4 Surging Facebook Scams You Need to Know

4 Surging Facebook Scams You Need to Know


Photo Credit: iStock/Blackzheep

These days, it may be wiser to use a phone-book than Facebook to communicate with your friends. That’s because of a fast-growing scam on Facebook Messenger that uses your friends to hack your account…and devices.

Here’s how it works: You get a Facebook Messenger chat that appears to be from someone you know. In the most common campaign, the message will include your name, word “video” and an emoji followed by a link – typically a “bit.ly” or “t.cn” short-link.  (Other versions – also specifically addressed to you, appearing to be from those you know, and with a link – claim you qualify for government grants, promise an inside investment opportunity, or other easy money con.) “In some cases, scammers have hacked into your friend’s Facebook account. In other versions, the scammer creates a separate look-alike account by stealing your friend’s photos,” reports the Better Business Bureau. “Either way, scammers are banking that you will trust a message that appears to come from someone you know.”

Click the link, say cybersleuths, and malware redirects users to different pages depending on their operating system and location. Some land on a fake Flash Player installer; others go to a bogus YouTube page. There, additional malware may be installed – including keystroke loggers that record what you type to collect passwords, credit card numbers and other sensitive information. To further salt the wound, this malicious software also spreads to your Facebook Messenger contacts.

Other Facebook scams currently in the works that should curb the urge for a quick click on offered links:

“Free” airline tickets. This longtime scam – claiming one or two no-cost tickets as part of some promotion or for simply a page “Like” – is again taking flight, with recent spoofing of British Airways, Singapore Airlines and British-based EasyJet joining a list of at least a dozen other previous targets – including American, Delta, JetBlue, Southwest, United and U.S. Airways. There are no free airline tickets offered on Facebook but there is malware in those “get details” links – and you’ll be required to provide personal information that, at the very least, will result in more conning come-ons.

Coupon cons. Another oldie on the increase, especially with the upcoming holiday shopping season: Bogus coupons that appear to be from trusted businesses including Amazon, Lowe’s, Home Depot, Costco, Sears, and even regionally-based supermarkets. The offers and names change frequently, but the constant: First, you’re typically required to pass the fake coupon on to your Facebook friends, to expand the pool of potential victims of what comes next. Next, you and your now-hooked Facebook friends are directed to complete a survey, which usually requests sensitive personal information; in addition to getting more unwanted spam and robocall rip-offs, you might get hit with hard-to-cancel programs that charge monthly fees for additional fake offers. Plus there’s the likelihood of malware.

Hurricane hoaxes. Harvey, Irma and Maria have given Facebook fraudsters ample ammunition for their usual post-disaster tricks: pleas for donations to bogus charities and malware-laden links that promise shocking or compelling videos. But the newest ruse may be even crueler: A Facebook page falsely claiming that Carnival is offering a free 4- to 7-day cruise for victims ravished by either Harvey or Irma, along with $100 in onboard credit. The catch: “Just pay taxes and port fees.”

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and gain access to a network of experts, law enforcement and people in your community who will keep you up to date on the latest scams in your area.

Also of Interest


See the AARP home page for deals, savings tips, trivia and more.



Source link

5 Ways to Spot Skimmer Scams Before You Use an ATM or Gas Pump

5 Ways to Spot Skimmer Scams Before You Use an ATM or Gas Pump


Caption: iStock/GCShutter

Skimming fraud has been around for more than a decade, and continues to evolve. Today’s skimmers – illegal card-reading devices placed on ATMs, gas pumps and other public-area machines that process debit cards – are stealthier and more sophisticated than ever.

These devices “skim” information from the card’s magnetic strip as a nearby hidden camera, also placed by skimming scammers, records the PIN that you enter. Although you get your cash or can make a purchase – none the wiser of a skim scam flim-flam – the crooks can get more: Using information from the skimmer and camera, they make duplicate cards to drain cash from your accounts, or sell your card number and PIN for others to fleece you.

The good news: In most cases, stolen funds are usually reimbursed provided you report the fraud to the card-issuing bank within 60 days (another reason to keep close and timely tabs on accounts).

