, 2023 – Another Major Data Breach (and it’s worse than you think)
Recently the accounting firm Ernst & Young disclosed that it had suffered a data breach affecting 30,210 customers of Bank of America for whom Ernst & Young had been doing accounting. The personal information stolen was quite extensive and included names, addresses, credit card numbers, account information and Social Security numbers which, in the wrong hands, can readily lead to identity theft. The data breach at Ernst & Young, however was not a result of their computers being hacked directly by cybercriminals, but rather was done by exploiting a vulnerability found in MOVEit software used by the Ernst & Young as well as 620 other organizations including American Airlines, TD Ameritrade, Johns Hopkins University and other users of the same software who can be assumed to also have suffered data breaches affecting an estimated 40 million people. This brings back memories of the 2020 SolarWinds supply chain security breach. SolarWinds is a company that provides system management software to 30,000 companies and government agencies. Hackers exploited a vulnerability in its software that, in turn, led to data breaches at thousands of governmental and private entities.
Last year, there were more than 1,800 reported data breaches and probably many more that were not reported affecting 422 million people. The question is not if you will become a victim of a data breach. The question is when.
As I have reminded you many times, we are only as safe and secure as the security of the companies, government agencies and websites that have our personal information. Even if you are extremely diligent in protecting your personal information, you can be in danger of identity theft and scams if your personal information falls into the hands of hackers.
So what can you do to protect yourself from these data breaches that will be occurring?
TIPS
One important lesson is to limit the amount of personal information that you provide to companies and websites whenever possible. For example, your doctor doesn’t need your Social Security number for his or her records.
You should make sure that you have a unique password for each of your online accounts so that if one of your passwords is compromised in a data breach, all of your accounts will not be in danger. If your information is compromised in a data breach, you should immediately change the password for that account.
If you have not already done so, set up dual factor authentication for each of you accounts where it is available. This will protect you from having those accounts stolen by someone who may have access to your password.
https://www.transunion.com/credit-freeze
https://www.experian.com/freeze/center.html
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – August 13, 2023 – FTC Sues Alleged Cryptocurrency Scammer
The Federal Trade Commission (FTC) has sued Celsius Network LLC for cryptocurrency related scams. According to the FTC, Celsius lured people through YouTube videos and Twitter (can’t get used to X) that falsely claimed its cryptocurrency investments were safer than a savings bank account and were guaranteed to earn high interest at no risk. All of these representations, according to the FTC, were lies and ultimately, Celsius, which the FTC says improperly used their investments for their own business expenses, went bankrupt resulting in huge losses for their investors.
TIPS
Before investing with anyone, you should investigate the person offering to sell you the investment with the Securities and Exchange Commission’s Central Registration Depository. This will tell you if the broker is licensed and if there have been disciplinary procedures against him or her. You can also check with your own state’s securities regulation office for similar information. Many investment advisers will not be required to register with the SEC, but are required to register with your individual state’s securities regulators. You can find your state’s agency by going to the website of the North American Securities Administrators Association. https://www.nasaa.org/investor-education/how-to-check-your-broker-or-investment-adviser/ Many investment advisers will not be required to register with the SEC, but are required to register with your individual state securities regulators. You should also check with the Financial Industry Regulatory Authority (FINRA) for information about the particular investment adviser. https://www.finra.org/investors/protect-your-money/ask-and-check If investors had looked into the history of Ackerman, they would have found that he had let lapse several important securities licenses.
It is also important to remember that you should never invest in something that you do not completely understand. This was a mistake that many of Bernie Madoff’s victims made. Cryptocurrency scams quite often involve complicated language and investment terms that is purposefully unclear in an effort to confuse potential investors from understanding the real facts. For more information about cryptocurrencies go to ftc.gov/cryptocurrency You also may want to check out the SEC’s investor education website at www.investor.gov. Scammers can be very convincing and it may sound like there is a great opportunity for someone to make some money, but you must be careful that the person making money is not the scam artist taking yours.
In addition, as always, if the investment sounds too good to be true, it usually is. In this case the guarantee of high returns at no risk should have been a red flag.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – August 12, 2023 – Blessing Loom Pyramid Scheme Banned
Illegal pyramid schemes take many forms. Year after year since 2015 I have warned you about the Secret Sister Gift Exchange, which keeps reappearing each year around the holidays. It seems harmless enough when you see it come up in your email or on social media, such as Facebook and Twitter where it has increasingly been found. It starts when you are provided a list of six people. You are told to send a gift worth at least ten dollars to the first person on the list, remove that person’s name from the list, move the second person on the list to the first position, add your name to the end of the list and then send the list to six of your friends. In theory, you will receive thirty-six gifts for your small contribution of ten dollars.
So where is the harm?
First of all, it is a blatantly illegal chain letter and violates Title 18 of the United States Code, Section 1302. In addition, like all chain letters, ultimately, it is destined to fail because it is a pyramid scheme where eventually we run out of people on the planet to maintain the scheme. In 2020 I first told you about the “Blessing Loom ” which first appeared in 2016, but has come back strong in recent years.. In 2021 I reported to you that the Federal Trade Commission (FTC) and the State of Arkansas sued the people behind the “Blessings in No Time” (BINT) investment program alleging that they operated an illegal pyramid scheme that stole tens of millions of dollars from unwary consumers.
According to the FTC, the defendants lured people into joining the program by falsely promising investment returns of as high as 800% which in and of itself should have been a red flag that you are dealing with a scam. Some victims of this scam paid as much as $62,700 to participate in the program. According to the FTC, BINT was a pyramid scheme where the so-called investment returns were merely derived from the payments made by other members of the program. For every member who may have received a promised payout, eight additional members had to pay into the scheme. Like all pyramid schemes, it was doomed to fail because ultimately, there aren’t enough people on the planet to keep it going.
Now the FTC, Sate of Arkansas and BINT have settled the lawsuit resulting in BINT being required to pay $450,000 in refunds to its victims. In addition, BINT is permanently banned from the business of multi-level marketing.
TIPS
Like the Secret Sister Gift Exchange, BINT is nothing more than a repackaged chain letter. You should avoid all chain letters regardless of the guise under which you receive them. They are illegal and ultimately due to fail. Even if you are an early “investor” in the program who received payments, those payments are generally “clawed back” by law enforcement when they crack down on the scam.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/