upworthy

scams

Michel Janse shares how she was the victim of a scam.

After falling victim to a scam on Facebook Marketplace, Michel Janse (@michel.c.janse) hopped on TikTok to give everyone a heads-up so they don’t have to go through the same thing. “Be smarter than me!” she said in the video.

Janse posted some furniture on the marketplace and chatted with a woman who seemed interested in purchasing it. She even looked at her profile to get a “vibe check," and everything seemed legit.

The potential buyer seemed to be careful to protect themselves as well. “For my safety, I just want to confirm that you’re a real person,” the buyer messaged Janse. “Are you ok if I voice call you from Google?”


Even though the request seemed odd, Janse went through with it. She subsequently got a message containing a Google Voice code. When the buyer asked Jane to send her the code, she did, only to quickly discover she had been duped.

It seems that Janse had a gut feeling that the woman was a scammer but didn’t act on it til it was too late.

@michel.c.janse

oops dont fall for this scam like me

Janse fell victim to a common scam through online marketplaces. According to the Federal Trade Commission, the scammer could use the Google Voice number to rip off other people and conceal their identity. “Sometimes these scammers are after a Google Voice verification code and other information about you,” the FTC wrote. “If they get enough of your information, they could pretend to be you to access your accounts or open new accounts in your name.”





Photo by Jason Leung on Unsplash

Local bookstore scammed out of $35K

Communities coming together for a bigger purpose is always a feel good story, so when we came across this story from WXYZ Detroit, we had to share it. Imagine being in business bringing stories to your community and creating a space where everyone could feel welcomed, only for a stranger to try to take it away. That’s exactly what happened to the owners of 27th Letter Books in southwest Detroit when a scammer purchased $35K worth of books with fraudulent credit cards.


The bookstore, which only recently opened a brick and mortar location a little over a year ago focuses on bringing diverse titles and authors to their readers. One of the co-owners, Jazmine Cooper, told WXYZ, “There’s a lot of diversity in the titles that we choose.” Cooper discussed a book about Asian American mental health titled Permission to Come Home by Jenny T. Wang, PhD. Cooper explained, “there aren’t a lot of books that allow Asian Americans to have mental health issues or to read about mental health issues.”

Maintaining diversity is important to the small business and the highlighted title, Permission to Come Home is picking up popularity. But everything hasn’t been rainbows for the store because in May, someone pretending to be a customer was able to scam the bookstore out of thousands of dollars before they were able to catch on. Losing this amount of money could cause a small business to close its doors for good and that’s exactly what Cooper thought was coming next. But to her surprise community members stepped up in a big way.

In an effort to save the store, Cooper and her co-owner, Erin Pineda, started a Go Fund Me with the hopes that they would raise enough money to keep the doors open. The response was unimaginable and warmed the hearts of the two business owners. Pineda told WXYZ, “We had someone I remember come in the store and they were like I just started a new job and I don’t have a ton of extra income to donate but can you share a flier and I’m going to put it up at a couple different community spots for you.”

The entire $35K was raised in a matter of 10 days, thanks to the generous hearts of the southwest Detroit community. Now the store can continue its dedication to bringing diverse stories into the homes of their neighbors. But raising the money doesn’t only provide the community with books. It allows for the other programs to continue, one of which is the bilingual story time for kids.

It’s amazing what a little help from your neighbors can do. No worries about future opportunity grabbers that come in the form of scammers. Cooper and Pineda are reviewing their policies to make sure they never have to deal with the frustration of realizing you’ve been scammed. Pineda left off by imploring other business owners to review their own policies around online ordering to avoid their costly mistake.

Hopefully this bookstore will be around for many years to come and the next time you’re passing through Detroit on an extra long layover, or to visit family, stop by 27th Letter Books. Surely the owners have a title or two they can recommend to you.


Democracy

Here's why those tiresome 'auto warranty' spam calls may finally become a thing of the past

“We’ve been trying to reach you concerning your car’s extended warranty."

via Pexels

Fraudsters making auto warranty calls are finally on the outs.

Is there a sound on Earth that fills people with more rage than the following:

“We’ve been trying to reach you concerning your car’s extended warranty. You should have received something in the mail about your car’s extended warranty. Since we have not gotten a response, we are giving you a final courtesy call before we close out your file. Press 2 to be removed and put on our Do-Not-Call list. Press 1 to speak with someone about extending or reinstating your car's warranty.”

The Federal Communications Commission (FCC) says there have been more than 8 billion unlawful prerecorded message auto warranty scam calls sent to American consumers since at least 2018.

The scammers lure people in with the lie that they’re calling about a car warranty and then ask for sensitive financial information to defraud them. Unfortunately, even though Americans lost out on $39.5 billion last year to phone scammers, the government has not been very effective at stopping the calls.


A recent study published by The Ascent revealed that last year, 68.4 million Americans fell victim to phone scams with 20% being victimized on multiple occasions. The scams are more likely to defraud younger people and men.

