rocket-d Scammers push people to pay with iTunes gift cards

One thing we know about scammers — they want money, and they want it fast. That’s why, whatever the con they’re running, they usually ask people to pay a certain way. They want to make it easy for themselves to get the money — and nearly impossible for you to get it back.

Their latest method? iTunes gift cards. To convince you to pay, they might pretend to be with the IRS and say you’ll be arrested if you don’t pay back taxes right now. Or pose as a family member or online love interest who needs your help fast. But as soon as you put money on a card and share the code with them, the money’s gone for good.

If you’re not shopping at the iTunes store, you shouldn’t be paying with an iTunes gift card. Other payment methods scammers might ask for include Amazon gift cards, PayPal, reloadable cards like MoneyPak, Reloadit, or Vanilla, or by wiring money through services like Western Union or MoneyGram. Government offices won’t require you to use these payment methods.

rocket-d Scammers can fake caller ID info

Your phone rings. You recognize the number, but when you pick up, it’s someone else. What’s the deal?

Scammers are using fake caller ID information to trick you into thinking they are someone local, someone you trust – like a government agency or police department, or a company you do business with – like your bank or cable provider. The practice is called caller ID spoofing, and scammers don’t care whose phone number they use. One scammer recently used the phone number of an FTC employee.

Don’t rely on caller ID to verify who’s calling. It can be nearly impossible to tell whether the caller ID information is real. Here are a few tips for handling these calls:

  • If you get a strange call from the government, hang up. If you want to check it out, visit the official (.gov) website for contact information. Government employees won’t call out of the blue to demand money or account information.
  • Don’t give out — or confirm — your personal or financial information to someone who calls.
  • Don’t wire money or send money using a reloadable card. In fact, never pay someone who calls out of the blue, even if the name or number on the caller ID looks legit.
  • Feeling pressured to act immediately? Hang up. That’s a sure sign of a scam.

If you’ve received a call from a scammer, with or without fake caller ID information, report it to the FTC and the FCC.

rocket-d Eat, drink and be wary

Looking for a good time and good eats at a good price? Getting a deal on a food festival or other event is terrific. But don’t let scammers leave a bad taste in your mouth by taking a big bite out of your money — and giving you nothing in return.

While there are many legitimate festivals advertised online, we’ve read news reports and consumer complaints about scam artists who promote fun-and-food-filled days of crab feasts, concerts and similar events on social shopping sites. People buy the tickets, but when they show up at the so-called venue, they find nothing there but other victims of this ruse.

Here are ideas on how to spot and avoid food fest flim-flams:

  • Check it out. Type the name of the festival and/or its promoters in your search engine along with the words “scam,” “fake,” or “fraud.” If you see others have been scammed, there’s a great chance you will be, too. If the event has taken place in other towns, search for online reviews.
  • Look for contact information… and be sure it actually works.  Is there any contact information on the website? If there’s an email or phone number, try them out. If they don’t work, if you don’t get a response within a reasonable time, or if you don’t like the response, forget it. Don’t share your card number or any other information.

rocket-d Email fraudsters scam US company out of nearly $100 million

U.S. officials said Thursday that an unidentified company was defrauded out of nearly $100 million by individuals who used a fake email to pose as one of its vendors.

Online-FraudReuters reported the U.S. government has filed a civil forfeiture lawsuit in federal court in New York seeking to recover nearly $25 million derived from the fraud which is being held in approximately 20 bank accounts around the world.

Authorities said about $74 million has been returned to the company, according to Reuters.

Tom Brown, the managing director of Berkeley Research Group’s cyber security practice, told Reuters the lawsuit “appears to be the largest email scam that I’ve seen.”

The email scheme is believed to have taken place between August and September after a Cyprus-based bank identified some suspicious transfers, authorities said. The fraudsters carried out the scheme by creating a fake email address posing as one of the company’s legitimate vendors in Asia.

The individuals posed as a vendor while communicating with a separate company that was hired to handle the logistics of vendor payments to the American company, the complaint said.

The American company sent $98.9 million meant for the vendor to a bank account in Cyprus, according to the suit. Authorities said at least $25 million was laundered through separate accounts in Cyprus, Latvia, Hungary, Estonia, Lithuania, Slovakia and Hong Kong. The Cyprus bank was able to restrain nearly $74 million.

Authorities believe that this case is the latest example of fraudsters targeting businesses with foreign suppliers or that regularly complete wire transfers.

The FBI issued an alert to companies last week that businesses have lost $2.3 billion globally from wire fraud from October 2013 to February of this year.

Published By:

rocket-d Official-sounding calls about an email hack

There’s a new twist on tech-support scams — you know, the one where crooks try to get access to your computer or sensitive information by offering to “fix” a computer problem that doesn’t actually exist. Lately, we’ve heard reports that people are getting calls from someone claiming to be from the Global Privacy Enforcement Network. Their claim? That your email account has been hacked and is sending fraudulent messages. They say they’ll have to take legal action against you, unless you let them fix the problem right away.

If you raise questions, the scammers turn up the pressure – but they’ve also given out phone numbers of actual Federal Trade Commission staff (who have been surprised to get calls). The scammers also have sent people to the actual website for the Global Privacy Enforcement Network. (It’s a real thing: it’s an organization that helps governments work together on cross-border privacy cooperation.)

Here are few things to remember if you get any kind of tech-support call, no matter who they say they are:

  • Don’t give control of your computer to anyone who calls you offering to “fix” your computer.
  • Never give out or confirm your financial or sensitive information to anyone who contacts you.
  • Getting pressure to act immediately? That’s a sure sign of a scam. Hang up.
  • If you have concerns, contact your security software company directly. Use contact information you know is right, not what the caller gives you.

rocket-d Watch out for a new spam attack posing as a tracking notification from UPS

Windows users are advised to be on their guard, after a new malware campaign was spammed out posing as an email from UPS.

Of course malware being distributed disguised as notifications from delivery firms like UPS, Fedex and DHL are nothing new – but that’s never going to stop criminals from using the technique to trick unsuspecting computer users into clicking on attachments.

After all, if it’s working for them why should they change their tactics?

Here is an example of a typical email that has been spammed out in the last 24 hours, with an infected Word Document attached.


Part of the email, which has the subject line “UPS Tracking Notification”, reads in part:

Tracking Detail

Your package has experienced an exception.

Tracking Number:
The shipping information including the tracking number can be found in the attached shipping label. Redelivery may be arranged by visiting the local Post Office mentioned in the attached label.

Delivery Address Change Requested

Simply receiving the email won’t infect your computer, but if you open the .DOC file attached then your system could be put at risk from a Trojan horse embedded as an OLE object, which in turn attempts to download further malicious code onto your PC.

Of course, you are more likely to fall for this social engineering trick if you regularly use UPS, or are expecting a parcel to be delivered. But even if you don’t, it’s easy to imagine how many people wouldn’t think twice about clicking on an attachment in what appears at first glance to be a legitimate communication.

The important thing is to learn to *always* be wary of opening unsolicited attachments, as they could be designed to infect your computer.

rocket-d Protect Yourself From Phishing

PhishingTrustedBankWhat is Phishing? “Phishing” is when criminals use email, phone and online scams to purposefully and maliciously trick people into sharing information such as passwords, Social Security numbers, account and credit card details and even your mother’s maiden name! Phishing is Fraud and it is a crime.

Defend Yourself:

  • Educate yourself, your family, and if applicable, your co-workers, clients and business partners on what Information Theft is, and what you can do to protect yourself.
  • No legitimate business or government agency will ever ask for personal information via email or phone unless you initiate the contact. If you receive such a request, DON’T RESPOND.

    Quick Facts:

    • According to a Federal Trade Commission report, Information Theft is the fastest growing crime in the United States. It occurs once every 79 seconds on average. In 2005, the cost to consumers was in excess of $5,000,000,000, while the cost to businesses was in excess of $47,000,000,000. The average consumer loss from a phishing attack is $1200.
    • According to a Symantec presentation, 1 out of every 125 emails sent is a phishing attack. In 2005, phishing attacks rose by 90%.
    • The Anti-Phishing Working Group reports that 5.7 billion phishing emails are sent each month, and that over 150,000 unique phishing attacks and 3,000 phishing websites are reported per month.
     What information are Phishers after?  Phishers are interested in gathering information which, by nature, is private and/or confidential, especially if this information can help them steal your identity. Information Theft targets a wide array of information, including, but not limited to:
        • Social Security Numbers.
        • Driver’s License Numbers.
        • Date and Place of Birth.
        • Mother’s Maiden Name.
        • Account Numbers.
        • PINs.
        • Usernames.
        • Passwords.
        • Personal Information.
        • Any confidential information that criminals can either directly use or resell.

