When it comes to this category of scams, here’s the rule: don’t try to get something for nothing.

Think about all the fake iPad scams you’ve heard about. A guy approaches you at a gas station and offers to sell you a brand new iPad for a super-low price. You find out later that the box contains a mirror or some other non-iPad object.

It’s no fun to get conned, but ask yourself: is there anything about a guy selling iPads at a gas station that doesn’t scream “This is not legit!” when you really think about it? Apple doesn’t sell its products from cars at filling stations.This is either a scam or an attempt to unload stolen goods. You’re almost better off with the mirror.

What about the Pigeon Drop scheme? Forget the whole “Let’s have this person hold your good-faith money while we do this-or-that to divvy up this satchel of cash we found” angle…how many movies do you have to watch to know that “satchel full of money” equals “drug dealers/hit men/bank heists/things you don’t want to get within ten miles of”? Honest people who find big stashes of currency contact law enforcement, because there’s no way that cash is not evidence of some major crime. It couldn’t be more obvious if it was in a big white sack with a huge dollar sign printed on it.

The rule applies to all manner of scams and rip-offs. $437 sounds a bit steep for an hour of work, doesn’t it? Then don’t fall for the secret shopper scams. Brand-name prescription drugs for a tenth of the cost? Sounds too good to be true! That’s because it is.

We’re all looking out for ourselves on some level. If I see a ten-dollar bill bouncing merrily down the sidewalk on a windy day, I’ll pick it up. But I’ll also check around me to make sure nobody was chasing it, or standing there with that distraught look that can only mean one thing: their tenner just blew away. (For the record: this never happens to me…I’m much more likely to be the one with the distraught face.)

However, moving forward, remember this: if someone approaches you offering something for nothing (or next to it), take warning. You’re either about to be scammed or become an accomplice.

Usually if you ignore a scam, that’s the end of it. Apparently this group takes it really personally, though; if a potential victim refuses to bite, they make threats. At that point, I suppose the whole “you won the lottery” angle is abandoned and it just becomes pure extortion.

Sometimes I make really general statements, and I’m going to do it again here: unless you personally know someone who lives in Jamaica or own/work for a company that does business in the country, don’t even answer phone calls from the 876 area code. There are exactly zero good reasons you should be getting out-of-the-blue phone calls from random people in Jamaica. The St. Louis BBB has some additional information about this scam.

Yesterday, The Consumerist released an article that gives a little insight into how those soul-crushingly irritating “Free $1,000 Gift Card” spam texts actually work. The good news is: the FTC has 29 people in their legal crosshairs, whom they believe to be responsible for 180 million of those texts. The “meh” news is: what about the other six quadrillion spam texts?

Anyway, for those unlucky enough to fall for the free gift card text scam, here’s a brief rundown of what actually happens:

1. You’re directed to a website that collects an awful lot of personal information, including medical data in some cases, before you’re allowed to proceed
2. You are taken to another site that requires participation in a bunch of “offers” before you can get the gift card
3. This required more personal data, including credit card numbers for “subscriptions” or to actually apply for credit
4. You’re told you have to get (i.e. trick) three more people into signing up before you can claim your gift card
5. You never, ever, EVER actually get a free $1,000 gift card, because if spammers actually delivered on their promises, they wouldn’t be spammers.

For the FTC to go after 29 people is a good start, but you know as well as I do there are probably a thousand more involved in these schemes. So if the “Free $1,000 Best Buy Gift Card” texts continue to arrive, just continue to ignore ‘em, like always.

One “new” con is the Car Wrap Advertising Scam. It starts with an emailed offer to earn $400+ per week just to drive your own car with graphics from an energy drink or other company plastered all over it. It’s a novel offer, and it appears many of the emails are well-written and devoid of the broken English, weird tabbing/spacing and initial “Greetings!” salutation.

However, there are already three warning signs, and that’s without even looking at an actual example:

1. The offer arrives via email
2. They’re offering a lot of money for zero work
3. Energy drink companies are, above all else, extremely image-conscious; they’re not going to send random people offers to wrap their cars if there’s any chance their logo might end up on some sketchy old pickup with rust holes a house cat could climb through.

So that last one’s a bit trickier, but still: at this point your inner “Scam Radar” should at least be registering that something isn’t quite right.

What happens if you respond to the message?

They send you a cashier’s check for a few thousand dollars. They tell you it’s your first payment in advance, and that the excess is for the graphic designer who will be applying the graphics to your car.

Can you guess what the victim’s next instructions are? (Hint: at this point, your inner Scam Radar should be on the brink of blowing up, because you’ve heard of this one before.)

If you said, “Wire the excess money to a stranger,” you win a shiny new silver dollar.*

It’s the secret shopper scam all over again: cash this check, wire it to us, find out a week later the check was fraudulent and you’re out several thousand dollars.

So today’s lesson is: beware of old scams wrapped in new, hip, edgy energy drink graphics.

*You don’t actually win a shiny new silver dollar.

In this variation, the would-be victim is told they’ve won a major award, then instructed to purchase a Green Dot (or other brand) card, load it with a specific amount of money, then call the scammer back with the card number and PIN.

What would happen next, of course, is that the scammer would use this information to unload the card and leave the victim without a million dollars or a Mercedes.

It’s easy to see through once you take a step back: the out-of-nowhere call informs you of your fabulous prizes, the bizarre instructions to claim said prizes. The fact that, once you give someone a Green Dot card number and PIN, whatever money is in the account is as good as theirs.

You know what would be awesome? If they ever catch one of these scammers, instead of sending them to jail, forcing them to actually deliver the prizes they promised. “What? Six months in jail? Pfft. Oh, no. You told 106 people they’d won a Mercedes and a million dollars. Now cough ‘em up…“

There was a pitch for some sketchy health/beauty/investment/dating product or service and a shortened URL. I already knew it was a scam or a rip-off, but I was curious to see where that shortened URL led. I copy-and-pasted it at LongURL, which is still a fine tool for checking out a link before you click.

I forget the specific contents of the website. Again, that part doesn’t matter so much for my purposes today. What does matter is the address the shortened URL pointed to: www.cnbc.com-feb-finance.net/[removed]. (By the way: there’s no link to the actual site for a reason).

Look at that address closely; it looks like it points to www.cnbc.com, the mainstream stock market and business news site, but it doesn’t.

The actual domain is “com-feb-finance.net“ — you’ve got to look closely to see that what comes after the “com” is not a slash, but a dash.

Most web browsers make detecting this trick relatively easy, since they highlight every website’s domain in some way (with a background color, bold text, etc.). But if you’re using an old web browser like Internet Explorer 6, you may glance at the URL, see “www.cnbc.com” and assume the site is reputable.

So be cautious when visiting a new website. If someone is attempting to deceive you with the URL, you can rest assured their motives are sinister.

I’ve got some Google Alerts set up to help me find interesting topics for potential articles. While digging through the past week’s results, I ran across this item, from the Lubbock Avalanche-Journal: LPD warns locals of possible new scam.

If you don’t want to click the link, here’s the crux: “These criminals are handing out key rings that have tracking devices inside them. This way, the criminals are able to know where their targets are at all times if they are carrying the key ring.”

Well, I’ve heard of this one before. First in a forwarded email from my mom, then at Snopes: Key Crime.

Again, if you’re not interested in reading the whole thing, here’s the really basic jist:

Or, if you’d like a little more detail, this sums it up nicely (emphasis mine):

Aside from some technologically questionable aspects to these warnings, one prominent point of skepticism is the lack of obvious utility behind the scheme – that is, how would the ability to track unknown, randomly-selected motorists facilitate the commission of burglaries and carjackings? Especially since both of those crimes are overwhelmingly crimes of opportunity, engaged in as perpetrators spot or stumble across their chances, rather than crimes typically pursued through the elaborate staking out and tracking of targets.

So it’s a hoax. Please spread the word whenever you see this in an article, or when it shows up on Facebook, or when your mom forwards it to you.

The real issue, however, is the fact that, apparently,  nobody researches anything. In the article from Lubbock, it cites the Fort Worth PD as a source. So someone there got this forwarded email, passed it around, and then somebody told the newspaper. And nobody along that path checked it out, or even thought, “Man, this doesn’t sound at all like the way burglars and carjackers actually work.”

So you might say, “But isn’t it okay to just believe all the hoaxes, so then you’ll always be prepared for everything?”

I don’t agree. Mental energy is a finite resource, and if you waste all yours freaking out about your keychains, you’ll have less to spend on actually being vigilant in a useful, productive way. The point of fraud prevention is not to go through life in a state of sustained panic. It’s about being cautious, calm and skeptical of wild claims.

It’s also a bad habit to believe everything you see on the Internet, because that’s exactly what scammers want. Hey, if believing the keychain hoax is harmless, why not believe the email about investing in Iraqi Dinars, too? After all, the person who sent you the message SAID “this is not a scam,” right there in the message they typed, right?

Hoaxes are destructive. Don’t believe them, and please don’t spread them.

But I also know that you’re probably already using the treadmill as a clothes rack again, too, so it’s time to make some more.

This year, I am challenging you to take action against scams and identity theft that target older people.

Every year, seniors lose millions to scams that target them because crooks make certain assumptions:

1. They’re wealthy
2. They’re gullible
3. They live alone
4. They won’t tell anyone

And all too often, seniors who are victims of scams don’t tell their families, out of fear or shame. Too often, they do live without regular contact from their loved ones. That’s why it’s important to join in the fight against fraud.

Maybe it’s your parents or grandparents, aunts or uncles. Maybe it’s just a neighbor. Whoever you know, whoever you care about, talk to them. Tell them about the scams that target seniors—utility scams, the grandchild-in-jeopardy scam, the 419 scams, the phony investments (Iraqi Dinars), the fake sweepstakes calls, the work-at-home cons. You can find out more about these on this very site, and all over the Internet.

Visit more often this year. Have dinner together. Talk to them about life in general. Did they mention phone calls or letters that sound suspicious? You don’t have to pry or cajole—you don’t need to know every detail of their bank account, or try to convince them to add you as an authorized signer in most cases. But you need to talk more, be together more.

It’s important for other reasons, too, you know.

Can we all do that this year?

From: Better Business Bureau <[redacted]@newyork.bbb.org>
Subject: Case #28475466
Owner/Manager

The Better Business Bureau has received the above-referenced complaint from one of your customers regarding their dealings with you. The details of the consumer’s concern are included on the reverse. Please review this matter and advise us of your position.

As a neutral third party, the Better Business Bureau can help to resolve the matter. Often complaints are a result of misunderstandings a company wants to know about and correct.

In the interest of time and good customer relations, please provide the BBB with written verification of your position in this matter by January 17, 2013. Your prompt response will allow BBB to be of service to you and your customer in reaching a mutually agreeable resolution. Please inform us if you have contacted your customer directly and already resolved this matter.

The Better Business Bureau develops and maintains Reliability Reports on companies across the United States and Canada . This information is available to the public and is frequently used by potential customers. Your cooperation in responding to this complaint becomes a permanent part of your file with the Better Business Bureau. Failure to promptly give attention to this matter may be reflected in the report we give to consumers about your company.

We encourage you to print this complaint (attached file), answer the questions and respond to us.

We look forward to your prompt attention to this matter.

Sincerely,

BBB Serving Metropolitan New York, Long Island and the Mid-Hudson Region

There was a 102KB file attached to the message named “Complaint Case  #28475466.zip”. Except for the fact that it appeared to come from a Better Business Bureau office a thousand miles away, it looked pretty legitimate.

However, looks can be very deceiving.

According to a report from Cisco, the attachment is an executable file that contains malicious code. They don’t specify what that malware is, but given the nature of the message I would guess it’s designed to log keystrokes or use some other method to steal online banking credentials from businesses. Once they’ve got account numbers and passwords, they wire thousands of dollars out of payroll, expense and other accounts, then use their network of (unwitting and witting) money mules to launder the ill-gotten funds.

So here’s the lesson today: if you receive a message like the one above, do not under any circumstances open the attached file. If you think there might be a legitimate complaint from the Better Business Bureau, contact them directly. It’s a general rule, but in this case it applied more specifically to business owners and their employees.

First, let me go on record here: I vehemently disagree with the author’s use of the word “stupid” in the title of this article. It’s arrogant. Falling for a scam doesn’t make you stupid; it is my deeply-held belief that everyone is vulnerable to scams. Every single one of us has some magic combination of situation, emotion and opportunity capable of leading us straight into Scamsville. My goal with this site has always been to eliminate as many of those possibilities as possible; to make your own scam-combination-lock as difficult to decipher as possible. But we’ve all got a tell. Somewhere. I can’t emphasize this enough.

But this particular scam isn’t really my focus here. Yes, the Iraqi Dinar Investment Thing is very much a scam. The fact that entities selling it have to classify their businesses as a service for collectors of exotic currency (and not as a foreign exchange investment) to get around regulations should tell you something. Now you know. Go forth and tell others.

No, my focus today is to point out one of the absurd ironies of online publishing and the keyword-based online advertisements that accompany it. Because, on the very same page as the article shown above, this advertisement appeared, plain as day:

Yep. An advertisement for a business involved in the very scam the article spends several hundred words discussing.

No, I didn’t click on it. I don’t trust these businesses enough to even expose my computer to their websites. So I can’t give you any further details on this particular “offer,” but I can assure you: it involves you paying a few thousand dollars for a mound of paper that’s going to be worth the same nothing ten years from now that it’s worth today.

So here’s your takeaway for this Friday: for the most part, just don’t click on advertisements that appear on websites, even when those websites are reputable (I mean, Forbes wasn’t exactly founded a week ago, you know?). Even if the ads seem relevant to what you’re reading.

In fact, lots of web browsers now have plugins available that will block banner ads from view altogether. Adblock for Google Chrome is popular. I used it in the past, but since I have to occasionally write articles on this stuff, I felt it was better for me to be able to see the ads. There was even a variant called “Catblock” at one point, which replaced ads with pictures of totally adorable cats. Which is just awesome.