A Consumer Action News Alert • October 15, 2019
SCAM GRAM is Consumer Action's monthly e-newsletter alerting you to the dirtiest players in the world of tech fraud, credit card scams, ID theft and general con-artistry. Don't be fooled by liars, cheats and crooks; wise up with SCAM GRAM!
  This term can make you squirm  
  "Smishing" might sound like an attempt to squeeze into a tight pair of jeans, but it's actually a sophisticated scam. "SMS" stands for "short message service," the tech term for "texting." Smishing is an adaptation of "phishing," in which a scammer sends an email urging the recipient to click on a link (that typically downloads malware to the user's device or redirects to a website soliciting personal and/or financial info). In this case, however, the prompt comes in a text message on your mobile device. Smishing is HUGE right now (up 30% from 2017 to 2018, and rising), particularly with criminals impersonating banks, ­tech or telecom companies, and/or government agencies. The malicious texts purport to come from Apple or Microsoft, the IRS or Social Security, Bank of America or Wells Fargo (etc., etc.). Don't believe it! Never click on links in texts unless you are sure you know the sender (this goes for suspicious links generally). Instead, directly contact the company or agency sending you the text, via a known legitimate phone number or email address. (Example: Contact your bank if you get a text saying something like: "Your bank account was hacked; we need you to take action now.") Consumer Reports has, well, more to report on the smishing smorgasbord.  
  When "politicians" are crooks  
  For those non-politicos, political action committees (or PACs) are private groups that raise money for candidates or issues. It's easy for scammers to create PACs, which are barely regulated by government (less so than charities) and which, as Politico points out, "the Federal Election Commission has said it is all but powerless to crack down on." PACs often solicit funds from political supporters by calling them up and simply...asking. Now, unethical PACs have taken to not only calling and pretending to represent legit candidates, but also other less "partisan" parties such as those fighting breast cancer, or supporting your friendly neighborhood first responders. One Oklahoma woman, who thought she was giving $350 to a worthy cause after responding to a PAC robocall, was so angry about it that her quote in the local media had to be censored: "I don't want to support political stuff....I feel [this PAC is] a bunch of [beep] that asks me for money that doesn't go to the fire department." While it's clear that her money didn't go to local firefighters, it's unclear what "political stuff" it did go to. Unfortunately, shady PACs typically end up distributing most donor dollars right into the pockets of those running them. Personal profiteering from PACs has become so prevalent that it's caught the attention of the Federal Communications Commission (FCC), which has stated that it is "increasingly confronted with issues related to entities colloquially known as 'Scam PACs'." Unfortunately, the government hasn't done much about it...yet. So what can you do? For one, hang up on callers if you are unsure who they're working for. The non-profit Brennan Center for Justice advises you to "search for the official candidate campaign committee or look for trusted intermediaries like ActBlue (on the left) or Patriot Pass (on the right)."  
  Getting personal, aren't we?  
Match made in hell. The Federal Trade Commission (FTC) has sued Match Group, the owner of dating sites Match(dot)com and Tinder, for deceptive and unfair business practices. As anyone who has tried Match knows, the company made it really hard to cancel recurring paid subscriptions or to dispute charges. Like, illegally hard, according to the FTC. The commission also charged the company with running "fake love interest advertisements to trick hundreds of thousands of consumers into purchasing paid subscriptions." Allegedly, Match knowingly allowed fraudsters to proliferate on its site, even sending prospective users emails enticing them to join by stating that they "caught the eye" of the con artists. Let's hope Match pays for its creepy misdeeds! In the meantime, swipe left on Match Group!

I just took a DNA test. Turns out I'm 100%...scammed. It's bad enough that scammers are trying to hook up with you (see above), now they want your genetic material!? Well, not really. They want seniors to think they can get "free" DNA tests paid for by Medicare. Medicare actually only covers one "preventative" genetic test (for cancer) and certainly not without a doctor's order. Still, billing for medically unnecessary genetic cancer tests has "jumped from $480 million in 2015 to $1.1 billion in 2018," according to Reuters, which notes that the feds are cracking down on many scam operations. So, if someone calls asking about your DNA, hang up!

