Updates from July, 2025 Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 8:00 am on July 2, 2025 Permalink | Reply
    Tags: , , PHI, ,   

    Fake Health Investigators Target You 

    By Greg Collier

    The Federal Bureau of Investigation has issued a warning about a new wave of scams where cybercriminals impersonate health fraud investigators. As detailed in a report from Bleeping Computer, these schemes are designed to trick both patients and healthcare providers into surrendering sensitive data, including medical and financial records.

    According to a recent advisory from the agency, fraudsters are posing as legitimate health insurers or members of investigative teams. Victims are contacted through emails or text messages crafted to appear authentic. The goal is to pressure individuals into sharing protected health information or personal financial details. In some cases, the messages claim the recipient must provide reimbursements for supposed overpayments or services not covered by insurance.

    The messages typically mimic the language and branding of trusted healthcare entities, making them difficult to distinguish from genuine communications. Once the information is obtained, it can be used for a range of criminal activities, including identity theft and insurance fraud.

    Federal agencies recommend taking caution with any unsolicited messages requesting personal or medical information. They advise verifying the authenticity of such communications by contacting the insurer directly. Security experts also emphasize the importance of strong passwords and Multi-Factor Authentication to protect against account breaches.

    The healthcare sector remains a frequent target of these attacks. In a separate notice, the Department of Health and Human Services highlighted how attackers are using social engineering to exploit IT help desks at healthcare organizations. By gaining internal access, they can reroute financial transactions through business email compromise tactics, often with devastating results.

    As impersonation scams evolve, public awareness and vigilance remain key defenses. Verifying communications and safeguarding personal data can help prevent falling victim to schemes that increasingly blur the line between real and fake.

     

  • Geebo 8:26 am on July 1, 2025 Permalink | Reply
    Tags: , , , ,   

    Brushing Scams Start at Your Door 

    Brushing Scams Start at Your Door

    By Greg Collier

    A surprise package on your doorstep may seem like a harmless fluke or a lucky mistake. But if you didn’t order it, it could be a warning sign that your personal information has fallen into the wrong hands.

    The U.S. Postal Service is raising awareness about a growing fraud known as a brushing scam. These scams involve third-party sellers sending unsolicited, low-cost items, such as socks, kitchen gadgets or trinkets, to real names and addresses. While the package itself might appear innocuous, its arrival often means that your name, address and possibly more sensitive data are already circulating among cybercriminals.

    At the heart of this scheme is a tactic used to game online retail platforms. After sending out items, the scammers leave positive reviews in the recipient’s name to boost the product’s visibility. This process creates fake but “verified” buyer accounts. It may start with a small item, but experts warn that brushing scams are rarely isolated incidents. The presence of such a package suggests that personal data may have been scraped, bought, or stolen from compromised databases.

    The concern doesn’t end with phony reviews. The misuse of your identity in this way can indicate a much broader security issue. Stolen data can be used to commit financial fraud, steal identities, impersonate users, or circumvent authentication protocols on secure accounts. With information like your full name, home address, and even phone number, scammers can initiate phishing campaigns, open unauthorized accounts or execute social engineering attacks.

    If you receive a package you did not order, it’s important to take it seriously. While there may not be an immediate financial loss, the presence of such a package can indicate that your personal information is at risk. It’s recommended to report the incident to the U.S. Postal Inspection Service, monitor financial and retail accounts for irregularities, and take precautions such as changing passwords. Even if fraud hasn’t occurred yet, these steps can help prevent future harm.

    One important note is to avoid engaging with the package in any way. Scanning QR codes, leaving reviews, or attempting to return the item may confirm to the sender that your address is valid, potentially inviting further contact or exploitation. Some scammers may include counterfeit postage or links to malicious websites, further complicating matters.

    Treat any unexpected delivery with caution. A mystery box might seem like a minor curiosity, but it can be the first clue that your identity is being used without your knowledge. By staying vigilant and proactive, you can reduce the risk of falling victim to a larger and more damaging scam.

     

  • Geebo 8:00 am on June 30, 2025 Permalink | Reply
    Tags: , , , ,   

    Temu Review Job Offer Is a Scam 

    Temu Review Job Offer Is a Scam

    By Greg Collier

    A growing number of consumers are reporting suspicious text messages claiming to offer high-paying jobs for writing reviews on Temu. These messages often appear to come from unusual email addresses or fake recruiters claiming to work for familiar platforms like Indeed. The promised compensation ranges from hundreds to thousands of dollars for only minutes of work each day.

