New Trends in Cyber Scams

New Trends in Cyber Scams

Photo credit: iStock/BrianAJackson

According to the cyber security company, Symantec – known for their Norton and LifeLock products – cyber criminals reached “new levels of ambition” last year.

Below are some key highlights of their 2017 Internet Security Threat Report.

Deemed “the weapon of choice,” one in 131 emails sent in 2016 contained a malware-laden link or attachment – the highest rate in five years. Malicious email is “a proven attack channel,” reports Symantec. “It doesn’t rely on vulnerabilities, but instead uses simple deception to lure victims into opening attachments, following links, or disclosing their credentials.” Burgeoning trends in what awaits in your inbox:

  • Spear-phishing attacks aimed to defraud specific people rather than more widely distributed generic messages. Often disguised as routine correspondence such as invoices or delivery notifications, one spear-phishing campaign – spoofed emails instructing targets to reset Gmail account passwords – provided access to Hillary Clinton’s campaign chairman John Podesta’s account and resulted in hacked emails revealed by WikiLeaks during the 2016 presidential election.
  • Business email compromise (BEC) scams, which rely on carefully composed spear-phishing emails that target more than 400 companies each day, scamming more than $3 billion over the last three years.
  • A growing proportion of spam – roughly 53 percent of all emails sent – now contains malware.

Often initiated by email, ransomware attacks increased 36 percent worldwide in 2016 to seize control of personal computers and institution-wide networks, encrypting hostage files to make them inaccessible until a ransom is paid for their release. Termed by Symantec as “the most dangerous cyber crime threat facing consumers and businesses in 2016,” the company identified 101 new “ransomware families” last year – tripling previous numbers.

Another three-fold increase: The demanded ransom amount – an average of $1,077 per victim compared to just $294 in 2015. The U.S. is the most targeted and lucrative market, says Symantec, with 64 percent of American victims willing to pay a ransom to regain their files, compared to 34 percent globally.

Data Breaches
Although the total number of data breaches decreased last year – 1,209 compared to 1,211 in 2015 and 1,523 in 2014 – they now have a bigger impact. Symantec says that last year, some 1.1 billion identities were exposed, an average of 927,000 per attack; that’s twice the 2015 rates on both counts. In 2016, there were 15 individual breaches in which more than 10 million identities were exposed, up from 13 in 2015.

“Smart Home” Devices
With weak factory-issued default passwords that are rarely changed (or can’t be), smartphone app-controlled household devices including thermostats, security cameras, door locks, sprinkler systems and even coffee makers are a worrisome new frontier in computer crimes. Such Internet of Things (IoT) gizmos are already in millions of Americans homes, with predictions that some 50 billion devices will be employed by decade’s end.

Already, millions IoT devices have been hacked, typically enlisted as soldiers in a botnet army that, last October, temporarily knocked offline top websites including Amazon, PayPal, Netflix and Twitter. Some experts suspect this was a test attack to gauge (and prove) their vulnerabilities.

Most often hacked are IoT devices with these passwords, so if you can change them, do so ASAP: “Admin” and “root” lead the list in attempts to log in to the Symantec honeypot (a security technique used to attract swindlers and learn their practices), followed by “123456,” “12345,” “password,” “1234,” “admin123,” “test,” and “abc123.” The default password for the Ubiquiti brand of routers – “ubnt” – was also in the top 10, reinforcing the wisdom of having a unique (and strong) password for your home router as well as each smart home device.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.



Source link

What to Know About the Top Summer Scams

What to Know About the Top Summer Scams

As temperatures rise, so do certain scams. Here’s how to avoid getting burned in summer’s most common cons:

Home Repairs
Conning contractors typically come to your home unexpectedly, offering steep discounts on driveway resurfacing, roof work, tree trimming or other “necessary” repairs they happen to see while driving by or soliciting business door-to-door. Most seek an upfront payment to “go buy materials” and then disappear. Others do fast and faulty repairs (like spreading used motor oil to coat driveways) or may stop mid-job to extort more money … or find subsequent chores to continue the wallet-draining. What to know:

  • Good contractors are usually too busy to make unsolicited house calls; out-of-state license plates suggest fly-by-day “gypsy travelers” who spend summers going state to state to con elderly homeowners.
  • Despite scare tactics urging immediate repairs, most home repairs can wait until you get several bids from contractors. Get recommendations (and check results) from neighbors, building officials and lumberyards/plumbing/electrical supply shops where pros shop.
  • Don’t pay until the job is complete. Reputable contractors have credit lines to buy materials, although a deposit may be required for major projects like replacing a roof, windows, etc.


