Why So Many Scams are So Obvious

A lot of times, the fraudulent email messages that show up in your inbox are laughable. Bad spelling, terrible grammar, bizarre claims, incorrect logos when they try to imitate a well-known corporation. If you’re a charitable type, you might chalk it up to the fact that many scams originate overseas, from people whose first language is not English. If you’re not as kind, you might just go with, “Boy, these scammers sure are stupid.”

But what if there is a reason those emails are so wrong on every level? What if they’re that bad on purpose? After all, they still work.

Pretend you’re running an email scam. You bought a database of a million email addresses for a couple dollars, and you want to maximize your earnings in as short a time as possible.

If you send your scam attempt to all one million addresses (we’ll assume they’re all valid for the sake of this example), and your pitch is so well-crafted that 1% of its recipients respond, you now have an inbox with 10,000 replies. On the surface, that might look great—after all, 10,000 victims that lose $1,000 each means you’re going to have $10 million coming in.

However, not everyone who responds is going to end up following through and wiring you money. If only 1% of the 10,000 who responded end up giving you money, that’s 100 victims (admittedly, still a nice little chunk of change), but 9,900 people you had to waste time trying to convince to fall for a scam they ultimately didn’t fall for. If you’re a single person, or a small team, that’s a lot of time lost. When you consider the hours that would have to be spent, it ends up being more cost-effective and less work to get a job. It would be much better to deal only with people who are very likely to send money.

The solution a lot of scammers go with is to make the attempt as transparent as possible from the start. This way, the only people who respond are those who are not savvy enough to detect anything suspicious. If only 200 people out of a million respond, the success rate is going to be much higher, and less hours will have to be spent on people who ultimately figure out that something isn’t right.

None of this is to say that every scam attempt is going to be completely transparent. One type of email scam, known as spear-phishing, uses inside information about a company to gain access to sensitive financial or customer information. These messages appear quite professional, with perfect spelling and grammar, and correct details about a business’s operations, and in many cases attempt to impersonate a manager or executive at the organization itself.

Traffic Ticket Email Scams

Here is one way to get a traffic ticket: break the law in front of a police officer, who then pulls you over and writes you a citation. This is the most common way to get fined, and it probably dates to about a week after cars first became commercially available.

Here is another: get caught on a traffic camera going too fast or running a red light, and the ticket shows up in the (postal) mail. This method is much newer than the pull-‘em-over routine, and it’s not in use everywhere, but it has become more common.

Here is a way you’re not going to get a ticket: through an email informing you of a violation, that also contains links to pay the fine or dispute the ticket.

Why? For the same reason the IRS doesn’t send official communications through email: because there is no “official” email address through which to reach you, or anyone else. There is no national, state, county or municipal database keeping track of your email contact information.

Think about it. You live at your address, and this information appears on official documents like your driver’s license, financial accounts, and everything else. You cannot live at 123 Any Street, then suddenly decide, “You know what? I’m tired of 123 Any Street. I live at 456 Other Street now!” and have that be your address, then change it to something else a few days later.

But you can do that with email addresses. You can also have more than one. You can have more than ten. The number of email addresses you use is really only limited by how much spare time you have on your hands. And since there is no database at any level of government, no registry that is updated when you create a new email address, there is no way for a traffic ticket to be sent by email with any confidence that the address belongs to a particular person, or that it is still maintained.

“But I’ve been renewing my license and plates online for years, so the state does have my email address on file,” you might be thinking.

And it is true—you can renew plates and online. But again, they only have that email address because you provided it. There is no way for the state to verify that it belongs to you personally—after all, someone else could be paying for your plates and using their email (nice of ‘em, eh?), or you could switch internet providers the day after renewing, causing the address you used for the transaction to go dormant or disappear. Since there is no database keeping track of these things, sending a traffic ticket through email simply isn’t practical.

If you’re still unsure about an email informing you of a traffic fine, all you have to do is call the department from which the email claims to be from. Use an internet search to find the real phone number—don’t rely on any contact information from the message itself—and ask if they issue tickets by email. The answer will be “no,” but it does not hurt to check if you’re still worried. Whatever you do, don’t click on any links or reply to the email in any way.

Email Extortion Scams

For the past couple years, people have been getting emails that claim to have caught the recipient doing something embarrassing or illegal. These messages are attempts at extortion and nothing more.

