This NEW Sextortion Scam WILL Snare Victims and Make LOTS of $$

I received a sextortion email, to my actual inbox, not in spam, addressed specifically to me, with my name, my address, my phone number, and the worst part, a picture of my home.

Here’s how it began:

Subject line: Robert Siciliano

“Robert Siciliano,

I know that calling 617329XXXX or visiting (my actual address) would be a effective way to contact you if you don’t take action. Don’t even try to hide from this. You’ve no idea what I’m capable of in (my town).

I suggest you read this message carefully. Take a moment to chill, breathe, and analyze it thoroughly.

‘Cause we’re about to discuss a deal between you and me, and I ain’t playing games. You don’t know anything about me whereas I know EVERYTHING about you and right now, you are thinking how, correct?

Well, you’ve been a bit careless lately, scrolling through those videos and venturing into the darker corners of cyberspace. I installed a Malware on a porn website and you visited it to watch(if you know what I mean). And while you were busy watching our videos, your device began operating as a RDP (Remote Protocol) which provided me with complete control over your device. I can look at everything on your screen, flick on your cam and mic, and you wouldn’t even notice. Oh, and I’ve got access to all your emails, contacts, and social media accounts too.”

As the demand letter in PDF goes on, it gets more aggressive, more explicit. And ultimately provides a bitcoin account to pay into. At the bottom of the letter was an actual photograph of my house, not a photo that I’ve seen in Google maps. I’m not exactly sure where it came from.

This scam will work, and those who are sending it out are going to get paid and make a mint. It will succeed because it’s abrupt, it’s as if they know exactly who the victim is, and it’s targeted. I am sure there is some artificial intelligence at use, but there is definitely a human touching this. At some level this is being sent out by a bot, but again there is a human interacting with this message for clarity.

These sextortion email scams have been coming out for at least 6-8 years in various flavors. The ones that end up in your spam folder that don’t address the individual, often reference a stolen password from another data breach.

I’ve actually had a handful of colleagues and friends, who have received these Sextortion emails contact me in a bit of a panic wondering what they should do and whether or not they should pay the extortion. If you’re reading between the lines, it likely means they were actually “doing something” that’s referenced in the scam email. In other words, they think they got caught.

To their relief, but to their embarrassment, I would usually just talk them down and explain it’s a blanket email scam that everybody gets. As a result, I haven’t generally heard from those same people since, because of their embarrassment.

Sextortion is a form of blackmail that combines the words “sex” and “extortion”. It refers to a crime where someone threatens to distribute private and sensitive material of a sexual nature about a victim unless they comply with certain demands.

Key aspects of sextortion:

Definition: extortion involves threatening to expose sexually explicit images or information about a person to extort money, sexual favors, or other demands.

Methods:

– Often occurs online, using social media, messaging apps, or webcams

– Perpetrators may trick victims into sharing compromising images/videos

– They then threaten to share this content with the victim’s contacts unless demands are met.

Targets: While it can affect anyone, young people and males are frequently targeted.

Demands Typically include:

– Money

– Additional sexual content

– Sexual acts or favors

Psychological impact: Victims often feel ashamed, scared, and isolated, which can lead to severe emotional distress

Prevention and response:

If targeted by sextortion:

1. Stop all communication with the perpetrator immediately

2. Do not comply with demands or send money

3. Preserve evidence by taking screenshots

4. Report to law enforcement and relevant online platforms

5. Seek support from trusted individuals or counseling services

Sextortion is a serious crime with potentially devastating consequences. Awareness and education is crucial in preventing victimization and encouraging reporting of these incidents.

Now, it’s one thing when targeting adults, it’s another thing when targeting children or teenagers. In the past year, a good friend, a single mom, with an underage teen, contacted me shortly after her son paid the sextortion. He was duped into taking a full frontal in all his glory. Shortly after, the demand came in and he ended up paying $400 in bitcoin.

When I spoke to his mom, I explained to her that the $400 lesson learned is the least of her problems. That her job at this point was to make sure that the mental health of her boy was in order. We’ve seen far too many teenage boys kill themselves as a result of this form of sexual assault.

Sextortion has become an increasingly common and serious threat targeting teenagers, especially in recent years:

Prevalence and trends

– Reports of sextortion have risen dramatically, with over 800 reports received weekly by the National Center for Missing & Exploited Children.

– From October 2021 to March 2023, the FBI and Homeland Security Investigations received over 13,000 reports of online financial sextortion of minors.

Demographics of victims

– In reports containing gender and age data, 90% of financial sextortion victims were boys between 14-17 years old.

Platforms used

– Instagram appears to be the most commonly used platform for sextortion in the U.S., mentioned in 45.1% of reports indicating where first contact was made.

– Snapchat was the second most common platform for initial contact, mentioned in 31.6% of such reports.

Impact

– The FBI has observed at least a 20% increase in reporting of financially motivated sextortion incidents involving minor victims over a recent six-month period compared to the previous year.

– Of reports describing specific impacts, more than 1 in 6 mentioned self-harm or suicide.

– Sextortion has been linked to at least 20 suicides nationwide.

These statistics highlight the alarming prevalence and serious consequences of sextortion among teenagers, emphasizing the urgent need for awareness, prevention, and support measures.

