Scam of the day – August 11, 2022 – Phony Health Insurer Agrees to Refund 100 Million Dollars to Scam Victims
There is no question that researching health insurance plans can be very confusing. Unfortunately there have been many instances where scammers have exploited this confusion and sold worthless programs to people. Recently the Federal Trade Commission (FTC) settled a complaint it brought against Benefytt Technologies, Inc and its partners who misled people into thinking they were buying Affordable Care Act (ACA) compliant heath insurance or product with the same benefits as ACA insurance, but instead sold their victims products they didn’t want or need leaving them unprotected when they needed to access what they thought was their health insurance.
Recently, Israeli law enforcement arrested three people accused of operating a sophisticated binary option scam that stole millions of dollars from their victims.
Geek Squad is a subsidiary of big box store chain Best Buy and it offers excellent tech support for electronic devices including televisions and computers. They are a popular company used by many people. Lately, scammers have been sending phishing emails that appear to be Geek Squad invoices. In February 12th’s Scam of the day I showed you one of those phishing emails that appeared quite convincing. It looked like a legitimate email from Geek Squad, although the grammar was not particularly good which is one of many indications that it was a scam. These types of phishing emails are intended to lure you into contacting the scammers where you will be prompted to provide information that will lead to your becoming a victim of identity theft.
Impostor scams have long been among the most lucrative for scammers. While there are many variations of this scam, the most common variations have involved scammers calling their intended victims on the telephone posing as some governmental agency such as the, FBI, IRS or the Social Security Administration. The scammer then, under a wide variety of pretenses, demands an immediate payment by gift cards, credit card or wired funds. Being asked to pay by gift cards is a definite indication that the call is a scam since no governmental agency requests or accepts payments by gift cards. Alternatively, the scammer demands the victim supply the phony governmental agent with personal information such as your Social Security number which will then be used for identity theft purposes.
Remote access scams are increasing and when the scammer posing as your bank lures you into providing remote access to your bank account, the result can be disastrous. In one instance, the scam started with a phone call from a scammer posing as an employee of Avast, a popular security software company. The scammer told his victim that due to the Coronavirus, the company could not continue to provide services to him and that they would be refunding him $500. The scammers then told him that they had mistakenly refunded thousands of dollars into his account and therefore needed to get remote access to his bank account in order to withdraw the excess amount “mistakenly” sent to him. The victim fell for the scam and provided them remote access to his account whereupon they emptied all of his bank accounts. By the time the victim realized he had been scammed and reported it to his bank, the money had been already withdrawn from both his bank and the bank to which the scammers had the funds in his account transferred.
Receiving a telephone call from a debt collector is not a pleasant experience. Being hounded by someone attempting to collect a debt you do not owe constitutes fraud. In 2019 the Federal Trade Commission (FTC) settled a complaint that it had brought against the operators of several phony debt collection services using names such as GAFS Group, Global Mediation Group and Mediation Services and now the FTC is sending money to the victims of the scam by either a PayPal payment or a check in the mail.
I have written many times over the last ten years about the mystery shopper scam because it continues to ensnare unwary victims. Unfortunately, these scams continue to be effective and are increasing in number so it is important to remind you about them again. Mystery shoppers are people hired to shop at a particular store and report on the shopping experience for purposes of quality control. Unlike many scams, there actually are legitimate mystery shopper companies, but they never advertise or recruit through emails, text messages or letters.
The manner in which the scam generally works is that when you answer an advertisement, or respond to a letter, email or a text message to become a mystery shopper, you are sent a bank check. You deposit the check into your own account and spend some of the money on the goods that you purchase which you are allowed to keep and also are directed to keep some of the balance of the check as payment for your services. You are instructed to return the remaining funds by a wire transfer.
Everyone loves coupons and like many things in our lives, coupons which used to be found commonly in newspapers and magazines have migrated online. In recent years scammers have been perpetrating phony coupon scams on social media. Among the companies affected by these phony coupons were Bath and Body Works, Costco, Aldi, Starbucks and Trader Joe’s. As I have warned you many times in the past, Facebook has become a hotbed for phony online coupons. The phony coupons looks quite legitimate which means nothing because it is very easy to copy the company logos and make the coupons appear to be genuine.