In one version, the email claims the potential victim’s computer webcam has been hacked, and that some private video footage was captured—something they would not want viewed by the general public. The message goes on to demand that the victim make a payment in bitcoin to the sender in order to avoid having the video distributed to everyone they know. This message contains an actual password once used by the recipient, cited as “proof” that the sender knows who they are and has access to their computer, contacts, webcam, and more.

The password used as evidence that the email is legitimate will be real. The recipient will have used this password at some website in the past. However, there has NOT been any webcam hack in this case.*

Here’s what DID happen: quite a few years ago, there was a data breach at some big website or other. I have received one of these messages, and as far as I can remember, the password they used dated back to 2009 or 2010. (Unfortunately, I do not remember which website it was used with.) Therefore, the database of email addresses matched with passwords being used in these attacks is quite old. I recognized it right away—it was from a time before I knew how to create strong passwords.

The people sending these messages are hoping you’ll recognize that password. They’re counting on it for the immediate fear reaction. However, they didn’t hack anything. They purchased an outdated database from a decade-old data breach and started sending emails.

However, while you’re deleting this message (and NOT sending bitcoin to anyone), there is still something to be learned. For one thing, if you’re still using the password from the message on any website, app or account, CHANGE IT NOW. For another, never reuse the same password for different accounts. You don’t want poor security at some message board you visit three times a month to be the reason someone was able to login to your credit card account. Once any website is breached, even one with not that many users or sensitive information, it is guaranteed the hackers will try your email/password combination at all the major financial sites, or use it to attempt extortion.

*Note: none of this is to say that the camera on a mobile phone, tablet or laptop computer can’t be hacked or compromised in some way, it’s just not what is happening with these particular emails. Remember the little hunk of tape you put over your laptop’s camera years ago? Still not a bad idea. Leave it on.

More Coronavirus Scams

It appears that a lot of scams are going to be related (whether directly or tangentially) to COVID-19 for quite some time. Here is a quick rundown of a few text message and phone call-based schemes making the rounds.

One text scam that plays directly on the fear response tells the potential victim this: “Someone who came in contact with you tested positive or has shown symptoms for COVID-19 & recommends you self-isolate/get tested.” It includes a link to a website that will likely attempt to obtain personal and/or financial information.

While it’s possible that someone you know personally might send you such a message (as in, “Hey I tested positive, you should get tested, too”) WITHOUT including a website link, there is no centralized virus database sending such messages anonymously.

With widespread loss of income and the ensuing anxiety, please remember that bogus offers for free gift cards are going to spike, and might seem appealing or “worth a shot” if you find yourself in need. One example recently spotted in Northwest Indiana says this: “Important! [Name], Seems you didn’t open the door when we tried to deliver your $1000 Wal-Mart voucher. Claim it now [link].”

This message is interesting in that it appears to contain the actual recipient’s first name, but don’t be fooled. First, having a first name matched up with a mobile phone number is no great feat these days, since SOME of everyone’s information is almost certainly already available. Additionally, even in a global emergency, Walmart is never going to give away such large amounts to random people. Why would they? Don’t be tricked with the little “we came to your door” angle, either. Nobody came to your door (as they SHOULDN’T right now). Once again, that link is going to lead you to a website designed to steal your banking or other information.

A recent telephone (robocall) scam uses this prerecorded message: “Hello. This is a call from the Social Security Administration. During the difficult times of the coronavirus, we regret to inform you that we have got an order to suspend your socials immediately within 24 hours due to suspicious and fraudulent activity found on your social. We are contacting you as this case is critical and needs your urgent attention,” and includes a phone number for the victim to call.

If you analyze the text of this message, it’s an obvious scam. The SSA doesn’t refer to payments as “your socials.” Or to “activity found on your social.” That’s a message concocted by someone who isn’t quite familiar with how the Social Security system works. If you call the number, however, you’ll end up speaking to someone who is extremely familiar with talking people into revealing account numbers, Social Security numbers, passwords, and everything else you don’t want to hand over to a crook. Remember: they can make caller ID say anything they want it to. The same rules apply during a pandemic as any other time, but expect the frequency to increase, and for old schemes to be given a coronavirus twist.

Old Scams Revamped for COVID-19

It may seem like there is an infinite number of scams, but when you take a closer look, it turns out there really aren’t that many basic schemes, just a lot of variations of old ones, dressed up with new details.