Let’s get something straight, obviously, I’m a full-blown adult male, and I’m not engaging in activities on my computer or Webcam, that’s going to put me or my family at risk. Regardless, receiving an email like that, felt uncomfortable due to the spearphish nature of it. I knew in the first 30 seconds; it was a scam. I can promise you, hundreds of thousands of people will not recognize the scam nature of it. And teenagers, teenage boys, will likely be the next larger target.

Parents can take several important steps to help prevent sextortion and protect their teenagers:

Open Communication

– Create an environment of trust where teens feel comfortable discussing online experiences and concerns.

– Have regular, judgment-free conversations about digital safety and potential online risks.

– Assure teens they can come to you for help without fear of punishment if they encounter issues.

Education and Awareness

– Teach teens about the risks of sharing personal information or explicit content online.

– Explain how nothing sent or posted online is truly private.

– Discuss the tactics used by online predators and sextortion scammers.

– Emphasize the importance of privacy settings and being cautious about online interactions.

Set Guidelines

– Establish a family media plan with clear rules for device and internet use.

– Advise teens to never send compromising images to anyone, regardless of who they claim to be.

– Encourage teens to be skeptical of friend requests from strangers.

– Teach proper password security and the importance of not sharing passwords.

Monitor and Protect

– Use parental controls and privacy settings on teens’ devices.

– Consider using monitoring tools to stay informed about online activities.

– Advise teens to turn off devices and cover webcams when not in use.

Recognize Warning Signs

– Be alert to behavioral changes, increased anxiety, or withdrawal.

– Watch for unusual secrecy around digital devices or sudden changes in online habits.

By implementing these strategies, parents can significantly reduce the risk of their teens falling victim to sextortion schemes. The key is to maintain open lines of communication and create an environment where teens feel safe seeking help if they encounter problems online.

Robert Siciliano CSP, CSI, CITRMS is a security expert and private investigator with 30+ years experience, #1 Best Selling Amazon author of 5 books, and the architect of the CSI Protection certification; a Cyber Social Identity and Personal Protection security awareness training program. He is a frequent speaker and media commentator, and CEO of Safr.Me and Head Trainer at ProtectNowLLC.com.

Vacant Land Scam Warning Issued: Can You Spot These Red Flags?

Real estate agents nationwide need to be on alert for the Vacant Land Scam. A California Department of Real Estate (DRE) advisory issued in July noted what the DRE called “a sharp increase in real estate fraud involving identity theft and the sale of vacant land and unencumbered property.”

Similar vacant land scams have been reported throughout the United States. Do not assume that this warning does not apply if you are not in California. Every real estate agent should understand how the scam works, and how to spot the red flags of a potentially fraudulent transaction.

What Is a Vacant Land Scam?

Vacant land scam is an umbrella term that applies to any attempt to fraudulently sell real estate that the scammer does not own. While undeveloped land is the most common focus of these scams, criminals may attempt to sell residential or commercial buildings, condominiums or homes.

Scammers begin by researching properties through public records. They first look for properties that are free of mortgages and liens. They then look for properties that are likely to be unoccupied; undeveloped land, empty long-term rentals and out-of-season vacation rentals are among the most popular targets.

Criminals will then identify the owner of the property and attempt to assume their identity. Properties owned by the elderly or by foreign nationals are most often targeted. The scammer will pose as the property owner and hire a real estate agent to sell the property, pocketing cash from the transaction.

Vacant Land Scam Red Flags and Responses

The signs of a potential vacant land scam are easy to spot, and this is one of the simpler scams to thwart. Be on the lookout for the following:

The seller refuses to meet in person. This should be a red flag for any transaction. Scammers may claim to be too busy or to be out of the country and will claim that they cannot attend the closing. They will also resist video calls and prefer to communicate solely by text or email. The simple solution is to insist on an in-person or video meeting, or to require the seller to use a third-party identity verification service to prove their identity. Be sure this is a service that you choose, as some scammers may attempt to fake identity verification.

The offering price is well below market value. The scammer will claim that they want a quick sale, in cash, with a fast closing and the money wired to their account. There are legitimate reasons why a client would ask for these conditions, so you will need to balance these requests against other warning signs. One clear red flag is a client who refuses to provide an identifiable mailing address or bank account number and demands a wire transfer to a public location, such as a money transfer office.

The seller refuses to allow a For Sale sign on the property. This is a significant red flag that your agency can address by requiring a sign on any property that it lists. Grant an exception to this rule only on a limited basis, and only after someone else at the agency has reviewed the request and transaction details.

The seller provides their own notary. This is a significant warning sign for document fraud. Require all clients to use your in-house notary or a notary approved by your agency. If a client supplies their own notary, contact that individual directly to confirm they ae who they claim to be.

The vacant land scam is a form of identity theft that relies on real estate agents prioritizing service and convenience for a client over due diligence. When in doubt about a transaction, set those instincts aside and be skeptical. These next two steps will stop nearly any attempt at this scam:

  1. Have someone else review the property offer. Get a second set of eyes on the situation. Ask a colleague or manager to take a look at the property offer and circumstances and tell you what they think. Be neutral in your approach; if you ask someone if something looks suspicious, they may look for signs of fraud. If you ask someone to give their opinion of a situation, they are likely to evaluate it objectively.
  2. Contact the property owner of record. You can get access to the name and address of the property owner, which should give you a means of contacting them. In the worst case scenario, the deal is legitimate and the seller will recognize you. Simply tell them that this is an extra step your agency follows to prevent fraudulent real estate sales. If the property owner has no idea who you are or that their property is for sale, you will want to join them in reporting the fraud to law enforcement and your local real estate governing body.

Like all attempts at fraud, a vacant land scam requires you to trust details and situations that seem a little out of the ordinary. Learning to trust your instincts and to identify the common techniques used by scammers will help you identify and avoid most cyber attacks and pretexting attacks. Protect Now offers an in-depth Elearning program, Cyber, Social and Identity Protection Certification (CSI) that will give you the confidence and strategies you need to stop scammers. You can try a free CSI demo online at any time.

Protect Now also provides interactive in-person and virtual CSI cyber security employee training for groups that is CE eligible in many states. To learn more, contact us online or call us at 1-800-658-8311.

New Scam Targets Pay Later Users: What You Need to Tell Your Employees (and Maybe Your Customers)

A new Pay Later scam targets users with fake invoices that deliver funds directly to thieves. Those who have linked a Buy Now, Pay Later account to their PayPal may be at greater risk.

What Is the Pay Later Scam?

Scammers harvest emails to their mailing lists, then create fake invoices like the one below:

Buy now pay later

The invoice appears to come from a legitimate source. The link points to PayPal and seems legitimate because it is a real PayPal link. Scammers created the phony invoice, complete with the stolen Best Buy logo, to trick careless users into sending them money. These scam emails often arrive late in the afternoon or early in the evening, when you may be tired and less focused on specifics. If you were expecting a Best Buy invoice and saw a payment due at 7PM or 8PM, would you click the link? If it pointed to PayPal, would you be more likely to click it? Pay Later scammers are counting on that.

How to Avoid the Pay Later Scam

To avoid the Pay Later scam, remember one of the most basic rules of cyber securityNever click on links in emails. Always go to a company’s website, log in to your account (preferably with two-factor authentication), and complete payments manually. If you want to help PayPal crack down on these scams and encourage them to remove tools that allow scammers to create these fake invoices, you can report it to the PayPal Security Center.

As an extra layer of security, try to avoid associating Pay Later services, such as Affirm, Afterpay or Sezzle, with PayPal accounts or bank accounts. The extra time it takes to put in your information and authorize a transaction, versus simply clicking a link, may be the time you need to recognize a fraudulent invoice. Also try to avoid paying invoices late in the day or when you are distracted.

Inform Your Employees About Pay Later Scams

If you own or run a business, you should be in the habit of reporting new scams to your employees for two reasons:

  1. Scammed employees are unhappy employees, and unhappy employees are less productive. It can take days to undo the personal financial damage from a scam. Set up a program to provide regular emails to your employees when new scams get reported, both business and personal.
  2. Once someone interacts with a criminal, more criminals show up. Scammers are always hunting for “hot” targets. What begins as an individual attack can escalate into phishing attacks that jeopardize your cyber security.

Should I Tell My Customers About Pay Later Scams?

Imagine the reaction of someone victimized by a Pay Later scam. They are going to blame themselves, but they may also blame everyone else involved, including the business that was spoofed in the scam and the platform that processed the payment. That’s a small amount of damage to a company’s reputation, but those small amounts add up over time.

Larger companies may lack the means to notify every customer of every scam and often are not aware that their identities have been spoofed. Companies should take steps to be both proactive and reactive when scams like this appear.

Proactive means informing your customers at the point of sale and in every email that you will not send them links to pay their bills. (If you are sending links to pay bills, please stop.) Remind customers to always go to your website and log in to complete a financial transaction.

Reactive means alerting customers when scams like Pay Later reach your desk. If customers start complaining about fake invoices or invoices they believed that they paid, it’s time to investigate the source and take action. Reach out to impacted customers and request copies of the emails they received, then send an alert to your customers informing them of the scam and reminding them not to click links in emails. This step may take a little time to complete, but the goodwill it builds will justify the cost.

The Tricks Behind the Clicks: Cyber Scams and Psychology

What is it that makes people fall for scams? Cybercrime is as hot as ever, with new and more creative scams popping up all the time. There is plenty of focus on spotting scams, but less so on what makes people miss the signs.

The Tricks Behind the Clicks: Cyber Scams and PsychologyMartina Dove, Ph.D., is a senior UX researcher at Tripwire and an expert in fraud psychology. Her research into the brain’s reaction to cyber scams and how the human mind operates when presented with a scam makes for an interesting read. On top of this, it also takes a look at fraud, and how susceptible we are to it, and it does this by using Dove’s own model.

Cybercrime from a Psychological Standpoint 

Discussions around cyber security often center on the technical aspects of security and data protection for businesses and people’s personal lives. New gadgets, devices, controls, and defenses are constantly circulating- which helps the fight to fortify our information and secure the confusing and tricky online environment.

