Deja Vu Deception: These Old Scams Resurface Again

Deja Vu Deception: These Old Scams Resurface Again


Photo Credit: iStock/SIphotography

Re-run ripoffs are nothing new; what’s previously worked for scammers will likely be successful again. And that holds especially true for these three long-time (and historically prosperous) ploys that have resurfaced with a vengeance:

Jury Duty Scam
Going strong for more than a decade, this telephone scheme has scammers posing as court employees or members of law enforcement ranging from local police to U.S. Marshalls. They say that you failed to appear for mandated jury duty – and as a result of that supposed no-show, you face immediate arrest.

These imposters are usually well-prepared – citing names and addresses of their targets (often pooled from public directories) and spoofing phone call-recipients’ caller ID to show phone numbers and names of a courthouse or law enforcement agency. “The scammers often provide information that seems very convincing, including the real names of federal judges or court employees, the location of the courthouse, and case and badge numbers. The victim has every reason to believe the call is legitimate,” notes a recent warning from the U.S. Attorney’s Office. “The caller then tells the victim they can avoid arrest by paying an immediate fine and walks them through purchasing a prepaid debit or gift card or making an electronic payment to satisfy the ‘fine.’”

What makes this scam especially dangerous: In addition to a quick payoff, sensitive personal information including your birthdate and Social Security number may be solicited for possible identity theft. What to know:

  • As with jury duty summonses, official “no show” notifications are delivered by mail. Phone calls won’t occur unless a jury duty summons was mailed but returned to sender because it couldn’t be delivered.
  • Police never give advance warning of impending arrest. Courthouse employees don’t call after-hours, while you’re eating dinner or preparing for bed. Only scammers do both.
  • A bona fide court will never ask for a credit or debit card number, wire transfers, or bank routing numbers over the phone for any purpose – including missing jury duty. Fines aren’t imposed until after you’ve appeared in court, given the opportunity to explain a failure to appear. 

Utility Shutoff Scam
In this swindle, fraudsters pose as local utility company personnel, claiming that electric, gas or water service to your home or business will be terminated within hours because of unpaid bills…unless the alleged tab is immediately paid (again, typically requested by prepaid debit card, gift card or wire transfer). The typical homeowner who takes the bait loses about $500 – nearly twice the amount of other phone scams – while some business owners have lost $10,000 or more.

These scams have gotten so common – breaking rip-off records last year and on track for another banner year this winter (this ploy peaks during the busy heating season) – that more than 100 utilities have formed Utilities United Against Scams to warn customers. As “live” phone calls remain the most common way to con, newer methods also include bogus emails, automated robocalls and even “on-site” scammers in rented uniforms seeking a quick payoff and/or home entry for possible burglary. What to know:

  • Before shutting off service, all utilities mail at least one written notice, providing you with several options to pay (online, return mail, phone, automatic bank draft or in person). None initiate the shutoff process with an unexpected phone call.
  • Like most legitimate businesses, utilities don’t accept gift cards and never require payment by prepaid debit card or wire transfer. Scammers prefer these methods because they are like sending cash.
  • Service on meters or inside the home is usually prearranged; if there’s a charge for work on customer-owned equipment, you’ll be billed by the utility – not asked for on-the-spot payment. 

Charity Scams
No surprise on the timing here: The lion’s share of all charitable donations in the U.S. – nearly $390 billion last year – is made in December. And that’s when scammers do a full attack to dupe would-be donators with a hard-sell and heartfelt scripts, typically made in unsolicited phone calls, but also front-door visits and email campaigns.