Sometimes big changes in technology don’t even usher in completely new basic types—the “Nigerian 419” scams (a type of advance fee fraud) that is mostly known as an email-based con used to proliferate through postal mail and fax machines. In fact, it’s based on a scam from the late 1700s that was known as the “Spanish Prisoner scam,” wherein the victim would be promised a large sum from a wealthy family, if only he would provide the money to bribe the guards at a Spanish prison, in which some rich nobleman was being wrongly held.

With a global pandemic now unfolding, and all the unprecedented problems it has caused at every level, you will definitely see some old scams reemerging. Some will directly invoke the coronavirus, while others will simply take advantage of the situation with very few updates.

Work-at-home scams will probably see a bump. With millions of people laid off, furloughed or working reduced hours, and with the very real possibility that some employers will end up closing down for good, a lot of people will be looking for opportunities to earn extra money from home. And while there are legitimate ways to do this, many (if not most) of what you’ll find by searching on the internet are going to be scams. The old “mystery shopper” scam probably won’t be too big, since not many people are real jazzed on the idea of going to stores in person at the moment, but you might encounter an uptick in “payment processing” or “reshipping” jobs, which are nothing more than money-laundering operations run by organized criminals. In any case, no job opportunity is going to come to you from out of nowhere, and if you find something online, even if it’s posted on a well-known job-hunting website, do plenty of research before you respond.

I believe IRS Impersonation scams are going to be off the charts this year. With millions of people receiving relief checks from the federal government, the temptation for scammers to try to cash in is going to be unbelievable. Remember that the IRS is never going to call you on the phone and demand immediate payment by credit card, wire transfer or prepaid debit. I have a feeling people are going to get calls telling them that they “must pay taxes on your stimulus check or face arrest,” which gets so many things wrong it isn’t even funny (it’s not called a “stimulus check” this time, for one). Even if the economic impact payments were taxable income, which they’re not, you wouldn’t have to deal with it until next year, when you file 2020 taxes.

Grandparent scams will likely be given a COVID-19 twist. Instead of the usual calls (“I got mugged in London” or “I’m in jail in Mexico”), they will pivot to “I have the virus and they won’t give me medical care until you wire money.” Just remember that this setup has never once turned out to be true, even if the caller seems to know some information about the person they claim to be.

These are just a few old schemes that may get a fresh coat of paint this year, but there will be others. As always, take a few moments to stop and think before you respond to any new information, and remember that anyone trying to make you afraid, or entice you with easy money, then asking for money or personal information, is up to no good.

Avoiding Economic Impact Payment check scams

The coronavirus has led to a pretty enormous piece of legislation being passed by the federal government. The Coronavirus Aid, Relief, and Economic Security (CARES) Act is a $2.2 trillion package that includes, among other things, direct payments to taxpayers, intended to blunt the impact of the severe, widespread economic fallout caused by the pandemic.

At some point in the near future, qualifying individuals will receive a payment. Those who received their tax refund electronically will probably have the payment directly deposited, while others will receive a check in the mail. (I think they are working on setting up a portal so that people who did not provide direct deposit information for 2019 taxes can set it up in lieu of a paper check, but I don’t know all the details.)

This presents a massive opportunity for scammers. Here are some things you need to know.

The government officially refers to these payments as “Economic Impact Payments.” They are NOT calling it a “stimulus check” or a “stimulus payment.”

If you qualify, you will simply receive it. The direct deposit will show up in your account, or you will get a paper check in the mail. Other than depositing or cashing the paper check, that is where it ends. There will be no additional steps to verify that you received it. If you recall the 2008 stimulus package, it will work a lot like that.

If you get the payment, it’s because you qualify, and the government already has correct personal information for you. You will NOT be asked to call a phone number back to verify anything. Or email, or text.

You will NOT receive emails or text messages about the payments.

Nobody will be going door-to-door handing out the checks or anything else, or asking you to sign anything or provide personal information.

I cannot find a straight answer at the moment as to whether or not the payments will be counted as taxable income for 2020 (every website I checked, including the IRS, only talks about “who is eligible?”); however, I can tell you this with confidence: you will NOT be asked to send money right away to cover taxes. Not by wire transfer, not by purchasing prepaid cards or reloadable gift cards, PayPal, Venmo, or any other method. Any caller who says otherwise (I am predicting this will be a big telephone-based scam) is not telling the truth.

Basically, for the vast majority of people who pay taxes, getting your payment will involve doing nothing more than waiting for it to arrive. Any instructions outside of that are highly suspect.

