Do NOT post selfies with your vaccination card!

No matter what age you are, almost everyone in this country loves a good selfie.  Especially when we’re celebrating a major event or when it’s helping to advance a cause.

Being one of the first to get in line for a COVID-19 vaccination fits both of those bills.  Not only is getting your shot the beginning of the end (HOPEFULLY!) of this quarantine nightmare, but as one of the first members of the public to get it, you might want to show your friends and family there’s nothing to fear.

A developing trend among people first in line for the shot is taking a celebratory picture holding their vaccine certification card.  I’ve seen this trend firsthand on my own social media timeline.


And because I’ve already seen this dozens of times personally, I’d like to send out this important public service announcement:


Seriously.  Please, please, PLEASE, don’t do this. And if you already have, pull that image down as soon as you possibly can.

Those vaccination cards are an open invitation to would-be scammers who may only need the pieces of your personal information on that card to steal your identity OR who are looking for people who have gotten the first injection to realize their scam.

For example: let’s pretend I’m a scammer and my strategy is to get those who have received their first shot to pay me for access to their second one.  Maybe I’ll call those who have received their first shot pretending to be a state healthcare employee to say they’ll have to put down a deposit on their second shot or pay for their place in line.

The best way for me to find potential victims right now is to simply scroll through vaccine hashtags and look for anyone who has posted a photo holding that vaccination card.

Not only does simply posting that photo make it easy for me to find you, but I also have your full legal name, your birth date, and details about what vaccine you got and who administered it. 

Those details might not seem that critical to your personal security, but they’re incredibly useful to me. 

I can use all those details to convince you over the phone that I’m a healthcare worker with intimate knowledge of your vaccination records.  While you’re talking to me on the phone or through email, you might not immediately remember you posted those details publicly where anyone could find them.  I’d have just enough correct information about your vaccine experience to look very legitimate to you.

Once I have your trust, it’s easy for me to ask you to give me your financial information to arrange payment for your second injection.  I could even ask you for even more critical personal information to “make sure you got the correct shot at the right time.”  Then, I could steal your entire identity.

While posting that card may not provide ALL the details someone would need to seriously jeopardize your finances, it does create a very good opportunity for a skilled social engineer. 

Social engineering is the most common way scammers slurp information out of victims: it’s a strategy where all someone needs is charisma and a scarily short amount of research to convince you he knows you, he can be trusted, and prod you into giving him the information he wants.  These types of scammers flourish on the seemingly innocuous things we post on Facebook and Twitter.

And as for the information that is given on those vaccination cards, you might be surprised to know scammers can use your birth date to figure out MOST of your Social Security number digits if they know where you were born–which they might if you’ve posted where you’re from on your social media profiles or if you were affected by any of the major data breaches of the past several years (most Americans were).

So on top of not posting imagines of that card on social media, you should definitely also consider removing any details related to your birth date and birth location as further protection from all kinds of scammers.

While I haven’t seen any reports of any specific victims of this potential scam, the Federal Trade Commission and Better Business Bureau are pre-emptively raising the red flags as this social media trend gains steam:

As seniors in most states are becoming eligible for their first vaccination, I ask you to be very careful with this trend and with your personal information.  The COVID scammers have been out there since the very beginning of this pandemic and they’re always looking for new ways to bait victims while this situation is evolving.  Since seniors are the first general members of the public to get access to the vaccine, seniors are specifically the ones being targeted at this time.

So keep your personal information close—even if it doesn’t seem all that personal—and try to find much less public ways to celebrate your newly vaccinated status. 

Don’t get me wrong: it’s DEFINITELY a reason to celebrate.  But I want YOU to be the one celebrating—NOT the person who may have just used your good news to destroy your credit.

Stay safe out there, guys!

Vaccine scams target seniors as states enter phase 1B

Today, most U.S. states have opened eligibility to lower priority groups within Phase 1 COVID-19 vaccinations. 

With some alterations, states are largely following guidelines set forth by the Advisory Committee on Immunization Practices (ACIP), a team of experts within the Centers for Disease Control (CDC).  In the ACIP’s recommended vaccination strategy, Phase 1 is comprised of healthcare personnel, essential workers, seniors, and those with the highest need for the vaccine.  These groups are both the most at-risk for exposure and the most likely to transmit the virus to the larger public.

The first people to receive the vaccine were doctors, nurses, and other essential hospital and clinic employees.  In the ACIP guidelines, this group is 1A.