Since the start of the pandemic, many people turned to online merchandisers to buy Personal Protective Equipment (PPE) such as masks, face shields and sanitizers. Unfortunately, some online merchandisers who promised customers quick delivery either did not deliver the products in a timely fashion, or, even worse, failed to send anything at all. In August of 2020 I told you that the FTC filed lawsuits against the companies Glowyy and American Screening, LLC alleging these companies failed to deliver their products as advertised and in some instances did not deliver the products at all. According to the FTC, these companies also failed to notify customers of delayed shipments, failed to offer refunds, failed to honor refund requests and in some instances sent defective items. Now two years later, the FTC has won its cases against both Glowyy and American Screening. Pursuant to the court’s judgment they will be required to pay more than 17.6 million dollars to the FTC to be refunded to defrauded customers. As more details become known about the specifics of the refund program, I will report them to you.
Recently the Virginia State Police issued a warning about an increase in phone scams in which the caller poses as a law enforcement officer who tells the targeted victim of the scam that his or her identity has been stolen and used by someone who has committed a crime using their name and that there is an arrest warrant for the targeted scam victim. The scammer then goes on to tell the targeted victim that the criminal charges will be dropped if the targeted victim makes a payment either through wiring funds or by sending gift card information. While this warning was from the Virginia State Police, this scam has been widely reported around the country.
Data breaches continue to a major problem for all of us. Regardless of how well you protect the security of your personal information on your own computers and devices, you are only as safe as the places that hold your information with the weakest security. In just the last three weeks I have informed you about data breaches as T-Mobile, Neopets and Marriott affecting millions of people and now we have learned about a data breach at Twitter affecting 5.4 million Twitter users. Compromised information includes email addresses and phone numbers which although not as threatening to your well being as Social Security numbers, bank account information and credit card numbers still puts you in jeopardy of identity theft.
I first reported to you about a massive data breach at Uber in a Scam of the day in November of 2017. Unfortunately, the data breach had actually occurred in 2016 and Uber did not disclose that it had suffered the data breach until 2017. Personal information including names, email addresses and mobile phone numbers of 20 million Uber users and employees was stolen.
Federal law enforcement has recently arrested Fola Alabi accusing him of conducting a romance scam in which he scammed women, most of whom were between 70 and 80 years old and widowed or divorced out of approximately a million dollars According to the criminal complaint against him, Alabi contacted his victims on Facebook and other social media posing as an American Army General overseas. Among the names he used were General Miller, General Welsh, General Berrier and General Goddard. As is typical of these types of scams, after convincing his victims of his love for them, he manipulated them into sending him money under a wide variety of pretenses. One of the women sent him $334,000.
Scam of the day – July 29, 2022 – T-Mobile Agrees to $500 Million Dollar Settlement of 2021 Data Breach
Now T-Mobile has settled a class action brought against it by victims of the data breach. According to the terms of the settlement, the company will pay $350 million dollars to settle the claims of the victims and spend an additional $150 million dollars to improve its cybersecurity. Typical in such settlements, T-Mobile did not admit any negligence or wrong doing, however, anytime a company pays a half a billion dollars to resolve a claim, it can be pretty much understood that it is an admission of liability even if not said so in so many words.
It started out in November of 2017 as a feel-good story about Johnny Bobbitt, a homeless veteran, who, according to the story reported throughout the media, gave his last twenty dollars to Katelyn McClure a stranded motorist who had run out of gas at the side of a road in Philadelphia, The story continued with McClure and her then boyfriend, Mark D’Amico starting a GoFundMe account for Bobbitt that raised $400,000 of donations from more than 14,000 people touched by the story. But then the story began to unravel. First, Bobbitt sued McClure and D’Amico alleging that they shared little of the money raised with him, but instead used the money to fund a lavish lifestyle. Eventually all three had criminal charges of conspiracy and theft by deception brought against them by prosecutors alleging that the entire story was a sham and that the three concocted the story in order to scam people into making donations. According to prosecutors, the three had met at a casino and came up with the scam. The story about being stranded by the roadside, prosecutors say, was totally fabricated. It should be noted, however, that the one truth in this entire story is that Johnny Bobbitt was a homeless veteran.
Scam of the day – July 25, 2022 – New Report Highlights Flaws in Postal Services Change of Address Service
I have warned you a number of times in the past about the danger of identity theft that occurs when criminals steal your mail from your mailbox. Among the dangers of mail theft are criminals gathering personal information contained in your mail to set up accounts in your name or getting your credit card bill and using the information in your bill to access your credit card. However, sometimes the criminals don’t even have to steal your mail, they can get the United States Postal Service USPS) to deliver your mail directly to the criminal by submitting a change of address form with the post office on your behalf either in person or online that results in your mail being sent directly to the criminal.
