Recently there have been reports about a “new” scam that I first warned you about in 2013. It involves calls to hotel guests purportedly from a clerk at the front desk of the hotel informing you that the hotel needs your credit card information again because of a computer error in processing your card. Unfortunately, people responding to this call by providing their credit card number end up providing their credit card number to the scammer who calls them and not to a clerk of the hotel. Often these calls come early in the morning, when the scammer hopes to awaken someone who may not take the time to consider the legitimacy of the request.
Recently a Scamicide reader told me that she had received an email from a friend of hers asking for a favor. Her friend needed the Scamicide reader to send a gift card to someone because her friend was unable to do so and needed to send the gift card right away. The email address from which the email was sent was indeed the email address of her friend, but the email was sent by a scammer who had hacked her friend’s email account and was sending the same email to everyone on the hacked friends contact list. I have written about this scam previously, but it deserves to be repeated.
OneDrive is a popular cloud storage system of Microsoft that allows you to sync and save documents, pictures and files. Scammers send emails purporting to be from OneDrive, such as the one copied below that I received recently. If you click on the View File, you will either be lured into providing personal information that can lead to your becoming a victim of identity theft or download malware such as ransomware or keystroke logging malware that leads to your becoming a victim of identity theft.
Scammers are big fans of gift cards because they are easy to purchase, easy to send to the scammer and impossible to trace to the scammer. According to the FTC, consumers lost 233 million dollars to gift card scams last year. It is not even necessary for the scammer to be in possession of the actual gift card to use it. Sending the gift card numbers or taking a picture on your phone and transmitting it to the scammer is sufficient for the scammer to use the gift card to buy things that can then be sold and converted into cash.
Some scams are just so simple and effective that they remind us why scam artists are indeed the only criminals we refer to as artists. An old scam that is still being used effectively by scammers involves a flyer under your door in your hotel or motel room that purportedly is an advertisement for a local pizza parlor or in a case last year of one family that lost $6,000 taken from their debit card, a phony room service menu slid under the door. The flyer gives a telephone number for the pizza parlor which conveniently delivers to your room or, again in this particular case the phone number for the hotel’s room service. All you need to do is call the number, give them a credit card and they will promptly send you your fresh pizza or other food. Unfortunately, it is a scam. There is no pizza parlor and this is not the real room service telephone number The scammers have merely gone through the hotel and put their flyers under the doors. They then just wait for the telephone calls, steal your credit card number and use it to make charges to your card.
The way that many phony coupon scams work is that in order to qualify for the coupon, you must complete a survey in which you are required to provide much personal information that is used to make you a victim of identity theft. In other versions of the scam, the scammer actually asks for your credit card numbers. In yet another version of the scam you are required to buy many costly items in order to claim your “free” coupon. Many of the coupon scams also require you to forward the coupon to friends which make the phony coupons appear more trustworthy when they are received by your friends. Ultimately, in all of these scams, the coupons are worthless and you get nothing but the opportunity to become a victim of identity theft. Here is a copy of a phony coupon appearing online. It was provided by the Identity Theft Resource Center.
Since the passage of the PACT Act in 2022 which expanded VA benefits and health care for veterans who were exposed to burn pits and other toxic substances, there have been numerous companies and lawyers offering assistance in filing for benefits for conditions related to such toxic exposures in return for a percentage of your benefit award. However, you don’t need to pay to file a claim. The VA can assist you or help you identify a VA-recognized organization or VA-accredited individual to help you with your claim. You can submit your application securely online via VA.gov. There is no cost for the forms and no fee to apply. VA will never charge you to apply for benefits. In addition, Veterans Service Organizations (VSOs) and representatives are available to assist in filing claims. To help guard against fraud and scams, validate the credentials of anyone offering to help you with a VA claim by using the Office of General Counsel’s Accreditation Search tool or by contacting your local representative or VA Regional Office
The most common way fitness apps are used for scams is when you make friends with people in your fitness network. Over time, scammers build trust in their communications with you through your fitness network until, after they have built a high level of trust they hit you with a scam such as an opportunity to invest in cryptocurrencies or ask you for money needed for an emergency.
