REPORT ALL SCAMS!
SCARS FAQs About Victims Recovery Scams & Scammers2023-05-28T00:46:52-04:00
  • frequently-asked-questions-FAQs-2021

SCARS FAQs About Victims, Recovery, Scams, & Scammers

Select an FAQ Category

Then click on an FAQ to view

It shows the first 25 FAQs. Use the filters to see more!

“Can You Hear Me?” and “Yes” Calls?2021-06-18T22:11:53-04:00

SCARS™ Anti-Scam FAQ:  “Can You Hear Me?” and “Yes” Calls

This scam happens when you answer the phone, and the person on the other line asks: “Can you hear me?” and you respond, “Yes.” Your voice is being recorded to obtain a voice signature for scammers authorize fraudulent charges over the phone. You can visit the FCC website to block any unwanted calls. The BBB Scam Tracker received more than 10,000 reports on the “Can you hear me?” scam, but none of the reports resulted in an actual loss of money.

“Your Order Has Arrived” – Shipping Status Scam?2021-04-26T09:04:13-04:00

Anti-Scam FAQ: What Is “Your Order Has Arrived”/Shipping Status Scam

Answer:

You may have received an email that says your “order” from Amazon or other ecommerce retailer has arrived or has been shipped. It likely asks you to click on a link.

These emails can be a phishing scam attempting to get personal information from you by asking you to confirm your bank information or other information only known to you.
 
If you are unsure about an email, make sure to check the actual email address to see if it from the company it says it’s from. Usually, phishing scams will say the company name “Amazon,” but when you click on the email address, you’ll notice it’s not from an Amazon domain.
 
Also, you should never send personal information to an email address without confirming first that it is a legitimate business.
 
You can always visit the retailer’s website directly and log in to your account to confirm any issues or call their customer service number on their main website.
Airbnb Scam?2021-04-26T09:10:39-04:00

SCARS™ Anti-Scam FAQ: Airbnb Scam

This scam takes advantage of travelers renting an apartment or house through Airbnb by featuring fake homes on the site and directing the renter to a fraudulent or “spoof” website to finalize payment. Scammers will often even trick real owners, who don’t know their property is being spoofed. Potential travelers end up paying money for a rental property that either doesn’t exist or isn’t available.

 

Amazon Fake Order Cancellation Emails?2021-04-26T09:11:00-04:00

SCARS™ Anti-Scam FAQ: Amazon Fake Order Cancellation Emails

If you get an email about an order cancellation from Amazon.com, there’s a good chance it’s a scam. Click on links in the email and you could unintentionally download malware onto your device. Or you might be sent to a site that aims to collect your Amazon account information, like your username and password. If you receive such an email and recently placed an order, go to Amazon.com to check your order status.

 

Antivirus Scam2021-06-22T11:10:31-04:00

Anti-Scam FAQ: What Is An Antivirus Scam?

Answer:

People are cold called and told they have a problem with their computer which, for a fee, can be fixed. Alternatively, the victim might initiate the contact in response to an online advert or prompt claiming that their device has been infected with a virus. Other computer scam methods involve offering bogus virus protection or warranties

Apple Care Scam?2021-04-26T09:11:15-04:00

SCARS™ Anti-Scam FAQ: Apple Care Scam

This new smartphone scam uses phishing emails to send Apple users to a fake Apple website. iPhone users receive a pop-up image of a system dialog box that tells users their phone has been “locked for illegal activity.” When users click on the link, scammers enroll them into a fraudulent “mobile device management service” that allows scammers to send malware apps to iPhones. Read more here about phishing scams and how to spot them.

 

Application Fraud (New Account Fraud)2023-09-21T11:30:06-04:00

Application Fraud (New Account Fraud)

Application fraud is the unauthorized opening of a new account leveraging compromised identity information. This can be for a variety of accounts, including credit cards, retail bank accounts, consumer lending and much more.

Are Scammers Arrested?2021-04-26T04:32:38-04:00

Anti-Scam FAQ: How Are Most Scammers Arrested

Answer:

Scammers are typically arrested in one of five ways:

  1. Victim Reporting
    The reports that victims make through the various agencies (local police, national police, Anyscam.com) all accumulates – it may not result in immediate action but over time it identifies individual scammers or organizations. Once the law enforcement agency has enough to identify someone they can begin an investigation that can lead to arrests. This is why victim reporting is so important. Right now, only about 3% of victims report these crimes.
  2. Connection to Other Scammers
    When one scammer is arrested all of their connections are looked at carefully. If the scammer had connections that also involved suspected crimes it allows law enforcement to roll up whole organizations in this way. One identification can lead to hundreds, including their leadership.
  3. Obvious Lifestyle
    Most scammers are business people and understand the need to stay below the radar, but there is always one in every group that wants to live large. They show off their new money with cars, jewelry, friends, entertainment, houses, and more. In other words, they make it obvious that they are spending more money than they earn – this allows law enforcement to investigate them for tax evasion, and if they confirm they spend more than they have income for they can be arrested for that.
  4. Tips & Partnerships
    Law enforcement agencies have relationships (usually confidential) with other organizations, NGOs, or entities) that regularly feed them with information. Or they receive tips from the public about individual scammers or groups. All of these allow law enforcement agencies to begin investigations that can lead to arrests.
  5. Scammers Turn On Each Other
    The over-riding motivation with fraudsters is greed – if they feel that they have not been fairly treated they can and do report each other to law enforcement. There is no honor among thieves.

