Holiday Shopping: Beware of Unethical Online Merchants

We have all encountered a sales clerk who was rude, a customer service representative who was incompetent and an online purchase that went south. Even I’ve been scammed out of an entire order and spent dozens of hours trying to get a return on another.

But when it comes to outrageous and shocking, including threats of violence and outright fraud, this story takes the cake.  An online merchant based in Brooklyn New York retailing designer sunglasses, some counterfeit and some real, thrives on bad customer service, over charging, making threats, stalking and abusing clients into giving up the fight over what’s right.

The merchant prides himself on getting negative feedback on consumer advocacy and review sites such as Get Satisfaction, ComplaintsBoard.comConsumerAffairs.com, RipoffReport.com, Yelp and Epinions.

He thrives on – for example “DO NOT ORDER ANYTHING FROM THIS COMPANY. This has been the most horrific experience EVER. I have extensive knowledge of website management and customer service, and they pretty much break every rule imagined. They are a total scam

The strategy of negativity gets this merchants website ranked high on search when listed with all the different opinion sites. Google and other search engines often rank a website to show on the first page of search based on how many links point to it from other prominent sites. So even though all the negative links are pointing to the unethical site from opinion sites, it still ranks on the first page of search helping its sales.

Beware of making purchases on any website based on how they rank in search. Even a first page organic hit can lead to a scammy company.

Learn from others bad experiences. ALWAYS search “Name Of Company” in Google before you make a purchase. The review sites almost always show on the first page of search when “Name Of Company” has been blacklisted.

More on THIS STORY.

Robert Siciliano personal security expert to Home Security Source discussing scammers and thieves on The Big Idea with Donnie Deutsch.

Caller ID: Tool for Scammers

Most of us tend to trust the person on the other end of the telephone more than we trust an email in our inbox. However telephone scams continue to plague people and successfully empty the victims bank accounts.

Caller ID spoofing occurs when your phone rings and your caller ID displays a name and number that seem legitimate, but are, in fact, spoofed. The caller has masked his or her true name and number. Most people aren’t aware of caller ID spoofing, and therefore have no reason to question the phone call’s legitimacy.

Caller ID spoofing is often sold as a tool for law enforcement. It can provide a useful disguise if, for instance, a suspect has been withholding child support. But a civilian who suspects a spouse of infidelity might use caller ID spoofing to conduct his or her own investigation. On-call doctors who wish to keep their phone numbers private may need to provide spoofed numbers for clients.

The fraudulent uses for caller ID spoofing vastly outweigh the legitimate ones. Anyone can obtain this technology and pose as law enforcement, a lottery, a charity, a government agency, a credit card company, or anything else that might be lucrative. Abuses of caller ID spoofing have raised hackles with government officials.

Don’t automatically trust the information displayed by you caller ID.

No matter what your caller ID says, never give out personal information over the phone.

If a caller tells you you’ve won something or stand to lose something, tell them you’ll be happy to discuss if further, but that you’ll have to call them back. Then go online, search for a valid number, and call to confirm the details.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses another databreach on Fox News. Disclosures


Spear Phishers Know Your Name

“Spear phishing” refers to phishing scams that are directed at a specific target. Like when Tom Hanks was stranded on the island in the movie Cast Away. He whittled a spear and targeted specific fish, rather than dropping a line with bait and catching whatever came by. When phishing attacks are directed at company officers or senior executives, it’s called “whaling,” appropriately enough. I don’t know who sits around and coins this stuff but it makes analogical sense.

Spear phishers target their victims in a number of ways.

They may select a specific industry, target specific employees with a specific rank, and pull a ruse that has been successful in the past. For example, a spear phisher might choose a human resources employee whose information is available on the company website. The phisher could then create an email that seems to come from the company’s favorite charity, assuming this information is also available online, requesting that the targeted employee post a donation link on the company’s intranet. If the target falls for the scam, the scammer has now bypassed the company’s firewall. When employees click on the malicious link, the company’s servers will be infected and antivirus software may be overridden.

Lawyers are popular targets, since they are often responsible for holding funds in escrow. A spear phisher might contact a lawyer by name, leading him or her to believe that the scammer is an American businessperson who needs help moving money while overseas.

I was recently targeted in a spear phishing scam, one aimed specifically at professional speakers. The scammers requested that I present a program in England, and once my fee was agreed upon, I was asked to get a “work permit,” which costs $850.

People who are not be targeted based on their professions may be targeted based on their use of social media. Facebook, Twitter and LinkedIn are known playgrounds for spear phishers, who obtain users’ email addresses and create email templates that mimic those sent by the social networking website. Scammers may even weave in names of your contacts, making the ruse appear that much more legitimate.

Knowing how spear phishers operate allows you to understand how to avoid being phished. Never click on links within the body of an email, for any reason. Bypass the links and go directly to the website responsible for the message. Any unsolicited email should be suspect. If you manage employees, test their ability to recognize a phishing email, show them how they got hooked, and then test them again.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses phishing on NBC Boston. Disclosures

Internal Revenue Service Identity Theft Scams

There have been many articles written about scammers who pose as representatives of government agencies. But perhaps the most inventive are the scams that appear to originate from the IRS. It makes perfect sense for the IRS to reach out regarding your finances. And regardless of the season, the IRS is really always in business.

I’ve never received a call or an email from the IRS. As far as I know, they do not make calls or send emails. Emails that seem to come from the IRS will often have a name, title, and even “IRS” at the beginning or end of the email address. However, email addresses can easily be spoofed.

Unless you are actively engaged in dialog with an IRS agent, do not respond to emails or phone calls supposedly coming from the IRS.

If a scammer posing as an IRS agent ever contacts you, they may already have some of your personal information, which they can use to try to convince you that they are actually from the IRS. This data could come from public records or even your trash. The scammer will often put pressure on you to comply with their request, or even offer you a tax refund.

If you ever receive documentation in the mail indicating earned income that you are not aware of, it may mean that someone else has used your Social Security number to gain employment.

If, when filing your tax return, you receive a letter from the IRS saying that you have already filed, it almost certainly means that someone else has filed a fraudulent return on your behalf in order to steal your refund.

If you are ever a victim of an identity theft issue related to an IRS scam, you may be very disappointed in the way it is handled via the various government agencies. They simply don’t allocate the resources to fix this problem proactively, nor are they adept at responding once it has occurred. The biggest issue is the thief’s privacy. Even if you have an idea who may have done it, the IRS or any other government agency will not release that information. Either way, knowing who did it won’t help you.

All you can do in the event of tax related identity theft is to follow the IRS’s instructions for contacting an agent and resolving the issue. Just be patient, as rectifying the issue may take many hours.

McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information and access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss IRS related identity theft on Fox News. (Disclosures)

Scammer Tricks Woman with Bait and Switch

As far back as I can remember I would often be approached in parking lots by someone in a van who was trying to sell me home stereo speakers. The speakers were always from a retailer’s loading dock or from trucks that had extra unaccounted inventory. And today was my lucky day.  The ruse was when you got the speakers loaded into your trunk, you were generally getting them in their new box. But the box just had pieces of wood.  Anyone thinking they were getting a deal, was just getting firewood. This is classic bait and switch.  Be more aware of these scams and protect yourself from them.

A twist on this scam happening all over is with laptops. The Business and Heritage reports “As a woman got out of her vehicle, she was approached by a man who had exited from his car. In his car were a woman in the front seat and a kid in the back. He approached the woman and showed her a laptop.  He explained that his girlfriend is a manager at Best Buy and that he had gotten a great deal on some laptops like the one he had. But, now he needed the money more than he needed the laptops and said he would sell them to her for $350.00 each. He had four of them, each in an individual Fed Ex box in his car.  She accompanied him to his car, where he opened two boxes, and she saw what appeared to be two laptops. One was a black laptop with a Best Buy sales tag of $1999.99 and the other was a white Apple laptop with a $1999.99 price tag on it. Both were packaged nicely in plastic bubble wrap in Fed Ex boxes specifically made for shipping laptop computers.

The woman called some of her friends and they all wanted to buy one, so she bought all four of them for $1,000 in cash, on the spot. The scammer loaded them into the woman’s car and quickly left.  After the woman got back to her hotel, she discovered that the “computers” were actually several packages of notebook paper sandwiched between a black notebook binder and a white notebook binder.”

PT Barnum once said, “There’s a sucker born every minute”. Even old scams with new twists make smart people stupid. It’s not difficult to get swindled out of your money in a scam like this. Everyone wants a deal and everyone likes to think they are too smart to get scammed. Always keep in mind what Mom said, “If it’s too good to be true, then it is.”

