Ordering food online for delivery was somewhat popular prior to the pandemic, but has become much more widely used as people want restaurant food without having to go to a restaurant. Many restaurants have taken advantage of this interest and set up websites to facilitate ordering food deliveries and companies such as DoorDash and GrubHub also take online orders for food deliveries from multiple restaurants. As could be expected scammers also are getting into the food delivery business although it would be more accurate to say that they got in the business of taking your online orders for food delivery, but deliver nothing except charges on your credit card.
Taking advantage of public awareness of such lotteries, scammers claiming to be Capital Finance, Inc., a phony financial management firm claiming to be from London are contacting people through emails in which they tell their targeted victims that they have won a million dollar lottery prize set up by the World Health Organization (WHO) in association with the International Monetary Fund (IMF) and the Bill & Melinda Gates Foundation to pay people for losses suffered as a result of the Coronavirus pandemic.
Recently the United States Marshals Service for the Northern District of Ohio indicated that there has been a significant increase in impostor scams in which the scammers call their targeted victims and tell them that they have missed important court dates after having been served with subpoenas. Of course are no subpoenas and the targeted victims are called randomly. The scammers then threaten arrest unless they are paid by prepaid debit cards over the phone.
Scams involving sales of non-existent puppies had already increased dramatically in the last few years, but really took off during the Coronavirus pandemic when many people were looking for the emotional support of a loving dog. People buy dogs or other pets online and, although they think they are taking proper precautions, they often end up getting nothing in return for the money that they wire to the scammer who may have a website or some other way of marketing their non-existent pets with photographs and false information. Often the scammers hook their victims for more and more money, such as when even after the victims has paid for the non-existent dog, the victim is asked for additional payments for a special crate to transport the dog along with additional transportation company fees.
In order to install YouTube on your smart television you must download the app to your television which will respond by providing you with an activation code to use to complete the process online at the URL youtube.com/activate. Some people however, will use search engines such as Google Chrome to confirm that the URL is legitimate. Unfortunately, people are reporting doing a search engine search and being directed to a phony, but legitimate appearing YouTube page where if you type in the activation code a notice will indicate that there is an error and provides a telephone number for customer service for you to call. If you call the number, you are instructed that you are required to pay a refundable fee in order to activate your account
As many companies, universities and government agencies now requiring that employees and students be vaccinated against COVID-19, some people are still refusing to get vaccinated although getting the vaccine is the best and safest way to protect yourself and the people with whom you come into contact. This has provided an opportunity for criminals to provide counterfeit vaccination cards to people not wanting to get the vaccine, but still wanting to have access to places that require vaccination.
DocuSign is a company that provides technology for the transmission of contracts and other documents with features for electronic signatures. DocuSign is used by many businesses. Recently, the security vendor Avanan discovered an increasing number of scams in which phony DocuSign messages are being used to sending malware infected links and phishing links luring people into providing personal information that is used for identity theft purposes.
Last week I reported to you about a data breach at T-Mobile initially discovered when hackers started offering for sale on the Dark Web data of what they said was 100 million customers of phone carrier T-Mobile for sale. T- Mobile confirmed the data breach although they say that the number of customers affected was 49 million people. The information being sold includes names, phone numbers, Social Security numbers and addresses. Also being sold are the PINS used by some T-Mobile customers to protect their accounts from identity theft, but now are in the hands of hackers. This type of information poses a tremendous threat to victims of the data breach, which is the sixth for T-Mobile in the last four years. Social Security numbers in particular can be used by identity thieves to apply for credit cards and loans in your name. In addition, the phone numbers and the fact that the victims of the data breach are known to be T-Mobile customers to create phony phishing text messages, called smishing, posing as T-Mobile and luring the targeted victim into clicking on a link in the text message that can download destructive malware.
T-Mobile is still investigating the data breach, but has agreed to offer two years of free identity theft protection services including credit monitoring. Here is a link to T-Mobile’s offer of free identity theft protection services. https://www.t-mobile.com/brand/data-breach-2021/next-steps
I have been warning you about phony kidnapping scams, also known as virtual kidnapping, for eight years. The scam starts with a telephone call informing the person answering the phone that a child or other relative has been kidnapped and if the person receiving the call does not respond by wiring money right away, the relative will be killed. As with so many scams, we are often our own worst enemy and this scam is no exception.