The recent storms that ravaged parts of the country particularly in the Northeast have opened the door to a scam that often follows storm damage through extensive rain or hurricanes, namely the sale of storm damaged cars. In the past, the Massachusetts Registry of Motor Vehicles and other state RMVs have issued warnings to consumers to be on the lookout for used cars with phony title papers that indicate that the particular used car in which you are interested is from a state such as Oregon when in fact, these cars are cars that were from rain ravaged areas with many of them containing hidden water damage that could present serious safety problems.
Although I have been writing about synthetic identity theft for many years, many people are not familiar with the term “synthetic Identity theft.” Synthetic identity theft poses a significant threat to many people particularly children. Synthetic identity theft occurs when a criminal takes information from a variety of sources to create a new identity to take out loans, purchase goods and services, or fraudulently obtain credit cards. Synthetic identity thieves combine real and fake information to form a new fictional person. They may use your Social Security number and combine it with the name, address and phone number of someone else. The Federal Trade Commission (FTC) has said that synthetic identity theft is the fastest growing type of identity theft. Children are the most common victims of synthetic identity theft and it is often many years before the problem is discovered.
Last year the IRS announced an expansion of its Identity Protection PIN Op-In Program that provides individual taxpayers with a six-digit code that is required to be included on the individual’s income tax return. This will protect someone whose Social Security number had been compromised from becoming a victim of identity theft because the identity thief will not know the six-digit code. Here is a link to the section of the IRS’ website where you can apply for a PIN. https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin. The process will require you to verify your identity. Victims of income tax identity theft who have filed an identity theft affidavit with the IRS automatically receive an IP PIN by regular mail from the IRS.
Scammers, in general have no empathy and a new scam being reported by the Federal Trade Commission is a good example of that fact. People who have very recently lost a family member are getting phone calls purporting to be from the funeral home handling the funeral arrangements demanding an immediate payment of more money than had previously been agreed upon or else, the scammers say, the funeral will be cancelled. Scammers often target people at their most vulnerable moments and this scam certainly does that.
Laundering money derived from a scam is an essential element of many scams. Scammers can be extremely clever at distancing themselves from their scams in order to avoid detection. The people they enlist either as willing or unknowing participants in the laundering of the proceeds of a scam are called money mules. Scams in which innocent people are lured into being unknowing money mules are numerous. One of the more common of these involves work at home scams where your job is to receive goods, often electronics that have been shipped to you, inspect them and then reship them to an address provided to you by your new employer. The problem is that these goods have been purchased with stolen credit cards and you have just become an accomplice to the crime when you ship them to someone else who will then sell them to turn the merchandise into cash.
It is difficult to win a lottery you have entered. It is impossible to win one that you have never entered and neither lottery winners, nor anyone else is sending out messages through the Internet offering free money to anyone who responds with personal information. Never give out personal information that can make you vulnerable to identity theft unless you have absolutely verified that the party requesting the personal information is legitimate and has a legitimate need for the information. Also never pay anything to a lottery claiming you owe fees in order to claim your prize. This is a telltale sign of a scam. No legitimate lottery requires the payment of a fee to collect your winnings or requires you to pay the lottery income taxes on the prize. While income taxes are due on lottery winnings, those taxes are either deducted by the lottery sponsor before giving you your prize or the prize is given to you in full and you are responsible for the payment of any taxes. No lottery collects taxes on behalf of the IRS.
The California Public Employees’ Retirement System (CalPERS) and the California State Teachers’ Retirement System (CalSTRS) recently notified hundreds of thousands of California retirees that their personal information was compromised in a major data breach. The compromised information included names, Social Security numbers, dates of birth, and zip codes which is critical information that can easily lead to identity theft. An interesting aspect of this particular data breach is that the computers of CalPERS and CalSTRS were not directly hacked. Instead it was the computers of PBI Research Services which is a company used by both CalPERS and CalSTRS that was hacked through the exploiting of a vulnerability in software used by PBI Research. This type of supply chain attack where cybercriminals attack third party vendors to get at your information is becoming more and more common.