Robert Siciliano personal security expert to Home Security Source discussing scammers and thieves on The Big Idea with Donnie Deutsch. Disclosures

Woman Becomes Victim of Craigslist Scam

I have a love/hate relationship with Craigslist. I love the occasional deal I get (like the 25 hp outboard motor I just got) and I love how people use it to find stuff I’m selling or renting out (like an apartment). But I hate the way some people completely over price what they are selling, thinking that old boat motor is worth what a new one costs. Or worse, when scammers contact Craigslisters every time they post an ad trying to get them to ship something overseas and scam them out of their money.

Craigslist should be used with caution. People have been robbed, burglarized, scammed and in some cases their homes were invaded and some people have been killed.

I once listed a property for rent that was relisted for a 1/3rd of my asking price by scammers. People would pull into my driveway and knock on my door while the listing was active and after the listing I posted had expired too.

In Connecticut, a mother, father and son traveled a hundred miles to see a home for rent. The only trouble was, the homeowner wasn’t renting it out and she was still living in it. She was in fact trying to sell it. And when the real estate agent listed it for sale, she also syndicated the ad to multiple sites including Craigslist.

Just like my situation, she had to explain to the people who showed up they were scammed.

Here’s how the scam often works. The scammer copies and pastes the ad and poses as the homeowner who is conveniently away traveling on business in the UK. The scammer lists the ad for much less than is being asked to generate traffic. When people respond to the ad, the scammer tells them they can rent it out and all they have to do is forward him the first month’s rent via a money wire overseas. Some people will want to drive by to get a look without actually going in and that’s enough for them to send the money.

The way I thwarted this crime under my watch was to continually scan Craigslist for key words related to my ad to see if it was being posted by a scammer. When I discovered a fraudulent post, I emailed abuse@craigslist.com with the link. Craigslist was very responsive and took the posts down. I had to do this almost 20 times (the hate part) during the period I was renting out an apartment.

With Craigslist, be very careful who you contact and who contacts you. You never know who the person is or what their motivation may be.

Robert Siciliano personal security expert to Home Security Source discussing burglar proofing your home on Fox Boston. Disclosures.

Scummy Scammers and Targeted Attacks

I make a portion of my living speaking professionally. That means I get on a platform and present in front of an audience on issues revolving around personal security and identity theft.

So when I got this email, I was so happy to see I was being invited to England to speak to the esteemed Middlesex University in England.

I had to shorten the dialog to keep in tune with your attention span.

______________

8:09am

SCAMMER: From: Professor Wayne Erickson <middlesexuniversityconference@gmail.com>
Company: MIDDLESEX UNIVERSITY.


To: Respected Robert Siciliano, (
I am ‘Respected”, NICE!)

Am Professor Wayne Erickson from the Middlesex University
Here in London UK. We want you to be our guest speaker at this
Year Middlesex University Seminar which will take place here in
UK.

We are taking care of your traveling and hotel accommodation expenses including your speaking fee. If you will be available for our event, include your speaking fees in your email so it can be included in your CONTRACT AGREEMENT.

Stay Blessed
Professor Wayne

________________

8:10am

ME: Wonderful. Fee is $10,000. What are the next steps?

________________

8:38am

SCAMMER: It is really nice hearing back from you; we are over delighted to have
you honor our invitation. I will have loved to give you a call
so as to deliberate more on arrangements, but am out of office on an
official duty and will not be back until WEDNESDAY morning, we can only
communicate through emails at the moment.

We have agreed to buy your flight ticket and to pay your hotel
accommodation expenses. Also your Speaking fee is amounted to
10,000 USD 7,000 (SEVEN THOUSAND USD) deposit is to be paid as
soon as you procure all relevant travel documents so as to avoid any
disappointment. You are informed to get across your Work Permit to us
so your deposit can be approved according to our mandated rules and
regulation.

You are advised by the Event Organizing committee to immediately
contact our BRITISH EMBASSY here in the UK to procure your UK Work
Permit as soon as possible

This will enable us to proceed with all arrangements to welcome you
here in London. Contact the British Embassy official
information below.

BRITISH EMBASSY.  Name: Dr Owen Loren Email:britishembassycustomerservice@gmail.com

______________

8:40am

ME: Dr. Owen Loren, need work permits.

______________

9:11AM

SCAMMER: I acknowledged the receipt of your mail. I understood all the
contents. Without any waste of time and due to short time we have left
to proceed with the issuance of these important documents .Fortunately
for you I will be processing some files today at the UK BORDER AGENCY.
You are advised to immediately provide me with the listed
requirements.

View attachment below and immediately get back to me with all
requirements so I can proceed on the procurement of your PERMIT.

In your service,
Dr Owen Loren,
British Embassy Official.

In the attached document, the scammer requests for 550 pounds (837.277 USD)

____________

9:21am

SCAMMER: As soon as you get the PERMIT procured send me a copy of it so I can forward it to our FINANCIAL DEPARTMENT for your DEPOSIT to be sent
over to you, I will also begin with all reservations ASAP.

We also await the signed copy of your CONTRACT AGREEMENT.

Note: The UNIVERSITY has promised to reimburse all the expenses spent
on your PERMIT alongside your DEPOSIT.

We await meeting you in LONDON,

Stay Blessed,
Professor Wayne
Bye.

________________

9:30am

ME: This is such a fantastic opportunity. Please send photos of yourselves of your highest dress attire in your most coiffed hair with the attached document printed out. I will post them on my website to promote my esteemed engagement. I will get on my motorbike shortly after I received these wonderful photographs of your handsomeness and go directly to western-union to pay the fabulous fee to work. I need these photographs ASAP. Please include a handheld printable version of my name (as attached) in your hands (both hands) with the photograph to show my American colleagues how lucky I am to work with such incredible official as yourself. I look forward to these photographs ASAP and will provide to my webmaster then I will go on my motorbike to pay the fee. I am ready and awaiting your quickest timeliest response.

Your Esteemed Colleague and Most Wonderful Speaker

Robert Siciliano

NEW Demo Video http://YouTube.com/watch?v=mrcvMg1UDro
Robert Siciliano
http://IDTheftSecurity.com

_________________

All they need is one person each month to respond to this scam and they make bank. $850.00 is enough money for them to feed themselves all month. This isn’t such a sophisticated scam. However, speakers I know have fallen for it. The documentation and the targeted attack make it an effective ruse. Lawyers are getting scammed in a similar way. What makes this “spear phish” (a targeted scam) so scary is they sought ME out, they know my profession and who I am. But, apparently they don’t really know what I do, which is exposing their scumminess to the world. I feel dirty just communicating with them.

Robert Siciliano personal security expert to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures

Scammers Bait 40,000 Facebook Victims with Ikea Gift Card

Robert Siciliano Identity Theft Expert

It’s just a matter of setting up a fake Facebook page and marketing it to a few people who then send it to their friends and it goes somewhat viral. The Ikea scam hooked 40,000 unsuspecting victims with the promise of a $1,000 gift card.

PC World reports In the past months, fan pages have popped up all over the social networking site, offering too-good-to-be-true gift cards. There’s the $500 Whole Foods card, the $10 Walmart offer, and the $1,000 Ikea gift card. The Ikea page put these gift card scams on the map last month, when it quickly racked up more than 70,000 fans before being snuffed. Facebook has also taken down Target and iTunes gift card scam pages in the past few months.

To get the gift card the users must enter names, address and email address. They are then pointed to other pages where real products and services are offered. From there they enter credit card details if the offer appeals to them.

The root of this scam is believed to be perpetrated by affiliate marketers who make money on click throughs and create a ruse to gather data on potential customers also known as a “sucker list.”

In general, there shouldn’t be any traditional identity theft as it relates to new account fraud as long as requests aren’t being made for Social Security numbers, and the “victim” isn’t giving one out. Otherwise I don’t see this scam as harmful, but is certainly deceptive.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Facebook Hackers on CNN.

April Foolery and Springtime Home Scams

Spring is here! Thank heavens. I’ve had enough cold and rain to last 50 winters. In the Northeast millions of people are pumping out their basements due to record rainfalls. The Boston Globe reports police want you to know that so you don’t get hit twice from the recent rains: once when your property gets damaged, and again when a con artist comes calling at your door looking to rob you.

First, there is no such thing as the “Municipal Water Disaster Department.” But in drenched communities home scammers are posing as inspectors and gaining access to people’s homes.

In one incident a man knocked on an older couple’s door asking to see their basement to check utilities for safety purposes. Once inside he told them he needed to go upstairs to check on something and they should remain downstairs. The couple remained in the basement waiting for instruction but after about 15 minutes they realized something was wrong. They went upstairs to find the man was gone and $7,500 had been taken from a safe and hundreds more stolen from elsewhere in the home.

