December 30, 2023
Fraud & Identity Theft
The Latest Scams You Need to Be Aware of in 2024
by: Louis DeNicola
Scammers might use new technology and recent events, such as AI and student loan forgiveness, to add a twist to tried-and-true scams. Learn about the latest techniques to stay safe in 2024.
As in previous years, many of the latest scams in 2024 will likely involve twists on time-tested scams. Scammers and fraudsters are expected to exploit new technology and emotions around major events yet to come to trick and scare people. But scammers will always have the same goal—to get your personal information or money. Learning about these latest developments will hopefully help you stay one step ahead.
1. AI-Powered Scams
Perhaps the most obvious example of scammers using new technology to power existing scams comes from artificial intelligence (AI). For example, scammers might use AI to:
- Write more convincing and natural-sounding phishing emails and text messages.
- Create deepfakes of celebrities to trick victims into thinking they're investing in a good company or project.
- Impersonate the victim's friend or relative and ask for money as part of a grandparent scam.
- Impersonate an employer and ask for personal information.
The potential to create an image, video or voice of someone else could make existing scams even more believable, and opens up new opportunities for scammers.
2. Student Loan Forgiveness Scams
The back-and-forth changes in student loan forgiveness creates a ripe opportunity for scammers. The scammers know people want to believe their student loans will be forgiven, and they'll use that hope for their personal gains.
For example, scammers may contact you via phone or create phony application sites aimed at stealing your Social Security number or your bank account information. They may put pressure on their victims with fake urgent messages that encourage you to apply for debt relief "before it's too late." Then they'll charge you a hefty application fee. In reality, it's a scam.
It costs nothing to apply for student loan forgiveness, so someone asking you to pay a fee could be a scammer. In addition, the U.S. Department of Education won't contact you by phone. You can stay safe and avoid student loan forgiveness scams by going directly to the Department of Education website for information about applying for forgiveness.
3. Phone Scams
Scammers may contact you by phone, and some phone scams rely on smartphones' capabilities to access the internet and install malware. These can include:
- Robocalls: Robocalls have people's phones ringing nonstop with increasingly natural-sounding recorded voices. They may offer everything from auto warranties to vacations, or issue a threat to try and get your attention. Some robocalls can even respond to your questions.
- Impersonators: Scammers impersonate IRS personnel, police, survey takers, relatives, delivery people and well-known companies to threaten you or gain your trust. They use scare tactics related to your Social Security number, criminal record or account before asking for your personal, account or credit card information.
- Apps: Scammers may try to get you to install a malicious app to steal your information. Or, they might create a nearly identical copy of an existing app and then make money from in-app purchases.
- QR codes: These convenient codes have gained popularity as a touchless option to do things like read a restaurant menu or make a payment. However, scammers place their QR codes in inconspicuous spots, and scanning the code could prompt you to make a small purchase or enter your credentials on a look-alike website.
- SIM swapping: This technique is used by a thief to reassign your number to a SIM card in a phone they control. They can then try to log in to your accounts using codes or links sent to your phone number. Contact your carrier to see if there are any security measures for stopping SIM swapping. Also, see if your accounts let you use a non-SMS multifactor authentication option, such as an authenticator app that the scammer can't steal or access.
- One-time password (OTP) bots: Some scammers use so-called OTP bots to trick people into sharing the authentication codes. The scammer might try to log in, prompting the bank to send you a one-time code. At the same time, the bot imitates the company and calls, texts or emails you asking for the code. The timing might convince you that the bot's request is legitimate. However, if you respond, it sends the code to the scammer, who can now log in to your account.
2024 Spotlight: Text Scams
Text message-based scams are an especially popular type of phone-based scams. The Federal Trade Commission (FTC) says one reason may be that texting is cheap and easy. According to its 2022 Consumer Sentinel Network Data Book , Americans lost over $330 million to text scams in 2022.
These scams can take many forms, but the scammers often impersonate a well-known company, such as a bank, online retailer, delivery company or government agency. They might say there was suspicious activity in your account, your bill is past due, your item couldn't be delivered or that you were selected for a job interview.
They all have one thing in common—they ask you to click on a link or call a number. Often, these are smishing attempts to get you to share personal information or install malware on your device.
