Tag Archives: Scams

A Healthy Dose of Skepticism for 2019

2019 is going to be a lot like 2018, and a lot like every other year in recent memory: there will be a couple new ways to become a victim of some form of scam or fraud, there will be a boatload of old, tried-and-true scams still making the rounds (some with slight variations that make them seem new), a few “latest threats” frantically shared on social networks that turn out to be hoaxes, at least one or two major data breaches (and dozens of minor ones), and a whole lot of information, both accurate and inaccurate, about all of it.

And so, as we approach the new year, my advice is to stick to one basic principle, and to always ask yourself, “Is this the way the world really works?” That little bit of skepticism can be your best friend when it comes to avoiding scams and rip-offs, as well as not being the person who spreads false information and hoaxes online.

A lot of people make health-related resolutions this time of year. But before you spend money on a dietary supplement being hawked by some A-list celebrity, ask yourself how you think that A-lister got into the shape he or she is in. Does it seem more likely that they took a pill (that’s only been on the market for a few months, mind you), or could it be the full-time nutritionist on staff, the live-in chef, the million-dollar in-home suite of workout gear, the live-in personal trainer and the fact that their entire job description, when not actively working on a project, is to stay looking as perfect as possible?

When you read a story breathlessly shared on Facebook about robbers using fake perfume samples to subdue victims in parking lots (an urban legend that’s been repeated in various forms since around 1999), take a moment to notice how unlikely the whole scenario seems in light of how quickly most criminals prefer to operate (to say nothing of how ether and chloroform actually work). Notice how many of the “I narrowly escaped this!” stories boil down to, “I saw a man in a parking lot, and then nothing happened.”

When you get an email telling you that you’ve won the Powerball Lottery, remember how lotteries actually work in the real world. You buy a ticket and wait for some ping pong balls to pop out of a big tumbler. You don’t just “have an email address and wait until you win.”

When the phone rings and the caller claims that he’s from the IRS, you didn’t pay your taxes, and that you’re going to be arrested today unless you pay up immediately by purchasing some iTunes cards at the drugstore and calling back with the information, ask yourself if any one part of the situation squares with how the IRS actually functions. (Hint: none of it).

You don’t have to become a cynic, but just remembering to think about a new claim or information before you act on it can be a powerful ally. And remember this: if someone is trying to make you afraid of some immediate (or even abstract) threat, and they tell you the only way to make the fear go away is to give them something (money, personal information, etc.), they are probably not telling the truth.

Avoiding Charity Scams

I sometimes repeat myself, and occasionally I’ll say something I’ve said before, too. But even if you’ve read or heard about charity scams before, it never hurts to have a quick reminder. It’s already November, and charitable giving comes up a lot this time of year.

I’ll keep it short: decide in advance which charitable organizations you wish to support instead of waiting for others to approach you. If you’re looking for a new cause, research before you donate.

When you already know whom you’re giving to, it makes it much easier to turn down those who call or email out of the blue because you won’t feel pressured. You can explain to callers that you’ve already done your giving for the year (and you can just ignore emails—I would hesitate to trust an out-of-the-blue request via email).

If you’re checking out a new charity, the go-to resource is CharityNavigator.org. This website tells you how much a charity spends on marketing and how much money makes it into their programs, gives executive salaries and other financial information, as well as an overall rating of the organization. No mainstream charity manages to have 0% operating expenses, but if you see one that devotes 99.5% of its revenue to salaries and marketing, with only 0.5% going toward programs, you know it’s one to avoid.

Pension Advance Schemes

If you receive monthly payments from a pension, settlement, lottery winnings, or other similar source, it’s a good idea to be aware of schemes that offer a lump sum cash payment in return for some or all of your income.

There can be good reasons for considering it. Living on a fixed income, such as Social Security plus a modest pension can make an unexpected expense (medical event, major house repair, etc.) difficult to pay for. By exchanging some of your pension payments over a certain amount of time for cash, you can cover those expenses without completely upending your life. It’s rarely an ideal situation, but it can work out.

(It can work out. It doesn’t always work out. It often doesn’t work out.)

It is extremely important to know exactly what you’re agreeing to before signing anything. No matter what language it’s dressed up in, these plans are loans. They are giving you a certain amount of money, and you’re paying back a larger sum over time.

There are a lot of companies offering this type of product, and I’m sure some of them aren’t actively trying to inflict harm. But there are tons of unscrupulous lenders offering pension advances that thrive by ripping people off.

Before jumping into a pension advance, I first would recommend looking for literally any other option. Got a credit union nearby? Start there. Ask about a personal loan.

If you really still want a pension advance, go in with the understanding that you are getting a loan, and proceed with extreme caution. What is the effective interest rate you’ll be paying? Some pension advance schemes are effectively charging a nearly 100% annual interest rate. If they deny that it’s a loan or won’t tell you a rate, walk away. Exactly how much will they take each month, and for exactly how long will you be paying them back? Get everything in writing, and the second something seems fishy, bail out and do not proceed any further.

What is Affinity Fraud?

At the beginning of Side 3 of Grand Funk Railroad’s 1970 Live Album, Mark Farner shirtlessly tells the audience this (edited for clarity):

Brothers and sisters, there people out there that look just like you, or maybe your brother…but they’re not. And when they hand you something, don’t take it. Don’t take it, okay?

Now, Mark was referring to the kind of party supplies that might circulate at a rock concert in 1970, but he also could have been talking about affinity fraud almost fifty years later.

Affinity fraud targets people who are members of a group, and uses that group identity to lure victims into the scam. Some of the most common targets are religious groups or church members, people with a shared ethnicity, or those who have served in the military. The con artist will be a member of the targeted group, or will claim to be, and attempt to recruit others to help bring in more victims.

Generally, these scams take the form of phony investments or Ponzi schemes.

There are a variety of ways to identify affinity fraud. Here are a few things to look for:

Is the person offering the investment using membership in your group as his “in?”

A shared identity can be a great way to build community, but remember that the human tendency to trust those we see as similar to ourselves can be used against us. Just because someone claims to be a member of your group doesn’t mean they are. There is no physical barrier to lying; “I’m the same as you” can be uttered by anyone, whether it’s true or not.

Are the investment materials (brochures, flyers, etc.) filled with symbols or phrases familiar to your group?

A con artist targeting members of a church might festoon his written information with symbols or scripture (some even go so far as to imply that the “opportunity” has been sent from above). On the other hand, a scammer going after veterans might use flags, ribbons or eagles. Humans are emotional, and we respond strongly to symbols, but be cautious around any kind of investment offer that seems to be hitting those symbols a little too hard.

 Are the promised returns extremely high, or is the investment presented as guaranteed or having little-to-no risk?

Real investments carry risk. There is always a non-zero chance you will lose some or all of your initial investment. An investment presented as “risk-free” or “guaranteed” is always going to turn out to be a scam, because that’s not how investing works. Any investment promising double-digit returns is to be taken with a grain of salt.

Do the returns hinge on you recruiting others into the fold?

That’s a Ponzi scheme. You will lose all of your money.

Is the broker licensed to sell investments?

Never invest through an unlicensed broker. Whatever your (or your group’s) opinion of regulations, licensing requirements, or government in general, anyone selling investments without a license to do so is breaking the law. What other laws is this person willing to break? What about the ones that make stealing illegal? And don’t fall for excuses like, “I’m not licensed because the government doesn’t want your group to have access to this amazing opportunity,” either. That’s just someone stoking your emotions to goad you into action.

The U.S. Securities and Exchange Commission has a nice PDF available for download that goes into more detail about affinity fraud and how to report it to the SEC.

(However, it doesn’t contain a single reference to Grand Funk Railroad. You gotta read my articles for those.)

Greed and Fraud

A few weeks ago, I posted an article about the relationship between fear and fraud. Basically, if someone is trying to make you afraid, then asking for money or personal information, it is very likely that they are trying to steal from you.

There is another emotion that scammers will often prey upon: greed. That all-too-human desire to get something for nothing, and to be the one with the most.

The most obvious example I can think of is the old Lottery Scam. By stoking greed with the promise of vast, out-of-nowhere riches, the perpetrators of this scam hope you won’t notice how suspicious the hoops they’re asking you to jump through are. The promise of millions of dollars is misdirection; while you’ve got your eyes on the prize, you might not remember how unwise it is to wire a few thousand dollars to a stranger, or that “cash this check and wire the money back to me” is a weird request to begin with.

Other examples include the Car Wrap Advertising scam, the Pigeon Drop scheme (“I found money, let’s share it!”), and of course the old Nigerian 419 scam (“I’m an exiled prince; help me retrieve my fortune and I’ll share it with you,” which at this point isn’t even a “classic” scam; it’s positively an antique).

It’s the same tip as with fear: if someone is trying to spark greed, then asking for money and/or personal information, they are trying to scam you.

Fear and Fraud

Humans are an emotional animal. No matter how advanced our technologies or societies become, no matter how objective or logical we believe we are, primal emotions can still affect our behavior, and when someone manipulates those feelings into a heightened state, we find ourselves at risk of making mistakes.

Many types of fraud work by stoking one of our most basic emotions: fear. The assumption goes: if you can make someone afraid, they’ll believe anything you say, even if it makes no logical sense.

Here is a list of several common scams and how they use fear to trick victims into handing over money or personal information:

  • Phishing: uses the fear of losing access to money (“your debit card has been deactivated”) to trick victims into visiting a website that harvests personal information
  • Medicare scam: uses fear of losing access to health care to convince victims to reveal personal information
  • Tech Support scam: uses fear of malicious software to trick victims into handing over control of their computer
  • IRS scam: uses fear of imprisonment to get victims to load prepaid gift cards, then pass along the card information to the scammer
  • Missed Jury Duty scam: uses feat of imprisonment to obtain credit or debit card information
  • Grandparent scam: uses fear of loved ones’ safety to lure victims into wiring money or loading prepaid cards with cash
  • Lottery scam: mostly appeals to greed (another primal emotion), but also stokes fear of missing out on a once-in-a-lifetime opportunity to trick victims into falling for a counterfeit check scheme
  • Ransomware: uses fear of losing access to important files to extort payments from victims

In other words, a lot of scams operate by inciting fear.

The key is to understand that the use of fear is an extremely common (if not the most common) tactic, and to be able to recognize when someone is trying to make you afraid. This requires a certain amount of self-awareness, and I’m not really sure how one goes about developing that, other than to just slow down and take a moment whenever a stranger is presenting you with alarming information, instead of reacting immediately.

Unless they’re shouting “duck!”

$500/week to wrap your car in ads? Better think again.

I still haven’t encountered anything that contradicts this fraud prevention axiom:

“Cash this check then wire the money back to me” is a sure sign of a scam.

It’s a fairly easy pattern to spot when it comes to things like lottery scams, because the scammers almost literally use that exact wording. But there are other times where the “wire the money back to me” stage is a little more obscure.

One such case is the Car Wrap Advertising Scam. Below is a scan of an actual letter used to initiate this scheme after the would-be victim responded to a random email or text message offer. This letter came with a cashier’s check for $2,390.00 (click to enlarge):

In this case, they’re not directly saying “wire the money back to me,” but they are telling you to give it to someone else, in the form of setting up a payment to a “Decal Specialist.”

What happens when you contact this person? You’re instructed to wire the money from the check, which will eventually be returned as fraudulent, putting you on the hook for the cash you gave away. It’s the same pattern as a lottery scam, only with an additional step in between.

One reason this scam continues to work is that there are actual wrapped cars out there. We’ve all seen them. However, even in cases where these aren’t company-owned vehicles, legitimate car wrap advertisers share certain features:

  • They don’t randomly contact you out of the blue via text message or email
  • They don’t take everyone who applies; they’ll want to know how far you drive each day, where you drive, what kind of car you have, and your driving record
  • They’re not going to pay you $500 per week. About $1,000 per month seems to be the ceiling, and that’s for absolute ideal (for the advertiser) circumstances (i.e. you drive hundreds of miles per day in an area extremely densely-populated with people within the ad’s target demographic; I’m guessing your car has to meet certain visibility criteria as well, because I’ve mostly seen these ad wraps on lifted, customized 4×4 pickups)
  • You don’t pay them at any point, and you’re not responsible for passing along money to whomever applies the decals (“Hey stranger we’ve never met in person, here’s a few thousand dollars to give to someone else for us. We’ll just trust you to not keep it.”)