    These types of messages are part of a broader wave of text-based job scams that have been circulating for months. In many cases, the recipient has never applied for a job and may not even be actively seeking employment. Despite that, the message encourages recipients to respond, provide personal information, or click on embedded links. The goal of these scams is typically to steal money, commit identity fraud, or infect a device with malware.

    The supposed connection to Temu appears to be entirely fabricated. The company has acknowledged that scammers have falsely used its name in phishing attempts. As with other brands that gain rapid popularity, Temu has become a convenient reference point for fraudsters trying to seem legitimate.

    The safest response to these messages is to ignore them completely. Do not click any links or call the numbers listed in the message. Instead, consumers can report the messages by forwarding them to 7726, which stands for SPAM. After forwarding, a follow-up message will prompt the user to share the phone number or email that sent the original text. This helps authorities track the source and prevent further abuse.

    These scams are a reminder to remain cautious when receiving unsolicited job offers, especially ones promising fast money for minimal work. If a message seems too good to be true, it likely is.

     

  • Geebo 8:00 am on June 27, 2025 Permalink | Reply
    Tags: , , , , ,   

    Walmart Fined $10M Over Scam Transfers 

    Walmart Fined $10M Over Scam Transfers

    By Greg Collier

    When scammers aren’t asking for gift cards or precious metals, they’re often relying on money transfers. These services offer a fast, irreversible way to move cash, making them an attractive tool for fraud. One of the most accessible and widely used venues for money transfers in the United States is Walmart. Now, the retail giant has agreed to pay $10 million to settle charges brought by the Federal Trade Commission (FTC) over its handling of scam-related transfers.

    The FTC alleged that for years Walmart allowed its in-store money transfer services to be exploited by criminals. According to the agency, from 2013 to 2018, the company failed to enforce adequate anti-fraud policies and procedures. It also did not properly train staff or effectively warn customers about the risks associated with certain types of money transfers. These failures reportedly allowed scammers to take hundreds of millions of dollars from consumers, often in the context of impersonation schemes, bogus telemarketing offers, and fraudulent payments for nonexistent services or goods.

    Walmart acted as an agent for major transfer networks, including MoneyGram and Western Union, during the period in question. The FTC’s case pointed to a pattern of neglect that enabled widespread abuse. Though an amended complaint filed in 2023 expanded on these allegations, the Commission faced setbacks in court. A key telemarketing claim was dismissed twice, limiting the agency’s ability to seek broader consumer restitution. However, the resolution announced this month marks a partial victory, setting enforceable standards for future conduct.

    The final order, filed in the U.S. District Court for the Northern District of Illinois, is designed to prevent similar problems going forward. Walmart is now prohibited from continuing money transfer operations without taking meaningful steps to detect and stop fraud. The company is also barred from facilitating or supporting telemarketers who use these transfers to extract upfront payments or who solicit money under deceptive pretenses.

    The $10 million settlement is relatively small compared to the scale of the alleged fraud, but it underscores the importance of corporate responsibility in the financial services sector. Consumers continue to be targeted through a range of schemes that depend on fast and irreversible payments. When retailers provide these services, they also carry the obligation to help safeguard the public.

    This case highlights how a lack of oversight at the point of service can lead to substantial harm. Whether through wire transfers, gift cards, or digital platforms, scammers thrive on speed and anonymity. Regulatory action like this serves as a reminder that vigilance and consumer protection must be a priority wherever money changes hands.

     

  • Geebo 8:00 am on June 26, 2025 Permalink | Reply
    Tags: , , , , ,   

    When the Bank Is the Weak Link in Scams 

    By Greg Collier

    A recent investigation by ProPublica has once again laid bare the critical role banks play in enabling international fraud networks, often by doing very little. The report follows the case of a small family-run business in Boston that found itself entangled in a lawsuit over a crypto-related scam, despite having no connection to cryptocurrency or even an account at the bank involved. The bank in question, it turns out, had allowed a fraudster to open an account in the business’s name without identification, which was later used to move hundreds of thousands of dollars from scam victims.

    The scam in question is part of a growing phenomenon known as “pig butchering,” a long con in which victims are emotionally manipulated over time to invest increasing sums of money into fraudulent schemes. The funds are typically wired to domestic bank accounts that appear legitimate, then quickly moved and converted to cryptocurrency for laundering across borders. Many of these scams originate from Southeast Asian compounds operated by criminal syndicates with billions of dollars in annual proceeds.