The sheer number of annoying robocalls has driven many people to stop picking up the phone altogether.

In 2019, Congress passed the Telephone Robocall Abuse Criminal Enforcement and Deterrence (or TRACED) Act but the audio-dialing industry has been able to keep a step ahead of the law. Fortune says that blame can also be placed on federal agencies whose inaction has allowed scammers to get off scot-free and big businesses for their "tacit support for robocalling.”

On July 7, the FCC announced that it is actively investigating the calls for formal legal violations. This step could mean the end of years of foot-dragging.

“Billions of auto warranty robocalls from a single calling campaign. Billions! Auto warranty scams are one of the top complaints we get from consumers and it’s time to hold those responsible for making these junk calls,” FCC Chairwoman Jessica Rosenworcel said in a statement.

It also sent cease-and-desist letters to top phone carriers asking them to stop carrying the calls within 48 hours from Roy Cox Jr., Aaron Michael Jones, their Sumco Panama companies and other international associates.

The FCC says that the Cox/Jones/Sumco Panama operation could be responsible for the 8 billion scam calls.

"The Enforcement Bureau will use all the tools at its disposal to protect consumers and U.S. telecommunications networks from the scourge of illegal robocalls," Acting FCC Enforcement Bureau Chief Loyaan A. Egal said in a statement.

Let’s hope that the new regulations passed by the FCC are successful at stopping these fraudsters who are annoying at best and at their worst, take advantage of the most vulnerable. A phone should be a means for communication, not an open hotline for scammers around the globe to try to take advantage of people.

Then, just maybe, we’ll feel free to pick up the phone again.

True
Mozilla

Ever wonder what it's like to be hacked? Sarah Jeong did. So naturally, she decided to ask someone to hack her.

Jeong isn't just a random thrill-seeker — she's a respected technology journalist and lawyer, and she knew exactly what she was getting into when she recruited her friend Cooper Quintin of the Electronic Frontier Foundation to help her out. She wrote about her experience in GQ.

All it took was a couple of hours and some readily available tools, and Jeong joined the approximately 12% of the population who have fallen for a hack.


But even before she was successfully hacked — and don't worry, we'll get to that! — both Jeong and Quintin discovered some important truths about the world of online safety and what it takes to infiltrate it.

Here are just a few lessons from experts that we can all benefit from:

[rebelmouse-image 19531566 dam="1" original_size="2048x1536" caption="Photo by Blogtrepreneur/Flickr." expand=1]Photo by Blogtrepreneur/Flickr.

1. Most hacking isn't done by master "Matrix" coders.

For most people, "hacking" tends to evoke one of two images: a stereotypically out-of-shape nerd in their parents' basement or a sleek, leather-clad cyberpunk in a Guy Fawkes mask who moonlights as an extra on a Wachowski movie.

But in reality, most of what we call "hacking" is actually "phishing."  In fact, last year, then-Secretary of Homeland Security Jeh Johnson said that phishing is the threat his department fears most.

[rebelmouse-image 19531567 dam="1" original_size="1024x559" caption="THIS IS NOT WHAT HACKERS LOOK LIKE. Except when they do, which is sometimes. Photo by Vincent Diamonte/Flickr." expand=1]THIS IS NOT WHAT HACKERS LOOK LIKE. Except when they do, which is sometimes. Photo by Vincent Diamonte/Flickr.

2. Phishing is a type of scam that disguises itself as something trustworthy.

It can be an email, phone call, or text message, and it then tricks you into giving up your passwords, credit card numbers, and more. All it takes are some clever social skills plus some free online tools used by information security professionals that, technically, anyone can use. (A little coding knowledge doesn't hurt, though.)

3. Many hackers are savvier than you might think.

It doesn't matter if you have the best anti-virus software installed on your computer and run daily checks for malware along with Ghostery and ad block to keep your online browsing extra-safe. Don't get me wrong — viruses and malware are still dangerous. But phishing isn't about computers. It's about people. And that's a lot harder to protect against.

"Phishing isn’t (just) about finding a person who is technically naive," Cory Doctorow, a sci-fi author, journalist, and technology activist told Locus magazine.  As savvy as he is, even he fell for a phishing hack back in 2010. "It’s about attacking the seemingly impregnable defenses of the technically sophisticated until you find a single, incredibly unlikely, short-lived crack in the wall."

"It’s a matter of being caught out in a moment of distraction and of unlikely circumstance." In other words, it can happen to anyone.

[rebelmouse-image 19531568 dam="1" original_size="1200x624" caption="Smile! I'm stealing your identity! Image via Pixnio." expand=1]Smile! I'm stealing your identity! Image via Pixnio.

4. The terrible typos and grammar in some phishing schemes are intentional.

You're probably familiar with the classic "Nigerian prince" phishing scheme, where some kind of foreign dignitary emails you and offers you a ton of money to help facilitate the transfer of their new bajillion-dollar inheritance. You also probably know that these emails are famously riddled with grammatical errors and totally implausible premises.

