Deja Vu Deception: These Old Scams Resurface Again

Deja Vu Deception: These Old Scams Resurface Again


Photo Credit: iStock/SIphotography

Re-run ripoffs are nothing new; what’s previously worked for scammers will likely be successful again. And that holds especially true for these three long-time (and historically prosperous) ploys that have resurfaced with a vengeance:

Jury Duty Scam
Going strong for more than a decade, this telephone scheme has scammers posing as court employees or members of law enforcement ranging from local police to U.S. Marshalls. They say that you failed to appear for mandated jury duty – and as a result of that supposed no-show, you face immediate arrest.

These imposters are usually well-prepared – citing names and addresses of their targets (often pooled from public directories) and spoofing phone call-recipients’ caller ID to show phone numbers and names of a courthouse or law enforcement agency. “The scammers often provide information that seems very convincing, including the real names of federal judges or court employees, the location of the courthouse, and case and badge numbers. The victim has every reason to believe the call is legitimate,” notes a recent warning from the U.S. Attorney’s Office. “The caller then tells the victim they can avoid arrest by paying an immediate fine and walks them through purchasing a prepaid debit or gift card or making an electronic payment to satisfy the ‘fine.’”

What makes this scam especially dangerous: In addition to a quick payoff, sensitive personal information including your birthdate and Social Security number may be solicited for possible identity theft. What to know:

  • As with jury duty summonses, official “no show” notifications are delivered by mail. Phone calls won’t occur unless a jury duty summons was mailed but returned to sender because it couldn’t be delivered.
  • Police never give advance warning of impending arrest. Courthouse employees don’t call after-hours, while you’re eating dinner or preparing for bed. Only scammers do both.
  • A bona fide court will never ask for a credit or debit card number, wire transfers, or bank routing numbers over the phone for any purpose – including missing jury duty. Fines aren’t imposed until after you’ve appeared in court, given the opportunity to explain a failure to appear. 

Utility Shutoff Scam
In this swindle, fraudsters pose as local utility company personnel, claiming that electric, gas or water service to your home or business will be terminated within hours because of unpaid bills…unless the alleged tab is immediately paid (again, typically requested by prepaid debit card, gift card or wire transfer). The typical homeowner who takes the bait loses about $500 – nearly twice the amount of other phone scams – while some business owners have lost $10,000 or more.

These scams have gotten so common – breaking rip-off records last year and on track for another banner year this winter (this ploy peaks during the busy heating season) – that more than 100 utilities have formed Utilities United Against Scams to warn customers. As “live” phone calls remain the most common way to con, newer methods also include bogus emails, automated robocalls and even “on-site” scammers in rented uniforms seeking a quick payoff and/or home entry for possible burglary. What to know:

  • Before shutting off service, all utilities mail at least one written notice, providing you with several options to pay (online, return mail, phone, automatic bank draft or in person). None initiate the shutoff process with an unexpected phone call.
  • Like most legitimate businesses, utilities don’t accept gift cards and never require payment by prepaid debit card or wire transfer. Scammers prefer these methods because they are like sending cash.
  • Service on meters or inside the home is usually prearranged; if there’s a charge for work on customer-owned equipment, you’ll be billed by the utility – not asked for on-the-spot payment. 

Charity Scams
No surprise on the timing here: The lion’s share of all charitable donations in the U.S. – nearly $390 billion last year – is made in December. And that’s when scammers do a full attack to dupe would-be donators with a hard-sell and heartfelt scripts, typically made in unsolicited phone calls, but also front-door visits and email campaigns.

Some feign to be collecting on behalf of recognized groups, but more often use sound-alike names of legitimate charities or invent their own authentic-sounding organizations. What to know:

  • Listen or watch for imitative words, such as “National” being substituted for “American” in a well-known name. Mailed solicitations are less likely to be fraudulent than those by phone, email or front-door visit, so unless you dialed the call or previously provided your email address to that organization, don’t provide a credit card number over the phone or online. Also know that legitimate charities won’t specifically request prepaid debit cards or other scammer-preferred payment methods.
  • The most successful scams (read: hot-button hoaxes) targeting older Americans are phony charities claiming to benefit police and firefighters, military veterans, sick or needy children, or victims of natural disasters.
  • Before donating to any solicitation, check the charity’s name and reputation at Give.org, Charity Navigator, Charity Watch or GuideStar. You can also contact the agency in your state that regulates charities.

 

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 Also of Interest


See the AARP home page for deals, savings tips, trivia



Source link

13 Simple Steps to Protect Your Privacy

13 Simple Steps to Protect Your Privacy


Photo credit: iStock/Natali_Mis

Simple steps can go a long way in protecting your privacy from prying eyes, including those belonging to on-the-lookout scammers. Some of the easiest and (usually) free safeguards to reduce your risk of scams, hacking and other dastardly deeds:

  • Password-protect every device you own – smartphone, PC, laptop, and tablet – with a PIN that isn’t among these commonly
  • used, and most-often hacked: 0000, 1111, 1212, 1234, 2580 (middle column of keyboard) or 5555. Also avoid your birthdate, birth year, and portions of your phone address, address or SSN.
  • Check if your email address was compromised in a data breach at https://haveibeenpwned.com. If you were poned, change that password used for that and other account.
  • Use a password manager to remember all your passwords in a well-protected digital space, generate new ones, and/or even automatically complete log-in fields; you only need to remember a master phrase. Some versions are free; those with top-line features cost upwards of $50.
  • On social media, taking surveys or even completing product and service forms, don’t share personal details including your birthdate, birthplace, phone number, family members, income, even hobbies. Even legitimate companies may share these ID theft-worthy nuggets with who-knowns-who. Never provide your Social Security number, even the last four digits, unless you initiate contact or it’s legally required.
  • Protect your Google, Yahoo or Outlook email (and other accounts) with two-factor authentication so any sign-in from a different device requires a second layer of security, such as a code texted to your phone. Check twofactorauth.org for websites that offer two-factor authentication.
  • Install the HTTPS Everywhere extension to ensure all your activity on major websites is encrypted and less vulnerable to hacking.
  • Visit optoutprescreen.com or call 1-888-567-8688 to get off mailing lists for pre-approved credit card offers, which can be stolen by identity thieves to get new cards in your name. Stop “junk” mail from direct-marketing mailing lists at dmachoice.org.
  • Mail outgoing payments from a secure USPS dropbox or the post office, not from your home mailbox. Try to retrieve incoming mail soon after its delivery – especially in coming weeks, when ID thieves can steal just-delivered tax-related documents.
  • Get and keep copies of your medical records – a binder works well – adding each new treatment and prescription. This way, you have paper proof (and better defense) if your records are stolen, altered, or used in medical identity theft that could compromise your own health care.
  • Review every Explanation of Benefits (EOB) statement from your insurer. Call about any appointment, treatment or prescription that wasn’t yours. Once a year, review all benefits paid out in your name.
  • Don’t choose “personal” password security questions – or if you do, provide false answers. With some online research, fraudsters can learn “Where were you born?” and “What’s your mother’s maiden name?” to access your account. Keep track of fabricated answers by setting up “accounts” in a password manager.
  • Consider how you pay. Credit cards offer the best fraud protection; with bank-issued debit cards, your out-of-pocket liability depends on when unauthorized charges are reported. Be suspicious of payment requests by prepaid, reloadable debit card or wire transfer; scammers prefer those methods because they are like sending cash – hard to trace and virtually impossible for consumers to get money back.
  • Don’t make photocopies of medical, tax-related or other sensitive documents from digital copiers at libraries or businesses. Information stored on their hard drives can be retrieved by ID thieves who purchase leased or discarded machines.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 Also of Interest


See the AARP home page for deals, savings tips, trivia



Source link

Trouble from the Toy Box: Will that “Smart” Holiday Gift for the Grandkids be a Spy for Hackers?


Photo Credit: iStock/nd3000

If so-called “smart toys” are on the holiday wish list of the children in your life, know this: The FBI warns that such interactive, Internet-connected gifts could be compromised by cyber hackers – and advises that security precautions be taken before playtime begins.

Although the agency doesn’t identity specific risky products, “these toys typically contain sensors, microphones, cameras, data storage components, and other multimedia capabilities – including speech recognition and GPS options,” notes the FBI. “These features could put the privacy and safety of children at risk due to the large amount of personal information that may be unwittingly disclosed.” They include dolls, stuffed animals, card packs, wrist bands and other playthings typically connected to the Internet, either directly through Wi-Fi or indirectly via Bluetooth to a smartphone (which, in turn, is connected to the Internet).

