Tag Archives: Scams

How to Report a Dinar Scam to the FBI

If you or someone you know has fallen victim to an Iraqi dinar (or Vietnamese dong, Indonesian rupiah, or any other foreign currency) “revaluation” investment scam, the FBI has set up a website to report the seller of these worthless currencies.

Currency revaluation schemes have been around for a long time, and have never once paid off for anyone except the people charging a commission for the sale. Iraqi dinar scams have been going strong since 2003, and the currency has yet to do anything except lose value.

There’s an article at Forbes.com that goes into further detail on this type of scam.

The ‘Can You Hear Me?’ Scam (Or Maybe Not)

I’ve seen a few recent warnings about something many are referring to as the “Can You Hear Me?” Scam. Basically, someone will call, ask if you can hear them, wait for you to say “yes,” then hang up. Later, they make unauthorized charges to your credit card, and use the recording of you saying “yes” in court to “prove” you agreed to the charges.

Now, any reminder to NOT talk to strangers who call you on the phone or to engage with robocalls in any way is a good reminder, but if you’re like me, you might find a few holes in this specific warning.

For example, unless you have the weirdest credit card in the world and its number is “YES” for some reason, simply saying the word doesn’t automatically give the caller your card information. Despite the existence of Peanut Butter M&M’s, Gus’s World Famous Fried Chicken and the first Doc Watson album, magic isn’t actually real, and nobody can pull your credit card number out of your wallet simply by getting you to say “yes” one time. The scammer would have to already have this information before calling you.

Then, if they’ve already got your card information, why would they bother calling to trick you into appearing to agree to charges? In a vast majority of the cases I’ve seen, scammers aren’t interested in making their schemes complicated. They’re not going to use a recording of you saying “yes” in court because they’re never going to end up in court. If they have your card information, they’re just going to use it. They don’t need to track down a phone number associated with the card in order to get a “yes” they’re never going to need.

So this leaves us with…what, exactly? Is this a real scam? There do not appear to be any documented cases of “said yes/card was charged/disputed the charge/recording ‘proved’ I authorized the charge/no recourse.” But the calls appear to be actually happening, and you have to wonder: what are they up to?

It doesn’t matter. If you get a call and someone just says, “Can you hear me?” hang up. No matter what their intent, it’s not something you want to get involved in.

Even better, stop answering the phone every time it rings. Almost every phone scammer needs you to pick up the phone. If you don’t, you’ve already ruined their scheme. If you recognize a number, go ahead and pick it up, but let everyone else leave a message.

This may be just one of those stories that gets passed around on a better safe than sorry basis, but I like accuracy, and the story being shared by various online sources doesn’t add up. If you do get a call like this, just hang up. But consider letting all unfamiliar calls go to voicemail. It’s the safest method.

Sources:

  1. The Consumerist: If A Telemarketer Or Robocall Asks “Can You Hear Me?” Just Hang Up; It’s A Scam
  2. Snopes: ‘Can You Hear Me?’ Scam Warning

Tell Your Parents: seniors lose $36 billion every year to financial fraud

image-criminal-fraud-01Jerry Seinfeld used to do a great bit about aging. The not-very-funny paraphrased version for our purposes today is that, when people get older, everything gets smaller—the meals, the houses, their bodies. Everything except the car, which just get bigger.

But there’s another thing that gets bigger as we get older, too: the target painted on our backs. The elderly lose an estimated $36.4 billion every year to fraud. That’s the size of entire sectors of the U.S. economy.

CNBC ran a story on the subject recently, and it’s worth a read. The important thing is to stay involved in your parents’ lives and talk to them about the realities of financial fraud and the fact that they will be seen as marks simply because of their age.

Greasy telemarketers, lottery scams, the old “grandchild in danger” telephone scam, get-rich-quick schemes (Iraqi dinar and Vietnamese dong currency peddlers, I’m looking at you), phony investments and affinity fraud (where the scammer uses affiliation with a church or other organization to appear trustworthy)—all of these target the elderly. It’s important to talk to your older family members and friends about the dangers, and take action where needed.

Additional resources are listed below:

They’re not working on WRINKLES

Here’s a new one from the Dumb Spam Files (which could totally be a TV series if FX or A&E would return my calls):

2016-03-09-spam

Here’s a NON-secret for you: NASA isn’t researching wrinkles.

I don’t care how bad your wrinkles are. I don’t care if all that’s left of your face is one giant wrinkle. Never click on anything that even resembles this. Deal?

An example of the exact type of email you should NOT open

Here’s a screenshot of something that appeared in my inbox recently:

2015-12-21-spam

I spend a lot of time trying to describe the kinds of emails you should avoid, but this one illustrates those concepts perfectly. Let’s look at a few warning signs:

  1. The message wasn’t expected (I’m not a USAA member, but even if I was, this isn’t a usual email)
  2. The subject line is intended to provoke a fear reaction
  3. The subject line is kind of weird, grammatically; are they saying that a “New Document” has been prevented? If “Due to Suspicious Sign-in” modifies the subject of the sentence, which in this case is “New Document,” then…okay, you get it;  it just reads weird.
  4. There is a file attached (the little paperclip icon)

What is supposed to happen with this kind of email is that the victim sees “Suspicious Sign-in” and immediately opens the message, which is most likely blank or contains instructions to open the attached file. Once the victim does that, some form of malicious software, anything from spyware to ransomware, will be installed on their computer.

What actually happens, when the recipient knows some of the warning signs, is that the message is immediately deleted and causes no harm.