Some feign to be collecting on behalf of recognized groups, but more often use sound-alike names of legitimate charities or invent their own authentic-sounding organizations. What to know:

  • Listen or watch for imitative words, such as “National” being substituted for “American” in a well-known name. Mailed solicitations are less likely to be fraudulent than those by phone, email or front-door visit, so unless you dialed the call or previously provided your email address to that organization, don’t provide a credit card number over the phone or online. Also know that legitimate charities won’t specifically request prepaid debit cards or other scammer-preferred payment methods.
  • The most successful scams (read: hot-button hoaxes) targeting older Americans are phony charities claiming to benefit police and firefighters, military veterans, sick or needy children, or victims of natural disasters.
  • Before donating to any solicitation, check the charity’s name and reputation at Give.org, Charity Navigator, Charity Watch or GuideStar. You can also contact the agency in your state that regulates charities.

 

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 Also of Interest


See the AARP home page for deals, savings tips, trivia



Source link

13 Simple Steps to Protect Your Privacy

13 Simple Steps to Protect Your Privacy


Photo credit: iStock/Natali_Mis

Simple steps can go a long way in protecting your privacy from prying eyes, including those belonging to on-the-lookout scammers. Some of the easiest and (usually) free safeguards to reduce your risk of scams, hacking and other dastardly deeds:

  • Password-protect every device you own – smartphone, PC, laptop, and tablet – with a PIN that isn’t among these commonly
  • used, and most-often hacked: 0000, 1111, 1212, 1234, 2580 (middle column of keyboard) or 5555. Also avoid your birthdate, birth year, and portions of your phone address, address or SSN.
  • Check if your email address was compromised in a data breach at https://haveibeenpwned.com. If you were poned, change that password used for that and other account.
  • Use a password manager to remember all your passwords in a well-protected digital space, generate new ones, and/or even automatically complete log-in fields; you only need to remember a master phrase. Some versions are free; those with top-line features cost upwards of $50.
  • On social media, taking surveys or even completing product and service forms, don’t share personal details including your birthdate, birthplace, phone number, family members, income, even hobbies. Even legitimate companies may share these ID theft-worthy nuggets with who-knowns-who. Never provide your Social Security number, even the last four digits, unless you initiate contact or it’s legally required.
  • Protect your Google, Yahoo or Outlook email (and other accounts) with two-factor authentication so any sign-in from a different device requires a second layer of security, such as a code texted to your phone. Check twofactorauth.org for websites that offer two-factor authentication.
  • Install the HTTPS Everywhere extension to ensure all your activity on major websites is encrypted and less vulnerable to hacking.
  • Visit optoutprescreen.com or call 1-888-567-8688 to get off mailing lists for pre-approved credit card offers, which can be stolen by identity thieves to get new cards in your name. Stop “junk” mail from direct-marketing mailing lists at dmachoice.org.
  • Mail outgoing payments from a secure USPS dropbox or the post office, not from your home mailbox. Try to retrieve incoming mail soon after its delivery – especially in coming weeks, when ID thieves can steal just-delivered tax-related documents.
  • Get and keep copies of your medical records – a binder works well – adding each new treatment and prescription. This way, you have paper proof (and better defense) if your records are stolen, altered, or used in medical identity theft that could compromise your own health care.
  • Review every Explanation of Benefits (EOB) statement from your insurer. Call about any appointment, treatment or prescription that wasn’t yours. Once a year, review all benefits paid out in your name.
  • Don’t choose “personal” password security questions – or if you do, provide false answers. With some online research, fraudsters can learn “Where were you born?” and “What’s your mother’s maiden name?” to access your account. Keep track of fabricated answers by setting up “accounts” in a password manager.
  • Consider how you pay. Credit cards offer the best fraud protection; with bank-issued debit cards, your out-of-pocket liability depends on when unauthorized charges are reported. Be suspicious of payment requests by prepaid, reloadable debit card or wire transfer; scammers prefer those methods because they are like sending cash – hard to trace and virtually impossible for consumers to get money back.
  • Don’t make photocopies of medical, tax-related or other sensitive documents from digital copiers at libraries or businesses. Information stored on their hard drives can be retrieved by ID thieves who purchase leased or discarded machines.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 Also of Interest


See the AARP home page for deals, savings tips, trivia



Source link

Trouble from the Toy Box: Will that “Smart” Holiday Gift for the Grandkids be a Spy for Hackers?


