A Consumer Action News Alert • July 2022
www.consumer-action.org
  Too good to stay  
 

New York State Attorney General Letitia James--and many of her government colleagues across the country--are warning consumers about scams on vacation rentals and offering tips on how to avoid them. "Scammers don't take the summer off," said James, who suggests vacationers verify the host and the existence of the property being booked before making a payment, among other advice. Entrepreneur magazine warns that as "summer scams heat up, more and more vacationers are getting burned" by rental scams, and gives examples of some victim stories. We like some tips offered by Social Catfish, including "Ask more questions [of] the owner, such as the recommended restaurants nearby and the parking situation. Scammers cannot give you specific and sufficient answers." The Federal Trade Commission (FTC) has some long-standing guidance on avoiding rental scams. Report suspicious rentals to the FTC, whether you lost money or not--you might help others avoid a scam.

 
  Transport to hell  
 

School's out and many families are on the move to new locales. If you're contemplating a move, take care in hiring a moving company. Disreputable movers sometimes advertise rock-bottom prices, but once the move is under way, they turn around and hold your belongings hostage in order to get you to pay more. (The "110 Percent Rule" of the Federal Motor Carrier Safety Administration (FMCSA) requires that moving companies not demand additional payment greater than 110% of the cost of the original written estimate before delivering your items.) Consumer Reports has advice on how to choose a reliable moving company. Check out the American Moving & Storage Association website, which has a lot of useful information on making a safe move. If you've been scammed, review its Rogue Operator Victim Checklist. FMCSA's "red flags" list helps you spot signs that a mover might be bad news--among them, giving sight-unseen quotes over the phone, not a written estimate; saying the cost will be determined after loading; demanding cash or a large deposit; and answering the phone saying "movers" or "moving company" instead of a company name. Another red flag? The mover fails to give you a copy of "Your Rights and Responsibilities When You Move," as required by federal regulations. Finally, ask people you know for a recommendation. If you're moving out of state, verify that the moving company has a valid U.S. Department of Transportation number and a carrier number at FMCSA. For in-state moves, check your state's licensing requirements. 

 
  Don't get burned  
 

Dodgy tricks target lodgers. You're checked in to a hotel and the phone in your room rings. It's the "front desk" calling to tell you that your payment card was declined--please confirm your account number or provide another card. Instead, hang up and dial the front desk directly, because this has the hallmarks of a scam. Scammers simply take a shot at reaching a victim by calling hotels at check-in times and asking to be connected to room numbers (or figure out how to dial extensions to reach rooms directly). Sometimes they get lucky. Here's another trick scammers play on hotel guests: They leave restaurant flyers under hotel doors touting free delivery to the hotel. Their aim is to get hungry lodgers to call, place an order, and supply their credit card information. No food arrives--but you just gave someone a license to shop till they drop! Ask your hotel for recommendations for restaurants that deliver or find the names of nearby eateries using Google Maps or Yelp--and make sure the reviews are solid!

While I have your attention. An attractive beachgoer walks by in a teenie-weenie bikini. Break dancers strut their stuff outside a popular tourist attraction. A shy, grandmotherly woman approaches tourists to display a gold bracelet she "found"--could it be yours? These seemingly unrelated events could be attempts to distract you while the accomplices steal your possessions or pick your pocket. When you're distracted, you might let down your guard. At Scambusters, see more scenarios used to distract travelers. Seemingly innocent happenings, like a spilled coffee or an abrupt stop on an escalator, might be a ruse for thieves to grab your valuables. Usually, the scammers operate in pairs, and many of their tricks are plied on the streets, beaches and malls of vacation resorts, where unwary travelers fall victim. Don't be a mark. Keep your wits about you when you're out and about.

 
  Tips  
 

Wi-ly Fi. Travelers often look for free Wi-Fi hot spots. Don't connect to a free network until you confirm it is legitimate and secure. You could be connecting to a scam network, opening up access to information you send over the internet, and possibly even to your credit card number, usernames and passwords. Don't bank or shop while connected to public or unsecured Wi-Fi. On a similar note, CNET recently warned that malicious QR codes are being used by scammers to connect with computers and smartphones. Cybersecurity experts say these QR codes have been found on parking meters, restaurant flyers and other places. If you scan the QR code to redeem an offer or access information, you might allow malicious links embedded with malware to be downloaded onto your phone, which, in turn, may allow bad actors to access your login credentials and payment card numbers you've saved at retailers' sites. The FBI offers some tips to protect yourself from malicious QR codes.

Ignore the spin. People are getting an official-looking letter from the "Records Division" at P.O. Box 2910, Kennesaw, GA 30156-9843, offering information about state "benefits" you might qualify for. It may look official, and even mention your specific state, but it's far from legit. Fine print in the mailing states: "Not affiliated with or endorsed by any government agency." This letter comes from a lead generator trying to collect and sell marketing leads for burial insurance companies. Don't fill out the form. Bury it in your recycling bin.

I owe you nothing. The wordy email carried the subject "Reminder. Pay the debt within two days." Inside, the sender warns "Here is the proof I hacked this email. Your password at the time when I got access to your email: XXXX." It was a very old username for an unimportant website access, and the recipient knew she'd only used it once. (Remember: Do not reuse usernames and passwords!) The strange grammar in the email shouted "scam," not to mention that it contained a false threat: "As a systematic adult websites visitor, you are the only one who is responsible for all the consequences of that." The emailer demanded $1,650 in Bitcoin, as "a considerably fair payment for all the hard work done by me." This email hopes to ensnare (the many) people who watch porn online, but that's just throwing spaghetti against the wall and hoping it will stick. Read the entire email here. Information from corporate data breaches--such as the infamous Equifax breach of 2017, in which millions of people's information was stolen--is traded on the "dark web," so change your login credentials frequently and use password management software to help you keep track of them.

I spy. A recent email reminded the recipient that "We have been trying to reach you in order to deliver your $750 Amazon Gift Card." The recipient recognized the hallmarks of a scam. When he "hovered" his mouse (do not click!) over the links in the email (a button titled "Accept Money" and the "unsubscribe" link) he saw a url that is often used to download malicious software, like spyware, onto the computers of people who click the links. There is only one response to such an email: Delete!

Negative exposure. There's a slew of documentaries about the terrible things that happen to people who are not careful online. (We're not blaming victims, but pushing for awareness that might help people stop themselves from doing regrettable things.) The Netflix series Web of Make Believe: Death, Lies and the Internet tells some awful stories, but the ones concerning young women caught up in a local sextortion scam was super ugly. They thought they'd found romance and did some silly things involving photos for the sake of love, and then were terrorized for it. The perp (quite the nasty little hacker!) was found, prosecuted and incarcerated. We won't spoil the story, but even if you don't watch, spread the word among young people you know not to "overshare" with people they meet online. And teen girls are just one target. The Federal Trade Commission is warning LGBTQ+ communities that evildoers are lurking on dating apps in the guise of potential romantic partners and urging the people they attract to share "explicit photos." Send photos and the blackmail begins, with threats of publicly posting your private chats and photos unless you send money (natch, using gift cards, wires or P2P payment apps). The FTC says (duh!) don't share sexy photos and other personal information with someone you just met on a dating app. And, it warns, "Don't pay scammers to destroy photos or conversations. There's no guarantee they'll do it." If you're a victim, file a complaint with the FBI Internet Crime Complaint Center (IC3).

 
  It's great to hear from you!  
 

We'd love your feedback on how we've been doing and which of our services have been most important to you. Please fill out our (very) brief three-question survey here!