Do you want to see some of the scammers that have been arrested? Click here to visit www.scammerphotos.com (the SCARS Photo Gallery website)

Scammers & fraudsters arrested year by year
Artificial Intelligence2022-12-13T11:21:23-05:00

Anti-Scam FAQ: What is Artificial Intelligence?

Answer:

Artificial intelligence (AI) refers to the simulation of human intelligence in machines that are programmed to think and act like humans. These intelligent machines are able to perform tasks that typically require human cognition, such as problem-solving, decision-making, and learning. AI is a rapidly evolving field that has the potential to revolutionize many aspects of our lives, from healthcare and transportation to education and entertainment. The goal of AI research is to create systems that can process information, reason logically, and learn from experience in order to improve their performance on a wide range of tasks.

This was written by SCARS own AI named “John”

♦ If you have questions for SCARS you can send them to us by email to question@AgainstScams.org or in a message to one of our sites or Facebook pages!

ATM & Credit Card Shimmer Scams?2021-04-26T09:06:23-04:00

Anti-Scam FAQ: What Is An ATM & Credit Card Shimmer Scam

Answer:

A shimmer scam is an update on skimming except that thieves are using “shimmers” to target chip-based credit and debit cards. A shimmer is a very thin piece of paper that can read your card number and access your credit or debit card’s EMV chip—the chip designed to help make your card more secure.
 
A thief will put a shimmer into an ATM and let it collect information from each card that is used, allowing them to create a non-chip version or magnetic strip credit card then.
 
Shimmers have been showing up more recently despite first being reported on in 2015. In 2017, the number of debit cards compromised at ATMs and merchant card readers—typically via skimming devices that capture card data—rose 10%, according to FICO.
 
DID YOU KNOW? A shimmer is a very thin piece of paper that can read your card number and access the EMV chip on your credit or debit card.

Text

ATM Jackpotting?2021-04-26T09:08:26-04:00

SCARS™ Anti-Scam FAQ: ATM Jackpotting

 
Jackpotting is a new cyber-attack scam that the Secret Service warned financial institutions about criminals installing software or hardware on ATMs that force the machines to issue large amounts of cash.
 
Criminals have found ways to exploit the standalone machines commonly found in pharmacies, big-box retailers, and some drive-thru ATMs.
 
It’s hard to know the exact financial implications because sometimes these crimes aren’t disclosed publicly, but anytime money is missing,
 
it’s sure to have an impact on the banks and ultimately you—the consumer—in the former of higher fees or more obstacles to accessing your cash.

 

Auction Scam Or Fraud?2021-04-26T09:19:55-04:00

Scam FAQ: How To Avoid An Auction Scam Or Fraud

  • Before you bid, contact the seller with any questions you have.
  • Review the seller’s feedback.
  • Be cautious when dealing with individuals outside of your own country.
  • Ensure you understand refund, return, and warranty policies.
  • Determine the shipping charges before you buy.
  • Be wary if the seller only accepts wire transfers or cash.
  • If an escrow service is used, ensure it is legitimate.
  • Consider insuring your item.
  • Be cautious of unsolicited offers.

 

Authorized Push Payment Fraud?2021-04-26T22:39:01-04:00

Anti-Scam FAQ: What Is An Authorized Push Payment Fraud

Answer:

Authorized push payment fraud (APP fraud) is a form of fraud in which victims are manipulated into making real-time payments to fraudsters, typically by social engineering attacks involving impersonation. As of 2019 in the United Kingdom, because the victims of these frauds authorized the payments, albeit mistakenly, they are typically not fully reimbursed by their banks.

Learn more here.

Avoid Bogus Employment/Business Opportunities?2021-04-26T09:18:25-04:00

Scam FAQ:  How To Avoid Bogus Employment/Business Opportunities

  • Be wary of inflated claims of product effectiveness.
  • Be cautious of exaggerated claims of possible earnings or profits.
  • Beware when money is required up front for instructions or products.
  • Be leery when the job posting claims “no experience necessary”.
  • Do not give your social security number when first interacting with your prospective employer.
  • Be cautious when dealing with individuals outside of your own country.
  • Be wary when replying to unsolicited emails for work-at-home employment.
  • Research the company to ensure they are authentic.
  • Contact the Better Business Bureau to determine the legitimacy of the company.
Avoid Credit Card Fraud?2021-04-26T09:19:22-04:00

Scam FAQ: How To Avoid Credit Card Fraud

  • Ensure a site is secure and reputable before providing your credit card number online.
  • Don’t trust a site just because it claims to be secure.
  • If purchasing merchandise, ensure it is from a reputable source.
  • Promptly reconcile credit card statements to avoid unauthorized charges.
  • Do your research to ensure the legitimacy of the individual or company.
  • Beware of providing credit card information when requested through unsolicited emails.
Avoiding Social Engineering and Phishing Attacks2023-09-26T12:51:32-04:00

Anti-Scam FAQ: What is a social engineering attack?

Answer:

In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization’s network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.

What is a phishing attack?

Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send an email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.

Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as

  • Natural disasters (e.g., Hurricane Katrina, Indonesian tsunami)
  • Epidemics and health scares (e.g., H1N1, COVID-19)
  • Economic concerns (e.g., IRS scams)
  • Major political elections
  • Holidays

What is a vishing attack?

Vishing is the social engineering approach that leverages voice communication. This technique can be combined with other forms of social engineering that entice a victim to call a certain number and divulge sensitive information. Advanced vishing attacks can take place completely over voice communications by exploiting Voice over Internet Protocol (VoIP) solutions and broadcasting services. VoIP easily allows caller identity (ID) to be spoofed, which can take advantage of the public’s misplaced trust in the security of phone services, especially landline services. Landline communication cannot be intercepted without physical access to the line; however, this trait is not beneficial when communicating directly with a malicious actor.

What is a smishing attack?

Smishing is a form of social engineering that exploits SMS, or text, messages. Text messages can contain links to such things as webpages, email addresses or phone numbers that when clicked may automatically open a browser window or email message or dial a number. This integration of email, voice, text message, and web browser functionality increases the likelihood that users will fall victim to engineered malicious activity.

What are common indicators of phishing attempts?

  • Suspicious sender’s address. The sender’s address may imitate a legitimate business. Cybercriminals often use an email address that closely resembles one from a reputable company by altering or omitting a few characters.
  • Generic greetings and signature. Both a generic greeting—such as “Dear Valued Customer” or “Sir/Ma’am”—and a lack of contact information in the signature block are strong indicators of a phishing email. A trusted organization will normally address you by name and provide their contact information.
  • Spoofed hyperlinks and websites. If you hover your cursor over any links in the body of the email, and the links do not match the text that appears when hovering over them, the link may be spoofed. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net). Additionally, cybercriminals may use a URL shortening service to hide the true destination of the link.
  • Spelling and layout. Poor grammar and sentence structure, misspellings, and inconsistent formatting are other indicators of a possible phishing attempt. Reputable institutions have dedicated personnel that produce, verify, and proofread customer correspondence.
  • Suspicious attachments. An unsolicited email requesting a user download and open an attachment is a common delivery mechanism for malware. A cybercriminal may use a false sense of urgency or importance to help persuade a user to download or open an attachment without examining it first.

How do you avoid being a victim?

  • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
  • Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
  • Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
  • Don’t send sensitive information over the internet before checking a website’s security.
    • Pay attention to the Uniform Resource Locator (URL) of a website. Look for URLs that begin with “https”—an indication that sites are secure—rather than “http.”
    • Look for a closed padlock icon—a sign your information will be encrypted.
  • If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use your contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group. (See the APWG eCrime Research Papers).
  • Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic.
  • Take advantage of any anti-phishing features offered by your email client and web browser.
  • Enforce multi-factor authentication (MFA).

What do you do if you think you are a victim?

  • If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
  • If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
  • Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
  • Watch for other signs of identity theft.
  • Consider reporting the attack to the police, and file a report with the Federal Trade Commission.
Avoid Phishing/Spoofing Scams?2021-04-26T09:16:17-04:00

Scam FAQ: How To Avoid Phishing/Spoofing Scams

  • Be suspicious of any unsolicited email requesting personal information.
  • Avoid filling out forms in email messages that ask for personal information.
  • Always compare the link in the email to the link that you are actually directed to.
  • Log on to the official website, instead of “linking” to it from an unsolicited email.
  • Contact the actual business that supposedly sent the email to verify if the email is genuine.
BEC Business Email Compromise Scams?2021-04-26T09:14:31-04:00

Scam FAQ: How To Avoid BEC Business Email Compromise Scams

  • Be mindful of any email, phone call or text messages requesting multiple gift cards even if the request is ordinary.
  • Beware of sudden changes in business or personal practices and carefully scrutinize all requests for multiple gift card purchases even if requests are ordinary.
  • Since many of the fraudulent e-mails reported in this new trend are spoofed, confirm requests for the purchase of gift cards using two-factor authentication. If using phone verification, use previously known numbers, not the numbers provided in the e-mail request.
Browsing Safely: Understanding Active Content and Cookies2021-06-01T13:47:03-04:00

Anti-Scam FAQ: What is active content?

Answer:

To increase functionality or add design embellishments, websites often rely on scripts that execute programs within the web browser. This active content can be used to create “splash pages” or options like drop-down menus. Unfortunately, these scripts are often a way for attackers to download or execute malicious code on a user’s computer.

  • JavaScript – JavaScript is just one of many web scripts (other examples are VBScript, ECMAScript, and JScript) and is probably the most recognized. Used on almost every website now, JavaScript and other scripts are popular because users expect the functionality and “look” that it provides, and it’s easy to incorporate (many common software programs for building websites have the capability to add JavaScript features with little effort or knowledge required of the user). However, because of these reasons, attackers can manipulate it to their own purposes. A popular type of attack that relies on JavaScript involves redirecting users from a legitimate website to a malicious one that may download viruses or collect personal information.
  • Java and ActiveX controls – Different from JavaScript, Java and ActiveX controls are actual programs that reside on your computer or can be downloaded over the network into your browser. If executed by attackers, untrustworthy ActiveX controls may be able to do anything on your computer that you can do (such as running spyware and collecting personal information, connecting to other computers, and potentially doing other damage). Java applets usually run in a more restricted environment, but if that environment isn’t secure, then malicious Java applets may create opportunities for an attack as well.

