• Fake emails about fake money from a fake COVID-19 fund

    July 01, 2020, 1:58 PM

    Because of COVID-19, unemployment rates are high and many people’s cash flows are low. Scammers view these as ripe conditions to strike. They’ll stop at nothing — not even a pandemic — to trick you into sharing your personal or financial information. That includes pretending to be a government official from the Federal Trade Commission to gain your trust. 

    We just heard about an email going around from someone claiming to be from the FTC. This scam email says you’ll get money from a COVID-19 “Global Empowerment Fund.” All you need to do, it says, is respond with your bank account information and they’ll transfer the funds. But that’s a scam. There’s no money and there’s no fund. And it’s not from the FTC. If you get a message like this, don’t respond. Instead, report it to the real FTC at ftc.gov/complaint.

    The FTC will never contact you by phone, email, text message, or social media to ask for your financial information. (Or your Social Security number.) Anyone who does is a scammer, phishing for your information.

    If you’re getting an economic stimulus payment, that money will come from the Internal Revenue Service.

    If you think you gave your financial information to a scammer, go to IdentityTheft.gov for steps you can take to protect yourself.

    To keep up with the latest scams, sign up for the FTC's consumer alerts

    Source: Federal Trade Commission 
  • Scam emails demand Bitcoin, threaten blackmail

    May 06, 2020, 9:44 AM

    The FTC uses the information it gets from people who report scams to keep close watch on trends, so we can alert you to changes. Here’s one: reports of Bitcoin blackmail scams have taken a big jump in the last few weeks. The emails say they hacked into your computer and recorded you visiting adult websites. They threaten to distribute the video to your friends and family within hours, unless you pay into their Bitcoin account. Stop. Don’t pay anything. Delete the message. It’s a scam.

    Based on the timing of this spike, you may get one of these messages because your email was exposed in a recent data breach. The scammers may say they have access to your computer or webcam, or installed clever software to defeat you. That’s all talk. But they may really know one of your old – or recent – passwords, and they include it in the message to prove it. When you see that, you know it’s time to update your password on that account, and consider updating other passwords, too.

    If you, or someone you know, get a message like this, please report it to the FTC at www.FTC.gov/Complaint.

    Source: Federal Trade Commission 
  • Scammers are using COVID-19 messages to scam people

    April 13, 2020, 1:24 PM

    Scammers are experts at shifting tactics and changing their messages to catch you off guard. This is especially true as they take advantage of anxieties related to the Coronavirus. Here’s a quick alert about some current government imposter scams using COVID-19 that are popping up on our radar.

    Medicare scams

    Scammers might call to offer things like a “COVID-19 kit,” “Coronavirus package,” or Medicare benefits related to the virus. But they’ll ask you to verify personal information like your bank account, Social Security, or Medicare numbers. If you get a call from someone who says they’re a Medicare representative and they ask for this information, hang up. It’s a scam, not Medicare calling. Report it to the FTC at ftc.gov/complaint

    Relief payment messages from “government agencies”

    The FTC is getting a lot of reports about fraudulent calls, texts, and emails coming from people pretending to be from the Social Security Administration, IRS, Census, USCIS and the FDIC. These fake government messages might say that you’re approved for money, can get quick relief payments, or get cash grants due to the Coronavirus. Scammers might also promise you small business loans, or send a (phishing) alert that a check is ready to be picked up. These are all scams, and none of those messages come from a government agency.

    If you respond to these calls or messages, they might ask you for money, personal information, or both. Don’t give it. And remember that the surest sign of a scam is anyone who asks you to send cash, pay with a gift card, wire money, or pay with cryptocurrency.

    Stay on top of all types of imposter scams by visiting ftc.gov/imposters, and sign up for the FTC’s Consumer Alerts to get the latest on all kinds of scams.

    Source: Federal Trade Commission 
  • Is that text message about your FedEx package really a scam?

    February 21, 2020, 1:16 PM

    You may be skeptical when someone you don’t know sends you a text message you didn’t expect and it tells you to click on a link. Maybe that little voice in your head starts talking to you. I know mine does. It says, “Hmm, this could be a scam. Maybe someone wants to steal my personal information. Or get me to pay for something.”

    I guess that's why scammers come up with new stories all the time, like a package tracking scam we're hearing about. Here's how it works.

    Scammers send a text message with a fake shipment tracking code and a link to update your delivery preferences. In this case, the message says it’s from FedEx.

    But they might use the name of another well-known shipping company, or the good old U.S. Postal Service.

    Cue that skeptical little voice in your head. Here’s what it might be thinking:

    • “Was I expecting a package delivery?”
    • “Did I send a package to someone?”
    • “Did I ask for text notifications?”

    Tip: If you get an unexpected text message, don’t click on any links. If you think it could be legit, contact the company using a website or phone number you know is real. Don’t use the information in the text message.

    In this version of the scam the link takes you to a fake Amazon website. There, you're invited to take a customer satisfaction survey. And you might just win a free prize. But to get it, you have to give them your credit card number to pay for shipping.

    Hopefully that wise little voice in your head is thinking:

    • “I shouldn't have clicked that link!”
    • “Why would a link to my package delivery preferences take me to an unrelated website?”
    • “You said the prize was free, but now I need to pay. What else am I agreeing to pay for?”
    • “I really shouldn’t have clicked on that link!”

    Tip: Some companies offer so-called “free trials” that come with hidden costs. Here’s what you should consider before you sign up for a free trial offer.

