Unscrupulous criminals use crises to their advantage. Scammers are using the conflict in Ukraine to bilk money from people trying to help those impacted from the attacks. There are numerous accounts of scammers using old techniques to defraud people from funds and personal information.

We all want to help and what is unfolding in Ukraine is tragic. Fraudsters prey on our wishes to aid those in need and know that we are vulnerable to attack because of the emotional toll the war in Ukraine is taking on the world, but particularly the Ukrainians.

If you wish to support Ukraine, do so. But be wary of where you are sending your money. There are many wonderful and legitimate charities that are working hard to assist those in need. But there are others who are using our emotions to help others to steal from us. Be wary of unsolicited requests for donations through email or text. Research the charity to which you are sending your money and make sure you are on the charity’s official website. Be cautious about clicking on any links that are sent to you via text or email. If you are solicited by a well-known charity, take the time to donate directly through their official website and not through unsolicited emails.

The Ukrainians need all the resources and support they can get, so send your charitable donations to a charity that will actually get the funds to them.

According to CNBC, here is a list of top-rated charities for Ukrainian relief.

I think that people in general are decent and good. There are always some bad apples, but during crises most people want to help others. During the coronavirus pandemic, many people are doing everything they can to help others, including assisting neighbors, family members, friends and health care workers. Charitable organizations have stepped up to assist those in need during the crisis as well. Generous people donate to charitable organizations to assist in their efforts. This is where the bad apples come in.

Bad apples know that most people are decent and good. They know people want to help others, and that people are generous and kind. And the bad apples take advantage of the goodness of others. During a crisis, like the one we are in now, bad apples spend every day trying to figure out how to do just that.

Coronavirus charity scams are such a problem that the Federal Trade Commission (FTC) issued a scam alert this week warning individuals to be careful about their charitable donations during this time and to confirm that they are giving to real organizations and not scammers.

According to the FTC Alert:

“No one wants their Coronavirus donation to go to a scammer, so before you give, do some research.

  • Search online for the charity’s name and the words “scam” or “fraud.”
  • Review ratings of the charity by these organizations.
  • Check the charity’s registration status with your local charity regulator. Are they registered to take donations in your state?

“Here are other things you can do to make sure a scammer is not taking advantage of your generosity:

  • Donate using a credit card. It’s the safest way to donate. Never donate by giving out gift card numbers or using a wire transfer. If someone asks you to donate that way, you can be sure it’s a scam.
  • Double check the name of the organization. Many fake charities try to trick you by using names similar to those of well-known organizations, but with one word different or a misspelled.
  • Ask lots of questions. What’s the charity’s website, address, and mission? How much of my donation will go to the program I want to help? How many people does the charity help, and how? If helping your community is important to you, ask how the charity spends money in your area. If you get vague answers, find another way to help.
  • Confirm that your donation will be tax deductible, if that’s important to you. Use the IRS’s Tax Exempt Organization Search to check. Know that donations to individuals are not tax deductible.
  • Don’t assume a donation request on social media is legitimate just because a friend liked it or shared it. Do your own research. Call your friends or contact them offline to ask them about the post they shared.

“Visit ftc.gov/charity for more tips on donating wisely. If you see a charity scam, report it at ftc.gov/complaint. Your report helps stop scammers and alert others about them.”

Sound guidance from the FTC to help ensure that our donations go to the causes we care about and we are really helping others.

It has been difficult to watch the extreme weather patterns that have been happening around the U.S. over the past few months.  Fires and torrential rainstorms in California, tornadoes down south, blizzards in the Midwest and New York, and a devastating hurricane in the Gulf of Mexico. It is heartbreaking to see the devastation and then on top of it, to know that fraudsters are using natural disasters to perpetrate fraud on victims who have suffered through them. The Federal Trade Commission (FTC) receives so many complaints about these fraudsters that it issued a warning on January 18, 2023, entitled “How to spot, avoid, and report weather-related scams.”

Whether you have been the victim of a weather disaster or  are in the future, or you want to assist those who are victims of a natural disaster, heed the warning of the FTC and protect yourself from these scammers.

According to the Alert:

Here are a few ways to spot the scammers who might try to take your money or personal information after a weather emergency:

  • Spot imposter scams. Scammers might pretend to be safety inspectors, government officials trying to help you, or utility workers who say immediate work is required. Don’t give them money, and do ask for identification to verify with whom you are dealing before sharing personal information such as your Social Security or other private account numbers.
  • Spot FEMA impersonators charging application fees. If someone wants money to help you qualify for FEMA funds, it’s a scam. Download the FEMA Mobile App to get alerts and information. Visit FEMA.gov for more information.
  • Spot home improvement and debris removal scams. Unlicensed contractors and scammers may appear in recovery zones with promises of quick repairs or clean-up services. Walk away if they demand cash payments up front, or refuse to give you copies of their license, insurance, and a contract in writing.
  • Spot rental listing scams. Scammers know people need a place to live while they rebuild. They’ll advertise rentals that don’t exist to get your money and run. The scammers are the ones who tell you to wire money, or who ask for security deposits or rent before you’ve met or signed a lease.
  • Spot charity scams. Scammers will often try to profit from the misfortune of others, sometimes using familiar-sounding names or logos. Check Donating Wisely and Avoiding Charity Scams [https://consumer.ftc.gov/features/how-donate-wisely-and-avoid-charity-scams] before opening up your wallet.

