Nigerian 419 email scams live on

I saw this one just today. It’s a doozy:

From: The Desk Of Mr. James Dike
Reference: GTBank Plc.
Address: 402, Lagos-Abeokuta Expressway, Abule-Egba, Lagos State, Nigeria.

Attention: $10.5M ATM Fund Beneficiary,

I am Mr. James Dike, the new appointed ATM Head of Operation Department Guaranty Trust Bank Nigeria PLC, I resumed to this office on the 1st of this month and For your information i have been empowered and instructed by the new elected President Federal Republic of Nigeria Gen. Muhammadu Buhari to pay all outstanding debt payment to the rightful beneficiaries and summit my payment report to his office with immediate effect and any payment that is not paid before the end of this month will be cancelled and the fund will be returned to the Federal Reserve Oil Account.

So, during my official research last week I discovered an abandoned ATM Master card valued sum of $10.5Million with card number 5321452123409380 belonging to you as the rightfully intimate beneficiary. I tried to know why this card have not been released to you but I was told that the formal ATM head of operation who left this office two months ago withhold your card for his own personal use without knowing that I will not approve or support him to take your card.

Now that your ATM Master card is still available for you to pick it up here in our bank. I want to know how you wish to receive your ATM card along with your four digits pin code number. You can come down here in our bank to pick up your card direct from my office or alternatively it can be send to your address through any registered reliable courier service company that you will take care of the courier charge. I don’t know the cost of shipping the card to you but if you permit me I can make an inquiry from the courier shipment company to find out the cost, but in that case you will be required to forward to me your shipment address to enable me find out the shipment cost to your location.

Your direct telephone number and address will be needed and more details of your ATM Master card payment will be made known to you as soon as I receive your swift positive response, to enable you know the amount programmed for your ATM Master Card daily withdrawal.I will send your ATM master card information including your Card Pin Code as soon as you declare your choice of receiving your ATM card so as to enable you receive your card and start making use of it to withdraw at any ATM card machine all over the world as programmed.

Do not hesitate to call me on +234 802-850-0459 as soon as you read this mail.

Thanks for your co-operation.

Yours Faithfully,
Mr. James Dike
ATM Head of Operation Department
Guaranty Trust Bank Nigeria Plc.
Tel: +234 802-850-0459.

A lot of us have become jaded when it comes to the old Nigerian 419 scam. Even though this one takes a different angle and doesn’t mention an exiled prince, for many of us, it’s easy to see through. We probably wouldn’t even read it…”$10.5M” in the subject line would be enough to trigger our “delete” reflex.

But somebody still falls for it. If they didn’t, these emails wouldn’t happen anymore. So while you may have become almost flippant about the Nigerian 419 scam, remember that there are still people who haven’t heard about it yet. If someone you know starts talking about an impending payout from a mysterious source, or mentions their plans to wire money overseas, it might be time to educate him or her.

Free Disney Vacation Scam Alert

If you haven’t already, at some point very soon you are going to see this image on Facebook:


The hook is this: like the photo, share it, then visit a website to enter a contest for a free Disney World vacation.

Here’s the problem: the Facebook page this image resides on is NOT the official Disney World page. It is an impostor designed to trick users into liking the page. Once enough people have done so, the page content will be changed to push other scams into the news feeds of the people who liked the Disney page.

Now, why am I such a downer? Why am I trying so hard to make people sad? How do I know it’s a fake Disney page?

Well, look at this screenshot for a moment (click to see it full-size):


Do you see what it says next to the profile picture? I’ll zoom in a little so you can read it better (click for full size):


It says “Walt Disney-World.”.

Notice the dash.

Notice the period.

Notice the category: “Transport/Freight.”

Notice the lack of the blue “Verified Page” checkmark next to the name.

Do you think for one moment that a company the size of Disney would have ITS OWN NAME written incorrectly on its own Facebook page? Look at any official Disney website or product. Do you see “Walt Disney-World.” anywhere?

Do you see Walt Disney World train cars and semi trailers all over America’s railroad tracks and roadways, delivering jars of pickle relish and car parts and textiles? No? That’s because Disney World is a theme park, not a transportation and freight business.

Do you believe Disney World’s official Facebook page would have 20,000 likes (as of today) and ONE lousy post? And no link to the official Disney World website?

These, and a dozen other points, are your free ticket to knowing that this Facebook page and offer are a scam.

