Tag Archives: scam

What If I Don’t Have Caller ID?

I’m guilty of assuming everyone has caller ID these days. While the feature may be baked right into mobile phones, caller ID service for landline phones is still a feature you usually have to pay extra for. And some people don’t want to.

So how should these holdouts handle telephone scams?

My advice is: get on the list and be quick on the draw. First, add your number to the National Do-Not-Call Registry. Once it takes effect, it will weed out all the legitimate, non-scam phone calls. Anyone who calls with an offer or sales pitch after that is obviously ignoring federal regulations and can be assumed to be attempting to commit fraud. If you’ve answered the phone, hang up as soon as you realize what’s happening.

Second, the vast majority of scammers use automated robocalls, where they ring multiple phones at once and then connect with whomever answers first. That setup takes a moment to function, and causes recognizable audio artifacts. If you’ve answered the phone and don’t get a response within a second or so, you can assume it is a robocall and hang up. If you answer and the first thing you hear is electronic noises (little clicks, bloops, beeps, etc.) or silence, it’s safe to assume you’re dealing with a robocall and hang up.

If you’ve hung up on a legitimate caller, they’ll call back.

Failing the quick-draw hang-up technique, if you find yourself talking to an unexpected caller, the old rules still apply: if they’re trying to make you afraid, it’s probably a scam; if the offer sounds too good to be true, it’s probably a scam; never wire money to a stranger; the IRS doesn’t call to demand payment over the phone; you didn’t win the lottery; your grandchild isn’t in jail or a hospital overseas; your computer doesn’t have a virus; never press “1” for any reason.

You’re under no obligation to be polite to someone who is trying to trick you out of your money over the phone. You’re allowed to just hang up without explanation.

Online Dating Scams Can Be So Much Worse Than You Thought (OR: Incredibly Bad Romance)

The classic Online Dating Scam involves a con artist meeting a victim online, pretending to initiate a long-distance relationship, and then asking the victim to wire money.

It’s a widespread form of fraud, and despite increased awareness, it continues to thrive because we’re all convinced it only happens to other people. We’re too smart, right?

Right. There’s a reason you never hear anybody say, “Yeah, you know, I’m just really naïve and easy to manipulate.” Here’s a little trade secret known to scammers around the world: literally everyone has some area in which he or she is vulnerable. There is no such thing as a 100% scam-proof human.

But there may be an even more compelling reason to avoid the romance scam: the possibility of criminal prosecution. In this case reported by BBC News, a woman was not only tricked into wiring her own money to her online “partner” over the course of several years, but also convinced to move money between different bank accounts on behalf of the con artist, making her an accessory to money laundering.

For which she was prosecuted and convicted.

Yeah, let that one sink in for a second. The irony is, she was probably helping him launder money he was getting from other romance scam victims.

Now, I’m no legal expert, and this case did occur in the U.K., not the U.S. I’m not sure how different the laws are here, but I’m betting that there is a point at which they also no longer care that you were a victim because it should have dawned on you that you were laundering money.

So if you’re out there on the internet looking for companionship, or if you know someone who is, be aware of the risks. When someone you’ve never met is asking you to send money, or to transfer funds between different financial institutions, do not do it. Under any circumstances, okay?

The IRS Is Using Private Debt Collectors Who Will Make Calls, but This Actually Changes Nothing

Sometimes fraud prevention can be boiled down to nice, simple rules that don’t leave much room for subtlety. Never wire money to a stranger. Just keeping that one rule in mind will keep you out of a lot of trouble, even if you forget the details of the scams that utilize the technique.

The IRS will never call you was another one of those hard rules, but as of 2017, it’s become a little more complicated. However, for the most part, nothing has really changed when it comes to fraud prevention.

Basically, the IRS will be contracting with four collection agencies, who will only be contacting certain taxpayers who have been delinquent for a significant period of time, whom the IRS has been unable to locate, and who meet certain other criteria. Furthermore, the collectors will not be demanding payments. Instead, they will be directing taxpayers toward electronic options for paying the IRS directly.

This means that some people will be getting calls from collection agencies on behalf of the IRS. The rest of the fraud prevention rules still apply: if they threaten you with incarceration or demand immediate payment, it’s a scam. If they’re talking about wiring money or loading up gift cards, it’s a scam.

Since con artists are nothing if not adaptable, I’ll add this point: if they do anything other than tell you about how you can pay the IRS directly on your own, it’s a scam. I’m sure someone is already gearing up to make calls claiming to be a collection agency, then telling victims they can pay over the phone with a credit card, with a wire transfer or with prepaid gift cards, or by visiting a fraudulent website. The collection agencies the IRS is using will not be asking for nor accepting payments from delinquent taxpayers. At all.