Vacation Rentals
Angling for upfront payment (usually by wire transfer or prepaid debit card), scammers steal photos and descriptions of properties from Realtor, hotel or vacation rental websites, and then clone the ads, offering supposed hot-spot “rentals” at discounted prices. What to know:

  • Before answering ads, Google the address, as well as names, emails and phone numbers of the supposed landlord or agent. Also cut and paste into a search engine large chunks of the descriptive text. Red flags include the property is actively up for sale (not for rent), a nonexistent address, an address listed for a business or other nonresidential property, and/or postings by people who fell victim to this particular scammer.
  • Don’t rely solely on email correspondence. Many rental scams are carried out by Nigeria-based scammers (so beware of poorly written ads). You’ll want to talk by phone; beware of foreign accents and area codes that don’t correspond with that of the property’s location.
  • Travel reservations and deposits should be made with a credit card or PayPal — never with a wire transfer or prepaid debit card.


Door-to-Door Sales
Summer and fall are prime time for all types of salesmen to come knocking — literally. Some may be legit but others are not. Magazine sales, often touted as a fundraiser, are especially popular bait preying on older Americans; other popular pitches are for bogus charities, home security systems, even overpriced household devices such as vacuum cleaners. What to know:

  • Just say no to strangers. Prices of magazine subscriptions sold door to door, for instance, are often marked up about 300 percent. Legitimate salespeople and fundraisers will have “leave-behind” material to review before opening your wallet.
  • If you do make a purchase and have regrets, act quickly. The FTC’s “Cooling-Off Rule” dictates a three-day cancellation allowance for a full refund on purchases over $25. Legitimate salesmen must reveal this rule during their pitch; if they don’t, assume it’s a scam.
  • Don’t allow sales reps into your home. Asking for a drink of water or to use your bathroom is a popular way to steal medications, purses and other grab-and-go items.


Two of three moves occur in the summer, and thousands each year end this way: After a moving company quotes a reasonable (if not lowball) offer, after the truck is loaded, the quoted price jumps sky-high, and belongings may be held hostage until customers pay the extra money. What to know:

  • Stick with known companies. Most rip-off rogues are movers who advertise on Craigslist or crude roadside signs. Visit and verify a company’s licenses and complaint history.
  • Pass on any mover who won’t do an on-site inspection of your goods (instead giving a sight-unseen estimate), won’t provide a written estimate or says workers will determine the price after loading, demands a large deposit before the move, or asks you to sign blank or incomplete documents. Those red flags indicate a scammer.
  • Moving boosts your risk of identity theft. Know how to protect yourself before, during and after a move.


For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.


Source link

‘Found’ Money for a Fee? Beware of New Surge in Unclaimed Property Scams

‘Found’ Money for a Fee? Beware of New Surge in Unclaimed Property Scams

A longtime scam is back with a vengeance: Claims that state officials are holding money or property that belongs to you, and all you need to do is pay a fee to claim it.

Actually, the first part could be true. You could be entitled to a slice of some $43 billion in “unclaimed property” that sits in state treasuries – money from forgotten bank accounts, insurance policies, stock dividends, utility security deposits, even contents from abandoned safe deposit boxes.

But you don‘t have to pay anyone to get it. The only cost is spending a few minutes at,, or websites of the treasurer’s office in each state where you lived.

Ignore “pay-for-payment” requests that come via mailed letter, email or telephone calls because they are from scammers, and reports about the come-on cons have increased ten-fold this year compared to 2016…and in recent weeks, have exploded in many parts of the U.S.

There are several variations in unclaimed property scams, each angling for personal information (that could be used for later identity theft) and upfront payment to secure missing money that, if actually awaits you, can always be claimed for free:

  • Fraudsters lie about being an employee or affiliate of a State Treasurer’s office where you currently live, or a state where you previously resided.
  • Fake correspondence comes on letterhead from the National Association of Unclaimed Property Administrators (NAUPA), a legitimate organization that represents state unclaimed property programs but does not directly contact citizens.
  • Self-described “finders” or “locators” who say they have already located your missing money or will do the legwork on your behalf. Some are legal but unnecessary middlemen who charge commissions up to 40 percent (although some states cap allowed fees at 10 percent); others are crooks who do nothing more than collect your payment and personal information – including Social Security number – to direct you to publically available websites…if they do anything at all.

