Don’t Get Caught in a Non-Delivery Scam

With the holidays approaching, and online shopping reaching its annual peak, scammers are out in full force to get at your money and your purchases. There are many scams to watch for this time of year, from online “retailers” phishing for information as you shop to brazen porch thieves who swipe delivered packages from doorsteps and so many more. The non-delivery scam can be particularly difficult to spot, and recovery is nearly impossible. Here’s what you need to know about this scam and how to protect yourself.

How the scam plays out

In a non-delivery scam, a shopper makes an online purchase, often at a discounted price. They may have chanced upon this “sale” through a social media ad, an unsolicited email or a banner ad on their favorite website. Unfortunately, though, the promised package is never delivered. After weeks of waiting, the shopper may try reaching out to the seller, only to find that the seller’s gone AWOL, along with the victim’s chances of recovering their money and/or their purchase.

Protect yourself

The best way to protect yourself against non-delivery scams is to practice online safety measures and to shop smartly. Here’s how.

  • Never click on links or attachments in unsolicited emails or on social media, regardless of how amazing the offer may be. If an ad looks promising, look up the alleged associated retailer directly and on your own. 
  • Keep your device’s security at its strongest settings and mark all suspicious emails as spam. 
  • Opt out of websites that are full of typos and/or grammatical errors.
  • Check each website’s URL for authentic spelling and signs of security, like the “https” and padlock icon. Recheck each landing page as you shop. 
  • When shopping a new seller, do some research before sharing any information with the seller. Look for a phone number and street address associated with the seller or company, dig up some online reviews and ratings and Google the retailer’s name along with the word “scam” to see if anything comes up. 
  • When shopping a private seller on an online marketplace, like Jiji or Etsy, check the seller’s profile carefully. Be extra wary if the profile is new.
  • Avoid shopping at retailers who insist on payment via prepaid gift cards or wire transfer. When shopping online, it’s best to use a credit card.
  • Stay away from sellers who advertise as if they are residents of the U.S. and then respond to questions by claiming that they are actually out of the country.
  • Always ask for and save the tracking numbers of online purchases. Monitor the shipping process so you can dispute the charge if the process seems suspect.
  • Be wary of items with prices that are too good to be true; in all likelihood they are.

If you’re targeted

If you believe you’ve fallen victim to a non-delivery scam, there are steps you can take to mitigate the damage. 

First, if you’ve paid via credit card, call the issuing company to dispute the charge as soon as you recognize the scam. If you believe the account has been compromised, you may want to close it and place a credit alert and/or credit freeze on your name as well. Next, be sure to alert the FTC about the scam so they can do their part in catching the crooks. If the alleged retailer is on the BBB website, you can let them know, too. Finally, let your friends know about the scam so they know to be aware.

Online commerce makes holiday shopping so much easier–but scams are everywhere. Shop smartly this season and follow the tips outlined here to avoid getting scammed. Stay safe!

Your Turn: Have you been targeted by a non-delivery scam? Tell us about it in the comments. 

All You Need to Know About SIM Swaps

SIM swapping, also known as SIM swap scams, or SIM hijacking, can be a nightmare for an unwary victim. According to a recent announcement by the FBI, this ruse is on the rise. In 2021, the FBI received 1,611 reports of SIM swapping, with losses totaling over $68 million, a more than five-fold increase from the 320 SIM swap complaints occuring in 2018 and 2019 combined. Here’s what you need to know about this prevalent scam and how to protect yourself. 

How the scam plays out

In a SIM swap scam, a criminal steals a target’s mobile phone number by tricking the victim’s cellphone provider into transferring the number to a SIM card in the criminal’s possession. 

Before the actual scam is pulled off, the scammer will generally employ a phishing scam to obtain some basic information about the target’s mobile number and phone service provider. They may reach out to the target via email, text message or phone call. They’ll pretend to represent the service provider, and ask the target to share or confirm their phone number and/or account number. They may claim there is an issue with the target’s account, and say they need this information to fix the problem. Unfortunately, the target often believes they are engaging with an authentic representative of their phone company, and willingly shares this information.