This time of the year people are also doing their spring cleaning and home scammers are trying to clean you out too. Apparently chimney sweep and chimney repair is something to look out for. Someone knocking on your door looking to sweep your chimney may do the job, but may also find all kinds of unnecessary repairs that they will try to sell you. Don’t get me wrong here, if someone tells you your chimney needs repair, act on it, but first get a second opinion on it. And do it fast because a broken chimney is a severe health hazard.

Look for driveway repair home scams, phony landscapers, window washing scams, trash removal or clean out home scams. All I’m saying’ is you need to have your head up and pay attention to what’s going on out there. Scammers are using every possible event, holiday, season or tragedy to catch you with your guard down.

Robert Siciliano personal security expert to Home Security Source discussing home invasions and home security on the Montel Williams Show.

Scammers Targeting Craigslist Users

Robert Siciliano Identity Theft Expert

Craigslist scams are in full force. Fox news reports scams targeting online car buyers. The crooks spend about a hundred dollars on a junk car and get a title. Then they steal a similar car and advertise it for sale on Craigslist. This is a form of auto identity theft too. They then take the VIN plate or vehicle identification number plate out of the junk car and put it inside the stolen car.

Meanwhile Fox News also reports adoptive parents are being scammed on Craigslist . A mother from Massachusetts was horrified when she saw an ad on Craigslist of her 7-month-old son up for adoption! Reports said that someone alerted the mother to her son’s photo on Craigslist.

The baby involved in this online adoption scam is named Jake. The ad, which involved his photo, said: “A CUTE BABY BOY READY FOR ADOPTION. HE IS VERY HEALTHY”. When the mother responded to the ad, she got a response saying her son was in an orphanage.

The mother said the photo was taken from her family’s blog.  Ive said in the past when posting to social media sites don’t give away specifics. Don’t post your address, date of birth, kids’ names, pets’ names, phone numbers, or any account numbers or financial information of any kind. You really shouldn’t even post childrens’ photos online.

The mother said her son wasn’t being harmed, but felt he was violated. She alerted the FBI and the scammer had also been removed on Yahoo.

I spoke with Jeffrey A. Kasky, Esq., renowned adoption expert from OneWorldAdoption.com. He said “Families who hope to adopt a child are frequently medically unable to have children for themselves.  As such, they look at adoption opportunities from an emotional rather than a logical perspective, and are therefore more vulnerable to scams. What would tug at your heartstrings more than thinking that this beautiful little boy was stuck in an orphanage halfway around the world?  “All you have to do is wire us $300 now, then more and more and more, and he can be yours…….”

Scammers are lower than that black smelly stuff in a sewer.

No matter what you are selling or buying you must know who you are dealing with on Craigslist. When we were young, our parents told us not to talk to strangers. Strangers are not yet part of our trusted circle. So don’t trust them! There’s no benefit to paranoia, but being a little guarded can prevent you from stumbling into a vulnerable situation.  Since predators use online classifieds to lure unsuspecting victims, you should find out as much as possible about strangers who contact you, or when you contact them. Use Google or iSearch.com to investigate names and email addresses and phone numbers.

Whenever possible, deal locally. People who cannot meet you in your town are more likely to be scammers. And even when you do meet in person, you should be wary.

Never engage in online transactions involving credit cards, cashier’s checks, money orders, personal checks, Western Union, MoneyGram or cash, that require you to send money to a stranger in response to money they have sent you. This is an advance fee scam.

I- ID pre meeting. Get their name and cell phone number so you can use free iSearch.com and look for their name in social networks. If you see anything suspicious then cancel or check further Intelius.com

N- Never meet in private. Meet at a public location that involves lots of other people. The more eyeballs the better.

T- Trust your gut, and don’t discount any troubling feelings you might have about your meeting. If anything seems wrong, then it IS wrong. Cancel if necessary.

E- Enlist a friend Whenever possible, bring along a someone. There is strength in numbers. Predators thrive on isolation. By paring up, you reduce the chances of being attacked.

L- Look street smart. Don’t wear expensive jewelry nor provocative clothes. Scarves and loose fitting clothing give attackers something to grab. Wear shoes you can run and kick in

I- Intelius can help Using a product like Intelius.com allows you to do a criminal check before meeting.

Unaware creates risk. Unfortunately there is risk in meeting someone you don’t know.  Being guarded can keep you from getting into a vulnerable situation.

S- Stay in communication Make it known to your spouse or a friend where you are going and when you will be back. Have them on your cell phone while you are meeting.

Robert Siciliano Identity Theft Speaker discussing all kinds of scams on TBS Movie and a Makeover