Scammers need to get your attention

Scans come in many flavors, phone calls, emails, texts, and knocks on the door. There are many ways to get your attention!

Crooks use clever schemes to defraud millions of people every year. They often combine sophisticated technology with age-old tricks to get people to send money or give out personal information. They add new twists to old schemes and pressure people to make important decisions on the spot. One thing that never changes: they follow the headlines — and the money.

http://www.bbc.com/news/av/uk-43758910/the-design-tricks-that-get-you-hooked-on-your-phone

https://video.foxnews.com/v/5754379251001#sp=show-clips

Because you pay your income taxes on time, you have been awarded a free $12,500 government grant! To get your grant, simply give us your checking account information, and we will direct-deposit the grant into your bank account!”  What happens is they take all your money out of your accounts.  You can suddenly become poor!

Some scam artists advertise “free grants” in the classifieds, inviting readers to call a toll-free number for more information. Others are bolder: they call you out of the blue. They lie about where they are calling from, or they claim legitimacy using an official-sounding name like the “Federal Grants Administration.” They may ask you some basic questions to determine if you “qualify” to receive a grant. FTC attorneys say calls like this are rip offs.

Grant scammers generally follow a script: they congratulate you on your eligibility, then ask for your checking account information so they can “deposit your grant directly into your account,” or cover a one-time “processing fee.” The caller may even reassure you that you can get a refund if you are not satisfied. In fact, you will never see the grant they promise; they will disappear with your money.

Some rules

  • Do not pay any money for anything online unless you requested it
  • Do not give out your bank account information to anyone you don’t know
  • Look-alikes are not the real thing. Just because the caller says he is from a company or government agency does not mean that they are.
  • Systems Phone numbers can deceive. Some con artists use Internet technology to disguise their area code in caller ID. Although it may look like they are calling from Washington, DC, they could be calling from anywhere in the world

Crooks use clever schemes to defraud millions of people every year. They often combine sophisticated technology with age-old tricks to get people to send money or give out personal information. They add new twists to old schemes and pressure people to make important decisions on the spot. One thing that never changes: they follow the headlines — and the money.

Stay a step ahead with the latest info and practical tips from the nation’s consumer protection agency.

Browse FTC scam alerts by topic or by most recent.

Phishing

What is Phishing?

Phishing is a form of fraud where cybercriminals/hackers pose as a legitimate source (e.g. financial institution, retailer, etc.) to steal your personal information. They try to disguise themselves as a trustworthy entity in an electronic communication, both emails and text messages. 

How Phishing Impacts you

Cybercriminals may use phishing scams to steal your username and/or password and other personal information to gain access to personal information or accounts to steal money, financial data, or other sensitive information, such as identity theft, or extortion, among other acts. 

What can you do to protect yourself? Here are some practical tips to stay protected against phishing attacks. Use these tips on your personal devices, and at home.

Fake emails

1. Be alert when it comes to phishing attacks

Never click on links, download files, or open attachments in emails (or on social media), even if it appears to be from a known, trusted source. Always be wary of emails asking for confidential information – especially if it asks for personal details or banking information. Legitimate organizations will never request sensitive information via email.

2. Does that email look suspicious?

Plenty of phishing emails are obvious. They will be punctuated with plenty of typos, words in capitals and exclamation marks. They may also have an impersonal greeting – think of those ‘Dear Customer’ or ‘Dear Sir/Madam’ salutations – or feature implausible and generally surprising content. Cybercriminals will often make mistakes in these emails intentionally to improve responses and weed out the ‘smart’ recipients who will not fall for the con.

3. Be watchful of threats and urgent deadlines

Most phishing attacks succeed because we are always in a hurry. Online surfing is serious business and things should not be done in haste. Usually, scamming emails contain threats and urgency, especially if coming from what claims to be a legitimate company. Some of these threats may include notices about a fine or advising you to do something to stop your account from being closed. Ignore the scare tactics and contact the company directly via their website or phone. Do not get pressured into providing sensitive information. 

