Category Archives: Uncategorized

Avoiding Pet Adoption Scams

Emotions can be manipulated, and every scammer knows it.

Usually, they go for fear. Sometimes, they try greed. But pet adoption scams target a different set of feelings: love for animals, sympathy, and the instinct to want to take care of something.

These scams tend to follow the same pattern: put a listing on the internet for a puppy that needs a home, convince everyone who answers the listing to wire money (repeatedly if they can), disappear.

(For whatever reason, these scams usually involve puppies.)

The short version of avoiding these scams is this: only adopt locally. If you can’t see the animal in person, and meet its current caretaker in person, don’t do it.

Getting into the details a bit more, these fraudulent ads will usually be posted on classifieds websites or social networks. Sometimes they entice victims with a too-good-to-be-true price (a couple hundred dollars for a purebred), or after a few emails, tell the victim they need only pay for the dog to be transported on an airplane.

In any case, payment will be requested either by wire (Western Union) or by prepaid gift card, where the victim purchases the card and then relays the numbers to the scammer.

In some cases, it ends there. In others, the scammer will create new complications that need to be paid for in advance; the puppy needs shots before traveling, they need to purchase an expensive crate, there is a third-party courier involved, etc. They’ll say anything to get the victim to continue sending money until the point when the scammer disappears entirely.

Not all online pet adoption listings are fraudulent, but stick to local listings only, or contact a local organization that helps find homes for pets. Any stranger asking you to wire money or purchase prepaid gift cards is trying to take your money. There are plenty of people looking for pets everywhere—there is no reason a dog would need to be flown thousands of miles to find a home.

Remember: The IRS doesn’t threaten you with arrest over the phone

As April 15th nears, fraudulent IRS robocalls are bound to proliferate. Many of people get a tax refund around this time of year, and the scammers want a chunk of that money for themselves before it gets used for something else.

Consider this your yearly reminder: if someone claiming to represent the IRS calls you, informs you that you owe unpaid taxes, and then threatens you with arrest if you don’t pay up, that’s a scam.

Every single time.

Just hang up the phone.

Every single time.

The IRS doesn’t call people on the telephone as a first point of contact—if someone does contact you by phone, it’s regarding an issue you are already aware of and are in the process of resolving.

They also don’t keep the police waiting on the other line, ready to storm your house as soon as they get the word that you didn’t pay.

They also also don’t accept payment by wire transfer, prepaid gift card, iTunes card, or over the phone with a debit or credit card.

(They’re really not even all that big on throwing people in jail, other than for crimes related to tax evasion. If you owe money, they want the money.Putting people in jail would be counterproductive.)

Don’t let anybody trick you into a fear response over the phone.

Money-Flipping Scams

The “money-flipping scam” started appearing on Instagram and Facebook, among other places, a couple years ago, but given most social networks’ track record when it comes to deleting fraudulent accounts, I’m sure it is still around.

It works like this: someone will claim to have access to a “flaw” in some monetary transferring system, usually Western Union or one of the prepaid debit card providers. All they need is for you to give them $100, wait few minutes, then they will send you back $1,000 (sometimes $300, but usually they go for the larger amount in the pitch).

That’s the whole thing. And you can guess what actually happens: you wire money away (or load up a prepaid card and reveal the digits to the scammer), then you don’t get anything back, ever.

There are a few things to know. First, there is no “flaw” in any of these systems that allows someone to just create money out of nothing. More than any other error, these payment systems are designed specifically to not allow that. Even money that’s been turned into ones and zeroes in a computer has to come from somewhere, and their entire business depends on outgo not suddenly being ten times the input.

Second, if there was a way to make this happen, you would be attempting to commit a crime by exploiting it. There is a persistent myth that any error by a financial provider (like the old “large deposit went into the wrong account” tale) entitles you to keep the money, and it simply is not true. Even if you did find yourself in some magical realm where a software bug allowed this scheme to work, you’d better be able to pay back that $900 when the error was discovered. They’ve probably got Loss-Prevention Wizards working for them over there.

Three low-tech scams and how to avoid them

For all the attention given to cybercrime like phishing and data breaches, there is still a lot of fraud that occurs outside of electronic channels. Here are just three low-tech crimes and how to steer clear of them.

Dumpster Diving

Big data breaches are alarming due to their sheer scope (and infuriating because the victims did absolutely nothing wrong to cause the theft), but remember that a lot of identity theft still begins with someone digging around in a garbage can for credit applications or documents containing personal information.

The simplest solution to prevent dumpster diving is to shred every single piece of junk mail or document that contains personal information before you throw it out. A cross-cut shredder is the way to go, and they start at under $20 for a small one that can do one or two sheets at a time.

It’s also a good idea to find out how any businesses you utilize store and discard sensitive information. Paper documents containing personal information need to be locked securely, and they need to either shred old documents themselves or contract with a licensed and bonded document destruction company.

Contractor Scams

When your home needs repairs, make sure the work is your idea to begin with. Don’t trust a stranger who appears at your doorstep offering to fix your roof or asphalt your driveway. Use an established contractor with a physical address and some form of online presence (if not a website, at the very least some reviews that indicate that other people have heard of the company before).