    Banks are at the center of this laundering infrastructure. They are supposed to serve as gatekeepers, preventing the creation of fraudulent accounts and flagging suspicious activity. But as ProPublica outlines, the reality is often far more permissive. Criminal groups exploit lax verification protocols and the lack of mandatory fraud detection standards. In the case involving the Boston truck repair business, a Chase account was reportedly opened online using only a business identification number, with no personal ID or in-person verification.

    Scammers are well aware of these vulnerabilities and operate entire marketplaces to exploit them. Messaging apps like Telegram have hosted channels where money laundering facilitators openly advertise U.S. bank accounts for rent. These accounts are used to collect stolen funds, convert them to crypto, and forward them to overseas actors. Despite existing regulations requiring banks to monitor for suspicious behavior, enforcement is inconsistent. The law mandates that banks design anti-money laundering programs, but it does not require those programs to be effective.

    This regulatory gap creates a situation where the burden of vigilance often falls on the victim. In the ProPublica report, one scam victim lost nearly $400,000 by wiring money to accounts tied to shell companies at major financial institutions. Even after realizing he had been defrauded, his efforts to reverse the wires were largely unsuccessful. It took a lawsuit and media inquiry for one bank to finally return his money. That money had been sitting in a frozen account for months.

    We’ve been documenting bank scam stories for years where victims not only lose their savings but are met with indifference or hostility from the very institutions that facilitated the fraud. Often, banks treat scam victims as liabilities or even suspects, rather than customers in need of assistance.

    Some countries are taking stronger action. The United Kingdom now mandates that banks reimburse victims of authorized payment scams. Australia is moving toward greater information sharing among banks. Thailand has created a centralized fraud register to shut down suspicious accounts more efficiently. In contrast, the United States continues to rely on voluntary guidelines and industry self-regulation, even as fraud rates rise.

    ProPublica’s report highlights just how systemic this problem has become. It’s not just about one fraud or one bank, but a banking system that routinely fails to keep bad actors out. As long as institutions can look the other way without consequences, these scams will continue to thrive.

    We can only hope that this in-depth reporting begins to move the needle. Victims deserve more than platitudes and procedural roadblocks. Banks must be held to a higher standard before more lives and livelihoods are destroyed.

     

  • Geebo 8:00 am on June 25, 2025 Permalink | Reply
    Tags: , , ,   

    $2 Water Scam Costs Victim $1,100 

    By Greg Collier

    A recent case out of Atlanta serves as a timely warning about how a moment of generosity can lead to a significant financial loss, particularly when using peer-to-peer payment apps. In this instance, a woman attempting to buy a bottle of water from a group of local street vendors was tricked into sending $1,100 through Cash App. The situation unfolded when one of the vendors asked to enter their payment information directly into her phone, claiming it would help ensure the correct username. After the phone was returned and the payment was submitted, she discovered far more money had been transferred than she intended.

    With the United States currently facing record-breaking temperatures due to an ongoing heat dome, this scam could start appearing in other cities where street vending activity increases during hot weather. The presence of informal vendors offering water or cold drinks at intersections may become more common, especially in urban areas where demand spikes. Unfortunately, this also creates more opportunities for similar scams to take place, particularly when payment apps are involved.

    Law enforcement is aware of the situation, but cases like this can be difficult to resolve quickly, especially if the recipient account is untraceable or the money is withdrawn soon after the transaction. Attempts to dispute such payments through the app itself may take time and do not guarantee a refund. In this case, a police report was filed, and the user began the dispute process, but it could be weeks before any resolution is reached.

    Multiple similar incidents have reportedly taken place in the same area, with other individuals describing losses ranging from hundreds to over a thousand dollars, often involving either direct phone access or QR code manipulation. Although the accounts of these events have largely surfaced through personal social media posts, they are drawing growing concern among residents and travelers alike.

    One clear takeaway from this situation is that no one should ever hand over their phone to a stranger when using payment apps. These platforms are designed to make transactions easy, but their convenience also comes with significant risk if proper precautions are not taken. Scammers are known to exploit brief lapses in judgment, especially in fast-moving or emotionally charged moments.

    As temperatures continue to rise and street activity increases, it is important to stay vigilant. While many street vendors operate honestly, this case is a reminder that not all do. Protecting personal devices and maintaining control of financial apps at all times can help prevent similar losses from happening elsewhere.