Most targets in unclaimed property scams are chosen randomly. Fraudsters buy mailing lists to reach hundreds or thousands of citizens with the same bogus claim. (Last year, it was a letter claiming to be from NAUPA or the “Office of the State Treasurer” that falsely stated that recipients had unclaimed sweepstakes winnings whose allocation would require a $2,250 service fee.)

But for a more convincing con, some would-be victims are contacted after fraudsters search or to unearth specific details such past addresses or actual entitlements.

In addition to those two websites, DIY (and no-cost) due diligence for other missing money can be done for:


All of these websites will require your Social Security number and other sensitive information. But unlike scammers, you will not be asked for bank or credit card information. Don’t reveal personal information unless you initiate contact with these agencies or use their websites.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and gain access to a network of experts, law enforcement and people in your community who will keep you up to date on the latest scams in your area.

Also of Interest


Photo Credit: iStock/Pogonici

See the AARP home page for deals, savings tips, trivia and more.

Source link

Mother’s Day Scams: Top Tricks to Dupe You (and Mom)

Mother’s Day Scams: Top Tricks to Dupe You (and Mom)

To that most special woman in our lives we eagerly pay tribute on Mother’s Day. And for next Sunday’s tributes, we’ll pay a record-breaking $23.6 billion – a $2 billion uptick over last year and some $9 billion more than spent on Father’s Day.

The coming days are prime time for crooks to cash in on the mother of all spring celebrations. Beware of these common Mother’s Day cons (and expect a slight tweaking in similar scams for upcoming Dad’s Day and graduations):

Floral fleecing. At least $2 billion is spent on Mother’s Day flowers. Scammers angle for their cut by posing as online florists and in emails, online ads and social media, they promise bargain-priced bouquets, “free” vouchers and overly generous coupons. Don’t be fooled: Most lead to scammer-run websites to collect (your and Mom’s) personal information and your credit card account. Some also deliver malware.

Find reputable local florists (close to Mom) through word-of-mouth or via directories from Teleflora and FTD. Online, look for proof the website is secure – including an “https” opening on pages that require personal and financial information. When calling, ask about tack-on charges and get insist on guaranteed refunds for missed or late delivery or if flowers come in poor condition.

Other gift grift. The latest Mother’s Day gift scam making the rounds on Facebook alleges to be a $50 coupon from Lowe’s. If Mom’s wish list leans more toward jewelry, designer clothing or the like, the same flower-wise rules apply: Those insanely discounted online deals for brand-name bounty often lead to copycat websites that capitalize on high-priced and respected names, but sell cheap counterfeits…if anything at all. Like phony florists, many are also fraudster-run fronts phishing for personal and financial information.

To spot trouble before it can happen, very carefully read website addresses before visiting – and especially before “buying” there. Look for extra or missing letters (like or even punctuation (such as, a now-defunct website previously exposed by Scam Alert whose .mn ending meant it was a Mongolia-registered website). Before clicking, hover your computer mouse over the link to see its “real” address; avoid those that wildly deviate from the legit company name. If that doesn’t work, copy-and-paste the link into a Word document, then right-click on the pasted link and select “Edit Hyperlink” from the menu for a pop-up window that should display, in the “Address” field, the web address to which the link directs. When buying jewelry in-store, know what you’re buying with this advice from the FTC and how to spot fake appraisals.

Greetings gotchas. Fake notifications for electronic greeting cards are a common way to spread malware to the computers of mothers (and others) so scammers get remote access to files, passwords and online financial accounts. Scammers trick their prey with emails that promise an awaiting greeting card, usually from a bogus “sender” with a supposed title like “” or touting a generic heading such as “Happy Mother’s Day from Your Loving Son/Daughter.” But even if a specific name is used (namely, yours), it could have been gleaned from online directories or social media.

So, instruct would-be recipients to not open greeting cards via links in emails. Legitimate notices will include a confirmation code that should be entered at the card company’s website, such as Hallmark or American Greetings, for malware-free viewing. If there’s no waiting for you, the email Mom got was sent by a scammer.

Courier cons. Another way to spread malware: Bogus shipping emails claiming to be from retailers or services such as FedEx, UPS or the U.S. Postal Service that claim a supposed scheduled delivery, tracking update, or shipment snafu – with a link promising details. Unless you or recipients already provided the courier with an email address, assume these as scams. If you signed up for tracking updates, expect them to be in text form, not with links promising details.