Among the concerns: Many smart toys, often intended to promote learning, have microphones that “could record and collect conversations within earshot of the device,” says the agency – including ID theft-worthy details such as the child’s name, address and birthdate. (Meanwhile, such details may be provided or required when creating user accounts.)

“In addition, companies collect large amounts of additional data, such as voice messages, conversation recordings, past and real-time physical locations, Internet use history, and Internet addresses/IPs,” says the agency. “The exposure of such information could create opportunities for child identity fraud. Additionally, the potential misuse of sensitive data such as GPS location information, visual identifiers from pictures or videos, and known interests to garner trust from a child could present exploitation risks.”

Some smart toys have already come under fire. Earlier this year, an Internet-connected doll called “My Friend Carla,” with an internal microphone, was banned in Germany. Meanwhile, an Australian security researcher reports that more than 2 million voice recordings were exposed via “Cloud Pets,” stuffed animals that allow parents and children to exchange voice messages. And last December, smart toy manufacturer V-Tech acknowledged that close to 5 million customer accounts were hacked via smart toys “Learning Lodge” and “Kid Connect,” allowing hackers to access children’s names, addresses, birthdates, chat histories and photos.

In addition to microphones, recording devices, cameras and GPS capability, other risks in Internet-connected smart toys include features such as speech recognition technology, speakers, and/or wireless transmitters and receivers. Also be mindful (and cautious) with products that request names, addresses, and other personal information when you register; have cloud connection capability (and remain connected to the cloud when the toy is turned off); and/or don’t include an End User License Agreement or identify its cloud storage provider.

As with other risk-posing “smart” devices in your home, here’s how to be smart with these high-tech toys:

  • Before buying, research the product for any reported security issues. Also look for certification or verification by members of the COPPA Safe Harbor Program (for Children’s Online Privacy Protection Act), an FTC-affiliated group.
  • Read the company’s privacy policy and user agreement. Find out where user data is stored (with the company, third party services or both), and research their reputations, especially in regards to cyber security.
  • Determine how (or if) you would be notified about a possible data breach or if vulnerabilities in the toy are discovered.
  • Only connect and use the toy on a trusted and secure internet access – not on public Wi-Fi.
  • Use a strong and unique PIN or password when connecting to a Bluetooth device. If the product comes with default password, change it.
  • Use encryption when transmitting data from the toy.
  • If the toy can receive software updates and security patches, ensure it is using the most updated version.
  • Make sure the toy is turned off when not in use, especially if the toys use microphones and cameras.
  • Be stingy with personal information when setting up user accounts. A teddy bear really doesn’t need to know your child’s last name, address or birthdate. Also teach young’uns to not “overshare” personal details when playing with or near the toy.
  • Turn the toy off when your children are not using it, especially if it has a camera and/or microphone.


For information about other scams, sign up for the
Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.




Source link

How to Avoid Hotel “Resort Fee” Ripoffs

How to Avoid Hotel “Resort Fee” Ripoffs


Although not new, hotel “resort fees” and surcharges are higher than ever – predicted to generate a record $2.7 billion this year – and now include previous freebies: parking, holding luggage, early cancellation or check-out, mini-bar “restocking” on top of those already overpriced snacks and beverages, and even the privilege of having (but not necessarily opening) a hotel room safe. Other charges include so-called “resort fees” for services and amenities offered by hotels, even when not used by individual guests: gyms, swimming pools, WiFi, fax services, automatic gratuities for staff, and “complimentary” newspapers and        coffee.                                                                                                                                      Photo Credit: iStock/Dragonimages

All told, this nickel and diming can add 30 percent to the advertised room rate. At least 47 state Attorney Generals are investigating if hotel fees are transparent and honest, and a recent Federal Trade Commission report decreed “separating mandatory resort fees from posted room rates without first disclosing the total price is likely to harm consumers.” But for now, hotel resort fees and surcharges are allowed so it’s on you to find and try to avoid them. Here’s how:

Look before you book. Don’t expect surcharges will be prominently displayed on hotel or third-party booking websites; they may be hidden in the fine print (but often are not). ResortFeeChecker.com helps take out the guesswork by listed known fees at hotels you may be considering.