The better news: With a few simple steps before you use your card, you may be able to detect skimmers and tampered machines to avoid potential trouble. Here’s how:

  1. Pull on the slot. The latest generation of card-reading devices, used with increasing frequency by skimming scammers, are thin “insert skimmers” that fit inside the card slot at an ATM or gas pump. “New evidence suggests that at least some of these insert skimmers – which record card data and store it on a tiny embedded flash drive – are equipped with technology allowing them to transmit stolen card data wirelessly via infrared, the same communications technology that powers a TV remote control,” reports noted cybersecurity blogger Brian Krebs (who provides photos of insert skimmers). So before using the machine, squeeze, wiggle and tug the insert slot to remove insert skimmers, along with some old-school models placed over the card slot that protrude outward. In general, card slots should be flush against the machine; be suspicious of those where the entire or half of the slot sticks out.
  2. Check for spy cameras. Although skimmers record data from a credit or debit card’s magnetic stripe, fraudsters also need your PIN in order to withdrawal cash or sell cloned cards. To glean PINs, they place pinhole “spy” cameras that collect numbers as they’re being typed on the keypad. Look for small holes just above the display screen, on an attached brochure or other type of box, or even on protruding covers placed over the cash dispenser. Even if you can’t detect evidence of a camera, cover your hand when entering your PIN.
  3. Avoid “void” stickers. To help spot skimmer tampering at gas pumps, many stations now place security seals over the cabinet panel as part of a voluntary program, notes the Federal Trade Commission. If the pump panel has been opened – an indication of possible skimmer placement – the label will read “void” and take that clue to fill your car elsewhere. Still, whenever you use a debit card at the pump, you’re safest by pressing the “credit” button instead of “debit.” This way, you can still use your debit card without having to enter a PIN, and the purchase amount is processed through a credit card network that provides greater protection if fraud occurs.
  4. Inspect the keypad. False keypad overlays that look exactly like, and fit directly over, the real McCoy are another way fraudsters can collect PINs as accompanying skimmers get card data. So before entering your card, check the keypad – and think twice before using if it feels loose, spongy, or the keypad panel appears raised or thicker compared to the rest of the machine. Also before using, give several buttons a test run and be suspicious if they feel sticky. Crooks have been known to place glue on and around certain buttons – particularly “enter,” “cancel” and “clear” – to prevent customers from completing a transaction after inserting a cash card and keying in a PIN. (When customers go inside a bank to report the problem, the waiting thief “unsticks” the buttons with a knife to complete the withdrawal.)
  5. Check the audio jack. Most ATMs have an audio jack that goes unnoticed to the average customer – and that works to their advantage. If not perfectly centered inside the plastic overlay cover, it suggests the machine has been tampered with. Another tampering tipoff: Look for cracks or cuts on the plastic covering the receipt slot, cash dispenser or other portions of the machine; these coverings should be completely smooth.

 

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 



Source link

Rigged Carnival Games: Are You Being Played When Playing Midway Classics?

Rigged Carnival Games: Are You Being Played When Playing Midway Classics?


Photo credit: iStock/lisinski

Heading to a summer carnival or state fair? Don’t worry so much about looking foolish carrying an oversized stuffed teddy bear en route to that funnel cake feast. The bigger concern should be in feeling foolish after dropping a wad of cash trying to win that plushy prize, but winding up with empty hands and pockets.

Although not every carnival game is rigged, all can be and many are – making those near impossible to win in hopes you keep trying (and fork over a small fortune). Here’s how you can be played when playing the midway’s most popular “skill” games:

Balloon Pop
Not to deflate your hopes, but this fairgrounds favorite is notorious for sticking it to patrons who try to burst balloons with a thrown dart. How? While fully-inflated balloons pop easy enough, those at some carnival games can be filled to only about one-third of their full air capacity, so darts bounce off without piercing.

To further deflect your throws (and hopes), carnival-used darts may be lighter than store-bought types, with tips that are purposely dulled or broken off. Unless aiming for the fullest balloons, expect this one-two punch to pop-prevent even accurate throws.

Basketball Shoot
Making a free throw from a closer distance than the shooting line on a regulation (or driveway) basketball court may seem like an easy score…if it’s a typical rim. But hoops at some carnivals games are smaller and oval-shaped – not round – so they appear “regular” from your vantage point. But with as little as a half-inch margin of error, even free-throw phenoms can have trouble scoring.

