Give and take
Should donating to your favorite cause put your financial and identifying information at risk? We're sure you'd agree with New Jersey Attorney General Matthew Platkin that the answer is a resounding no. Yet, that is what happened to consumers who gave money to organizations that used fundraising software provided by Blackbaud. The AG offices of 49 states and D.C. reached a settlement with the company (which admitted no wrongdoing) for its deficient data security practices and inadequate response to a 2020 ransomware event that exposed the sensitive personal information (think Social Security and driver’s license numbers, financial and employment data, and protected health information) of millions of U.S. consumers. The highly sensitive data, the release continues, was exposed during a data breach that Blackbaud discovered in May 2020, yet the company did not publicly announce the breach or begin informing its more than 13,000 impacted software customers until July 2020. Under the settlement, Blackbaud agreed to overhaul its data security and breach notification practices and make a $49.5 million payment to be divided among the states. Because data breach notification laws vary across the country, we encourage SCAM GRAM readers to learn about their own state's laws in the interactive state-by-state dashboard or PDF publication prepared by the Privacy Rights Clearinghouse. These tools include how each state defines a data breach, what it considers to be "personally identifiable information," what consumer notifications are required, and more. When it comes to giving, we, too, would agree with New Jersey's AG that you should not have to think about your data being exposed. Incidentally, if you haven't visited our donation page recently, you can do so here (wink!).
Just trying to make a living
Scammers know they are “mean,” but they’re just trying to pay their bills, like everyone else. That’s what one scammer shamelessly told New York Times freelance illustrator Julia Rothman recently. Out of curiosity, Rothman had decided to play along with a suspicious work offer emailed to her, and then she wrote about it for the Times in a piece coauthored by Shaina Feinberg and titled "You’ve Got (Scam) Mail.” The suspected scam email "looked like dozens of others" that arrived in her inbox this year, wrote Rothman. The scammer offered an excuse for why communications between them needed to be by email or text (a red flag), and surprised Rothman with their art director-like knowledge. The biggest red flag Roth spotted was that she would be getting paid immediately if she took the job, instead of the usual after-completion payment. When Rothman revealed to the scammer that she knew what was going on, the scammer owned up to it and presented the absurd excuse of having to “pay bills and survive.” Check out the article (or look for it in the "Scratch" column in the Sept. 24, 2023, print edition, on page 4 of the BU section) for some examples of scams Rothman gathered when she put out a call for real-life stories on social media. And shout out for the great drawings of, and insight from, John Breyault, a fraud expert with the National Consumers League and longtime Consumer Action friend.
The FTC is on it
Fun and games...and refunds. Some good news for the hundreds of millions of Fortnite video game players: The Federal Trade Commission (FTC) has started notifying people who may be entitled to compensation stemming from a settlement finalized in March with Epic Games over allegations that the company used dark patterns and other deceptive practices to trick players into making unwanted in-game purchases. The company also made it easy for children to rack up charges without parental consent and locked the accounts of consumers who disputed the unauthorized charges with their credit card companies. The $245 million that Epic Games will pay under the settlement will go to provide refunds to consumers. The FTC is notifying more than 37 million people by email that they may be eligible for compensation. Consumers will have until Jan. 17, 2024, to submit a claim. Questions? Contact the administrator at 833-915-0880 or admin@fortniterefund.com. In Fortnite-speak: How much you get from the “big pot” will depend on several factors, including how many people file a claim.
Anti-social behavior. In early October, the FTC released a new "data spotlight" describing how scams originating on social media have accounted for $2.7 billion in reported losses since 2021—more than any other contact method. FTC stats for the first half of 2023 show that the most frequently reported scams on social media are related to online shopping, with 44% of reports pointing to fraud related to buying or selling products online. Most of these reports come from people who never received the items they ordered after responding to an ad on Facebook or Instagram. Social media scams promoting bogus investment schemes, however, account for larger overall losses—53% of all the money reported lost to scams on social media in the first half of the year. The next highest losses, the spotlight noted, come from romance scams. The FTC recommends that consumers take steps to limit who can see their posts and who can contact them on social media. Another recommendation is to reach out directly by phone to any friend or relative who messages you on social media asking for money. A full list of tips is included in the spotlight, and worth checking out to help you distinguish friend from foe.
Tips
Phantom pain. The FBI is warning about "phantom hacker" scams targeting seniors nationwide and stealing their life savings. This evolution of more general tech support scams, the FBI explains, can involve three phases. First, the fake tech support representative gets the victim to download malicious software that gives them remote access to the victim's computer. The rep then warns the consumer that they are at risk of getting hacked or that they've already been hacked. Then a financial institution representative contacts the consumer to "help" the consumer move their money to a "safe" third-party account, supposedly with the Federal Reserve or another U.S. government agency. Of course, the consumer's money is not being safeguarded, it's being stolen. As part of the final phase of the scam, explains the FBI, the victim may then be contacted by a third crook posing as an employee of the government institution where the “safe” account was opened. If the victim becomes suspicious of the government imposter, the scammer may send an email or letter on what appears to be official U.S. government letterhead to legitimize the scam. To protect yourself, the FBI advises not to click on unsolicited pop-ups, links sent via text message, or emailed links or attachments; not to contact phone numbers provided in a pop-up, text or email; not to download software at the request of unknown people who contact you; and not to give control of your computer to an unknown person. To keep grandma and grandpa safe from the "phantom scammer" this Halloween season, treat them to these tips from the FBI.
Family-sized scams. If you think about all the great things you can stock up on at Costco, a long list of scams aimed at faithful Costco shoppers wouldn’t be among them. Last month, MoneyTalksNews reported on 24 Costco scams making the rounds—up from the 13 the big-box retailer listed in 2021 and the 22 it listed in 2023. As MoneyTalksNews explains, the Costco website lets you see what each scam attempt looks like, including screenshots of email and text messages and social media posts that we think could be helpful in learning (and teaching others) to recognize scams. As Costco reminds customers: Don’t visit links in questionable messages and don't provide any personal information to the senders of these types of messages. We'd also remind you that, since at least four of the scams request customer feedback or completion of a survey, with enticing promises of "rewards" or "exclusive offers," it's okay to keep your opinion to yourself. Zip it!
Taking a piece of the pie. ABC News reported late last month that police were looking for a boy—about 6 years old—thought to be at the center of a pizza gift card scam in the Troy, Illinois, area. According to the story, local police said in a social media statement that members of the public are being sold fake “buy one get one free” Domino’s Pizza gift cards. The Troy police scam alert posted on Facebook explains that the young boy, likely accompanied by an adult, tells victims he’s selling the cards as a fundraiser for his baseball team. Troy police want the public to contact them if they see the boy, or if they suspect anyone else of selling fake promotional cards. The alert also includes good advice for all of us: If you have any suspicions, it’s a good idea to call the business whose cards are being sold to see if they are valid. Any way you slice this pie of a scam, it’s disheartening to see a child—who should be going to pizza parties, not pizza scam sprees—being roped in to such a scheme.
Surf's up. Just because someone says they saw your $20 bill fall to the ground doesn't mean you have to fall for their scam. Northern California's FOX40 News reported earlier this month that the Yuba City Police Department is asking residents to beware of a scam involving a “dropped $20 bill” after several law enforcement agencies received reports of consumers having their debit cards stolen at grocery stores and ATMs. According to the news story, the "shoulder surfing" perpetrator will first peer over the shoulder of their victim as they enter their debit card PIN into a checkout keypad. Once they have the PIN, the perpetrator will approach the victim and hand them a $20 bill, saying the victim dropped it. After this setup, FOX40 News explains, the schemer will approach the victim again, usually in the parking lot, and ask for the $20 bill back. According to police cited in the story, when the victim brings out their wallet or purse, a second suspect distracts them, sometimes invading their personal space with exaggerated hand movements. That gives the first suspect the opportunity to snatch the victim's debit card unnoticed, which the duo then uses to make purchases or withdrawals. The story urges caution when using a debit card or providing personal information in a public place—good advice for preventing fraudsters from surfing on your turf.
Please pull up to the (scam) window. Have you gotten lazy about checking your bank statements each month to spot any instances of unauthorized use of your debit or credit cards? This would be a good time to get back into the habit. Last week, NBC Chicago reported that charges were filed against 10 people in connection with a money laundering scheme, including employees of a Hardee’s fast-food restaurant in Northwest Indiana and their accomplices. Citing the local sheriff's office, the NBC story explains that a few Hardee's employees photographed the credit and debit card numbers of drive-thru customers and those card numbers were then fraudulently used to put funds into La Porte County Jail inmates' accounts. After using some of the funds to post bond and then receiving jail-issued debit cards linked to their accounts, the story continues, the former inmates went to ATMs to withdraw the remaining account balances. A total of $14,700 was stolen through the scheme, and victims were working with their financial institutions to get their money back. The Consumer Financial Protection Bureau offers helpful tips for victims of debit card fraud, while the National Consumer Law Center publishes a detailed, yet consumer-friendly, fact sheet about three separate protections for credit card holders—useful information for consumers who don’t want a side of fraud with their order.
Tell us how we're doing!
We'd love your feedback on how we've been doing and which of our services have been most important to you. Please fill out our (very) brief three-question survey here!