Cybercriminals Target Senior Citizens

Cyber scams happen to the young and the old, the rich and the poor. It doesn’t matter how good or bad your credit is, or whether or not you have a credit card. Cybercriminals target everyone, regardless of how much or how little you rely on a computer.

The lowest of the lowlifes, however, tend to prey upon the weak and uninformed. And all too often, that means children or elderly.

Senior citizens are in a unique position because they often have money in the bank, plus access to additional lines of credit. They are less likely to be frequent Internet users, relative to younger generations, and are therefore less likely to be aware of the many scams that may be targeting them.

Many common scams take place using the telephone rather than the Internet, such as “grandparent scams,” in which victims receive calls from their supposed grandchildren, requesting money.

Online, beware of social media and dating scams. Not everyone who contacts you online is your friend, so be cautious before sharing personal information. Never, under any circumstances, should you send money on the basis an online relationship.

You’re most likely heard the term “phishing,” and have certainly received a fake email at some point. But scammers are getting better at creating targeted, personalized emails that include your name, email address, and even stolen account numbers. Never click any links within an email. Instead, go to your favorites menu or manually type the address into the address bar. If you suspect that an email might not be legitimate, hit delete.

Scammers are constantly searching for the information they need to take over your existing accounts, either by hacking into your own personal computer or by stealing data from your bank, credit card company, a government agency, or any other institution that keeps personal data on file. To prevent account takeover, keep your antivirus software updated, and pay close attention to all your bank statements. Refute any unauthorized transactions right away.

Bad guys love your Social Security number, because they can use it to open new credit accounts in your name. You’ve probably disclosed your Social Security number hundreds of times in your life, and can’t avoid disclosing it in the future. But you can protect yourself with identity theft protection and a credit freeze.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss how to protect yourself from identity theft on (Disclosures)


Grandmother Taken for $5400 in Online Dating Scam

All my life, I’ve been waiting for someone to give me a million dollars in diamonds, which have been willed to me by my long-lost Somalian stepfather, who’s supposedly the third generation dictator under the humble Mr. George Kinneus the Third. Or something like that.

If you receive an offer resembling that one, run for the hills.

This is what happened to the 55-year-old grandmother in New Zealand, who was simply looking for love online. She was checking out her prospects on, the most popular dating site. The grandmother got a “wink,” which is like a “poke” on Facebook, from “kiwibloke25.” According to his profile, “kiwibloke25” was a 55-year-old man seeking a serious relationship with a woman between 49 and 68 years old.

In his first message, he told the grandmother that she “[seemed] to be the type of person he [was] looking for,” and gave her his personal email address. Soon they were exchanging emails and talking on the phone. The man shared numerous intimate details about his life.

Exchanges like these lure unsuspecting victims into scammers’ traps. In this case, “kiwibloke25” claimed to have been robbed by Somalian gangsters while traveling through Dubai, and asked his victim for $5400 to cover the duty on some diamonds he had supposedly purchased. She wired him the money but became suspicious when he asked for more, to pay for a company to securely transfer the diamonds back to New Zealand. She then discovered that “kiwibloke25,” as she thought she knew him, never existed at all.

If you use an online dating service, be on guard for scams. Stick to legitimate, well-known websites, and get referrals from friends who have successfully met romantic partners online. But never let your guard down.

When creating your dating profile, never post personal information, including your middle name, full address, phone number or entire birth date.

To vet potential dates, look for information about them elsewhere online, and confirm that it matches the information in their online dating profiles.

If a potential date asks for a loan or any financial information, report them to the dating website immediately.

Dating sites could protect users by incorporating device identification, device reputation and risk profiling services to keep scammers out. Oregon-based iovation Inc. offers the world’s leading device reputation service, called ReputationManager 360.  It has been recognized over the past few years for “Best New Technology” used by the internet dating industry. This service is established and has protected over 2 billion online dating activities for its clients and has flagged 2.7 million of those identified as scams and solicitations, spam, identity mining/phishing, profile representation and other abuses.  Stopping scams and abusive behavior upfront greatly helps online dating sites not only protect their brand reputation, but most importantly protect their active members.

According to Industry Consultant, Mark Brooks, “The dating industry uses three lines of defense against scammers and abuse: automated software defense, user flagging and customer/abuse teams. iovation’s technology has enabled many dating sites to work together to beat scammers.”

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses dating security on E! True Hollywood Stories. (Disclosures)

Auction Fraud is the Third Most Common Internet Complaint

The Internet Crime Complaint Center fielded 303,809 reports of cybercrime in 2010. Of those cybercrime reports, auction fraud was the third most common complaint.