The actual website where you can pay your taxes, overdue or otherwise, is IRS.gov/Pay. And that’s pretty much the only thing the collection agencies contracted by the IRS are going to be allowed to tell you. Any mention of a different website to pay your taxes? Scam.

I recommend reading the full article below for more detailed information.

Counterfeit Check Scam Targets College Students (or: Stop Me If You Think You’ve Heard This One Before)

College students have been targeted by an employment scam that’s going to start sounding familiar as soon as I begin to describe it.

Ads are placed on job websites for administrative positions, or emails are sent directly to students “recruiting” them for the jobs. You know…college…recruiters…there companies who need your talents so badly, they’re hiring these people called recruiters to find you before you find them. That’s the dream, right?

Anyway, students who respond to the ads are sent a cashier’s check…can you guess what’s coming yet? The victim is instructed to cash the check, then wire the funds to someone, presumably to pay for equipment or software.

Now let’s see if you can guess what happens next:

  1. The student receives equipment and software and begins a rewarding career that pays well;
  2. The student gets struck by lightning three times in one week;
  3. The student finds out the check was counterfeit, and since he already wired the money to someone else, is now out several thousand dollars.

The answer is C, but B is actually more likely than A.

Scams usually involve tricking a victim into willingly handing something over, be it money or personal information. Scammers try to invoke emotional responses in order to make potential victims bypass their logic. This is why scammers try to create urgency or incite fear, prey on those who are desperate, or (in this case) prey on a group of people, college students, who know they’re in a competitive scene where the supply is greater than the demand.

Scams like this are easy to avoid, simply by applying a single principle: never cash a check and then wire the funds to someone else. It’s one of those rules that works in dozens of scenarios.

Source: https://www.ic3.gov/media/2017/170118.aspx

An uncommonly convoluted con

They say brevity is the soul of wit, but it’s apparently not the soul of spam. I received this in my inbox not too long ago:

From: IMF ADMIN <admin@imfpaymentcenter.com>
Subject: May Good Decision

INTERNATIONAL MONETARY FUND (IMF)
DEPT: WORLD DEBT RECONCILIATION AGENCIES.
ADVISE: YOUR OUTSTANDING PAYMENT NOTIFICATION

Attention Wing Chan

A power of attorney was forwarded to our office this morning by two gentle men, one of them is an American national and he is MR DAVID DEANE by name while the other person is MR… JACK MORGAN by name a CANADIAN national.

This gentlemen claimed to be your representative, and this power of attorney stated that you are dead, they brought an account to replace your information in other to claim your fund of $12.5 Million Usd which is now lying DORMANT and UNCLAIMED, below is the new account they have submitted:

BANK.-HSBC CANADA
Vancouver, CANADA
ACCOUNT NO. 2984-0008-66

Be further informed that this power of attorney also stated that you suffered and died of throat cancer. You are therefore given 24hrs to confirm the truth in this information, If you are still alive, You are to contact us back immediately, Because we work 24 hrs just to ensure that we monitor all the activities going on in regards to the transfer of beneficiaries inheritance and contract payment.

You are to call this office +44(0)7778022499 immediately for clarifications on this matter as we shall be available 24 hrs to speak with you and give you the necessary guidelines on how to ensure that your payment is wired to you immediately.

I have attached a copy of the last part payment of $500,000.00 which was paid into your provided account last week, please check is this is the same account submitted by this two men who claimed to be your representative. Reply this email to [redacted]

Kindly reply

Rev. David Churchman
International Monetary Funds Agents

I get what they’re trying to do here. The victim is supposed to think they got a message intended for someone else (“Wing Chan”) who has a whole lot of money tied up in some account, but they think Wing Chan is dead and would he please confirm that? I assume that the victim is supposed to decide to commit a little fraud himself and reply, “No, I’m Wing Chan and I’m totally alive so give me all that money now please,” followed by the usual, “But wait…you have to wire us a bunch of money first.”

But what a twisty, turny, tricksy route they take to get there. It’s a real adventure, what with the two “gentle men,” the throat cancer and the involvement of the International Monetary Fund.

Here’s the thing about the IMF: I’m fairly certain they don’t handle individual estate accounts for anyone living or dead or allegedly dead. They don’t mention it on their own website.  They deal with financial situations in and between nations. $12.5 million is a lot of money to most individual people. To the IMF, it’s like a nickel dropped down a storm drain. They’re not going to get involved.

