A Consumer Action News Alert • August 2021
www.consumer-action.org
  A wily wire scam  
 

With the record-breaking number of home sales in the past year, many homebuyers will find disclosure documents related to "mortgage wire fraud" among their closing paperwork. Mortgage (or real estate) wire fraud is a scam in which a hacker purloins your email address and sends a message posing as your real estate or mortgage closing agent and trying to convince you to divert your purchase closing costs to a fraudulent account. Mortgage wire fraud relies on email fraud (phishing). Scammers use fake emails, phone numbers or websites to trick you into sending closing costs and downpayment funds to their own accounts at the last minute.

CNBC reported the story of Aaron Fisher, a psychology professor at the University of California at Berkeley, who wired more than $900,000 to close on his family's dream home. Two days later, the mortgage company called to inquire where his wire was. Fisher told them he'd wired it to a Wells Fargo account, to which he received the ominous reply: "We don't have a Wells Fargo account. You need to call your bank immediately." Happily--but not typically--Fisher's bank was able to claw back the full amount. Many others have not been so fortunate: According to the FBI, consumers lost more than $220 million to real estate wire fraud in 2020--a 13% increase from 2019.

Homebuyers are advised to inspect closing emails carefully to make sure the sender's address is correct. Fraudsters often change just one letter in email and website addresses, and even insert phone numbers they control. Double-check any last-minute changes in wiring instructions. Connect directly with the real estate or title professionals you are working with to verify wiring instructions before sending money. (Don't call any phone numbers included in the emails--confirm all numbers independently before placing your calls.) Learn more by watching a recorded webinar by CertifID, Mortgage Payoffs Under Siege.

 
  A sticky situation  
 

Scammers are targeting Amazon Fire TV Stick and Fire TV owners looking to activate (or reactivate) their streaming video service. Typically, victims search online for something like "Fire Stick activation," but instead of getting an Amazon customer service number, they find and dial the number of a "tech support" company that has paid to get its phone number high up in search results. You think you've reached the right place, but you've actually called a third party. These companies then convince callers they need to pay an activation fee, even though it's free to activate the Amazon (and other popular) streaming devices. A similar scam has hit hundreds of Roku streaming device owners, as well. Another way streaming device owners can be scammed is when hackers infiltrate the devices and push "error messages" onto the TV screens advising owners that "you need to call this number to finish the installation." Even more frightening is that some of these attempts are done purposely to trick Amazon customers into giving up their Amazon website logins and passwords, allowing thieves to purchase items from victims' accounts. Never blindly trust a Google search result or screen (computer or TV) pop-ups. If you are a customer, log in to your account at the device manufacturer's website and use the Support tab to get help. Or, if you just purchased a new device, look for a customer service number on invoices or manuals that came with the device.

 
  Breaking the bank  
 

Taking over. We know that remembering passwords can be tough--it's why so many of us reuse passwords on different accounts. Don't do it! Lack of password hygiene allows scammers and crooks to take over bank, credit card, ecommerce, email, and other accounts; once they discover one password, they try it on other popular sites. Once in, they can change your email address and phone number to theirs, buy things using saved payment cards, and even send themselves electronic payments. The solution? Change your usernames and passwords frequently! The 2017 Equifax breach resulted in the sale of millions of people's credentials on the Dark Web. Crooks took them and tried them out on other sites, often gaining access. While in most cases consumers are not on the hook for fraudulent transactions (an exception is fraudulent wire transfers, which are difficult, if not impossible, to recoup), it makes sense to avoid trouble. Change logins and passwords at regular intervals (and whenever a company you do business with informs you of a breach). The Consumer Action publication Put a Lock on It has advice for creating strong passwords and offers other techniques you can use for online safety. Also consider using "password management" software, which, typically for a fee, can help you keep track of your online credentials. Consumer Reports rates some of the password keepers here.

Luring you in. While we've been warned about "phishing" for years, scammers are, unfortunately, still using emails and text messages, and even voicemails, to reel in victims--both individuals and employees. Employees have responded to fake emails from their "employers" and been tricked into sending confidential information about the company and its employees to criminals. In response to what they think are valid emails from superiors, they've also been coerced into buying hundreds of dollars' worth of "gift cards" and giving the codes to scammers. Scammers can format emails with logos of large banks and other companies in a way that tricks even sophisticated consumers to visit "lookalike" websites. Agari, a company that protects its corporate customers against email scams, says that "when we think we see a familiar, trusted company or brand name in the email address, we're more likely to assume the message itself (e.g., the content, links, attachments, etc., it includes) can be trusted. We lower our defenses, and click on the message and...we've taken the bait." The easiest way to avoid falling for a phishing scam is to not click links (URLs) in emails and texts. Instead, reach out to the sender independently by logging in to your online account or by calling a phone number you recognize to check if the communication is real. Similarly, phone scammers employ voicemails ("vishing") pretending to be from government agencies or corporate bill collectors to get you to provide personal information. Don't engage by pressing buttons or speaking with callers. Exercise extreme caution: If you let a scammer into your bank account, you could be in for a world of hurt.

 
  Tips  
 

No credit for scammers. The Internal Revenue Service (IRS) is warning parents to stay alert about scams mentioning, or targeting recipients of, the new monthly Child Tax Credit payments. The IRS will never call you about Child Tax Credit payments--verifications and eligibility changes can be made using the agency's online portal. It will never initiate contact with you regarding CTC payments by email, social media or text message. To learn more about the Child Tax Credit, click here.

Targeting the troops. Scammers see servicemembers and veterans as easy targets; they know they have steady paychecks and access to valuable benefits from Uncle Sam. But the danger's not always from small-time hucksters. In a recent blog post, the Federal Trade Commission (FTC) outlined some of the ways our servicemembers have been taken advantage of by large corporate job-training schools. Veterans have access to valuable GI Bill educational benefits, and many schools use outright ruses to get them signed up for programs that do not help them get jobs. Instead, current and former military personnel can find help making good use of their educational benefits at Opportunity Centers run by the U.S. Department of Education and via services offered by the Veterans Administration. For tips on helping your military family members and friends avoid scams, visit the Military OneSource website.

I already gave, and gave, and gave. Older Americans, a critical source of political donations, often fall victim to aggressive and misleading digital practices, The New York Times reported on June 26. "How Deceptive Campaign Fund-Raising Ensnares Older People" details how seniors of both major political parties have been taken advantage of by digital operatives who deploy "an array of manipulative tactics that can deceive donors of all age groups: faux bill notices and official-looking correspondence; bogus offers to match donations and hidden links to unsubscribe; and prechecked boxes that automatically repeat donations." A clinical neuropsychologist who has studied financial decision-making among aging Americans told the Times that older people face a "double whammy" online: their generational lack of familiarity with technology and age-related cognitive declines. The Times article prompted Senator Amy Klobuchar (D-MN) to introduce legislation to ban political campaigns from using prechecked recurring donation boxes. Her office stated that the legislation follows the "Federal Election Commission's unanimous, bipartisan vote recommending that Congress ban political campaigns from automatically opting donors into recurring contributions through pre-checked boxes" in online forms. Learn more about Senate Bill 1786, Rescuing Every Contributor from Unwanted Recurrences (RECUR) Act. If you have concerns about elderly family members or friends, share this information. And if you have access, monitor their bank and credit card statements for unwanted, recurring charges. Get these turned off, and help them dispute the unwanted charges with the bank or credit card company.

Problematic postcards. A woman who recently paid off her mortgage (congratulations!) received a postcard bearing the message: "Regarding your recently closed mortgage." Being the suspicious type, she did some research and learned that banks and credit unions have been featuring warnings about these deceptive postcards. If you recently took out a new mortgage or refinanced one you already have, you could be a target. If recipients look closely at the tiny print in the lower corner, there's a hint about the sender--it's a home warranty company looking to sell you a bill of goods. The scammers get your mailing address from public information about property deeds on file at county offices. So, if you get one, throw it straight in the recycling bin.

 
  Tell us how we're doing!  
 

We'd love your feedback on how we've been doing, and which of our services have been most important to you. Please fill out our (very) brief three-question survey here!