Don’t Waste Money on COVID-19 Cures

Here is a problem: people are already attempting to steal money by hawking fake cures and/or vaccines for COVID-19, the illness caused by the coronavirus (which is technically named SARS-CoV-2, if you want to be accurate about it).

Here is why that’s an even bigger problem: the key to us (as a species) even attempting to slow down and eventually stop the spread of the virus is for people to avoid contact with other people as much as possible. Until there is an actual cure and an actual vaccine (the kind created by actual scientists in a laboratory and confirmed to be safe and effective through actual clinical trials), social distancing is the best we’ve got.

Now imagine a victim of a fake coronavirus inoculant, who spent money on some herbal concoction or…chromium-infused tube socks…I don’t know, whatever goofy thing you can think of. Believing himself to be immune, this guy now goes back out into the world, slacking off on the handwashing, not keeping a safe distance from others and touching his own face like it’s going out of style (which…it actually has). Eventually, he contracts the virus. Even when he begins showing symptoms, believing himself immune, he writes it off as a cold and continues to show up for his job in one of those critical industries that haven’t shut down.

And then he passes it onto several others, who do the same in turn. Eventually, people die because one person fell for a scam.

And THAT is why it is extremely important to not fall for coronavirus cure or vaccine scams.

Here are some things to not waste your money on (and endanger your health and everyone else’s):

  • At-home coronavirus test kits
  • Vitamin C (you can still take it for other reasons, but it won’t cure or prevent COVID-19)
  • Colloidal silver
  • CBD in any form (for all its potential benefits in other areas, this is one where it’s worthless)
  • Herbal supplements (again, some of these have benefits, but not for the coronavirus)
  • Masks (a lot of the ones you can get are worthless; the real ones should be reserved for medical personnel and people who have tested positive)
  • Garlic (even if you’re not being sold pills or whatever, don’t believe anything you might read that garlic will cure the disease; it will, however, make you happier because it’s delicious)
  • Mineral supplements
  • Hot water
  • Anything with the word “miracle” in it
  • Anything advertised as something “Big Pharma” or “THEY” “don’t want you to know about.”

When there is a (real) vaccine available, and when and if there is a (real) drug that cures or curtails the disease, it will very literally be one of the biggest news stories in recent memory. “Big Pharma” will most definitely WANT you know about it, because whichever company develops it will be looking at a potentially unprecedented windfall. Every doctor, hospital and health insurance provider will also very much WANT you to know about it. When it happens, it will be huge.

Coronavirus Scams (March 2020)

Like clockwork, any time a major event, disaster or emergency occurs, scams proliferate.

The coronavirus situation is no different. Already, the worst people in the world are using people’s (completely understandable) confusion and fear to steal money and personal information.

Here is a look at some scams that have already been reported, and some that will likely start to show up in your inbox, your text messages or even your doorstep.

Email scams are already happening. Some attempt to mimic a message from the Centers for Disease Control and Prevention (CDC) or the World Health Organization (WHO), instructing recipients to click a link or open a file attachment to access new information about the virus. This leads the victim either to a website designed to harvest personal information, or a malware infection on the victim’s computer.

Remember that these organizations are not going to email you out of the blue because they do not have your email address on file. You can sign up for email updates about the coronavirus from the CDC by visiting https://www.cdc.gov/coronavirus/2019-nCoV/index.html, but the messages they send will never contain attached files or instructions to turn over personal information.

The CDC and WHO will also not be sending offers for you to purchase vaccines or cures, or asking for donations, and they especially won’t be asking you to send cash, wire money or load up prepaid credit cards and relay the card information to them. Neither will any legitimate organization soliciting donations for anything related to the virus. If you want to help, use established charities you’ve already heard of, and contact them directly.

Apart from fake emails imitating the CDC or WHO, do not believe any offer of a cure, vaccine or preventative being sold online, whether through email, a website or social network. There is no FDA-approved drug or treatment for COVID-19 right now, and there is not likely to be one for quite some time. Of course, this may change at any time (and hopefully sooner than later), but when a treatment and/or vaccine become available, you will hear about it from official sources.

The economic fallout from the coronavirus situation has already begun. It’s impossible to predict what will happen, but there are entire industries whose entire business model hinges on getting people to leave their homes and go to a different location, whether to vacation, to eat, or to be entertained. Manufacturing will also be impacted, as social distancing practices force cutbacks. Many job losses and layoffs will result.