Go look at Walt Disney World’s official Facebook page. Notice:

  • 14 million likes
  • The name is correctly punctuated (which is to say there is NO punctuation)
  • The category is listed as “Theme Park,” which is correct
  • The checkmark next to “Walt Disney World.” This means Facebook has verified that the page is official. You can hold your mouse over the checkmark and a little window will pop up that says “Verified Page”
  • Posts going back to 2009
  • Multiple posts, pretty much every day

I’m taking a pretty emphatic tone because I want people to stop falling for fake Facebook pages. I’m tired of seeing people I know get taken in by this stuff because it helps crooks spread spam and fraud to millions of people. If you see this photo and post in your Facebook newsfeed, please do the following:

  • DO NOT SHARE, LIKE OR COMMENT ON the page yourself
  • Tell whoever shared it or posted it that it is a scam and that they need to unlike the page right away; point them to the real Disney World page if they don’t believe you
  • Go to the fake page and Report it as fraudulent to Facebook
  • Share this article, or this one from the Consumerist if you can’t bring yourself to take my word for it

I don’t Facebook much anymore, but I’ve always lived by an “If it’s being shared a lot on Facebook, it’s probably not true” code. It’s a pretty accurate rule, and the stuff that IS true you’ll hear from credible sources eventually anyway.



If you use LastPass, it’s time to change your Master Password

I’ve been encouraging people to use password vault tools like LastPass for years. These browser plugins are great for keeping track of dozens of strong passwords (the hard-to-hack kind that nobody can remember) across all the websites you log in to.

However, LastPass recently announced they had discovered and blocked suspicious activity on their servers; “LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.”

Now, this could be bad, bad news IF users’ master passwords had been accessed in plain text form. However, LastPass uses some pretty robust encryption (that’s what that business about salts and hashes in the quote is about). They don’t keep your master password in plain text anywhere. In other words, even with the information that may have been compromised, thieves would have an awfully hard time using any of the information.

Still, the company is encouraging users to change their master passwords as soon as possible. This will make it impossible for the hackers to log in using the information they took, even if they managed to un-encrypt it (the chances of which are near zero).

I also encourage you to make your master password a strong password. You may have to write it down and keep it somewhere safe, but encrypted or not, a brute-force attack will plow through “password1″ in well under a second. A strong master password can be irritating to type in, but it’s worth the trouble.

Two Quick Ones: Popups and “Please Open”

Just a couple very, very short fraud prevention tips to keep in mind:

  1. In most cases, legitimate websites will not ask for your username and password in a popup window. If you’re looking at a popup window that’s asking for this information, it’s time to double- and triple check that you’re actually on the website you thought you were visiting.
  2. If you get an email with the subject “Please open,” don’t. I know….rude, since they asked all polite an’ stuff. But don’t open the message, or any attachments. Just don’t do it.

Watch out for fake utility workers

It seems like as good a time as any to once again remind everyone to beware of burglars posing as utility company workers.

The usual setup starts with a knock on the door. The person standing on your doorstep claims to work for the electric or gas company, telephone company, or some other utility. They tell you they are in your neighborhood working on some or other problem, or performing routine maintenance, and ask to be shown to your circuit breaker (or whatever piece of hardware makes sense). Often they’ll even look like a real utility company employee, with a clipboard, nametag and possibly even a uniform.

While you’re showing them to the circuit breaker-or-whatever, an accomplice you didn’t see slips into your house looking for valuables or money.

It doesn’t really matter which type of company they claim to represent, the important thing to remember is that if a utility provider is going to need access to the inside of your house (which they almost never will), they will contact you ahead of time. They will not show up unannounced.

If someone is at your door and you were not contacted in advance, ask to see a badge or official identification, which they should gladly provide. Then politely ask them to wait while you close your door, lock it, lock any other doors, and call the utility company to ask if they’ve sent people to your house. Whatever you do, don’t let them in or call them out on being a crook. This type of scam differs from most in that it involves actual, physical proximity to the perpetrators, which can put you in danger of bodily harm.

Utility worker scams often target senior citizens, so make sure your friends, family and neighbors are aware of this type of crime, what to watch for and how to respond.

Anthem Data Breach: Let the scams begin

News of the massive data breach at insurance giant Anthem Inc. isn’t even a week old, and already the phishing scams have begun.

Phone calls and emails are already circulating that claim to represent Anthem and offer free identity theft protection to victims of the breach. These calls and emails are not from Anthem, but scammers attempting to obtain personal and financial information.

Anthem has stated that they will contact customers affected by the breach by mail over the next couple weeks.

That means postal mail, friends. The kind that’s on paper and comes in an envelope, delivered by that person your dog completely freaks out at six time a week. The letters will give you information on identity theft protection, as well as the next steps you should take.

If someone calls you on the telephone, they’re not from Anthem.

If you get an email message, it’s not from Anthem.

If you get a text message, that’s not from Anthem, either.

If some weirdo shows up at your door, they’re not from Anthem.

Okay, I don’t really think that last one is going to happen, but you never know. I’m trying to me preemptive, here.