JavaScript and other forms of active content are not always dangerous, but they are common tools for attackers. You can prevent active content from running in most browsers, but realize that the added security may limit functionality and break features of some sites you visit. Before clicking on a link to a website that you are not familiar with or do not trust, take the precaution of disabling active content.

These same risks may also apply to the email program you use. Many email clients use the same programs such as web browsers to display HTML, so vulnerabilities that affect active content like JavaScript and ActiveX often apply to email. Viewing messages as plain text may resolve this problem.

What are cookies?

When you browse the Internet, information about your computer may be collected and stored. This information might be general information about your computer (such as IP address, the domain you used to connect (e.g., .edu, .com, .net), and the type of browser you used). It might also be more specific information about your browsing habits (such as the last time you visited a particular website or your personal preferences for viewing that site).

Cookies can be saved for varying lengths of time:

  • Session Cookies – Session cookies store information only as long as you’re using the browser; once you close the browser, the information is erased. The primary purpose of session cookies is to help with navigation, such as by indicating whether or not you’ve already visited a particular page and retaining information about your preferences once you’ve visited a page.
  • Persistent cookies – Persistent cookies are stored on your computer so that your personal preferences can be retained. In most browsers, you can adjust the length of time that persistent cookies are stored. It is because of these cookies that your email address appears by default when you open your Yahoo! or Hotmail email account or your personalized home page appears when you visit your favorite online merchant. If an attacker gains access to your computer, he or she may be able to gather personal information about you through these files.

To increase your level of security, consider adjusting your privacy and security settings to block or limit cookies in your web browser. To make sure that other sites are not collecting personal information about you without your knowledge, choose to only allow cookies for the website you are visiting; block or limit cookies from a third-party. If you are using a public computer, you should make sure that cookies are disabled to prevent other people from accessing or using your personal information.

Brute Force Attacks Conducted by Cyber Criminals2021-06-02T05:56:13-04:00

Anti-Scam FAQ: What Are Brute Force Attack

Answer:

According to information derived from FBI investigations, malicious cyber actors are increasingly using a style of brute force attack known as password spraying against organizations in the United States and abroad.

On February 2018, the Department of Justice in the Southern District of New York, indicted nine Iranian nationals, who were associated with the Mabna Institute, for computer intrusion offenses related to activity described in this report. The techniques and activity described herein, while characteristic of Mabna actors, are not limited solely to use by this group.

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) are releasing this Alert to provide further information on this activity.

Description

In a traditional brute-force attack, a malicious actor attempts to gain unauthorized access to a single account by guessing the password. This can quickly result in a targeted account getting locked-out, as commonly used account-lockout policies allow three to five bad attempts during a set period of time. During a password-spray attack (also known as the “low-and-slow” method), the malicious actor attempts a single password against many accounts before moving on to attempt a second password, and so on. This technique allows the actor to remain undetected by avoiding rapid or frequent account lockouts.

Password spray campaigns typically target single sign-on (SSO) and cloud-based applications utilizing federated authentication protocols. An actor may target this specific protocol because federated authentication can help mask malicious traffic. Additionally, by targeting SSO applications, malicious actors hope to maximize access to intellectual property during a successful compromise.

Email applications are also targeted. In those instances, malicious actors would have the ability to utilize inbox synchronization to:

  1. obtain unauthorized access to the organization’s email directly from the cloud,
  2. subsequently download user mail to locally stored email files,
  3. identify the entire company’s email address list, and/or
  4. surreptitiously implements inbox rules for the forwarding of sent and received messages.

Technical Details

Traditional tactics, techniques, and procedures (TTPs) for conducting the password-spray attacks are as follows:

  • Using social engineering tactics to perform online research (i.e., Google search, LinkedIn, etc.) to identify target organizations and specific user accounts for initial password spray
  • Using easy-to-guess passwords (e.g., “Winter2018”, “Password123!”) and publicly available tools, execute a password spray attack against targeted accounts by utilizing the identified SSO or web-based application and federated authentication method
  • Leveraging the initial group of compromised accounts, downloading the Global Address List (GAL) from a target’s email client, and performing a larger password spray against legitimate accounts
  • Using the compromised access, attempting to expand laterally (e.g., via Remote Desktop Protocol) within the network, and performing mass data exfiltration using File Transfer Protocol tools such as FileZilla

Indicators of a password spray attack include:

  • A massive spike in attempted logons against the enterprise SSO portal or web-based application;
    • Using automated tools, malicious actors attempt thousands of logons, in rapid succession, against multiple user accounts at a victim enterprise, originating from a single IP address and computer (e.g., a common User Agent String).
    • Attacks have been seen to run for over two hours.
  • Employee logons from IP addresses resolving to locations inconsistent with their normal locations.