This means work-at-home scams will likely start showing up. These probably won’t be anything new, just versions of old scams that have been circulating for decades. Remember that job opportunities are not going to simply show up out of the blue via email or text message. But you also must be wary of jobs you find by searching online; any offer that involves “processing” payments or shipments is an attempt to rope you into a “money mule” scheme or money laundering operation.

There have also been reports of text messages promising a free iPhone 11 because of the virus. These contain a link to a website set up to do everything BUT put a free phone in your hands.

There have also been reports of people knocking on doors, claiming to be testing for the virus. This is a distraction-type burglary scheme. Even if they appear to be dressing the part, do not be taken in. At least in the U.S., door-to-door testing is not being performed by any official entity at this time, and it is highly unlikely that it will be at any point. Don’t be fooled. In addition to avoiding being burglarized, you want to avoid close contact with anyone outside your immediate household as much as possible.

Avoiding Real Estate Wire Fraud

If you’re in the process of buying a home, or plan to be, you need to be aware of real estate wire fraud.

The goal of this scam is to convince the victim to move the money for a down payment—usually tens, if not hundreds, of thousands of dollars—into an account controlled by the scammer, via wire transfer. And the problem with money sent by wire transfer is that it’s effectively impossible to retrieve. You could lose your down payment and the house.

In some cases, the thieves will use phishing techniques or malicious software to gain access to a realtor’s email accounts, then monitor communications for pending sales. In others, they may use publicly available online tools to identify pending sales, then set up a fake email account that will appear to come from the actual realtor (if the victim doesn’t examine it too closely).

When a sale is approaching its closing date, the thief will send an urgent email to the victim informing them that the instructions for making the down payment have changed—either a check is no longer acceptable and the victim will have to wire the funds, or if the payment was originally going to be made via wire, that they need it to be sent to a different account.

Either way, the message will include wiring instructions that lead to an account held by the scammer, not the realtor.

Losses from real estate wire fraud are growing, with hundreds of millions lost (and that number may be far lower than the actual total—many cases go unreported due to the potential for reputation damage). If you’re buying a house, know that you may very well be targeted. If you receive any new wiring information via email, or a message instructing you to e-sign documents or log in to a website, verify that with a call to the realtor to make sure it’s legit. Double-check everything in that email—is it coming from the correct email address; has the realtor’s command of English grammar suddenly changed?—and slow down instead of reacting quickly in the moment.

Going through extra steps can be a pain, but nothing compared to the pain of sending your entire down payment to a criminal.

Who is at Greatest Risk for Identity Theft?

Identity theft is a ubiquitous crime that comes in many forms and can affect anyone, but some groups of people are at an increased risk.


Children who are too young to have a credit history established are targeted by identity thieves for several reasons. With no history (and therefore no negative history), children represent a ‘clean slate’ for thieves to work with. Also, unless the parents are checking their child’s credit report—essentially to make sure there isn’t one yet—the theft may go unnoticed for years, at least until the victim becomes an adult and begins applying for student loans, credit cards or housing. If you’re a parent, be sure to check your kids’ credit reports whenever you check your own.


Seniors are often targeted for identity theft (and scams in general) over the phone and through online phishing attacks. Seniors are perceived to be most trusting, less savvy and wealthier, making them attractive targets for identity thieves. Some are also reluctant to report that they have been victimized, whether out of pride or shame, or fear that family members will think they are incapable of taking care of themselves.

College Students

College students are at higher risk for identity theft, especially theft is carried out by someone they know. Many are applying for credit cards for the first time, so their credit histories are relatively clean, plus they may not yet be aware of how important it is to keep personal information safe.

Military Personnel

Military service can include significant stretches of time away from home, where collection calls from creditors doesn’t actually owe anything to (one of the warning signs of identity theft) go unanswered, bills from credit cards the victim never applied for go unseen (another red flag), and where the nature of the job can push things like checking a credit report for discrepancies to the back burner.

Higher Income Households

Identity theft takes many forms, but it’s usually financial in nature, so it makes sense that members of higher-income households would be at increased risk. The promise of larger account balances and higher credit ratings makes them a tempting target.


You probably knew this part was coming: even if none of the above categories apply to you, you don’t get to coast. Everyone is a potential victim, and some of your information is almost certainly already out there being bought and sold. Check your credit reports, don’t ignore unexpected collections calls or bills, place credit freezes, and stay informed so you know what to watch out for.