Next, the scammer will call the target’s service provider and use this info to convince them that they are actually the target. The scammer will claim that their SIM card has been lost or destroyed and they’ve purchased a new one to replace it. If the mobile service provider falls for the ploy, they’ll transfer the phone number to the scammer’s SIM card.

Finally, the criminal inserts the now-active SIM card into their own device and uses it to access the victim’s accounts by bypassing the SIM-based two-step authentication. The scammer then proceeds to change all passwords for online accounts linked to the phone. Unfortunately, this leaves the victim with an inactive SIM card and worse, locked out of their own accounts.

Protect yourself

Despite its prevalence, there are ways to protect yourself from SIM swap scams. The FBI advises consumers to take the following precautions:

  • Never share information about your financial assets while online.
  • Never share information about your mobile phone number or cellphone provider with an unverified contact over the phone or online.
  • Don’t assume every communication from an alleged service provider is legit. If you receive an unexpected call, message or email from your mobile phone’s provider asking you to share or confirm information, do not engage. Contact the provider directly to determine if the communication was authentic. 
  • Keep your social-media platform settings private.
  • Use strong, updated security for all your devices. 
  • Never share personally identifiable information online. 
  • Use strong, unique passwords across all your online accounts.
  • When possible, use strong, multi-factor authentication, standalone authentication, apps and physical security tokens to access accounts that contain sensitive information.
  • Don’t allow your mobile devices to “remember” your passwords, usernames and other personal information.

If you’ve been targeted

If you believe you’ve been targeted by a SIM swapping scam, take these steps to mitigate the damage:

  • Reach out to your cellphone provider for assistance in regaining control of your phone number.
  • Change the passwords and logins on all your online accounts.
  • Let your financial institution and credit card companies know about the scam so they can look out for suspicious activity on your accounts. 
  • Consider placing a credit alert and/or credit freeze on your accounts. 
  • Report the scam to your local FBI field office, your local law enforcement agency and the FBI’s Internet Crime Complaint Center.

Stay alert and stay safe!

Your Turn: Have you been targeted by a SIM swap scam? Tell us about it in the comments. 

Don’t Get Caught in a Pre-approval Scam

You’ve got mail! But beware, because this particular missive telling you that you’ve been preapproved for a large loan – maybe even a mortgage – may not be as it seems! The exciting news may be accompanied by a check that’s made out to you and even for the full loan amount! It’s a dream come true. Until, of course, it all turns into a living nightmare. 

Here’s what you need to know about preapproval scams and how to stay safe.

How the scams play out

In a preapproval scam, a target receives a letter in the mail, an email or a text message informing them they’re preapproved, or “prescreened,” for a large loan. The letter is often accompanied by a live check, or an unsolicited check that can be cashed in by the named recipient – which is you. The letter may also be highly relevant to your life. For example, if you’re in the market for a new home, the offer may feature an alleged preapproved mortgage loan. If you’re looking for a new set of wheels, the letter will likely offer a bogus auto loan. More commonly, though, will be the offer of a personal, or unsecured loan, through a live check. 

When you go ahead and cash that check, you may be playing right into the hands of a scammer. 

The authentic-looking check cannot be cashed unless the recipient shares their personal information. Of course, this means providing a scammer, or a scam ring, with all the info they need to empty your accounts, commit identity theft or worse. In addition, the check may appear to clear but then bounce a few days later, leaving you to pick up the tab for any of the money you’ve spent. Finally, if you really do need to take out a large loan, the bogus offer can set you back significantly by hurting your credit score.  

Checklist for legitimate preapproval offers

If you have a credit history, you’ve likely received these preapproval offers at least several times. Some of them are actually legitimate offers to cover a loan for a large amount. How, then, can you tell which of these offers are legitimate or scam?

First, it’s important to know that, while some of these offers may be legit, that doesn’t mean they’re good for your financial health. If you cash that check and/or accept that loan offer, you’ll be bound by the loan terms, which you may not be truly aware of until the first repayment bill becomes due. Most of these preapproval offers will have exorbitant interest rates and may demand full repayment quicker than typical loans obtained from a bank or credit union. 

Now, let’s take a look at how you can determine whether one of these preapproval offers is legit. If you receive an offer as described, look for this information to verify the authenticity of the offer: 

  • A disclosure of the loan fees
  • The annual percentage rate (APR), which is the annual cost of the loan 
  • The payment schedule
  • The loan agreement
  • A privacy notice about the sharing of your personal information
  • An opt-out notice for future offers
  • Contact information for the sender, which includes a number and street address

If any of this info is missing from the preapproval offer, you’re likely looking at a scam. 

If you’ve been targeted

If you’ve been targeted by a preapproval scam or a legitimate but shady offer, there are steps you can take to protect yourself from further harm and to stop the annoying letters from landing in your mailbox. 

First, let the Federal Trade Commission (FTC) know about the circulating scam. Next, it’s important to note that, under the Fair Credit Reporting Act, you have the right to opt-out of future loan offers for five years, or permanently. To opt-out for the next five years, call 1-888-5-OPTOUT (1-888-567-8688) or visit OptOutPrescreen. To opt-out forever, visit OptOutPreScreen to request a Permanent Opt-Out Election form. Return the signed form and you should be off the list of all preapproval offers. Finally, keep your online interactions safe from scams by using the strongest and most up-to-date security settings across your devices and being careful about the information you share online.

Preapproval scams can be super-annoying and destructive, but you can outsmart them. Stay safe!

Your Turn: Have you been targeted by a preapproval scam? Tell us about it in the comments. 

All You Need to Know About Cybersecurity

Cybercrimes are increasing exponentially by the year. Unfortunately, developments like the pandemic, the growth of cryptocurrency and the increase in online working and shopping have created a target-rich environment for cybercriminals. In fact, according to Cybercrime Magazine, cybercrime will cost the world $10.5 trillion annually by the year 2025. 

The best way to protect yourself from cybercrimes of any kind is by being aware of common warning signs as well as keeping your systems and devices secure. High levels of cybersecurity are employed at all times on the internet to keep websites–as well as power grids, water systems and more–running and free of malicious activity. As a private consumer, you can also utilize cybersecurity on your own devices, albeit on a smaller scale. In honor of Cybersecurity Month, let’s take a closer look at this essential toolset and how to best harness it for your protection. 

What is cybersecurity?

Cybersecurity refers to the protection of all online devices, networks, data and electronic systems from attacks by hackers, scammers and cybercriminals. 

There are several major categories of cybersecurity:

  • Network security is the practice of securing a computer network from intruders who commit crimes via targeted attack and/or malware. 
  • Application security focuses on protecting software and devices from threats. 
  • Information security protects the integrity and privacy of data.
  • Operational security includes handling and protecting data assets. 
  • Disaster recovery and business continuity include the ways an organization responds to an actual or potential security breach.
  • Cloud security refers to creating secure cloud applications for companies that use cloud service providers, like Google, Amazon Web Services, etc. 
  • Identity management and data security protects processes that enable authorization and authentication of legitimate individuals to an organization’s systems. 
  • Mobile security protects data that is stored on mobile devices from threats like unauthorized access, device loss or theft, malware and viruses. 

Types of cybercrimes

Cybercrimes can be divided into several categories:

  1. Cybercrime includes criminals acting alone or in groups who target systems for financial gain or to cause disturbances.
  2. Cyber-attack will often involve groups of criminals gathering information for political reasons.
  3. Cyberterrorism is the act of hacking electronic systems with the intent of causing panic or fear.

Methods of cybercrimes

All forms of cybercrimes threaten cybersecurity in some way. Here are some of the methods cybercriminals use to wage attacks: 

  • Malware. This threat includes ransomware, spyware, viruses and worms. These can install harmful software, block access to computer systems or provide scammers with access to data.
  • Trojans. This attack tricks users into thinking they’re opening a harmless file when, in reality, they’re installing a backdoor that provides cybercriminals with unauthorized access. 
  • Botnets. This attack is conducted via remotely controlled malware-infected devices and is usually deployed as a large-scale attack. Compromised computers are integrated as part of the botnet system to further spread the attack.
  • Adware. This threat involves a potentially unwanted program that is installed without the user’s permission and automatically generates unwanted online advertisements.
  • Phishing. This attack is employed via email, text or social media message to trick the target into sharing sensitive information. Often, the tactic will also lead to the installation of malware.
  • Man-in-the-middle attack. In these attacks, a hacker will insert themselves into a two-person online transaction. The hacker will then steal data and/or login credentials.

How can I protect myself against cyberattacks?

Fortunately, there are lots of preventative measures you can take to protect your information and your money from cyberattacks: 

  1. Update your software and operating systems. Accept every update you are offered because these will provide the strongest and most current protection.
  2. Use anti-virus software. This software will detect and remove threats in real-time. 
  3. Use strong, unique passwords across all your online accounts. Be sure to vary your use of capitalization, symbols, letters and numbers. For optimal security, switch up your password every six months.  
  4. Never open email attachments or click on links from unknown senders. These can automatically download malware onto your device.
  5. Avoid using unsecured public WiFi. Using unsecure networks leaves you vulnerable to attacks.

Cybersecurity is a crucial component of modern day digital safety. This guide can help you learn how to utilize this essential toolset for your personal security. 

Your Turn: How do you utilize cybersecurity to protect your information and your money from cybercrimes? Share your best tips in the comments.

Beware of Digital Kidnapping

Most parents warn their kids against taking candy or accepting a ride from a stranger, but there’s a digital equivalent to conventional kidnapping that is unknown to many people. Digital kidnapping happens when a crook takes control of a target’s social media profiles and holds them until a ransom is paid. It can also involve “kidnapping” photos that are posted on social media pages. Here’s what you need to know about digital kidnapping and how to protect yourself from falling victim. 

How the scams play out

In a digital kidnapping scam, a hacker or ring of scammers will take control of one or more of a target’s social media profiles. The target will be effectively locked out of their own social media accounts and will be unable to access or update them. Once the scammer has control of the profile, they’ll contact the target, demanding a hefty ransom in return for access to the account. They may even threaten to post damaging or humiliating content on the social media profile unless the ransom is paid.

In another version of this scam, hackers will “kidnap” a photo of a child or baby off an unsecured social media account. They will post these photos in their own accounts, using the picture-perfect moments to create a fantasy world of their own. In a creepy twist of reality, they’ll pretend these are snapshots of their own family. They may use this fake world to help them create an imaginary escape, or to draw traffic to their own public accounts. Sometimes, they’ll utilize these photos to help build a bogus story, such as a baby being put up for adoption, or a charitable fund to benefit a child whose parents are struggling financially. Unfortunately for the actual parents, it can be months or years before they find out that their child’s picture is splashed across a public account with thousands of followers. 

If you’ve been targeted

If you believe you’ve been targeted by a digital kidnapping scam, there are steps you can take to mitigate the damage. First, alert the company that owns the social media platform to let them know your account has been compromised. They’ll likely have specific instructions for you to follow to ensure your account remains safe. They may even advise you to close the compromised account and open a new one. Next, tip off the Federal Trade Commission (FTC) and local law enforcement agencies which can help you determine whether it makes sense to pay the requested ransom. Finally, clean up your accounts and make sure there is no identifying or potentially dangerous information being posted on a public forum.

Protect yourself

The best way to protect yourself from digital kidnapping is by keeping your accounts private and secure. Always choose the strongest security settings on your devices and opt for private social media accounts across every platform. This will limit your audience to by-invitation-only viewers while helping to keep hackers and creeps away. 

It’s also a good idea to be mindful of what you post, and how often you post it. Even when using the strongest security settings, sharing a picture online essentially means sharing it with the public. You never know who may be trolling your accounts or looking for pictures to “adopt” as their own. Think three times before posting a picture of your kids. Extra caution is advised for those with super-cute kids.

Finally, be sure to follow basic online safety rules to avoid giving a scammer access to your accounts. Use strong, unique passwords for each of your online accounts and change up your passwords every six months or so. Avoid using public WiFi unless absolutely necessary. Accept every security and software update offered for your device to keep them operating at optimal security. Finally, avoid sharing sensitive information with an unverified contact and never download an attachment or click on a link within an email from an unknown sender. 

Stay alert and stay safe!

Your Turn: Do you have a digital kidnapping experience to share? Tell us about it in the comments.

Cash, Credit or Debit–How Should I Pay?

Q: With inflation soaring, I want to spend my money in the best way possible. When paying for various everyday and occasional purchases, should I be using cash, credit or debit?

A: There’s a time and place for everything. Some purchases should be paid for with cash, some with a credit card, and others with a debit card. Your lifestyle and personality may influence this choice as well. Let’s take a closer look at each payment method and when they should be used.

When should I use cash?

Between P2P payment platforms, mobile payment wallets and the growth of cryptocurrency, the world of commerce is becoming increasingly cashless. In fact, some consumers barely touch cash at all. 

However, there can be times when you’d be better off using cash. First, some gas stations charge less per gallon when the driver pays in cash. The difference is usually modest, up to 10 cents a gallon, but with gas prices soaring, it can add up to substantial savings over the course of a month. Next, if you have trouble sticking to your budget when you shop, it can be helpful to take only the amount of cash you need and leave your cards at home. This way, you’ll be forced to stick to your budget. Finally, some small businesses, like food trucks or independently owned stores, only accept cash payments or offer discounts for paying cash.

On the flip side, there are many disadvantages to using cash. First, cash provides no purchase protection. Consequently, it’s best not to use cash for very large purchases. Next, cash leaves no paper trail and it can make tracking expenses difficult. It’s best not to use cash if you’re trying to get a clear picture of where your money is going. Finally, cash always carries the risk of being lost or stolen. 

When should I use my credit card?

Credit cards are the double-edged sword of personal finance. On the one hand, credit card debt is one of the leading causes of consumer debt in the country. On the other hand, owning credit cards and using them responsibly is a crucial part of one’s financial health. 

In addition to the impact to your credit score, responsibly used credit cards offer two primary advantages: rewards and purchase protection. Using a rewards card for purchases you’d need to make anyway, such as paying utility bills or subscription fees for a service, can help you earn cash back, airline miles or another reward. The second big advantage to using a credit card – the purchase protection it offers – makes it the ideal choice for paying for large purchases or when buying something from a newer retailer. Knowing you can always dispute the charge or even cancel it if the product turns out to be different than expected, can help you shop with confidence. In addition to these advantages, paying with a credit card and making on-time payments can help boost your credit score while making expense tracking easy. 

Ideally, credit cards should only be used to cover fixed or steady payments, such as monthly bills, and for purchases you know you can pay for in full when the bill becomes due. It’s never a good idea to swipe your card for a purchase you cannot pay for today or within the next few weeks. Use your cards responsibly to ensure a healthy credit score and to stay out of debt. 

When should I use my debit card?

In many ways, debit cards offer the best of both worlds. You can always track your spending by reviewing your checking account statement, and you generally can only spend what you have. This helps minimize the risk of falling into debt. In addition, if your card is lost or stolen, you can cancel it and/or close the associated account. 

Debit cards can be a great choice for everyday purchases of any kind. However, since they  typically don’t offer rewards or the same level of purchase protection as credit cards, they may not be the best choice for large purchases, or for paying for products from a new retailer. 

Life is expensive, and you want your money to go as far as possible. Use this guide to help you choose the right payment method in every situation. 

Your Turn: When do you use cash, credit and debit? Tell us about it in the comments. 

What is the Dark Web?

Q: I’ve heard of the dark web, but I never understood what this term means. What is the dark web? How is it accessed? Is there any way to keep my information out of its depths?

A: The dark web is the deepest layer of the internet that isn’t visible to the average browser. Unfortunately, its name is a perfect description of its function, as the dark web is full of illegal activities and crimes. Let’s take a closer look at the dark web and how you can protect your information from being caught in its trap.

What is the dark web?

The internet has been likened to an iceberg. There is very little of it that is truly visible above the surface, but it is enormous, dark and deep underneath. 

There are three basic components of the internet: 

  • The surface web–this involves all websites and landing pages that can easily be accessed through popular search engines and by inputting a URL/address directly into a web browser address bar. 
  • The deep web–this includes private, but not invisible accounts, such as social media pages, retail accounts, membership websites, confidential corporate webpages, medical records and more. All content on the deep web is safeguarded by a paywall or sign-in credentials. Experts have estimated that up to 99% of the internet is comprised of the deep web. 
  • The dark web–the final layer of the internet can only be accessed by downloading special browsing software called Tor. Tor masks IP addresses and instantly renders all visitors anonymous. This is where scammers can buy and sell personal information including credit card numbers, checking account details, Social Security numbers, health records and more. 

Despite its name, not all of the activity that takes place on the dark web is illegal. The deepest part of the internet also provides a platform for communication and commerce among people living in countries that have heavy censorship over online activity. In addition, the dark web was originally used by the United States Department of Defense to communicate anonymously. 

Unfortunately, though, the dark web remains a hotbed of criminal activity. Loads of illegal trade takes place through the dark web, including drugs, firearms, counterfeit money, subscription credentials and personal information of thousands of targets. The inherent anonymity of the dark web allows hackers and scammers to roam free without fear of being caught.

How does the dark web work?

The dark web, and by extension the Tor browser, uses a technology known as “onion routing.” This technology uses multiple layers of encryption and redirection to assure anonymity for every browser. When a browser tries to access a site on the dark web, its information will be routed through thousands of relay points, making it impossible to identify and trace. 

How can I protect myself from the dark web?

It’s important to take preventative measures to protect your information from the dark web. Here’s how:

  • Enable two-step authentication on all online accounts. This includes accounts with access to sensitive information, as well as accounts that can be used to collect innocuous but potentially identifying information, like social media accounts. 
  • Consistently monitor your credit for fraudulent activity. Review your accounts at the end of each billing period and request an annual free credit report. Report any suspicious activity to your credit card company immediately. You can also ask the company to send you automatic alerts if there are any large purchases made or new accounts opened in your name.
  • Use strong, unique passwords for all your accounts. Vary your capitalization use, numbers, words and symbols. For optimal protection, switch up your passwords every few months. 
  • Never share your personal information with an unverified source. This includes an email from a contact you’ve never engaged with before, phone calls from an unknown caller and a downloaded link from a banner ad.
  • Run a dark web scan on your devices. This will tell you if your information is already on the dark web. If the scan is positive, reach out to your credit card issuers to discuss placing a fraud alert on your accounts and a credit freeze in your name. 

The dark web is fraught with danger and impossible to trace but there are ways to protect your information. Use the tips outlined here to stay safe.

Your Turn: Have you encountered the dark web? Share your experience in the comments. 

8 Ways to Spot a Survey Scam

Survey scams are almost as old as the internet. They’re so prevalent, you can hardly spend an hour online without running into an ad for a “super quick” survey promising a reward for just a few minutes of your time. 

What actually happens, though, is that the scammer walks away with a free survey, or worse, your information and/or your money. The alert consumer can spot a survey scam easily, but fraudsters are unfortunately becoming more sophisticated at luring innocent victims into their schemes. 

Don’t get caught! Here are eight ways to spot a survey scam:

  1. You’re asked to pay to participate in a survey

Authentic survey companies need you – you don’t need them. There’s absolutely no reason to pay to take a survey of any kind. If you’re targeted by an ad asking you to take a survey and to pay for the privilege of doing so, don’t respond. 

  1. You’re asked to share sensitive information before you can take the survey

They’d really appreciate it if you could take this quick survey for them. They just need some information from you first, like your Social Security number, date of birth and maybe even your checking account number. If a survey company asks for anything more than basic information from you, sign out as quickly as you can. 

  1. They advertise on Craigslist and similar sites asking for your email address

“Survey companies” that advertise on sites like Craigslist asking you to share your email address are usually fronts for scam rings. They use the bogus surveys as bait so you will share your email address. Once they have this information, they’ll use it to spam you with scam emails, phishing schemes, malware or worse. Alternatively, they’ll sell your email address to another scam ring to be used for similar purposes. 