Millions of people still use AOL. One reason for this is that you get greater email privacy when compared to some other email carriers. Due to its popularity, scammers and identity thieves often send out phishing emails that appear to come from AOL, such as the one reproduced below that was sent to me by a Scamicide reader. If you click on the link in the email where it reads “Click here to upgrade” one of two things can occur and both are bad. Either you will end up providing personal information to an identity thief or you will, merely by clicking on the link, download dangerous malware such as ransomware on to your phone, computer or other device.
John DeMarr recently pleaded guilty to criminal charges related to his participation in a massive cryptocurrency scam that swindled close to 500 investors out of more than 11 million dollars. The scam was a typical cryptocurrency scam in which the criminals led by accused criminal Kristijan Krstic promised up to 200% gains with two to three months to be derived from crypto-mining. Krstic and 15 other defendants have also been charged by federal prosecutors with operating 20 other cryptocurrency scams in which they stole approximately 70 million dollars from their victims
Often the first indication that a company has suffered a data breach is when the data stolen by hackers appears for sale on the Dark Web, that part of the Internet where criminals buy and sell goods and services. This is what appears to be the case in regard to a data breach at T-Mobile as a hackers is offering data of 100 million customers of phone carrier T-Mobile for sale for 6 bitcoin (approximately $280,000). The information being sold includes names, phone numbers, Social Security numbers and addresses.
Unfortunately, scammers, of course, have been taking advantage of people trying to sign up for the TSA PreCheck program and are setting up phony websites that appear to be official websites of the TSA. They then lure you into providing personal information they use to make you a victim of identity theft as well as steal the money they charge you online for a phony TSA PreCheck enrollment.
Recently, investment advisors Saybrook Fund Advisors LLC suffered a major data breach in which a cybercriminal hacked into the email account of one of Saybrook’s employees and was able to access sensitive personal data contained in emails and attachments to emails from the account between March 18, 2021 and March 29, 2021. The stolen information included Social Security numbers, driver’s license numbers, credit and debit card information, health insurance information, login credentials and more, putting the affected clients of Saybrook in serious danger of identity theft. The compromise of their Social Security number is particularly threatening to the security of the affected clients.
Many of you may not remember the name of Mavis Wanczyk, but she was the lucky winner of a 758 million dollar Powerball drawing in 2017. Not long after she claimed her prize, a scam started appearing in which many people received emails with the message line referring to the Mavis Wanczyk Cash Grant. The email indicated that you were chosen to receive a large cash grant from Mavis Wanczyk. All the lucky strangers receiving the emails had to do was provide personal information in order to qualify for the grant. In addition, phony social media accounts on Twitter, Facebook and Instagram were also set up in Ms. Wanczyk’s name through which people were contacted with the same phony offer of free money informing them that in order to qualify for the grant they merely needed to provide personal information.
The phony invoice scam is a common scam popular with scammers because it is quite effective. It starts when you receive an email that purports to be from a popular company with which many of us do business that indicates that you owe them a significant payment. The scammers count on people being concerned that they are being wrongfully charged for a product they did not order. You are provided a telephone number to call if you dispute the bill. If you call the number, you will be prompted to provide personal information that will be used to make you a victim of identity theft.
Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new. They are a staple of identity thieves and scammers and with good reason because they work. Reproduced below is a copy of a new phishing email presently circulating that appears to come from Chase Bank.
There are numerous legal public records directories, such as White Pages Premium that assemble records about you from a wide variety of online sources and provide this information to anyone who uses their services. Merely having your cellphone number can allow someone to use these services to obtain your name, birth date, address, past addresses, names of your family members, past phone numbers and much more. This information can be leveraged by an identity thief or scammer to answer security questions at your online accounts and change your passwords or even to answer questions from your mobile service provider to allow the identity thief to perform a SIM swap, take over your phone and allow the identity thief to thwart dual factor authentication.
Quizzes on Facebook and other social media are very popular, but they can be exploited by identity thieves. A good example of this was the “10 Concerts, but there is one act that I haven’t seen live. Which is it?” Facebook quiz. While this may appear harmless, the information you provide may tell more about you than is safe to make public. It may provide information about your approximate age and preferences in music which can then be used by a scammer to send you a spear phishing email tailored to appeal to your particular interests that you may trust and click on a link contained in the email that contains either keystroke logging malware that can be used to steal your identity or ransomware.
Now, police in India arrested sixty-five people operating call centers in India that called Americans posing as government officials with various government agencies such as the FBI and the Drug Enforcement Agency (DEA). The calls started with a pre-recorded robocall in which the targeted victims were told their Social Security numbers would be suspended for various fictional violations unless they paid a fine through gift cards.