Only hire businesses that work under a contract, with the price agreed upon before any work is done. A lot of contractor scams start with a verbal agreement on a price, then when the (often shoddy) work is completed, the victim finds out the price has doubled, tripled or worse. Also watch out for demands for upfront payment – another popular home repair scam is to weasel a large “deposit” out of the victim, then disappear. Anything over 20% before work starts is suspicious. You’ll pay the rest when the work is done to your satisfaction.

Finally, be especially wary after a major weather event (tornado, flood, etc.) that causes damage to your house. Fraudulent contractors come out of the woodwork after disasters, and when you’re trying to put your home back together and get things back to normal, a walk-up approach can seem tempting, but remember: losing money to a contractor scam is only going to add to your problems. Stick with an established company to save headaches later.

Sticky Mailbox Lid

There are some scams that are so tacky, the perpetrators should be ashamed of themselves. This is one of those. These crooks target mailboxes with pull-open lids, coating the inside with a sticky substance so that anything someone drops into the box stays on the lid. The crook then walks up and takes the envelope in hopes it contains a check or cash. If you’re mailing something at a mailbox with a pull-open front, double-check to make sure your envelope went all the way down. So far the cases I’ve read about happened in New York City, but I’m sure it’s just a matter of time before this two-bit scheme makes its way across the country.

Beware sneaky web addresses

I came across something interesting not too long ago. I can’t remember if it was part of a junk email message or a spam comment on this site. It really doesn’t matter either way.

There was a pitch for some sketchy health/beauty/investment/dating product or service and a shortened URL. I already knew it was a scam or a rip-off, but I was curious to see where that shortened URL led. I copy-and-pasted it at LongURL, which is still a fine tool for checking out a link before you click.

I forget the specific contents of the website. Again, that part doesn’t matter so much for my purposes today. What does matter is the address the shortened URL pointed to: www.cnbc.com-feb-finance.net/[removed]. (By the way: there’s no link to the actual site for a reason).

Look at that address closely; it looks like it points to www.cnbc.com, the mainstream stock market and business news site, but it doesn’t.

The actual domain is “com-feb-finance.net” — you’ve got to look closely to see that what comes after the “com” is not a slash, but a dash.

Most web browsers make detecting this trick relatively easy, since they highlight every website’s domain in some way (with a background color, bold text, etc.). But if you’re using an old web browser like Internet Explorer 6, you may glance at the URL, see “www.cnbc.com” and assume the site is reputable.

So be cautious when visiting a new website. If someone is attempting to deceive you with the URL, you can rest assured their motives are sinister.

Shady Online Advertisements

If it wasn’t part of my job, I’d completely ignore online banner advertisements like these, but here we are…

Example #1:

advert01-weather

This one showed up on Weather.com today (without the arrows and giant NO, obviously; those are my additions).

Now, that’s a pretty reputable website. I mean, generally you look at your city’s weather page and it says SNOW, and you look out the window and hey presto, it’s actually snowing. But the site is just littered with ads like this. You’re not getting a gigantic TV for 60 bucks, and you’re not getting car insurance for $9, unless they mean per day. Don’t click.

Example #2:

advert02-cnnThis one came from CNN.com, another reputable website. Nobody is selling an iPad for $14. Nobody. Apple doesn’t discount. Know why? They don’t have to. They could come out with a $7,500 Macbook tomorrow, in this economy, and it would be a hit with their core users.

Once again, just ignore these ads. Do what I would do if I wasn’t paying attention to this junk for the purpose of writing about it. (I’d also ignore that noise about “penny stock rockets” and “Royal Caribbean whatever”, too.)

The “Never Do This” Files: wiring money to strangers

Flag of the United Kingdom, Union Flag.
Image via Wikipedia

I’ve talked about lottery scams, secret shopper scams, overpayment scams and advance fee fraud on this site until I’m literally blue in the face.

Yeah, literally!

There isn’t much more to be said about those topics at the moment, so what about some other variations?

Here’s one from our friends in the U.K.: a scam that involves getting people to wire good-faith money in advance of making a used car purchase.

How it works: a used car is advertised by a con artist, and an interested buyer contacts him. The “seller” agrees to make a long-distance trip to sell the car, but only if the buyer wires some money first to show serious interest. After all, he doesn’t want to make the trip only to find out the buyer is going to back out, right?

So, the buyer complies. He wires the money and forwards the receipt to the crook, who is then able to take the cash.

That’s all there is to it. Of course there never was a car.

It’s actually an even simpler scam than the old fraudulent check schemes, because it only requires a telephone and the ability to place a classified ad. No complex setups or realistic-sounding fake company names, no long, convoluted emails about Microsoft Lotteries or the need to come up with a counterfeit cashier’s check. Just a listing for a car that doesn’t exist.

So put this in the “Never Do This” file: don’t wire money to strangers.

Ever.

Continental Broadcasting Network: um, who’s Kristi?

I haven’t posted any goofy spam word-for-word in a while, so when I got this, I thought it would be a good one to share:

From: admin@biographicalezecutive.com
To: Kristi Lee <my email address>
Subject: Kristi biographical confirmation

CONTINENTAL BROADCASTING NETWORK INC.
If you do not wish to be notified Unsubscribe me from this list

Kristi,

It is my honor to notify you of your candidacy as decided upon by the CWW Editorial Division on January 21st 2011. The Editorial Division eagerly awaits your biographical finalization and submission.

Through our CWW forum, outstanding professionals and executives are showcased for their many talents, accomplishments, and knowledge.

On behalf of our staff we wish you much continued success.

http://www.Kristi.Lee.biographicalezecutive.com

Samuel Whitfield
Member Services Director

Twenty Three Briaroot Drive Smithtown, New York 11787
This is an advertisement

I have so many things to say about this. So many questions.

For example, from the custom URL what is an “ezecutive?” Is it some new kind of executive that has attained such a level of awesomeness that they spell it with a Z? Or is it a way to slip past spam filters that might flag any URL with “executive” in it?

Why does Christopher Malone own “about 120 other domains” (according to the whois information for this site)? Why are there eight other domain names pointing to this site’s IP address?

Is that his real name?

Why do people report their spyware filters going ape when they try to visit one of these sites?

Does this guy really live at 23 Briaroot Ct. in Smithtown, New York? Why doesn’t his information show up on a Whitepages search?

Why didn’t my version of this email contain the hilarious misspelling “worldclass” like other people who have received it?

What’s the real racket, here? Is it just another “Who’s Who” style directory rip-off, or is it a malware-laced phishing website with far more sinister purposes?

I have so many things I’d like to know, but I’ll gladly forget about those if someone can tell me just one thing:

Who the heck is Kristi?

Overpayment Scams

Burn this into your memory:

“Cash this check, then wire money back to me” always equals scam.

I’ve said it a million times before when discussing secret shopper and lottery scams, but the actual context just does not matter. Anyone who gives you a check to cash so you can wire cash back to them is a con artist.

 It’s pretty easy to remember that when you’re looking at a letter from a Nigerian Prince, or an email that says you won the “Microsoft Lottery” or something, but there are versions of the overpayment scam that target businesses, too.

Let’s say you’ve got a property for rent. You get a call from someone who seems really interested in the space. They agree to send you a deposit to hold the property for them. You tell them it’s $800 (I’ve never been in this business, so I don’t know if that’s a realistic number or not).

A couple days later you get a cashier’s check for $3,000. You call the renter about the overpayment, who tells you to just wire the difference back to him. The check will turn out to be counterfeit.

And there it is; you are about to fall for the same old scam, just in a new context.

The same thing happens on Craigslist and online classified sites. You’re selling an item. Somebody contacts you with the intent to buy, so you agree on a price of $500. You get a check for $3,000, with instructions to wire the excess back. Exact same story.

Think about this: would you send a extra couple thousand dollars to an online seller, and trust this stranger to give you back your change? Online classifieds are risky enough without handing over four times the cost of the item you’re hoping to receive. My online classified rule is: whether buying or selling, if you can’t meet in person, you’re not interested. The short version (and homage to the Surf Punks) is: Locals Only!

There are versions of this scam that target business owners, too. The details just do not matter—those checks are always going to turn out to be counterfeit, and you’re always going to end up losing money.

Adobe Reader phishing emails: this is not how Adobe sends updates

According to a recent alert, phishing emails regarding updates to the Adobe Reader have been making the rounds.

This is where knowing a little something about software can help you avoid a scam, because Adobe doesn’t send out update information via email. In fact, I can’t think of a software company that does. This is one of those cases where people who might otherwise never click a link in an unexpected email might let their guard down. Don’t do it. There’s a reason I always say “never”.

When a new security patch for the Reader, or a whole new version becomes available, the program itself will detect it automatically. Or, if you want to download it manually, you can visit http://get.adobe.com/reader/. I would uncheck that “Free McAfee Security Scan Plus” box on the right, though. I’m not a fan of “bonus” software like toolbars and other junk when you download things, so that’s sort of a matter of principle. Plus, if you’ve got a different brand of security software installed, the McAfee download might fight with it. Virus scanners always seem to detect each other as viruses.

There is a possible security issue with the Adobe Reader that you should know about. For some reason, they decided to add JavaScript functionality to the Reader. This was later shown to be an easy avenue for hackers to access your computer. I’m pretty sure the latest versions have fixed this issue, but I still turn it off just in case.

All you have to do is click “Edit” at the top of the screen, then select “Preferences…” Find “JavaScript” in the menu on your left. Click that, and there will be a box that says “Enable Acrobat JavaScript.” UNcheck it, click “OK”, and you’re done.

Another alternative is to just use a different software altogether, which is what I do. I like the Foxit Reader, but I disable JavaScript there as well.

Don’t get me wrong—I love most of Adobe’s other products (Illustrator and Photoshop in particular). I just don’t quite grok why they put this functionality into the Reader.