The Phantom Hacker Scams

The FBI has warned the public about a recent increase in phantom hacker scams nationwide. This fraudulent activity mainly targets senior citizens and is an evolved version of tech support fraud. Back in August 2023, losses from such scams have increased by 40% compared to the same period in 2022. For specific numbers, during the first half of 2023, nearly 19,000 individuals reported falling victim to tech support scams, resulting in over $542 million in losses.

According to the statistics, scammers often target older adults. Around 66% of total financial losses are suffered by victims over 60. Seniors usually have much more savings than younger age groups, making them more attractive targets for criminals. Additionally, older adults are more mindful of potential life-saving risks, making them vulnerable to calculated scams.

How Do These Scams Work?

The scam process is divided into three stages, each aiming to increase the victim’s level of trust. The perpetrators behind phantom hacker scams employ social engineering to deceive their victims.

1. Initial Contact. Fraudsters pose as computer technicians from well-known companies. They convince victims that their computers have serious issues, particularly malware, and that their financial accounts are also at risk due to foreign hackers.

2. Follow-Up. Accomplices then impersonate officials from financial institutions or even the U.S. government. They persuade victims to transfer their money from supposedly vulnerable accounts to new “safe” accounts, all under the guise of government protection of their assets.

3. The Deception. Obviously, there was never any foreign hacker. Instead of safe accounts, the scammers now fully control the victims’ money. The funds vanish together with the “technicians” and “govt agents”, leaving victims devastated.

Safety Recommendations

To summarize, it is worth remembering the rules of telephone communication again. Here is a list of “Don’ts” that you should follow to minimize the risk of financial loss:

• Don’t Trust Unsolicited Calls. Be cautious when receiving an unexpected call claiming to be from tech support or a financial institution. Scammers often impersonate legitimate organizations to gain your trust. To protect yourself, please end the call without providing any personal details. Additionally, consider setting up a blocker for such calls.
• Don’t Share Personal Information. Never share sensitive information when you receive a phone call unless you initiate the call. Sensitive information includes your credit card information, bank account number, social security number, or passwords. Before sharing any sensitive information, verify the identity of the person independently.
• Don’t Rush Decisions. Scammers often use urgency to pressure victims into making hasty decisions, resulting in funds being transferred without understanding the situation. Take your time. Ask questions, seek advice from trusted sources, and don’t let anyone rush you into making financial commitments.
• Don’t Transfer Funds. Proceed cautiously if someone asks you to transfer money based on an unsolicited request. Contact your financial institution directly using official contact information to confirm the transaction.
• Instruct Your Elderly About the Threats. Aside from showing more trust towards strangers, older generations often struggle to find security news in time. Consider explaining the dangers and the ways to understand they’re talking to a fraudulent person.

The post Phantom Hacker Scams On The Rise, Target Elderly appeared first on Gridinsoft Blog.

Tax Season Scams

Tax season began on Jan. 29, when the Internal Revenue Service (IRS) started receiving and processing 2023 federal income tax returns. Simultaneously, this date acts as a wave-off to frauds, who start bombing people with fake emails and texts. The IRS expects over 146 million individual tax returns to be filed this season, with April 15 being a deadline. Since during this time a whole lot of personal information is exchanged, it becomes rather easy for con artists to access sensitive data. It includes Social Security numbers and other sensitive details that can be used to create convincing tax returns, collect refunds, or perpetrate other types of fraud.

The IRS has warned that tax-related phishing and unsolicited texts have become increasingly common and even reached the top of the annual scams list. Some scammers may even use the IRS logo in phishing attempts to trick people into providing sensitive information, claiming that their account has been suspended or needs urgent action. It is essential to understand that The IRS doesn’t initiate contact with taxpayers by email, text messages, or social media to request personal or financial information. Next, let’s look at the most common types of tax scams.

Tax Season-Related Phishing

Phishing is the most effective modus operandi for frauds who hunt for personal data. They send emails and text messages en masse to steal confidential information. Since tax season-themed emails are expected, the chances of a successful scam are high – the victim will not suspect a fraud. Before calling the listed phone number, clicking on a link, or opening a file, we recommend going to the organization’s official website in your browser by manually entering the address, and double-checking the information.

Another trait of fraud is a sense of urgency and threat. Scammers sometimes reach people on the phone, pretending to be a collection agency, law enforcement, or the Bureau of Tax Enforcement. They may claim that your social security number has been canceled, the identity of yours has been stolen and you urgently need to contact them. They may also threaten to arrest you if you don’t call back. In such cases, the best option is to disconnect the call.

Alternatively to threats or urgency, frauds can try gaining your trust. Let me unfold this in more detail in the next paragraph.

Social Engineering Tricks

For the filing season, taxpayers may be cautious of anyone trying to help them set up an account. An IRS online account can give a lot of valuable information, including a payment history or a tax transcript. The system allows you to sign up for and manage an IRS payment plan. So, scammers may attempt to steal personal information like Social Security numbers, tax identification numbers, or photo IDs under the guise of helpfulness. Setting up an online IRS account is free, and if you require assistance, it is recommended that you work directly with the IRS representatives, to avoid any potential scams.

At the same time, some scammers may promise to sign your declaration while taking your money and not doing anything. According to the law, anyone paid to prepare or assist in preparing federal tax returns must have a valid Preparer Tax Identification Number (PTIN). Paid preparers must sign the return and include their PTIN on it. Failure to sign the return is a warning sign that the paid preparer may be looking to make a quick profit by promising a large refund or charging fees based on the size of the refund. Such muddy waters are a perfect place for different scams, both ones that include data leaks and money loss.

Malicious Google Ads

Upon facing any problems during the tax preparation, users often go to Google and look for the information. Fraudsters know this and buy search ads in advance to appear at the top of the results and look more convincing. The advertised sites may have different addresses and phone numbers but have nothing to do with legitimate services. Moreover, despite the differences, these sites usually look identical because they use the same template. Unfortunately, Google struggles with weeding out such promotions, so scoundrels manage to get their bite off the taxpayers, albeit for a rather short amount of time.

Some sites have an address visually identical to the legitimate one. However, if you examine it more closely, one or two characters often differ in the address of the fake site. This creates a visual similarity and sometimes allows you to bypass advertising moderation. In addition, such sites claim to have been on the market for many years. Though a simple website scanning on a service like Whois reveals that the site was created only a year ago.

The page that opens when you click on the link

The next click opens another tab

Another one

Safety Recommendations

To summarize, the first and most important recommendation is to be vigilant and pay attention to each of your steps. The Internal Revenue Service’s official website is https://www.irs.gov/ and no other. Any help with tax payments should be done by authorized people, who sign their action with PTIN. Please read the information carefully. especially the fine print. If you doubt the reliability of the website, use our URL scanner, which shows data from Whois and a verdict regarding the site’s status. Before calling a phone number, Google that number and find information about it. You can also use special services to identify the number.

One more piece of advice is using proper security tools. I recommend using Gridinsoft Anti-Malware and special ad blockers. The ad blocker will remove search ads, and Gridinsoft Anti-Malware will be able to block malicious and suspicious sites with its Online Security module. Using this combination and the recommendations from the previous paragraph, you will maximize the security of your online activity.

The post Tax Season Scams On The Rise, Beware! appeared first on Gridinsoft Blog.

The Rise of TikTok as a Shopping Hub

TikTok, known for its engaging content, has evolved into a popular site for shopping, attracting businesses to connect their stores with the platform. Thus, a staggering 48% of TikTok users have reportedly made app purchases, as The Better Business Bureau noted. This surge in e-commerce activity brings the peril of scams, where false advertisements and deceitful practices threaten to exploit the unwary shopper. Especially when the target audience is teenagers and youngsters who have no idea what scams are on the internet.

Understanding Scams on TikTok

We’ve looked at Instagram scams before; things are less widespread there, but TikTok is also trying to catch up. To know what to avoid, you need to understand how it works. Now we will look at the most common TikTok shopping scams:

Fake Products and Sellers

Since the beginning, the TikTok marketplace was conceived as a place where sellers could sell their goods at discounted prices, which was profitable. The problem is that the goods being promoted are not always genuine. In addition, there have been cases where the seller disappeared from TikTok after the item was purchased. Some fake businesses try to pass themselves off as genuine businesses. The most important sign that it is a scam is that the product is sold at an absurdly low price. Buying a product that is known to be fake is a waste of money.

This actually repeats the most widespread type of scams from other social media. Scams on Facebook or YouTube base on promoting a page with incredible discounts. Though, some specific features of TikTok allow for other directions of frauds.

Malicious Links in Bio

Scammers often place harmful links in their TikTok bio descriptions. They claim to offer free rewards, content downloads, coupon codes, etc. Usually, these links lead to Telegram channels that have nothing to do with what was promised. But sometimes, these links can cause installing malware, stealing login credentials, or just redirecting to harmful sites.

Money-Making Promises

A bit of a spin-off from shopping scams which may be promoted in the same bundle. Scammers use fraudulent accounts to promise large sums of money or expensive prizes in exchange for a small upfront payment or personal information. They also claim to offer easy money. However, in reality, they are just trying to trick you. These types of scams use enticing offers of fast cash to trap you into giving away your personal and financial information or paying for fraudulent products. For example, they may use Ponzi scheme, fraudulent apps, or other tactics to lure you in.

Youth at Risk

Marketers are attracted to TikTok due to the platform’s unique ability to connect with a younger demographic in a highly engaging and creative environment. However, beneath the fascinating content lies a terrifying underbelly. As I wrote above, the target audience for TikTok is predominantly the younger generation. This is especially alarming because young people are not highly aware of TikTok shopping scams and are easily influenced by bad influences.

According to the same study, the most significant users who have purchased on the platform are between 10 and 19 years old. Overall, users between 10 and 29 comprise over 50% of the platform’s user base. Although TikTok vets its sellers and removes products that violate the platform’s Terms of Service, that doesn’t stop scammers. If a user violates these policies, their account may be temporarily disabled or even permanently deleted. But it’s easy for crooks to create a new account.

Recommendations for Users

Unfortunately, with any new service, there is a possibility of fraud. This is especially true for online shopping, as verifying a seller’s identity or background can be difficult. Consumers should vigilantly follow online shopping safety tips when using TikTok Shop. The following tips can help you save time and finances:

• Research the seller before you buy. It is essential to research the seller and their website before making a purchase. Prioritize purchasing from verified sellers, identifiable by a blue tick mark on their pages. Just because you see a product on TikTok doesn’t guarantee its authenticity or the seller’s trustworthiness.
• Read comments and reviews. Checking comments and reviews from other users is an effective way to assess new sellers. Additionally, you can utilize TikTok’s search bar to find videos uploaded by previous customers showcasing the products they bought. This will help you better understand the quality of the products being offered.
• Explore the return policy. You should watch out if the contact information is shady or unclear. Customers can request a return or refund within 30 days after the delivery of their package, according to TikTok Shop’s return policy.
• Pay attention to the URL. Always inspect the URL of retailer websites. Most retail websites have simple URLs like louisvuitton.com or cultbeauty.co.uk. However, if you see extra characters in the URL and additional words such as “super discounts,” “deals,” or “offers,” it’s probably a scam. This is especially true for online stores with “.shop,” “.site,” “.fun,” and “.top” domains.

Remember, Tiktok never asks for a password or any other confidential information. Any messages or emails sent with such requests are fraudulent. The easiest and most effective way to remove a fraudulent store is to send a report. If you notice suspicious activity, you can report it via a special form.

The post TikTok Shopping Scams On The Rise: Tips to Avoid appeared first on Gridinsoft Blog.

What is Facebook Job Scam?

Facebook fake job scam is a new trick in the vast toolkit of scammers who operate in this social media. Its essence is to trick users with offers of remote-home positions but ultimately steal their data and banking credentials. Researchers have warned of “ongoing attacks against multiple brands” that use Facebook ads to trick victims. The scams go so far as to send what appear to be legitimate work contracts to victims. However, instead of the promised work, victims receive stolen information and, in some cases, money.

In general, such scams have always existed in one form or another. We could create a whole section if we collected all the Facebook scams documented in our blog. However, this fraud has more mass scale and negative consequences. Even in the most innocuous outcome, the victim provides the scammers with confidential information, namely photos of documents. In the worst case, the victim is taken for the full ride – compromised accounts, infected devices, and stolen money.

How Do Facebook Job Scams Work?

The scammers advertise fake job openings in Facebook group chats, encouraging victims to private message them. The scammers then pose as Qualys recruiters offering work-at-home jobs. These job scam texts often occur in group chats, soliciting users to message the scammer who posts the job opening privately. Work-at-home jobs have always been a fishbowl for scammers, mainly because of the pandemic. As more people lose or quit their jobs, scammers exploit the situation by targeting job seekers. They know some people are desperate to make money and use this to lure in new professionals not used to working from home.

Once the scammers have established a connection with the victim, they ask the victim to install a third-party messenger, Go Chat or Signal, to continue communicating there. Next, the scammers ask for additional information so that the victim can sign an “official contract”. Since this contract contains Qualys logos, correct corporate addresses, and signature lines, it seems convincing. Next, the scammers ask the victim to send a copy of a state-issued ID of all sides. Finally, crooks ask the victim to cash a check for the software purchase for a new computer that will supposedly be delivered to them by their new employer.

Qualys Response

The company confirmed the increasing attacks on popular brands offering remote work. “In several cases, the scammer appears to have compromised legitimate Facebook users and then targeted their direct connections.” – they said. It stated that it does not publish vacancies on social media. Qualys also clarified that it publishes job postings exclusively on its official website and other reputable job sites. The company also gave some advice for those looking for jobs online.

Job scams are indeed a constant online security issue, one that’s currently on the rise, according to the US Better Business Bureau (BBB). Online ads and phishing campaigns are popular conduits for job scammers. They use social engineering to bait people into responding and steal their data, online credentials, or money. Without an appropriate response from companies, scams can also have a negative reputational impact on those whose brands are used in the scam.

Safety Recommendations

To avoid becoming a victim of such scams, you need to be able to recognize it at the initial stage. I have gathered the most valuable recommendations both from the company itself and from personal experience:

• Look for vacancies in special sections on official company websites. To avoid potential scams, verifying job offers by contacting the company directly via their official website instead of social media channels is essential.
• Don’t fall for tempting offers. Suppose someone offers you suspiciously favorable conditions or a salary above the market. In that case, it is a good reason to think twice. Adopt the mindset: If it’s too good to be true, it probably is.
• Never install anything at the request of strangers. You don’t need to download an app to apply for any job. Genuine recruiters will contact you through phone or email or arrange a multimedia interview at their own expense. They have the necessary tools, so you don’t need to worry.
• Don’t pay in advance. Let’s take a closer look at this point. Self-respecting organizations will not charge you a fee to hire you. Often, after the first interview, if the employer is interested in you, they will contact you again for a more detailed talk. They may also offer an internship or a trial period. But no one will take money from you for “installing software” or stuff – those expenses are always accounted for in the cost of a hire operation. On the other hand, scammers often ask for upfront payment for equipment/software/training/etc as a prerequisite. This is a definite sign of a scam. Never accept a check and cash it digitally from an unknown virtual or digital source. Always go to the bank and treat any such check with high suspicion.

If you suspect you are talking to a scammer, sever all communication immediately. Trusting your instincts and not engaging with the scammer any further is essential. At the same time, keeping a record of all previous interactions, including emails, messages, and phone numbers, is crucial. This documentation could be handy in potential investigations or to alert others about the scam. Next, change passwords and monitor bank accounts for unusual activity to protect your personal and financial data. Finally, report the scam to relevant authorities and alert your personal/professional network to prevent similar incidents.

The post What are Facebook Job Scams and How to Avoid Them? appeared first on Gridinsoft Blog.

Vulnerability in Twitter In-Post Links

The exploit involves altering the account name in a tweet’s URL to masquerade as high-profile accounts, luring users to fraudulent content. This technique has seen increasing use in recent weeks, with scammers targeting prominent crypto-related Twitter accounts with massive followings, such as Binance (11 million followers), the Ethereum Foundation (3 million), zkSync (1.3 million), and Chainlink (1 million). Users clicking these modified URLs are redirected to posts promoting crypto scams rather than the expected legitimate content. Such scams range from false crypto giveaways to deceptive websites designed to drain cryptocurrency wallets.

The scam tweets often appear legitimate, particularly on mobile devices, where the Twitter app lacks an address bar, masking the URL discrepancy. This lack of visibility makes it challenging for users to discern the authenticity of the tweet, especially when scammers create accounts with names mimicking legitimate organizations.

What are cryptocurrency scams?

Cryptocurrency scams are fraudulent schemes involving digital currencies like Bitcoin or Ether. These scams exploit the complexity and novelty of cryptocurrencies to deceive users. Tactics include fake giveaways, impersonating legitimate accounts, and promoting bogus investment opportunities with unrealistic returns.

Scammers often use social media, phishing emails, and fake websites to lure victims. They promise high returns, use celebrity endorsements, or offer exclusive investment opportunities, only to steal funds or personal information.

It’s just the beginning

This incident is part of a broader trend of crypto-related scams proliferating on social media platforms, leveraging legitimate features for malicious purposes. These scams not only pose a threat to individual users but also to the reputation of the organizations impersonated. Victims face substantial financial losses, with scammers draining their cryptocurrency wallets, leaving them bereft of their digital assets. Additionally, the psychological toll on victims can be significant, leading to stress, anxiety, and a profound sense of betrayal. These scams not only damage individual lives but also undermine the credibility and stability of the burgeoning crypto economy.

Twitter Cryptoscams – How to Protect?

To combat these scams, users are advised to enable Twitter’s Quality Filter, though it may inadvertently filter legitimate content. Moreover, a careful examination of the URL and the account name can help discern the authenticity of a tweet.

However, as this redirection is an inherent feature of Twitter, it remains a persistent threat, underscoring the need for heightened vigilance among users.

To avoid falling victim to crypto scams, consider the following tips:

• Always check the URL and domain name of the website you are visiting. Fake websites often mimic legitimate ones but may have slight variations in the URL. You can review whether the site is trustworthy by scanning it on the GridinSoft Web Scanner
• Be cautious of unsolicited offers and too-good-to-be-true promises, especially on social media. Scammers often use high-pressure tactics to create a sense of urgency and promise yet unseen profits.

The post Cryptocurrency Scams on Twitter Exploit Post Features appeared first on Gridinsoft Blog.

What is Catfishing?

In brief, catfishing is the creation of a false identity to lure a victim into an online relationship. However, besides catfishers, there are other types of imposters, scammers, and internet trolls using similar tactics. Although the meaning of their actions is the same, their motives are different. For example, trolls hide under the cloak of anonymity mainly to engage in cyberbullying, sow discord, and assert themselves at the expense of other Internet users. Scammers conceal their true nature to gain financial profit, about which we have a dedicated article. The primary purpose of catfishers is to create longer term relationships, the reasons for which we will talk about next.

While this problem has been exacerbated traditionally during the pandemic, it is nothing new. The first serious mentions date back to 2010 when Nev Schulman shed light on the topic in the documentary Catfish. This was followed by the reality show Catfish: The TV Show, indicating that this scam is thriving. Thus, the FBI noted a 22% increase in romantic relationship scam complaints between 2019 and 2020. Moreover, the FBI has officially warned that there are risks of encountering a romance scam or catfish. This is not surprising as social media’s gaining popularity gives a green light to potential scammers in terms of personal information and photos.

How Does Catfishing Work?

Generally, the term catfishing comes from the movie mentioned above, which tells how live cod were shipped to Asia from North America. Due to the fish’s inactivity in the tanks, only the softened flesh reached its destination. However, the fishermen found that putting the catfish in the cod tanks kept them active and thus ensured the quality of the catch. In addition, a character in the movie states that his wife acts like a catfish, making life interesting for those around her. The title of the movie and this tactic is based on this dialog, hence the term “to catfish”.

In fact, the reasons for such behavior of people are not a good life. Most often, such people are lonely in real life and have low self-esteem. Some catfishers may sometimes troll, retaliate, engage in cyberbullying, or extort money from the victim. Also, in some cases, these may be the first steps to kidnapping or physical abuse. Whatever the case, if catfishing is detected, we recommend that you stop such communication as soon as possible.

While catfishing is not illegal in general, its derivatives, such as stalking, extortion, intimidation, and other scams, are unlawful. Not all the catfishing cases lead to these illegal areas, but that does not make it more of a pleasant experience either.

Signs You’re Being Catfished

Identifying signs of catfishing paying attention to various clues that may hint at deceptive online behavior. For example, the individual’s social media presence, number of followers or friends, profile photos, etc. Unfortunately, proving catfishing can be pretty tricky. It will likely require you to expose your personal life to investigators. It also involves monitoring all your devices. Therefore, we recommend taking preventive measures: if you suspect that you are dealing with catfishers, we recommend that you document all communications, especially if you are sent photos or asked for money. It would also be advisable to consult with a trusted adult. Now, let’s move directly to the signs of catfishing.

Few followers or friends.

Catfishers create smurf social media accounts to create a sense of authenticity and reliability. They carefully craft their online identity to give the impression that they are real people with busy social lives and a wide circle of friends. A real person who is active on social media usually has a decent number of connections, including friends, family, coworkers, and even casual acquaintances. If a person is said to have an active online life, but has very few followers or friends on social media, this is a red flag, as it contradicts the idea of an active and engaged person. It is important to note that not all people with few followers on social media are catfishers. Some people may simply be less active on social media and have more engagement IRL.

They’re using someone else’s photos or haven’t changed profile photos in a long time (or ever).

Profile photos play a critical role in online interaction as a visual representation of a person’s personality. Catfishers have limited options for updating their profile photos for several reasons. First, they carefully craft their fictional image. Changing a photo means making edits to their image. Second, because these photos are someone else’s, and therefore stolen, catfisher simply may not have enough photos. If you suspect the person is using someone else’s photos, do a reverse google search on the photo. There is a good chance you will find the original source of the photo.

Go to the profile of the person we're interested in

Use a reverse google photo search to find the original source of the photo

Lookup the source of the main photo fake profile

All photos are professional.

Ordinary people, on the other hand, tend to use more ordinary photos that capture themselves and their daily activities. Professional photos, such as headshots or business cards, can be a red flag. If the photos are all taken from the same angle or in the same lighting, it could be a sign that the photos were taken professionally and do not show the person they claim to be. This also applies to photos where the person is posing against exotic locations or expensive objects. These are signs of ostentation, hence the person is trying to look more spectacular than they really are. The flip side of this is the overuse of filters and effects. If the photo is over-edited or the face is covered with a sticker, most likely the person is trying to hide their appearance. That is not always the sign of catfishing, but should raise concern either way.

So, these were the basic outward signs that may indicate that you are dealing with catfishing. Next, we will break down the red flags directly when communicating as well as the behaviors that give catfishers away.

Their story doesn’t add up.

It may be if someone’s story seems too good to be true. Catfishers are often skillful manipulators who understand the human desire for connection and validation. They concoct elaborate stories, sometimes in real-time, capitalizing on our hopes and dreams. They paint a picture of a perfect life filled with success, love, and adventure. Often, these stories are too perfect, flawless, and in tune with our desires, making them all the more enticing. However, if you listen closely, you may notice inconsistencies and contradictions. Details may not match, timelines may not make sense, and experiences may seem too outlandish to be true. These inconsistencies are often subtle and easy to overlook. If something in the interlocutor’s story is unsatisfactory, you should pause and investigate further. Be bold, ask questions, ask for clarification, and look for inconsistencies.

Once again, all this may take place with a real person. Such signs should be reviewed in the overall context of the personality. Simply put, it is not a serious concern when it is the only sign, but in combination with others – no bueno.

Their life sounds too exciting.

In addition to the previous point, catfishers often make up identities that seem more exciting than their own lives. They do this to gain trust and admiration: by portraying themselves as successful, adventurous people, they build trust and make themselves more attractive to their victims. On the other hand, catfishers may use the images they invent to escape from their ordinary lives or to compensate for feelings of inferiority. Genuine connections are built on honesty and authenticity. When the person’s life is too good to be true, it means either your companion is not telling you something or is a storyteller (liar). Listening carefully to the person’s stories is essential, especially if they seem overly exaggerated or unrealistic.

Conversations get personal quickly.

Suppose you have just recently met someone online, and the person you are talking to immediately tries to get personal. This is not a good sign in every sense, both online and in real life, as it goes against the natural development of a real relationship. Catfishers create a false sense of intimacy by making their victims feel closer to them. In addition, by taking the conversation personally, catfishers can manipulate their victims’ emotions, making them more susceptible to their influence. Of course, malicious motives have never been eliminated. By eliciting personal details, catfishers can gather valuable information about their victims’ lives. They may use it for financial gain, other malicious activities and even other catfishing episodes.

One-side information sharing.

To begin with, let’s clarify that genuine relations involve the mutual sharing of personal information. People gradually share details of their lives, thoughts, and experiences as they get to know each other. However, catfishers may ask for some personal information while keeping quiet about their lives. This is also a red flag because in typical communication, both parties share personal details gradually, creating a balanced exchange of information. Of course, it can be the other way around; when it’s more important for a person to speak out and say what you would like to say, they don’t care. Though, that is a different topic we are not talking about today.

They’ve never sent you a casual selfie.

On-the-fly selfies showcase a person’s daily life, interests, and personality, giving a glimpse into their true nature. However, as previously stated, catfishers have limited photos; hence, they must keep track of which photos they can send and when. For example, if a person tells you that they have been to an event but have not sent any photos from that event, it is a reason to think twice. On the other hand, if a person sends an abstract photo where they are not in the frame, you can once again perform image search on Google. Chances are, it’s not his photo, but it was taken from the Internet.

You can’t find any trace of them online.

In the age of social media and the internet, it’s tough to be online without leaving a digital footprint. However, catfishers often create fake identities and personas, avoiding creating an authentic online presence that would leave a trace of their digital existence. If you have investigated, done a thorough search, and found no data or even the photo’s source, you are most likely dealing with a virtual. For example, it could have used https://thispersondoesnotexist.com to generate the photo.

This though is one more 50/50 sign, as there are enough people who do not share a whole lot about them online. Information security becomes a more widespread concern with time, and to be honest – these are not the worst practices to follow.

Avoiding Phone Calls.

Communicating by texting is very limiting because texting will not convey emotion. Obviously, a person who wants to communicate will be happy to talk on the phone. Yet if a person prefers texting but avoids talking on the phone, this becomes a red flag. Catfishers often avoid phone calls because they find it easier to manage their personality through text messages. Avoiding phone calls and asking to continue communicating only by texting is a clear sign that the person lurking behind the screen is not who they say they are.

They’re reluctant to meet in real life or video chat.

As mentioned above, the catfishers’ destiny is typing, nothing more. However, any prolonged communication sooner or later comes to video calls and sometimes leads to real-life meetings. This is not true for catfishers. Such people will find thousands of excuses to avoid a video call, spending half a day explaining the reason, but never agreeing to a video call or meeting. Thus, if you communicate with a person who avoids live communication in every possible way, preferring to communicate only by correspondence, it is a reason to think about ending communication with such a person. In such a case, it is the same as communicating with an AI chats, and they at least openly declare not being a person.

Make plans with you, but repeatedly cancel.

In some cases, catfishers may agree for a video/phone call or even a meeting. However, at some point, they backpedaled and canceled all plans under the guise of excuses. They will tell convincing excuses every time, but the result is the same – no meetings and calls, only correspondence. An important note: any meetings with strangers are important to organize in a crowded place on neutral territory.

Safety recommendations

Online dating is always a lottery, but knowing the signs of fraud is more accessible to avoid. Here are some recommendations for preventing problems when dating and communicating online.

• Always be suspicious. Internet scammers are masters of their craft; if they wish, they will find a way to put your vigilance to sleep. However, the philosophy of zero trust and healthy skepticism will not allow them to do it so easily.
• Take your time. Since catfishers often have some purpose, they prefer to skip the foreplay. It’s essential to resist this tendency and discourage attempts to “get right to the point.”
• Keep in touch. Indeed, we have someone with whom we share our experiences and events. Let someone you trust know about your “new friend.” This can help you make informed decisions. Also, involving another person can serve as an early warning system.
• Be careful about sending photos. Take your time to be the first to send photos to a stranger. Instead, offer to talk on a video chat to prove their personality. Catfishers usually communicate with several victims at once. Once the catfisher has your photos, he may send them to another victim. When it comes to intimate photos, catfishers can further use them to blackmail you.

The post What is Catfishing? Explanation & Ways to Avoid appeared first on Gridinsoft Blog.

What is the Top Maine Lobster Scam?

Top Maine Lobster scam is a new fraud scheme that targets seafood enthusiasts’ fondness, specifically Maine lobsters, as it comes from its name. They have been airing deceptive advertisements on Facebook, promising heavy bargains on frozen Maine lobsters and colossal Alaskan king crab legs. However, this is a trap, leading unsuspecting victims to a fraudulent online shop called Topmainelobster[.]com. According to the reaction on social media, numerous individuals have fallen victim to this scam. They share their stories on Facebook about placing orders and never receiving the promised products.

In addition, the investigation has revealed that at least two Facebook pages are using the name “Top Maine lobster,” and both are scams. Both pages have NO posts, but they share the same profile picture. The transparency of these pages says the pages are very young, lacking the historical data and credibility expected from legitimate businesses. Thus, the scammers behind this operation attempt to deceive and confuse potential victims with multiple iterations of their fraudulent pages.

Methods of Propagation

Scammers have been actively running ads on Facebook, luring potential customers with what appear to be unbeatable deals on frozen sea products. They claim to sell Maine lobsters and Giant Alaskan king crab legs for a meager price. The fan page, “Top Maine Lobster,” mentioned above, is the centerpiece of this scam. If something seems too good to be true, it is.

The latest trend shows a massive flooding of Meta Inc. social media sites with fraudulent ads. Although this problem has been present for a very long time, and Meta Inc. claims that it is fighting this problem, we see the opposite result. For example, Instagram is overflowing with ads for sites that sell useful products at 30-70% discounts. In most cases, these are the lowest-quality copies from Aliexpress/Taobao/TEMU. However, there have also been cases when the victim received a box with garbage inside. The ability to advertise products on social networks was initially conceived as an opportunity for young, little-known artisans to promote their products. But now, it has become a noun that, by default, is associated with scams.

Why Is Top Maine Lobster a Scam?

According to ScamAdviser, an anti-scam website, Topmainelobster[.]com has a Trustscore rating of just 1 out of 100. Such a miserable rating is a clear indicator of the website’s fraudulent nature. It signifies a lack of trustworthiness, suggesting that customers should steer clear of this online platform to avoid becoming victims of this lobster scam. Further examination reveals that the website was registered on October 25, 2023.

This newfound status raises suspicions, as legitimate and trustworthy online businesses tend to have a more extended history and established online presence. The age of this website aligns with the behavior of many fraudulent online platforms. These one-day sites often appear suddenly and vanish just as swiftly, leaving customers without their purchases or refunds.

How to avoid shopping scams?

Unfortunately, this is not an isolated case of such a scam but rather a trend. The only thing that distinguishes this fraud from others is its scale. We recommend that you thoroughly research a website before you buy anything from it. You can do your research, read independent reviews, and check the rating of the site using special services. You can also use our link scanner. This will allow you to find out some information about the site that will help you decide whether you should buy from it or not. As for Topmainelobster[.]com, this is not the first such scam, and it won’t be the last. However, knowing the signs of a scam will help you recognize it. Forewarned is forearmed.

The post Top Maine Lobster Scam on Facebook appeared first on Gridinsoft Blog.

What are online shopping scams?

Online shopping scams are what it sounds like. Websites, often poorly-made or copying each other’s designs, offer absolutely anything for sale. Some of them are dedicated to a certain topic, some are not, but all of them boast of huge – up to 90% – discounts. To attract users even more, sites offer free delivery for orders that exceed $50-70.

But, as you may guess, none of these claims are true, including even the goods from the website. People who ordered from these sites either do not receive the order at all, or have low-quality/irrelevant item delivered. Additionally, there is a suspicion that an ongoing “USPS delivery failure” scam campaign uses personal data leaked from these sites.

Shopping scam sites often adjust their themes corresponding to the current events. In May, after the Bed, Bath & Beyond bankruptcy, rascals began opening “Bed Bath & Beyond stock liquidation” sites. Upon financial troubles of the UK-based retailer Wilko, they began to mimic this retail chain as well. Other retail chains that do not have such troubles are copied, too, just without a notice about stock liquidation.

Halloween Online Shopping Scams – What to Expect?

Well, based on what I have seen under the mentioned cases of Bed, Bath & Beyond and Wilko, it is possible to predict some of the features of the scams to come. As usual, they will boast of huge discounts and free delivery for the orders over 5 cents. Local concentration of Halloween scams though is not tied to a specific brand, thus I expect to see them targeting users in both Americas, Europe and the UK.

Another edge of the story is the way cheaters will promote these scams. The majority of fraudulent shops usually use advertisements on Facebook or sites that do not filter the content they promote. This time, things won’t be much different – most likely, these “halloween discounters” will promote themselves with slogans like “purchase the Halloween stuff you’ve missed so far!”.

Actually, a couple of scams on this topic appeared back in late August. Possibly, they tried to play on folks who are going to have all things bought in advance. Though, these early hatchlings can give quite a good depiction of a Halloween-themed scam website.

How to protect yourself?

Being aware of ongoing scam campaigns already makes it harder for scammers to steal your money. Nonetheless, they constantly try to make their phishing place better. More realistic claims, less discounts, less templated websites – it may be not that easy even for experienced users to uncover the scam. Nonetheless, there are a couple of signs that fraudsters can never get rid of. Let me explain each one.

Recent registration date. Why would a long-running retail chain establish a separate site for Halloween items? Most scam sites, even those who do their best to look genuine, are registered less than a month ago. Keeping them up for longer in idle mode, just to clear up the image, cuts possible profits, while active scamming ends up with a domain ban rather quickly.

You can check the date of domain registration on any domain lookup utility available online. Using GridinSoft Online Domain Scanner, you can also see the status conclusion from our network filter.

Dubious URL. As branded or harmonically-looking domain name costs quite a penny, frauds are off to use URLs like stremgtvs.com or sadnfqemma.com. Obviously, none of legit shops will ever stick to such a name – it is just irrelevant for building their brand image. Another element to watch out for is the domain name zone. Con actors typically opt for cheaper ones, like .xyz, .shop, .site and the like.

Absence or scarce support options. This is yet another thing that goes from the purpose of the site. Genuine shopping websites will offer to contact support via email, sometimes even several ones, catch them on a phone, or even in a live chat. Scam sites will most likely end up with a single address that will never respond. In some cases, crooks use a single “support” email address that remains the same for different scams. This makes it possible to track related scam sites with a simple Google search dork.

Offers to use an untraceable/uncontrolled payment method. This is a rare occurrence, and it obviously requires you to go further into the scam. If the available payment methods are crypto transfers or Venmo/CashApp payments, be sure that you’re facing a scam. While being used in a number of benevolent businesses, these payment methods are either untraceable or do not suppose any returns. This implies that once your money is out, that’s no way back – quite a suitable option for fraudsters.

The post Halloween Shopping Scams — Ways to Detect & Avoid appeared first on Gridinsoft Blog.

Fake Amazon and Microsoft call centers busted

Indian authorities, in collaboration with Amazon and Microsoft, conducted Operation Chakra-II to crackdown on 76 illegal call centers across at least 11 states in India. These call centers posed as tech support for Amazon and Microsoft customers and defrauded over 2,000 individuals. This marks the first time two major companies have collaborated to combat online and tech support fraud. The Central Bureau of Investigation of India (CBI) led the Chakra-II operation.

On the other hand, Amazon said this:

Country-level scam

Perhaps almost every user has seen the “Hello Your Computer Has Virus” meme or jokes about Indian men calling people and introducing themselves as Microsoft tech support. So, India is a fertile ground for a thriving network of scammers. The Hindu tech support scam can be considered a worthy competitor to the Nigerian Prince scam. Primarily, scammers run illegal operations from call centers masquerading as legitimate businesses.

According to the FBI, tech support call centers fraud victims lost more than $1 billion in the US last year, with scammers mainly targeting older people. Nearly half of the victims were over 60, and they accounted for 69%, or more than $724 million, of the losses. Many of these scams target customers of Amazon and Microsoft, two of the largest companies in the tech industry. Unsurprisingly, these companies have banded together for the first time to fight against these scams.

How did this scam work?

The Central Bureau of Investigation (CBI) recently revealed that fraudsters have been pretending to be Amazon and Microsoft customer service agents. They have been contacting victims through online pop-up messages that appear to be real security alerts from these companies. The pop-up message claims that the user’s computer is experiencing technical issues and provides a toll-free number to contact customer support. However, the phone number actually belongs to the fraudsters’ electronic call centers. By the way, we have an article dedicated to breaking down this scam scheme.

Once the victim calls scammers, they, with some trickery, remotely access the victim’s computer and show them fake problems. They then charge the victim hundreds of dollars for fake solutions that were not needed in the first place. This fraudulent activity has allegedly been going on for the past five years. The fraudsters use various international payment gateways and channels to move the illegally obtained funds.

CBI exposes fake call centers

As part of five separate cases, a nationwide crackdown was conducted in Delhi, Punjab, Haryana, Himachal Pradesh, Uttar Pradesh, Madhya Pradesh, Karnataka, Kerala, Tamil Nadu, and West Bengal, which resulted in the confiscation of 32 mobile phones, 48 laptops/hard disks, 33 SIM cards, and pen drives. The operation also seized numerous bank accounts alongside 15 email accounts that were associated with the scammer network.

While the CBI did not disclose the number of arrests made during the operation, it was revealed that the illegal call centers had targeted more than 2,000 Amazon and Microsoft customers. The victims primarily reside in the US, Australia, Canada, Germany, Spain, and the UK. Amazon also confirmed that it had removed over 20,000 phishing websites and 10,000 phone numbers from impersonation schemes in 2022. The company reported hundreds of attackers worldwide to authorities.

Is it the end of Amazon/Microsoft Tech Support scams?

Not really. Frauds like that are exceptionally profitable, so there will always be a temptation to restart it. Sure, current con actors are detained, but nature abhors a vacuum. Where one group of crooks is no more – another will pop up rather quickly.

Though, the impunity myth these guys were bearing on is now busted. Further scams will be either more concealed, distributed, and/or reliant on less traceable technologies. Will they be more effective with all these upgrades? This is what we are about to discover.

The post Fake Amazon and Microsoft Tech Support call centers busted appeared first on Gridinsoft Blog.

TikTok flooded by “Elon Musk cryptocurrency giveaway” scams.

Today, the creativity of scammers trying to take advantage of TikTok’s massive user base is quite obvious. TikTok is facing a severe problem with the proliferation of numerous fraudulent cryptocurrency giveaway scams on the platform. Scammers are going all out for their profits. They create hundreds of websites posing as crypto exchanges or free giveaway sites. According to them, the only thing a user has to do to get free cryptocurrency is to register on their site and enter the promo code from the video.

And, of course, the slight nuance that the video is silent about is to pay a small amount for account activation, which will allow the user to withdraw funds. However, the reality is grim: paying the user out is absent in such a scenario. These scams are elaborate traps that steal users’ funds, leaving them empty-handed. Besides, there’s always the chance of being double-crossed. Although this scheme is quite old, it is still very effective — as the saying goes, old but gold.

The Elon Musk impersonation

Attackers learned long ago that promoting mass fraud on behalf of famous personalities is much more effective. Regarding media personalities, the first person who is associated with cryptocurrency giveaway scams is Elon Musk. Moreover, his bizarre behavior and habit of talking nonsense in public and promoting questionable things adds credibility to any scam that mentions the name of Ilon Musk. So, the scammers publish a fake video in which Fox News or others interview Elon Musk and promote a phony cryptocurrency giveaway.

The strategy means impersonating Elon Musk and his subsidiaries, Tesla and SpaceX. They are designed to make people think they are participating in a genuine promotion. Thus, some videos contain instructions on how to log into the listed website and enter a promo code to get free bitcoins. Many websites have very similar names like Moonexio[.]com, altgetxio[.]com, and cratopex[.]com or, as in our case, bitoxies[.]com.

How cryptocurrency giveaway scams works?

It starts with a TikTok video the user can find using the hashtag #bitcoinforbeginners. We see many identical videos as if they were copied. The only thing that makes them different is the promo code, which differs for each. We open a random video, see a fragment from the interview mentioned above on the cover, and then follow instructions on registering on the site.

We open the site, register, and enter the code – voila! We have bonuses on our account. We try to withdraw them and see an error that says that to operate, and you must complete the account setup and activate it. For that, the service asks to deposit an amount equivalent to 0.005 BTC.

Obviously, after replenishing the account, you still cannot withdraw funds. The essence of this scam is to lure victims out of their funds in this way. In addition, the site asks for KYC information, with the help of which attackers will try to hack into our other legitimate accounts. This in total pushes the risks much beyond money losses.

It is also important to note that the mentioned websites may change their names, but retain the overall message. There is an entire pandemic of such sites going on – with absolutely the same design and promises, but different names.

How to avoid crypto scams?

The first thing this fraudulent scheme is based on is the unawareness of users. The second is greed and the desire to make a profit for nothing. We can help with the first, but the second comes with experience. It is essential to learn that you must pay for everything in life, and no one will give you anything for free. Besides, it would help if you did not get your investing advice from TikTok. Elon Musk’s crypto giveaways are like his promises to improve Twitter: they’re fake. Cryptocurrency is not something you can invest in just out of interest. Before investing, you should study this field well and understand it completely. Otherwise, losses are inevitable. In addition, we recommend that you only use official platforms and apps. The following red flags will help you identify scams:

• The ad promises free cryptocurrency for performing simple actions such as subscribing to an account, watching a video, or commenting on a post.
• The ad contains errors or typos.
• The ad looks informal or unprofessional.
• The ad requires entering your personal or cryptocurrency wallet information.

If you see a post or comment that fits one or more of these traits, it’s best to ignore it.

The post TikTok Flooded By Elon Musk Cryptocurrency Giveaway Scams appeared first on Gridinsoft Blog.