Scam of the day September 29, 2022 – FTC and California Take Legal Action Against Mortgage Relief Scammers,
The Federal Trade Commission (FTC and the California Department of Financial Protection and Innovation (DFPI) have sued a number of companies and their owners doing business under the names Home Matters USA, Academy Home Services, Atlantic Pacific Service Group and Golden Home Services America for operating scam mortgage relief operations that misled consumers and cost them millions. A federal court has issued an injunction temporarily shutting the companies down and freezing their assets while the case continues through the courts.
Laundering money derived from a scam is an essential element of many scams. Scammers can be extremely clever at distancing themselves from their scams in order to avoid detection. The people they enlist either as willing or unknowing participants in the laundering of the proceeds of a scam are called money mules. Scams in which innocent people are lured into being unknowing money mules are numerous. One of the more common of these involves work at home scams where your job is to receive goods, often electronics that have been shipped to you, inspect them and then reship them to an address provided to you by your new employer.
Recently in Providence, Rhode Island a man was scammed out of $2,500 by scammers who called him falsely claiming that they were holding his wife hostage and would kill her unless he paid a ransom. There was no kidnapping, but he paid the ransom before he was able to get in contact with his wife who assured him that she had not been kidnapped.
Quizzes on Facebook and other social media are very popular, but they can be exploited by identity thieves. A good example of this was the “10 Concerts, but there is one act that I haven’t seen live. Which is it?” Facebook quiz. While this may appear harmless, the information you provide may tell more about you than is safe to make public. It may provide information about your approximate age and preferences in music which can then be used by a scammer to send you a spear phishing email tailored to appeal to your particular interests that you may trust and click on a link contained in the email that contains either keystroke logging malware that can be used to steal your identity or ransomware.
Searching for a job online has become the norm for many job seekers and there are many legitimate online employment websites such as Indeed.com, Careerbuilder.com and Monster.com, however, merely because an ad for a job appears on a legitimate website does not mean that the job is for real. It may be just a scam seeking either personal information to make you a victim of identity theft, your money or both. Although Indeed.com, Career builder.com, Monster.com and other online employment agencies do their best to screen their ads, they can’t come even close to being perfect.
The most common tech support scams start with popups on your computer that provide notices of security problems that contain telephone numbers for you to call to fix the problem, Whenever you get a pop-up, email, or text message that appears to tell you that you have a security problem with your computer, you should never click on any links contained in the message or call the telephone number provided. If your screen freezes, which is what happened to the Scamicide reader, all you need to do is just turn off your computer and restart it. If you are concerned that you may be experiencing a real security problem you can contact tech support at the real tech companies directly by phone or by email using the phone number and email addresses you find on their respective websites.
Natural disasters such as hurricanes and wildfires are common occurrences and the first major hurricane of the season, Hurricane Fiona has already wreaked havoc on Puerto Rico and the Dominican Republic . Partially due to global warming, last year the United States experienced 22 major natural disasters that cost more than a billion dollars each. Natural disasters, such as hurricanes, wildfires, tornadoes and earthquakes bring out the best in people who want to donate to charities to help the victims. Unfortunately natural disasters also bring out the worst in scammers who are quick to take advantage of the generosity of people by contacting them posing as charities, but instead of collecting funds to help the victims of these natural disasters, these scam artists steal the money for themselves under false pretenses.
Data breaches continue to a major problem for all of us. Regardless of how well you protect the security of your personal information on your own computers and devices, you are only as safe as the places that hold your information with the weakest security. Earlier this week American Airlines confirmed that it had suffered a data breach in July that compromised personal information of both employees and an undetermined number of customers. The stolen information included names, dates of birth, mailing addresses, phone numbers, email addresses, driver’s license numbers, passport numbers and even medical information.
A variation on this scam occurs also where scammers purchase telephone numbers that are a single digit off of the legitimate phone numbers for many companies’ tech support or customer support in order to take advantage of common consumer misdials. A Scamicide reader recently had an issue with his Sprint account and called their customer support phone number where he was told that he was eligible for a special promotion and a gift card if he just provided some personal information. It was at this point that the savvy Scamicide reader realized he had mistakenly called the wrong number, but a number merely a digit off from the correct Sprint customer support number. He hung up and avoided being scammed.