What you might not know, however, is that these "mistakes" are done on purpose in order to target the most gullible people. That way, reports Business Insider, the scammers don't have to waste their time trying to persuade rational skeptics to give up their bank account information.

[rebelmouse-image 19531569 dam="1" original_size="1280x852" caption="Photo by Nate Grigg/Flickr." expand=1]Photo by Nate Grigg/Flickr.

5. To hack a specific person, all a hacker needs is social media.

You know those silly memes where you find your "porn star name" (or whatever) by using the name of your first pet and the street you grew up on?

Now think about those security questions you had to answer for your online bank account — things like, oh, the name of your first pet, the street you grew up on, or your mom's maiden name.

Yeah. See the connection there? If a hacker wants to social-engineer their way into your bank account, all they need to do is poke around your public accounts to find those little bits of information. These targeted attacks are called "spearphishing," and they're why Doctorow recommends that people "only use Facebook to convince your friends to communicate with you somewhere other than Facebook."

[rebelmouse-image 19531571 dam="1" original_size="1280x856" caption="Image from Pixabay." expand=1]Image from Pixabay.

6. Be careful what you open — even when it's sent by someone you know.

Jeong was hacked after she clicked on a malicious link made to look like it was sent from someone she knew.

To hack her, Quintin just had to scour Jeong's online presence until he found an acquaintance who could plausibly email her. He made a fake email address — using that person's real-life profile picture and everything — and that was all it took to get Jeong to give up her information.

Fake Google Docs scams, like the one she fell for, are increasingly common. In these cases, the target receives a phishing email that looks like a standard invitation to Google Docs sent from a trustworthy source — except that both the sender and the link are actually malicious frauds. This link will bring you to a landing page that resembles the standard Google password screen or bank login page you thought you were clicking on, and the hacker can use that to capture whatever password or personal information you enter into the false form.

7. Double-check your URLs.

Always make sure you're really on the website that you think you are before you enter any sensitive information.

How do you tell the difference? Generally speaking, the domain name should look like "[blank].google.com" or "bankofamerica.com/[blank]." If it's something hyphenated like "accounts-drive-google.com" or "boa-accounts-login.com," well, you should probably think twice about it.

(Another helpful tip is to look for SSL certificates, which usually appear as a lock or green text in your browser bar — but even that's not totally reliable.)

[rebelmouse-image 19531572 dam="1" original_size="1280x850" caption="What is real? What is fake? Image from Pixabay." expand=1]What is real? What is fake? Image from Pixabay.

8. You should definitely use two-step authentication.

I hate to break it to you, but your p@$$w0rd probably isn't very safe. The least you can do, according to CNET, is turn on two-step authentication. That way, every time you log in to an unfamiliar device, you'll get a text message with a secret code just to make sure it's you — because even if someone gets your password, they probably don't have your phone, too.

Unless they, um, literally walked into the AT&T store and charmed a sales rep into changing your phone number over to their phone. Which happens.

9. And use a password manager.

If you want to be extra extra safe, use a password manager such as LastPass, then set up a DiceWare password like "correct horse battery staple" (or some of these other great ones recommended by the Intercept) that are incredibly easy to remember but next-to-impossible for hackers or computers to crack.

[rebelmouse-image 19531573 dam="1" original_size="1280x959" caption="Image from Pixabay." expand=1]Image from Pixabay.

10. Remember the greatest flaw in your internet security is the trusting nature of other people.

A trusting customer service rep can easily compromise you without realizing it. Your friend who mentions you on Facebook can do the same.

Heck, my wife has a fairly gender-ambiguous name, and I can tell you from personal experience how easy it is to call up the bank and pretend I'm her — even when I have to charm my way around a security question about her high school mascot. Which, yes, I've done.

As Jeong wrote, "Successful social engineers are not just perfectly capable of interacting with human beings — they are talented manipulators who take advantage of our willingness to trust our colleagues, friends, and family."

"You can turn your digital life into Fort Knox and still be undone by an overly trusting salesperson behind a desk."

[rebelmouse-image 19531574 dam="1" original_size="1280x851" caption="Basic rule: Always look over your shoulder. Photo by Arthur Harry Chaudary/Wikimedia Commons." expand=1]Basic rule: Always look over your shoulder. Photo by Arthur Harry Chaudary/Wikimedia Commons.

There's no way to protect yourself from every possible online vulnerability. But that doesn't mean you shouldn't try!

As we've seen, the power of the internet can used for good or evil. All it takes is one trusting click, and even the savviest security professionals can find themselves compromised.

The best you can do is be smart and pay attention. A tiny bit of paranoid skepticism will save you a lot of time, stress, and energy in the long run, and that'll free you up to enjoy all the wonderful things that the internet has to offer. Trust me.