4. Zelle Scams
Scammers are turning to Zelle, a peer-to-peer payment app, to steal people's money.
The scammer might email, text or call you pretending to work for your bank or credit union's fraud department. They'll claim that a thief was trying to steal your money through Zelle, and that they have to walk you through "fixing" the issue. Then, they may instruct you to send the money to yourself, but the money will actually go to their account.
Starting in mid-2023, Zelle began refunding victims of some scams. However, you might not always be eligible for reimbursements, so it's important to be wary of these types of financial scams.
5. Cryptocurrency Scams
The cryptocurrency frenzy might have died down, but that hasn't slowed down the scammers. These scams can take different forms, and they may involve fake prizes, contests, giveaways or early investment opportunities.
The scammers may impersonate celebrities or popular cryptocurrency websites to lure victims into sending them money, sharing login information or "investing" in a project. Crypto exchange accounts have also been the target of the OTP bot attack technique described above to prevent you from getting your crypto back while the scammer drains your account.
6. Romance Scams
While romance scams aren't new, their popularity continues to rise. According to the FTC, people lost $1.3 billion to romance scams in 2022, with median losses of $4,400 per person.
Scammers often steal someone's identity or create fake profiles on dating and social media apps to meet victims. There's no surefire method to detect a fake, although scammers may use stock photos and make excuses for why they can't meet in person.
After gaining your trust, they may ask you to buy them something or send them money. Or, the person may "mistakenly" send you money and ask you to send it back or forward it to someone else. If your bank later determines that their payment was fraudulent, the sum of the payment will be subtracted from your account.
Many romance scams start with private messages on social media or dating apps. And they can target anyone—some scammers even seek to form platonic rather than romantic relationships.
7. Online Purchase Scams
Online purchase scams continue to be one of the riskiest types of scams, according to the Better Business Bureau (BBB) 2022 Online Scams Report. The BBB found that people most commonly reported being victims after trying to buy a puppy online.
Some scammers set up fake e-commerce stores and buy ads for the website on social media. The FTC reported that 44% of social media scams from January to June 2023 were related to online shopping. Alternatively, scammers might list items for sale on online marketplaces, including social media website's marketplaces.
The scammers might take your money and never send anything in return. Or, they might be committing triangulation fraud and purchasing the item you bought with someone else's stolen credit card. You might not realize you were part of a scam unless you try to return the item or use a warranty.
Always look for red flags such as too-good-to-be-true prices, lack of details or high-pressure sales tactics. Paying with your credit card can also help you limit potential losses, as you can initiate a chargeback if you don't receive a product or service.
8. Employment Scams
Employment scams use enticing, and hard-to-detect, lures to target people who've been out of work. Some scammers take a slow approach with interviews and a legitimate-seeming operation. They then collect personal information from your employment forms, or tell you to buy equipment or training.
Other scams get right to the point and promise guaranteed or easy income—if you purchase their program. Sometimes, a fake employer sends a large paycheck and asks you to send the "extra" back—a play on the popular overpayment scam.
You may also see job opportunities that involve receiving money and sending funds to another account, or receiving and reshipping packages. These "money mule" and "reshipping mule" jobs are often part of an illegal operation, and you could be personally liable.
9. Check Fraud
Check fraud often targets banks rather than consumers, but it's still something you'll want to be aware of in the coming year.
Criminals have been breaking into mailboxes and robbing mail carriers to steal mail and look for checks. If you mail a check and it's stolen, they might create a counterfeit check and use it to withdraw money from your account.
Your bank or credit union will often reimburse, but it could take a long time and cause money problems while you wait. It might be best to avoid writing and mailing checks altogether. If you have to send a check, some pens, such as Uni-Ball pens with Super Ink, claim to stop check washing. That still won't protect against some other types of check fraud, though.
How to Avoid a Scam
While scammers' delivery methods and messaging can quickly change, a few basic security measures can help protect you from the latest and most common scams:
- Be skeptical when someone contacts you. Scammers can spoof calls and emails to make it look like they are coming from different sources, including government agencies, charities, banks and large companies. Don't share personal information, usernames, passwords or one-time codes that others can use to access your accounts or steal your identity.