Watch out! This streaming scam could drain your bank account

Do not fall for this realistic spoofed email

Streaming services have seen a major surge as we try to stay entertained while we are stuck at home. The strange messages promise a three-month premium Netflix subscription for free in exchange for clicking a link. People across the country have been receiving strange text messages promising them a three-month premium Netflix subscription for free in exchange for clicking a link.

The texts seem to be mass-mailer and are appearing as ordinary SMS texts and WhatsApp messages. A premium Netflix account features 4K streaming and costs $16 monthly, which makes following the text’s instructions highly tempting.

But if you do so, you are putting your phone’s cybersecurity at risk — as well as your friends’ and family’s.

Following the link in the text will take you to a shady website called “netflix-usa[dot]net.” Obviously, this is not Netflix’s real web address, but it can be easy to make the mistake in the moment. Some versions of the text contain even stranger URLs that do not follow any rhyme or reason.

But the icing on the cake comes once the page loads up. You are told you will get access to your free subscription by inviting 10 other people to visit the website. A pyramid scheme on top of a phishing scheme! Lovely.

If you follow the trail all the way through, you do not even get free Netflix. You just end up getting asked for more personal data and phone numbers. No thank you.

Now, its Hulu users’ turn to be in the spotlight. An extremely realistic-looking fake email is being sent claiming that there was a problem with your Hulu payment.

Supposedly something went wrong, and your payment was unable to be processed. The message goes on to say, “unfortunately, your Hulu subscription has been canceled.” But do not worry, you can always reactivate your subscription at any time. A link is included in the message for you to reactivate Hulu.

Warning: Do not click on the reactivation link! It’s a scam.

If you were to click on the malicious reactivate Hulu link, you would be taken to a spoofed website. Once you are on the spoofed site, you would be asked to enter your Hulu credentials and to update your payment information. Not good! You would be handing over banking information directly to criminals.

How to avoid the dreaded phishing scam

Verify the sender

Whenever you receive an email from a company that you do business with, make sure to verify the email address the message is sent from. In this Hulu scam, the email came from hulu@hulumail.com. It does kind of look legit since it has Hulu in the address and it is not full of numbers and crazy characters like $^&*#.

However, if you go to Hulu’s official website and log in, you can navigate to the contact us section and send them an email. You will notice the official email address is support@hulu.com. That’s why it’s important to verify email senders to make sure it’s coming from the official site.

Never trust links

There is always the possibility of an unsolicited email being a scam. That is why you should never trust links or attachments found in unsolicited emails.

Instead, if you receive a message saying there is a problem with your account, and it has been canceled or blocked type the site’s address directly into your browser. That way you will know you are visiting the real deal and not a spoofed site.

Enable 2FA when available

Any time a company offers two-factor authentication (2FA), take advantage of it. 2FA means you need two ways to prove who you are instead of just your login credentials.

You can either receive a one-time code via text or use an authentication app like Google Authenticator. 

Protect your identity

One-way identity thieves get your personally identifiable information (PII) is through phishing scams like this one. Replying to an email with sensitive information is a bad idea. Once the scammers have enough PII, they can steal your identity and ruin your credit by opening credit cards, taking out loans in your name and more.

And now, three new types of coronavirus scams have been discovered that are even wilder than previous ones. We must admire the effort the scammers are putting in, but that does not mean we’re letting them off the hook. Here is how you can spot the scams so you can protect yourself and your wallet.

Catfishing makes a COVID-19 comeback

Catfishing is a familiar trick that anyone with a Facebook account or a dating profile can tell you about. In simplest terms, the scammer steals pictures from someone else online and impersonates them for personal gain. And on social media platforms, the scam has grown to epidemic proportions.

The FBI reports that more than 19,470 people fell victim to confidence fraud and romance cybercrimes, with losses totaling around $475 million in 2019. This year, catfishing continues to rise, but the scammers are imparting a unique COVID-19 flavor to their tricks.