Other foul plays: Balls can be over inflated to make them super-bouncy for a harder score. Backboards are sometimes angled to make it harder to sink shots off it. And netting or shims may be placed between the rim and backboard to interfere with your depth perception.

Milk Bottle Pyramid
Knock down stacked bottles or pins and you win, right? Not when bottles are filled with lead or other hefty helpers to weigh up to 10 pounds each. And the softballs (often filled with cork) or sandbags you’re provided are lighter than usual.

Other carny-provided curve-balls: If just one bottle (usually, those on the bottom and middle) sticks out as little as 1 inch from the others, it can absorb enough of the ball’s force to prevent others from toppling. And beware of curtain backdrops; they can brace closely placed bottles to help prevent them from being knocked over.

Ring Toss
What explains the scant 1-in-700 chance of winning this game, according to a 1980s FBI investigation? Like the basketball shoot, it’s the equipment you’re provided. Often, the rings you’re provided are often just a smidgen wider than the target bottleneck or spike, and made of hard plastic to facilitate bouncing. When the carnival worker shows how easy it is to toss for success, suspect he’s using wider rings than those you’ll be provided, or standing close enough (often directly above the targets) for an easier drop onto the target.

Shoot the Star
The bull’s eye can be on you when trying to shoot out a star or other pattern from a paper target. To thwart your marksmanship, carnival rifles are designed to have less precision than other BB guns – with less air pressure (so many BBs can’t pierce the target) and sights that may been tampered with. Meanwhile, ammo may also be smaller than traditional BBs and in shorter supply than what’s needed to easily accomplish the task.

Tubs of Fun
The goal is to toss softballs into large, angled buckets, and have them stay inside. And there’s no problem doing that when the carny does a demonstration – or even gives a practice throw or two. Reason: There’s already a ball inside the tub to deaden the force of future throws so tosses stay inside the tub.

But once you hand over your money for the “real” game, the balls are removed and without one for deadening, your tosses bounce out – thanks, in large part, to midway mainstay “muck” buckets from the home improvement store whose hard plastic helps give your tosses extra bounce. Some especially unscrupulous carnies may even place springs beneath the tubs for even more bounciness.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 



Source link

Don’t Be a Scam Mark When You Park

Don’t Be a Scam Mark When You Park


There are many routes to a ripoff, including several schemes that can occur when you park your car:

Fake fines. A longtime ruse, phony parking tickets have resurged in recent months. The “classic” con involves windshield-left violations that appear authentic. Thanks to inexpensive hand-held printers, scammers can produce on-the-spot thermal printouts that look like actual tickets produced by police-used machinery, either standalones or placed in brightly colored envelopes, purchased online, like those used by some law enforcement. Motorists who receive these phony tickets are usually directed to pay the fine at scammer-run websites that also appear authentic, where sensitive personal information including bank account details may be solicited. These websites could also harbor malware.

Joining these schemes is the latest ruse: Bogus emails received by residents in several states that falsely claim a newly issued or past-due parking or traffic violations. Usually spoofed to appear to come from a local police department or state DMV, this conning correspondence demands personal information, payment (often by credit card or prepaid debit card) and can include links or attachments that “direct unsuspecting users to a malicious download that may expose your computer to a virus,” warns the New York State Department of Motor Vehicles.

Before paying a parking ticket, verify its legitimacy by contacting the issuing agency – either calling or looking up its website yourself; don’t rely on what’s printed on tickets, and be suspicious of any website that doesn’t end in .gov or .org. Police don’t email citations (or news about them), so don’t risk malware by clicking on links or attachments.

Parking lot posers. It can cost a small fortune to park in the official lot of a stadium or other event venue, and that’s what helps those guys who eagerly direct you to a nearby lot to park at a fraction of the price. Some are legitimate, but others are there to collect your upfront payment, point you to a space, and then hit the road. Problem is you may not know the difference until after that ballgame or concert to find your vehicle gone. Reason: The parking lot poser took the money and ran – and the lot’s real owner called a towing company. If you don’t want to spring for “official” parking in designated venue-owned lots, ensure surrounding lots have signs of legitimacy – such as booths, uniformed attendants and real signs noting the name and phone number of the company versus “Park Here” painted on plywood.