Photo Credit: iStock/nd3000

If so-called “smart toys” are on the holiday wish list of the children in your life, know this: The FBI warns that such interactive, Internet-connected gifts could be compromised by cyber hackers – and advises that security precautions be taken before playtime begins.

Although the agency doesn’t identity specific risky products, “these toys typically contain sensors, microphones, cameras, data storage components, and other multimedia capabilities – including speech recognition and GPS options,” notes the FBI. “These features could put the privacy and safety of children at risk due to the large amount of personal information that may be unwittingly disclosed.” They include dolls, stuffed animals, card packs, wrist bands and other playthings typically connected to the Internet, either directly through Wi-Fi or indirectly via Bluetooth to a smartphone (which, in turn, is connected to the Internet).

Among the concerns: Many smart toys, often intended to promote learning, have microphones that “could record and collect conversations within earshot of the device,” says the agency – including ID theft-worthy details such as the child’s name, address and birthdate. (Meanwhile, such details may be provided or required when creating user accounts.)

“In addition, companies collect large amounts of additional data, such as voice messages, conversation recordings, past and real-time physical locations, Internet use history, and Internet addresses/IPs,” says the agency. “The exposure of such information could create opportunities for child identity fraud. Additionally, the potential misuse of sensitive data such as GPS location information, visual identifiers from pictures or videos, and known interests to garner trust from a child could present exploitation risks.”

Some smart toys have already come under fire. Earlier this year, an Internet-connected doll called “My Friend Carla,” with an internal microphone, was banned in Germany. Meanwhile, an Australian security researcher reports that more than 2 million voice recordings were exposed via “Cloud Pets,” stuffed animals that allow parents and children to exchange voice messages. And last December, smart toy manufacturer V-Tech acknowledged that close to 5 million customer accounts were hacked via smart toys “Learning Lodge” and “Kid Connect,” allowing hackers to access children’s names, addresses, birthdates, chat histories and photos.

In addition to microphones, recording devices, cameras and GPS capability, other risks in Internet-connected smart toys include features such as speech recognition technology, speakers, and/or wireless transmitters and receivers. Also be mindful (and cautious) with products that request names, addresses, and other personal information when you register; have cloud connection capability (and remain connected to the cloud when the toy is turned off); and/or don’t include an End User License Agreement or identify its cloud storage provider.

As with other risk-posing “smart” devices in your home, here’s how to be smart with these high-tech toys:

  • Before buying, research the product for any reported security issues. Also look for certification or verification by members of the COPPA Safe Harbor Program (for Children’s Online Privacy Protection Act), an FTC-affiliated group.
  • Read the company’s privacy policy and user agreement. Find out where user data is stored (with the company, third party services or both), and research their reputations, especially in regards to cyber security.
  • Determine how (or if) you would be notified about a possible data breach or if vulnerabilities in the toy are discovered.
  • Only connect and use the toy on a trusted and secure internet access – not on public Wi-Fi.
  • Use a strong and unique PIN or password when connecting to a Bluetooth device. If the product comes with default password, change it.
  • Use encryption when transmitting data from the toy.
  • If the toy can receive software updates and security patches, ensure it is using the most updated version.
  • Make sure the toy is turned off when not in use, especially if the toys use microphones and cameras.
  • Be stingy with personal information when setting up user accounts. A teddy bear really doesn’t need to know your child’s last name, address or birthdate. Also teach young’uns to not “overshare” personal details when playing with or near the toy.
  • Turn the toy off when your children are not using it, especially if it has a camera and/or microphone.


For information about other scams, sign up for the
Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.




Source link

How to Spot Phishing Emails from “Trusted” Businesses

How to Spot Phishing Emails from “Trusted” Businesses


Photo credit: iStock/weerapatkiatdumrong

Year-round, all kinds of phishing attempts lurk in your inbox – from promises of massive wealth from self-described Nigerian princes (or their representatives) to threats of arrest or loss of benefits from supposed employees of government agencies that, in reality, never correspond via email.