During the heatwave that is gripping much of the country, winning a free air conditioner can be very attractive which is why, quite frankly, scammers are sending out phishing emails that appear to come from Lowe’s Home Improvement that tell the recipients of the email that they have just won a free air conditioner, in a sweepstakes that they never entered.
Data breaches have become a part of every day life and their numbers continue to increase. In the first three months of 2022 alone there were 404 major data breaches. The latest major data breach involves Neopet which is a virtual pet website used by millions. Earlier this week, Neopets confirmed that it had suffered a major data breach in which usernames, email addresses, passwords, dates of birth, and other information of 69 million of its users were stolen in a data breach. The stolen data is already being sold to other cybercriminals on the Dark Web, that part of the Internet where criminals buy and sell goods and services.
With the Coronavirus pandemic waning, more and more people are intending to take a summer vacation and for many people that means renting a car. The bad news is that due to so many people wanting to rent cars there is both a shortage of cars to rent and the cost of renting a car has increased in many cases dramatically. However, your friendly neighborhood scammer is more than willing to help you out. They are setting up phony car rental company websites and websites that appear to be those of legitimate car rental companies such as Avis or Hertz.
In 2019 I told you that the Federal Trade Commission (FTC) and the Attorney General of Missouri settled charges of sweepstakes fraud it brought against Kevin Brandes, William Graham and their shell corporations regarding deceptive mailers they sent to their mostly elderly victims around the world with headings such as “Congratulations, You Have Just Won $1,230.946.00” Other mailers invited the victims to play “games of skill” without clearly disclosing the fees that they had to pay. The final round of the game consisted of a tremendously complex mathematical puzzle that was pretty much unsolvable. Many victims of the scam paid time and time again to play games that were rigged against them. The defendants turned over more than 24 million dollars in cash and personal property that was sold to raise further funds to be used to make refunds to victims of the scam. Now the FTC is using those funds to reimburse victims of the scam. The FTC is making payments through PayPal and by checks. Checks must be deposited and PayPal payments must be claimed no later than October 17, 2022.
In 2010 the Federal Trade Commission (FTC) obtained permanent injunction against Publishers Business Services and its officers shutting down its illegal magazine telemarketing scam. Publishers Business Services called its victims pretending to conduct a survey. At the end of the phony survey they offered free or low-cost magazine subscriptions, but within weeks billed their victims hundreds of dollars for the magazine subscriptions. Now the FTC got a further court order holding the officers of Publishers Business Services financially responsible for their scam.
People who are having difficulty paying their car loans often turn to companies that promise that they can get their payments lowered. While some refinancing companies are legitimate, many unfortunately are scammers who make big promises and take your money, but provide no services in return.
I have been warning you about sextortion scams for seven years, but a story reported on CNN indicates how this scam can become deadly. Ryan Last was a 17 year old California boy who corresponded with someone online pretending to be a teenage girl who sent a nude photo purporting to be of herself to Ryan and asked him to share a nude photo in return. When he did the scammer then demanded $5,000 or else the scammer said he or she would post the photo online and send it to Ryan’s family and friends. Overwhelmed by the situation, Ryan committed suicide that night.
Data breaches have become a part of every day life and their numbers continue to increase. In the first three months of 2022 alone there were 404 major data breaches. The latest major data breach involves Professional Finance Company (PFC) which operates a debt collection service for thousands of health care organizations to process customer and patient unpaid bills and outstanding balances. This month PFC disclosed that it was hit with a ransomware attack last February
Since the start of the pandemic, a moratorium on federal student loan repayments has been extended seven times, most recently in April with the extension now ending on August 31st. The sudden resumption of payments by 40 million student loan borrowers at that time will surely prompt scammers to contact students and their families with a wide variety of scams related to repayment or forgiveness of student loans. Some scammers will be contacting students posing as the student’s loan servicer. In order to verify that you are being contacted by your real loan servicer, you can go to the Department of Education’s federal student aid website where you can get detailed information on your current student loan servicer including contact information. Here is that link. https://studentaid.gov/
Deed fraud, which is also referred to as “property title theft” occurs when a criminal files a counterfeit deed to property owned by someone else and then either lives in the property or even sells the property to an unwary buyer. Deed fraud most commonly occurs after a homeowner dies. Enterprising criminals monitor the obituaries looking for homes owned by people recently deceased and then forge a deed to the property and record it in the local Registry of Deeds.