     

  • Geebo 8:00 am on June 24, 2025 Permalink | Reply
    Tags: , , , , ,   

    Overpayment Scam Targets Small Businesses 

    By Greg Collier

    Scammers continue to target small business owners, and one recent case in the Tulsa Metro area highlights just how easily a routine job request can turn into a financial trap. This situation involved a new cleaning business that was approached for what seemed like a standard move-in cleaning. The request came through a text message, supposedly from someone who found the company through Facebook and had seen positive reviews.

    The individual claimed to need cleaning services for a home listed for sale, even offering an address and referencing a Zillow listing to make the request appear legitimate. After checking the address and confirming the listing existed, the business owner provided a quote for the cleaning service. The client responded with agreement, saying a check would be sent in advance to avoid delays.

    What arrived, however, was a check for nearly four times the agreed amount. The sender explained the excess was intended for a handyman who would be on-site the same day as the cleaning, asking the business owner to deliver the extra funds directly to that individual. This request immediately raised concerns.

    Additional warning signs appeared. The check was shipped overnight from a sender in New Jersey, yet it was drawn from an account in Oregon and issued by an organization unrelated to the cleaning job. There was even a typographical error in the city name printed on the check. Seeking confirmation, the business owner contacted the listing agent tied to the home on Zillow. The agent confirmed neither the homeowner nor the agency had requested cleaning services, confirming the job offer was fraudulent.

    This type of fraud is a textbook example of an overpayment scam. The victim is sent a check that appears legitimate, deposits it, and then is asked to return or forward the extra money. When the check eventually bounces, the victim is left responsible for any money they withdrew and paid out, losing real funds in the process.

    This case serves as a reminder that small business owners are frequent targets for these types of scams, especially those operating through social media and online platforms. Caution is essential when dealing with unsolicited job offers that involve advance payments or unusual financial arrangements. Even when a job seems straightforward and comes with plausible details, it is worth double-checking every step, especially when unexpected money enters the equation. Recognizing the red flags early can prevent a costly mistake.

     

  • Geebo 8:00 am on June 23, 2025 Permalink | Reply
    Tags: , , , ,   

    Scammers Target Drivers With Texts 

    By Greg Collier

    Toll scams are among the most common digital frauds circulating today, and a recent case out of Utah demonstrates how easily they can catch someone off guard. After completing a cross-country road trip with her husband, one woman found herself navigating toll charges from several different states. She expected to receive payment notices by mail. So when a text message arrived in January asking her to settle an outstanding toll, it didn’t seem suspicious at first.

    The timing felt plausible. She was away from home and in a hurry, so she clicked the link and entered her payment information to resolve the issue quickly. Not long after, her credit union contacted her about two unauthorized charges totaling several hundred dollars. She hadn’t made the purchases. She had been scammed.

    These toll scams are convincing because they prey on routine behavior. When someone knows they’ve driven on toll roads, receiving a message about an unpaid toll feels legitimate. The scam works by mimicking a real toll agency’s communication style and creating a sense of urgency. Victims are told they must pay promptly to avoid penalties or legal consequences. That fear can override skepticism, especially when the message arrives during a busy moment.

    In this case, the text included a payment link that led to a fake site resembling a toll collection portal. Once the victim submitted her debit card information, the fraudsters immediately used it to make unauthorized purchases. This incident underscores the risk of entering sensitive information through links received by text, especially on mobile devices where it’s harder to spot red flags.

    One key detail that might have helped expose the scam was the phone number itself. The message came from a foreign country code, completely unrelated to the toll agency it claimed to represent. A closer look would have revealed that the Massachusetts toll system is unlikely to use a number based in the Philippines. Small inconsistencies like these often go unnoticed when people are trying to act quickly.

    The victim later realized that using a debit card added another layer of risk. Unlike credit cards, debit transactions can be harder to dispute, particularly if a PIN was entered. Consumer advocates often recommend using credit cards instead for online payments, as they offer stronger fraud protections.

    Toll scams like this continue to circulate because they rely on timing and familiarity. They succeed when people are distracted or expecting a message that appears to match their recent activity. Recognizing the warning signs, suspicious links, unfamiliar area codes, and rushed payment demands, can make a crucial difference. Slowing down, verifying the source, and avoiding financial transactions over text can help protect against this increasingly common form of fraud.

     

  • Geebo 8:00 am on June 20, 2025 Permalink | Reply
    Tags: , , , , search parameter injection attack   

    Fake Customer Service Numbers on Real Websites 

    By Greg Collier

    We usually tell readers to visit a company’s official website when they need a customer service number. It’s long been the safest way to avoid fake listings or shady third-party services. But a new tactic used by cybercriminals may force us to rethink that advice. A recent report from Malwarebytes reveals a troubling development in search engine abuse that puts even cautious internet users at risk.