    Defend Yourself:

        • Do not disclose any personal information unless the requester has a valid need for the information.
        • Don’t hesitate to ask how your information is going to be protected.
        • Never agree to have your information shared or sold.
        • Remember: No legitimate business or government agency will ever ask for personal information via email or phone unless you initiate the contact. If you receive such a request, DON’T RESPOND!
     How NOT to become a Victim. Phishing may appear to be an anonymous crime, but it is not a victimless crime. However, we have good news: simple techniques exist to NOT become a Phishing Victim. Simple Techniques:
        • Never provide confidential information unless you started the conversation. Never answer an email, pop-up, phone call, letter, etc. that asks for personal information. Legitimate companies do NOT ask for this information, ever!
        • Be suspicious! Because something is written down in an email or in a pop-up does not mean that it is true and legitimate.
        • Do not click on a link provided in an email or enter information in a pop-up window. Go to the website yourself and from there navigate to the area of interest.
        • Use anti-malware solutions that are updated. This will stop the installation of crimeware on your computer that could harvest your information.
        • Do not use public computers or wireless networks to conduct confidential activities. This includes wi-fi hot spots, kiosk computers, cybercafés.
        • Shred all documents that contain personal, sensitive or confidential information.
     What to do if you have been phished?  If you are a phishing victim, it is important for you to follow these simple instructions to minimize the damage caused by the criminals who stole your information. Report it!
    • Place a Fraud Alert on your Credit Report.
    • Close the accounts that you know, or believe, have been tampered with or opened fraudulently.
    • File a police report.
    • File a complaint with the Federal Trade Commission. By sharing your identity theft complaint with the FTC, you will provide important information that can help law enforcement officials across the nation track down identity thieves and stop them. The FTC can refer victims’ complaints to other government agencies and companies for further action, as well as investigate companies for violations of laws the agency enforces.
    • Monitor your bank accounts, credit card accounts and credit report.

    Spotlight on Reporting Action Plan:

    • Write down the name of everyone you talk to, what he or she tells you, and the date the conversation occurred.
    • Follow up in writing with all contacts you’ve made on the phone or in person. Use certified mail, return receipt requested, so you can document what the company or organization received and when.
    • Keep copies of all correspondence or forms you send.
    • Keep the originals of supporting documents, like police reports and letters to and from creditors; send copies only.


    • If you are a victim of phishing, others in your community will be, too. The sooner you report it, the sooner you can help protect your community against these criminals!

    rocket-d Scammers phish for mortgage closing costs

    Buying a home is exciting. You saved for the down payment, scheduled the move, and are dreaming of planting new roots. Closing is right around the corner… unless a scammer gets your settlement fees first.

    The Federal Trade Commission and the National Association of Realtors® are warning home buyers about an email and money wiring scam. Hackers have been breaking into some consumers’ and real estate professionals’ email accounts to get information about upcoming real estate transactions. After figuring out the closing dates, the hacker sends an email to the buyer, posing as the real estate professional or title company. The bogus email says there has been a last minute change to the wiring instructions, and tells the buyer to wire closing costs to a different account. But it’s the scammer’s account. If the buyer takes the bait, their bank account could be cleared out in a matter of minutes. Often, that’s money the buyer will never see again.

    If you’re buying a home and get an email with money-wiring instructions, STOP. Email is not a secure way to send financial information, and your real estate professional or title company should know that. If it’s a phishing email, report it to the FTC.

    Here are some ideas to help you avoid phishing scams:

    • Don’t email financial information. It’s not secure.
    • If you’re giving your financial information on the web, make sure the site is secure. Look for a URL that begins with https (the “s” stands for secure). And, instead of clicking a link in an email to go to an organization’s site, look up the real URL and type in the web address yourself.
    • Be cautious about opening attachments and downloading files from emails, regardless of who sent them. These files can contain malware that can weaken your computer’s security.
    • Keep your operating system, browser, and security software up to date.