Typical Victim Environment

The vast majority of known password spray victims share some of the following characteristics:

  • Use SSO or web-based applications with federated authentication method
  • Lack multifactor authentication (MFA)
  • Allow easy-to-guess passwords (e.g., “Winter2018”, “Password123!”)
  • Use inbox synchronization, allowing email to be pulled from cloud environments to remote devices
  • Allow email forwarding to be setup at the user level
  • Limited logging setup creating difficulty during post-event investigations

Impact

A successful network intrusion can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:

  • Temporary or permanent loss of sensitive or proprietary information;
  • Disruption to regular operations;
  • Financial losses incurred to restore systems and files; and
  • Potential harm to an organization’s reputation.

Solution

Recommended Mitigations

To help deter this style of attack, the following steps should be taken:

  • Enable MFA and review MFA settings to ensure coverage over all active, internet facing protocols.
  • Review password policies to ensure they align with the latest NIST guidelines and deter the use of easy-to-guess passwords.
  • Review IT helpdesk password management related to initial passwords, password resets for user lockouts, and shared accounts. IT helpdesk password procedures may not align to company policy, creating an exploitable security gap.
  • Many companies offer additional assistance and tools the can help detect and prevent password spray attacks, such as the Microsoft blog released on March 5, 2018.

Reporting Notice

The FBI encourages recipients of this document to report information concerning suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 Cyber Watch (CyWatch). Field office contacts can be identified at www.fbi.gov/contact-us/field. CyWatch can be contacted by phone at (855) 292-3937 or by e-mail at CyWatch@ic.fbi.gov. When available, each report submitted should include the date, time, location, type of activity, number of people, and type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact. Press inquiries should be directed to the FBI’s national Press Office at npo@ic.fbi.gov or (202) 324-3691.

Can You File A Lawsuit Against Your Scammer & Money Mule?2021-04-26T04:32:50-04:00

Anti-Scam FAQ: Can You File A Lawsuit Against Your Scammer & Money Mule

Answer: In Most Cases Yes

But it very much depends on your country and state or province.

Click Here to learn more about this!

Can You File A Lawsuit Against Your Scammer & Money Mule? 1
Can Your Personality Make You More Vulnerable To Scams?2021-04-26T01:43:48-04:00

Anti-Scam FAQ: Can Your Personality Make You More Vulnerable To Scams?

Answer: Yes, Very Much So!

Car Scams?2021-04-26T09:11:51-04:00

SCARS™ Anti-Scam FAQ: Car Scams

The FBI shared information on a growing scam in which crooks target people looking to buy cars and other vehicles online. The FBI has received 26,967 complaints with losses totaling $54,032,396 since tracking this issue from May 2014 through December 2017. This car scamstarts with a criminal posting an online advertisement with a low price to get the attention of a buyer, including photos of the vehicle and contact information. When a buyer reaches out, the “seller” sends more photos and what appears as a logical reason why the price is discounted and indicates a need to sell.

The criminal then instructs you to purchase prepaid gift cards in the amount of the sale and share the prepaid codes. You’re usually told you’ll receive the vehicle in a couple of days, but victims never hear from the scammers again.

 

Census-Related Fraud2021-06-18T11:32:11-04:00

Anti-Scam FAQ: What Is A Census-Related Fraud/Scam

Answer:

Census scams happen when someone pretends to work for the Census Bureau to steal your personal information. Use this information to learn how these scams work, and protect yourself against them.

Some scam artists may pretend to be work for the Census Bureau. They’ll try to collect your personal information to use for fraud or to steal your identity. These scam artists may send you letters that seem to come from the U.S. Census Bureau. Others may come to your home to collect information about you.

Choosing and Protecting Passwords2021-06-01T11:44:15-04:00

Anti-Scam FAQ: Why you need strong passwords

Answer:

You probably use personal identification numbers (PINs), passwords, or passphrases every day: from getting money from the ATM or using your debit card in a store, to logging in to your email or into an online retailer. Tracking all of the number, letter, and word combinations may be frustrating, but these protections are important because hackers represent a real threat to your information. Often, an attack is not specifically about your account, but about using access to your information to launch a larger attack.

One of the best ways to protect information or physical property is to ensure that only authorized people have access to it. Verifying that those requesting access are the people they claim to be is the next step. This authentication process is more important and more difficult in the cyber world. Passwords are the most common means of authentication, but only work if they are complex and confidential. Many systems and services have been successfully breached because of non-secure and inadequate passwords. Once a system is compromised, it is open to exploitation by other unwanted sources.

How to choose good passwords

Avoid common mistakes

Most people use passwords that are based on personal information and are easy to remember. However, that also makes it easier for an attacker to crack them. Consider a four-digit PIN. Is yours a combination of the month, day, or year of your birthday? Does it contain your address or phone number? Think about how easy it is to find someone’s birthday or similar information. What about your email password—is it a word that can be found in the dictionary? If so, it may be susceptible to dictionary attacks, which attempt to guess passwords based on common words or phrases.

Although intentionally misspelling a word (“daytt” instead of “date”) may offer some protection against dictionary attacks, an even better method is to rely on a series of words and use memory techniques, or mnemonics, to help you remember how to decode it. For example, instead of the password “hoops,” use “IlTpbb” for “[I] [l]ike [T]o [p]lay [b]asket[b]all.” Using both lowercase and capital letters adds another layer of obscurity. Changing the same example used above to “Il!2pBb.” creates a password very different from any dictionary word.