If you’re truly interested in turning your vehicle into a billboard, there are a few links to apparently legitimate agencies in this Penny Hoarder article. But before you act on anything online, be sure to do a lot of research first, and always get in writing what you are agreeing to do and how you will be compensated. If it’s too easy to get the gig, it’s probably a fraudulent offer.

Spear phishing

The standard-issue phishing attack relies on sheer numbers as the key to its success; by sending tens of millions of emails, the chances of hooking a few thousand victims is pretty good, regardless of how sophisticated the message itself is.

But there is another type of phishing attack, known as spear phishing, which exchanges quantity for quality, by using insider information to target businesses. Spear phishing attacks are smaller in scale but arguably more effective than their poorly-spelled, randomly-selected cousins.

In a spear phishing attack, you might get a message at your job that appears to come from someone you work with, often a member of management or from another department. This message may request information about financial accounts, login and password information, ask you to open a file or link, or ask that you authorize a wire transfer from your employer’s account. If you comply with these directions, you will make your company vulnerable to financial or data loss.

Most established businesses have a website that reveals the names of management, the board of directors, and people from various departments, which gives would-be cybercriminals the information they need to impersonate an insider.

Communication is the key to preventing spear phishing attacks. Think about any request received via email – is this how the head of the IT department or the CEO really talks? Why are they sending you a file out of the blue? Is it your job to initiate wire transfers? The best defense is to simply confirm with the apparent sender if the message is legitimate or not. Spear phishing attacks use some of the same techniques as regular phishing emails, such as disguised links or infected file attachments. It pays to double-check before you take any action.

Mystery Shopper Scams still exist

There are a few things you can always depend on. Light travels at 299,792,458 meters per second in a vacuum. Objects at rest will remain at rest unless acted upon by an outside force. “Cash this check and wire the money back to me” always equals “scam.”

I haven’t written about it in a while, but the old Mystery Shopper Scam and its variations are still out there. It’s time for a review.

The “classic” version of this scam starts with a job offer emailed out of the blue. If you respond to this message, you’ll be immediately “hired” as a Mystery (or Secret) Shopper. A cashier’s check for a fairly large amount of money (the old ones always seemed to be around $2,900, but there is a lot of variation) will arrive a short time later, with these instructions:

  1. Cash this check at your bank, keeping $100 or $150 for yourself
  2. Take the rest of the cash to the nearest Western Union location
  3. Wire it back to me
  4. Report on the customer service at Western Union

If you follow those instructions, a few days later you will be informed that the check you deposited was counterfeit and that you are now on the hook for the money you received in exchange. Unfortunately, you already wired that money to a stranger and can’t get it back.

Now, things are getting a little more difficult for the scammers. Financial institutions are placing more holds on cashier’s checks and are asking more questions to protect their customers, and after being slapped with a $586 million settlement for essentially letting these scams proliferate for so many years, Western Union is finally doing more to prevent this type of fraud.

But that only means this scam has evolved to work around these problems. Instead of Western Union, some versions involve prepaid gift cards (“cash the check, then buy iTunes gift cards and relay the numbers and PIN to me”), overpaying for purchases from online classifieds (“just wire the extra back to me”) or targeting businesses instead of individuals.

Still, the basic mechanism remains: if someone gives you a check and requests that you convert it to cash (i.e. placing the liability for that check’s authenticity on you, then transfer the money back to them electronically, they’re attempting to steal from you. Regardless of the initial pitch, the pattern holds true. Don’t fall for it.

Defeat phishing attacks with bookmarks

Email phishing attacks are improving.

I mean the attackers are improving. They’re wising up to the fact that actual financial institutions and social networks send emails that are (at least mostly) intelligible, and adjusting their approach accordingly.

You still see plenty of phishing emails with atrocious spelling and weird grammar bordering on word salad, but there is a growing trend toward messages that could be mistaken for legitimate communications, even by someone who is well-informed. As potential victims become more sophisticated, so do the criminals.

One way to defeat phishing attacks is to set yourself up to never use links at all. For every single site you log into – financial institutions, credit cards, social networks, online shopping – create a bookmark in your web browser, and get in the habit of always using that link to log into the website.

That way, if you get an email that looks like it might be real, instead of clicking on a link (or even spending time wondering if you should or not), simply open your web browser and use your already-created bookmark to log into the website of whomever the email purported to come from. If there’s a real message or problem, you’ll find out about it there.