- Don't click unknown links. Whether the link arrives in your email, a text or a direct message, never click on it unless you're certain the sender has good intentions. If the message says it's from a company or government agency, call the company using a number that you look up on your own to confirm its legitimacy.
- Be careful with your phone. Similarly, if you suspect a spam call, don't respond or press a button. The safest option is to hang up or ignore the call entirely. You can always look up the organization and initiate a call yourself if you're worried there may actually be an issue.
- Enable multifactor authentication. Add this feature to any accounts that offer it as an option, and try to use a non-SMS version to protect yourself from SIM swapping.
- Research companies before taking any actions. Before you make a purchase or donation, take a few minutes to review the company. Do a web search for its name plus "scam" or "reviews" and research charities on Charity Navigator and CharityWatch.
- Don't refund or forward overpayments. Be careful whenever a company or person asks you to refund or forward part of a payment. Often, the original payment will be fraudulent and taken back later.
- Look for suspicious payment requirements. Scammers often ask for payments via wire transfer, money order, cryptocurrency or gift cards. These payments can be harder to track and cancel than other forms of payment, which can leave you stuck without recourse.
- Create a family password. Create a family password that you can all use to verify that it's really one of you on the phone, and not someone who created a deepfake of your voice.
What to Do if You Fall Victim to a Scam
Although there are some exceptions, you often can't get your money back if you fall for a scam. There's also no way to take back any personal information that you sent. But there are a few steps you can take that might help prevent additional fraud and protect other people:
- Report the scam and scammer. You can report scammers to the FTC online. Additionally, report the scam and related message to any relevant parties, such as your bank, credit card issuer, social media platform, email provider, phone carrier or the USPS' Postal Inspection Service. You can also file a police report, which might help with recovering your identity or lost funds.
- Scan your devices. If you clicked on a link or attachment, you may want to run an antivirus scan to check for malware.
- Change your passwords. Change the passwords on any accounts that use a password the scammer might know. Use this as an opportunity to create stronger passwords or try out the newer passwordless option called passkeys that are available on some websites.
- Lock down your credit. You may be worried about identity theft if you gave the scammer your personal information. You have the right to add fraud alerts and security freezes, also called credit freezes, to your credit reports for free. These can help keep someone else from opening an account using your information.
June 1, 2023
WASHINGTON, D.C. – The Consumer Financial Protection Bureau (CFPB) published an issue spotlight on digital payment apps heavily used by consumers and businesses. The analysis finds that funds stored on these apps may not be safe in the event of financial distress, since the funds may not be held in accounts with federal deposit insurance coverage. The CFPB also issued a consumer advisory for customers holding funds in these apps and how they can make sure their funds remain safe.
"Popular digital payment apps are increasingly used as substitutes for a traditional bank or credit union account but lack the same protections to ensure that funds are safe,” said CFPB Director Rohit Chopra. “As tech companies expand into banking and payments, the CFPB is sharpening its focus on those that sidestep the safeguards that local banks and credit unions have long adhered to."
Use of nonbank payment apps such as PayPal, Venmo, and Cash App have rapidly grown in the past few years. These apps allow people to quickly pay retailers and others, while providing the option to store funds. Unlike traditional bank and credit union accounts which have deposit insurance, funds stored in these nonbank payment companies may be unprotected.
In recent months, many Americans were reminded that funds deposited with banks and credit unions enjoy the safety afforded by federal deposit insurance through the FDIC or NCUA. Americans witnessed the failure of large systemically important banks such as Silicon Valley Bank, Signature Bank, and First Republic Bank. These banks experienced a run, but insured depositors could have confidence their money was safe. However, similar protection would not be guaranteed to customers that store money on nonbank payment apps.
Today’s issue spotlight finds that:
- More than three quarters of adults in the United States have used a payment app. Younger customers’ use of these payment app services is especially prevalent. Approximately 85 percent of consumers aged 18 to 29 have used such a service. Transaction volume across all service providers in 2022 was estimated at approximately $893 billion, and is projected to reach approximately $1.6 trillion by 2027.
- Nonbanks can earn money when users store funds on their platforms. When users of these digital apps receive payments, the funds are not usually swept automatically to the recipient’s linked bank or credit union account. Instead, companies hold and invest the funds. These activities are not typically subjected to the same oversight that an insured bank or credit union faces. Apps also earn money through fees on merchants and other ancillary services, like selling crypto-assets and offering affiliated financial products.
- Funds sitting in payment app accounts often lack deposit insurance. When users receive payments, through these apps, these funds are not automatically swept into their linked bank or credit union account. In addition, payment app companies do not necessarily store customer funds in an insured account through a business arrangement with a bank or credit union. The company’s investments carry risk and if it were to fail, customers could lose their funds.
- User agreements often lack specific information. User agreements for digital payment apps often lack information on where funds are being held or invested, whether and under what conditions they may be insured, and what would happen if the company or the entity holding the funds were to fail.
Many states are enacting policies to ensure that these digital payment apps are able to meet their obligations, including a new law recently enacted in Texas. State laws, however, generally do not require that customer funds be stored in or automatically swept into insured accounts. The CFPB will continue coordinating with other state and federal regulators to monitor the evolution of this segment of the payments ecosystem and take appropriate steps.
The CFPB also issued a consumer advisory providing information to customers that keep funds stored on payment apps. Until payment apps are designed to automatically sweep balances into a user’s insured account, consumers may need to take action to move their balances stored in payment apps.
Consumers can submit complaints about financial products and services by visiting the CFPB’s website or by calling (855) 411-CFPB (2372)
National Consumer's Protection Week
Beware of Romance Scams!
March 6-10, 2023
Unfortunately, the Internet, social media, and dating websites are perfect for tricking susceptible Americans into romantic relationships. Scammers will pretend to be interested in an unwitting person and, after building a rapport, ask them to send money or to cash a check or money order. Often, the scammers create urgency by claiming to have a medical emergency or promising to come to the U.S. to be with that person—just as long as a check or money order is cashed to cover expenses. None of their stories are true. Anyone who is socially isolated is susceptible to this scam.
Although many dating sites take steps to provide a safe forum for meeting online, you can do more to protect yourself from scamming fraudsters to keep your online relationships safe.
- First, with any Internet-based relationship, keep your personal details to yourself.
- Next, do a quick Google search of the other person’s name and the town they claim to be living in.
- From there, proceed slowly and look for inconsistencies in the other person’s profile and the information they share.
- Keep an eye out for signs the relationship is moving in a direction that it wouldn’t otherwise go if meeting in real life.
- As you get to know the other person, gently apply the brakes if your new friend pushes to take the conversation to private email. Stay on the website’s platform until it’s time to meet in person.
Indications that someone may not be who they say they are:
- Their name and the name embedded in their email address does not match.
- Obvious spelling and grammar errors.
- The online profile suddenly disappears from the dating site.
- They pledge their love way too quickly.
- They ask you to send or receive money/packages.
- They need money right away due to a medical or family emergency.
- They need a Visa or plane tickets.
- They claim a business opportunity arose that was too good to turn down, and they ask you to wire a loan.
People conducting online imposter scams frequently spin the same lines or tell the same backstory over and over.
That’s where conducting a Google search can be especially helpful. If an online love interest starts making declarations of undying devotion and churning out love poems, search some of the lines on the Internet and see where they’ve been used before. The expressions and pet phrases that online catfishers use are frequently recycled.
Common phrases include:
- My child is being cared for by a nanny or guardian.
- My wife or husband is dead.
- My child is already calling you “mom” or “dad.”
- You are my love or my darling.
- I cannot wait to be with you.
A legitimate love interest will understand if you ask for proof they are for real.
Request a customized photo. Ask them to hold today’s newspaper or a book you have both read in the photo. Next, conduct an online search of any photos they’ve already provided.
If using Bing, choose “Search by Image” by clicking the camera icon under the image search subsection. If using Google, do an image search. If the search results indicate something suspicious, it’s time to lay the evidence on the table. Don’t be surprised if they admit they are a scammer but “have fallen in love for real.” That’s just another tactic, and a heavily recycled one.
What you can do:
Tennessee Secretary of State Warns of New Scam Targeting Tennesseans
September 28, 2022
The Tennessee Secretary of State’s office is warning Tennesseans about an official-looking mailer from TN UCC Statement Service that incorrectly implies that businesses or individuals need a copy of the UCC-1 financing statement filed against them.
