Tagged: phishing Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 8:00 am on August 8, 2025 Permalink | Reply
    Tags: , phishing, , ,   

    Amazon Refund Text Scam Alert 

    Amazon Refund Text Scam Alert

    By Greg Collier

    Scammers are once again impersonating Amazon in an effort to steal money and personal information from unsuspecting consumers. This warning comes from the Federal Trade Commission, which reports that fraudulent text messages are claiming there is a problem with a recent purchase and offering a refund.

    The messages appear to come from Amazon and state that a “routine quality inspection” has determined that an item recently purchased does not meet the company’s standards or has been recalled. The text promises a full refund without the need to return the product but instructs the recipient to click a link to claim the money. In reality, there is no refund, and the link leads to a phishing site designed to obtain financial or personal information.

    Amazon is a frequent target for impersonation in scams because of its large customer base and the high volume of orders placed each day. Many recipients of these texts will have made a purchase recently, which makes the scam seem more believable and increases the likelihood they will interact with the message.

    Legitimate companies do not issue refunds through unsolicited text messages, and consumers should be cautious when receiving unexpected communications. Rather than clicking any links or replying to the message, shoppers concerned about the authenticity of such a notice should contact the retailer directly using verified channels. Checking an account through the official website or app can confirm whether a product recall or quality issue actually exists.

    Suspicious texts can be reported to mobile carriers by forwarding them to 7726, which spells “SPAM” on most devices, or by using the built-in junk reporting feature on a smartphone. After reporting, the message should be deleted to prevent accidental interaction. Consumers who believe they have been targeted by this type of scam can file a report with the Federal Trade Commission to help stop fraudulent activity.

     

  • Geebo 8:00 am on July 29, 2025 Permalink | Reply
    Tags: , , phishing, , State Code 15C-16.003,   

    Fake DMV Texts Cite Bogus Laws 

    By Greg Collier

    A phishing scam that has been circulating in multiple states is continuing to evolve, with a new variation citing a fictitious state code to lend credibility to fraudulent messages. The scam targets drivers by sending official-looking texts that claim the recipient owes traffic fines or faces legal penalties, such as license suspension or damage to their credit score.

    The latest version of the scam has appeared in Illinois, California, Minnesota, New Jersey, and Tennessee. In each instance, recipients receive alarming messages that appear to come from a state motor vehicle agency. The messages often claim that an outstanding traffic ticket needs to be paid immediately or that the ticket will be referred to a toll agency for an additional fee. A recent variation includes a fabricated code, such as “State Code 15C-16.003,” to make the warning seem more legitimate. This code has no basis in any actual state law.

    These text messages usually contain a link that, when clicked, leads to a fake website designed to steal personal or financial information. In some cases, the scam also involves spoofed phone numbers that appear to come from law enforcement agencies or government offices. These tactics are intended to pressure recipients into taking immediate action without verifying the source.

    State agencies across the country have issued warnings to residents, clarifying that they do not send text messages demanding payment or threatening legal action. Official notices regarding traffic violations or unpaid fines are typically sent by mail. Payments are usually made through secure state websites, not through third-party links sent via text.

    To avoid falling victim to this scam, drivers are advised not to respond to unexpected text messages, especially those that include suspicious links or legal threats. Instead, they should verify the legitimacy of any message by contacting their state’s department of motor vehicles or public safety office directly. Residents who believe they have received a fraudulent message are encouraged to report it to the Federal Trade Commission or their state’s consumer protection office.

    This scam has persisted for months and continues to adapt. The inclusion of a fictitious legal code is the latest effort to deceive and pressure recipients. Remaining cautious and informed is essential to protecting personal information and avoiding financial loss.

     

  • Geebo 8:00 am on July 2, 2025 Permalink | Reply
    Tags: , , PHI, phishing,   

    Fake Health Investigators Target You 

    By Greg Collier

    The Federal Bureau of Investigation has issued a warning about a new wave of scams where cybercriminals impersonate health fraud investigators. As detailed in a report from Bleeping Computer, these schemes are designed to trick both patients and healthcare providers into surrendering sensitive data, including medical and financial records.

    According to a recent advisory from the agency, fraudsters are posing as legitimate health insurers or members of investigative teams. Victims are contacted through emails or text messages crafted to appear authentic. The goal is to pressure individuals into sharing protected health information or personal financial details. In some cases, the messages claim the recipient must provide reimbursements for supposed overpayments or services not covered by insurance.

    The messages typically mimic the language and branding of trusted healthcare entities, making them difficult to distinguish from genuine communications. Once the information is obtained, it can be used for a range of criminal activities, including identity theft and insurance fraud.

    Federal agencies recommend taking caution with any unsolicited messages requesting personal or medical information. They advise verifying the authenticity of such communications by contacting the insurer directly. Security experts also emphasize the importance of strong passwords and Multi-Factor Authentication to protect against account breaches.

    The healthcare sector remains a frequent target of these attacks. In a separate notice, the Department of Health and Human Services highlighted how attackers are using social engineering to exploit IT help desks at healthcare organizations. By gaining internal access, they can reroute financial transactions through business email compromise tactics, often with devastating results.

    As impersonation scams evolve, public awareness and vigilance remain key defenses. Verifying communications and safeguarding personal data can help prevent falling victim to schemes that increasingly blur the line between real and fake.

     

  • Geebo 8:00 am on June 23, 2025 Permalink | Reply
    Tags: phishing, , , ,   

    Scammers Target Drivers With Texts 

    By Greg Collier

    Toll scams are among the most common digital frauds circulating today, and a recent case out of Utah demonstrates how easily they can catch someone off guard. After completing a cross-country road trip with her husband, one woman found herself navigating toll charges from several different states. She expected to receive payment notices by mail. So when a text message arrived in January asking her to settle an outstanding toll, it didn’t seem suspicious at first.

    The timing felt plausible. She was away from home and in a hurry, so she clicked the link and entered her payment information to resolve the issue quickly. Not long after, her credit union contacted her about two unauthorized charges totaling several hundred dollars. She hadn’t made the purchases. She had been scammed.

    These toll scams are convincing because they prey on routine behavior. When someone knows they’ve driven on toll roads, receiving a message about an unpaid toll feels legitimate. The scam works by mimicking a real toll agency’s communication style and creating a sense of urgency. Victims are told they must pay promptly to avoid penalties or legal consequences. That fear can override skepticism, especially when the message arrives during a busy moment.

    In this case, the text included a payment link that led to a fake site resembling a toll collection portal. Once the victim submitted her debit card information, the fraudsters immediately used it to make unauthorized purchases. This incident underscores the risk of entering sensitive information through links received by text, especially on mobile devices where it’s harder to spot red flags.

    One key detail that might have helped expose the scam was the phone number itself. The message came from a foreign country code, completely unrelated to the toll agency it claimed to represent. A closer look would have revealed that the Massachusetts toll system is unlikely to use a number based in the Philippines. Small inconsistencies like these often go unnoticed when people are trying to act quickly.

    The victim later realized that using a debit card added another layer of risk. Unlike credit cards, debit transactions can be harder to dispute, particularly if a PIN was entered. Consumer advocates often recommend using credit cards instead for online payments, as they offer stronger fraud protections.

    Toll scams like this continue to circulate because they rely on timing and familiarity. They succeed when people are distracted or expecting a message that appears to match their recent activity. Recognizing the warning signs, suspicious links, unfamiliar area codes, and rushed payment demands, can make a crucial difference. Slowing down, verifying the source, and avoiding financial transactions over text can help protect against this increasingly common form of fraud.

     

  • Geebo 8:00 am on June 2, 2025 Permalink | Reply
    Tags: , ghost tap, , , phishing,   

    Ghost Tap Scam Bleeds Millions 

    By Greg Collier

    A new form of credit card fraud, referred to as the “Ghost Tap” scam, has been identified and is currently under investigation by authorities in multiple states. The Knox County (TN) Sheriff’s Office recently issued a public warning regarding this emerging threat. According to their update, the scam involves criminal groups using digital wallet applications to make fraudulent purchases with stolen credit card data. These purchases often take the form of gift cards, which are then sold online to obscure the trail of the original transactions.

    Investigators have linked the operation to organized criminal rings primarily involving foreign nationals, who travel from states with large populations and more intense enforcement to smaller regions they perceive as less guarded. Since August 2024, law enforcement officials have apprehended over ten suspects connected to this scheme in Knox County alone. Authorities believe losses are in the millions due to these fraudulent transactions.

    The process is swift and largely invisible to the average person. Stolen credit card information is stored within a digital wallet, allowing suspects to make contactless purchases without possessing a physical card. This tactic enables them to bypass certain security checks and quickly convert the fraudulent funds into untraceable assets like gift cards. These cards are then resold through various online marketplaces, making it difficult to identify the original source of the funds.

    Officials warn that the Ghost Tap scam often operates in tandem with phishing schemes. Victims may receive text messages claiming there are problems with toll payments, package deliveries, or bank accounts. The messages typically include a link urging the recipient to enter personal or financial information. These tactics are used to collect data that may later be exploited in digital wallet fraud.

    To counteract these threats, the sheriff’s office advises the public to remain skeptical of unsolicited messages requesting sensitive information. They also stress that no legitimate agency will ever demand payment through gift cards or request private data over the phone. Any such contact should be treated as suspicious and reported to the appropriate authorities.

    The local Organized Retail Crime Unit has been central to recent enforcement actions, utilizing new investigative tools to identify suspects as soon as they arrive in the area. Officials hope that raising awareness will help deter future incidents and encourage prompt reporting of suspicious behavior. With digital wallets becoming increasingly common, scams like Ghost Tap represent a growing challenge that demands both public caution and coordinated enforcement.

     

  • Geebo 8:00 am on May 29, 2025 Permalink | Reply
    Tags: , , phishing, ,   

    Fake DMV Texts Are the New Nationwide Scam 

    By Greg Collier

    A new phishing scam is spreading across the country, targeting drivers with fraudulent text messages that appear to come from official motor vehicle departments. These messages claim the recipient has unpaid traffic fines and threaten license suspension or other penalties unless immediate action is taken. In reality, these texts are not from any legitimate agency and are designed to steal personal and financial information.

    In Georgia, the messages reference a nonexistent Department of Motor Vehicles and warn about suspended driving privileges unless payment is made. Officials in that state have clarified that there is no state DMV and that real agencies, like the Department of Driver Services, do not use text messages for these purposes.

    In Illinois, the scam texts include specific legal codes, threatening prosecution and credit score damage. The messages cite fake administrative laws and demand payment through a fraudulent link. State officials have warned that such texts are not a legitimate form of communication for any action involving traffic violations or license status.

    Louisiana drivers have received similar texts claiming they owe fines. The state’s Office of Motor Vehicles confirmed these messages are not legitimate and has issued warnings advising residents not to click on any links. Officials say these scams are part of a broader phishing campaign that could also lead to malware infections or identity theft.

    This wave of fake DMV text messages appears to be the latest version of the toll scam texts that circulated widely earlier this year. In those cases, scammers pretended to represent toll agencies and used a similar strategy of creating urgency to push recipients into making fake payments. The transition to impersonating motor vehicle departments suggests that scammers are adapting their tactics to stay ahead of public awareness.

    These scams exploit common anxieties about driving privileges, legal consequences, and unpaid fines. By mimicking the language and tone of government agencies, the messages aim to pressure individuals into quick action before they have time to verify the source. In each case, the fraudulent messages include links to sites that harvest sensitive data or install harmful software.

    As this scam continues to appear in multiple states, it highlights the importance of being cautious with any unsolicited message, especially those requesting immediate payment or personal information. Motor vehicle agencies generally communicate through secure channels and do not use text messages to issue threats or collect fines. Drivers are encouraged to verify any suspicious message by contacting their local agency directly.

     

  • Geebo 8:00 am on May 8, 2025 Permalink | Reply
    Tags: , , , phishing, ,   

    Google Spoof Scam Exposes Flaws 

    By Greg Collier

    Phishing has evolved far beyond clumsy scams riddled with typos and generic threats. It now wears the mask of legitimacy, often cloaked in branding and technical language convincing enough to fool even savvy users. A recent example of this growing trend involves an especially deceptive attack using Google’s own infrastructure as a weapon.

    Cybercriminals have been exploiting Google Sites and other services to distribute phishing emails that appear to originate from Google’s own domain. In this case, a message disguised as a legal request from law enforcement was sent to users, complete with references to subpoenas and the need to review case materials. The message urged the recipient to click on a link to a Google support page, which in reality led to a page designed to harvest login credentials.

    The trap is insidious. The phishing page is hosted on a subdomain of Google.com, lending a false sense of trust to unsuspecting users. Because the site is built with Google Sites, it carries the appearance of a legitimate Google interface. The attackers further muddy the waters by ensuring the phishing email lands in the same thread as previous legitimate security alerts, increasing the likelihood that users will trust it.

    The deeper issue lies in how Google has allowed this vulnerability to persist. The legacy version of Google Sites, still accessible today, permits anyone to publish content on a Google.com subdomain. This opens the door to abuses like malicious scripts and fake credential portals. Google has been warned about this gap in security, yet the core issues remain unresolved. While some reactive measures have been taken, the architecture still leaves room for repeat abuse.

    This raises a broader concern about corporate responsibility in digital security. Google has positioned itself as a cornerstone of online identity and infrastructure, and with that status comes the obligation to protect its users proactively. Allowing these phishing schemes to exploit the trust associated with the Google name creates not just a security risk, but an erosion of that trust.

    Google’s statement suggests users enable two-factor authentication and passkeys as a defense. While this is sound advice, it shifts the burden onto individuals to compensate for shortcomings in the platform’s safeguards. The more sustainable solution would be for Google to close the loopholes that allow bad actors to operate under its umbrella in the first place.

    As phishing continues to mimic trusted entities more convincingly, users must remain cautious. But the companies whose tools are being weaponized also bear responsibility. Until tech giants like Google take these exploits seriously and move swiftly to harden their platforms, the digital wolves will keep getting in, dressed in ever more convincing sheep’s clothing.

     

  • Geebo 9:01 am on January 3, 2025 Permalink | Reply
    Tags: , FasTrak, phishing, , , ,   

    Toll Scams Sweeping the Nation Again 

    Toll Scams Sweeping the Nation Again

    By Greg Collier

    Across the United States, drivers are increasingly becoming targets of sophisticated toll payment scams. These scams often involve fraudulent text messages or emails claiming unpaid tolls. The messages aim to trick individuals into clicking on malicious links and providing sensitive personal and financial information. Authorities and tolling agencies nationwide are warning drivers to stay vigilant and protect themselves from these fraudulent schemes.

    In California, text scams have surged, falsely claiming to be from FasTrak, the state’s electronic toll collection system. The messages often direct recipients to websites that appear legitimate but are operated by scammers. These websites ask for banking or credit card information, exploiting unsuspecting users. Official tolling agencies in California emphasize that they do not send text messages to individuals without accounts and never request payments through unsolicited links.

    South Florida drivers have also reported similar schemes. Fraudulent messages, often labeled as ‘final reminders’, urge recipients to copy and paste links into their browsers to resolve alleged unpaid tolls. The realistic appearance of these scams, from their professional-looking websites to the urgent tone of their messages, has made them particularly effective. Local transportation officials have reiterated that they do not request payments or account actions via text messages.

    In New York, E-ZPass users have been targeted by messages claiming to be from ‘NY Toll Services’. These messages ask for sensitive information like Social Security numbers and dates of birth, details that legitimate toll services never request. Officials have reminded drivers to only use authorized websites for account management and toll payments.

    The problem isn’t confined to these regions. Similar scams have been reported in Illinois, Pennsylvania, and other parts of the country. These widespread schemes often exploit the increasing reliance on electronic toll collection systems, taking advantage of the convenience and automation that make such systems attractive to drivers.

    The scams share common tactics: a sense of urgency, professional presentation, and the impersonation of trusted entities. Cybersecurity experts urge individuals to exercise caution when receiving unsolicited messages, especially those prompting immediate action. Carefully inspecting sender information, avoiding unfamiliar links, and independently verifying claims by contacting tolling agencies through official channels can go a long way in preventing fraud.

    Those who suspect they have encountered a toll scam are encouraged to report it to federal authorities, including the FBI’s Internet Crime Complaint Center. Additionally, anyone who may have inadvertently shared personal or financial information should take immediate steps to secure their accounts and monitor for suspicious activity.

    As these scams continue to evolve, awareness is the most effective defense. By recognizing the signs of phishing attempts and relying only on official communication channels, drivers can safeguard their information and help curb the impact of these nationwide toll scams.

     

  • Geebo 9:00 am on December 23, 2024 Permalink | Reply
    Tags: , phishing, , , ,   

    Protect Yourself from Holiday Delivery Scams 

    Protect Yourself from Holiday Delivery Scams

    By Greg Collier

    The week leading up to Christmas is a pivotal time for those relying on the U.S. Postal Service (USPS) to send or receive last-minute packages. With millions of pieces of mail being delivered daily during the holiday season, consumers eagerly awaiting their deliveries are often targeted by scammers using deceptive tactics.

    One of the most prevalent schemes during this time is the use of fraudulent text messages designed to appear as legitimate delivery updates from the USPS. These messages often include a web link or phone number, prompting recipients to provide personal or financial information. However, if you haven’t specifically signed up for USPS tracking updates, any unsolicited communication should raise a red flag.

    This type of scam, known as ‘smishing’, involves using text messages to lure individuals into sharing sensitive information such as usernames, passwords, Social Security numbers, or payment details. Fraudsters often impersonate trusted entities like government agencies or financial institutions to make their requests seem credible. Once they obtain this information, it can be sold on the dark web or used for further fraudulent activities.

    Smishing messages are crafted to exploit the recipient’s sense of urgency or curiosity. During the holiday season, when people are keenly tracking their packages, these scams become even more convincing. The U.S. Postal Inspection Service cautions against responding to any unexpected messages, particularly those that request account verification or payment details.

    USPS officials emphasize that the agency does not send unsolicited text messages regarding packages. If you receive such a message, avoid clicking on links, replying, or calling any numbers provided. Instead, independently verify the sender’s legitimacy by visiting the organization’s official website or contacting their customer service using trusted contact information.

    The USPS offers several secure methods for tracking your mail and packages. When you send a package, the receipt includes a tracking number. This number can be entered on the USPS website to check delivery status. Official replies will always include USPS branding, the tracking number, and delivery details.

    Another useful tool is USPS Informed Delivery, which provides an email preview of incoming mail and packages. Signing up for these services ensures you can stay informed without relying on unsolicited notifications.

    Always remember that legitimate organizations, including the USPS, will not request personal or financial information via text message. If you receive a suspicious message, delete it immediately and do not engage with the sender. Enable two-factor authentication for online accounts to add an extra layer of protection, and regularly monitor your financial statements for unauthorized activity.

    During the holiday season, as you wait for your packages to arrive, taking these precautions can help safeguard your personal information. By using the USPS’s official tools and staying alert, you can ensure your holiday deliveries are secure and stress-free.

     

  • Geebo 9:00 am on November 26, 2024 Permalink | Reply
    Tags: , , phishing, ,   

    Beware of the Latest Apple Phishing Scam 

    Beware of the Latest Apple Phishing Scam

    By Greg Collier

    In the ever-evolving landscape of cyber threats, phishing emails remain a persistent and dangerous tactic employed by hackers to steal personal information. The latest target? Apple account holders. A deceptive email claiming to be from Apple Support is making the rounds, aiming to trick recipients into handing over their login credentials and other sensitive data. However, this email isn’t from Apple’s headquarters. It’s a cleverly crafted scam designed to exploit trust and urgency.

    The email is designed to mimic legitimate correspondence from Apple, using familiar formatting and branding to appear authentic. The message claims that your Apple ID has been suspended due to unusual activity or that it’s missing information. It features a blue button labeled ‘Go to Apple ID’, urging you to verify your account to restore access. The sense of urgency is palpable, since it might warn you that failure to act within 24 hours will result in your account being permanently locked.

    While the email may seem convincing at first glance, a closer inspection reveals the hallmarks of a phishing scam. For instance, the sender’s email address doesn’t come from an official Apple domain. Instead, it might originate from a suspicious overseas domain. Additionally, the grammar and phrasing in the email are often awkward or incorrect, a red flag that something is amiss.

    Falling victim to such a scam can have serious consequences. If your Apple account is compromised, scammers could use the payment information stored in your account to purchase expensive Apple products, leaving you with the bill. To avoid such a scenario, it’s critical to scrutinize every email you receive.

    When examining emails, always verify the sender’s address and ensure it matches the official domain of the purported sender. Be wary of any links included in the message, particularly if the email is unexpected or seems suspicious. Legitimate organizations, including Apple, will never ask you to verify sensitive information through an email link. Instead, they’ll direct you to their official website or app to manage your account securely.

    Two-factor authentication (2FA) is another essential tool for protecting your accounts. By requiring a second form of verification, such as a code sent to your phone or another trusted device, 2FA can stop hackers from accessing your account even if they manage to obtain your login credentials.

    By remaining cautious, verifying the authenticity of communications, and enabling robust security measures, you can safeguard your digital identity and prevent scammers from succeeding. Always think twice before clicking, and remember: when in doubt, go directly to the source to verify the legitimacy of any request.

     

← Older posts

c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel