Buyer Beware: New Phishing Scams Appearing On Craigslist

Craigslist email scams come in many shapes and forms, but in general, a Craigslist email scammer is known to do at least one of the following things:

● Ask for your real email address for any reason at all.
● Insist on communicating by email only (using either your Craigslist email or your real email).
● Send you fake purchase protection emails that appear to be from Craigslist itself.

Asking for your real email address
Scammers might ask you for your real email address for any of the following reasons:

The scammer claims they want to send payment via PayPal. Scammers posing as buyers might try to talk you into accepting online payments, such as those via PayPal.

Once you give your PayPal email address to the scammer, however, they can easily send you a fake PayPal confirmation email to make you think that they paid when they really didn’t.

The scammer claims they use a third-party to securely handle the payment. Similar to the PayPal scenario above, a scammer (posing as either a buyer or a seller) might ask for your real address so that they can send a fake email that appears to come from an official third party.

These types of emails typically are cleverly designed to look like they offer a guarantee on your transaction, certify the seller, or inform you that the payment will be securely handled by the third party.

The scammer intends to send you multiple scam and spam messages. A scammer who asks for your real email address might be creating a list of victims they’re targeting to hack their personal information.

They could be planning to send you phishing scams, money or lottery scams, survey scams or even social network scams.

Insisting on communicating entirely by email
Scammers might insist on talking exclusively by email for any of the following reasons:

The scammer can’t speak to you by phone or meet up in person. Many Craigslist scammers operate overseas and don’t speak English as their first language, which is why they prefer to do everything via email. If they’re posing as a seller, they almost definitely don’t have the item you’re trying to buy and are just trying to get your money.

The scammer is following a script and has an elaborate personal story to share. Scammers use scripts so that they can scam multiple people. If they’re posing as a buyer, they might refer to “the item” instead of saying what the item actually is.

Since English is typically not most scammers’ first language and they operate around the world, it’s very common for them to misspell words or use improper grammar. And finally, to back up why they can’t meet up or need payment immediately, they’ll describe in detail all the problems they’re currently facing/have faced in order to get you to sympathize with them.

The scammer is looking to pressure you to make a payment, or wants to send a cashier’s check. Using their elaborate story, the scammer who’s posing as a seller might ask you to make a deposit via a third party such as PayPal, Western Union, MoneyGram, an escrow service, or something else.

They might even convince you to make multiple payments over a period of time, looking to extract as much money from you as possible before you realize you’re not getting what you’re paying for.

On the other hand, the scammer who’s posing as a buyer might offer to send a cashier’s check, which will likely be discovered as fraudulent days or weeks later.

Beware of anyone who tells you they’re in the military. This is a strong sign of a scam.

Sending fake purchase protection emails
Scammers have been known to send protection plan emails that appear to be from Craigslist. Of course, Craigslist doesn’t back any transactions that occur through its site, so any emails you receive claiming to verify or protect your purchases via Craigslist are completely fake.

The most important thing you can do to avoid getting involved in a Craigslist email scam is to never give away your real email address to anyone you’re speaking to from Craigslist.

Protect Yourself Against The Phone “Port-Out” Scam

Chances are that you probably haven’t heard of the port-out scam. However, just because it is something that has yet to attract widespread attention doesn’t mean it’s not a threat you should take seriously. Let’s take a look at why.

What Is a Port-Out Scam?
It’s very common for people to take their existing phone numbers with them when they switch mobile provider. Recently, unscrupulous individuals have been taking advantage of the ease with which this can be done by porting other people’s numbers and essentially taking control of them.

Here’s how it works: Someone calls your carrier or visits the store and pretends to be you. They then instruct the provider to port your number to a new carrier. Without warning, you find your cellphone service has been cut off, and some stranger has complete control of your number. A variation of this is SIM hijacking, which operates in a similar way but the attacker orders a new SIM.

Why Should You Care?
Losing the ability to use your phone is the least of your worries. Once the attacker has control of your phone, they will receive all your messages. If you have set up banking security measures that involve SMS authentication, the hijacker can potentially access your bank account and many other sources of highly sensitive information.