    The issue begins with a sponsored search result on Google. Cybercriminals are paying for ads that appear when users search for customer service support from trusted brands such as Apple, Bank of America, Facebook, HP, Microsoft, Netflix, or PayPal. At first glance, the ad appears legitimate. It often leads to the actual website of the company in question. But here’s the twist. The page you land on displays a fraudulent customer service phone number, not the official one.

    What makes this tactic so effective is that the browser still shows the correct web address. From the user’s perspective, everything appears to be in order. The site design is correct, the branding is familiar, and the URL is clean. But the contact information has been manipulated using what’s known as a search parameter injection attack.

    In simple terms, the attackers craft a URL that takes advantage of the company’s internal search function. That search query then gets reflected back onto the page. Because the site does not properly sanitize or validate the input, the attacker’s text, including a fake phone number, is displayed directly within the legitimate layout of the website. The result is a convincing, dangerous piece of misinformation hiding in plain sight.

    For example, someone looking for support from Netflix might be directed to a Netflix help page, complete with a scam number prominently displayed. The same applies to PayPal or Bank of America. If a victim calls that number, they are greeted by someone pretending to represent the brand. The goal is to extract sensitive information such as login credentials, banking details, or to convince the caller to install remote access software that gives the scammer control of their device.

    According to Malwarebytes, Apple was among the more deceptive examples. In that case, the page showed a message saying there were no results for the user’s search, followed by a prominently displayed number to call for help. It was all part of the same trap.

    HP’s example was slightly more obvious, as it included some visible clues like odd phrasing before the attacker’s message. But the sense of security that comes from seeing a recognizable brand URL often overpowers a user’s instinct to double-check.

    Fortunately, tools like Malwarebytes Browser Guard have started flagging these types of manipulations. When one of these scams is detected, the software displays a warning labeled “Search Hijacking Detected,” explaining that the content has been altered.

    While this is an encouraging step, it’s not a perfect solution. Many users do not use browser protection tools, and many more still place complete trust in top search results. That trust is what scammers are exploiting. They are counting on people to assume that if a website is real, the phone number must be as well.

    This trend raises important questions about the integrity of search platforms, the responsibility of large brands to safeguard their online presence, and the growing sophistication of scams. It also calls for a renewed focus on user awareness. Before calling any support number, it’s now more important than ever to verify it independently through past communication from the company or trusted contact methods.

    The rise of search parameter injection scams highlights the evolving nature of online fraud. It’s not just about tricking people into visiting a fake site. It’s about planting bad information in the spaces people already trust. And that makes it harder to know what, or who, is real.

     

  • Geebo 8:00 am on June 19, 2025 Permalink | Reply
    Tags: , , , ,   

    Scammers Clone Celebrity Voices 

    Scammers Clone Celebrity Voices

    By Greg Collier

    A growing number of scams now involve the use of artificial intelligence to impersonate well-known individuals, including local news personalities and potentially even national celebrities. A recent example in Cincinnati highlights the sophistication of these tactics, as scammers used AI-generated audio to mimic the voice of a local TV meteorologist.

    The scheme involves the creation of fake social media accounts, complete with copied profile photos and fabricated usernames that closely resemble legitimate ones. These impersonators send friend requests to unsuspecting individuals and later initiate private conversations in which they use voice messages to convince the target of their identity. The scammers then ask for large sums of money, exploiting the trust built through this artificial familiarity.

    What makes this scam particularly effective is the use of AI voice cloning. With only a few seconds of publicly available audio, such as from a news broadcast or social media post, malicious actors can create a nearly perfect replica of a person’s voice. This technology is readily accessible through free or inexpensive software tools available online.

    While this incident involved a local media figure, the same approach can be used to mimic actors, musicians, and other public figures. It can also extend to impersonations of family members, as seen in other frauds where a cloned voice is used to trick victims into believing a loved one is in distress.

    Social media companies and cybersecurity experts continue to warn the public about these emerging threats. Verifying the legitimacy of messages or profiles, particularly when they involve requests for money, is critical. Fake accounts often use slight misspellings, have minimal engagement, or were created recently. In many cases, a quick search can reveal the existence of the real account, helping to identify the fraudulent one.

    The rise of AI-powered impersonation poses significant challenges to online safety. It underscores the importance of skepticism, especially when requests come through unofficial or unexpected channels. Awareness and caution remain the first lines of defense against this evolving form of digital deception.

     

← Older posts

c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel