Category Archives: Fraud, Scams, Hoaxes & Hacks

Tax Season 2016 – Hackers Attack IRS

irs-logoHackers are hell bent on stealing tax refunds. On Tuesday the IRS announced an attack that occurred last month in which cyber criminals were able to steal taxpayer identification numbers before the Internal Revenue Service detected and shut down the attack. Hackers stole customer “Electronic Filing PINs,” meant to ensure information security. These PINs would enable hackers to file fraudulent tax returns.

More and more Americans are filing their taxes online. Officials expect 80 percent of the 150 million returns will be filed online this tax season. As a result the number of attempts by hackers to file fake returns and steal tax refunds is on the rise.

In a statement the IRS said that the hackers used a sophisticated automated software that used more than 450,000 stolen Social Security numbers to try to generate e-filing PINs. Even though the attack was stopped they were successful in securing about 100,000 PINS.

According to the IRS the SSN’s were “stolen elsewhere outside the IRS.” The agency added, “no personal taxpayer data was compromised or disclosed” by its systems. The IRS said it will notify taxpayers affected by the attack and will flag their accounts to guard against identity theft.

The IRS and the federal government are in possession of incredible amounts of personal data of U.S. citizens, Yet the government appears almost helpless to protect this data from cyber theives. Last year alone the government lost the data, including electronic finger print files,  of over  20 million Americans in a historic data breach of the Office of Personnel Management.

On Tuesday President Barack Obama proposed to spend $19 billion on more-secure technology for the government. If approved by Congress the money would be used to recruit cyber security experts, reducing reliance on unsafe items like SSNs, and overhauling the government’s computers.

Tax Season 2016 – Beware Tax Scams

Courtesy Stuart Miles

Courtesy Stuart Miles

Its tax season again and as always the cyber scum is out to get you. No matter how many warnings are sent out to the tax paying workers of America there is always someone who gets taken (robbed) by a smooth talking criminal. They come at you through the phone, email, snail mail and a even knock at your door. And if you don’t know how to deal with them you are gonna lose money. In many cases a lot of money.

Tax seas0n is scam season so you need to be alert and aware of a few things. First of all make sure you know and completely understand how the IRS works, how they contact you and how they collect money. Without this knowledge you are gonna get robbed. Keep in that most four of five tax returns are filed electronically. Another fact;  out of 10,000 scams tracked by the Better Business Bureau in 2015, nearly a fourth of are tax related. 

Lets talk about how the criminals will come at you this tax season so you don’t become this years sucker.

Phone Extortion  – Going back to 2003 there has been 900,000 phone calls to tax payers claiming to be the IRS and demanding immediate payment or the tax payer will face legal penalties or jail. The scam comes back every year, slightly modified but still the same scam and it still gets plenty of suckers.  

Don’t be that sucker! The IRS will never call you and demand immediate payment…never!  The IRS will send you a letter telling you if you have a tax bill. They will send you more letters if you ignore that one. The letter will have a contact number on it. If you ignore enough letters they will come registered mail. But any demand for immediate payment should be looked upon with deep suspicion. If you have any doubts call the IRS using the number on the website. Never return a call to a number the caller leaves you. Protect yourself and makes sure you know who you are talking to and never every give personal information to some you don’t know.

Phishing emails Cyber criminals send these emails out by the millions. These scum can make a very real looking and exact copies of the IRS logo and website. Check you URL or web address carefully.  You might find it reads www.irs.net or www.irs.us or some other deception. The IRS website address is www.irs.gov.

Don’t be that sucker! The IRS does not send you emails with links or attachments. The IRS does not send out emails period!  Do not fill out any forms attached to an email as you may be giving out enough information to have your identity stolen. So if you get an IRS email delete it. 

The name of the game when it come to your money and information is trust no one. Make them prove everything before you answer a question or send out a dime.

For more information check out these links.

Top 4 Scariest Tax Scams 2015

IRS Tax Scams 2015

IRS.gov – Taxes. Security. Together.

 

 

SCAM ALERT! $200 Nordstrom Gift Cards – SCAM ALERT!

2__nordstrom_gift_card_-_Facebook_Search

Fake Nordstrom Gift card offer

Users of Facebook and other social media sites have been sharing various versions of a fake Nordstrom gift card offer. The ad claims that Nordstrom was offering a $200 gift card to Facebook users who “referred three friends” to the promotion. Its a scam.

Social media users encouraged to click on the ad that takes the victim to a fake Nordstrom website that uses a web address variation on nordstrom.egiftcards.co. Here’s a tip; web users need to be aware that duplicate websites that actually belongs to cyber criminals are a common tactic. These websites are often perfectly counterfeited.

Instructions in the ad are as follows; 

To Celebrate Valentines Day Get a Nordstrom $200 Gift Card

Simply Invite 3 Friends to Get Your Gift Card
After 3 Friends Click Your Link.
Get Your Gift Card Instantly!

Although the fake webpage in question doesn’t look like other popular Facebook coupon scams it did display a rapidly decreasing number of “available gift cards.” Here’s another tip; cyber criminals often use tactics that increase urgency in the victim. Making you believe that you may lose out on a good deal causes you to act quickly. 

Facebook is a hotbed for coupon and gift card scams. Popular retailers impersonated on the social media website include Kohl’sCostco, Home Depot, Lowe’sKroger, Best Buy, Macy’s, Olive Garden, Publix, Target, Wegmans, and Walmart.

Nordstrom is aware of the scam and offered this statement; “You’re correct, this is a fraudulent promotion as it is not affiliated with Nordstrom and we are not sponsoring any giveaways of gift cards. We recommend not clicking the link or entering any personal information. Our team is actively working to make customers aware of the situation and apologize for any confusion.”

In 2014 the Better Business Bureau published an article advising social media users on how to avoid survey and coupon scams. The BBB warns;

  1. Your eyes will deceive you. Cyber criminals know how to impersonate websites perfectly. Scammers can also make links look like they lead to legitimate websites and emails appear to come from a different sender. This is called spoofing. Use your cursor and hover over links and carefully examine the address that pops up. These are often very clever. www.nordstrom.com is easily confused with www.nordstrom.ru.
  2. Legitimate businesses do not ask for credit card numbers or banking information on customer surveys. If they do ask for personal information, like an address or email, be sure to carefully examine privacy policy. Do not provide anyone else’s email or personal information. You could be providing more victims.
  3. Do your homework. If the offer is a scam, you may find alerts or complaints or warnings from other consumers and retailers online. The organization’s real website may have further information. Also there are plenty of legitimate coupon sites you can search for good deals and gift cards.
  4. If it sounds to good to be true then it probably is. Always keep that in mind.

Facebook Hoax Circulates on the Internet

Facebook-logo-PSDThe Internet is full of rumors and hoaxes. The fact that Facebook has its name attached  to any of them is no surprise and neither is the latest hoax. 

Apparently the Internet is buzzing about Facebook charging $5.99 for membership or to keep your information private. Its not true!

Another part of the hoax is that Facebook says you need to post a legal notice on your wall or you’ll lose copyright control of your pictures, links, comments and content you share with your circle of family and friends. That is not true!.

This hoax is not new and can be traced back as far as 2009.  These rumors proliferate because A) people believe them and B) because people have a tendency to share links without truly examining the content of the story. You’d be surprised how many people post a link on their Facebook page or Twitter account without reading the story.

CNN senior entertainment reporter Lisa Respers France has three simple rules for verifying those news stories before you share them, stop drop and roll.

  1. Stop before you hit that share button
  2. Drop over to Google.
  3. And roll around in the information to determine if it is true, recent or even relevant.

Remember AACR Internet Rule #10  Everything on the Internet is real; just not always true. That means that, yes, the news of Eddie Murphy being killed in a skiing accident is really on the Internet. But it is not true. Are you getting this? And for the record Eddie has died about 50 times online.

Now about Facebook and your privacy and that copyright notice; you never had any to begin with and no copyright notice is going to change that. Facebook is the biggest collector of information in the history of mankind. Everything you do on your Facebook page belongs to them. Even the posts you write and then delete. Read your user agreement. Its all there.

For more information check out;

No,Facebook will not be charging you $5.99 to keep your profile private.

Hoax Alert: Facebook to Charge $5.99 to Keep Your Profile

Another Facebook hoax makes the rounds – CNN.com

1.4 Million Hacked Chryslers Recalled

Logo_Fiat_Chrysler_AutomobilesChrysler has recalled 1.4 million cars because of  a terrifying hacker demonstration. Hackers have released a video of a Chrysler Jeep being controlled by hackers leaving the driver helpless. Chrysler cars subject to the recall are 2015 Dodge Ram pickup, Challenger and Viper cars, Jeep Cherokee and Grand Cherokee SUVs.

African-Americans love theirs. Let’s just be real with that. A new car is a symbol of success and sophistication. Cars have become technologically advanced and automakers are rushing to get as much connectivity into cars as possible for multiple reasons.  Modern automobiles depend on computers and the Internet to function at the maximum possible efficiency. At the same time this technology allows the owner to enjoy luxuries and access to information and services unheard of in automotive history. But there is a price to pay for being connected and it’s more than the monthly payment.

Internet connectivity is used to collect vehicle data, perform over the air updates and improve car safety. However one of the biggest reasons is money. Business Insider predicts that 75 percent of cars wil have be capable of connecting to the Internet by 2020. Car companies see connectivity as a selling point. Sales from connected cars are expected to exceed $152 billion by 2020. But entertainment is not a major selling point for connected cars. Safety is.

But connectivity, even in your car, means hackers and hackers have become the newest danger on the highway.

Recently two hackers, Charlie Miller, security researcher for Twitter and Chris Valasek, Director of Vehicle Security Research for IOActive, used their know how to exploit a weakness in Chrysler’s Uconnect on-board system.

Uconnect is found on board literally hundreds of thousands of Fiat Chrysler cars, SUVs and trucks. Because of the car’s cellular connection anyone who can discover the car’s IP address can take control of it from anywhere in the country. “From the attacker’s perspective, it’s a super nice vulnerability,” says Miller.

From a distance of a few miles the men were able hack a Jeep Cherokee SUV and turn on the air conditioning, change the radio station and turn the windshield wipers on and off. Not only were they able to do all this but they also projected their images on the dashboard screen.

These commands entered the car’s computers through the entertainment system. It became really terrifying when the hackers took control of the accelerator, steering, brakes, transmission and ignition systems. They literally hijacked a moving vehicle leaving the driver helpless.

Miller and Valasek reported their hack to Fiat Chrysler who issued a patch for the vulnerability. The software patch can be downloaded online from Chrysler’s website but a dealership mechanic has to install it. Chrysler has also issued over the air updates.

But that was simply not enough. Now Chrysler has recalled 1.4 million cars because of the hack. 

The hackers have also demonstrated this capability with the Ford Escape and Toyota Prius.

Another hacker had demonstrated the ability to hack into any GM car equipped with the OnStar system. Security researcher Samy Kamkar posted a video of a device he created that demonstrates how he can intercept communications between GM’s RemoteLink mobile app and the OnStar cloud service. He was able to unlock and start the car using the device. However the device needs a little help. A small wireless device must be placed inside the target vehicle and it must be in range of Kamkar’s device. So make sure your doors are locked when you leave you GM car or truck. According to Kamkar GM is aware of the vulnerability.

And what has GM done? GM OnStar announced that it has released a software patch to update its RemoteLink app for Apple iPhone. But that seem to have failed. Kamkar told GM officials he could still track and hack their cars. GM did not acknowledge its failure to correct the problem but Tweeted, “enhanced RemoteLink app will be available soon to fully mitigate the risk.” Kamkar confirmed to WIRED.com that the patch has indeed blocked his device.

Now the federal government has taken notice of this growing threat to highway safety. National Highway Traffic and Safety Administration chief Mark Rosekind is trying to determine just how many automakers are using wireless equipment from the same company that supplies Fiat Chrysler.

“This is a shot across the bow,” said Rosekind. “Everybody’s been saying ‘cybersecurity’. Now you’ve got to step up. You’ve got to see the entire industry proactively dealing with these things.”

Senators Ed Markey (D-MA) and Richard Blumenthal (D-CT) are crafting legislation mandating that cars sold in the U.S. meet set standards against digital attacks and owner privacy.

The bill would require the NHSTA and the Federal Trade Commission to work together to create new standards requiring automakers to meet in regards to both a vehicles’ defenses against hackers and how manufacturers can safeguard owners personal information including location records collected from the vehicles they sell.

Three major points of Markey and Blumenthal’s bill  are;

  • It will require the NHTSA and the FTC to set security standards for cars. Standards will be set to isolate critical software systems from the rest of a car’s internal network.
  • Testing will be required by security experts and onboard systems must be able to detect and respond to malicious commands on the car’s network.
  • The FTC and NHTSA will set privacy standards. Automakers will be required to inform buyers of how they collect information from the vehicles they sell and permitting drivers to opt out.
  • Restrict how the information collected can be used for marketing.
  • Manufacturers will be required to display window stickers ranking a cars security and privacy protections.

Related Articles;

How Hackable is Your Car?

Hack My Ride!

 

ALERT! – Stagefright Attacks Android Phones – ALERT!

backup-androidYou won’t even know if you have Stagefright! Getting Stagefright is as simple as having the hacker send you a text message. And that’s it! You don’t even have to open the message. Once it arrives in your phone the damage is done.

Android phones 2.2 or later versions are vulnerable to this attack. Currently it is believed that more than a billion Android phones are in use.

How can this be real? Well Android ph0nes come equipped with the Hangouts app. This app automatically processes videos and pictures from multimedia or MMS messages preparing them for the phone’s Gallery app.

The result is that a hacker may have control of your phone from the moment he sends you the message and there is almost nothing you can do. Once infected the hacker has total access to all of your data. He is free to copy or delete messages and pictures or operate the microphone, camera and Bluetooth or all of the above.

There are a few step you can take to keep from getting Stagefright but not much. You can remove the Hangouts app from the phone and go to another messaging app. AndroidCentral.com offers the top five message app replacements.

But things can get confusing because the Messenger app is a the default Google app on Nexus devices. Most Android phones use another app that is developed by the phone’s manufacturer. Still, it’s kown if the hacker can get in through Samsung Galaxy’s own Messages app. But if want to replace your Samsung message app just it to be on the safe side look here.

But for the hacker to target a specific phone he has to know that phone number. But whats to stop him for sending out millions of infected messages?

Currently hackers aren’t fully aware of the vulnerability but the news is spreading quickly. Currently HTC is preparing a patch for their phones. It is unknown if Samsung is doing the same.

You can find some protection by reading 15 Best Anti-virus Android app and Anti-malware Android Apps.

 

ALERT! Order Confirmation Scam ALERT!

ID-100297156

Courtesy of Stuart Miles

Order confirmations scams are exploding all over the Internet this holiday season. Ask anybody that works for UPS, FedEx or the USPS and they will tell you this time of year is the busiest there is for them. And for many people this time of year is when you send or receive the most packages. And that is the sweet spot for this holiday scam.

Scammers are sending out phony order and delivery confirmation emails by the millions to people everyday. Many people, knowing they have sent or are expecting a package, do something they would not normally do. They let their guard down and click on that link or the attachment. They may never discover, or find out too late, that they have given up control of their computer or their identities. The links or attachments install malware on the victim’s computer capable of stealing passwords for email or banking websites. Or the malware turns their computer into a zombie on somebody’s bot net. If you are really unlucky you could end up with a CryptoLocker malware.

Seasonal scams like this one return year after year because the method of tricking you is so successful. Crooks are catching people off-guard during the holidays because so many packages are being sent and received. And they use exact email replicas of delivery services and reliable shopping websites like Amazon.com, Wal-Mart.com and Target.com. People are so intensely focused on making sure their orders arrive before Christmas that they forget the Cardinal rule of the Internet; trust no one. Most confirmation emails do not require you to click on anything to get the tracking number. It is right there in the email where you can see it.

Malcovery, a company that tracks email-based malware attacks, reported these phony “order confirmation” scams began around Thanksgiving. The emails use booby-trapped links and attached files to infect Windows PCs with the malware that powers the Asprox spam botnet. Apple computers seem unaffected.

The Asprox malware is a Trojan that steals email user names and other passwords from infected machines.  This type of malware runs in the background and you may not be aware of what your computer is doing. It also can infect your friends computer and perpetuate even more Asprox malware attacks. If you are infected Asprox can also use your computer to attack other websites.

Malcovery.com points out that the Asprox spam uses some tricky subject lines such as “Acknowledgment of Order,” “Order Confirmation,” “Order Status,” “Thank you for buying from [insert merchant name here]”, and a “Thank you for your order.”

Be alert to these tricks. Should you receive an email from an online or brick and mortar store you do business with and it has a legitimate looking logo and it references an order, DO NOT CLICK ON THE LINK OR ATTACHMENT! Instead, open up another web browser window and visit the merchant site using the web address you are familar with.  Sign in with your own user name and password and check the status of your order. All that information should be there including order issues, your order number, tracking number and expected date of delivery date and who is delivering the package and other information specific to your transaction.  Remember trust no one! Use your own information to research your order. If there is a problem you will discover it.  And remind all your friends and relatives of this scam. Remember; friends don’t let friends play the fool online!

Here are few more tips to spot and fight order confirmation scams;

  • Print a copy of your order confirmation. Highlight all the relevant information and compare it to any email you get.
  • The scam email may be fairly generic not using your name or any information that is familiar to you.  Examine it carefully.
  • Hover you cursor over any links and examine the web address that appears. Make sure it is taking you where you want to go. BE CAREFUL NOT TO CLICK ON THE LINK!
  • Examine any attachment and look for “.exe”, or a double extension like “exe.pdf.” That could be a dangerous crypto malware.
  • Don’t trust any email just because it has a familiar logo or trademark.
  • Keep good records! What to did you buy and from whom? Who did you send it to? Call the person and let them know its coming, the tracking number and who is delivering it. And ask them to let you know what to expect with the same details.
  • Never click on links or attachments. Use your own information to research a problem with your order.
  • Never pay for delivery of something you did not order or were not expecting.
  • Never give personal information over the phone to someone who calls claming to have some thing to deliver to you.
  • Its the Internet; trust no one.

Now you know

See FedEx Fraudulent Email Alert

See UPS Fraudulent Email Alert

 

Fake Websites and Phony Trust

www.keepcalm-o-matic.co.uk

If you follow the African-American Cyber Report you know there are certain rules that we preach constantly. You can find these rules on the homepage. But I need to point out two of those rules that come into play here. Rule #1 “The only rules on the Internet are the ones you impose and enforce.” And rule #10, “Everything on the Internet is real; just not always true.”

I encourage black people not to trust anything you see on the Internet simply because its all suspect until you verify it. That is the case with all those seals of approval you find on the Internet websites. They could be worthless because the are so easily copied and used by scammers and malicious actors online. Those badges or seals are known as “trust seals” but really they are just images, pixels, on your screens. Anyone could copy and paste these images on any webpage. Yeah it might look fancy and official but that means nothing. Check rule #10 again. Whenever you are about to buy something online or download some app or software you need to first verify that you are indeed dealing with a reputable party. You need to do your homework.

African-Americans are warned to impose their own standards on everything they do online and protect yourself from the bad actors you are bound to come across on the wild world web. Check rule #1.

You might be ready to buy software or a game or movie online or download an app and see this;  “CNET gave our software a 5-star editor’s choice rating,” or “We are a BBB accredited business with an A+ rating.” Suspicion of these statements would serve you well.

Any malware author or phisher could copy and paste a logo, seal or statement on a  malicious website in a few seconds. Someone that copies those seals or statement to mislead people would be violating copyright law but how many people are going to lose money before that person is caught and shut down?

 

And if you did not know there are literally thousands of phony, duplicate or replica websites on the Internet. You can easily get caught up in a scam or get stuck with malware, ramsomware or a virus if you are not careful. Do you home work and study how to spot phony websites.

When you see those seals or badges on a website you should be able to click on it and be taken directly to the website that provided the seal of approval. Once there the seal-provider’s website will verify whether the original website you were on is actually a recipient of the seal.

Ok, that’s how it is supposed to work. But does it really? In reality even if the site is legitimate clicking on that badge may not work. This where you have to do your homework. Take the time to go to the seal providers website and investigate to see if the software is really a “PCWorld editor’s choice” or accredited by the Better Business Bureau. Listen to me when I tell you that those seals, badges and quotes don’t mean a damn thing by themselves. You need to protect yourself. No one is going to do it for you.  Check rule #1 yet again!

In some cases doing the research may not be a easy task. Microsoft doesn’t offer an easy-to-find “certified partners” list but we found it here in case you need it. However, some seals you can click,  but again, you could be transferred to a phony replica website.  Investigate the web address closely look for misspellings that could look like the web address but is not.  This trick is called typosquatting or URL hijacking. Here is an example; www.google.com is the real website. the fake could look like this www.gooooogle.com or www.goggle.com. Look carefully at the differences.

Another problem you need to be aware of is that those seals and logos don’t always mean what you think they mean.  For example, that “Norton Secured” seal only means that the website is scanned daily for malware and other vulnerabilities. That is not considered the ultimate level of security or privacy. The BBB Accredited badge means the website’s company is registered with the Better Business Bureau. It is not an indication of the level of satisfaction of its customers. That 5-star rating from a software download site just means a reviewer at some point in the past gave that program a good rating, or the scammer gave themselves five stars. And that “Microsoft Certified Partner” badge has its own issues. It doesn’t seem to mean much at all except maybe the software works with Windows computers.

 “Be paranoid when you are online. It’s a great defense mechanism.” 

I understand all this can be confusing and even frustrating. You need to use that fear and frustration as fuel to protect yourself. But there are a few things you can trust when online. Look for the green bar on your URL window. That’s the window where you type the web address of the website you want to go to. When you see that green name next to your address bar that is a definite confirmation that the website has had its identity verified. Read more about these “Extended Validation” certificates and how they’re more trustworthy than typical SSL certificates.

The above image reveals the real PayPal website and a phony site. Notice the green in the address bar.

Lets be real about this. You will find legitimate websites displaying a fake seal. And eventually they will get caught and be forced to remove it. But how legitimate is a website that fakes its trustworthiness? What you should worry about are the pop up sites that are here today and gone today. These are the site that distribute malware, launch phishing scams and steal data. Its those websites that get the most benefit from stealing these seals. They are breaking the law anyway so faking a seal-provider’s logo or seal is really no big deal for them. Be most cautious when it come to financial websites like your bank. A fake website like www.wellsfago.com is waiting for you to log on thinking its www.wellsfargo.com.

Its the Internet; trust no one.

Now you know

 

 

 

AT&T Settles Cramming Charges

AT&TAT&T  and the FTC have come to a  settlement agreement over accusations of cell phone cramming.  Federal and state regulators announced Wednesday that AT&T has agreed to pay $105 million for “cramming” unauthorized charges on the monthly bills of its wireless customers.  The African-American Cyber Report reported on this accusation in March of this year when we wrote; “Cell Phone Scams:Are Black People Paying Too Much?

For those of you who do not know what cramming is it is the unauthorized billing of customer accounts for services they are unaware of or did not authorize. AT&T is accused of profiting from unauthorized cramming.

AT&T is charged with keeping as much as 35% of the fraudulent third party fees on its customers phone bills. The charges averaged about  $10.00 per month and came from services for things like trivia, horoscopes and love tips. AT&T is also accused of concealing the charges on bills thus preventing customers from securing full refunds.

A similar lawsuit was filed by the FTC  in July against T-Mobile. In the lawsuit the FTC alleged the carrier earned massive sums from third-party merchants offering bogus services. There have been seven cases related to mobile cramming in the past year, and FCC chairman Tom Wheeler said more were coming.

The settlement is the largest cramming settlement in history.  The federal agencies involved in the settlements include the Federal Communications Commission, the Federal Trade Commission, as well as all 50 states plus the District of Columbia.

“This case underscores the important fact that basic consumer protections — including that consumers should not be billed for charges they did not authorize – are fully applicable in the mobile environment,” FTC chairwoman Edith Ramirez said.

AT&T all but admitted to cramming customer bills in a statement saying that it and a number of wireless carriers had offered the third-party “Premium Short Messaging Services” in the past few years.

“While we had rigorous protections in place to guard consumers against unauthorized billing from these companies, last year we discontinued third-party billing for PSMS services. Today, we reached a broad settlement to resolve claims that some of our wireless customers were billed for charges from third-parties that the customers did not authorize.”

“For too long, consumers have been charged on their phone bills for things they did not buy,” Wheeler said. “It’s estimated that 20 million consumers this year are caught in this kind of trap, costing hundreds of millions of dollars.”

Of the $100 million settlement approximately $80 million is set aside for customer refunds. So if you’re an AT&T cell customer you need to go here to check and see if you have money coming your way.

Breaking It Down

Ok, so AT&T got fined $100 million dollars. But lets ask this question, who inside AT&T knew about this and let it go on for so long?  How was it that all that money was flowing through AT&T and no one asked where it was coming from. They kept as much as 35% of the charges remember? This is a clear example of the criminal justice system not prosecuting corporations. AT&T knew what was happening and did nothing except collect the cash. I guarantee you that some executive got a bonus for bringing in that money. But was anyone charged with criminal fraud? No, and they probably won’t be. And why is that? AT&T had revenue in excess of $128 billion dollars in 2013. Do you think they really felt that $100 million settlement.? The only way to stop this type of crime, white collar crime, is to put people behind bars. How many black men are in prison for stealing $100? I think you get what I’m saying?

Reacting to Online Fraud

You want to see a black person mad? Have them pay for something and not get what they paid for. Fraud is a reality whenever you shop online. And nothing is more frustrating than not knowing who to call when you discover you have been ripped off.

According to the  FBI’s Internet Crime Complaint Center or IC3 there were 262,813 complaints of Internet crime filed with the agency last year alone. Of that number 119, 457 or 45% reported actual financial losses. So how much money was lost to online fraud in 2013? How about $781,841,611! Yeah; I used an exact number because you need to see exactly how much money the criminals are raking in. The average victim lost $2,975  to online fraud. Again, exact numbers. You can see all the stats in the IC3 2013 Internet Crime Report.

Imagine how much larger those numbers would be if all the crime was actually reported. It is believed that as much as 15% of online fraud is never reported because the victims are just too embarrassed. 

Shopping or conducting business online is fairly secure if you take the right precautions. But what if you lose money to a fraud or scam? Who do you report it to? First let me say this; if you call your local police they may be woefully untrained on how to handle a cyber crime. Its not their fault. Investigating cyber crime is a specialized task that is beyond their pay grade. If you got ripped off by a fake charity that comes to your door they may be able to help. But a cyber crime that may originate half a world away is just out of their league.

One of the most common scams that strike people online is the phishing attack.  A phishing scam is when a cyber criminal tries to trick you into revealing potentially valuable information. The same information that was stolen from JP Morgan.

The criminal will create an email that is a near perfect duplicate of an email from your bank or other trusted source. The email may warn you about a potential security incident then provide you a link to click on for further information,  or to go to the website or a security patch or something like that.

If you click on the link one of two things are going to happen. You may be taken to a duplicate website and asked for your user name and password. Or you may download some form of malware that could steal valuable information. Most banks and other financial institutions do not communicate this way. My advice is never, ever click on a link you are not absolutely certain of what it is.  But if you do…

1) Forward the phishing email and link along to the company being imitated. If they impersonated your bank or other financial service provider make sure you let the bank know and forward the email to them as well.

2) Contact your local law enforcement and at least complete a police report. Also report the incident to the Internet Crime Complaint Center or IC3.

3) Remember that a paper trail is your best friend. Your bank or credit card company keeps excellent records. You should too. Keep a record of all the calls  you make and to whom you spoke with, your statements with the suspicious transactions and any other correspondence or documentation required.  If enough people report this scam it could trigger a community alert. Inform a government consumer protection agency or relevant tech firm.    

4) Delete the message once you’ve done all this and add the email address to your spam folder so you never have to see it again.

Most legitimate online shopping sites will offer a way for customers to dispute a sale or charge or report fraud of any kind.

For example if you get caught up in PayPal themed phishing campaign you will need to contact PayPal’s fraud department.  Do a simple web search for PayPal Phishing or PayPal Fraud. Remember that these cyber criminals can craft an absolutely flawless copy of a PayPal site or email so don’t click on or respond to anything suspicious. Once you are in touch with the real PayPal they will tell you exactly what to do. Nearly every bank and online merchant will have a procedure to report phishing and fraud. Use it. And the next question is; if they don’t why are you doing business with them?

I shop online regularly. And I worry about what happens if I don’t receive what I ordered. This rarely happens. But what if it did?

Disputing charges or an order is a skill you have to master if you shop online. You have to learn who and how to report it. How to return it and if necessary how to get your money back? Or what if you are overcharged? You need to learn how to dispute and get the correct product or money back.  Here are some effective steps for dealing with disputed or fraudulent transactions.

1) Contact the organization where the charges are coming from. Most legitimate organizations  have a fast and efficient system to help the customer. They want to correct the situation as soon as possible. And they will. These merchants will provide return shipping and refunds if the order or the price is not right. I have even returned items and got a coupon for the next time I shop on their site. They want your business.

2) But if that’s not the case or doesn’t solve your problem, contact your bank or credit card provider. You may be able to block the charges or even get your money back. Some credit card issuers and banks have fraud protections for their card holders. Merchants take notice when the bank or a credit card company calls. They don’t want that kind of trouble.

3) You may need to contact law enforcement or the Better Business Bureau or the IC3. Don’t hesitate if you think you’ve been ripped off. And don’t be afraid to take to social media and let them have it! You’ll be surprised what happens if you send out a Tweet.

Sites like eBay and Amazon are market providers. They simply create the online site where people sell directly to each other. There are many sites that specialize in providing a marketplace for buyer and sellers. Some online marketplaces carry very specific or unique products and others carry just about everything like Craigslist. A very dangerous place if you don’t know what you’re doing and how to protect yourself.  Now eBay and Amazon and many other online marketplaces are very diligent at protecting their customers and their reputations. But using these sites means you have to protect yourself.  Learn how they fight fraud before you get involved with them. eBay has an excellent system in place to judge the sellers on their site and are very responsive to complaints. Same for Amazon. Learn how to use their systems. But if something does happen you’ll need to follow their specific instructions for handling fraudulent sellers. Amazon and eBay are definitely ready to fight fraud with you and for you. 

Remember there are ways to fight online fraud. You have to educate yourself to spot it before it happens and how to react when it does happen. There is no software that is going to do the job for you.

Now you know