In one variation reported by NBC News, scammers stole photos from a registered nurse and impersonated her on Facebook to run a fake fundraiser. Because people believed the scammer to be a legitimate nurse, they were able to rake in a sizeable amount of cash before the real nurse found the account and reported it.

Unfortunately, it took more than 400 reports for Facebook to even act on the account. And even then, the victim claims to get messages from strangers who allegedly interacted with her on dating sites as well. What a headache!

To stay safe from catfishers, use skepticism when dealing with anyone you do not know online. Impromptu fundraisers and donation drives are a big red flag, and those looking to contribute to COVID-19 relief should investigate the charity closely before spending any money.

If someone happens to impersonate you in a catfishing scam, report the page as soon as possible, and do so multiple times until the page is removed. In addition, you’ll want to set your social media accounts to private and potentially create a Google Alert for your name, so you know if somebody is searching for it or using it without permission.

These messages are not from your bank!

Money is the root of all these COVID-19 scams, so it is natural that America’s con artists would take to impersonating banks to try and squeeze even more money out of their victims.

In a new variation on classic loan scams, these hustlers pretend to be your bank or loan servicer offering you new financing options with extremely low-interest rates. Some even claim that you can get a mortgage interest rate of 0%, which is quite literally impossible. But if the victim does not know, that only benefits the scammer, doesn’t it?

To protect yourself from bank scams, make sure you ignore any unusual text messages or emails that claim to come from your bank no matter what they say. If it seems realistic enough but you are not 100% sure, go to your bank’s website, grab its phone number, and give them a call for yourself to verify its legitimacy.

Otherwise, you may be signing away extremely sensitive information like your home loan without realizing it. And we think everyone can agree this is absolutely one of the worst times in history to make that kind of mistake.

Other scams to watch out for

  • Stimulus check fraud: Scammers pretend to be the government or your bank and tell you your identity must be verified before you can receive your stimulus check. Many people have fallen for this deceptive scam and lost thousands of dollars because they gave the scammers personally identifying information.
  • Fake protective gear and COVID-19 treatments: People looking for medicines and gear to treat COVID-19 are running into phishing websites that will steal personal data. Oh, and to make matters worse, the treatments are fake, and the gear never arrives.
  • Bioterrorism scam: This one is ludicrous, but people are falling for it. This variation of the classic sextortion scam involves a “hacker” threatening to infect your whole family with COVID-19 unless you cough up bitcoin. Fortunately, it is nothing more than lies and bluster. Scammers will undoubtedly move to even more creative schemes in the coming months.

There was also a scan at Disney Springs where a man would go up to a father or grandfather and started saying very nasty stuff he was going to do to the children until the person got so mad they would take a swing at the person.  Once they took the swing a friend was videotaping the incident and the man would fall to the ground and sue the family.  I heard they made a lot of money doing this until they got thrown out of the park for good.

Here is a list of things to do, think about and practice so you can protect yourself!

First put tape over your laptop’s webcam otherwise you will be opened to people see you and spying on you.

Use Two-factor authentication for logging into your online accounts (Do you know what it is?).  Multi-factor authentication is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence to an authentication mechanism.

Are you willingly sharing tons of information on your social network’s profiles, while I never post anything personal? No check-ins, no real time photos, no photos from where I live or work, no high school memories, no bragging about concert tickets, not even a single like to a political or religious post. Nothing that might give away too much information about me or that someone could use to find out more about you using Doxxing.

Doxxing is a cyber-attack that involves discovering the real identity of an Internet user. The attacker then reveals that person’s details so others can target them with malicious attacks. Doxxing is analyzing information posted online by the victim to identify and later harass that person. 

But where exactly do you draw the line between convenience, precaution, and paranoia?

1. Put tape over your laptop’s webcam

For example, a student sued his high school in 2009 for spying on him. They were remotely activating the webcam and taking photos through the very laptops they provided their students.