    Scammers may be turning to text messages as a new tactic. But there’s a lot you can do right now to protect yourself. Read How to Recognize and Report Spam Text Messages to learn what to do about spam text messages and how to report them.

    Source: Federal Trade Commission 
  • Privacy and Mobile Device Apps

    January 29, 2020, 9:01 AM

    What are the risks associated with mobile device apps?

    Applications (apps) on your smartphone or other mobile devices can be convenient tools to access the news, get directions, pick up a ride share, or play games. But these tools can also put your privacy at risk. When you download an app, it may ask for permission to access personal information—such as email contacts, calendar inputs, call logs, and location data—from your device. Apps may gather this information for legitimate purposes—for example, a ride-share app will need your location data in order to pick you up. However, you should be aware that app developers will have access to this information and may share it with third parties, such as companies who develop targeted ads based on your location and interests.

    How can you avoid malicious apps and limit the information apps collect about you?

    Before installing an app

    • Avoid potentially harmful apps (PHAs). Reduce the risk of downloading PHAs by limiting your download sources to official app stores, such as your device’s manufacturer or operating system app store. Do not download from unknown sources or install untrusted enterprise certificates. Additionally—because malicious apps have been known to slip through the security of even reputable app stores—always read the reviews and research the developer before downloading and installing an app.
    • Be savvy with your apps. Before downloading an app, make sure you understand what information the app will access. Read the permissions the app is requesting and determine whether the data it is asking to access is related to the purpose of the app. Read the app’s privacy policy to see if, or how, your data will be shared. Consider foregoing the app if the policy is vague regarding with whom it shares your data or if the permissions request seems excessive.

    On already installed apps

    • Review app permissions. Review the permissions each app has. Ensure your installed apps only have access to the information they need, and remove unnecessary permissions from each app. Consider removing apps with excessive permissions. Pay special attention to apps that have access to your contact list, camera, storage, location, and microphone.
    • Limit location permissions. Some apps have access to the mobile device’s location services and thus have access to the user’s approximate physical location. For apps that require access to location data to function, consider limiting this access to when the app is in use only.
    • Keep app software up to date. Apps with out-of-date software may be at risk of exploitation of known vulnerabilities. Protect your mobile device from malware by installing app updates as they are released.
    • Delete apps you do not need. To avoid unnecessary data collection, uninstall apps you no longer use.
    • Be cautious with signing into apps with social network accounts. Some apps are integrated with social network sites—in these cases, the app can collect information from your social network account and vice versa. Ensure you are comfortable with this type of information sharing before you sign into an app via your social network account. Alternatively, use your email address and a unique password to sign in.

    What additional steps can you take to secure data on your mobile devices?

    • Limit activities on public Wi-Fi networks. Public Wi-Fi networks at places such as airports and coffee shops present an opportunity for attackers to intercept sensitive information. When using a public or unsecured wireless connection, avoid using apps and websites that require personal information, e.g., a username and password. Additionally, turn off the Bluetooth setting on your devices when not in use. (See Cybersecurity for Electronic Devices.)
    • Be cautious when charging. Avoid connecting your smartphone to any computer or charging station that you do not control, such as a charging station at an airport terminal or a shared computer at a library. Connecting a mobile device to a computer using a USB cable can allow software running on that computer to interact with the phone in ways you may not anticipate. For example, a malicious computer could gain access to your sensitive data or install new software. (See Holiday Traveling with Personal Internet-Enabled Devices.)
    • Protect your device from theft. Having physical access to a device makes it easier for an attacker to extract or corrupt information. Do not leave your device unattended in public or in easily accessible areas.
    • Protect your data if your device is stolen. Ensure your device requires a password or biometric identifier to access it, so if is stolen, thieves will have limited access to its data. (See Choosing and Protecting Passwords.) If your device is stolen, immediately contact your service provider to protect your data. (See the Federal Communications Commission’s Consumer Guide: Protect Your Smart Device.)
    Source: U.S. Department of Homeland Security
  • The top frauds of 2019

    January 29, 2020, 8:56 AM

    Each year, the FTC takes a hard look at the number of reports people make to our Consumer Sentinel Network. In fact, during 2019, we got more than 3.2 million reports to the FTC from you. We’ve read what you’ve said, and crunched the numbers. Here’s what you told us in 2019.

    • Imposter scams was the number one fraud reported to Sentinel in 2019. People reported losing more than $667 million to imposters, who often pretended to be calling from the government or a well-known business, a romantic interest, or a family member with an emergency. When people lost money, they most frequently reported paying scammers with a gift card.
       
    • Social Security imposters were the top government imposter scam reported. There were 166,190 reports about the Social Security scam, and the median individual loss was $1,500.
       
    • Phone calls were the number one way people reported being contacted by scammers. While most people said they hung up on those calls, those who lost money reported a median loss of $1,000 in 2019.

    You might wonder what, besides these numbers, comes out of reporting scams and other consumer issues to the FTC. Well, because of your reports, the FTC and its law enforcement partners are able to investigate the people and companies that trick people into paying money. Your reports help build and bring those cases, which also helps us enforce laws that stop scams and other dishonest business practices that take people’s money.

     

    In fact, during 2019, FTC law enforcement actions led to more than $232 million in refunds to people who lost money. More than 1.9 million people cashed checks mailed by the FTC. And, in the last four years, people have cashed more than one billion dollars in FTC refund checks. That’s real money back into people’s pockets.

    Source: Federal Trade Commission