Just in time for Halloween. In a scene straight out of Poltergeist, a Milwaukee couple's $700 Google Nest system cranked their home thermostat up to 90+ degrees, while "a voice began speaking from a camera in the kitchen, then playing vulgar music." The hacker continued to mess with the couple until they changed their Wi-Fi network ID (changing the Nest password didn't help). Unfortunately, this isn't the first time a family has been terrorized by a "smart" home device: Another prankster sent a terrifying false alert through a California family's Nest, warning of incoming ballistic missiles! Fortunately, it appears that neither of these cases involved the hackers stealing financial information or using private information to blackmail the families, but when one considers all that could happen through hacked home technology, it becomes clear how important it is to lock it down.
Non-profits in the know. There's a week for everything, and "International Charity Fraud Awareness Week" (that's a mouthful!) is no different. If you run a non-profit, work for one or know someone who does, the Fraud Advisory Council has tons of resources warning of the many forms charity fraud can take, from fake fundraising events to illegitimate "legacy" donations (involving money and other assets left in a will). The group is running a #CharityFraudOut campaign for the awareness week (beginning Oct. 21) and encouraging non-profit staff, volunteers, members, donors and clients to spread the word. Looking to donate to a non-profit? Use your head and not just your heart; the FTC details "how to donate wisely."

#Instaworthy. Other social media companies, take heed! Instagram has made it easy for app users to check if an email is sent from a scammer or from the 'gram. The new feature (which comes just in the nick of time, as phishing emails are becoming more sophisticated and difficult to identify) can be accessed via Settings > Security > "Emails From Instagram." Criminals often send emails claiming that "Instagram" needs you to log in to your account, and they may look exactly like ones sent from Instagram (even going so far as to include fake two-factor authentication codes). "Emails From Instagram" combats phishing attempts by letting users know at what times over the last two weeks IG actually did send emails. So, if in doubt, head on over to Insta to find out.  

Call-out culture. Thank goodness there's been a wave of pushback against the massive "wellness" and diet industry's ridiculous and sometimes downright fraudulent products and claims. Two pro-science women have taken a vocal role in calling out woo-woo when they see it. They are OB-GYN Dr. Jennifer Gunter, who prides herself on "separating myth from medicine," and Michelle Wong, a "30-something science educator with a PhD in chemistry" and a dose of "healthy skepticism." Dr. Gunter's blog contains such amusing entries as "Gwyneth Paltrow and GOOP say the joke is on you if you followed their advice," while Michelle's blog, Lab Muffin, considers the pharmacology behind skincare products (and company claims). Gunter spoke to NBC News last month on the ways women can ditch healthcare myths and advocate for themselves. Sadly, she laments that "how women are being dismissed [by real doctors] is almost criminal" (and it may be leading women desperately seeking answers to purchase bogus products).

Podcast people: Start streaming! Looking for another podcast to listen to while sweating the pounds off on the treadmill? AARP's "The Perfect Scam" is perfect for those obsessed with the ever-popular "true-crime" genre. This is as real as it gets! And it doesn't matter if you're not over 50⁠; AARP highlights cons that connect us all, from outrageous Ponzi schemes to egregious charity fraud. With titles like "A foreign lottery scam turns into a murder plot," 30 minutes of cardio will fly by!

Cutting to the chase. Sigh...the Social Security Administration (SSA) scam just won't quit: It's the No. 1 scam in the U.S. right now, and it's big money for the con artists, who have made $17 million off anxious Americans. Previously, callers (or the robotic voice that left a message) claimed to be with the SSA and threatened to "get you arrested" if you didn't pay up (since your Social Security account had, allegedly, been "hacked," and this was somehow your fault, and so naturally a warrant was out for your arrest!). The criminals now seem to have decided to stop bothering with the complicated backstory and just cut to the chase with threats of cuts to your benefits. Click here to listen to an actual call.

Girl, same. A Consumer Action staff member received a call a couple of weeks ago from "Apple, Inc." claiming her iCloud account had been jeopardized. Being the savvy cell phone user she is, she hung up immediately, then went to the Better Business Bureau's (BBB) Scam Tracker to see (based on keywords describing the incident) if it seemed like a scam that was "trending." Sure enough, when she searched for "Apple" and "tech," an account mirroring her own experience popped up! The person making the entry reported that, on Sept. 17: "I received a call this afternoon from Apple customer service. I picked up the call [and it] said my iCloud address had been compromised and to press '1' to be connected to AppleCare support." Twinsies! If you're struggling to discern deception, check out Scam Tracker and get rid of the guesswork.