All posts by FPU

A Healthy Dose of Skepticism for 2019

2019 is going to be a lot like 2018, and a lot like every other year in recent memory: there will be a couple new ways to become a victim of some form of scam or fraud, there will be a boatload of old, tried-and-true scams still making the rounds (some with slight variations that make them seem new), a few “latest threats” frantically shared on social networks that turn out to be hoaxes, at least one or two major data breaches (and dozens of minor ones), and a whole lot of information, both accurate and inaccurate, about all of it.

And so, as we approach the new year, my advice is to stick to one basic principle, and to always ask yourself, “Is this the way the world really works?” That little bit of skepticism can be your best friend when it comes to avoiding scams and rip-offs, as well as not being the person who spreads false information and hoaxes online.

A lot of people make health-related resolutions this time of year. But before you spend money on a dietary supplement being hawked by some A-list celebrity, ask yourself how you think that A-lister got into the shape he or she is in. Does it seem more likely that they took a pill (that’s only been on the market for a few months, mind you), or could it be the full-time nutritionist on staff, the live-in chef, the million-dollar in-home suite of workout gear, the live-in personal trainer and the fact that their entire job description, when not actively working on a project, is to stay looking as perfect as possible?

When you read a story breathlessly shared on Facebook about robbers using fake perfume samples to subdue victims in parking lots (an urban legend that’s been repeated in various forms since around 1999), take a moment to notice how unlikely the whole scenario seems in light of how quickly most criminals prefer to operate (to say nothing of how ether and chloroform actually work). Notice how many of the “I narrowly escaped this!” stories boil down to, “I saw a man in a parking lot, and then nothing happened.”

When you get an email telling you that you’ve won the Powerball Lottery, remember how lotteries actually work in the real world. You buy a ticket and wait for some ping pong balls to pop out of a big tumbler. You don’t just “have an email address and wait until you win.”

When the phone rings and the caller claims that he’s from the IRS, you didn’t pay your taxes, and that you’re going to be arrested today unless you pay up immediately by purchasing some iTunes cards at the drugstore and calling back with the information, ask yourself if any one part of the situation squares with how the IRS actually functions. (Hint: none of it).

You don’t have to become a cynic, but just remembering to think about a new claim or information before you act on it can be a powerful ally. And remember this: if someone is trying to make you afraid of some immediate (or even abstract) threat, and they tell you the only way to make the fear go away is to give them something (money, personal information, etc.), they are probably not telling the truth.

Avoiding Charity Scams

I sometimes repeat myself, and occasionally I’ll say something I’ve said before, too. But even if you’ve read or heard about charity scams before, it never hurts to have a quick reminder. It’s already November, and charitable giving comes up a lot this time of year.

I’ll keep it short: decide in advance which charitable organizations you wish to support instead of waiting for others to approach you. If you’re looking for a new cause, research before you donate.

When you already know whom you’re giving to, it makes it much easier to turn down those who call or email out of the blue because you won’t feel pressured. You can explain to callers that you’ve already done your giving for the year (and you can just ignore emails—I would hesitate to trust an out-of-the-blue request via email).

If you’re checking out a new charity, the go-to resource is CharityNavigator.org. This website tells you how much a charity spends on marketing and how much money makes it into their programs, gives executive salaries and other financial information, as well as an overall rating of the organization. No mainstream charity manages to have 0% operating expenses, but if you see one that devotes 99.5% of its revenue to salaries and marketing, with only 0.5% going toward programs, you know it’s one to avoid.

Pension Advance Schemes

If you receive monthly payments from a pension, settlement, lottery winnings, or other similar source, it’s a good idea to be aware of schemes that offer a lump sum cash payment in return for some or all of your income.

There can be good reasons for considering it. Living on a fixed income, such as Social Security plus a modest pension can make an unexpected expense (medical event, major house repair, etc.) difficult to pay for. By exchanging some of your pension payments over a certain amount of time for cash, you can cover those expenses without completely upending your life. It’s rarely an ideal situation, but it can work out.

(It can work out. It doesn’t always work out. It often doesn’t work out.)

It is extremely important to know exactly what you’re agreeing to before signing anything. No matter what language it’s dressed up in, these plans are loans. They are giving you a certain amount of money, and you’re paying back a larger sum over time.

There are a lot of companies offering this type of product, and I’m sure some of them aren’t actively trying to inflict harm. But there are tons of unscrupulous lenders offering pension advances that thrive by ripping people off.