Even if we everyone doesn’t use them, we are all pretty much familiar with QR Codes such as the one shown below. The Quick Response (QR) code is a two dimensional barcode that can be scanned and read by your cellphone. They have been around since 1994 and like a link that you click on, they can take you to a website or some other source of information quickly and easily. Advertisers were fond of QR codes because they were easier for consumers to scan then type in a long URL. However, no good deed goes unpunished and scammers are always ready to turn anything into a scam so it is not surprising that QR codes have been used by scammers to perpetrate scams and QR code scams increased dramatically during the pandemic. Often the scams come in the form of phishing emails that instead of attempting to lure you into clicking on infected links, try to persuade you to scan the QR code which can result in your downloading malware on to your phone, such as ransomware or keystroke logging malware that can lead to your becoming a victim of identity theft.
Today’s Scam of the day is about a phishing email presently circulating that attempts to lure you into clicking on a link in order to continue using your email account from an undescribed email server. I have written in the past of similar phishing emails specifically targeting AOL users, but in this particular phishing email the scammer is casting a much wider net, hoping to catch people who use many different email services by not specifically naming which email service the email purports to be from. Here is the email presently being circulated. The link where it reads “UPGRADE NOW TO THE NEWEST VERSION ” has been disabled. If you had hovered your mouse over the original link, you would have seen that it would have taken you to a site that wasn’t related to any email provider.
Vendors pay brushers to make large orders of their product and ship them to strangers to make the sales appear to be legitimate. The brushers follow up on these purchases by posting glowing reviews of the vendor’s product. This combination of increased sales volume and positive reviews will, in turn, result in the increased prominence of the vendor in online marketplaces and result in increased sales. Brushing is illegal in the United States and China, however, it is quite commonly used by Chinese companies. Now we are seeing a resurgence of this scam with people receiving a wide variety of inexpensive products that they never ordered.
Recently, the Federal Trade Commission (FTC) warned people to be wary of phone calls that appear to come from either Federal Trade Commissioner (FTC) Noah Phillips, Commissioner Rebecca Kelly Slaughter, Commissioner Christine Wilson or FTC Chair Lina Khan . In the call, the scammer provides a phony badge number and tells you that there is a warrant for your arrest, but to avoid being arrested you can pay a fine using a gift card, cryptocurrency or wiring money.
To combat this scam Twitter, Facebook and Instagram have all set up verification programs that provide for verification that the account is a legitimate one and then provide a badge or other symbol to indicate to everyone that the account is indeed a legitimate account. Now scammers are taking advantage of this and sending messages or emails that purport to come from Twitter, Facebook or Instagram indicating that there is a problem with your status and that unless you appeal, you will lose your verified account status. A link or download is provided for you to start the appeals process, but if you click on the link or download the attachment you will end up downloading malware that will steal your data from your device and put you in jeopardy of identity theft.
More recently the FTC commenced legal action against American Vehicle Protection Corp. alleging they blasted consumers will illegal calls, made bogus claims on the extent of coverage, misrepresented their affiliations and “bilked consumers out of more than $6 million over the last four years.”
In desperate times people often let their guard down, which provides a lethal combination for scammers offering loans to people even if they have poor credit. You may get a solicitation for a loan through an email, phone call or you may even see it in legitimate media, but you should always beware. Just because an advertisement for a loan appears in a legitimate newspaper or other media does not mean that the loan offering has been investigated for legitimacy by the media carrying the advertisement. In fact, in difficult financial times when advertising dollars are hard to come by, the standards of media for taking advertisement seem to drop. Other times the loan solicitation comes by way of a robocall or text message.
Many people continue to pay their household bills by paper checks rather than electronic banking and even when shopping, some people prefer paying by check instead of using a credit card or cash. While there has been much discussion in the news about data breaches involving credit cards, the problems encountered through check washing are still substantial costing consumers and banks more than a billion dollars each year and the problem is getting worse. Typically, how the scam starts when someone pays a bill with a check, mails the envelope containing the check and then somewhere in transit the check is stolen, washed clean and altered to provide a big payment from the victim’s checking account to the criminal. Check washing is a process by which someone steals a check you have already written and “washes” or removes the name of the payee, often using simple bleach, and also changes the amount. The criminal then cashes your altered check and steals your money.
75% of Americans used mobile bank apps to some degree for their personal banking needs. This fact has not been lost on hackers and scammers who have in recent years increasingly focused much of their attention on scams and hacking of mobile phones. One of the more effective tactics used by hackers is to create malicious apps called banking trojans which appear to the targeted victim to be a legitimate app such as a game or tool which the victim downloads.
Once downloaded, the malicious app stays dormant until the victim goes to use their legitimate banking app at which time it creates a phony version of the victim’s bank’s login page which appears on top of the legitimate app. The victim then inputs his or her username and password into the malicious app thereby providing this information to the hacker. Making this crime even more devious is the fact that once the victim has inputted his or her information, the banking trojan sends the victim to the real banking app login page so the victims do not become immediately aware that they have been hacked .