But with the upcoming holiday shopping season – predicted to generate up to $682 billion in sales, including a record $107 billion in online purchases (14 percent higher than last year) – prepare for some of the most convincing cons angling for personal and financial information that could lead to identity theft.

That’s because they supposedly come from companies you know, trust, and likely rely on – especially this season: Online retailers, credit card companies, PayPal, banks, even airlines and delivery services like FedEx and UPS. Some bogus emails allege an “order confirmation.” Others claim a problem – say, your account was frozen, requires an update or verification, or there’s a shipping or delivery snafu. Others tout coupons, unbelievable discounts or freebies ranging from expensive iPhones to gift cards (often promised for completing a customer survey that could provide identity thieves and sleazy marketers with sensitive information best not shared).

All seek the same goal: To get you to reveal sensitive information – personal details, log-in credentials, account and credit card numbers – and/or click on an imbedded link or attachment that harbors computer-infecting malware. Here’s how to distinguish the bona fide from the bogus (even after the holiday shopping season):

  • A legit company knows its customers. True, so-called “spearphishing” emails and “artisanal” spam include your name, but those more personalized phishing attempts typically target workplace or social media accounts. Phishing emails related to holiday shopping and other seasonal activities are more likely to have generic greetings such as “Dear Customer” because they are blasted en masse. Legitimate messages from companies always include the customer’s name, account number (or at least a portion of it) and other specific-to-you information – and they won’t ask you to provide it.
  • Real messages focus on guidance, not getting. When legit companies email about issues or problems that need to be addressed, they instruct you to log-in into your online account or call their customer service phone number, and rarely (and shouldn’t) include a link promising “more details.” Only phishing scammers ask that sensitive information by provided via reply email, and tease to get must-know news in links rather than prominently display it in no-click-needed text.
  • Genuine messages don’t threaten. Scammers know that fear is a powerful motivator; above-board companies know it’s bad business. Threats, intimidation and warnings of dire consequences are the foundation of success for many fraudsters – such as claims your account will immediately be frozen or closed unless you immediately respond with money or sensitive information that real companies already have.
  • Actual companies don’t give away the store. Sure, they want your business, but legit vendors aren’t in business to lose money. Be suspicious of non-personalized messages promising freebies of high-priced items or travel excursions “just because” or sales of hot-selling merchandise for a fraction of the cost offered by competitors. If there truly is a giveaway or blowout sale, retailers will have full details on the website.
  • Authentic businesses are professional. They send emails from their own domain – companyname.com – not a free service like Gmail or Yahoo. (When in doubt of the sender, hover your mouse over the “from” address.) And they ensure their messages are grammatically correct, free of misspellings and “readable” to their customers. Because emailing phishers often operate overseas, their messages tend to be linguistically challenged, littered with Scammer Grammar, typos and note currency descriptions not commonly used in the U.S. companies – such as listing prices at $19.95 USD (for U.S. dollars).


For information about other scams, sign up for the 
Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 Also of Interest


See the AARP home page for deals, savings tips, trivia



Source link

Veterans: The Few, The Proud, The Scammed

Veterans: The Few, The Proud, The Scammed


Photo Credit: iStock/Anchiy

This Veterans Day, there’s more reason to celebrate those who have served and sacrificed.

In Illinois, Attorney General Lisa Madigan recently sued two companies accused of bilking hundreds of older veterans into buying high-commission annuities and other often unwise retirement investments for older folks. In New Jersey, authorities busted those behind a $24 million “bait-and-switch” scam that swindled thousands of college degree-seeking veterans out of their G.I. Bill tuition benefits. And across the country, federal authorities are now investigating whom they consider to be predatory lenders believed to pressure veterans and active military personnel into unneeded and costly mortgage refinances.