Before jumping into a pension advance, I first would recommend looking for literally any other option. Got a credit union nearby? Start there. Ask about a personal loan.

If you really still want a pension advance, go in with the understanding that you are getting a loan, and proceed with extreme caution. What is the effective interest rate you’ll be paying? Some pension advance schemes are effectively charging a nearly 100% annual interest rate. If they deny that it’s a loan or won’t tell you a rate, walk away. Exactly how much will they take each month, and for exactly how long will you be paying them back? Get everything in writing, and the second something seems fishy, bail out and do not proceed any further.

What is Affinity Fraud?

At the beginning of Side 3 of Grand Funk Railroad’s 1970 Live Album, Mark Farner shirtlessly tells the audience this (edited for clarity):

Brothers and sisters, there people out there that look just like you, or maybe your brother…but they’re not. And when they hand you something, don’t take it. Don’t take it, okay?

Now, Mark was referring to the kind of party supplies that might circulate at a rock concert in 1970, but he also could have been talking about affinity fraud almost fifty years later.

Affinity fraud targets people who are members of a group, and uses that group identity to lure victims into the scam. Some of the most common targets are religious groups or church members, people with a shared ethnicity, or those who have served in the military. The con artist will be a member of the targeted group, or will claim to be, and attempt to recruit others to help bring in more victims.

Generally, these scams take the form of phony investments or Ponzi schemes.

There are a variety of ways to identify affinity fraud. Here are a few things to look for:

Is the person offering the investment using membership in your group as his “in?”

A shared identity can be a great way to build community, but remember that the human tendency to trust those we see as similar to ourselves can be used against us. Just because someone claims to be a member of your group doesn’t mean they are. There is no physical barrier to lying; “I’m the same as you” can be uttered by anyone, whether it’s true or not.

Are the investment materials (brochures, flyers, etc.) filled with symbols or phrases familiar to your group?

A con artist targeting members of a church might festoon his written information with symbols or scripture (some even go so far as to imply that the “opportunity” has been sent from above). On the other hand, a scammer going after veterans might use flags, ribbons or eagles. Humans are emotional, and we respond strongly to symbols, but be cautious around any kind of investment offer that seems to be hitting those symbols a little too hard.

 Are the promised returns extremely high, or is the investment presented as guaranteed or having little-to-no risk?

Real investments carry risk. There is always a non-zero chance you will lose some or all of your initial investment. An investment presented as “risk-free” or “guaranteed” is always going to turn out to be a scam, because that’s not how investing works. Any investment promising double-digit returns is to be taken with a grain of salt.

Do the returns hinge on you recruiting others into the fold?

That’s a Ponzi scheme. You will lose all of your money.

Is the broker licensed to sell investments?

Never invest through an unlicensed broker. Whatever your (or your group’s) opinion of regulations, licensing requirements, or government in general, anyone selling investments without a license to do so is breaking the law. What other laws is this person willing to break? What about the ones that make stealing illegal? And don’t fall for excuses like, “I’m not licensed because the government doesn’t want your group to have access to this amazing opportunity,” either. That’s just someone stoking your emotions to goad you into action.

The U.S. Securities and Exchange Commission has a nice PDF available for download that goes into more detail about affinity fraud and how to report it to the SEC.

(However, it doesn’t contain a single reference to Grand Funk Railroad. You gotta read my articles for those.)

Two Things That Scream ‘Investment Scam’

There are a million online articles about investment fraud and how to recognize the signs. And you can go the detailed route of researching the opportunity, checking out the broker with FINRA, asking if the broker is licensed and with whom, and other steps.

Or you can go the expedient route and just look at these two questions:

  • Is the return being described as “guaranteed” or “risk-free?”
  • Is the broker telling you the investment is a “secret?”

If the answer to either question is “yes,” do not proceed any further. You are about to fall victim to an investment scam.

There is no such thing as a risk-free, guaranteed investment. Companies can use the money you invest to make good decisions that increase profits, which comes back to you as an increase in the value of your share; or they can make poor decisions or get buried by  a changing marketplace. Either or both can happen, and past performance is not an indicator of future growth. Any broker telling you the investment will only increase in value, with no risk of loss, is lying.

Scammers posing as investment brokers will sometimes attempt to portray the alleged opportunity as a “secret” that only certain people are allowed to know about. Usually this is a tactic to convince a potential victim not to talk to anyone else. Outside input is dangerous to scammer, since it only takes a couple people saying “that sounds kinda shady” to threaten the whole operation. That aroma of secrecy can also be used to dodge questions such as, “Why can’t I find any information about this investment online?” The reason is because it’s not legitimate.