Today’s Scam of the day is a phishing email that appears to come from Wells Fargo. It makes for compelling reading, but it is a scam. Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new. They are a staple of identity thieves and scammers and with good reason because they work. As always, they lure you by making it appear that there is an emergency that requires your immediate attention or else dire consequences will occur.
The pandemic increased the trend toward online purchases of just about everything and even as the pandemic has waned, many of us continue to make large amounts of our consumer purchases online. Scammers, of course, see this as an opportunity to scam people with phony websites that steal your money and provide you with nothing in return. Some of these phony websites are for totally made up companies that you have never heard of, but which are offering tremendous discounts on popular goods while other phony websites are counterfeit websites of legitimate online retailers.
Ordering food online for delivery was somewhat popular prior to the pandemic, but really took off during the pandemic when people want restaurant food without having to go to a restaurant. Many restaurants have taken advantage of this interest and set up websites to facilitate ordering food deliveries and companies such as DoorDash and GrubHub also take online orders for food deliveries from multiple restaurants. As could be expected scammers also are getting into the food delivery business although it would be more accurate to say that they got in the business of taking your online orders for food delivery, but deliver nothing except charges on your credit card.
Electronics company Samsung recently announced that it had suffered a data breach in July that they discovered in August. As a result of the data breach personal information including the names of customers, their birth dates, demographic information and product registration information was compromised. Here is a link to Samsung’s notice to its customers about the data breach. https://www.samsung.com/us/support/securityresponsecenter/
Another common election time scam involves a call purportedly from your city or town clerk informing you that you need to re-register or you will be removed from the voting lists. You are then told that you can re-register over the phone merely by providing some personal information, such as your Social Security number. The truth is that you will not be called by your city or town clerk and told that you need to re-register and voter registration is not done by phone.
Three years ago, the Consumer Financial Protection Bureau (CFPB) issued a warning about the scam and its dramatic increase. The scam targets people involved in the purchase and sales of residential real estate. The scam begins with the hacking into the email accounts of any of the various people involved in the sale. This can be either the buyer, seller, lawyers, title company, real estate agent or mortgage banker. Unfortunately, hacking into email accounts is a relatively easy thing for a skilled identity thief to do. The hackers then monitor the communications regarding the progress of the sale of a particular piece of real estate and when the time is right, generally posing as one of the lawyers, title company or bank mortgage officer, the scammer will email the buyer, telling him or her that funds necessary to complete the sale need to be wired to the phony lawyer’s, title company’s or banker’s account provided in the email. Everything appears normal so unsuspecting buyers too often are wiring the money to the cyberthieves who then launder the money by moving the funds from account to account to make it difficult to trace the funds.
Weight loss scams are among the most common scams and with good reason. Many people want to lose weight and most of the scam products promise to do that for you easily without diet or exercise. According to the Federal Trade Commission (FTC) in 2021 approximately 30% of all of the health care related scams involved phony weight loss products and programs.
I mention this because recently the cybersecurity company Zscaler found that scammers are offering free versions of Adobe Acrobat Pro, 3Dmark, 3DVista Virtual Tour Pro, 7-Data Recovery Suite, MAGIX Sound Force Pro and Wondershare Dr. Fone on websites. These websites often come up high in a search engine search either by buying a high position or by knowing how to manipulate the algorithms used by the search engines to get a high position in a search. These pirated versions are riddled with harmful malware.
Your digital wallet is where the key that allows you to access your cryptocurrency account is found. If your key falls into the hands of a hacker, you can easily lose all of your cryptocurrency account so it is of paramount importance to secure your digital wallet. Digital wallets can either be hot wallets or cold wallets. Hot wallets are connected to the Internet which makes them more susceptible to being hacked which is why a cold wallet which is not connected to the Internet, but rather is is kept in a portable hard drive is your best bet.
The original date by which you had to get a REAL ID was set at October 1, 2021, however due to the Coronavirus pandemic, the deadline was postponed until May 3, 2023. This is both good news and bad news. It is good news because it gives you more time to get your REAL ID, but it is also bad news because it gives scammers more time to contact you posing as governmental officials seeking your personal information under the guise of helping you apply for your REAL ID when their real purpose is to harvest your personal information and use it to make you a victim of identity theft.