Length and complexity

The National Institute of Standards and Technology (NIST) has developed specific guidelines for strong passwords. According to NIST guidance, you should consider using the longest password or passphrase permissible (8–64 characters) when you can. For example, “Pattern2baseball#4mYmiemale!” would be a strong password because it has 28 characters and includes upper and lowercase letters, numbers, and special characters. You may need to try different variations of a passphrase—for example, some applications limit the length of passwords and some do not accept spaces or certain special characters. Avoid common phrases, famous quotations, and song lyrics.

Dos and don’ts

Once you’ve come up with a strong, memorable password it’s tempting to reuse it—don’t! Reusing a password, even a strong one, endangers your accounts just as much as using a weak password. If attackers guess your password, they would have access to your other accounts with the same password. Use the following techniques to develop unique passwords for each of your accounts:

  • Use different passwords on different systems and accounts.
  • Use the longest password or passphrase permissible by each password system.
  • Develop mnemonics to remember complex passwords.
  • Consider using a password manager program to keep track of your passwords. (See more information below.)
  • Do not use passwords that are based on personal information that can be easily accessed or guessed.
  • Do not use words that can be found in any dictionary of any language.

How to protect your passwords

After choosing a password that’s easy to remember but difficult for others to guess, do not write it down and leave it someplace where others can find it. Writing it down and leaving it on your desk, next to your computer, or, worse, taped to your computer, makes it easily accessible for someone with physical access to your office. Do not tell anyone your passwords, and watch for attackers trying to trick you through phone calls or email messages requesting that you reveal your passwords.

Programs called password managers offer the option to create randomly generated passwords for all of your accounts. You then access those strong passwords with a master password. If you use a password manager, remember to use a strong master password.

Password problems can stem from your web browsers’ ability to save passwords and your online sessions in memory. Depending on your web browsers’ settings, anyone with access to your computer may be able to discover all of your passwords and gain access to your information. Always remember to log out when you are using a public computer (at the library, an internet cafe, or even a shared computer at your office). Avoid using public computers and public Wi-Fi to access sensitive accounts such as banking and email.

There’s no guarantee that these techniques will prevent an attacker from learning your password, but they will make it more difficult.

Don’t forget security basics

  • Keep your operating system, browser, and other software up to date.
  • Use and maintain antivirus software and a firewall.
  • Regularly scan your computer for spyware. (Some antivirus programs incorporate spyware detection.)
  • Use caution with email attachments and untrusted links.
  • Watch for suspicious activity on your accounts.

-/ 30 /-

What do you think about this?
Please share your thoughts in a comment below!

SCARS FREE Support & Recovery Program - 4 EVER FREE

Do You Need Support?
Get It Now!

SCARS provides the leading Support & Recovery program for relationship scam victims – completely FREE!

Our managed peer support groups allow victims to talk to other survivors and recover in the most experienced environment possible, for as long as they need. Recovery takes as long as it takes – we put no limits on our support!

SCARS is the most trusted support & education provider in the world. Our team is certified in trauma-informed care, grief counseling, and so much more!

To apply to join our groups visit support.AgainstScams.org

We also offer separate support groups for family & friends too.

SCARS STAR Membership

Become a
SCARS STAR™ Member

SCARS offers memberships in our STAR program, which includes many benefits for a very low annual membership fee!

SCARS STAR Membership benefits include:

  • FREE Counseling or Therapy Benefit from our partner BetterHelp.com
  • Exclusive members-only content & publications
  • Discounts on SCARS Self-Help Books Save
  • And more!

To learn more about the SCARS STAR Membership visit membership.AgainstScams.org

To become a SCARS STAR Member right now visit join.AgainstScams.org

SCARS Publishing Self-Help Recovery Books Available At shop.AgainstScams.org

Scam Victim Self-Help Do-It-Yourself Recovery Books

SCARS Printed Books For Every Scam Survivor From SCARS Publishing

Visit shop.AgainstScams.org

Each is based on our SCARS Team’s 32-plus years of experience.

SCARS Website Visitors receive an Extra 10% Discount
Use Discount Code “romanacescamsnow” at Checkout

Legal Disclaimer:

The content provided on this platform regarding psychological topics is intended solely for educational and entertainment purposes. The publisher makes no representations or warranties regarding the accuracy or completeness of the information presented. The content is designed to raise awareness about various psychological subjects, and readers are strongly encouraged to conduct their own research and verify information independently.

The information presented does not constitute professional advice, diagnosis, or treatment of any psychological disorder or disease. It is not a substitute for professional medical or mental health advice, diagnosis, or treatment. Readers are advised to seek the guidance of a licensed medical professional for any questions or concerns related to their mental health.

The publisher disclaims any responsibility for actions taken or not taken based on the content provided. The treatment of psychological issues is a serious matter, and readers should consult with qualified professionals to address their specific circumstances. The content on this platform is not intended to create, and receipt of it does not constitute, a therapist-client relationship.

Interpretation and Definitions

Definitions

For the purposes of this Disclaimer:

  • Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Disclaimer) refers to Society of Citizens Against Relationship Scams Inc. (registered d.b.a. “SCARS”,) 9561 Fountainbleau Blvd., Suit 602, Miami FL 33172.
  • Service refers to the Website.
  • You means the individual accessing this website, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
  • Website refers to RomanceScamsNOW.com, accessible from https://romancescamsnow.com

Website Disclaimer

The information contained on this website is for general information purposes only.