As for actual “secret” investment deals…well, you know those high-profile cases where people get put in jail for insider trading?

Now, just because an investment scam passes this little test doesn’t necessarily mean it’s real. A savvy con artist may present a more realistic pitch, at which point you’ll have to do more research. Another question you can ask: who approached who?

The Do Not Call Registry Doesn’t Stop Scam Calls (But Sign Up Anyway)

I’ve heard it dozens of times: so-and-so signed up for the Do Not Call Registry a year ago, but they keep getting scam calls, so obviously it doesn’t work. What’s the point?

And I’ve always replied: put your phone numbers on the list anyway.

Why?

Because it’s a filter.

When you put your phone number on the Do Not Call Registry, after a few weeks, you will stop getting calls…from legitimate businesses that use cold calls as their primary sales technique (telemarketers, in other words). Companies that do not want to be shut down for breaking federal laws.

You won’t stop getting calls from scammers. They’re not referring to the registry in the first place because they don’t care. At the same time, you will already know not to even bother picking up the phone, because you know that anyone calling once your phone number is in the Registry is willfully breaking the law. You already know they’re dishonest, without hearing a word they say. All you have to do it let it ring until it stops.

Utility Scams are an Ongoing Threat

It’s been a while since I brought up Utility Scams, so now is as good a time as any for a quick recap.

Utility Scams are an example of a distraction scam, and they generally target seniors. These scammers generally work in pairs. One will knock on the door and claim to work for the local utility company. He will claim they are testing something, or fixing something, or there’s some kind of urgent situation that requires the resident to allow him inside the house to do something with the circuit breaker.

While the homeowner is busy with this person in the basement, his partner will enter the home and look around for cash, jewelry or other valuables to steal. After a few minutes of pretending to work on something, the first person will claim the job is done and leave. By the time the resident notices the robbery, the scammers are long gone.

Your utility company should always contact you in advance if there really is an issue that requires someone to enter your house. However, such scenarios are extremely unusual. If someone appears at your door claiming to represent a utility, politely ask to see an ID badge. Regardless of the response, ask them to wait a moment. Close the door and lock it, make sure any other doors are locked, and call the utility company directly if you’re still unsure, or call the police if you’ve got a bad feeling. Do not simply let a stranger into your house on his word.

It’s also not a good idea to let on that you think this person is trying to commit a crime. This is an in-person scam, and it carries risks that aren’t really present with a scam phone call from the other side of the globe. They might just run, but they might not. It’s better to pretend to play along. Most likely they’ll take off as soon as you close the door—the point of most scams is to get in and out quickly. Standing around on someone’s porch in broad daylight for more than a couple seconds isn’t going to appeal to someone who doesn’t want to be seen.

Another Perspective on Passwords

The standard advice for creating passwords has long been this: use a long string of completely random letters (upper- and lowercase), numbers and special symbols. Make it so long and complex that nobody is able to guess (or remember) it, and it would take a computer billions of years to crack.

But recently a different perspective has emerged: what if those passwords were still long enough to foil a brute-force, script-based hacking attempt for long enough to make the attempt non-worthwhile, but made of words you might actually be able to recall without logging into your password manager app or plugin? What if you used something like a string of four random words?

Let’s look into a few options. I’ll be using the website How Secure Is My Password? to compare. Results on the site are given in the form of “It would take a computer about [length of time] to crack your password” (or “Your password would be cracked INSTANTLY” if you put in a real clunker like “abc123” or “password”). The results from this site are simply an estimate (not a guarantee), but it is useful in determining whether a password is lousy, decent, or excellent.

First, an example of the old random-string-of-characters method:

84xNMat88xy4TkVTE^5!UQty: 1 OCTILLION YEARS

Yeah. That is an unfathomably long time. Written out, that’s 1,000,000,000,000,000,000 years. If the universe is 13.82 billion years old, it would take a computer almost 72.5 million TIMES that long to crack your password.

In other words, that’s a very strong password. But now try to memorize it.

Now let’s try a string of four random words (“wheel,” “grout,” “oyster” and “button”), no spaces, all lowercase:

wheelgroutoysterbutton: 11 TRILLION YEARS

Now, technically, that’s not as secure as 1 octillion years. But on a practical level, we’re still in “might as well be forever” territory. You’re going to be pretty well-protected against a script-based hacking attempt.