Approximately 8 million borrowers may qualify to get their debt relief automatically because the Department of Education already has all of their relevant information on file. However, others may need to apply for debt relief. It is not expected that the applications will be available for at least weeks and perhaps even months. This is going to lead to scammers jumping in and contacting people promising to be able to get preferential early treatment or assistance in getting the debt relief for an up-front fee. Up-front fees for debt relief are always a scam because those fees are illegal. It can be expected that the scammers will try and lure people into hiring them quickly by scaring them into thinking that if they do not, they will miss out on an opportunity. Luring people into acting quickly is often the hallmark of a scam.
Scammers often go to Craigslist and other similar sites to post their phony apartment listings. The scam usually starts with a listing that looks quite legitimate and there is a good reason for that. The listing is often a real on-line listing that has been copied by the scammer who merely puts in his or her name and contact information. The price is usually very low which attracts a lot of potential renters. The potential renters are sometimes told that the owner is out of the country and that there are many people interested in the property so if the tenant wants to be considered for renting it, the tenant has to wire money to the landlord somewhere outside of the country immediately. As I have warned you many times, wiring money is a scammer’s first choice because it is all but impossible to retrieve once you learn that you have been scammed. Too often, unwary potential tenants wire the money and never hear anything further from the scam landlord. As for the money, it is gone forever.
More than two years into the Coronavirus pandemic, the disease while somewhat abated still remains a threat and many of us are still taking tests to determine whether or not we are infected. Fortunately, there are a number of options for getting free test kits. Unfortunately, scammers are contacting people offering “free” test kits, but instead steal personal information, often your Medicare number that an either lead to identity theft or detrimentally affect your Medicare coverage.
Scammers are calling older Americans on the phone and telling them that they qualify for free medical equipment such as back braces, knee braces or other durable medical equipment. They tell the seniors that all they need to do is to provide their Medicare number to the caller who purports to be a legitimate medical equipment provider. If you receive such a call, you should know it is a scam.
Amazon’s incredible popularity has not escaped scammers who tie many scams to Amazon including the phishing email copied below that can prompt the theft of personal information leading to identity theft from unwary victims. According to the Federal Trade Commission (FTC) Amazon based scams increased 500% in the last year I have warned you many times over the years about scammers who send various types of phishing emails which purport to be from Amazon attempting to lure you into either clicking on links which can download malware, such as ransomware or providing personal information that can be used to make you a victim of identity theft.
Scam of the day – August 23, 2022 – Deadline Approaching on Refunds for Victims of Phony Government Website
On Point Global is a company that between January 2017 and December of 2019 operated a scam in which they set up hundreds of deceptive websites that promised quick and easy government services such as renewing a driver’s license or applying for various public benefit programs. The names of the websites were quite misleading with names such as DMV.com and floridadriverslicense.org that led people to believe they were dealing with legitimate government entities.The truth is that when consumers paid for assistance in obtaining the promised services, they merely received a PDF containing publicly available information that was readily available elsewhere for free. In other instances, consumers provided personal information, purportedly to enable On Point Global to determine if they were eligible for public benefits, but instead all they received were unwanted sales and marketing contacts.
Apple recently made an urgent warning to users of iPhones, iPads and MacBooks that hackers were able to exploit a security flaw in the software operating all of those devices that allowed the hackers to take over any device that had not updated its software to combat this serious threat.
However, recently we have seen a particularly insidious and new phony invoice phishing scam. The email that you receive not only purports to be from PayPal, but the email address of the sender is that of a real PayPal account which either came from a phony PayPal account opened by the scammer or from a legitimate PayPal account that had been hacked. Either way, the email address of the sender appears to be quite legitimate. If you respond to the email by calling the customer service number contained in the email, you will be prompted to download a remote administration tool which will enable the scammer to take control over everything in your computer including all of your online accounts including online bank accounts.
In 2021 the FTC settled its claims against Student Advocates Team LLC and other related defendants who had been accused of charging illegal upfront fees that they led consumers to believe were being applied to their student loans. Student Advocates Team also falsely promised they could permanently lower or even eliminate consumers’ loan payments or balances. Pursuant to the settlement, Student Advocates Team LLC will no longer be able to be in the debt relief business. Now, a year later, the FTC is refunding more than $822,000 to victims of Student Advocates scam.
DocuSign is a company that provides technology for the transmission of contracts and other documents with features for electronic signatures and is used by many businesses. There has been an increasing number of scams in which phony DocuSign messages are being used to sending malware infected links and phishing links luring people into providing personal information that is used for identity theft purposes.