  1. They offer too much money

If a survey is offering you $100 for a 20-question survey that shouldn’t take you more than five minutes to complete, you can be sure you’re looking at a scam. No legitimate survey company is that desperate. The pay for authentic survey-taking is generally on a much more modest scale. 

  1. You’re directed to download attachments 

Any time an unknown contact asks you to download attachments to your device, be super-suspicious. More often than not, these are scams and the attachments are loaded with malware. Don’t respond to the offer, and if it was made via email, be sure to report the email address as spam. 

  1. They advertise aggressively

If the same solicitation for survey participation keeps popping up across your screen, you may be looking at a scam. Scammers tend to flood their targets with ads in the hopes that one of them will actually work. Similarly, if the survey offer is full of unbelievable testimonials of past

participants, you’re likely looking at a scam. Legitimate survey companies don’t need to try so desperately hard to get people to take their surveys. 

  1. They give you an hour to pre-qualify for the survey

Often, a survey company will want you to answer a few pre-qualifying questions to see if you fit their desired demographic. Scammers exploit the prequalification by having the target answer dozens of questions and then informing them they’ve run out of time and cannot participate in the actual survey. This is false, of course, and the questions the scammer just answered actually were the survey questions, only now they won’t be getting paid for it. Check to see if a survey has a time limit on the prequalification before you start answering questions. 

  1. They require an outrageous minimum before payment

Most legitimate survey companies require the survey taker to complete a minimum number of surveys before the first payment. However, scammers require their targets to take an unrealistic number of surveys before they receive their first paycheck. Often, the victim will just quit before they qualify for a payment and the scammers now have these completed surveys without paying anything for them. 

Survey-taking can be a great way to earn some pocket money, but survey scams are rampant. Follow these tips to stay safe!

Your Turn: Have you been targeted by a survey scam? Share your experience in the comments. 

Don’t Get Caught in a Vacation Rental Scam

With prices rising on everything, including hotel stays, record numbers of vacationers are choosing to rent private homes or apartments on sites like Airbnb and Vacation Rentals by Owner (VRBO). Unfortunately, though, vacation rental scams are on the rise as well. Here’s all you need to know about these scams and how to avoid them.

How these scams play out

There are several variations of vacation rental scams. 

In one version, the vacation rental advertised on Airbnb, or on a similar site, does not exist or is in very poor condition. The scammer uses online images or doctored photos to create the bogus listing, and rounds out the ruse setup by creating several phony reviews. If a target falls for the scam and rents the “vacation rental,” they’ll be disappointed to arrive at the posted address on the listing and find that the rental does not exist or is quite run down. 

In another version, an individual rents a listing and receives a message from the renter just before their arrival about a last-minute plumbing emergency at the rental site. They’ll be directed to go to another rental instead. This substitute rental will be in far worse condition than the one the vacationer has actually rented. 

In yet another variation, a vacationer unknowingly books a rental on an Airbnb look-alike site. Scammers lure their targets toward these sites by utilizing “URL squatting,” or creating a site that has a similar URL as a well-known site, which in this case, is Airbnb. The fake website enables scammers to capture the payment information of their victims and use it to empty their accounts, or worse. 

In a more recent version of the vacation rental scam, criminals are exploiting people’s kindness and the war in Ukraine to con victims out of their money. Here’s how it works: Generous donors are booking vacation rentals in Ukraine without intending to actually use them as a means to get money to Ukrainians. Airbnb has been supporting this initiative by waiving all host fees for rentals in Ukraine. Unfortunately, though, scammers have been creating fake listings in Ukraine and simply using the money to line their pockets. 

Red flags

Avoid a vacation rental scam by looking out for these warning signs: 

  • The listing is relatively new, yet seems to have multiple reviews from alleged past guests. This is especially true if the listing is in Ukraine.
  • The listing is riddled with typos and spelling mistakes. 
  • The images of the listing look too professional and perfect. 
  • The pictures and description of the rental don’t match up to its price.
  • The URL of the listing site is not secure.
  • The owner asks you to finalize the reservation on a platform that is not the hosting platform.
  • The owner insists on being paid via prepaid gift card or wire transfer. 
  • The owner demands you share more information than they should need for you to reserve a rental. 