The Uniform Commercial Code (UCC) is a comprehensive set of laws governing sales and other commercial transactions. A UCC-1 financing statement is a legal form that a creditor files to give notice that it has the right to take possession of and sell certain assets belonging to the debtor for the repayment of a specific debt.
UCC-1 financing statements are common in Tennessee, with the Secretary of State’s Division of Business and Charitable Organizations issuing around 200,000 each year.
The scam mailer, Tennessee UCC Statement Request Form, tries to get Tennesseans to pay $107 for the TN UCC Statement Service to request a copy of the UCC-1 financing statement on behalf of the debtor. The mailer implies that the recipient needs a copy of the UCC-1 financing statement. This is rarely the case, the Secretary of State clarified.
Businesses and individuals that do want a copy of a UCC-1 financing statement can request one directly from the Secretary of State’s office for $15 by phone at 615-741-2286, mail or online.
To report the receipt of a suspicious mailer about a UCC-1 financing statement, contact the Division of Business and Charitable Organizations by phone at 615-741-2286 or email at TNSOS.CERT@tn.gov and the Attorney General’s office by phone at 615-741-3491 or online.
LinkedIn Brand - Most Abused in Phishing Attempts
by Dark Reading Staff; April 20, 2022; DarkReading.com
New research shows threat actors increasingly leveraging social networks for attacks, with LinkedIn being used in 52% of global phishing attacks.
April 20, 2022
Shipping, retail, and tech companies are no longer the most popular brands used to hide phishing attacks. Instead, social media platforms have become the brands of choice used to dupe victims and steal their personal data, with LinkedIn-related lures accounting for a full 52% of all global phishing attacks during January, February, and March of 2022, according to new data.
LinkedIn phishing-lure use exploded by 44% over the previous quarter, when it was used in just 8% of phishing attempts, according to Check Point's latest Brand Phishing Report.
"As well as LinkedIn being the most targeted brand by a considerable margin, WhatsApp maintained its position in the top ten, accounting for almost 1 in 20 phishing-related attacks worldwide," the report said.
Shipping is still a draw, even though LinkedIn overtook DHL as the brand most often used in phishing attacks. DHL is now the second-most abused brand, behind 14% of attempts during the same time period. FedEx moved up from seventh place to fifth over the past quarter, with 6% of all phishing attempts spoofing its brand.
Check Point's List of Top 10 Abused Brands
- LinkedIn (accounting for 52% of all global phishing attacks over the quarter)
- DHL (14%)
- Google (7%)
- Microsoft (6%)
- FedEx (6%)
- WhatsApp (4%)
- Amazon (2%)
- Maersk (1%)
- AliExpress (0.8%)
- Apple (0.8%)
Top 10 Scams for 2022
- Debt Collection:
Most of the complaints under this category involve debt collectors. Consumers tell of receiving calls from harassing collectors who are threatening and will repeatedly call attempting to collect a debt. Other complaints that fall under this category involved credit/debit card fees, pay day loans, credit repair companies and unauthorized use of credit/debit cards. Some of these complaints involved hidden fees and billing disputes as well.
- Fake Government Officials
If you received an email, letter or phone call from a government agency (typically the IRS or FBI) and it instructs you to wire, Western Union or MoneyGram money someplace, or follow a link and enter information - don't believe it! The U.S. government would never instruct anyone to use those methods to pay any bill or carry out a financial transaction, particularly with an overseas bank or agency.
- Identity Theft, Phishing and Pharming
Scammers gain access to your confidential information, like social security numbers, date of birth and then use it to apply for credit cards, loans and financial accounts. Typically, the victim receives an email that appears to be from a credible, real bank or credit card company, with links to a website and a request to update account information. But the website and email are fakes, made to look like the real website.
- Phone scams
This includes telemarketers violating the Do Not Call list, Robo-dialers, scammers calling up pretending to be from a bank or credit card company. The National Do Not Call Registry (U.S.) or the National Do Not Call List (Canada) offer consumers a free way to reduce telemarketing calls. Scammers call anyway, of course, and they've even found a way to scam consumers by pretending to be a government official calling to sign you up or confirming your previous participation on the Dot Not call list! A good example of this is the "Your Microsoft license key has expired" scam call - which you can hear and read about on this page.