With states hustling unbelievably fast to get this shot into as many arms as possible, more than half of the U.S. is now working through the 1B and even the 1C groups. These groups primarily consist of seniors over 75 years of age—though depending on how your state may have deviated from APIC guidelines, these groups may include seniors over 70, 65, or younger if they have a high-risk medical condition.

If you are over 65 years of age, I encourage you to start keeping a regular eye on your state’s website.  This will be where you can see if you’re eligible and we’re you can locate the necessary information to schedule your vaccination appointment if eligible.

While we have no idea what vaccine administration will look like once it’s rolled out to the general public (the goal is to make it very similar to getting a flu shot at your local pharmacy), we know right now it’s a matter of checking for your eligibility and getting yourself an appointment.  Vaccine supplies are limited, so you’ll need to schedule a time to get your poke.

The important thing to understand here is if you’re eligible right now, you’ll have to rely on yourself to get that information AND make the appointment to get the vaccine.  The average retiree quarantining at home will likely NOT be contacted by any local agency to alert them of their eligibility or the process to make an appointment. 

Don’t expect for anyone to reach out to you personally to let you know it’s your turn.

The first reason I bring this up is because if you haven’t checked out your state’s health department website, you should do so.  Right now, in fact.  There’s a possibility you are now able to get your vaccine.

The second reason I’m bringing this up is because don’t expect for anyone to reach out to you personally to let you know it’s your turn.

Seniors are receiving calls, texts, and emails from various agencies inviting them to the COVID-19 Vaccine Party every single day.

The price of admission to that party is anything from your bank or credit card information (to pay for the shot, naturally) to your Medicare information (to verify your identity and/or to make sure the cost of your shot is covered).

Guys, the COVID-19 vaccine is free.

The federal government has used YOUR tax dollars to purchase this vaccine and send it all over the country.  There is no charge to administer the shot because we already paid for it.  And because it’s a matter of public health that EVERYONE gets this shot regardless of their ability to pay or their insurance status. 

The vaccine is free.  F-R-E-E.

So, you probably see what I’m getting at here.

The likelihood someone will contact you via any means to tell you they checked for your eligibility specifically—in an ENDLESS OCEAN of people waiting for this shot—is slim to none. 

But the dead giveaway these calls and emails are scams is the asking for financial or insurance information. NOBODY is paying for this vaccine.  This isn’t a profit-making situation.  This is a global health crisis situation

The shot is gratis because it must be in order to create herd immunity.  While we don’t know for sure how high a vaccination percentage is needed to achieve that immunity with this specific virus, we do know that number gets as high as 95% with other contagious illnesses, like measles.  That means 95% of a population needs to get vaccinated against measles to effectively ensure the remaining 5% won’t get measles.

But because the triage for getting a limited vaccine to every single person in the U.S. is complicated, to say the least, a lot of people have little to no idea how to get it, if they can get it, and how they’ll know it’s time to get it.  It is extremely hard to get that kind of information out to every single person, especially when that information varies from state to state and the situation is constantly evolving.  A lot of people who can get vaccinated will probably be left in the dark.

Scammers are already exploiting that information gap to the fullest extent.

Whether it’s the shot itself, a fee for administering the shot, or a fee for scheduling your appointment, we can’t stress this enough: getting the COVID-19 vaccine is free.  Anyone—no matter WHO they claim to be with or contacting you on behalf of—who tells you there’s any kind of payment involved in the vaccination process is 100% trying to scam you.  PLEASE report anyone who contacts you saying this.

Additionally, state health officials are reiterating they would NEVER ask someone they called for sensitive personal information over the phone.

In the event someone would call you to let you know you’re eligible for the vaccine—and that is already highly unlikely—no legitimate caller is going to play 20 Questions with you about your name, birth date, address, Social Security number, or any other information that can be used to steal your identity.  It would simply be a call and an attempt to schedule an appointment.  That’s it.

In time, these scammers will be putting a target on every head in this country, but at this time, only seniors and essential workers are eligible.  This means if you’re a senior, scammers are going to be looking for YOU, specifically.  Until this vaccine opens up to lower priority groups, these scams will disproportionately affect retirees as scammers look for ways to get in contact with as many people within our current phase as possible.

So, be proactive about your vaccination eligibility by locating information on your own.  Don’t wait for anyone to contact you.  Head over to your state or county’s website or contact your local health department to get the information you need.  Any changes to eligibility or access will be posted there first.

“Fleecing the Flock”: How affinity scammers use your identity against you

In another life, I used to write about a lot about sheep.

Yup. Sheep.

I used to write about a lot of animals, actually.  My job was to explain how different landscape and livestock tools worked.  Wild animal repellents, animal fencing, those really creepy fake owls you put on top of your barn to freak wild birds out—that sort of thing.  To understand why those sorts of products work and how to use them properly, you have to understand why animals act the way they do.

So, now I know a lot a lot about sheep.  And I’ve had a linguistic bone to pick with a lot of people ever since.

Sheep are the most slandered animal in our language.  If you’re going with the crowd, you’re being a sheep.  If you hold a popular belief someone else disagrees with, they’ll probably call you a sheep.  To be a sheep means you’re the kind of person who goes with the group.  It means you share the same opinions as the rest of the “flock.”  The implication is you’re too weak or stupid to go it alone, so you find 30 of your friends and do what they do instead of forming your own opinions or behaviors.

But if you know sheep—or at least, if you’ve had to do a lot of Googling about them in order to write promotional materials—you know this is not at all the reality of flocking behavior.

Sheep are NOT stupid.  Far from it, as a matter of fact.

The flocking behavior we see in social animals is actually pretty genius.  When you’re not strong enough to stand up to a wolf on your own, you’re safer when you stick with your friends.  Flocking animals rely on having dozens of eyes on the ground to look for the slightest sign of danger—that’s why they follow each other so closely.

Sheep aren’t the only animals known to get by with a little help from their friends.  Without our cooperative social nature, humans would likely not have shot straight up to the top of the food chain as quickly as we have.

Much like sheep, we rely on other people in our communities on a daily basis to do all the things we need to do.  And we absolutely depend on our flocks to stay safe from would-be predators.

Our flocks are more than just our family and friends.  Whether we realize it or not, we form flocks based on any number of shared traits, experiences, and identities: sharing an alma mater, a religious belief, a locality, a political affiliation, an ethnicity, a language, or a place of work.  We tend to trust others more when we have things in common with them.  You can probably think of at least a few people in your life you may have trusted almost immediately—despite being strangers—based on a few shared traits or values.

It’s not a bad thing most of us do this.  We make lifelong friends because we are able to quickly identify commonality and bond over it.  But when we do that too readily, the tendency to trust those we view as part of our flock can be dangerous—especially when we’re dealing with a wolf in sheep’s clothing.

There is a term for the types of scams that rely on people’s tendency to trust those they perceive as similar to them.  It’s called affinity fraud.  Affinity scams are scams—usually investment scams—that exploit a target audience by dressing those scams up to be everything that audience would trust by default: someone just like them.

While not every scam targeted toward a specific group is a textbook affinity scam, many of them are. 

Seniors are one example of a flock—a group of people who share a specific age range and many of the unique experiences that come with being that age.  Seniors would be far more likely to trust pitches made to them by other seniors or senior-adjacent people or causes.  This is why so many scammers opt to pretend to be from Medicare or the Social Security Administration.  A retiree target deals with those programs every day.  They trust those organizations.  These scams aren’t classic investment affinity scams, but they are successful because they use affinity tactics.

The most recognized affinity scams are those targeting religious groups.  Religious people have a great deal of trust in their churches, other members of their religious sect, and causes related to religion.  Someone who might be very wary of answering their phone and handing out their information to just anyone might not question a stranger claiming to be part of their religion asking for a donation for the church.  This behavior is exactly why churchgoers have lost MILLIONS of dollars to fraudulent investments and Ponzi schemes committed by fellow church members or bogus church organizations.

Another example of a classic affinity scam is this story of a pair of Cambodian immigrants who targeted other Cambodian immigrants to participate in a $30 million Ponzi scheme.  The scammers flaunted the wealth and comfortable lifestyle many immigrants dream about when moving to the United States, using it to convince their kinsmen to contribute their hard-earned money to an amazing “investment opportunity.”  In 2007, these scammers were sentenced to 20 years in federal prison.

An affinity scammer can use almost any part of someone’s identity to gain their trust.  But the most basic affinity scam is one where someone is simply targeting their own friends and family.  Why?  Because those people already trust them simply for being them.  It’s the simplest way to get money from someone, but it’s probably the most tragic, too.

Anyone can fall prey to these scams.  Everyone has something about their identity that can be exploited to gain their trust.

But seniors are particularly vulnerable to affinity fraud.  Seniors have more assets than younger people.  Seniors have retirement nest eggs and savings accounts.  If an affinity scammer is looking for someone likely to have at least one account or asset they can tap immediately to get a few thousand dollars to invest, they’re probably looking for a retiree.