If you are the victim of a scammer, report the incident to the FTC. Stay safe during these uncertain times and avoid being victimized twice: once by the weather and again by a scammer.

It was heartbreaking to watch the reports of Hurricane Ian as it landed on the west coast of Florida. The damage and losses left in its wake will be overwhelming and catastrophic for Floridians; the toll will become clearer over the next few days. While we all feel a sense of hurt and loss for them and want to help.

Many organizations will mobilize to offer assistance to victims in the days and weeks to come. At the same time, scammers will be looking to tug on our heartstrings to try to get us to send money to fraudulent organizations pretending to help the victims of the hurricane.

This is an old trick to prey on good-natured individuals to divert funds when we are most vulnerable [ view related posts]. Help those in need, but be wary of scammers in the process. Here are some tips to avoid being scammed:

  • Research the organization you are interested in donating to, and make sure you are on the organization’s legitimate website when donating through a website.
  • Donate to charities you have donated to before, which you know to be legitimate and experienced in responding to disasters.
  • Be wary of any solicitations for donations of gift cards, cash, cryptocurrency or wires.
  • Be wary of responding to a random email requesting a donation and don’t click on links or attachments provided in a solicitation.
  • Don’t trust a solicitation in an email or text, even if a legitimate charity’s logo is included.
  • Be cautious about donating to crowdsource funding sites.

Donating to help victims is a worthy effort. Use these tips to make sure your donation gets into the right hands and makes a difference.

Seeing the victims in Kentucky following the devastating floods is heartbreaking. Even more distressing is seeing those who are trying to help by donating funds to the relief effort victimized as well.

Scammers know that people with good hearts who are trying to help others are susceptible to relief scams. All they are trying to do is to help others, but they become victims themselves of fake websites and relief scams.

If you are trying to contribute to a relief effort, take the time to make sure your funds are going to a legitimate organization. The Federal Trade Commission (FTC) has provided tips on how to help others without getting scammed, including:

  • Be skeptical of anyone promising immediate clean-up and repairs. Some may quote outrageous prices, demand payment up front, or lack the skills needed.
  • Check them out. Before you pay, ask for IDs, licenses, and proof of insurance. Don’t believe any promises that aren’t in writing.
  • Never pay by wire transfer, gift card, cryptocurrency, or in cash. Scammers ask for these types of payments because, once they’ve collected the money, it’s almost impossible for you to get it back. And never make the final payment until the work is done and you’re satisfied.
  • Guard your personal information. Only scammers will say they’re a government official and then demand money or your credit card, bank account, or Social Security number.
  • Know that the Federal Emergency Management Agency (FEMA) doesn’t charge application fees. If someone wants money to help you qualify for FEMA funds, that’s probably a scam.
  • Look out for rental listing scams. Steer clear of people who tell you to wire money or ask for security deposits or rent before you’ve met or signed a lease.
  • Spot disaster-related charity scams. Scammers will often try to make a quick profit from the misfortune of others. Check out the FTC’s advice on donating wisely and avoiding charity scams.

If you believe you may have been victimized by a scam, report it to https://reportfraud.ftc.gov/#/

In a first of its kind prosecution, the Irish Aviation Authority (IAA) successfully prosecuted a drone operator for a safety violation while flying a drone outside of a former Israeli embassy during a public demonstration. The incident occurred in May 2021, when the operator allegedly operated the drone in violation of IAA regulations in order to get footage of a demonstration in Dublin.

The incident was first addressed at the scene by the IAA; the drone was detained and the operator was advised of the infringement: violation of the 1993 IAA Act for “operating a drone over an assembly of people.”

While the operator did have ample experience as a freelance filmmaker, the IAA alleged he did not appreciate the safety risks posed to the crowd gathered underneath a flying drone. By flying over an assembly of people, those individuals cannot safely move away if the drone malfunctions and falls to the bystanders below or operates erratically.

The IAA informed the court that flying a drone over an assembly of people was considered a “high-risk offence” and that the “drone did fly relatively close overhead.”

The operator defendant plead guilty and was awarded the Probation Act (which means that the operator was spared a recorded conviction) and ordered to contribute to the IAA’s legal costs as well as to make a charitable donation to the Little Flower Penny Dinner Charity, which provides legal aid to the underprivileged in Dublin.

Diarmuid Ó Conghaile, Aviation Regulator for the IAA, said that public safety is the priority: “As Ireland’s Aviation Regulator, the safety of the public is our priority. The onus is on those who operate drones to do so safely and within the scope of the law, which in this case is EU-wide and in force since the beginning of last year. Luckily no one was injured in this instance and the operator has admitted he was at fault. The use of drones is growing all the time, and whilst we can educate people on the safety aspects of their use, drone pilots must understand that these operations come with risks. Had this pilot undertaken the necessary training, this incident is unlikely to have taken place. Cooperation between the [national police service of the Republic of Ireland] and the IAA is invaluable in ensuring the safety of the public when it comes to aviation, as was seen in this case.”

Working from home has shed a new light on robocalls. It is unbelievable how many robocalls I get at home even though I am on the Do Not Call List. It is very easy to monitor these calls. If I recognize the number, I may pick up. If I don’t, I let it ring until it goes to the answering service. If the caller doesn’t leave a message, it is clear that it is a scam. These days, even scammers leave a message. One day last week, a scammer left three separate messages asking me to call back or I would get arrested. This is obvious to me, but to many individuals, these calls sound real and are scary.

The same is true for my mobile telephone. The number of unknown callers to my cell phone has definitely increased during the pandemic, and I use the same technique with calls to my cell phone as I do for a residential line. It is very easy to have someone leave a message and then call them back if they are legitimate. Screening your calls should be automatic for your safety.

A new study by First Orion shows that phone scams using COVID-19 as the subject matter have been highly successful this year.

According to the 2020 Annual Scam Call Report, “[P]hone scammers are getting better at tricking you into giving up your personal information…The survey shows that scammers improved their efficiency in 2020, mainly using the COVID-19 pandemic to steal personal information from millions of victims. The data paints a clear picture of why people are becoming more reluctant to answer their phones if the call is from an unknown number.”

The survey shows that scammers are getting better at scamming people even though the scammers were calling people at the same rate as last year. The survey showed that “[I]n 2020, scammers succeeded in getting people to give up their personal information 270 percent more often than in 2019. More than one in four people reported a loss of personal information or financial loss due to a phone scam in 2020. What’s more, scams targeting Social Security numbers were 550 percent percent more effective in 2020.”

This result is shocking and disappointing. What’s more, the survey showed that because more people were at home to answer the phone, “[O]ut of all the scam calls that succeeded in getting personal information, 17 percent used the COVID-19 pandemic to get in the door. The next most frequent cover story was fake banks at 12 percent, followed by family threats (10 percent), offering a prize or money (9 percent), and student loan scams (9 percent). The pandemic also showed up in charity fraud. When scammers used fake charities as bait to scam people, 44 percent of them said they were collecting money for pandemic relief.”

Other typical phone scams included auto warranty calls which were the most common scam and actually doubled from 2019. Fake bank or credit card calls were the second most common, and false IRS/tax and insurance calls tied for the third most common.

The moral of this story is to refrain from answering calls from numbers you do not recognize, don’t fall for any of these common scams and don’t give anyone your personal information or money over the phone.

I admit this has not been my best gift shopping year. I tried, but with the pandemic, I limited my shopping outings, and I don’t like shopping online for obvious reasons. My new mantra is “How about no gifts this year and we all give the money we would have spent to our favorite charities?” 

Even so, there are still gifts to buy, and an easy way to check that person off your list is to buy a gift card. 

Scammers know this and are taking advantage of it. Fake websites have been developed that mimic legitimate retailer websites to make it easy for you to buy a gift card. Scammers also are using phishing emails and texts to alert individuals that they have received a gift card for the holiday and to “click here” to redeem it. 

Here are a couple of tips for giving and getting gift cards during this holiday season: 

  • If you purchase a gift card, make sure it is from the actual retailer.
  • Be wary of buying gift cards online from other sites, such as auction sites or reseller sites.
  • When you purchase a gift card for someone, tell them you purchased it.
  • Don’t click on any texts, email links or attachments that purport to redeem a gift card.
  • Keep receipts of purchases of gift cards for proof of purchase in the event there is an issue.
  • Be wary of any emails or texts requesting that you purchase gift cards for someone.

Happy holidays and safe shopping. I still like the charity giving idea…

You probably heard about the recent hack of Twitter accounts that took place on July 15, 2020. The hackers took over several prominent Twitter accounts, which resulted in a scam that netted over $118,000 in bitcoin for the hackers. One of the most startling things about the cyberattack was that it was led by a 17-year-old along with his accomplices. The hackers took over the accounts of well-known individuals including Barack Obama, Kim Kardashian West, Kanye West, Bill Gates, Elon Musk and many others, and tweeted a “double your bitcoin scam” from these Twitter accounts directing people to send bitcoin to fraudulent accounts.

The New York Department of Financial Services (NYDFS) issued a detailed report last week regarding this hack into the social media giant. The report found that “the Twitter Hack happened in three phases: (1) social engineering attacks to gain access to Twitter’s network; (2) taking over accounts with desirable usernames (or “handles”) and selling access to them; and (3) taking over dozens of high-profile Twitter accounts and trying to trick people into sending the Hackers bitcoin. All this happened in roughly 24 hours.”

How did the hackers do it? According to the report, the first phase of the attack started with the hackers stealing credentials of Twitter employees the old-fashioned way by using social engineering. The hackers posed as Twitter IT employees and contacted several Twitter employees claiming there was a problem with Twitter’s Virtual Private Network (VPN). The report stated that the “hackers claimed they were responding to a reported problem the employee was having with Twitter’s Virtual Private Network (VPN). Since switching to remote working, VPN problems were common at Twitter. The Hackers then tried to direct the employee to a phishing website that looked identical to the legitimate Twitter VPN website and was hosted by a similarly named domain. As the employee entered their credentials into the phishing website, the Hackers would simultaneously enter the information into the real Twitter website. This false log-in generated an MFA [multi-factor authentication] notification requesting that the employees authenticate themselves, which some of the employees did.”

The hackers then went surfing within the Twitter system looking for employees with access to internal tools to take over accounts. This led to the second phase of the attack: taking over and selling access to original gangster (OG) Twitter accounts. According to the report, an OG Twitter account refers to accounts  designated by a single word, letter, or number and adopted by Twitter’s early users. The hackers discussed taking over and selling the OG accounts in various online chat messages. On July 15, the hackers “ hijacked multiple OG Twitter accounts and tweeted screenshots of one of the internal tools from some of the accounts to the accounts’ respective followers.

The final phase of the hack involved  taking over various cryptocurrency company accounts and directing users to a link to a scam bitcoin address. According to a tweet sent out by Twitter on July 16, approximately 130 accounts of high-profile verified users (those Twitter accounts that you see with the blue check mark) were taken over by the hackers with tweets asking people to send bitcoin, with the promise that the high-profile user would double the amount to be given to a charity. The bitcoin address was fraudulent, the tweets were not sent by the actual users, and the hackers were able to collect more than $118,000 in bitcoin.

The NYDFS began its investigation because the cryptocurrency companies are regulated entities. According to the report, the department instructed the cryptocurrency companies to block the hackers’ bitcoin addresses if they hadn’t already done so. This move prevented over a million dollars’ worth of fraudulent bitcoin transfers.

We write all the time about the critical importance of cybersecurity practices and protocols such as multifactor authentication, employee training regarding phishing, and using secure passwords. The general consensus appears to be that the Twitter hack was not a sophisticated one, but that the hackers knew what they were after and knew how to accomplish their goal. The NYDFS report stated that “the Twitter Hack is a cautionary tale about the extraordinary damage that can be caused even by unsophisticated cybercriminals. The Hackers’ success was due in large part to weaknesses in Twitter’s internal cybersecurity protocols.”

The scammers know that most of us are working from home and are trying to use this to their advantage. The robocalls have increased, and telemarketers are calling more frequently, but with a new twist—preying on fears of consumers about coronavirus.

I am on the Do-Not-Call list, yet I am still getting many unwanted robocalls. It gets to the point where you don’t answer your phone at all.

The Federal Trade Commission (FTC) is trying to help, and this week issued letters to nine Voice over Internet Protocol (VolP) service providers and other companies “warning them that ‘assisting and facilitating’ illegal telemarketing or robocalls related to the coronavirus or COVID-19 pandemic is against the law. Many of these calls prey upon consumers’ fear of the virus to perpetrate scams or sow disinformation.” 

The letters warn them that if they facilitate scams or disinformation, the FTC may take enforcement action against them. The conduct the FTC advised the companies may violate the Telemarketing Sales Rule includes:

  • making a false or misleading statement to induce a consumer to buy something or contribute to a charity;
  • misrepresenting a seller or telemarketer’s affiliation with any government agency;
  • transmitting false or deceptive caller ID numbers;
  • initiating pre-recorded telemarketing robocalls, unless the seller has express written permission to call; and
  • initiating telemarketing calls to consumers whose phone numbers are on the National Do Not Call Registry, with certain exceptions.

Be aware of scammers and telemarketers trying to prey on our fear surrounding the coronavirus, and screen your calls. If the call is legitimate, the caller will usually leave a message and you can call them back if you choose. Remember to never give your personal information or financial information to anyone over the phone.