Don’t wait for a waiver. Whether you make reservations online or by phone, a call to the hotel before arrival is the best time (and way) to confirm likely add-ons, and get them removed – especially if you have no plans of using “resort fee” services like hotel gyms. In that call, get the hotel or booking agent’s name and ID number, and have it, with details of your conversation, at check-in. Also mention what fee-mandated services you won’t be using (such as the gym, pool or room safe) and get the front desk clerk’s name at check-in should problem$ occur when you get your bill.

Learn the lingo.  Although most commonly called a “resort fee,” these add-ons may have other monikers: a “facility fee,” a “designation fee,” an “amenity fee,” a “convenience fee,” or in larger cities, an “urban fee.”

Be a “program” patron. Hotel loyalty programs may waive certain resort fees and surcharges for members, possibly even for new enrollees. Hotel stays booked with credit card awards point is another way to waive some fees.

Politely (and logically) raise a stink. Hotel resort fees may be called “mandatory,” but it’s a manager’s call on whether they are worth losing a repeat customer or getting bad online reviews. If charged for services you didn’t use or weren’t provided as promised – say, the pool was closed or WiFi was slow – don’t quibble with some low-level clerk with no bargaining power. Ask to speak with the manager, with whom you should calmly state your case. If all else fails, dispute the charges with your credit card company, documented with reasons you shouldn’t pay…especially if fees weren’t disclosed until check-out.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 

 Also of Interest


See the AARP home page for deals, savings tips, trivia and more.

 

 



Source link

4 Surging Facebook Scams You Need to Know

4 Surging Facebook Scams You Need to Know


Photo Credit: iStock/Blackzheep

These days, it may be wiser to use a phone-book than Facebook to communicate with your friends. That’s because of a fast-growing scam on Facebook Messenger that uses your friends to hack your account…and devices.

Here’s how it works: You get a Facebook Messenger chat that appears to be from someone you know. In the most common campaign, the message will include your name, word “video” and an emoji followed by a link – typically a “bit.ly” or “t.cn” short-link.  (Other versions – also specifically addressed to you, appearing to be from those you know, and with a link – claim you qualify for government grants, promise an inside investment opportunity, or other easy money con.) “In some cases, scammers have hacked into your friend’s Facebook account. In other versions, the scammer creates a separate look-alike account by stealing your friend’s photos,” reports the Better Business Bureau. “Either way, scammers are banking that you will trust a message that appears to come from someone you know.”

Click the link, say cybersleuths, and malware redirects users to different pages depending on their operating system and location. Some land on a fake Flash Player installer; others go to a bogus YouTube page. There, additional malware may be installed – including keystroke loggers that record what you type to collect passwords, credit card numbers and other sensitive information. To further salt the wound, this malicious software also spreads to your Facebook Messenger contacts.

Other Facebook scams currently in the works that should curb the urge for a quick click on offered links:

“Free” airline tickets. This longtime scam – claiming one or two no-cost tickets as part of some promotion or for simply a page “Like” – is again taking flight, with recent spoofing of British Airways, Singapore Airlines and British-based EasyJet joining a list of at least a dozen other previous targets – including American, Delta, JetBlue, Southwest, United and U.S. Airways. There are no free airline tickets offered on Facebook but there is malware in those “get details” links – and you’ll be required to provide personal information that, at the very least, will result in more conning come-ons.

Coupon cons. Another oldie on the increase, especially with the upcoming holiday shopping season: Bogus coupons that appear to be from trusted businesses including Amazon, Lowe’s, Home Depot, Costco, Sears, and even regionally-based supermarkets. The offers and names change frequently, but the constant: First, you’re typically required to pass the fake coupon on to your Facebook friends, to expand the pool of potential victims of what comes next. Next, you and your now-hooked Facebook friends are directed to complete a survey, which usually requests sensitive personal information; in addition to getting more unwanted spam and robocall rip-offs, you might get hit with hard-to-cancel programs that charge monthly fees for additional fake offers. Plus there’s the likelihood of malware.

Hurricane hoaxes. Harvey, Irma and Maria have given Facebook fraudsters ample ammunition for their usual post-disaster tricks: pleas for donations to bogus charities and malware-laden links that promise shocking or compelling videos. But the newest ruse may be even crueler: A Facebook page falsely claiming that Carnival is offering a free 4- to 7-day cruise for victims ravished by either Harvey or Irma, along with $100 in onboard credit. The catch: “Just pay taxes and port fees.”