And this leads us to Artificial Intelligence (AI) which is a term describing sophisticated technologies that enables computers to comprehend and even learn similar to actual human intelligence. AI can be used to create a wide variety of content such as writing stories or music that previously could only be done by humans. It’s capabilities are constantly being touted in news stories and online posts. Scammers are always alert to whatever is capturing the interest of the public and, in this case, scammers are already contacting people falsely claiming they have developed AI programs that can make investment decisions guaranteed to make large amounts of profits. In particular, the scammers are tying their AI claims to investments involving cryptocurrencies which many people invest in, but don’t fully understand which is a dangerous combination.
Identity theft can take many different forms and one about which most people are unaware is criminal identity theft. Criminal identity theft occurs when someone steals your identity and then commits crimes using your name and Social Security number. The problems encountered by someone whose identity has been stolen by a criminal who then commits crimes in the name of the identity theft victim are tremendous. Victims of criminal identity theft have been arrested for crimes they never committed and often have had difficulty having the crimes, committed by someone who stole their identity, removed from their records. A faulty criminal record can affect your ability to get a job or obtain various benefits.
Clever scam artists, the only criminals we refer to as artists are increasingly setting up phony websites that appear to be for customer service or tech support of many of the companies with which we do business. They also purchase telephone numbers that are a single digit off of the legitimate phone numbers for many companies’ tech support or customer support in order to take advantage of common consumer misdials. Compounding the problem is the fact that many companies, particularly social media companies, do not provide a customer service telephone number to call and speak to a real person about your problem. They only provide online support.
The security company McAfee identified a phishing kit specifically tailored for Amazon customers. This kit is called 16Shop and its creator uses the alias DevilScreaM. Following the business model of the creators of much of today’s malware, DevilScreaM makes his or her money by leasing the malware created by him or her on the Dark Web to other less sophisticated cybercriminals. The Dark Web is that part of the Internet where criminals buy and sell good services. The 16Shop malware can be used to create an official looking email that appears to come from one of the major tech companies. This email comes with a PDF attached that appears to be an Amazon log-in page. Anyone who falls for the scam and provides his or her Amazon password and account information will have turned over that information to a scammer who will use it to buy items that will be charged to the credit card of the Amazon account holder.
HCA Healthcare, which operates 180 hospitals and healthcare facilities has disclosed that it has suffered a massive data breach in which personal information including names, email addresses and phone numbers of eleven million of its patients was stolen and recently posted on the Dark Web. The good news is that the stolen information does not include credit card numbers or Social Security numbers which can more directly lead to identity theft. However, information such as was compromised in this data breach can readily be used by scammers and identity thieves to formulate effective spear phishing emails and text messages to lure people into clicking on infected links and downloading malware or otherwise falling for a scam that may seem legitimate because the spear phishing scammer is able to tailor the email or text message to actual matters that relate to the targeted victim.
We are all getting so familiar with scams being communicated by way of phone calls, text messages and emails that it was a little bit surprising to learn of a new scam about which the IRS recently issued a warning that involves an old- fashioned snail mail letter that comes to you in a cardboard envelope that appears to come from the IRS. The letter contains the logo of the IRS although that is very easy to counterfeit. The letter informs you that you have an unclaimed tax refund and asks for you to provide your cellphone number, bank routing information, bank account information and your Social Security number. If you provide this information, you will end up becoming a victim of identity theft as well as having your bank account looted.
Last April, I told you that the FTC filed lawsuit against American Vehicle Protection Corporation (AVP) accusing it of scamming people with phony, expensive extended car warranties. American Vehicle Protection Corporation (AVP) lied to consumers, telling them that AVP was affiliated with the automobile manufacturers and further lied about the protection provided by their expensive policies. Making matters worse, they also marketed their worthless products through telemarketing calls to people who were registered on the Do Not Call List.
Scam of the day – July 8, 2023 – FTC and Florida Refunding Money to Victims of Robocall Credit Card Interest Reduction Scam
In 2016 I first told you about the Federal Trade Commission and the Florida Attorney General bringing legal action against Life Management Services for operating illegal robocall scams in which they offered non-existent credit card interest rate reduction services and credit card debt reduction services that also were bogus. Those people falling for this scam paid between $500 and $5,000 in upfront payments for which they received nothing, according to the FTC. Now seven years later the case has been settled and the FTC and Florida are returning $540,000 to victims of the scam. For more information about the refund program, go to the tab entitled “FTC Scam Refunds” on the first page of the Scamicide website.