Also beware of mailed postcards about “undeliverable” packages. Although less used because of required postage, they’re sometimes an attempt to get you to make an expensive overseas phone call – most commonly used area codes include 809, 876 and 284 – or to reveal personal and financial information. And if someone shows up at Mom’s doorstep with a package and request for payment, no matter how small, know this ruse: The deliveryman claims he can’t accept cash – only a credit card, and it’s a scheme that can run up unauthorized charges on the provided plastic. Besides, what self-respecting offspring would send Mom a gift by cash on delivery (COD)?

Gift card scams. Whenever choosing that most requested present of all – gift cards – choose wisely: In-store, thieves can remove gift cards from end-cap racks, copy codes with portable scanners or pen and paper, and then dial toll-free numbers listed on gift cards to learn when those cards were activated and their value for online spending or to cloned cards for in-store use. The safer move: Purchase gift cards directly from a store cashier, customer service counter or the company’s website. And make sure the cashier scans and activates the card in your presence and that you get a receipt in case there’s a problem.

Online, buy directly from websites of retailers, restaurants or Groupon, or through gift-card exchanges such as, and, which buy unused cards at a discount of their face value and resell them at a profit but at a still-reduced price. Avoid low-ball offers on Craigslist or auction websites like eBay, where buyers may purchase already-redeemed gift cards or pay for cards that are never delivered.


For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

Source link

Beware of These “Last-Minute” Tax Scams, Even if You Already Filed

Beware of These “Last-Minute” Tax Scams, Even if You Already Filed

As the April 18 filing deadline looms, a new wave of tax scams is heating up. Whether you’ve already filed your 2016 return – and especially if not – here’s how to protect yourself from these “last-minute” schemes currently making the rounds:

Don’t trust “update” requests. One popular phishing ploy this time of year involves emails supposedly from tax software providers such as TurboTax or TaxACT. They request users to “update” their information. “These ruses generally urge taxpayers to give up sensitive data such as passwords, Social Security numbers and bank account or credit card numbers,” warns the IRS. In addition to emails, beware of similar “update” requests by phone or text supposedly from tax software providers, banks and credit card companies.

Step lightly on TAP requests. Another info-phishing con: Emails that promise a refund that supposedly come from the Taxpayer Advocacy Panel. While TAP is an authentic volunteer board that advises the IRS on taxpayer issues, it doesn’t deal with refunds, or even have access to any taxpayer’s personal and financial information, notes the agency. There emails are from scammers phishing for SSNs and financial account information.

Know the drill. Tax-related correspondence is mailed; the IRS and other tax agencies do not initiate contact by phone, text or email. In the 2016 season, the IRS saw a 400 percent uptick in phishing and malware attempts, most commonly scam emails claiming information or a problem related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information. These fakes include an attached link, which can harbor malware, that leads to an IRS-mirroring website run by scammer. Note the tinkered address such as “irsgov” (without the dot between “IRS” and “gov”),, or a similar variation.

Meanwhile, the IRS imposter phone scam is alive and well, preying on taxpayers including recent immigrants. In addition to the usual ploy – threats of arrest, deportation or property seizure over an allege debt – a new spin has IRS imposters promising a refund, a move to trick targets into sharing private information. If the phone isn’t answered, the scammers often leave an “urgent” callback request. Ignore it, instead calling the IRS at 800-829-1040.

Choose preparers to not lose. Good luck finding a preparer this late in the game, but if you’re still looking, some tips to finding one who’s reputable (if only for next year): Check this IRS directory for credential preparers, and here for organizations provided free help. The AARP Foundation’s Tax-Aide program offers free, individualized tax preparation for low-to moderate-income taxpayers at more than 5,000 locations nationwide. If your adjusted gross income was less than $64,000 last year, you qualify for the IRS Free File program. Beware of preparers (especially with temporary storefronts or conduct business at your home) who promise overly generous refunds, want you to sign a blank return, say that fees are based on the size of your refund claim “secrets” loopholes.

Accountants under attack. Let your numbers-cruncher know of these schemes against them: In a new scam, the IRS reports that fraudsters pose as a client (namely, you), asking tax preparers to make a last-minute change to their refund destination, often to a prepaid debit card. Tax preparers are urged to verbally reconfirm information with clients should they receive last-minute email request to change an address or direct deposit account for refunds.

Another scheme: Emails to tax preparers that warn they need to update or access to their own tax preparation software via a bogus “unlock” link that leads to a fake web page, asking for their user name and password so cybercrooks can access client information. Ruses also include other tax prep provider-posing ploys and attempts to steal data such as PTINs, EFINs or e-Service passwords.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.