Trust is a fundamental human trait. Humans trust by default. Scammers capitalize on this knowing that people look at life and scams and trust first, and scrutinize later. The hard part is how we can best keep ourselves, and our minds, safe against scams and where the holes might lie. The fundamental psychology behind the cybercrime mentality is underexplored, and so far, discussions often go no further than scratching the surface.

This is surprising, considering that it has such huge impact on what motivates people on either side of a scam. According to the latest Verizon Data Breach Investigations Report (DBIR)social engineering is the most common type of attack in regard to cybercrimes.

The psychological elements of how phishing emails are presented, the power of persuasion, and what makes people fall for scams are all important to really understand how things work and ultimately how to avoid becoming a victim.

Martina Dove’s Research into Fraud Psychology and Scams 

Few people have provided quite as much insight into this topic as Dove. Having specialized in fraud psychology, Dove became particularly interested in the concept of gullibility when pursuing her master’s degree and ultimately decided to carry it through into her Ph.D.

In an interview with Tim Erlin of Tripwire, Dove said that she had always been interested in the idea of gullibility, which is what makes a person gullible- and what it really means to be a gullible person. After reading an article published by two psychology researchers who were exploring the tricks and techniques used by scammers (particularly in phishing emails), Dove decided to drive her own studies down a similar route, diving deeper into the human psyche and scam vulnerability.

The main point of this research is a fraud susceptibility model that looks at the ins and outs of what puts a person at risk on a psychological level of falling victim to spam, scams, and phishing.

According to Dove, it was not her intention to create a model when she first started- the research naturally took her in that direction as she uncovered more fascinating theories about persuasive techniques, thought processing, and personalities that may influence how people react to these attacks.

Martina Dove’s Ph.D. research has also been turned into a book called The Psychology of Fraud, Persuasion, and Scam Techniques, which is available on Amazon.

The Fraud Susceptibility Model 

The research that ultimately led to the model in Dove’s book started as a questionnaire designed to build a “measurable scale of fraud vulnerability.” It was scorable, with the answers determining what areas of a person’s personality put them at risk.

After a series of tests and experimental studies, along with expert analysis and validation, the model just created itself. Dove explained that some factors that influence susceptibility could actually be mapped and used to predict a person’s natural reaction when faced with a fraudulent situation. The fraud psychology expert also went on to describe how the model is used to determine compliance and the reasons behind it, as well as how people strategize after they realize they have been victimized.

It looks into the characteristics that leave a person most susceptible at each stage of a scam.

1.   Precursors

How do personal circumstances- emotional, social, financial, etc. – influence how we react to fraud? Does our demographic play a role? Our family situations? Essentially, how great an impact do our social surroundings and everything that comes with them have on our ability to identify and avoid scams?

2.   Engagement with scammers

Once a person is on the hook, what techniques does the scammer use, and how do personal character traits change how we respond? What types of persuasion works best on different personalities, and how do scammers identify and exploit these vulnerabilities?

3.   Dealing with victimization

Dove’s model explores the conscious versus unconscious decision-making processes that occur when people deal with phishing emails and other fraudulent communications- and after they realize they have been fooled. How do people accept what happened, and how does it impact their behaviors?

Throughout her research, Dove shares examples of circumstances and characteristics that can make people more or less susceptible.

  • Group mentality: Someone who is highly concerned with being part of a group and uncomfortable going against the status quo may ignore signals of uncertainty and doubt if others disagree.
  • Compliance: Naturally compliant individuals are hardwired to follow instructions. Scams prey on this, hoping that the ‘no questions asked’ mentality is enough to make a person adhere to requests.
  • Impulse: Impulsive people are less likely to take time to assess a situation and take the necessary steps to confirm a source or authenticity. Those who tend to favor fast decision-making over meticulous processes are more likely to become fraud victims.
  • Belief in justice: It may sound strange, but people who believe criminals will get caught and that bad things don’t happen to good people are vulnerable. Because they don’t see these things as pressing threats, they may overlook obvious signs. The naivety that says, “this won’t happen to me- I am a good person,” is potentially dangerous.
  • Background knowledge and self-evaluation: How much a person knows- or thinks they know- about cyber security can be a hindrance. People assume that their understanding of how scams work and what to look out for will protect them from becoming victims. This is, to a point, true, but it can also make people complacent. Being an expert in a field doesn’t disqualify a person from falling victim to targeted fraudulent communication.
  • Reliance on authority and social confirmation: If someone is particularly concerned with what others think, they may be at more risk. Authority-driven individuals may make decisions based on the belief it is a request from a superior, and socially-driven people may go along with something because of influence from friends or family.
  • A general predisposition to scams: According to a study published via ScienceDirect, some people are just prone to fraud because of their engagement levels. Everything about them may suggest otherwise, but they have something in them that makes them more likely to go along with a scam.

Examples of Scams and Victim Profiles 

Here are two examples of scams and the types of psychological profiles they are likely to target. 

  • Business Email Compromise Scam: The basis of this type of scam is a boss or member of management emailing an employee asking for urgent funds. It preys on qualities such as compliance, obedience, respect for authority, and hierarchical values. People who have a strong belief in the pecking order are less likely to question a demand made by a superior and are therefore more likely to comply without hesitation.
  • Sexploitation Scams: These scams use fear as the driving force to get people to comply with demands. A scammer working in this field uses language to evoke a person’s most primal drives- hoping their influence takes over the more practical aspects of human thinking. Anyone can struggle to make intelligent decisions when they are especially scared or excited, but someone prone to fast emotions is more likely to be a prime target.