The Company assumes no responsibility for errors or omissions in the contents of the Service.

In no event shall the Company be liable for any special, direct, indirect, consequential, or incidental damages or any damages whatsoever, whether in an action of contract, negligence or other tort, arising out of or in connection with the use of the Service or the contents of the Service. The Company reserves the right to make additions, deletions, or modifications to the contents on the Service at any time without prior notice.

The Company does not warrant this website in any way.

External Links Disclaimer

This website may contain links to external websites that are not provided or maintained by or in any way affiliated with the Company.

Please note that the Company does not guarantee the accuracy, relevance, timeliness, or completeness of any information on these external websites.

Errors and Omissions Disclaimer

The information given by SCARS is for general guidance on matters of interest only. Even if the Company takes every precaution to ensure that the content of this website is both current and accurate, errors can occur. Plus, given the changing nature of laws, rules, and regulations, there may be delays, omissions, or inaccuracies in the information contained on this website.

SCARS is not responsible for any errors or omissions, or for the results obtained from the use of this information.

Fair Use Disclaimer

SCARS may use copyrighted material that has not always been specifically authorized by the copyright owner. The Company is making such material available for criticism, comment, news reporting, teaching, scholarship, or research.

The Company believes this constitutes a “fair use” of any such copyrighted material as provided for in section 107 of the United States Copyright law.

If You wish to use copyrighted material from this website for your own purposes that go beyond fair use, You must obtain permission from the copyright owner.

Views Expressed Disclaimer

The Service may contain views and opinions which are those of the authors and do not necessarily reflect the official policy or position of any other author, agency, organization, employer, or company, including SCARS.

Comments published by users are their sole responsibility and the users will take full responsibility, liability, and blame for any libel or litigation that results from something written in or as a direct result of something written in a comment. The Company is not liable for any comment published by users and reserves the right to delete any comment for any reason whatsoever.

No Responsibility Disclaimer

The information on the Service is provided with the understanding that the Company is not herein engaged in rendering legal, accounting, tax, medical or mental health, or other professional advice and services. As such, it should not be used as a substitute for consultation with professional accounting, tax, legal, medical or mental health, or other competent advisers.

In no event shall the Company, its team, board of directors, volunteers, or its suppliers be liable for any special, incidental, indirect, or consequential damages whatsoever arising out of or in connection with your access or use or inability to access or use the Service.

“Use at Your Own Risk” Disclaimer

All information on this website is provided “as is”, with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this information, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, merchantability, and fitness for a particular purpose.

SCARS will not be liable to You or anyone else for any decision made or action taken in reliance on the information given by the Service or for any consequential, special, or similar damages, even if advised of the possibility of such damages.

Contact Us

If you have any questions about this Disclaimer, You can contact Us:

  • By email: contact@AgainstScams.org

PLEASE NOTE: Psychology Clarification

The following specific modalities within the practice of psychology are restricted to psychologists appropriately trained in the use of such modalities:

  • Diagnosis: The diagnosis of mental, emotional, or brain disorders and related behaviors.
  • Psychoanalysis: Psychoanalysis is a type of therapy that focuses on helping individuals to understand and resolve unconscious conflicts.
  • Hypnosis: Hypnosis is a state of trance in which individuals are more susceptible to suggestion. It can be used to treat a variety of conditions, including anxiety, depression, and pain.
  • Biofeedback: Biofeedback is a type of therapy that teaches individuals to control their bodily functions, such as heart rate and blood pressure. It can be used to treat a variety of conditions, including stress, anxiety, and pain.
  • Behavioral analysis: Behavioral analysis is a type of therapy that focuses on changing individuals’ behaviors. It is often used to treat conditions such as autism and ADHD.
    Neuropsychology: Neuropsychology is a type of psychology that focuses on the relationship between the brain and behavior. It is often used to assess and treat cognitive impairments caused by brain injuries or diseases.

SCARS and the members of the SCARS Team do not engage in any of the above modalities in relationship to scam victims. SCARS is not a mental healthcare provider and recognizes the importance of professionalism and separation between its work and that of the licensed practice of psychology.

SCARS is an educational provider of generalized self-help information that individuals can use for their own benefit to achieve their own goals related to emotional trauma. SCARS recommends that all scam victims see professional counselors or therapists to help them determine the suitability of any specific information or practices that may help them.

SCARS cannot diagnose or treat any individuals, nor can it state the effectiveness of any educational information that it may provide, regardless of its experience in interacting with traumatized scam victims over time. All information that SCARS provides is purely for general educational purposes to help scam victims become aware of and better understand the topics and to be able to dialog with their counselors or therapists.

It is important that all readers understand these distinctions and that they apply the information that SCARS may publish at their own risk, and should do so only after consulting a licensed psychologist or mental healthcare provider.

SCARS IS A DIGITAL PUBLISHER AND DOES NOT OFFER HEALTH OR MEDICAL ADVICE, LEGAL ADVICE, FINANCIAL ADVICE, OR SERVICES THAT SCARS IS NOT LICENSED OR REGISTERED TO PERFORM.