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and gain access to a network of experts, law enforcement and people in your community who will keep you up to date on the latest scams in your area.

Also of Interest


See the AARP home page for deals, savings tips, trivia and more.



Source link

5 Ways to Spot Skimmer Scams Before You Use an ATM or Gas Pump

5 Ways to Spot Skimmer Scams Before You Use an ATM or Gas Pump


Caption: iStock/GCShutter

Skimming fraud has been around for more than a decade, and continues to evolve. Today’s skimmers – illegal card-reading devices placed on ATMs, gas pumps and other public-area machines that process debit cards – are stealthier and more sophisticated than ever.

These devices “skim” information from the card’s magnetic strip as a nearby hidden camera, also placed by skimming scammers, records the PIN that you enter. Although you get your cash or can make a purchase – none the wiser of a skim scam flim-flam – the crooks can get more: Using information from the skimmer and camera, they make duplicate cards to drain cash from your accounts, or sell your card number and PIN for others to fleece you.

The good news: In most cases, stolen funds are usually reimbursed provided you report the fraud to the card-issuing bank within 60 days (another reason to keep close and timely tabs on accounts).

The better news: With a few simple steps before you use your card, you may be able to detect skimmers and tampered machines to avoid potential trouble. Here’s how:

  1. Pull on the slot. The latest generation of card-reading devices, used with increasing frequency by skimming scammers, are thin “insert skimmers” that fit inside the card slot at an ATM or gas pump. “New evidence suggests that at least some of these insert skimmers – which record card data and store it on a tiny embedded flash drive – are equipped with technology allowing them to transmit stolen card data wirelessly via infrared, the same communications technology that powers a TV remote control,” reports noted cybersecurity blogger Brian Krebs (who provides photos of insert skimmers). So before using the machine, squeeze, wiggle and tug the insert slot to remove insert skimmers, along with some old-school models placed over the card slot that protrude outward. In general, card slots should be flush against the machine; be suspicious of those where the entire or half of the slot sticks out.
  2. Check for spy cameras. Although skimmers record data from a credit or debit card’s magnetic stripe, fraudsters also need your PIN in order to withdrawal cash or sell cloned cards. To glean PINs, they place pinhole “spy” cameras that collect numbers as they’re being typed on the keypad. Look for small holes just above the display screen, on an attached brochure or other type of box, or even on protruding covers placed over the cash dispenser. Even if you can’t detect evidence of a camera, cover your hand when entering your PIN.
  3. Avoid “void” stickers. To help spot skimmer tampering at gas pumps, many stations now place security seals over the cabinet panel as part of a voluntary program, notes the Federal Trade Commission. If the pump panel has been opened – an indication of possible skimmer placement – the label will read “void” and take that clue to fill your car elsewhere. Still, whenever you use a debit card at the pump, you’re safest by pressing the “credit” button instead of “debit.” This way, you can still use your debit card without having to enter a PIN, and the purchase amount is processed through a credit card network that provides greater protection if fraud occurs.
  4. Inspect the keypad. False keypad overlays that look exactly like, and fit directly over, the real McCoy are another way fraudsters can collect PINs as accompanying skimmers get card data. So before entering your card, check the keypad – and think twice before using if it feels loose, spongy, or the keypad panel appears raised or thicker compared to the rest of the machine. Also before using, give several buttons a test run and be suspicious if they feel sticky. Crooks have been known to place glue on and around certain buttons – particularly “enter,” “cancel” and “clear” – to prevent customers from completing a transaction after inserting a cash card and keying in a PIN. (When customers go inside a bank to report the problem, the waiting thief “unsticks” the buttons with a knife to complete the withdrawal.)
  5. Check the audio jack. Most ATMs have an audio jack that goes unnoticed to the average customer – and that works to their advantage. If not perfectly centered inside the plastic overlay cover, it suggests the machine has been tampered with. Another tampering tipoff: Look for cracks or cuts on the plastic covering the receipt slot, cash dispenser or other portions of the machine; these coverings should be completely smooth.

 

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 



Source link

Pin It on Pinterest