So yes, this is an obvious example of spam. I wanted to show it to you, though, because it’s kind of weird. As always, “do this to claim your free money” is forever a scam and always has been.

Nigerian 419 email scams live on

I saw this one just today. It’s a doozy:

From: The Desk Of Mr. James Dike
Reference: GTBank Plc.
Address: 402, Lagos-Abeokuta Expressway, Abule-Egba, Lagos State, Nigeria.

Attention: $10.5M ATM Fund Beneficiary,

I am Mr. James Dike, the new appointed ATM Head of Operation Department Guaranty Trust Bank Nigeria PLC, I resumed to this office on the 1st of this month and For your information i have been empowered and instructed by the new elected President Federal Republic of Nigeria Gen. Muhammadu Buhari to pay all outstanding debt payment to the rightful beneficiaries and summit my payment report to his office with immediate effect and any payment that is not paid before the end of this month will be cancelled and the fund will be returned to the Federal Reserve Oil Account.

So, during my official research last week I discovered an abandoned ATM Master card valued sum of $10.5Million with card number 5321452123409380 belonging to you as the rightfully intimate beneficiary. I tried to know why this card have not been released to you but I was told that the formal ATM head of operation who left this office two months ago withhold your card for his own personal use without knowing that I will not approve or support him to take your card.

Now that your ATM Master card is still available for you to pick it up here in our bank. I want to know how you wish to receive your ATM card along with your four digits pin code number. You can come down here in our bank to pick up your card direct from my office or alternatively it can be send to your address through any registered reliable courier service company that you will take care of the courier charge. I don’t know the cost of shipping the card to you but if you permit me I can make an inquiry from the courier shipment company to find out the cost, but in that case you will be required to forward to me your shipment address to enable me find out the shipment cost to your location.

Your direct telephone number and address will be needed and more details of your ATM Master card payment will be made known to you as soon as I receive your swift positive response, to enable you know the amount programmed for your ATM Master Card daily withdrawal.I will send your ATM master card information including your Card Pin Code as soon as you declare your choice of receiving your ATM card so as to enable you receive your card and start making use of it to withdraw at any ATM card machine all over the world as programmed.

Do not hesitate to call me on +234 802-850-0459 as soon as you read this mail.

Thanks for your co-operation.

Yours Faithfully,
Mr. James Dike
ATM Head of Operation Department
Guaranty Trust Bank Nigeria Plc.
Tel: +234 802-850-0459.

A lot of us have become jaded when it comes to the old Nigerian 419 scam. Even though this one takes a different angle and doesn’t mention an exiled prince, for many of us, it’s easy to see through. We probably wouldn’t even read it…”$10.5M” in the subject line would be enough to trigger our “delete” reflex.

But somebody still falls for it. If they didn’t, these emails wouldn’t happen anymore. So while you may have become almost flippant about the Nigerian 419 scam, remember that there are still people who haven’t heard about it yet. If someone you know starts talking about an impending payout from a mysterious source, or mentions their plans to wire money overseas, it might be time to educate him or her.

Free Disney Vacation Scam Alert

If you haven’t already, at some point very soon you are going to see this image on Facebook:

2015-07-17-disney-scam

The hook is this: like the photo, share it, then visit a website to enter a contest for a free Disney World vacation.

Here’s the problem: the Facebook page this image resides on is NOT the official Disney World page. It is an impostor designed to trick users into liking the page. Once enough people have done so, the page content will be changed to push other scams into the news feeds of the people who liked the Disney page.

Now, why am I such a downer? Why am I trying so hard to make people sad? How do I know it’s a fake Disney page?

Well, look at this screenshot for a moment (click to see it full-size):

2015-07-17-disney-scam-02

Do you see what it says next to the profile picture? I’ll zoom in a little so you can read it better (click for full size):

2015-07-17-disney-scam-02a

It says “Walt Disney-World.”.

Notice the dash.

Notice the period.

Notice the category: “Transport/Freight.”

Notice the lack of the blue “Verified Page” checkmark next to the name.

Do you think for one moment that a company the size of Disney would have ITS OWN NAME written incorrectly on its own Facebook page? Look at any official Disney website or product. Do you see “Walt Disney-World.” anywhere?

Do you see Walt Disney World train cars and semi trailers all over America’s railroad tracks and roadways, delivering jars of pickle relish and car parts and textiles? No? That’s because Disney World is a theme park, not a transportation and freight business.

Do you believe Disney World’s official Facebook page would have 20,000 likes (as of today) and ONE lousy post? And no link to the official Disney World website?

These, and a dozen other points, are your free ticket to knowing that this Facebook page and offer are a scam.

Go look at Walt Disney World’s official Facebook page. Notice:

  • 14 million likes
  • The name is correctly punctuated (which is to say there is NO punctuation)
  • The category is listed as “Theme Park,” which is correct
  • The checkmark next to “Walt Disney World.” This means Facebook has verified that the page is official. You can hold your mouse over the checkmark and a little window will pop up that says “Verified Page”
  • Posts going back to 2009
  • Multiple posts, pretty much every day

I’m taking a pretty emphatic tone because I want people to stop falling for fake Facebook pages. I’m tired of seeing people I know get taken in by this stuff because it helps crooks spread spam and fraud to millions of people. If you see this photo and post in your Facebook newsfeed, please do the following:

  • DO NOT SHARE, LIKE OR COMMENT ON the page yourself
  • Tell whoever shared it or posted it that it is a scam and that they need to unlike the page right away; point them to the real Disney World page if they don’t believe you
  • Go to the fake page and Report it as fraudulent to Facebook
  • Share this article, or this one from the Consumerist if you can’t bring yourself to take my word for it

I don’t Facebook much anymore, but I’ve always lived by an “If it’s being shared a lot on Facebook, it’s probably not true” code. It’s a pretty accurate rule, and the stuff that IS true you’ll hear from credible sources eventually anyway.

 

 

Heartbleed is the name of a bug, not a virus

The Heartbleed Bug was a major story not that long ago. Lists of affected websites circulated with instructions to change your passwords if you had accounts at those websites.

In the whirlwind of online news articles, a lot of jargon got tossed around that the average computer user may not be familiar with, and any time there is a knowledge gap, scammers can and do take advantage of it. Spam emails began to circulate claiming to include a Heartbleed removal tool that was, naturally, a malicious program itself. The attachment, if opened, installed a keylogger on victims’ computers, which could transmit sensitive information to criminals. Symantec has a fine article about this particular attack.

Of course, if you’re an old hack hand at Computer Stuff like myself, you already knew that Heartbleed was a bug affecting servers, not a virus. But not everybody is familiar with all these terms, so I decided it would be useful to explain some of these concepts in layman’s terms.

DATA is digital information. If you’re looking at a website, your computer is taking data and presenting it in a readable, watchable, or listenable way. You’re looking at data, which happens to be mostly in text form, right now. When you have an account at Amazon or Facebook (for example), your username and password are part of your personal data, which is the stuff you don’t want being accessed by anyone but yourself. Websites keep this kind of data on servers that use various software to make it (hopefully) impossible to access by unauthorized people.

SERVER is a big computer where data is stored. When you watch a video on YouTube, the digital information that makes up that video is stored on an incredibly large computer, which transmits that data to your computer, which turns it into a video you can watch. Companies such as Facebook and Google have multiple servers that fill entire buildings. Your employer may have a smaller server that looks like a regular desktop computer, which hold all the business’s customer data, and only employees have access to it. Same concept, different scale.

OpenSSL is a particular type of server software that was affected by the Heartbleed bug. You know how your desktop computer runs Windows or MacOS, and your phone runs Android or iOS? OpenSSL is pretty much the same type of thing for servers. Your home computer uses Windows or MacOS to do home computer things, some (but not all) servers use OpenSSL to do server things, like store huge customer databases.

BUG is a flaw in a piece of software. You know how sometimes you download some goofy free app on your phone, and it works for a few seconds then crashes? That app has a bug that makes it function improperly. In the case of Heartbleed, the bug was a security flaw that potentially opened up account information (such as encrypted passwords) to hackers.

ENCRYPTED data has been scrambled in a way that unauthorized persons cannot access it. Servers don’t just store your username and password in text form because it would be too easy for someone to just steal the file and open it. They use complicated methods to make sure that, even if someone got the file, they wouldn’t be able to read it. (At least, this is how it would always work in a world without security bugs like Heartbleed; this is why you had to change your passwords at affected sites after the bug was fixed.)

HACKER: a person who breaks into computer networks. This in and of itself does not make them bad…many are actually hired to break in, in order to highlight security flaws so they can be fixed. Some use their skill for criminal purposes.

These are pretty simplistic explanations, but I think it’s important to at least have a concept of what these terms mean, so that when you read an article that says “security bug affecting servers running OpenSSL versions etc…” you can at least understand that they’re talking about software you’re NOT running on your home computer, and to ignore any emails offering a fix because Heartbleed wasn’t a virus in the first place.