What if we add a number, or a number and a symbol, or capitalized the words, or added dashes or spaces (not all online accounts allow this) between the words?

wheelgroutoysterbutton7: 494 QUADRILLION YEARS
wheelgroutoysterbutton7%: 76 SEXTILLION YEARS
WheelGroutOysterButton: 45 QUINTILLION YEARS
wheel-grout-oyster-button: 17 SEXTILLION YEARS
wheel grout oyster button: 169 SEXTILLION YEARS

They’re all fine options, and you’ve actually got a fighting chance of remembering them if needed, and an even better chance of actually typing them correctly if your password manager app/plugin isn’t available (or playing nice with a website, which does happen).

So it’s really a matter of what you’re comfortable with and what the website you’re using requires (some force you to use at least one uppercase letter, number and symbol).

However, bear in mind that this type of brute force hacking is probably not even remotely the biggest threat to your online accounts. It doesn’t matter HOW many octillion years it would take a computer to guess your password if you fall for a phishing email and type it into a compromised website, or if the company that owns the website keeps its list of logins and passwords in a plain-text file and experiences a data breach.

Your best practice, regardless of the type of passwords you use, is to regularly change them, avoid reusing them across different sites, and to know how to recognize a phishing attempt.

Scams That Target College Students

I may be biased here, but I can’t be the only one who thinks a couple hours of “How To Recognize a Scam” training every year would be of great benefit to high school students. Of course, such an undertaking is easier proposed than implemented, but it seems like an important life skill that needs to be touched on at some point.

There are a variety of scams that prey upon current and incoming college students. Here is a brief rundown of a few common ones.

Federal Student Tax Scam

This scam begins with a phone call that may use caller ID spoofing to look like it came from the IRS. The caller will inform the recipient that they haven’t paid their “Federal Student Tax” and will face dire consequences if the tax is not paid immediately. The caller will demand payment via wire transfer or prepaid cards (iTunes, Green Dot, etc.).

Of course, there is no such thing as a “Federal Student Tax,” and the IRS doesn’t call you on the phone about unpaid taxes anyway. Plus, even if you do owe back taxes, it’s impossible to pay them via wire transfer or prepaid cards.

Unpaid Tuition Scam

Another telephone-based scam, this one appears to come from the college admissions office and claims that tuition has not been paid and the student will be un-enrolled if payment is not made immediately via credit card, wire transfer, or other unusual method. A variation of this scam impersonates an FBI agent and claims that the student will be arrested if the bill isn’t paid right away.

If you really have not paid your tuition, they’re not going to call you on the phone and insist that you pay immediately, especially with a credit card or wire transfer (and especially especially with an iTunes card). Your college probably doesn’t take credit card payments over the phone. You should also never reveal personal information to someone who contacted out of the blue; if you’re truly convinced the call might be legitimate, hang up and contact the admissions office directly. Also, the FBI doesn’t get involved in matters of late college tuition payments.

Advance Fee Scams

College students are often bombarded with alleged opportunities for student loans, scholarships, financial aid and jobs. Some of these are perfectly legitimate, but many are not. There are a lot of individuals and companies charging fees for things you can do on your own for free, such as filing FAFSA paperwork or filling out job applications. Some won’t even provide the service claimed, they just want your banking information to set up a recurring charge.

Never trust an offer of “just give us the money and we’ll do the rest,” and remember that legitimate scholarships are never “guaranteed” (and they usually have requirements beyond you having a pulse).

Greed and Fraud

A few weeks ago, I posted an article about the relationship between fear and fraud. Basically, if someone is trying to make you afraid, then asking for money or personal information, it is very likely that they are trying to steal from you.

There is another emotion that scammers will often prey upon: greed. That all-too-human desire to get something for nothing, and to be the one with the most.

The most obvious example I can think of is the old Lottery Scam. By stoking greed with the promise of vast, out-of-nowhere riches, the perpetrators of this scam hope you won’t notice how suspicious the hoops they’re asking you to jump through are. The promise of millions of dollars is misdirection; while you’ve got your eyes on the prize, you might not remember how unwise it is to wire a few thousand dollars to a stranger, or that “cash this check and wire the money back to me” is a weird request to begin with.

Other examples include the Car Wrap Advertising scam, the Pigeon Drop scheme (“I found money, let’s share it!”), and of course the old Nigerian 419 scam (“I’m an exiled prince; help me retrieve my fortune and I’ll share it with you,” which at this point isn’t even a “classic” scam; it’s positively an antique).

It’s the same tip as with fear: if someone is trying to spark greed, then asking for money and/or personal information, they are trying to scam you.