Microsoft recently issued a number of critical security updates for a wide range of software. Microsoft has said that if these updates are not installed, your system is vulnerable to being taken over by hackers. If your Microsoft products are not automatically updated, it is critical that you update them yourself as soon as possible.
According to FBI Special Agent Sean Regan, scammers are using the popular business networking platform LinkedIn to lure unsuspecting victims into cryptocurrency scams. The scams start when the scammer creates a phony profile on LinkedIn and then contacts other LinkedIn users initially with innocuous communications designed to establish trust. After a while the conversation then turns to cryptocurrency investments with the scammer first directing the scammer to a legitimate cryptocurrency investment platform, but then after a few months the scammer advises the targeted victim to move the cryptocurrency account to another cryptocurrency site, but this time, the site is a phony one set up the scammer and although it looks legitimate, it is a total scam. Once the funds are transferred to the scammer’s phony cryptocurrency site, which, by the way can look quite legitimate, the scammer takes the money and runs.
July 12th is the beginning of Amazon Prime Day. I say the beginning because Amazon Prime Day actually extends from July 12th through July 13th. Amazon Prime Day is a global promotion of Amazon featuring sales on a variety of items available solely to Amazon Prime members. There is always great interest in Amazon Prime Day and as with everything else that attracts great interest by the public, it also attracts great interest by scammers who are eager to take advantage of people participating in Amazon Prime Day.
In the most common versions of this scam circulating on the Internet today, you are promised great sums of money if you assist a Nigerian or someone elsewhere in his effort to transfer money out of his country. While we refer to this type of scam as the Nigerian Email Scam, as indicated in the email below, not all versions of this scam have a connection to Nigeria as indicated in the email copied below. Common variations of the scam include the movement of embezzled funds by corrupt officials, a dying man who wants to make charitable gifts, a minor bank official trying to move the money of deceased foreigners out of his bank without the government taking it or, as in this case, abandoned funds.
Recently there have been an increase in scams involving scammers convincing their victims that they are eligible for large government grants if they merely pay a processing fee. This is a scam. The federal government does not charge fees for applying for grants. Additionally, the scammers perpetrating this scam also often ask for personal information such as your birth date and Social Security number which they use to make you a victim of identity theft.
Recently Ian Hosang, of Staten Island, New York was charged with sixteen criminal counts related to allegedly forming 23 fraudulent charities and collecting at least $152,000 in donations that the Brooklyn District Attorney Eric Gonzalez said Hosang kept for himself and never used for any charitable purposes. Many of the phony charities he is accused of creating included he words “American Cancer Society” or “United Way” and added other language to mislead potential donors into thinking they were donating to established, legitimate charities. One of the charities he created was the “American Cancer Society for Children” which had no relation to the legitimate American Cancer Society. In fact, none of his charities were connected in any way with the legitimate American Cancer Society or United Way.
As I explained to you in 2017, anyone who lost money due to scams that involved payments by Western Union between January 1, 2004 and January 19, 2017 had until May 31, 2018 to file a claim to be reimbursed through funds derived from Western Union through the settlement. However, the Department of Justice (DOJ) for a second time has reopened the refund process and you now have until August 31, 2022 to file a claim.
The Marriott hotel chain confirmed that it has suffered yet another data breach, this one at its BWI Airport Marriott Hotel in Maryland with between 300 and 400 guests at the hotel having their credit card information stolen along with personal information of the hotels employees as well.
According to AAA the average price for a gallon of gas in the United States today is $4.82 and in many states, the price is even higher. It therefore comes as no surprise that consumers are desperate to get some relief from these high prices and scammers are there, as you might expect, to add to your woes. Recognizing the desire for relief from high gas prices, the Federal Trade Commission (FTC) says scammers are calling, texting and emailing people posing as government representatives of the federal Fuel Relief Program offering assistance. All you need do, they tell you, is provide some personal and financial information in order to be eligible for the program. Unfortunately, there is no such program and if you provide your personal or financial information to the scammer, you will end up becoming a victim of identity theft.
