New scams are becoming a midsummer's nightmare for consumers as cybercrooks continue to set all sorts of traps to lure unsuspecting consumers into forking over their hard-earned money and their private information, which is becoming increasingly harder to protect.
In addition to our weekly Trend Micro scam report, ConsumerAffairs found several schemes that could catch consumers off guard.
Subscription payment issue scams
In one scam, bad actors pose as well-known companies and send texts to consumers informing them that their payment for a subscription service has been reviewed and didn't go through. As a result, the scam creates a sense of urgency for the consumer to contact the company in order to correct the situation.
Ally Armeson, executive program director of Cybercrime Support Network, told ConsumerAffairs that the text goes on to ask people to click on a seemingly innocent link to review the summary details of their payment.
The link, however, is malicious and either installs malware on the device, steals personal and financial information or redirects the user to a fake website.
Armeson said that subscription payment issue scams work not only because they create a sense of urgency, but also because consumers are accustomed to managing their accounts and subscriptions online.
“Remember, any unsolicited text, even if it seems to be from a legitimate organization, is potentially from a bad actor,” she warned. “So, it’s important to always slow down and verify information independently. Don’t share sensitive details until you are certain you are speaking to a legitimate organization or individual.”
Fraudulent sex offender registration
A recently reported variation of the sextortion scam is one that stoops far lower than any scam should be allowed to, but when it comes to fleecing the public, a scammer knows no bounds. The Howell County Sheriff’s Office in Arkansas says local residents have recently been hit with a fraudulent sex offender registration scam.
KTLO reports that the sheriff's Facebook page warned that an unknown subject was using the fictitious name of "Deputy Brooks" to notify potential victims they have missed letters of notification. The individual allegedly attempted to gain $2,000 in order to clear a warrant being issued, possibly playing on the shame and embarrassment that a sex offense would bring to the target.
Like many other scams involving local authorities, the Howell Co. Sheriff’s Office said that it does not accept money or payments over the phone, but only payments in the form of cash or a certified cashier’s check.
New twist on roofing scams
Only a month ago, roofing contractor scams started to unfold when bad weather tore across the country. Now, a nastier version is starting to show up – one where consumers not only lose money but part of their house, too.
In Robbinsdale, Minn., police have reported multiple instances of a man claiming he’s affiliated with a fictitious roofing and remodeling company and that he could repair a roof defect, preying mostly on senior citizens.
Once the victims agree to let him fix the roof problem and he gets his money, then he and his crew have the guts to actually deconstruct large areas of the roof and, then, leave.
In any situation where repairs of this magnitude are being considered, consumers are urged to only agree when there’s a written contract, not a verbal one. It’s also smart to get a second opinion, contacting companies if the person provides a business card, and not paying for work until it is completed to the owner’s satisfaction.
Fake 2FA verification scam
Two-factor authentication (2FA) – where a numeric code is texted to your phone, which you then enter into the account’s login screen to gain access – used to be considered the gold standard of security processes, particularly when it comes to text message (SMS) codes.
However, smarty pants scammers have figured out ways to exploit this security measure through misleading 2FA scam messages. These messages mimic a legitimate 2FA request and attempt to trick individuals into revealing their login credentials.
Armeson told ConsumerAffairs that her team has seen these 2FA scams being worked by scammers impersonating streaming platforms like Netflix and Hulu, music apps like Spotify, and online publications like Forbes or Wall Street Journal.
“These fraudulent messages claim an urgent need for 2FA verification or account confirmation and may warn that failure to complete the 2FA process will result in account suspension or limited access,” she said.
What types of things should consumers watch out for?
Armeson said that if you receive a link or a phone number, instructing you to enter or provide your 2FA code, username, password, or other sensitive details, don’t move another inch. “Remember, legitimate companies will never ask you to share your 2FA code,” she said.