But you’re not going to open attachments in any unsolicited emails, anyway, are you? If nothing else, remember this First Principle: “If you didn’t ask for it, don’t click on it.”

Credit Card Scam Alert: Ignore that offer from AmTrade International Bank

There is a new scam showing up in mailboxes.

It takes the form of an offer for a “secure” credit card, and it targets people with low credit scores or other financial issues.

A “secure” credit card is a credit card where the cardholder puts up some of their own money as collateral against the credit line. It allows lenders to extend credit to higher-risk consumers at a lower annual percentage rate, and can actually be a good tool for rebuilding credit (timely payment of debts makes up a large portion of your credit score). We actually offer a secured credit card here at REGIONAL. They’re a legitimate financial tool.

Except for when they’re used as the basis for a scam.

This one comes from AmTrade International Bank, with an implied connection to Credit One Bank, N.A. (there is none). Victims select a card with either a $1,500 or $3,600 credit limit, and then send in $500 or $900 (respectively) as “collateral” for the credit lines.

And the credit cards never arrive. At its core, this is the simplest form of scam: take money, disappear.

This exact same scam showed up earlier in the year, from Freedom 1st National Bank, which also implied a link to Credit One. In both cases, victims instantly found themselves robbed of either $500 or $900.

If you get offers for pre-approved credit cards in the mail, it is vital to verify all claims before making a purchase decision and sending personal information and money.

In fact, I’ll just put it out there now: don’t respond to unsolicited pre-approved offers for “secure” credit cards, at all.

Also, never just send money to an unknown entity, for any reason.

This scam is going to keep popping up, with different fake banks running it each time, and law enforcement is going be playing whack-a-mole for quite some time. In the meantime, it’s on each of us to look out for ourselves.

Read more:

 

Let’s kick off the long weekend with a derpy lottery scam

Many of us (here in the States, anyway) will spend today looking forward to a nice three-day weekend, visions of grilled meat, open-wheel race cars and (if you’re like me) binge-watching the entire fourth season of Arrested Development on Netflix dancing in their heads.

Seems like a good time for a “fun” sort of post, so let’s snark at a bad lottery scam email I received this morning:

From: [redacted]@co.pg.md.us
Subject: ! Are You Aware!!

Your email has been announced the winner of the Microsoft E-mail Sweepstakes of 5.6, Million Pounds. Please send these informations:
Full Name:
Address:
Tel / Mobile No.:
Country:
Occupation:
Sex / Age:
Alternative E-mail:
Contact Mrs. Kathrin Rogers: { Kath.rogers@msn.com<mailto:kath.rogers@msn.com> } OR { Kath.rogers@rogers.com<mailto:kath.rogers@rogers.com> } with details. Sincerely, Josphine B. Clay
(Microsoft Management Board, Copyright 1991-2013)

—————————————————————————————

This E-mail and any of its attachments may contain Prince George’s
County Government or Prince George’s County 7th Judicial Circuit
Court proprietary information or Protected Health Information,
which is privileged and confidential. This E-mail is intended
solely for the use of the individual or entity to which it is
addressed. If you are not the intended recipient of this E-mail,
you are hereby notified that any dissemination, distribution,
copying, or action taken in relation to the contents of and
attachments to this E-mail is strictly prohibited by federal law
and may expose you to civil and/or criminal penalties. If you have
received this E-mail in error, please notify the sender immediately
and permanently delete the original and any copy of this E-mail and
any printout.

Oh, where to even begin?

For one thing, it doesn’t say I won anything. My email, on the other had, has won 5.6 million pounds. Fat lot of good it will do.

Also: pounds? Microsoft, based in Redmond, Washington, conducts business in pounds? Sure. Whatever.

“Please send these informations.” Uh-huh. Because Microsoft doesn’t have enough money to hire people who use proper grammar.

! Are You Aware!! Um, ?No I’m Am Not ! !!

Why would a message about a Microsoft sweepstakes come from a Prince George’s County, Maryland email address?

Why would the disclaimer refer to said county, and not, oh…I don’t know…maybe Microsoft?

Finally: there is absolutely no such thing as a Microsoft E-Mail Sweepstakes, nor has there ever been, and nor will there ever be. But if you’ve been reading this site for a while, you already knew that one, didn’t you?

Have a good weekend. Stay vigilant. (Also, try grilling corn with garlic butter and without wrapping it in foil if you’re cooking out this weekend. You have to move it around a lot to avoid flare-ups and burnt corn, but dude…seriously, you’ll never do it the old way again.)