What’s in someone else’s wallet may not be Capital One’s advertising slogan, but it may describe your personal information following the 2019 disclosure of a major data breach at Capital One affecting more than 100 million of its American customers and 6 million of its Canadian customers. Capital One is the third biggest credit card issuer in the United States. The stolen information was contained in credit card applications that were accessed by Paige A. Thompson who formerly worked for Amazon Web Services which hosts the Capital One data base. Thompson was convicted in June of criminal charges related to the hacking of Capital One and will be sentenced on September 15th.Now a class action brought on behalf of the victims of the data breach has been settled. Originally the date for filing a claim to receive benefits from the 180 million dollar settlement was August 22nd, but that date has been extended to September 30th. If you believe you were a victim of this data breach and did not yet file a claim you can do so at the class action settlement website. https://www.capitalonesettlement.com/en/Home/SubmitClaim
According to the FTC identity theft has increased in the United States by 145% since the start of the pandemic. And while this number is frightening, the increase in many individual states has been even worse. Identity theft in Louisiana increased 396 % since the start of the pandemic.
In April I told you that the Federal Trade Commission (FTC) came to a proposed settlement of its lawsuit against Health Research Laboratories, LLC, Whole Body Supplements LLC and their owner Kramer Duhon. The settlement has now been approved and finalized by the FTC. Under the terms of the settlement the defendants are permanently barred from advertising or selling their dietary supplements, The Ultimate Heart Formula, BG18 and Black Garlic Botanicals, that they falsely claimed could prevent or treat cardiovascular disease as well as a wide range of other diseases.
Facebook Marketplace is a popular and convenient place for people to buy and sell things so, of course, scammers are drawn to it. A new scam turning up on Facebook Marketplace starts when you list an item for more than a few hundred dollars. Shortly thereafter you are contacted by a scammer posing as a legitimate buyer who wants you to use Zelle, Venmo or any other P2P Service to pay you for the item. Then the fun begins (for the scammer). You next receive an email that purports to have been sent by Zelle indicating that the buyer paid you through a Zelle “business account and that you need to upgrade your personal Zelle account to a business account in order to receive the payment from the scammer posing as the buyer. You are then told that in order to upgrade your account, the amount sent to you needs to be increased by $300. The scammer then tells you that he or she will gladly send you an additional $300 through Zelle in order to enable the transaction if you merely refund the excess payment to them through Zelle. Of course, soon after refunding the $300, which was never paid by the scammer to begin with, the scam victim realizes he or she has just been scammed out of $300.
In 2018 I told you that the Federal Trade Commission (FTC) sued Lending Club Corporation, accusing it of luring consumers into predatory loans with promises of “no hidden fees” when, in fact, Lending Club added hidden up-front fees of as much as thousands of dollars to the loans it made to unwary consumers. Lending Club also violated numerous other lending law laws including continuing automatic payments from their victims’ checking accounts after the customer had cancelled the automatic payment option or even after having paid off their entire loan. Now, after a settlement was reached between Lending Club Corporation and the FTC, 9.7 million dollars is being sent by the FTC to victims of the scam. For more information about the details of the refunds, go to the tab marked “FTC Refunds” in the middle of the first page of Scamicide.com
Unfortunately, scammers, of course, have been taking advantage of people trying to sign up for the TSA PreCheck program and are setting up phony websites that appear to be official websites of the TSA. They then lure you into providing personal information they use to make you a victim of identity theft as well as steal the money they charge you online for a phony TSA PreCheck enrollment. Recently we have seen the scammers charging $140 for their worthless services. The actual enrollment price is $70.
The U.S. Customs and Border Protection (CBP) is warning people about a new scam in which people are receiving calls with recorded messages from scammers posing as either U.S. Border Patrol agents, CBP employees or Customs and Border Protection officers. The message says that “a box of drugs and money being shipped has your name on it and has been intercepted.” In another variation of this scam, the recorded message indicates that there is an outstanding warrant for your arrest. In both cases, the targeted victim is instructed to provide personal information such as banking information and Social Security numbers. Often the calls demand a payment through cryptocurrencies such as Bitcoin, or gift cards.
Scam of the day – August 11, 2022 – Phony Health Insurer Agrees to Refund 100 Million Dollars to Scam Victims
There is no question that researching health insurance plans can be very confusing. Unfortunately there have been many instances where scammers have exploited this confusion and sold worthless programs to people. Recently the Federal Trade Commission (FTC) settled a complaint it brought against Benefytt Technologies, Inc and its partners who misled people into thinking they were buying Affordable Care Act (ACA) compliant heath insurance or product with the same benefits as ACA insurance, but instead sold their victims products they didn’t want or need leaving them unprotected when they needed to access what they thought was their health insurance.