How To Protect Yourself
Fortunately, it’s really easy to avoid the port-out scam. All you need to do is add a security PIN to your account. From that point onward, people will not be able to make any type of change to your account without citing the PIN. As such, you are protected against both the port-out and SIM hijacking scams. Most carriers will let you set a PIN quickly and easily online or via the phone.

Beware Of These Tax Return Scams

In the online world, it seems that there is always a new threat cropping up on the horizon. There is one, however, that has been returning year after year following the onset of online tax filing.

This is the prime time for tax phishing scams, and it is important to recognize the signs of a cyber-criminal going after your identity and holdings.

Since tax season is often a mystifying time financially with ever-changing laws that directly affect your pocketbook, it isn’t far-fetched to believe the IRS or a related government agency may need to double-check your data or ask for additional information via email or text.

This is a situation that sophisticated thieves are well aware of, and they do not hesitate to exploit citizens’ lack of knowledge of how the revenue service actually conducts its business.

In fact, approximately 25,000 phishing emails (messages asking for personal data like Social Security numbers and the like) and 611 scam websites were shut down during the last tax season. It is probable that far more efforts went unreported.

Fortunately, it is easy to thwart criminals’ efforts to gain access to your personal information and financial holdings when you are on the alert.

First, no government agency will ask for such information through an unsecured email or text. If the tax agency, tax-preparation company, or related organization needs additional sensitive information from you, you will be contacted by mail, phone, or directed to a secure website.

In the case you are suspicious of a particular communication, double check that the email or physical address matches that of the legitimate organization.

Also, beware of messages that do not use your full name with something generic, such as “Dear valued customer,” or warn that there will be dire consequences if you do not reply right away.

If there is any doubt whether an email or text is a scam, report it to the organization in question or law enforcement agencies.

Tech Support Calling? It’s Probably A Scam Or Hacker

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

For business computer users, the threat of a security breach is a constant worry. The thing is, many systems are secure enough from outside attacks, and many scammers know this.

As a result, scammers have switched tactics and have taken to pretending to be Windows technicians, hoping to get users to give up their credit card information.

This isn’t a new scam. Despite news reports and emailed reminders, some people still fall for the ruse.

Social engineering
These social engineering tricks generally follow the same formula: A person calls you pretending to be from the Windows technical team at Microsoft.

The scammer usually tells you that you need to renew your software protection licenses to keep your computer running.

Most of the time, these scammers spread the conversation out over a number of phone calls and emails, the goal being to gain the trust of the user.

Once trust is established, or the user seems interested enough, the crook will offer a seeming sweet deal: They offer a service that makes your computer run like new, usually for a reasonable price.

The scammer will then use remote PC support software to show you ‘problems’ your computer is having.

They will usually show you the Windows Event Viewer – a part of the OS that shows errors, usually harmless, that your computer has generated.

The scammer will then convince the user that these errors are harmful, and if you have paid, they will make it look like they are cleaning your computer.

If you give them your credit card number, you will likely see ridiculous charges, or even have people trying to access your accounts.

What’s being done?
Governments are aware of this increasingly common trick, and some organizations, like the FTC, have taken measures to shut down scammers.

What can we do?
While action is being taken, these scammers are working hard to steal your credit card and other personal information. To ensure you don’t fall prey to this trickery, these five tips should help you identify when an attempted scam is at play:

  • Microsoft doesn’t call people.
  • Windows Event Manager is a log of errors for ALL programs.
  • Microsoft employees will never ask for your passwords.
  • Most of these scammers operate out of call centers in India, but bill from the US.
  • Microsoft employees won’t usually ask you to install software that’s not made by Microsoft.

As a rule of thumb: If you get an unsolicited call about your computers and IT security, it’s likely not genuine. If these criminals provide you with a website, do a quick Google search to see if there have been any scam reports.

If you’re concerned your credit card or other information may have been compromised, please call us right away for a complimentary security assessment.