Also note that this message slipped past some pretty burly anti-spam and anti-malware software. Those tools are important, but sometimes a dangerous email still makes it through. Stay vigilant!

Watch out for fake utility workers

It seems like as good a time as any to once again remind everyone to beware of burglars posing as utility company workers.

The usual setup starts with a knock on the door. The person standing on your doorstep claims to work for the electric or gas company, telephone company, or some other utility. They tell you they are in your neighborhood working on some or other problem, or performing routine maintenance, and ask to be shown to your circuit breaker (or whatever piece of hardware makes sense). Often they’ll even look like a real utility company employee, with a clipboard, nametag and possibly even a uniform.

While you’re showing them to the circuit breaker-or-whatever, an accomplice you didn’t see slips into your house looking for valuables or money.

It doesn’t really matter which type of company they claim to represent, the important thing to remember is that if a utility provider is going to need access to the inside of your house (which they almost never will), they will contact you ahead of time. They will not show up unannounced.

If someone is at your door and you were not contacted in advance, ask to see a badge or official identification, which they should gladly provide. Then politely ask them to wait while you close your door, lock it, lock any other doors, and call the utility company to ask if they’ve sent people to your house. Whatever you do, don’t let them in or call them out on being a crook. This type of scam differs from most in that it involves actual, physical proximity to the perpetrators, which can put you in danger of bodily harm.

Utility worker scams often target senior citizens, so make sure your friends, family and neighbors are aware of this type of crime, what to watch for and how to respond.

Beware of unsolicited offers

The phone rings. A caller identifies himself as representing a well-known and trusted local business. He’s calling to offer you a discount on their services.

“Hey, great, I need those services anyway,” you think, and agree to the offer and arrange for the work to take place.

And another scam is set in motion.

It’s been happening here in Northwest Indiana. A heating/cooling contractor from Illinois (with an F rating at the Better Business Bureau, maybe not-quite-incidentally) has  apparently been calling homeowners and claiming to be a well-known local business (with an A+ rating, also maybe not-quite-incidentally), with an offer for discounted duct cleaning. Workers show up, perform a shoddy duct-cleaning, then ask for more than the agreed-upon price.

So my fraud prevention tip today is this: be wary of unsolicited offers from local businesses. If you get a call, make sure to double-check with the actual business before you agree to anything. Use an official, published number from the real company’s website or trusted online source (or the phone book, if you didn’t just carry it directly from your front porch to the recycling bin) instead of the number that shows up on caller ID or the number given by the caller. If there’s a discrepancy, it could be a different (and unscrupulous) business posing as the real one.

Play Along at Home: Fake Target ‘Order Confirmation” Email

Here’s a picture of a fake “Order Confirmation” email I received recently. How many clues can you spot that indicate something is not quite right?

2014-12-08-spam-01

Here’s what comes up if you hover the mouse over the word “link”:

2014-12-08-spam-02

How many fraud indicators did you find?

Here are the ones I found:

  1. Very vague subject line: if this were an actual delivery confirmation, the subject line would usually refer to it in some way. It wouldn’t just say “Order Info.”
  2. The “From” information: support@yummy.cookiesmadeeasy.com is not a Target email address.
  3. The logo is wrong. No bullseye anywhere.
  4. “As Thanksgiving nears…” Thanksgiving was a couple weeks ago. Wrong holiday, dummies.
  5. The (attempted) conversational tone of the email: if you had an actual order to pick up, the email would begin with this information. Whichever holiday is approaching is absolutely irrelevant (for the store) to the fact that they’ve got merchandise they want you to pick up as soon as possible.
  6. The excruciatingly bad grammar. Go ahead, read it out loud. It’s beyond horrid.
  7. This isn’t even how in-store pickup orders work…the customer chooses which store to have their purchase shipped to, and that’s where it goes. That’s the only place it goes. You don’t just go to any random location because they don’t ship one to every single store when an order comes in.
  8. And what happens if I don’t “pick it” within four days? Again, not how online orders work.
  9. The stores aren’t called “Target.com.”
  10. When you get a real order confirmation email, the order information is almost always included in the message. You don’t have to click a link to get to it.
  11. Speaking of links: makingteamsrock.com? Not a Target website.
  12. “Always yours, Target.com.” Pretty sure they don’t refer to themselves as “Target.com.” Or use “Always yours” as a closing.
  13. Not one single item in the “privacy policy” line at the bottom is an actual link.

So, I found thirteen. Did you catch any that I didn’t?

New phishing attack poses as PayPal email…

…and it’s convincing.

I mean, I hate to sound almost impressed by some cruddy email scammer, but as far as “click here to log in and verify your account” phishing attempts go, this one is devoid of broken English, and uses information taken from a recent data breach at eBay to ratchet up the realism by using the target’s actual name. If there is a spectrum of phishing attacks that ranges from “laughable” to “frighteningly realistic,” this one falls much closer to the latter than the former.

The Consumerist blog has a full article that discusses it in greater detail. I strongly suggest you read it. In the example they use, the recipient only used that email address for eBay and PayPal, which added to the realism. It’s a good idea to have separate email addresses used only for online transactions because it helps weed out phishing (if you get a message on your OTHER account that supposedly comes from PayPal, you know it’s fake right away). However, as soon as there is a data breach, your specific-purpose email address can be targeted as well. My guess is that this guy is going to start seeing a ton of spam hitting his eBay/PayPal-only email, and he’ll have to abandon it for a new one.

At its core, this phishing attack was just another “click here to verify” attempt, but by using data from a breach, its success rate is bound to be higher than usual. It’s why you can never stop paying close attention to everything you click on.