Source link

Puppy Scams Return!

Puppy Scams Return!

How much is that doggy on the computer screen? With a recent resurgence in the longtime Puppy Scam, it’s costing some pet-seekers thousands of dollars and heaps in heartbreak.

That’s because they fall for an adorable pup pictured online – on Craigslist, Facebook or a website supposedly for a reputable breeder – that’s advertised “for sale,” adoptable for free to a loving home, or in response to their own “wanted” posts seeking a pet.

Problem is, there is no animal. Photos and descriptions are lifted from other websites – often those of legitimate breeders – and the self-described animal rescue workers, breeders and distressed pet owners are scammers. Some pups are touted as prized purebreds (yet available at bargain prices), others as everyday pets in a need of a home, usually with a compelling back story to further whet appetites. (Favorite tales for the pups’ availability allege to be from a soldier unexpectedly being deployed or on behalf of a grandmother hospitalized just after a beloved dog gave birth to a litter.) After contact is made – typically by email – would-be pet parents may even receive vaccine records, guarantees of health or glowing reviews about the seller.

What comes next: Eager pet parents are told that upfront payment is needed for adoption fees or to ship a pro bono critter to its new forever home. Once sent by requested wire transfer or prepaid debit card, scammers claim unexpected delays and surprise additional fees – for insurance (which is not required for an animal to be shipped or to travel), veterinary care, a specialized crate, quarantine costs or other supposed snafus. It can continue until victims eventually wise up, realizing it is themselves – not an anticipated canine – that’s in the doghouse.

If searching for a new best friend online, know this:

Act locally. Pet scammers nearly always claim to be far away (and actually are, usually in Nigeria or another foreign hotbed for fraudsters) who say they need to ship the supposed critter. Yet reputable breeders and many rescue shelters typically don’t sell or ship dogs to people they haven’t met or vetted.

Why even consider a puppy said to be thousands of miles away? Shipping swindles aside, you’ll want to meet that potential family member to gauge personality and temperament. So use the internet wisely, finding local animal shelters, rescues, breeders or breed-specific rescues by typing a desired breed type and your ZIP code into an online search engine. Pets (especially rescues) found on Petfinder and similar sites may be shipped from another state, but should be with a local foster family or facility for a face-to-face meeting before money is exchanged.

Don’t rely on email. Because it offers anonymity and is hard to trace, pet (and other) scammers prefer all correspondence be done solely by email – not telephone or in-person. To justify email-only correspondence, some pet scammers claim to be hearing-impaired. Don’t trust advertisements or responses to “wanted” postings that list only an email address, but no phone number.

Get “personalized” photos. If the pet actually exists, there should be no problem getting more photographic proof. Ask for several “personalized” photos with the pup posing with a specific item you request, such as a recent newspaper or ball. If not received, assume there’s no animal and you’re being set up for a scam.

Beware of payment ploys. Unlike legitimate breeders and shelters, pet scammers do not accept credit cards. They insist payment be made via Western Union, MoneyGram or prepaid debit card because it’s like sending cash – immediately redeemable anywhere in the world, hard to track, and impossible to get back. And don’t trust any checks you may receive (say, a so-called advance for third-party charges) with instructions to deposit it and forward a portion back to their “agent.” These checks are counterfeit and your bank will hold you responsible for money forwarded or drawn from their deposit.

Do your homework. If there are claims of using a pet relocation service such as Animals Away or delivery at a local airport, call to check about your specific pet shipment before paying shipping fees, looking up the number yourself. Scammer-run websites often look authentic because the content is stolen from another site, so check for duplication by copying descriptions and photos into a search engine and looking for identical wording elsewhere on the internet. Also check domain name ownership of websites for self-described breeders and shelters and insist they provide registration and association membership information that matches their contact information.

Give yourself a reality check. Ask yourself why would someone go to the trouble and possible costs of placing advertisements of show-quality pups for a fraction of their worth (or for free)? What are the odds that some do-gooder who volunteers at an overseas orphanage has time to find an American home for a puppy in Africa, or that a quick transaction is needed because of an unexpected but heartstring-pulling life change? Why are pups claimed to be treasures and treasured even offered on the internet, up for grabs to just about anyone who bites?

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

Photo: MarkusSchiemann/iStock

Also of Interest

See the AARP home page for deals, savings tips, trivia and more.


Source link

Pin It on Pinterest