But despite these important steps, the road ahead remains rough for veterans. Because of their post-service benefits, they are among those most often targeted for scams – along with appreciative civilians who are thankful for their service. Among the leading (and ongoing) veteran-themed scams:

Phishing fraudsters. Especially preying on older vets, telephoning tricksters pose as employees of the Department of Veterans Affairs trying to glean to personal or financial information, including credit card numbers and bank accounts. “Spoofing” phone numbers displayed to the recipient’s Caller ID so calls seem authentic, fraudsters claim “new” changes in VA policies regarding pensions, dispending prescription drugs or medical benefits. Most recently, scammers have been posing as callers from the Veterans Choice Program, which allows vets to receive healthcare within their community, typically tweaking the area code of the legitimate VCP phone number (866-606-8198) in incoming calls; they also operate fraudulent hotlines with similar phone numbers to receive calls.

What to know: Like other federal agencies, the VA uses U.S. mail to share information – not phone calls – and doesn’t request vets’ personal information already on file. When in doubt about supposedly new policies in benefits, call these official VA toll-free phone numbers.

Bilking benefits. The lawsuit by Illinois AG Madigan is an example of a common scam – steering older vets with pensions and other benefits into an irrevocable trust or to invest in unsuitable investments on a usually bogus “guarantee” they can be eligible for additional benefits. Other schemes promise lump-sum cash payouts for veterans’ pensions and future benefits that pay only a fraction of their actual worth, or charging hefty fees for services like filing pension or other claims or getting military records that could boost risk of identity theft in sharing sensitive information.

What to know: The usual pitch in the “more benefits” claim is by transferring existing funds to self-described “veterans advocates” (in truth, typically unscrupulous financial advisers), retirees can appear as impoverished and qualify for Aid and Attendance (A&A), a Veterans Affairs program that pays an additional benefit to low-income veterans 65 and older. But eligibility for A&A is specific and strict – in addition to low income, requirements include needing aid and attendance from another person for everyday tasks, being bedridden, legally blind, or living in a nursing home. Plus, new trust recommendations usually involve purchasing annuities, long-term investments considered inappropriate for many older retirees but reaping high commissions for brokers.

Charity cons. Fraudulent fund-raising purported to help disabled vets is among the top charity scams – especially when targeting well-meaning older donors. (Other hot-button hoaxes include those that allegedly help disaster victims, sick children, and police and firefighters.) And these scams tend to uptick from Veterans Day through the holidays.

What to know: To illicit funds, scammers often use sound-alike names of recognized organizations – if not alleging to be from them. Be especially suspicious of unsolicited pitches by phone or email; they’re more likely to be bogus that solicitations sent by U.S. mail. Before donating, verify charities by checking their names and reputations at the Wise Giving Alliance, Charity Navigator or CharityWatch. In general, better-rated charities spend at least 75 percent of incoming donations on program activities.

Romance rip-offs. Sweetheart scammers frequently pose as military personnel (especially officers) currently deployed overseas, an especially effective role in snagging the most pursued and prized target: American women over 40, usually divorced, widowed and/or disabled who are looking for love or companionship online. After some cyber schmoozing, these self-described “military” suitors inevitable ask for money, usually claiming a paycheck problem, medical emergency or for a plane ticket home to meet. Once sent, victims typically never again hear from the cyber scammers, or are bombarded with additional money requests.

What to know: Notice the bad grammar and frequent misspellings? That’s because romance scammers tend to be foreigners, and their prose is certainly not what you’d expect from an officer. Vague and repetitive email responses could indicate you’ve been hooked by an organized crime ring, and one scammer picks up where a cohort left off. So don’t reveal your last name, address, workplace or other personal information until you’ve met and verified a legit online match; if you talk by phone, turn off your phone’s location settings. And don’t send money – bona fide military personnel on dating websites get regular paychecks and have access to healthcare and travel.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 Also of Interest


See the AARP home page for deals, savings tips, trivia

 



Source link

Why You Can’t Trust Phone Calls You Think You Should Trust


Photo Credit: iStock/lolostock

“Call from 877-382-4357? Hang Up,” warns the Federal Trade Commission. Seems that phone number – better known as 877-FTC-HELP, the agency’s go-to hotline to report scams – is another example in a never-ending plague of spoofing, the practice of deliberately displaying a false number (and sometimes name) on the recipient’s caller ID.