Car rescue and repair ripoffs. Stranded in a parking lot? Before relying on the kindness of strangers, make sure a help-offering Good Samaritan isn’t angling for a quick payment to “fix” a problem he caused. Such malevolent mechanics typically wait in parking lots, looking for their top targets – women in their 70s and those whose vehicles have out-of-state license plates. After their prey parks, they disable vehicles by deflating tires or disconnecting wire or cables after popping the hood of older or unlocked vehicles…then offer help when their mark returns. Advice: Before accepting assistance, politely inform parking lot helpers that while you appreciate any assistance they can provide, you cannot pay for their services. The crooks will likely drive off, and if you’re not a member of AAA, realize that police can lend a hand, and many auto insurers and vehicle manufacturers (especially for newer models) offer emergency roadside assistance.

Home heists help. Parking lots at movie theaters and shopping malls can help burglars pull off a successful heist. How? After waiting until a car’s occupants go inside, they can break into cars specifically to get addresses from vehicle registrations and auto insurance cards. Knowing they at least a two-hour window of opportunity (at least for movie-goers), these crooks then drive off to burglarize the victims’ homes. Although this isn’t how most home burglaries occur, it does happen. To prevent potential problems, keep your address-revealing documents and GPS in a locked glove compartment, hidden under a seat or truck wheel well, or carry these items with you.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.



Source link

New Trends in Cyber Scams

New Trends in Cyber Scams


Photo credit: iStock/BrianAJackson

According to the cyber security company, Symantec – known for their Norton and LifeLock products – cyber criminals reached “new levels of ambition” last year.

Below are some key highlights of their 2017 Internet Security Threat Report.

Email
Deemed “the weapon of choice,” one in 131 emails sent in 2016 contained a malware-laden link or attachment – the highest rate in five years. Malicious email is “a proven attack channel,” reports Symantec. “It doesn’t rely on vulnerabilities, but instead uses simple deception to lure victims into opening attachments, following links, or disclosing their credentials.” Burgeoning trends in what awaits in your inbox:

  • Spear-phishing attacks aimed to defraud specific people rather than more widely distributed generic messages. Often disguised as routine correspondence such as invoices or delivery notifications, one spear-phishing campaign – spoofed emails instructing targets to reset Gmail account passwords – provided access to Hillary Clinton’s campaign chairman John Podesta’s account and resulted in hacked emails revealed by WikiLeaks during the 2016 presidential election.
  • Business email compromise (BEC) scams, which rely on carefully composed spear-phishing emails that target more than 400 companies each day, scamming more than $3 billion over the last three years.
  • A growing proportion of spam – roughly 53 percent of all emails sent – now contains malware.

Ransomware
Often initiated by email, ransomware attacks increased 36 percent worldwide in 2016 to seize control of personal computers and institution-wide networks, encrypting hostage files to make them inaccessible until a ransom is paid for their release. Termed by Symantec as “the most dangerous cyber crime threat facing consumers and businesses in 2016,” the company identified 101 new “ransomware families” last year – tripling previous numbers.

Another three-fold increase: The demanded ransom amount – an average of $1,077 per victim compared to just $294 in 2015. The U.S. is the most targeted and lucrative market, says Symantec, with 64 percent of American victims willing to pay a ransom to regain their files, compared to 34 percent globally.

Data Breaches
Although the total number of data breaches decreased last year – 1,209 compared to 1,211 in 2015 and 1,523 in 2014 – they now have a bigger impact. Symantec says that last year, some 1.1 billion identities were exposed, an average of 927,000 per attack; that’s twice the 2015 rates on both counts. In 2016, there were 15 individual breaches in which more than 10 million identities were exposed, up from 13 in 2015.

“Smart Home” Devices
With weak factory-issued default passwords that are rarely changed (or can’t be), smartphone app-controlled household devices including thermostats, security cameras, door locks, sprinkler systems and even coffee makers are a worrisome new frontier in computer crimes. Such Internet of Things (IoT) gizmos are already in millions of Americans homes, with predictions that some 50 billion devices will be employed by decade’s end.

Already, millions IoT devices have been hacked, typically enlisted as soldiers in a botnet army that, last October, temporarily knocked offline top websites including Amazon, PayPal, Netflix and Twitter. Some experts suspect this was a test attack to gauge (and prove) their vulnerabilities.