It is interesting to see how different these two examples are, which shows how much a person’s emotional makeup and core values can impact their likelihood to become a victim of fraud.

The Challenges Facing Scam Awareness 

As Tim Erlin rightfully pointed out during his interview with Martina Dove– a significant challenge that stalls the progress of beating cyber criminals is the underlying sense of shame and embarrassment many scam victims feel. He stated that people don’t want to admit they fell for it and may not even report that it ever happened. This, sadly, is true and only adds to the stigma of fraud victimization- making it harder to build a substantial defense against these crimes.

Furthermore, there is a dangerous habit out there of immediately labeling scam victims as stupid, making them feel guilty for being the target of what is, at the end of the day, a crime. Fraud is as real as robbery, yet the victims are treated very differently.

Increasing the awareness and understanding of why these things happen and changing the narrative of how victims are perceived could help bring a more accepting mainstream view.

How Can Martina Dove’s Research Help with Fraud Awareness Training? 

Modern businesses are acutely aware of the very real risk of cyber scams and take steps to protect and educate their staff, but is there enough focus on vulnerability rather than vigilance? The idea that anyone can fall for a scam needs to be more publicized, and people made aware of what exactly is it about a person’s personality and psychology that makes them vulnerable.

As cyber security professionals can confirm- the human aspect is and always has been the weak link in the defense chain because people can make mistakes, and the brain is open to mind games. If scammers are getting better at playing on the mind, then security experts need to get better at educating people on how this exploitation works.

Using Dove’s research to make anti-fraud training more human-focused and interactive could be the difference between a person falling victim and feeling ashamed and being aware of emotions used against them- and being able to stop an attack in its tracks.  

Practical Advice for People at Risk

As part of Dove’s research, she complied a checklist of actions to take towards proactively identifying potential scams and avoiding being drawn into the deception. Here is a brief summary of the key points for consideration. 

  • Question how it makes you feel: Scams play on emotion and aim to evoke a strong reaction, so how you feel when you read something could be an instant warning sign.
  • Look for further language clues: Is there any wording that seems overly strong or makes you feel bad in a way that seems unnatural?
  • Beware of links: A quick and convenient ‘click here to solve your problems’ may not be what it seems. Only access trusted links and log into any secure accounts via the official portals and never through an email.
  • Make space for rationality amongst emotion: Understand that what you feel in the moment could have been engineered through clever psychological tricks and attacks. Take a step back, wait to make a decision, and ask for opinions from family and friends if you are not sure about how to proceed.
  • Scrutinize the details: Look into correspondence for any sign of falsification or something that just doesn’t feel right. Emotional people may be quick to act, but they can also have strong senses of instinct.
  • Don’t rush to action, no matter the request: Sometimes, a pause is all it takes. Stopping and thinking is never bad practice in any walk of life or decision to be made.  

Final Thoughts 

Everyone was not created equally when it comes to emotions and how they drive our thoughts. Moderating how they impact decisions and how vulnerable they make us to gullibility is not easy, and greater awareness is needed.

The ties drawn between psychology and cybercrime are truly fascinating and open up an interesting and far overdue conversation about the correlations.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Are you a Target of a List Scam? WARNING: You Probably Are

You might not realize it, but there are scammers out there that are focused on conference attendees and exhibitors. What do they want? They want money wires, credit card numbers, and any personal information that they can use to steal a person’s identity. One way that a scammer can get this info is by using an invitation scam or a list scam.

scamBasically, if you are a person who is registered for a conference, if you are a conference vendor, or if you are speaking at a conference, you might receive an email…or a number of emails…that invite you to attend a conference. They might also offer to sell you a list of people who will attend the conference, and their contact information. This, of course, could be beneficial for you, but it is too good to be true? It certainly is.

Lists Like These are Lies

With these scams, many people are targets, as well as associations. If you do an internet search for “Attendee List Sales Scam“, you will find a number of associations that have members and those interested in marketing to members, which are targeted by a criminal or criminals to purchase lists that don’t exist.

It may sound great to get a list like this, which will give you access to this information, including contact information for attendees. But they are all lies. On top of this, getting this info might even be illegal.

Consider this for a moment…when you sign up for a conference, did you opt-in to have your personal info shared with other people? Likely not, and that may also mean that other attendees didn’t do this, either.

To find out if a list might be legitimate, look at the policies for the conference. Do they give info to third parties? Do they sell or rent these lists? Is the company name that contacted you on the list of third-party vendors? If all of this seems legitimate, the list is probably fine…but if not, it’s a total lie.

If you believe that you are dealing with a liar, the first thing you should do is contact the Better Business Bureau online and find out if the company is legitimate, or not. If it is a scam, you can read information and reports from other people. If it is not a scam, but you are not interested in anything from them, simply mark the email as spam. If you believe you are dealing with a scammer, considering letting the association or meeting planner aware of the scam, or, don’t do anything. Instead, delete the email. In most cases, these scammers are just looking for an active email address, and if you reply or unsubscribe, they will know your email is active.