IF YOU’RE FACING A MEDICAL EMERGENCY, CALL YOUR LOCAL EMERGENCY SERVICES IMMEDIATELY, OR VISIT THE NEAREST EMERGENCY ROOM OR URGENT CARE CENTER. YOU SHOULD CONSULT YOUR HEALTHCARE PROVIDER BEFORE FOLLOWING ANY MEDICALLY RELATED INFORMATION PRESENTED ON OUR PAGES.

ALWAYS CONSULT A LICENSED ATTORNEY FOR ANY ADVICE REGARDING LEGAL MATTERS.

A LICENSED FINANCIAL OR TAX PROFESSIONAL SHOULD BE CONSULTED BEFORE ACTING ON ANY INFORMATION RELATING TO YOUR PERSONAL FINANCES OR TAX RELATED ISSUES AND INFORMATION.

SCARS IS NOT A PRIVATE INVESTIGATOR – WE DO NOT PROVIDE INVESTIGATIVE SERVICES FOR INDIVIDUALS OR BUSINESSES. ANY INVESTIGATIONS THAT SCARS MAY PERFORM IS NOT A SERVICE PROVIDED TO THIRD-PARTIES. INFORMATION REPORTED TO SCARS MAY BE FORWARDED TO LAW ENFORCEMENT AS SCARS SEE FIT AND APPROPRIATE.

This content and other material contained on the website, apps, newsletter, and products (“Content”), is general in nature and for informational purposes only and does not constitute medical, legal, or financial advice; the Content is not intended to be a substitute for licensed or regulated professional advice. Always consult your doctor or other qualified healthcare provider, lawyer, financial, or tax professional with any questions you may have regarding the educational information contained herein. SCARS makes no guarantees about the efficacy of information described on or in SCARS’ Content. The information contained is subject to change and is not intended to cover all possible situations or effects. SCARS does not recommend or endorse any specific professional or care provider, product, service, or other information that may be mentioned in SCARS’ websites, apps, and Content unless explicitly identified as such.

The disclaimers herein are provided on this page for ease of reference. These disclaimers supplement and are a part of SCARS’ website’s Terms of Use. 

All original content is Copyright © 1991 – 2023 Society of Citizens Against Relationship Scams Inc. (Registered D.B.A SCARS) All Rights Reserved Worldwide & Webwide. Third-party copyrights acknowledge.

U.S. State of Florida Registration Nonprofit (Not for Profit) #N20000011978 [SCARS DBA Registered #G20000137918] – Learn more at www.AgainstScams.org

View the claimed and or registered indicia, service marks, and trademarks of Society of Citizens Against Relationship Scams Inc., All Rights Reserved Worldwide

Contact the law firm for the Society of Citizens Against Relationship Scams Incorporated by email at legal@AgainstScams.org

Leave A Comment

Your comments help the SCARS Institute better understand all scam victim/survivor experiences and improve our services and processes. Thank you


Thank you for your comment. You may receive an email to follow up. We never share your data with marketers.

You Must Read And Agree To The SCARS Legal Opinion Disclaimer

SCARS™ Romance Scams Now™ is the Scam Avoidance Education & Victims Support publication of the Society of Citizens Against Relationship Scams Inc. [SCARS]

Society of Citizens Against Relationship Scams Inc. [registered dba SCARS] :: 9561 Fontainebleau Bl., Suite 602, MIAMI, FL 33172 :: Email: contact@AgainstScams.org :: PHONE: ‪+1 786-835-7947 PHONE SUPPORT NOT AVAILABLE

U.S. FBI Infragard Alliance This website's original content is protected under the laws of the United States of America and International Conventions

Website and All Original Content, Concepts, and Intellectual Property Copyright © 1995 - 2024 | All Rights Reserved | Third-party Copyrights Acknowledged | Some Images Reproduced As Legal Record Of Criminal Use By Third-parties | Evidence Photos Used To Report Their Use In Criminal Fraud | In Some Cases The Persons Pictured In Photos Are Victims Of Identity Theft Unless Otherwise Indicated

SCARS™, Society of Citizens Against Relationship Scams™, Society of Citizens Against Romance Scams™, SCARS|RSN™, Romance Scams Now™, SCARS|EDUCATION™, SCARS|SUPPORT™, SCARS|INTERNATIONAL™, SCARS|CHINA™, SCARS|UK™, SCARS|CANADA™, SCARS|LATINOAMERICA™, SCARS|MEMBERS™, SCARS|CDN™, Cybercrime Data Network™, AgainstScams™, Act AgainstScams™, Sludge Report™, Scam Victim Support Group™, RSN Steps™/SCARS Steps™, ScamCrime™, ScamsOnline™, Anyscam™, Cobalt Alert™, SCARS|GOFCH™, Global Online Fraud Clearinghouse™, SCARS|CERT™, RED BOOK™, BLUE BOOK™, GREEN BOOK™, Scam Organizer™ - in any form are trademarks of the Society of Citizens Against Relationship Scams Incorporated | Contact us at contact@AgainstScams.org for any issues about content displayed. Romance Scams Now is proud to be the Scam Avoidance Education & Victims Support Unit of SCARS (as of July 2017) - visit www.AgainstScams.org for more information or to become a member of SCARS | Romance Scams Now™ was originally created independently and transfered to SCARS in July 2017

Find SCARS™ All Across The Web & Social Media

Skip to content