A Consumer Action News Alert • March 13, 2023
www.consumer-action.org
We always warn consumers to be careful about the links in emails they receive. We want you to know that all links (URLs) in this newsletter are sent via VoterVoice, our content management services provider, in order to determine which stories are most interesting to our readers. No personal data about you is saved.

Click here to view this newsletter in a browser.
Facebook Twitter LinkedIn
  Prime time for curbing Amazon impersonation scams  
 

Business impersonation scams continue to target consumers, and this month we are helping Amazon to spread the word about how to avoid becoming a victim and where to report business impersonators. Business impersonation scams are just what they sound like: scammers pretending to be a business you trust in order to trick you into giving them money, personal information or access to your account or computer. According to the FTC, scammers looove to impersonate Amazon. The agency found that from July 2020 through June 2021, about 1 in 3 people who reported a business impersonator said the scammer claimed to be Amazon. Amazon, which has been taking steps to stem the fraud and help people identify scams, recently teamed up with the Better Business Bureau (BBB) for a consumer education campaign. Besides providing a slew of tips on recognizing impersonation scams, the campaign encourages consumers to report scams to BBB’s Scam Tracker, which, SCAM GRAM readers might recall, is one of our favorite sources for keeping up with current scams, as it is constantly updated. Since National Consumer Protection Week took place last week, and today is World Consumer Rights Day, this is the perfect month to fill our tips section, below, with all the helpful advice you need to pull the mask off these imposters and protect yourself from fraud.

 
  Scam avoidance 101  
 

During last week's Slam the Scam Day (March 9)—also part of National Consumer Protection Week—the Inspector General for the Social Security Administration (SSA), Gail S. Ennis, shared a straightforward tip that reminds us that steering clear of government imposters doesn't have to be complicated: It simply starts with hanging up the phone or deleting suspicious texts and emails, without responding to the scammers. “That remains the easiest and most effective method to avoid falling prey to these vicious scams,” Ennis explained in the SSA’s Slam the Scam Day communication that urges us to not get caught off guard. Like business imposters, government imposters aim to get consumers' personal information and money through threats or promises. We were glad to join the agency's effort to get the word out with posts on our Facebook, Twitter and LinkedIn pages. The National Slam the Scam Day initiative was launched in 2020 to raise public awareness of Social Security-related scams. It expanded last year to include other government imposter scams, as reported losses to consumers climbed to more than $446 million in 2021 and $509 million in 2022. Learn more about staying safe from government scams year-round here.

 
  Spied if you do, spied if you don't  
 

Nosy (and worse) significant others lose some spying tools. New York's attorney general secured $410,000 in penalties from multiple companies for illegally promoting spyware that allowed individuals to spy on their partners’ Android and iOS devices without their consent. The companies, owned by Patrick Hinchy, sold software that allowed users to secretly monitor activity on another device, including call logs, text messages, photos and videos, location, Gmail activity, WhatsApp and Skype messages, social media activity, and browsing history. Although the companies led consumers to believe that using the products for spying was legal, the AG's announcement explained that installing and using stalkerware to monitor another adult’s mobile device without their consent violates numerous state and federal laws. We could go on about why this is UGLY, but why not leave it in Attorney General Letitia James's own words: “Snooping on a partner and tracking their cell phone without their knowledge isn’t just a sign of an unhealthy relationship, it is against the law." And there can be no doubt, as James also explained, that these apps and products place consumers at risk of stalking and domestic abuse. In addition to the financial penalties, the consortium of companies will have to implement various measures, including modifying the apps and software so that the owner of the device being monitored is notified and informed of the types of information being collected.
 
Spyware spares singles? After reading the above piece about snooping spouses, happy singles may be feeling smug right about now. But, alas, whether you regularly fly solo or are merrily married, you're still fair game for cyber spies. ZDNET reminded us last month that surveillance software is becoming more advanced and that it can be extremely difficult to detect or remove once it's implanted in a device. The tech news site published the guide "How to find and remove spyware from your phone," which describes different forms of malicious software that can infect iOS and Android handsets, warning signs of an infection, and how to remove the malware when it's possible (or—gasp—get rid of the device when it’s not). ZDNET's guide covers basic types of spyware, like "nuisanceware," which can gather and sell your data for advertising purposes; more advanced types, like the "stalkerware" the New York AG recently cracked down on (above); and government-grade commercial spyware, like the Pegasus tool used by law enforcement (and which, as ZDNET points out, was found on smartphones belonging to journalists, activists, political dissidents and lawyers). Before it presents its list of spyware removal options, the guide provides an important tip that we want to repeat here: Do not tamper with your device if you feel your physical safety may be in danger. Instead, reach out to the police and supporting agencies.

 
  Tips  
 

Impersonators' many faces. The BBB explains, as part of its consumer education campaign with Amazon, that impersonation scams are perpetrated in many ways, including by phone, email, text, or social media messaging. Their non-exhaustive list of scammers' tactics includes: 1) promising money or prizes for providing product feedback (and your personal information); 2) sending messages with Quick Response (QR) codes that can be used to steal your information; 3) telling you your account has been hacked and the only way to protect it is to buy gift cards and provide the card number and PIN on the back (allowing the fraudster to drain the money on the card); and 4) sending you a (malicious) survey link under the guise of a trusted brand. Other tactics, touched on further below, include sending bogus order confirmations and offering tech support “help.”

All signs point to a scam. The advice we offer in Consumer Action's Just Say No to Scams tip sheet will go a long way to protecting you from impersonation scams like the ones Amazon is warning about. Keep these in mind when going through your email inbox, retrieving your text and voicemail messages, or picking up your phone:

  • An unexpected contact: If you’re not expecting a call, email, text message or visit from a business or government agency, the communication you receive might be from an imposter.
  • A request for money or personal information: If you get an unexpected request for either, it could be a scam.
  • A sense of urgency: Being rushed (to hand over your money, give personal information or make an important decision) usually means someone doesn’t want to give you time to do some research and make an informed choice.
  • A threat or enticing offer: Scammers get their victims to pay them or give them information by playing on their emotions—typically fear (e.g., loss of account access) or hope (e.g., money or prizes).
  • Demand for a particular method of payment: Crooks typically request payment in the form of a wire transfer, prepaid card number, gift card, cryptocurrency, or other unrecoverable method.

I ordered WHAT?! Amazon uses learnings from its customer self-reported data to share insights with consumer groups about common scams ahead of high-volume shopping events. In 2022, Amazon found that fake order confirmations accounted for more than 50% of the Amazon impersonation scams reported by the company's customers. These phony messages often refer to a "purchase" that the consumer supposedly made, and request that the consumer act urgently to confirm the (fake) purchase. If the consumer tries to cancel the nonexistent order by clicking a link or calling a fake “customer service” number, the scammers try to steal the consumer's personal or financial information. Amazon reminds you to always go through the Amazon mobile app or website to verify that the message was from Amazon—and check your order history.

Smile…it’s Amazon! Because Amazon wants its customers to know with confidence that it’s really them when you are being contacted, the company implemented email verification technology to make it easier for customers to identify phishing emails and harder for scammers to commit fraud. Now, customers using Gmail, Yahoo!, and other common email services can be confident that an email from an @Amazon.com sender with the Amazon smile logo icon is legitimate. Get a close look at some actual scam texts received by Amazon customers and pick up some more safety tips in this Good Morning America video.

Tech support hell. Although these might be considered classic scams at this point, the FBI recently warned that tech support scams are evolving and that the number of people falling victim, and the amount of money they lose, is on the rise. In tech support scams, the FBI explains, fraudsters pose as customer or tech support representatives from reputable well-known tech companies. They may call, email or text their targets offering to resolve such issues as a compromised email or bank account, a computer virus, or a software license renewal. Once they convince the victim that their financial account has been compromised and their funds need to be moved, they gain control over the victim’s computer and, ultimately, their finances. The FBI reminds us that legitimate tech support representatives will never initiate unsolicited contact with customers. They will not demand immediate payment or request payment via cash, prepaid gift cards, wire transfers or cryptocurrency. For their part, Amazon and the BBB remind consumers: Never allow remote access to your computer. If you need help, seek support directly from the website of your service provider.

Answers at your fingertips. Scammers rely on that moment of panic to get you to take action, and a notification that your credit card or bank account will be charged hundreds of dollars for a product or service you didn’t order—if you don’t click or call to cancel immediately!—usually does the trick. But, if you can stay calm, cool and collected, you can avoid a costly mistake. As Microsoft advises, if you have an account with the business, log in to see if “this mysterious order” actually exists. Or, contact the company at its legitimate, published phone number or website. This is one case where hitting pause is the best strategy.

Report it! Savvy consumers stay informed about scams and report fraud when they spot it or—heaven forbid—experience it. Amazon recommends that if you receive correspondence that you think may not be from Amazon, report it immediately, using Amazon's self-service tool. If you are not a customer, you can still report a suspicious message to the company at stop-spoofing@amazon.com. These reports give Amazon the information to identify bad actors and take action against them, helping to stop scams before they happen. The same goes for other business impersonation scams: Report them to the legitimate business they are impersonating. Don't forget that, as noted above, we are partial to the BBB's Scam Tracker. It's a free tool anyone can use to report suspected scams. Your reports warn others so they can avoid similar cons. And check out Consumer Action’s Just Say No to Scams guide for detailed advice on where to report scammers’ malicious messages, including to federal and local agencies.
 

 
  Tell us how we’re doing!  
 

We’d love your feedback on how we’ve been doing and which of our services have been most important to you. Please fill out our (very) brief three-question survey here!