Recently there has been an increase in reports of scammers calling people on the telephone and telling them that they have won one of the Publishers Clearing House lotteries, but that they have to pay fees or taxes before being able to claim their prize. In addition there are reports of targeted victims receiving phony notifications by regular mail that they have won a Publishers Clearing House lottery, but that again they must pay fees or taxes before being able to receive their prize. The FTC has indicated that last year consumers lost 185 million dollars to sweepstakes and lottery scams
Many scammers send out emails or text messages purportedly from the IRS or any of a number of state and federal agencies in which they require you to provide personal information under the guise of some emergency. They do this because if they can frighten you enough to act during the holiday in some instances you will be unable to confirm with the real entity as to whether the communication is legitimate because all of these entities will be closed on the Fourth of July. If you provide the requested information, it will be used against you to make you a victim of identity theft.
According to a study by Javelin Strategy & Research more than 1.25 million children became victims of identity theft last year and the true number is probably much greater because in many instances child identity theft is not discovered until the child reaches age 18. Identity thieves steal the identity of a child and then run up large debts using the credit of the child, who generally does not become aware that his or her identity has been stolen until he or she reaches older teen years when the teenager might first apply for a car loan or financial aid for college.
Earlier this week, the FTC sued Walmart alleging that for years the company was complicit with scammers who used Walmart money transfer wire services to receive payment for a multitude of scams including lottery scams and the grandparent scam. According to the FTC, between 2013 and 2018, Walmart customers lost between 197 million dollars and 1.3 billion dollars to scams by which payments were made to scammers by way of Walmart money transfer services. For its part, while Walmart did not actively participate in the scams, the FTC alleges that they turned a blind eye to such scams, allowing suspicious transfers and having poor policies to prevent such transfers from occurring all the while collecting millions of dollars in fees for the use of their money transfer services.
Recently the Consumer Financial Protection Bureau (CFPB) and the New York Attorney General settled its claims against Vantage Point, a company that operated an illegal debt collection business. The FTC is now refunding money to the victims of the scam.
For the last year multiple Facebook accounts have posted posts like the one reproduced below with a photo of comedian Ellen DeGeneres (not Ellen Degeeneress, as the scammers refer to her in the posts) promising to pay $750 to random winners. The scam’s goal is to get people to either provide personal information that will be used to make them victims of identity theft or to click on links that will download dangerous malware such as ransomware or keystroke logging malware that can lead to identity theft.
Many people are reporting receiving text messages that appear to come from UPS or Federal Express indicating that it is necessary for you to update your delivery preferences. In order to do so you are asked to click on a link and provide personal information. Unfortunately, if you click on the link one of two things will happen. Either you will be taken to a page where you provide your personal information to a criminal who will use the information to make you a victim of identity theft or you will download dangerous malware, such as ransomware, merely by clicking on the link.
One Amazon related scam starts with an automated phone call that tells you that a purchase has been made on your Amazon account that appears to be fraudulent. You are then prompted to press 1 on your phone to speak with an Amazon representative to discuss the apparent fraudulent charge on your account. If you fall for the scam and press 1 to speak with an Amazon representative, you will actually be speaking with a scammer posing as an Amazon representative who will ask you to confirm the credit card number attached to your Amazon account. Anyone providing that information will soon become a victim of identity theft and credit card fraud.
Trojan subscribers are malicious code that cybercriminals add to legitimate apps and then upload them to app stores under a different name. The apps can be for a variety of purposes, such as monitoring blood pressure or scanning documents. When someone downloads one of these infected apps, he or she doesn’t realize that the Trojan subscriber will automatically subscribe to a paid service without the person who downloaded the app being aware of it. Generally, the cybercriminals who create and use Trojan subscribers get paid a commission on each new subscription to a paid service.
While some of the postings described above urging people to click on links or share the posting are legitimate, unfortunately often they are not. Often they are done to take advantage of Facebook’s algorithms that value the popularity measured by likes and shares which causes the posts to appear on the Facebook pages of more people. Although the original content liked or shared may appear sincere or entertaining, the scammers who use this technique, which is called “farming,” then are able to change the content of the post to something entirely different from what was originally shared or liked. This is done for purposes of sending advertising or gathering marketing information, but, at its worst, it also can be used to send malware infected content such as keystroke logging malware that can steal personal information from your computer and use it to make you a victim of identity theft.