The goal of scammers using this tried-and-true telephone trickery is to present a phone number that can be trusted, so recipients answer the phone. “Once you start talking,” explains Jonathan Sasse of PrivacyStar, whose app identities and blocks scam calls, “their autodialing software detects a live number and person on the other end and the scam begins.”

How spoofing works: Using cheap and readily available services such as Spoofcard and/or popular computer-based Voice over Internet Protocol (VoIP) telephone systems, phoning fraudsters select whatever number they want displayed, for whatever ruse they choose. They most often pretend to be calling from a government agency, utility company, bank or tech company such as Microsoft. They also claim to be police, sweepstakes officials, even AARP. Fast-growing schemes include spoofing local numbers (typically using the recipient’s same area code and prefix) so calls appear to be from neighbors, your pharmacy or doctor’s office – or even your own phone number.

Some spoofed calls are made individually, but the majority are sent en masse – sometimes by the millions – with the help of autodialers. Some are “live,” but most are robocalls – and with as little as your “Hello,” you’re typically transferred to a boiler room where a smooth-talking fraudster take over.

Although spoofing scams have been around for nearly a decade – originally done mostly to glean consumers’ bank account details – it’s now the foundation of most leading phone scams. (Spoofing itself is not illegal, but under federal law, it is illegal to transmit misleading or inaccurate caller ID information “with the intent to defraud, cause harm, or wrongly obtain anything of value.”)

Whatever the ruse, it’s the same rip-off: First, display a phone number that appears trustworthy so the call is answered. Then, those most untrustworthy scoundrels behind this deceptive dialing angle for your money and/or phish for personal information that could be used for identity theft – usually by instilling fear, sometimes luring with greed.

To make calls seems authentic – and better incentivize you to answer – spoofed numbers often display the name of the supposed caller, say “Internal Revenue Service” or “Bank of America.” But others have more generic displays such as “Bank” or “County Courthouse,” maybe a city such as “Washington, D.C.”; others simply show a phone number.

Consider the most common phone schemes, each using spoofing with a fraud-focused cornerstone: False threats of immediate arrest from self-described IRS agents and police because of overdue taxes or missing jury duty. Bogus bank calls alleging “a problem with your account” and Medicare scams claiming a need to “verify your identity” or you’ll lose benefits. The myth that your computer has a crippling virus when those liars from a far-away country have no idea if you even own one. The list goes on – and so will spoofing.

Depending on your phone type and operating system, call-blocking apps such as Hiya, Truecaller, NoMoRobo or PrivacyStar can block many spoofing calls. But when others get through, here’s what to do in addition to not answering or hanging up:

 

  • If you answer, don’t speak. A “live” person on the other end will start a conversation, but several seconds of dead silence indicates it’s a robocall using voice-activated technology to transfer you, or at least play a message.
  • If you speak, say nothing of value. That includes providing or even confirming your name, account numbers, anything that helps phoning fraudsters identify you. If the caller claims to be with a company you do business with, hang up and call the customer service number listed on your statements, in the phone book, or on the company’s website. If the caller claims to be with a government agency, hang up – knowing that the IRS, Medicare, SSA and other government agencies do not make unsolicited phone calls.
  • If you have a voice mail account with your phone service, set a password for it.  Some voicemail services are preset to allow access if you call in from your own phone number, and without a password, scammers could spoof your home phone number and gain access to your voice mail.
  • If it’s not personal, assume it’s a scam. Unlike automated but personalized reminder calls from doctor’s offices or pharmacy, scam robocall campaigns do not mention your name or other personal identifiers. That’s because thousands or millions of others get the identical message.


For information about other scams, sign up for the
Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.




Source link

Pin It on Pinterest