Protect yourself

Take these steps to protect yourself from a vacation rental scam:

  1. Check, double-check and triple-check the URL before booking a listing. Look for signs of a secure site, like the lock icon and the “s” after the “http”, and make sure you are still on the authentic host site, such as Airbnb.com, and that you haven’t been lured into a bogus look-alike site. 
  2. Verify that the street address of a rental does indeed exist. You can also Google the address to see if there are any images associated with the address outside the vacation rental site. 
  3. Do a reverse image search to confirm if the photos are doctored up or copied stock images.
  4. Never share sensitive information online with an unverified contact. 
  5. Use a credit card for all online purchases. 
  6. Do an online search of the owner and look for anything suspicious. 

Don’t let your dream vacation turn into a nightmare. Follow the tips outlined here and stay safe! 

Your Turn: Have you been targeted by a vacation rental scam? Tell us about it in the comments. 

Beware Malware Scams

Oh no! Your computer’s been hacked, and it now has an awful virus. But there’s good news; a helpful caller reached out to you to offer their expert help. The caller may even be a representative of the Federal Trade Commission (FTC), or another reputable company, and they’re happy to help restore your device to safety. Just do as they say, and all will be right again. 

Unfortunately, it won’t: If you do follow the caller’s instructions, you’ll be lured into a scam. 

Malware scams are particularly malicious, as they exploit the prevalence of scams and hackers to trick innocent victims into losing their information and money. Here’s what you need to know about malware scams and how to avoid them.

How these scams play out

Malware scams, also known as tech support scams, begin as a seemingly innocent phone call. As described, a scammer reaches out to an individual and informs them that their computer or another device has been hacked. The caller will claim that the alleged hacker has gained access to the victim’s computer and can now do all kinds of damage. The caller, posing as a tech support representative, can help remove any viruses or malware that may have been installed in the device. The alleged tech support rep gives clear instructions, often involving giving the caller access to their device. Unfortunately, though, if the victim follows these directions, they’ll actually be installing malware on their computer. 

Red flags

Avoid malware scams by looking out for these warning signs: 

  • An alleged rep of a tech support company, or the FTC, has called you without you reaching out to them first. 
  • The “tech support rep” asks you to provide them with remote access to your device so they can allegedly remove any malware that has been installed.
  • The caller claims that serious damage has already been done to your computer even though everything looks untouched from your observations.
  • The caller urges you to act immediately or risk causing further damage to your device. 
  • The caller asks you to enter your credit card information or checking account details to pay them for their service. Alternatively, they’ll ask to be paid via prepaid gift card. 

If you’ve been targeted

If you believe you’ve been targeted by a malware scam, take these steps to protect your money, and your device, from harm.

First, do not engage with the caller. Hang up as soon possible and block the number. Next, if you’ve started entering information into your computer as per the caller’s instructions, close your device immediately. If you believe you have already given the scammer access to your device, you may want to consult a genuine tech support expert to remove any malware that may have been installed. In addition, consider canceling any credit cards you may have shared with the scammer or which were stored on browsers and apps on the device. Also consider placing a credit freeze on your name to prevent any loans or new lines of credit the scammer may take out in your name. Finally, report the scam to the FTC.

Signs your device has been infected by malware

A computer may be infected with malware and still operate almost normally. Here’s how to tell if your computer’s been infected:

  • It’s slowed down considerably.
  • You’re being blasted with endless pop-up ads. Most of these are also scams. 
  • Your system abruptly crashes. 
  • You’re suddenly low on disk space.
  • There’s an unexplained increase in internet activity. 

If you notice any of these signs on your computer, it’s best to bring it to a tech support expert who can scan it for malware. If malware is found, follow the steps outlined above to protect your money and your information from further harm. 

Don’t get caught in a malware scam! Stay alert and stay safe. 

Your Turn: Have you been targeted by a malware scam? Tell us about it in the comments.