Auction fraud refers to fraudulent transactions on online auctions. Either a product advertised for sale is misrepresented, or purchases are never delivered at all.

The IC3’s annual report explains, “Historically, auction fraud has been the leading complaint reported by victims, with a high of 71.2 percent of all referrals in 2004. However, in 2010, auction fraud represents slightly more than 10 percent of referrals. This demonstrates the growing diversification of crimes related to the Internet.”

In other words, auction fraud is still profitable for scammers, and they’ve also discovered many new techniques for scamming consumers.

IC3 advises consumers against conducting online transactions with anyone who exhibits the following suspicious behavior:

  • The seller creates an online auction as though he resides in the United States, but responds to buyers with an email claiming he’s outside the United States for business reasons or a family emergency. Or, the seller posts the auction under one name, but asks for payment to be transferred to a different name.
  • The seller requests payment via Western Union, MoneyGram, or bank-to-bank wire transfer. This makes the money virtually unrecoverable once the victim discovers the scam. Any transaction involving a money transfer control number (MTCN) may indicate fraud.
  • The seller poses as an authorized dealer or factory representative in a country where there are no such dealers.
  • The buyer asks for a purchase to be shipped to another via a particular method in order to avoid customs or taxes.
  • The buyer uses a credit card for which the billing address does not match the shipping address. Always secure the cardholder’s authorization before shipping any purchased items.

Online classified and auction websites could prevent fraud and protect their users by incorporating device reputation management. One anti-fraud service getting lots of attention for its fast and effective results is iovation’s ReputationManager 360. This service incorporates device identification, device reputation, and real-time risk profiling. It is used by hundreds of online businesses to prevent fraud and abuse by analyzing the computer, smartphone, or tablet connecting to their online properties.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses scammers and thieves on The Big Idea with Donny Deutsch. (Disclosures)

Craigslist Scammers Ship Checks Via FedEx

FedEx isn’t responsible for this scam, but their brand unintentionally lends credibility to the scammers, who reference FedEx in their scammy emails, knowing that aligning with FedEx helps their scam proliferate. It’s an insidious ruse that hurts all involved.

FedEx can and should deny suspicious online transactions. Moneygram and Western Union could also make some effort to deter scammers. It’s hard to weed out the bad guys, but there are technologies that help.

What kind of scam am I talking about? A good friend recently called to ask what I know about check scams. He had received a $2,400 check from a major chemical company via FedEx. He had no idea why, but mentioned that he had placed an add on Craigslist, asking $150 for an item he wished to sell, and that a deaf woman had called him through a translating service and offered to FedEx a check.

I explained that this is advanced fee fraud, or a shipping scam, and that he will undoubtedly receive an email demanding that the difference be paid to shippers.

Maybe the scammer pretended to be deaf, using the translator service as a third party to scramble the caller’s location. Or maybe the buyer really was a deaf woman.

But why send a check for $2,400, and why from a chemical company? Probably because it was the only seemingly legitimate check the scammer had printed up at the time, and it’s a nice score if he sends back the $2,250 difference.

My buddy was flabbergasted to think that anyone would fall for such a scam, and insisted that if someone came to his house to pick up the purchased item and demanded he pay the purchaser $2,250, he’d punch them in the face.

Shortly after getting off the phone with me, he received this email:

“Hello Dean,

How are you doing today?

The check has been delivered via Fedex,Thanks for your honesty towards this transaction so far.Well, the overpayment is meant to cover the cost of shipment for the item alongside my other properties including tax and insurance plus the movers and agent fees.

Please deposit the check today so that it clears tomorrow after the check has cleared,All you have to do is go the bank and have the rest of the money withdrawn in cash and have it sent to the movers via money gram

Here’s the movers information below.

Name : Jason Shambaugh

Address : 2330 Contra Costa Blv

City : Pleasant Hill

state : CA

Post code : 94523

Do let me know your schedule for the week regarding pickup as i have some other properties to be moved alongside the item. Please do act accordingly as agreed after deducting your money for the item, make the rest fund available to the movers via money gram Money Transfer at any of their outlet around you or check on{click find us} and check for their outlets around and get back to me with the transfer details below (as it appears on the receipt) so i can contact the movers for the pick-up at your location ….Deduct the money gram money transfer charges from my fund also $50 for yourself (meant for any hassle or run around).

1}Sender’s name and address

2}Reference number {which is the 8 digits number on the Money Gram receipt}

3}Actual amount sent after the fee had been deducted

Hope i can trust you with the overpayment? Your Honesty and transparency will be appreciated”

The email also included the FedEx tracking information, with my friend’s address. Looking up the shipping address on Google maps reveals an office building, which most likely has some vacancies. The scammer probably has some connection to the building, allowing for anonymous shipments.

Craigslist could easily prevent the majority of these scams easily by using device reputation management. Many Craigslist scammers based in Ghana, Nigeria, Romania, Korea, Israel, Columbia, Argentina, the Philippines, and Malaysia spend their days targeting consumers in the developed world. But real-time device reputation checks, such as those offered by iovation, can detect computers that have been used for auction fraud and expose all of the accounts associated with the suspicious device or group of devices. This provides Craigslist and other websites with the opportunity to instantly shut down sophisticated fraud rings and thousands of fraudulent accounts.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses scambaiting on Fox News. (Disclosures)

Scams Setting Record Pace

There is limit to what the criminal scammy mind can conjure up.

KMOV reports Scammers have been using military photos to trick unsuspecting women on dating websites into giving them money.

The scam artists use pictures of soldiers and post them as their own. Once they convince the women to trust them, they ask for money. The military says it gets a lot of complaints about scammers swiping official military photos and using them to create dating profiles.

Fox Memphis reports The Shelby County Office of Preparedness is keeping flood victims from becoming scam victims, and making sure they stay safe from fake contractors.

Homes across the county are going to need home repairs due to flooding, so the Office of Preparedness is asking contractors to register their business. The office will then issue ID cards that let flood victims know the contractor is real.

But it’s not just “people” getting scammed. It’s big companies too.

The Star Tribune reports A man admitted that from December 2004 through December 2005 he submitted phony invoices to Best Buy on behalf of his shipping company for electronic equipment that was never sent. He had Best Buy send the payments for those invoices, amounting to more than $900,000, to a post office box in Glenolden, Pa.

CliffView pilot reports A Hudson County con man admitted his role in a scheme to steal more than $4.4 million from several Voice Over Internet Protocol service providers by setting up shell companies that he and his cohorts claimed operated from the Empire State Building and other prominent addresses. His victims included AT&T, Cordial Communications, Digerati Networks, France Telecom, and others.

Whether you are an employee from a big or small company or just a concerned citizen you must keep your head up and pay attention to the “intentions” of all those you come in contact with. Whether over the phone, email, internet or mail, scammers are in full force and looking for their next mark.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADTPulse on Fox News. Disclosures

Beware of Storm Related Scams

The crazy (and deadly) weather has scammers and thieves coming out of the woodwork. Whether you have been directly affected by the tornados or not, scammers are preying upon people’s fears.

Beware and never open your door to strangers. Keep your home security system turned on during the day. And beware of phone calls from scammers too.

People dressed as FEMA workers or other officials may go to tornado victims’ homes or even those within 100 miles or more asking for personal information. Badges and uniforms can easily be purchased or created giving the false impression of a legitimate government agency.

Scammers tactics often involves acting as contractors (or even being sleazy contractors with trucks etc) going door to door selling their services pressuring people into writing checks for upfront fees. They may create the impression that if you don’t act now your insurance may not pay claims or you are in imminent danger of being sued because a railing is loose.

Sleazy contractor scammers will refuse to provide contact information or give false information. Many contractors such as carpenters, electricians, or plumbers doing major repair or renovations require licenses and permits.

Other contractors that may not need licenses are roofers, pavers, mold removal, foundation repair etc. Scammers often pose as these unlicensed contractors that scam the most.

Any time a door to door salesmen is offering construction related services be suspect.

Robert Siciliano personal and home security specialist to Home Security Source discussing scammers and thieves on The Big Idea with Donnie Deutsch. Disclosures.


Job Scams Up As Economy Downs

If you are paying attention to the economists, we aren’t out of this just yet. High unemployment is keeping scammers employed by preying on the vulnerable. While burglaries are up, personal and home security goes beyond home alarm systems. It means scammers are coming from all directions.

In general, there are a few types of job related scams to be aware of. Rule of thumb is if it isn’t a job that you are familiar with or a service you have heard of, it is probably a scam. If it’s not a job you would see printed on a business card, it’s a scam.

Work at home”, make $1000.00 a week, etc are mostly scams. This can be anything from assembling a product to stuffing envelopes to answering the phone. Most require some kind of initial investment, which should be a tip off. I’m told there are legitimate work at home opportunities out there, but I’ve never met one person who answered a classified ad and is working from home as a result.

While headhunters are real professionals, not all pay for placement services are legitimate. Head hunters generally charge the company for finding the employee and sometimes will charge the employee once hired. You should never pay an upfront fee to find a job.

Job lists being sold that promise a database or printout of employers looking for talent are attractive offers that often come with a full money back warranty. The problem is the lists are often spotty or even non-existent and the warranty is bogus as you will never get your money back.

Some job scams are designed simply to get your personal information including social security number and credit card numbers. Never provide your information over the phone or online. If they insist on a background check get one yourself and send it to them.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.

Operation Empty Promises Targets Job Scams

The recession may have waned, but we aren’t out of the woods yet. The unemployment rate is still a staggering 9.5%. That’s millions of people without a job. Many who were displaced eventually got lower paying jobs, and are barely able to get by.

Jobseekers’ desperation for employment makes them vulnerable to work-from-home scams and fake job listings.

The Federal Trade Commission recently announced that it has ”stepped up its ongoing campaign against scammers who falsely promise guaranteed jobs and opportunities to ‘be your own boss’ to consumers who are struggling with unemployment and diminished incomes as a consequence of the economic downturn.”

Criminals take advantage of increasing unemployment with fake job listings, designed to trick applicants into disclosing their Social Security numbers. Some scammers who more closely resemble legitimate companies make millions by blanketing classified advertisements across the country, roping people in with false promises.

One company offered to help workers start their own Internet business and earn up to $10,000 a month, ultimately defrauding victims out of $40 million in fees. Another advertised fake sales jobs on and charged applicants for background checks. In another instance, scammers made false claims about the earnings potential of stuffing circulars into envelopes. Another scam advertised an angel pin assembly kit, with which one could supposedly earn up to $500 per week, no experience, special tools, or sewing skills required. The worst scam offered to help consumers recover money lost to other scammers, for a fee of up to $499.

If a job description doesn’t sound like something you would see printed on a business card, or if you are asked to front money, it’s a scam.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses money mules and job scams on Fox News. (Disclosures)

Springtime Home Improvement Scams Coming

This is the time of the year they come out of the woodwork. Scammers knocking door to door with promises of quality work for exceptionally low prices. The scams often include driveway repaving, chimney repairs, ductwork cleaning, and roofing scams. Toss a criminal handy man in there and you end up missing a jewelry box or wallet.

It doesn’t take much for a contractor to appear legitimate. A simple uniform, business card, truck lettering and a 4 color brochure will easily give the impression of legitimacy. And they may be legitimate, but that doesn’t mean you should just fork over a down payment.

Always do business with someone you know, like, and trust based on a referral. Consider well known brands that often vet out contractors/employees and have zero tolerance policies for shoddy work.

The Better Business Bureau is a great resource for consumers looking to deal with reputable companies. This is your best resource. Look them up on the local BBB website and search the internet to see if there are complaints

Get at least 3 bids to see who has the right price, and that may not be the cheapest either.

Confirm they are properly licensed and insured. In Boston, the Boston Herald reports “state Division of Professional Licensure said it conducted a sting in which it contacted electricians who advertised on Craigslist but did not include a license number, and asked them to come to a home to install a light fixture or socket. When the contractors arrived, officials say they were asked by state investigators posing as the homeowners to produce license information. Officials said some of the unlicensed electricians did not use their last names or demanded cash for payment.”

Get and check references.

Never provide a deposit of more than 25% and never give that deposit until the day they show to do the job.

Find out what kind of warranty they have and get it in writing.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADTPulse on Fox News.

Tsunami Scam Warnings Keep Coming In

In light of the earthquake and tsunami in Japan, and the subsequent tsunami warnings in Hawaii and on the US West Coast, McAfee is warning consumers about a number of online scams that have appeared within hours of these devastating events.

Sadly, scammers seem to come out of the woodwork during a natural disaster to catch consumers when they’re in a panic, looking for answers, and when they’re most vulnerable.  People should not click on links or respond to phishing e-mails for relief donations that ask for credit card numbers or other personal information.  In addition, be wary of tiny URLs on social media services and posts on social networking sites. Hundreds of domains that could be related to the disaster have been registered so far today, including a scam site that appeared within just two hours of the earthquake.

Follow these guidelines to ensure that donations to victim relief efforts are sent through legitimate sites:

.Org domains are cheap.  Registering does not indicate charitable status in any way.  Verify that the organization is actually a registered charity by typing the URL directly into a web browser.

Domain solicitations that arrive by unsolicited email, especially those sounding overly urgent or desperate, are very likely to be scams.

Be aware that donation requests made via advertising banners can also be scams.

If you’d like to help, support one of the major international organizations that have a “most in need” fund such as the Red Cross.

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing how to protect yourself from identity theft on (Disclosures)