- Loans Scams / Credit Fixers
False promises of business or personal loans, even if credit is bad, for a fee upfront. Or a scam that promises to repair your credit for a fee.
- Fake Prizes, Sweepstakes, Free Gifts, Lottery Scams
You receive an email claiming you won a prize, lottery or gift, and you only have to pay a "small fee" to claim it or cover "handling costs". These include scams which can go under the name of genuine lotteries like the UK National Lottery and the El Gordo Spanish lottery. Unsolicited email or telephone calls tell people they are being entered or have already been entered into a prize draw. Later, they receive a call congratulating them on winning a substantial prize in a national lottery. But before they can claim their prize, they are told they must send money to pay for administration fees and taxes. The prize, of course, does not exist. No genuine lottery asks for money to pay fees or notifies it's winners via email.
- Internet merchandise scams
You purchase something online, but it is either never delivered or it is not what they claimed it was, or is defective. Online shopping, and other shop from home, such as catalog, mail and phone shopping scams are on the rise.
- Automobile-Related Complaints
Car loans, car buying, car sales, auto repair, fake or useless extended warranties. Some of the complaints alleged consumers paid for repairs and that services provided were shoddy. Consumers reported repair companies that return vehicles to the consumer in a worse condition than how it was initially given to them. Other complaints involved consumers not receiving title to their vehicles at the time of sale
- Credit Bureaus and related credit scams
Credit/debit card fees, pay day loans, credit repair companies and unauthorized use of credit/debit cards. Some of these complaints involved hidden fees and billing disputes as well.
- Phishing/Spoofing Emails
Emails that pretend to be from a company, organization or government agency but ask you to enter or confirm your personal information.
Scams, Schemes & Swindles from TN Dept. of Commerce
The Scams, Schemes & Swindles webpage managed by the TN Dept. of Commerce and Insurance serves as a central location for scam information with links to fraud and scam webpages of other departments and agencies. The webpage provides common scam information related to dozens of scams impacting all individuals including elderly financial scams like the medicare brace scam or the grandparent scam.
The site includes helpful links about the scam and some resources to help educate consumers, such as this infographic developed in partnership with the ABA Foundation and the FTC that shows the signs of and gives tips to avoid a romance or online dating scam.
New Malware Affecting Home & Small Business Routers
Federal officials and cyber security experts have been reporting about a newly disclosed malware known as “VPNFilter.” Security researchers are estimating that over 500,000 small business and home office routers could be affected. Among the devices identified are routers from Linksys, MikroTik, NETGEAR, TP-LINK and QNAP. While the list of devices reported is not all inclusive, these are the brands identified at this time.
The malware is destructive and it is important for home users to take precautionary steps. Below are some recommended best practices to help protect you and your home network:
- Modem/Router Reboot: A simple reboot of your modem/router can help prevent your device from becoming infected. This can be accomplished by unplugging the device from the electrical outlet, waiting at least 10 seconds, and then plugging the device back in.
- Proper Password(s): Always make sure any device at home that connects to the internet have unique passwords and never the default admin passwords that come with the device.
- Patch/Update Firmware: Many routers and modems receive security updates from time to time, but if you are not sure, contact your Internet Service Provider or go to your router’s website for the most up to date firmware or update for your router. Netgear and Linksys have already established how-to guides on their websites.
Important Tax Fraud Alert
The Internal Revenue Service has issued an alert on erroneous federal tax refunds resulting from an emerging fraud scheme effecting thousands of people. Real taxpayer information including bank account and routing information for direct deposit has been stolen from tax professionals and used to file fraudulent returns. The fraudster contacts the taxpayer posing as an employee of a debt collection agency on behalf of the IRS with instructions on returning the money. If this happens to you, the IRS requests you contact the Automated Clearing House department of the bank/financial institution where the direct deposit was received and have them return it to the IRS. Taxpayers are also asked to contact the IRS at (800) 829-1040 (individuals) or (800) 829-4933 (business) to explain why the direct deposit is being returned. For more information,
Tax Topic Number 161, Returning an Erroneous Refund
For information regarding the Equifax breach, please Click Here
to be directed to their website or call 866-447-7559.