The National Security Agency (NSA) has issued a list of best practices for security on your mobile device that includes many of the suggestions I have made to you over the years such as avoiding public Wi-Fi, installing security updates as soon as they become available, not clicking on unconfirmed links in text messages and not using public USB charging stations. Click on this link for the full list. https://www.documentcloud.org/documents/21018353-nsa-mobile-device-best-practices
Car wrapping is actually legitimate, which is part of the problem. Scammers exploit legitimate advertising through car wraps by either putting an ad on the Internet or contacting you through a mass email or now text messages in which they seek people to have their cars used for advertising through this technique called shrink wrapping. Unsuspecting victims respond to the advertisement and are sent a check for more than the amount that the victim is to be paid for the service. The victim is instructed to deposit the check in his or her bank account and wire the rest back to the company. This is where the scam comes in. The check that the scammer sends you is a counterfeit. However, unfortunately, the money that you wire the scammer comes right out of your bank account and is impossible to retrieve.
With the Coroanvirus pandemic easing in much of the country, many people are travelling this summer for their summer vacations. Many people take vacations to take a break from the responsibilities of work and running a household, however few of us seem to want to take a break from being connected to the world through our cellphones and that poses a particular threat to our security when we use public Wi-Fi in coffee shops, airports, hotels and other places while on vacation. Whenever you use public Wi-Fi there are two problems. First, you can’t be sure that you are actually using the public Wi-Fi and not a phony Wi-Fi easily set up by a hacker sitting near you who is stealing your information and second, someone may be able to hack into your device while you are on a legitimate public Wi-Fi.
Geek Squad is a subsidiary of big box store chain Best Buy and it offers excellent tech support for electronic devices including televisions and computers. They are a popular company used by many people including the Scamicide reader who forwarded the email copied below to us. Lately, I have been receiving a lot of Geek Squad related phishing emails sent to me by Scamicide readers. It looks like a legitimate email from Geek Squad, however the grammar is poor where it reads, “Today Subscription Will Be Auto Renewed automatically..”. The truth is that this particular email is a phishing email intended to lure someone into contacting the scammers where they will be lured into providing information that will lead to identity theft.
Trust me, you can’t trust anyone. Just as I am always telling you not to click on links in emails regardless of how legitimate the communication may appear unless you have absolutely confirmed that the email is legitimate, so should you not scan QR codes unless you have absolutely confirmed that it is legitimate for the same reason. Downloading malware or being tricked by an apparently legitimate appearing website to provide personal information can lead easily to your becoming a scam victim or identity theft victim.
Scam of the day – August 3, 2021 – FTC Refunding 2.3 Million Dollars to Victims of Credit Card Debt Relief Scam
In 2019 I first told you that the Federal Trade Commission (FTC) in conjunction with the Attorney General of Ohio had brought legal action against Educare Centre Services, Inc. and Tripletel, Inc alleging that these companies worked together to sell bogus credit card interest rate reduction services through telemarketing. The defendants falsely promised their victims that they could significantly reduce the interest rate on their victims’ credit cards and offered a 100% money back guarantee. Not only did the victims of this scam not receive the promised rate reductions, but they also did not receive their money back when they requested refunds. In fact, in most instances, complaining customers were threatened with lawsuits. Now the defendants have settled the lawsuit and are refunding 2.3 million dollars to victims of the fraud. While the settlement is a positive development, the FTC had previously alleged that the victims of the scam were swindled out of more than 11 million dollars.
The present pause on student loan payments and interest put into effect during the pandemic is set to expire on October 1, 2021. The sudden resumption of payments by 40 million student loan borrowers is sure to prompt scammers to contact students and their families with a wide variety of scams related to repayment or forgiveness of student loans. Some scammers will be contacting students posing as the student’s loan servicer. In order to verify that you are being contacted by your real loan servicer, you can go to the Department of Education’s federal student aid website where you can get detailed information on your current student loan servicer including contact information. Here is that link. https://studentaid.gov/
Now we are learning of a new version of the utility scam as reported by Duke Energy in North Carolina in which the scammers call targeted victims and tell them that their power will be cut off within an hour if they didn’t pay a deposit over the phone for anew “smart meter.” Of course it is a scam.