Watch your mailbox if you’re a former or current Anthem (or Wellpoint) customer. The old-school mailbox. Any other communications that claim to be from Anthem are fraudulent.

You can also get information online here.

Data breach at Anthem, and it’s a bad one

Yesterday, health insurance leviathan Anthem Inc. announced that its databases had been hacked, and “tens of millions” of current and past customers (including Wellpoint customers, Anthem’s predecessor) could be affected.

This one is much worse than any of the major retail breaches you’ve heard about, because this time the hackers took names, Social Security numbers, dates of birth and addresses.  In other words, this means identity theft.

The retail breaches were irritating, sure. Your debit card might suddenly stop working, or you’d notice a fraudulent charge on your statement and you’d have to wait a few days to get that reversed. The stores would sign you up for free identity theft protection, which didn’t really help because it doesn’t block fraud on card transactions anyway. But you’d end up with a new debit or credit card.

The thieves in the Anthem breach didn’t get any credit card, debit card or account numbers, but the information they did take is exactly the information required to create false identities.

This could be much worse than not being able to use one of your cards for a couple weeks.

Anthem says it will notify affected customers by mail if their information was one of the affected accounts. When they offer free identity theft protection, this will be the time to take them up on it.

If you get a letter saying yours was one of the affected accounts, I would also recommend placing an identity theft alert or security freeze with the big three credit bureaus (Experian, Transunion, Equifax).

Maybe it’s time for “security freeze” to be the default setting for everyone, all the time. What happens after the single year of protection Anthem will (most likely) provide runs out? It’s not like the people who will end up buying this stolen data can’t just wait it out until after the protection expires. Maybe Anthem owes all of its customers free lifetime protection. Words like “very sophisticated external cyber attack” imply that the breach was unpreventable, but was it? We don’t know, and we might not ever.

At any rate, if you’re a current or former Anthem (or Wellpoint) customer, watch your mailbox for notification that your information has been compromised.


Beware of unsolicited offers

The phone rings. A caller identifies himself as representing a well-known and trusted local business. He’s calling to offer you a discount on their services.

“Hey, great, I need those services anyway,” you think, and agree to the offer and arrange for the work to take place.

And another scam is set in motion.

It’s been happening here in Northwest Indiana. A heating/cooling contractor from Illinois (with an F rating at the Better Business Bureau, maybe not-quite-incidentally) has  apparently been calling homeowners and claiming to be a well-known local business (with an A+ rating, also maybe not-quite-incidentally), with an offer for discounted duct cleaning. Workers show up, perform a shoddy duct-cleaning, then ask for more than the agreed-upon price.

So my fraud prevention tip today is this: be wary of unsolicited offers from local businesses. If you get a call, make sure to double-check with the actual business before you agree to anything. Use an official, published number from the real company’s website or trusted online source (or the phone book, if you didn’t just carry it directly from your front porch to the recycling bin) instead of the number that shows up on caller ID or the number given by the caller. If there’s a discrepancy, it could be a different (and unscrupulous) business posing as the real one.

Play Along at Home: Fake Target ‘Order Confirmation” Email

Here’s a picture of a fake “Order Confirmation” email I received recently. How many clues can you spot that indicate something is not quite right?


Here’s what comes up if you hover the mouse over the word “link”:


How many fraud indicators did you find?

Here are the ones I found:

  1. Very vague subject line: if this were an actual delivery confirmation, the subject line would usually refer to it in some way. It wouldn’t just say “Order Info.”
  2. The “From” information: is not a Target email address.
  3. The logo is wrong. No bullseye anywhere.
  4. “As Thanksgiving nears…” Thanksgiving was a couple weeks ago. Wrong holiday, dummies.
  5. The (attempted) conversational tone of the email: if you had an actual order to pick up, the email would begin with this information. Whichever holiday is approaching is absolutely irrelevant (for the store) to the fact that they’ve got merchandise they want you to pick up as soon as possible.
  6. The excruciatingly bad grammar. Go ahead, read it out loud. It’s beyond horrid.
  7. This isn’t even how in-store pickup orders work…the customer chooses which store to have their purchase shipped to, and that’s where it goes. That’s the only place it goes. You don’t just go to any random location because they don’t ship one to every single store when an order comes in.
  8. And what happens if I don’t “pick it” within four days? Again, not how online orders work.
  9. The stores aren’t called “”
  10. When you get a real order confirmation email, the order information is almost always included in the message. You don’t have to click a link to get to it.
  11. Speaking of links: Not a Target website.
  12. “Always yours,” Pretty sure they don’t refer to themselves as “” Or use “Always yours” as a closing.
  13. Not one single item in the “privacy policy” line at the bottom is an actual link.

So, I found thirteen. Did you catch any that I didn’t?

Stay vigilant.