Other Conference Invitation Scams

Another type of conference scam is when attendees are told about exhibitors that don’t exist. This might push people to sign up for a conference, when in reality, those exhibitors won’t be there. In some cases, you might even find that the conference itself won’t be there! Instead, they are just fishing for your information by telling you a great exhibitor will be there.

So, if you are in this situation, the first thing to do is to start researching. First, look up the name of the person who contacted you online. See if they say who they are. Look for their LinkedIn profile, or look for reviews on them. You can also contact the venue where the conference is set to be held. Ask if the conference will be there. Before you send your fee, look to see if there is any cancellation or refund policy in place. You also should do some research about the company’s reputation. Finally, make sure that you only pay for a conference with your credit card. This way, you won’t be held liable for the fee if this is a scam. You can get your money back, and all legitimate conference companies will be very happy to take your credit card and all credit card companies will refund your money as long as you detect the fraud in short order.

Even More Scams

There are even more scams to be aware of, too. One of these is when a scammer begins to contact attendees about hotel reservations. However, once you pay, you find out it’s a scam. Typically, a scammer who does this scam contacts the attendees and explains that they are a representative for the hotel hosting the conference. They then tell you that their rates are rising quickly, or that rooms are close to selling out, so you must act quickly if you want a room. Of course, they can take all of your information over the phone, including your credit card number. Once you do this, you have just given a scammer all of the information they need to start spending.

If you are in doubt, you can contact the organizers of the trade show directly, and then ask who is booking it. If things don’t sound legitimate, you should give them the name of the company you believe is scamming you so they can pass off the information to others.

Understand Your Options

  • It is imperative that when you sign up to attend or present a conference that you only interact with the company that is running the conference.
  • If you have any doubts you can confirm with the company that the offers you are getting from the third-party are correct.
  • You also can get an official list of official vendors from the meeting planner.
  • Keep in mind that any legitimate company might have your personal info, but they won’t release that information to third parties without your permission.
  • Sometimes an exhibitor might get the mailing address of an attendee. You can opt out of this, though. It might be harmless, but that doesn’t mean all of them are.

Wi-Fi Hacking

Finally, you want to keep an eye out for Wi-Fi hacking. This common scam targets conference goers, too. When you go to a conference or a trade show, you can connect to the free Wi-Fi, right? This allows you to stay connected, and also ensures everything runs smoothly if you are running a booth. Hackers, of course, know this, so they create and set up fake networks. Once these are set up, you can connect to them without even knowing…and then they have

access to your device. They can then take your info and watch what you are doing online. Utilize a VPN to prevent any Wi-Fi intrusions.

Remember, these fake networks look very similar to real networks that might be set up by the conference. So, you always want to double check before you connect, and if you are in doubt, ask one of the organizers which one is legitimate. They can confirm the network for you.

There are always scammers out there, especially when you are going to a conference. There are simply too many opportunities for scams for them to pass this up. Fortunately, you can follow the advice above and make sure that you report any suspicious activity. Not only can this protect others, but it can stop scammers in their tracks.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Protecting Yourself from Gift Card Scams

It doesn’t matter what the occasion is, gift cards are a popular gift. However, if you are giving them, or getting them, you could be part of a scam. There are more gift card scams out there than you might think, and it includes both digital and physical cards.

gift cardIt doesn’t matter where you get the card, here are two ways that scammers use them to make money:

The “Assistant Gift Card Scam”

Small businesses are often the target of the assistant gift card scam. We see this a lot in the financial services industry, or really any other industry where you have a service professional who has assistant that manages administrative tasks.

The scam works like this: the scammer scopes out the service professionals website, he might make a phone call or send an email seeking out a secretary or assistant, and then reaches out to that assistant usually via email or even text, spoofing the communication medium and posing as the service professional.

In that communication, the criminal posing as the service professional requests the administrator go out and buy five gift cards for clients and to send pictures of the gift cards with the activation codes on the back scratched off.

Once the criminal receives the photos with the codes, he immediately cashes them in.

The best way to prevent this, is always by getting on the telephone and calling your boss to make sure that the request for gift cards is a legitimate one.

Using a Gift Card to Transform it to Cash

If you get a $200 gift card to a store, and then it’s stolen, it’s like you have lost money. It’s essentially the same as if someone stole $200 from your pocket. You might be wondering how a scammer can turn a gift card into cash. Here’s how it works:

  • The thief takes a gift card out of your gym locker.
  • Instead of using it it at the store, he puts an ad online offering it at a $50 discount saying he’s in a rough spot and needs cash.
  • Someone takes him up on the offer and sends him $150 via Venmo.
  • The thief then goes and uses the gift card at the store. He takes the item he bought and sells it on eBay….and never ships the card to the person who bought it.
  • So now, he has the $150 plus the cash he got from selling the item he bought.

Infiltrating Gift Card Accounts Online

Another way that a thief can scam people by using gift cards is by taking advantage of software. They use a botnet which is also a robot network of computers design to hack, to gain access to an online gift card account. Here’s how it works:

  • You log into your gift card account.
  • The botnet also tries to log into your account. They randomly keep trying until they guess the password/code.
  • Though it’s not guaranteed, the botnet could guess the password/code for your gift card, and if it does, you can say goodbye to the balance.

Protecting Yourself from Gift Card Scams

  • Don’t believe everything you read online. If a deal is too good to be true, it probably is.
  • Anytime a service professional requests a straighter buy a bunch of gift cards, get on the phone and talk to that person directly to confirm the legitimacy of the request.
  • Buy a gift card straight from the source, not from a random Facebook ad.
  • Don’t buy any gift cards at a high traffic location as it’s easy for scammers to hide their scam.
  • Change the security code of the card if you can.
  • If you have access to an online account, change your password and username.
  • As soon as you suspect something fraudulent is going on, report it.
  • Spend the money on the card as quickly as possible.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Be Aware of These IRS Stimulus Check Scam Tactics

The IRS has taken the step of urging taxpayers to be aware of emails and calls that can lead to people giving up their personal info to cybercriminals.

The IRS has been telling taxpayers to take more care than before during this time. They has also reminded people that the IRS does not call taxpayers to collect or verify financial information in order to get a faster refund. The IRS also will never email nor text you asking for any information.

Cyberthieves have been taking advantage of people in times of trouble, and now that we are literally in the middle of a global pandemic, these scams are definitely on the rise.

Don’t Fall for It!

The IRS has seen many more phishing scams than ever before. It is easier for scammers to get money than you might think. All they have to do is give the IRS fake bank information. In most cases these days, the IRS will direct deposit payments right into the bank accounts of taxpayers. If you have never provided this, you can go online and do it…but so can scammers. If the IRS doesn’t get this information, it begins mailing checks, and of course, these can be intercepted by a scammer.

It is also important that you realize that people who have retired and don’t have to file a tax return simply get a check. They don’t have to do anything, and this makes retirees common targets for cybercriminals. The bad guys often reach out to older people by phone, mail, or email and ask for information such as their bank account number or Social Security number in order to verify their check. But remember…the IRS will never contact taxpayers via phone.

Additional Information

There are a number of signs that something could be a scam, and the IRS wants to remind people of this. Here are some of those signs:

  • In the case of the stimulus checks, the official name is the “Economic Impact Payment.” If you see other terms, like “Stimulus Check” or “Stimulus Payment,” it is probably a fake.
  • If you are asked to sign over a check to someone, it is definitely a scam.
  • If you are asked to verify your financial or personal information via text, mail, phone, or social media, it is a scam.
  • If the check you receive doesn’t look right, it is a scam.
  • If someone contacts you and says you can get your check faster if you give them more information, it is a scam.

How to Report an IRS Scam

If you think you are a victim of this type of scam, you should report it. If you get a fishy email, you should forward it to phishing@irs.gov. Experts also recommend that you don’t engage with cybercriminals on the internet or the phone. You can read more about this on the IRS website.

If you have questions about how the IRS is dealing with the coronavirus pandemic, you can look at the agencies Coronavirus Tax Relief page on the internet.

Finally, consider identity theft protection services. While none of these services will prevent tax related identity theft, there are expert restoration agents on the ready to work with potential victims of this type of crime.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Gift Card Scams: What You Need to Know

You might not realize it, but hackers are making a ton of money thanks to phishing attacks, and now they have started to focus on gift cards. Scarlet Widow, which is a notorious scam group out of Nigeria, has really been boosting its efforts to romance scam people and using gift cards. The group is typically focused on people in the US and UK, and is also well known for tax scams, and rental scams.

Gift Card ScamsAre you a person who is at risk of being scammed by a group like Scarlet Widow? The group generally focuses on large or medium sized businesses including non-profits, such as the Boy Scouts of America, the United Way, and the YMCA. The scammers work by sending staff members emails, and though most people notice immediately that these emails are actually scams, it only takes one email to put a company at risk.

Common Targets

From around November of 2017 to today, Scarlet Widow has been targeting thousands of people and non-profits. It is also targeting the tax and education industries. Remember, the group only wins if they get access to email addresses from these organization, and they might put malware into the systems or use phishing links. Honestly, it doesn’t matter what method the hackers use, once they are in, the scam begins.

What is the Scam? 

So, what is the scam? Scarlet Widow tends to use traditional scams, but these days, the group has started using gift card scams. When we look at data from late 2018, we see that more than 25% of people who were scammed during that year said that they were victims of gift card scams.

The thing is, scammers really love this type of scam because they have fast access to cash, they can do it all anonymously, and once the scam is done, it is very hard to fix. Basically, all the scammer has to do is sweet talk their way into having someone buy a gift car, taking a photo of it, and they now have the money that was on it.

Typically, Scarlet Widow asked for iTunes or Google Play cards, but they have also been known to ask for gift cards from place like Walgreens, Target, or CVS. You might think it’s a bit strange that these people could actually con others to pay for services like cell phone service with a Visa gift card but remember…these are experts at manipulating people.

They often come up with a story about a sense of urgency, like this amazing deal will expire in three hours, and people actually fall for it. One example of this is an administrator from a financial advisory company I’ve worked with actually sent a scammer $1500 in iTunes gift cards. Why did she do it? She was duped into thinking the email was coming from the head of the finance department in the company she worked for.

One way to get a hold on this is to set up some type of security awareness training, but I even know someone in the industry who fell for it. It was an assistant of a security awareness trainer. She got an email that she believed was from her boss. It asked for five $500 Apple gift cards, which were going to be sent to their top five clients. So, the assistant went to Walgreens, bought five cards, and then, just as the email said, she scratched them to reveal the codes, took photos, and sent them back to her boss.  Except, it wasn’t her boss…it was a scammer who was now $2500 richer.

There are some limits to what scammers can do with gift cards, but they will do anything they can to get more money coming into their pockets. So, if you ever get a request for a gift card, be smart and use a ton of caution.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

10 Ways to Keep Yourself Safe from Shopping Scams During the Holidays

The winter holidays are a time for friends, family, and fun…and also fraud. Here are 10 ways that you can protect yourself from shopping scams this holiday season:

Gift Card Scams

Don’t ever give anyone your credit card information to claim a gift card that you hear about via email.

Shop Smart

Online shopping? Don’t do it while connected to a public Wi-Fi connection. These are not secure, and anyone can get access to your bank account, credit card, or log in information. Instead, use a VPN or your home network.

Be Careful with Coupons

Coupons can be great deals, but if they look too good to be true, you should assume that it is

Protect Your Passwords

Make sure you change passwords regularly for all sensitive accounts. Also, make sure that you don’t repeat passwords from account to account. When you create your passwords, you should randomly make them a mixture of both upper- and lower-case letters along with symbols and numbers. Make it at least 12 characters. You can use a password manager to help you remember it.

Set Up Two Step Verification

Consider setting up two step verification. Once you log into an account, you will receive a numerical code via text, which serves as a second verification for your account. This stops people from logging into an account unless they have both your log in information and your phone.

Think Before Clicking

Don’t click on links that come into your email, even if you think it’s from someone or a company you know. Big companies like Walmart, Kohl’s, Macy’s, etc, usually do not send links like this in email, so if you see one, ignore it. Scammers create these links in the hope that you will click it. If you do click one, it may download a virus to your computer or take you to a fake site, where you might be tricked into entering your credit card information.

Keep Your Bank and Credit Card Secure

Look into the type of security measures that your bank uses, and then use them. You also might consider setting up push notifications or push alerts through your credit card company so you get an email or text message with every charge.

Employment Scams

You are likely to see ads during this time a year that advertises for jobs that pay way more than they should. $50 an hour for filling out surveys? Skip it.

Review Your Financial Health

Each month take some time to review all of your financial accounts to see if there is any activity that seems suspicious. Even a small charge can be very suspicious. Often, a scammer will make a small transaction to test things out.

HTTP vs. HTTPS

When you see an “S” at the end of the HTTP portion of the URL, it means that the site is secure. Only do shopping on sites with that “S.” Finally, make sure you update your browser before you shop.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Beware of these Pandemic Phishing Scams

These days, even though we are all, for the most part, stuck at home, trying to be safe from COVID-19, that doesn’t mean that we are safe from cybercrime. Cybercriminals continue to target victims, even in this environment, and many of these scams are related to COVID-19. This is pretty common when something like a crisis comes down, so you have to remain vigilant as you go through your daily life. Here are some of the things you should be looking for and being aware of:

phishing scamRelief Fund Scams

As we look towards our government officials for help, they have been sending out money to people who have lost their jobs or become impacted financially by the COVID-19 crisis. Criminals have started to create phishing scams that look identical to the correspondence that might come from the government. They do this to trick people into revealing their personal information. Currently, if you are in the UK, Australia, or the US, you are probably being targeted.

Infection Maps that are Malicious

Cybercriminals are also taking advantage of the public’s interest in COVID-19 infection maps. Organizations like Johns Hopkins are creating these maps, but cybercriminals are following close behind and releasing their own. All they have to do is set up their own websites, and then stick malware in them. They can do this for little to no money, and then they can make a huge profit thanks to ID theft and other dastardly deeds.

Impersonating Official Health Organizations

You also need to keep an eye out for cybercriminals who are impersonating official health organizations, including WHO – the World Health Organization, or the CDC – Centers for Disease Control. They are doing this by designing a number of different phishing scams. These started all the way back in February, and they are continuing to be sent. The criminals are setting up a sense of urgency, so that people are more apt to give up their information.

Scams with COVID-19 Testing Kits

There is also a lot of interest in COVID-19 testing kits, and as you might imagine…the bad guys are targeting these people, too. Not only are these scams spreading via email, according to the FCC, Federal Communications Commission, but also with robocalls, text smishing, and more. The FCC has even announced that it has found a big range of robocall scams that are associated with coronavirus, including things like debt consolidation, work at home opportunities, and even student loan repayment plans. There are also specific scams that are targeting small businesses.

Medical Supply Scams

Finally, we have medical supply scams. These are similar to the testing kit scams but the cybercriminals are using these medical supplies, like masks and gloves, as a lure to get people to give them money. There are more and more of these websites popping up with huge discounts on medical supplies. Many of these sites are offering limited-time sales and want Bitcoin for payment, which is a big sign that you could be getting scammed.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program and the home security expert for Porch.com