LinkedIn is a popular social media website used by business professionals to network with other professionals. LinkedIn is used by these people to get ideas, explore opportunities and even to list job postings. Anything popular with so many people is attractive to scam artists and identity thieves. Recently LinkedIn revealed that it had suffered a data breach through which 700 million users had considerable personal information stolen. This number represents 92% of all of the users of LinkedIn. The stolen information included email addresses, names, phone numbers, addressed and more. This information is presently being sold on the Dark Web to other cybercriminals who will use this information for purposes of identity theft and scams.
Recently, in Tennessee Jennifer Shrum was arrested and charged with using the U.S. Postal Service’s Informed Delivery Program to learn when her targeted victims would be receiving important mail, such as credit card applications or bank statements that she would steal and use for purposes of identity theft. In one instance she applied for multiple credit cards in the name of one of her victims and used them to spend thousands of dollars at various local stores.
The Trinity Lutheran Church in Summerfield, Florida sent a note to it members saying someone had been using the name of their Senior Pastor Dan Kelm in emails and text messages requesting money. Generally in this scam, local church, synagogue or mosque members receive what appear to be emails from their religious leaders asking them to make contributions through gift cards and credit cards. In 2017 the scams primarily asked targeted victims to wire money to accounts and people named in the emails. The emails come from email addresses that appear at first glance to be that of the local religious leaders, but a closer inspection will disclose that it is coming from a different email provider than what their religious leader.
In 2019, 75% of Americans used mobile bank apps to some degree for their personal banking needs. However, since the Coronavirus pandemic hit, even more people are using these apps to conveniently do their banking. This fact has not been lost on hackers and scammers who have in recent years increasingly focused much of their attention on scams and hacking of mobile phones. One of the more effective tactics used by hackers is to create malicious apps called banking trojans which appear to the targeted victim to be a legitimate app such as a game or tool which the victim downloads. Once downloaded, the malicious app stays dormant until the victim goes to use their legitimate banking app at which time it creates a phony version of the victim’s bank’s login page which appears on top of the legitimate app. The victim then inputs his or her username and password into the malicious app thereby providing this information to the hacker. Making this crime even more devious is the fact that once the victim has inputted his or her information, the banking trojan sends the victim to the real banking app login page so the victims do not become immediately aware that they have been hacked .
We are only as safe and secure as the security as the companies and websites that have our personal information. So even if you are extremely diligent in protecting your personal information, you can be in danger of identity theft and scams if your personal information falls into the hands of hackers which is just what happened to people whose information was contained in emails from employees of The Millennia Companies, a billion dollar Ohio based real estate management company. Between October 21, 2019 and December 8, 2019 a number of employee email accounts were hacked that included significant amounts of personal information such as names, Social Security numbers, credit card information and more that could lead to identity theft.
I have been reporting to you for years about the infamous Jamaican lottery scam by which many Americans, mostly elderly, have been scammed out of money after being told that they have won the non-existent Jamaican lottery. The scam begins when the victim receives a telephone call informing them that they have won this non-existent lottery that they never entered and are then pressured to pay “fees” and “taxes” before their winnings can be sent to them. This scam has been going on since the 1990s.
Tech support scams are a profitable way for scammers to steal your money. I have been warning you about these scams for years. They come in a number of different varieties including pop up ads on your computer and telephone calls purportedly from Microsoft, Apple, Google or other tech companies.
Recently, Indiana Attorney General Todd Rokita issued a warning about a dramatic increase in telephone scams involving scammers posing as utility company customer service representatives demanding immediate payments and threatening to turn off electrical power if a payment is not made immediately. Scams involving utility bills for electric, water or gas services have long been popular with scammers. Some of these scammers are so blatant that they even have asked for payments to be delivered to a laundromat.
Presently there are 80 major wildfires burning in 13 Western states causing tremendous damage. Scammers are already setting up phony charities to capitalize on the generosity of our fellow citizens. If you wish to give to charities helping the people affected by these wildfires, it is important to make sure that you are giving to a legitimate charity.
the makers of the bogus anti-aging supplement called ReJuvenation settled charges brought against them by the Federal Trade Commission (FTC) and the FTC is now sending full refunds to people who were scammed into buying this worthless anti-aging pill. The makers of ReJuvenation deceptively advertised the pill as being able to cure a wide variety of age related conditions such as cell damage, heart attack damage, brain damage and deafness.
Mystery shoppers are people hired to shop at a particular store and report on the shopping experience for purposes of quality control. Unlike many scams, there actually are legitimate mystery shopper companies, but they never advertise or recruit through emails, text messages or letters. The manner in which the scam generally works is that when you answer an advertisement, or respond to a letter, email or a text message to become a mystery shopper, you are sent a bank check. You deposit the check into your own account and spend some of the money on the goods that you purchase which you are allowed to keep and also are directed to keep some of the balance of the check as payment for your services. You are instructed to return the remaining funds by a wire transfer.
the Social Security Administration (SSA) has a tremendously helpful online service called My Social Security Account which allows you to set up a personal online account with the SSA that enables you to view your earnings history and estimates of benefits as well as manage your benefits online including changing your address or starting or changing direct electronic deposits of your check into a bank account you may designate. This is a tremendously convenient service, but it also provides a great opportunity for scammers who have been setting up My Social Security Accounts on behalf of seniors who have not already set up such accounts for themselves. The scammers then make changes to the victim’s account by directing their benefits checks to be sent to bank accounts controlled by the scammers. Even though the Social Security Administration requires verification of personal information by asking questions that only the Social Security recipient should know as part of the process for opening a My Social Security Account, too often this information is available to a determined identity thief who is thereby able to fraudulently open an account in the name of their intended victim.
The Federal Trade Commission (FTC) recently announced that it had settled a lawsuit against Golden Sunrise Nutraceutical, Inc and Dr. Stephen Meis who marketed its Emergency -D-Virus plan as a treatment for COVID-19 through advertising on billboards, websites and social media, falsely claiming that it’s product would cause COVID-19 symptoms to disappear in two to four days. In accordance with the terms of the settlement, the defendants will cease making unsupported health claims and provide refunds to scammed customers.
Scam of the day – July 16, 2021 – FTC and State of Arkansas Accuse “Blessing Loom” of Being an Illegal Pyramid Scheme
In addition, like all chain letters, ultimately, it is destined to fail because it is a pyramid scheme where eventually we run out of people on the planet to maintain the scheme. Now a scam similar to the Secret Sister Gift Exchange has reappeared. It is the Blessing Loom and it first appeared in 2016, but has come back and, particularly with so many people concerned about their finances due to the Coronavirus pandemic, is scamming more and more people desperate for cash. Recently the Federal Trade Commission (FTC) and the State of Arkansas sued the people behind the “Blessings in No Time” (BINT) investment program alleging that they operated an illegal pyramid scheme that stole tens of millions of dollars from unwary consumers.
Impostor scams have long been among the most lucrative for scammers. While there are many variations of this scam, the most common variations have involved scammers calling their intended victims on the telephone posing as some governmental agency such as the, FBI, IRS or the Social Security Administration. The scammer then, under a wide variety of pretenses, demands an immediate payment by gift cards, credit card or wired funds. Being asked to pay by gift cards is a definite indication that the call is a scam since no governmental agency requests or accepts payments by gift cards. Alternatively, the scammer demands the victim supply the phony governmental agent with personal information such as your Social Security number which will then be used for identity theft purposes.
Clever scam artists are increasingly setting up phony websites that appear to be for customer service or tech support of many of the companies with which we do business. Often they either purchase an ad to appear at the top of a search engine search or are sufficiently sophisticated to manipulate the algorithms used by Google and other search engines to make their phony customer service number appear high on a search.
With the Coronavirus pandemic somewhat abating, more and more people are traveling and scammers are taking advantage of that fact. Recently there have been reports about a “new” scam that I first warned you about in 2013. It involves calls to hotel guests purportedly from a clerk at the front desk of the hotel informing you that the hotel needs your credit card information again because of a computer error in processing your card. Unfortunately, people responding to this call by providing their credit card number end up providing their credit card number to the scammer who calls them and not to a clerk of the hotel. Often these calls come early in the morning, when the scammer hopes to awaken someone who may not take the time to consider the legitimacy of the request.
The Internet of Things is made up of a broad range of devices connected to the Internet including home thermostats, security systems, medical devices, refrigerators, televisions, cars and toys. Our homes have become filled with these devices including Alexa and Siri. The FBI has longed warned consumers about the dangers of posed by hacking of various devices that makeup the Internet of Things.
It has several variations, but it generally involves an email that appears to come from Microsoft in which the targeted victim is told, as in the email copied below that he or she must update their account in order to keep it active or that Microsoft has changed the terms of their service agreement and provides links to get more information. The best scams have a kernel of truth and the kernel of truth in this scam is that Microsoft did indeed change the terms of its service agreement on June 15th. However the prudent action to take is not to click on the links in the email for further information or to update, but go directly to Microsoft at this link for more information. https://www.microsoft.com/en-us/servicesagreement/upcoming.aspx