Identity thieves use legal and illegal online sources to gather their victims’ personal information, such as their Social Security number, address, and date of birth and use that information for purposes of identity theft which is a significant threat to everyone. One important piece of information that many people don’t realize should be kept as private as possible is their cell phone number. These days your cell phone number is tied to so much of what we do. When a criminal knows your cell phone number, he or she can leverage that number through commonly available legal databases such as White Pages Premium and learn information such as your current address, past addresses, the names of your family members and more. The criminal can also use the number to gain access to your social media accounts and can most significantly use the information gained to answer security questions that would allow the criminal to do a SIM swap whereby your cell phone number would be transferred to a phone of the criminal and thereby defeat dual factor authentication where you get a text message or a code sent to your phone when you go to access your bank account online or any other account that requires significant security.
While it may not seem like your bank account number and the routing number of your bank would be very important information to protect, armed with this information a scammer can steal your money in a variety of ways. They can use that information to purchase goods online. They can set up recurring payments, such as for utilities. They can create counterfeit checks to access your bank account and make checks payable to themselves.
According to the Federal Trade Commission (FTC) consumers lost 228 million dollars last year to scams in which gift cards were used as the payment method and this number has increased each year since 2018. . Scammers are big fans of gift cards because they are easy to purchase, easy to send to the scammer and impossible to trace to the scammer. It is not even necessary for the scammer to be in possession of the actual gift card to use it. Sending the gift card numbers or taking a picture on your phone and transmitting it to the scammer is sufficient for the scammer to use the gift card to buy things that can then be sold and converted into cash.
I have written often about phony student loan debt relief companies and with good reason. More than forty-two million Americans have student loans with an outstanding balance of more than 1.4 trillion dollars so it is no surprise that scammers are focusing their attention on these students and former students through scams that falsely promise to provide debt relief. Last week the Supreme Court ruled that President Biden’s program for student loan forgiveness was unconstitutional which means that loan repayments will be starting up again in October.
These scams come in different variations. The most common example is where the scammer posing as your utility company calls and threatens to turn off your power if you fail to make an immediate payment by credit card or gift card. In another utility scam, potential victims receive telephone calls purportedly from their utility company informing them of a special company promotion for which they are eligible. They just need to provide some personal information.
Many scammers send out emails or text messages purportedly from the IRS or any of a number of state and federal agencies in which they require you to provide personal information under the guise of some emergency. They do this because if they can frighten you enough to act during the holiday in some instances you will be unable to confirm with the real entity as to whether the communication is legitimate because all of these entities will be closed on the Fourth of July. If you provide the requested information, it will be used against you to make you a victim of identity theft.
I have been warning you about dangers in the rapidly expanding Internet of things for more than ten years. The Internet of Things is made up of a broad range of devices connected to the Internet including home thermostats, security systems, medical devices, refrigerators, televisions, cars and toys. Our homes have become filled with these devices including Alexa and Siri. The FBI has longed warned consumers about the dangers of posed by hacking of various devices that makeup the Internet of Things. Here is a link to the FBI warning. https://www.ic3.gov/media/2018/180802.aspx Cybercriminals hack into your devices that are a part of the Internet of Things to enable them to enlist your devices as a part of a botnet by which they can distribute malware while maintaining their anonymity. They also can hack into your Internet of Thing devices to access your home computers to steal information for purposes of identity theft or to implant malware on your home computers. The risks are extreme, but there are some basic steps you can take to protect yourself.
Identity theft dangers are everywhere, but particularly at busy airports. People are quick to dispose of their boarding passes after they have landed by merely tossing them into a trash receptacle, but your boarding pass barcode can be easily decoded by an identity thief who retrieves your discarded boarding pass from which he can gain much information including information about your frequent flier account which can be used to make you a victim of identity theft. All an identity thief needs is a barcode scanner which can easily be obtained online to access a wide range of information that the airline has about you on your boarding pass including, for some airlines, your email address, phone number and more. In addition, a clever identity thief can leverage this information by posing as the airline in calling you, providing your account number and then tricking you into providing more personal information that can be used against you.
