Genetically modified contract
The tech news outlet Engadget has been reporting on the data hack that targeted the DNA testing company 23andMe in October and, according to the update last week, exposed the data of a projected 6.9 million people—about half of 23andMe's customers. The exposed personal information includes birth years, general geographic locations, and data relevant to ancestry reports, according to Engadget. In some cases, pictures and display names of affiliated family members were also revealed. A December SEC filing by the company states that, for some impacted accounts, hackers accessed health-related information based upon the user’s genetics. As concerning as the 23andMe breach may be, it's actually something else that is sparking outrage online. Engadget separately reported that, following the breach, 23andMe changed its terms of service to essentially disallow customers from filing class action lawsuits (which it's already facing) and require that disputes be settled through arbitration—unless customers send the company an email opting out of the new arbitration terms within 30 days of the early-December notice. To protect their right to participate in jury trials and class action lawsuits—should they ever become necessary—Consumer Action suggests that affected customers look for the notice from 23andMe and opt out of the new terms. As Consumer Action followers have known for years, we loathe binding mandatory arbitration clauses because they unfairly weaken consumer rights in the face of corporate wrongs.
And a partridge in a pear tree
Sing it with us: 11 counts of money laundering, three counts of identity theft, one count each of conspiracy to commit a crime and receiving stolen property, and a partridge in a... Okay, we'll stop, but these are the charges that the Sonoma County District Attorney's office in California filed against the suspected leader of a local operation that laundered more than $7.8 million stolen from nearly 100 victims as part of a nationwide phone scam likely linked to India, according to a news report last week by the Press Democrat. The paper cites a police detective who explained that international scam call centers rely heavily on individuals within the United States to help them launder their ill-gotten gains. According to the news story, investigators concluded that overseas call centers contacted elderly victims across the country and scammed them out of money (their life savings, in many cases) using various ruses. The money was transferred into bank accounts opened by one of the alleged California conspirators using personal information from identity theft victims, and the funds were then laundered out of the account. We've written about overseas boiler room scams often, but infrequently hear about these kinds of busts. Welcome news at year's end indeed.
Naughty, not nice
They come bearing gifts. Last week, NBC affiliate WGAL reported on a new Better Business Bureau alert about a(nother) package delivery scam. According to the news report, the scam involves a text message from what appears to be a delivery driver who is looking for your home. It says something like, "Hi! My name is John. I work for UPS, and I'm trying to find your house. Please call me." If you call the number, the news story continues, the scammer will ask you to confirm your personal details, including your name, address, and possibly even your credit card information. And (since, of course, they think of everything), if you don't remember ordering anything that needs to be delivered, the caller may try to convince you the package is a gift from a friend or relative (unsure why they stop short of claiming the gifts are from Santa). To avoid this scam, the BBB advises consumers to keep track of the packages they've ordered; be skeptical of unsolicited messages, especially if they've never signed up for text alerts; and, if someone asks for personal information—even if they claim to represent a trusted company—hang up and call the company using the official customer service number. WGAL warns that these shipping scams show no sign of slowing down, and reminds us that scammers are using the holiday season to target victims.
Savvy shopping network. We have the BBB to thank for yet another timely holiday scam warning. The agency reports that their Scam Tracker is receiving an influx of scam reports about con artists impersonating networks like QVC and HSN to sell shoppers products that don't exist. Victims are seeing ads on Facebook, Instagram, TikTok or other social media platforms that appear to have been published by well-known shopping networks. The ads may even contain videos of televised shopping events with recognizable hosts. However, if you click on the link, you'll land on a fake website with "amazing deals" that could distract you from noticing you're on a fake site. One consumer reported to the BBB that after ordering a toaster that never arrived from what they thought was the QVC Outlet site, they learned that not only was the website fake, the postal tracking number provided was also fake, and that QVC does not sell on Facebook. Another consumer who made a purchase on an unofficial site requested—and was promised—a refund, but, as you might imagine, never got the money back. Take a look at the BBB's tips for avoiding online shopping scams. These include ensuring you are on a company's official website and not an impostor (spoofed) site; being wary of ads on social media; searching online for the name of the business and the word "scam" or "complaint"; and checking the BBB's Scam Tracker to see if others have been duped.
Tips
QRafty QRooks. QR codes are proliferating, but recent warnings from the FTC and FBI offer good reason to use caution with the codes, wherever you find them. Scammers have covered up QR codes on parking meters with their own codes, and have sent QR codes by text message or email that claim, for example, that you need to scan the code to resolve "trouble delivering a package" or "suspicious activity on your account." The FTC cautions the public that scammers can hide harmful links in QR codes to steal personal information. The FBI explains that if you happen to scan a scammer’s code, you could end up giving them access to your device. Crooks can access your contacts, download malware, or send you to a fake payment portal. Once there, you can inadvertently give them access to your banking and credit card accounts. And, if you make a payment through a bad QR code, it will be difficult, if not impossible, to get those funds back. The federal agencies offer several consumer protection tips, including not scanning codes you aren’t sure are legitimate; being suspicious if, after scanning a QR code, the site asks for a password or login info; and inspecting the URL before you open it (look for misspellings or a switched letter). Whatever you do, don't fall for the scam; it will protect you, and drive the fraudsters QRazy.
It's a small world. Consumer Action supporters know that for decades we’ve been publishing our educational materials in languages spoken in every corner of the U.S. That's why we were excited to learn last month that the FTC is offering new help for spotting, avoiding and reporting scams in multiple languages. The federal agency now takes reports from consumers in Mandarin, Tagalog, Vietnamese, French, Arabic, Korean, Russian, Portuguese, Polish, and many other languages. Consumers can call the FTC, between 9 a.m. and 5 p.m. Eastern time, at 877-382-4357 and press 3 to speak to an interpreter. They can also report identity theft by calling 877-438-4338 and selecting their preferred language option. You can now also find advice in a dozen languages at ftc.gov/languages. There you’ll learn how to avoid a scam, what to do if you paid a scammer, and how to avoid scams targeting your small business. There’s even a fraud handbook for recent arrivals to the United States. We took the FTC up on their suggestion to check out the new resources, and, after brushing up on our French, can now sincerely say to the Commission merci beaucoup!
One holiday fête to skip. Oh, what fun it is to ride around town from holiday gathering to gathering. But that next party invitation in your email in-box could be nothing more than another phishing scam. NBC News Chicago reported last week about an apparent email account takeover scheme. The victim in the NBC story, Louise Martell, said she received an Evite from a friend and clicked on it. She followed the prompts, but then "nothing happened." Martell called her friend, who told her that the invitation wasn't real and that she, too, had received a fake invitation from someone else. The next day, Martell was locked out of her email account and later learned that scammers had used her account to send out more fake invitations. The Identity Theft Resource Center (ITRC) offers helpful tips for consumers who fall victim to email account takeovers. These include changing passwords and security questions and implementing two-factor authentication, for those who still have access to their account; getting a temporary password if needed to regain access, and then changing the password and security questions once access is regained; and alerting contacts not to respond to emails sent from the hacked account. Visit ITRC for special instructions on changing billing/correspondence email addresses for companies who send you these, and on taking additional steps to protect any accounts for which you had stored login information in your email account. Heed these warnings and take steps to protect your friends and family if you fall victim, lest you be taken off their party invitation list for next year.
It's beginning to look a lot like jail time. A recent Washington, D.C., police warning is a good reminder that criminals can lurk in online marketplaces, potentially getting us much more (or much less) than we bargained for if we are not careful. Area news station FOX 5 reported last week that a teenager used Facebook Marketplace to scam and rob victims while posing as a buyer and seller. Police arrested the 19-year-old, now a suspect in four cases in which victims were robbed of their phones and other items. A D.C. police commander told the news station that robberies stemming from online sales typically increase around the holidays and that people involved in these types of transactions should meet at a safe exchange place. If this suggestion has you thinking corner coffee shop or supermarket parking lot, you’ve got another think coming. The commander recommends meeting at the police station. He explained that if the other party says "no way" when you suggest meeting at a local police station, you'll know for sure it's time to move on. Wink News reported on a similar story in Florida this summer involving a 16-year-old. Among the safety tips in that story is to review the social media profile of the seller or buyer to ensure it’s not a profile that was just recently created. As for the recently arrested D.C. teen, there’s no word on whether he's hired counsel, says Fox 5 News, though we have a hunch as to what may be at the top of his holiday wish list this year.
Stocking stuffers worse than coal. Two distinct twists on a similar gift card scam are making the rounds. USA Today reported last week that the Sacramento County Sheriff’s Office arrested a man for tampering with gift cards at a California Target store. The sheriff's post on the X social media platform states that the suspect was part of a scam that involved scanning the revealed card bar codes and stealing the money later loaded onto the cards. Victims are completely unaware it is happening, and the money is often siphoned to an off-shore account within seconds, said the post. The scam operation spanned California and several regions nationwide. A separate alert posted on Instagram by the Bay Area’s Pinole Police Department, as reported by ABC 7 News, warned that scammers remove gift cards from stores, carefully open the packaging, cut off the top "scratch off" section of the card, reseal the packages with the tampered cards inside, and put them back on store shelves, waiting for money to be loaded onto them using the bottom code that still shows through the packaging window. The Pinole Police Department recommends that shoppers feel through the packaging to make sure part of the card has not been cut off, or, with the store's permission, open the gift card packaging to ensure the card is intact and hasn’t been tampered with. For its part, the Sacramento sheriff recommends that consumers be observant of any signs of tampering, especially scuff marks or scratches near the bar code on the back of the card, and, as reported by USA Today and other outlets, that they even avoid buying gift cards altogether. Whether you decide to give someone a gift card this season or you receive one as a gift, we at Consumer Action do want you to know what rules apply to the card, how to protect it, and how to stay safe from fraud. Check out our new gift card tip sheet here. And while you're at it, why not print out a few copies and slip them into your loved ones’ holiday stockings (surely beating out a pile of coal).
Tell us how we're doing!
We'd love your feedback on how we've been doing and which of our services have been most important to you. Please fill out our (very) brief three-question survey here!