Most often hacked are IoT devices with these passwords, so if you can change them, do so ASAP: “Admin” and “root” lead the list in attempts to log in to the Symantec honeypot (a security technique used to attract swindlers and learn their practices), followed by “123456,” “12345,” “password,” “1234,” “admin123,” “test,” and “abc123.” The default password for the Ubiquiti brand of routers – “ubnt” – was also in the top 10, reinforcing the wisdom of having a unique (and strong) password for your home router as well as each smart home device.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 

 



Source link

What to Know About the Top Summer Scams

What to Know About the Top Summer Scams


As temperatures rise, so do certain scams. Here’s how to avoid getting burned in summer’s most common cons:

Home Repairs
Conning contractors typically come to your home unexpectedly, offering steep discounts on driveway resurfacing, roof work, tree trimming or other “necessary” repairs they happen to see while driving by or soliciting business door-to-door. Most seek an upfront payment to “go buy materials” and then disappear. Others do fast and faulty repairs (like spreading used motor oil to coat driveways) or may stop mid-job to extort more money … or find subsequent chores to continue the wallet-draining. What to know:

  • Good contractors are usually too busy to make unsolicited house calls; out-of-state license plates suggest fly-by-day “gypsy travelers” who spend summers going state to state to con elderly homeowners.
  • Despite scare tactics urging immediate repairs, most home repairs can wait until you get several bids from contractors. Get recommendations (and check results) from neighbors, building officials and lumberyards/plumbing/electrical supply shops where pros shop.
  • Don’t pay until the job is complete. Reputable contractors have credit lines to buy materials, although a deposit may be required for major projects like replacing a roof, windows, etc.

 

Vacation Rentals
Angling for upfront payment (usually by wire transfer or prepaid debit card), scammers steal photos and descriptions of properties from Realtor, hotel or vacation rental websites, and then clone the ads, offering supposed hot-spot “rentals” at discounted prices. What to know:

  • Before answering ads, Google the address, as well as names, emails and phone numbers of the supposed landlord or agent. Also cut and paste into a search engine large chunks of the descriptive text. Red flags include the property is actively up for sale (not for rent), a nonexistent address, an address listed for a business or other nonresidential property, and/or postings by people who fell victim to this particular scammer.
  • Don’t rely solely on email correspondence. Many rental scams are carried out by Nigeria-based scammers (so beware of poorly written ads). You’ll want to talk by phone; beware of foreign accents and area codes that don’t correspond with that of the property’s location.
  • Travel reservations and deposits should be made with a credit card or PayPal — never with a wire transfer or prepaid debit card.

 

Door-to-Door Sales
Summer and fall are prime time for all types of salesmen to come knocking — literally. Some may be legit but others are not. Magazine sales, often touted as a fundraiser, are especially popular bait preying on older Americans; other popular pitches are for bogus charities, home security systems, even overpriced household devices such as vacuum cleaners. What to know:

  • Just say no to strangers. Prices of magazine subscriptions sold door to door, for instance, are often marked up about 300 percent. Legitimate salespeople and fundraisers will have “leave-behind” material to review before opening your wallet.
  • If you do make a purchase and have regrets, act quickly. The FTC’s “Cooling-Off Rule” dictates a three-day cancellation allowance for a full refund on purchases over $25. Legitimate salesmen must reveal this rule during their pitch; if they don’t, assume it’s a scam.
  • Don’t allow sales reps into your home. Asking for a drink of water or to use your bathroom is a popular way to steal medications, purses and other grab-and-go items.

 

Moving
Two of three moves occur in the summer, and thousands each year end this way: After a moving company quotes a reasonable (if not lowball) offer, after the truck is loaded, the quoted price jumps sky-high, and belongings may be held hostage until customers pay the extra money. What to know:

  • Stick with known companies. Most rip-off rogues are movers who advertise on Craigslist or crude roadside signs. Visit protectyourmove.gov and verify a company’s licenses and complaint history.
  • Pass on any mover who won’t do an on-site inspection of your goods (instead giving a sight-unseen estimate), won’t provide a written estimate or says workers will determine the price after loading, demands a large deposit before the move, or asks you to sign blank or incomplete documents. Those red flags indicate a scammer.
  • Moving boosts your risk of identity theft. Know how to protect yourself before, during and after a move.

 

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 



Source link

Pin It on Pinterest