Automated robocalls which, for commercial purposes, are illegal, are the number one consumer complaint reported by the public to the Federal Trade Commission (FTC) at a cost to consumers of billions of dollars each year. Robocalls are used by scammers to perpetrate a wide variety of scams. Recently the Attorneys General for all of the states except Alaska and South Dakota filed a lawsuit against Avid Telecom, a company accused of making 7.5 million robocalls to people who have registered their names on the Federal Do Not Call List since 2019 in violation of the law. The lawsuit also accuses Avid Telecom of using robocalls to perpetrate Social Security scams, Medicare scams, auto warranty scams, Amazon scams, DirecTV scams and credit card interest rate scams as well as illegally using spoofing to make their calls appear as if they were coming from legitimate governmental agencies such as the FBI.
A variation on an old Facebook scam has recently resurfaced. In the new scam you receive a Facebook Message that merely says “Look Who Died?” and is followed by a link that leads you to a website where you are prompted to provide personal information that will be used to make you a victim of identity theft. Alternatively, merely clicking on the link, in some instances, has downloaded destructive malware to your phone, computer or tablet.
Recently in Colorado Phil Tamchin thought he was responding to his real estate agent who requested ten days before the scheduled closing that he wire the $730,000 for the purchase of his new home to the real estate agent. He did so, but the email didn’t come from his real estate agent, but came from a scammer. Fortunately, the bank where the funds were sent had put a hold on the account after red flags were raised and the funds were able to be sent back to Mr. Tamchina. Many other victims of this scam, however, haven’t been as lucky.
Phishing emails, by which scammers and identity thieves, posing as familiar companies with which you do business, attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new. They are a staple of identity thieves and scammers and with good reason because they work. As always, they lure you by making it appear that there is an emergency that requires your immediate attention or else dire consequences will occur. Recently security company Check Point Research issued a report indicating which companies names and logos were most used by scammers when creating phishing emails. Topping the list was Walmart followed by package delivery company DHL, Microsoft, LinkedIn, FedEx, Google and Netflix.
The most effective scams are the ones that capitalize on real things that apply to you. Many people are familiar with the REAL ID, which is a new version of your driver’s license mandated by federal law. The federal REAL ID Act established new security requirements for driver’s licenses and identification cards with which all states must comply and which will eventually be needed by you if you wish to board an airplane or enter certain federal facilities although you can still do so if you have a passport. The original date by which you had to get a REAL ID was set at October 1, 2021, however due to the Coronavirus pandemic, the deadline was postponed until May 3, 2023. However, in December of 2022, the deadline was extended again. The new deadline is May 7, 2025. This is both good news and bad news. It is good news because it gives you more time to get your REAL ID, but it is also bad news because it gives scammers more time to contact you posing as governmental officials seeking your personal information under the guise of helping you apply for your REAL ID when their real purpose is to harvest your personal information and use it to make you a victim of identity theft.
The Hattiesburg, Mississippi police department recently issued a warning about increased reports of a scam in which scammers appear to share posts on Facebook buy-sell groups about a missing child. Quite often, people on the buy-sell group will share the post in an effort to help find the missing child. Once the post has been shared in large numbers, the scammer then edits the post to share a wide variety of scams instead of the original post dealing with a fictional missing child. In this way, the scammer gets unsuspecting people to help spread a scam to large numbers of people. When they make these posts the scammers often disable comments so that if someone sees the post, they won’t see comments from people who have identified the post as a scam.
I have been warning you about the jury duty scam for ten years, but it continues to snare many unwary victims. Recently the Oregon Judicial Department issued a warning about jury duty scams in Oregon in which people were called on the phone by scammers posing as court officials threatening legal action if the targeted victim did not pay a fine by purchasing a gift card and then giving the card numbers over the phone to the scammer. This scam is not limited to Oregon and is being perpetrated around the country. This scam has been used effectively for years by scammers to con people out of their money or make them a victim of identity theft.