In 2013, Miss Teen USA was photographed without her knowledge by an ex high school colleague who infected her PC with spyware. The victim fought back, and the man was sent to jail.

I am sure there are many people out there who aren’t aware of the fact that somebody could be watching them. Putting tape over the webcams is just a small way to fight against surveillance.

2. Never check in on social networks

That includes no posting of flight tickets and holiday pics (at least not while you are still away from home).

Something so common and apparently innocent can turn into a nightmare. There were plenty of cases of people who checked-in from their holidays, bragged about the wonderful places they are visiting, only to come back home and find out that their house became the target of burglars.

That is because you never know who else can benefit from the information you are sharing. You can never fully control and restrict who is watching your social networks posts. Even though you are careful with your security settings, you have no idea how those posts are shared, where they could end up or who else can breach one of your friends’ accounts.

3. No pics of your kids on social networks

Parents should stop posting photos of their kids on the social networks.

First, think about when those kids will grow up and their whole lives will be available publicly, will be there to use against them, to shame them. This is most likely to happen among teenagers, a time when kids are extremely harsh with each other. Let them choose if they want those pics to be available online or not.

Second, you never know where those pics will end up. There’ve been cases of private Facebook groups where people were sharing other people’s kids’ pics and making fun of them.

Or, even worse: pedophiles who were posting photos of children. Imagine what could happen if a pedophile would put together all the information you are willingly sharing on your social network: the area where you live, your kid’s school, the park where your kid plays, etc. Gives you the chills, right?

4. No clicking on that short link

Beware of short links that you never requested, and you don’t know where they lead. Don’t click on them, as you can’t know if they are safe or lead you to a possible infection with malware.

Instead, check them first with a link extender, such as CheckShortUrl.com, to see where it leads. You can also use a service like BrowserShots.com , that takes remote browser screenshots.

The same advice goes for attachments. If you know who sent it to you and you were expecting it, then go ahead and open it. Otherwise, steer clear from it, as it can harm your system, no matter how innocent it might seem.

5. Use separate email accounts, with different purposes

Most people have and use only one email account that fits all their personal needs

You should have a separate email account for subscribing to newsletters and shopping deals, for creating online accounts, and different email accounts for work and for personal conversations.

It might be a hassle at first, to create and manage all those email accounts, but it is worth it. This way, you will reduce the chances to receive spam (or worse, phishing and / or malware) on your important email accounts.

6. Set different passwords for different accounts

While this is one of the easiest security measures that people can take to prevent their accounts to be breached, it is also one of the most ignored.

Think of it this way: if one of your accounts is hacked, it does not matter how that happened. It can happen in multiple ways: it could either be your fault, the website’s fault, your system’s fault, a friend of yours fault, etc.

What it matters is that you do anything to control the damages. And that would be impossible if you set the same password for all accounts – then the attacker would have access to all your accounts.

Just as you do not have the same key for your house and your car, the same way you should not recycle any passwords. We know we have been saying this a lot, but it is only because there is a huge gap between what people should be doing to protect their data and what they are actually doing.

7. Data backup. Multiple data backups. Three, at least.

A lot of people understand the importance of backup, but few take their time to do it (or automatize it, as it does not have to be taken care of “manually”). It is only after they lose something important that they act.

Think about all the devices you have, and the data stored on them. Or the online accounts that you use – for work, for social reasons, for fun, for shopping.

What would happen if that data were damaged or lost? What if you ended up with a ransomware infection and your data encrypted?

Take your time and do data backups. Not just one, but multiple backups, in multiple locations. Here is how.

Other Scams to watch out for

IRS phone scam alert: What you need to know 

A smartphone app that protects users from phone spam and scam calls, reports that IRS and tax phone scams have gone up 1218% year over year from January and February 2017 to 2018.

When the IRS impersonator calls, they will say you owe them money and may threaten legal action or an arrest. Do not fall for it! 

The scammers will often use caller ID spoofing to make their number show up as “IRS,” but that is not always the case. Hiya says these are the top area codes where tax scams appear to originate:

  • 202 – Washington, D.C.
  • 206 – Seattle
  • 315 – Upstate New York
  • 470 – Atlanta
  • 631 – Central and East Long Island, NY
  • 314 – St. Louis, Missouri
  • 415 – San Francisco
  • 786 – Miami
  • 646 – New York City

The IRS will not threaten you or demand payment over the phone. It initiates most contacts through regular mail.

Do not fall for this realistic spoofed email

Streaming services have seen a major surge as we try to stay entertained while we are stuck at home. The strange messages promise a three-month premium Netflix subscription for free in exchange for clicking a link. People across the country have been receiving strange text messages promising them a three-month premium Netflix subscription for free in exchange for clicking a link.

The texts seem to be mass-mailer and are appearing as ordinary SMS texts and WhatsApp messages. A premium Netflix account features 4K streaming and costs $16 monthly, which makes following the text’s instructions highly tempting.

But if you do so, you are putting your phone’s cybersecurity at risk — as well as your friends’ and family’s.

Following the link in the text will take you to a shady website called “netflix-usa[dot]net.” Obviously, this is not Netflix’s real web address, but it can be easy to make the mistake in the moment. Some versions of the text contain even stranger URLs that don’t follow any rhyme or reason.

But the icing on the cake comes once the page loads up. You are told you’ll get access to your free subscription by inviting 10 other people to visit the website. A pyramid scheme on top of a phishing scheme! Lovely.

If you follow the trail all the way through, you do not even get free Netflix. You just end up getting asked for more personal data and phone numbers. No thank you.

Now, its Hulu users’ turn to be in the spotlight. An extremely realistic-looking fake email is being sent claiming that there was a problem with your Hulu payment.

Supposedly something went wrong, and your payment was unable to be processed. The message goes on to say, “unfortunately, your Hulu subscription has been canceled.” But don’t worry, you can always reactivate your subscription at any time. A link is included in the message for you to reactivate Hulu.

Warning: Do not click on the reactivation link! It is a scam.

If you were to click on the malicious reactivate Hulu link, you’d be taken to a spoofed website. Once you are on the spoofed site, you would be asked to enter your Hulu credentials and to update your payment information. Not good! You would be handing over banking information directly to criminals.

How to avoid the dreaded phishing scam

Verify the sender

Whenever you receive an email from a company that you do business with, make sure to verify the email address the message is sent from. In this Hulu scam, the email came from hulu@hulumail.com. It does kind of look legit since it has Hulu in the address and it’s not full of numbers and crazy characters like $^&*#.

However, if you go to Hulu’s official website and log in, you can navigate to the contact us section and send them an email. You will notice the official email address is support@hulu.com. That is why it is important to verify email senders to make sure it’s coming from the official site.

Never trust links

There is always the possibility of an unsolicited email being a scam. That is why you should never trust links or attachments found in unsolicited emails.

Instead, if you receive a message saying there is a problem with your account, and it’s been canceled or blocked type the site’s address directly into your browser. That way you will know you are visiting the real deal and not a spoofed site.

Enable 2FA when available

Any time a company offers two-factor authentication (2FA), take advantage of it. 2FA means you need two ways to prove who you are instead of just your login credentials.

You can either receive a one-time code via text or use an authentication app like Google Authenticator. 

Protect your identity

One-way identity thieves get your personally identifiable information (PII) is through phishing scams like this one. Replying to an email with sensitive information is a bad idea. Once the scammers have enough PII, they can steal your identity and ruin your credit by opening credit cards, taking out loans in your name and more.

And now, three new types of coronavirus scams have been discovered that are even wilder than previous ones. We must admire the effort the scammers are putting in, but that doesn’t mean we’re letting them off the hook. Here is how you can spot the scams so you can protect yourself and your wallet.

Catfishing makes a COVID-19 comeback

Catfishing is a familiar trick that anyone with a Facebook account or a dating profile can tell you about. In simplest terms, the scammer steals pictures from someone else online and impersonates them for personal gain. And on social media platforms, the scam has grown to epidemic proportions.

The FBI reports that more than 19,470 people fell victim to confidence fraud and romance cybercrimes, with losses totaling around $475 million in 2019. This year, catfishing continues to rise, but the scammers are imparting a unique COVID-19 flavor to their tricks.

In one variation reported by NBC News, scammers stole photos from a registered nurse and impersonated her on Facebook to run a fake fundraiser. Because people believed the scammer to be a legitimate nurse, they were able to rake in a sizeable amount of cash before the real nurse found the account and reported it.

Unfortunately, it took more than 400 reports for Facebook to even act on the account. And even then, the victim claims to get messages from strangers who allegedly interacted with her on dating sites as well. What a headache!

To stay safe from catfishers, use skepticism when dealing with anyone you don’t know online. Impromptu fundraisers and donation drives are a big red flag, and those looking to contribute to COVID-19 relief should investigate the charity closely before spending any money.

If someone happens to impersonate you in a catfishing scam, report the page as soon as possible, and do so multiple times until the page is removed. In addition, you’ll want to set your social media accounts to private and potentially create a Google Alert for your name so you know if somebody is searching for it or using it without permission.

These messages are not from your bank!

Money is the root of all these COVID-19 scams, so it is natural that America’s con artists would take to impersonating banks to try and squeeze even more money out of their victims.

In a new variation on classic loan scams, these hustlers pretend to be your bank or loan servicer offering you new financing options with extremely low-interest rates. Some even claim that you can get a mortgage interest rate of 0%, which is quite literally impossible. But if the victim does not know, that only benefits the scammer, doesn’t it?

To protect yourself from bank scams, make sure you ignore any unusual text messages or emails that claim to come from your bank no matter what they say. If it seems realistic enough but you are not 100% sure, go to your bank’s website, grab its phone number, and give them a call for yourself to verify its legitimacy.

Otherwise, you may be signing away extremely sensitive information like your home loan without realizing it. And we think everyone can agree this is absolutely one of the worst times in history to make that kind of mistake.

Other scams to watch out for

  • Stimulus check fraud: Scammers pretend to be the government or your bank and tell you your identity must be verified before you can receive your stimulus check. Many people have fallen for this deceptive scam and lost thousands of dollars because they gave the scammers personally identifying information.
  • Fake protective gear and COVID-19 treatments: People looking for medicines and gear to treat COVID-19 are running into phishing websites that will steal personal data. Oh, and to make matters worse, the treatments are fake, and the gear never arrives.
  • Bioterrorism scam: This one is ludicrous, but people are falling for it. This variation of the classic sextortion scam involves a “hacker” threatening to infect your whole family with COVID-19 unless you cough up bitcoin. Fortunately, it is nothing more than lies and bluster. Scammers will undoubtedly move to even more creative schemes in the coming months.

There was also a scan at Disney Springs where a man would go up to a father or grandfather and started saying very nasty stuff he was going to do to the children until the person got so mad they would take a swing at the person.  Once they took the swing a friend was videotaping the incident and the man would fall to the ground and sue the family.  I heard they made a lot of money doing this until they got thrown out of the park for good.

Conclusion

Until something bad happens to them or someone close to them, most people do not take any kind of cyber security precautions. They do not consider their data to be valuable and don’t imagine that anybody would take their time to try to hack them. However, nowadays most of the attacks are automated, so it does not even have to be personal.

Also keep in mind that you should not rely solely on an antivirus for your protection. It is not bulletproofed! You may have one of the best antivirus software’s – it will not keep you safe from all the harms that are in the cyber world.  I suggest you also use VPN Virtual Private Network and not a free one.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.