The Super Mario Brothers Movie has been a huge hit. As of May 19, 2023, The Super Mario Bros. Movie has grossed $539.5 million in the United States and Canada, and $689.5 million in other territories, for a worldwide total of $1.23 billion. It is the highest-grossing film of 2023, and became the highest-grossing film based on a video game after just one week of release. While it is still in theaters, since mid May it has also been available to rent on streaming services Amazon Prime and Apple TV for $25. However, there are a number of websites that are offering bootleg versions of the movie for free online. While all of these sites are violating the law, some of them do not actually provide the movie, but instead just steal your money and your identity.
Scam of the day – June 19, 2023 – FTC Refunding Millions to Victims of Student Loan Debt Relief Scam
In 2019 I told you that the Federal Trade Commission sued Arete Financial Group alleging that Arete charged illegal upfront fees for their services. However, according to the FTC, Arete’s crimes did not end there. In its lawsuit, the FTC alleged that Arete would change their clients’ Federal Student Aid (FSA) login ID, password and contact information with their clients’ loan servicer which effectively eliminated contact between the borrowers and their loan servicers. This enabled Arete, according to the FTC, to place the borrower’s loans into temporary forbearance or deferment status without the borrower even being aware of this. Thus when the borrowers sent their payments to Arete that they were told would be credited toward their loans, the money actually was kept by Arete. Some of Arete’s clients saw their loans become delinquent and their income tax refunds garnished to pay for overdue loan payments. The victims of the scam also lost the money they paid to Arete that was intended to be applied toward their loans.
In the recent case of Rachel Smith, of Nashville Tennessee, she received a call purportedly from a border patrol officer in El Paso, Texas who told her that they had seized a package that appeared to have been sent by her containing illegal drugs. She was then told that they understood that someone was using her name for illegal purposes, but that in order to protect her money she should withdraw all of the money in her bank account and deposit it into a Bitcoin ATM account provided by the purported federal officer. She was then told that she would be getting a call from a DEA officer to arrange for her to pick up a check for her money the next day. The call never came and the money she turned into Bitcoin was gone forever.
WeChat and Weixin are a Chinese instant messaging, social media, and mobile payment app developed by Tencent. First released in 2011, it became the world’s largest standalone mobile app in 2018 with over 1 billion monthly active users. The Federal Trade Commission is warning people about investment scams being perpetrated through WeChat. The scams start with a barrage of social media posts urging people to invest in various household good and electronics promising returns of between 20% and 40% in one to three months. The social media posts showed pictures and told the stories of phony successful investors making huge profits, all of which were lies. The scammers used WeChat groups to lure people into paying triple the price for iPhones, laptops and furniture in exchange for the promise to return the payments plus profits within three months. At first, as is the case with all Ponzi schemes early “investors” were paid the promised profits, however, as with all Ponzi schemes, there were no profits. The early “investors” were merely paid with the funds paid by later “investors.” Ultimately, the vast majority of investors lose everything.
Identity thieves send emails purporting to contain a link to an electronic Father’s Day card, but instead of an electronic greeting card, what they actually are sending is malware that becomes downloaded when the victim clicks on the link. A common type of malware sent by criminals is keystroke logging malware enables an identity thief to steal personal information from the victim’s computer that can be used for purposes of identity theft. In other instances, the malware is ransomware which will encrypt all of your data which the hacker threatens to destroy unless you pay a cryptocurrency ransom.
The first rule in avoiding malware infected apps is to only get your apps from the Google and Apple official app stores. Both of these do their best to weed out malicious apps. Last year Apple reported that it rejected 1.7 million app submissions and Google indicated that it banned 173,000 developer accounts from Google Play. However, catching malicious apps is like a game of whack-a-mole. As soon as you stop one malicious app, another pops up. In the past clever scammers would submit apps without malware that they then would update with malware later after the app had already been vetted by Apple or Google.
Here we go again. Health insurance company Harvard Pilgrim recently disclosed that it had suffered a major data breach and ransomware attack affecting more than 2.5 million people. This particular data breach is quite serious because among the records compromised...