Not only that, but seniors tend to be very active in church communities and charities.  Many seniors choose to spend their retirement volunteering or participating in community activism.  Seniors are a group of people known to be generous with their time and money when it comes to higher causes.  This is exactly the personality type an affinity scammer looks for: the kind of person who will contribute to something bigger than themselves.  The fact that retirees also tend to have bank accounts with readily available cash is icing on the cake.

Because these scammers are playing on the trust you have for those who share some of your most intimate and passionate beliefs—or even the love you have for them as a friend—these scams are some of the most damaging of all.  The money lost is bad enough, but trauma, shame, and devastation of having your trust destroyed by someone you may have cared about can follow you the rest of your life.  Sometimes the victims of these scams never move past what was done to them.

Protecting yourself from affinity scammers starts with understanding every single one of us is at heart a sheep.  I don’t mean that in the negative pop culture sense of the word, but rather in the sense that we all have the exact same need to stick with our flock as the animal we like to make fun of.  The reason we’re so quick to trust people like us is because we SHOULD be able to trust each other, especially when have so much in common.

But humans are predators, too.  For every one of us just trying to enjoy some grass with our friends, there’s another person who sees a field of fresh lamb chops.

Whether it’s an absolute stranger, someone loosely associated with certain things you are, or someone you’ve known for years, there can be no difference in the level of scrutiny with which you examine ANY investment proposal made to you.  The temptation to trust certain people over others will always be there, but you can’t allow anyone to override your common sense when it comes to your check book.

Verify every detail of the pitch made to you independently.  Take nothing someone asking you for money says for granted.  Get as much information about the opportunity as you can and do your own independent research to verify the legitimacy of their claims.

Do not succumb to grandiose emotional appeals, guilt tactics, or pressure to give someone your money.  This is true of ALL kinds of scams.  If someone is trying to guilt you into giving them money (“don’t you trust me, we’ve known each other for years,” “but I helped YOU all those times—why won’t you help ME?”), don’t make a knee-jerk decision you’ll regret.  The more someone pressures you emotionally instead of listing the data-based reasons why an investment is good, the more you need to be wary.

Make sure absolutely everything is done in writing—no handshakes, no verbal agreements, and no money exchanged without a legitimate receipt.  Everyone knows this, but this tends to really go out the window when dealing with a friend, family member, or someone close to you who you trust.  Never give someone a substantial amount of money without the paperwork.  And if that person balks at you requesting such a thing?  It’s not because they’re worried about YOUR best interests, if you catch my drift.

Consult a financial planner or lawyer in absolutely every major financial investment.  If you aren’t a financial professional, chances are good you won’t really know the full extent of what you’re getting involved in.  Never stroke a huge check to anyone without talking to a pro.  If there’s something fishy about the arrangement, a financial advisor will see it right away.

“If it sounds too good to be true, it probably is.”  It’s pretty hard to tell someone how to avoid getting affinity scammed.  The red flags may not be flying as high or as bright as with other scams, and because victims trust the scammer, what few flags are visible might be hidden by fog.  But one ancient bit of wisdom will always serve you well here: beware of investment opportunities promising mind-blowing returns or rewards.  The bigger the promises, the smaller the chance what you’re being told is true.  If there’s one glaring warning sign, it will probably be this one.

Account compromised? If you respond to this call, it might be

With nothing else better to do, you might be one of the millions of people who have succumbed to the temptation of internet shopping in the past few months. Don’t worry—I’m not going to judge you. The way I see it, if you don’t ask me what useless things I’ve purchased on Etsy this year, I’m not going to ask you. Nothing empties my wallet faster than boredom.

And anyway, a lot of our increased online shopping this year is out of necessity and self-preservation—at least, that’s what I’ve been telling myself. This isn’t exactly the best time to be milling around in brick-and-mortar stores if you can avoid it.

Then, add Christmas on top, and most of us have been going a little swipe-crazy sitting at home on the computer.

But with increased usage of our cards online, payment processing services like Paypal, logging in and out of our email accounts, and setting up online accounts at retailers we may have only shopped at in person, we open ourselves up to online fraud. We are giving online thieves and scammers infinite opportunities to scam us out of information, steal our card numbers, and snatch our login credentials. The more we put out there, the more there is for someone to steal—that’s just kind of how the internet works, unfortunately.

So getting a fraud alert email, text, or call around this time would be a bummer, but would you question it if you spent the last month running up your credit cards online? Probably not.

Well…it turns out you probably should.

Today the Better Business Bureau published its newest fraud warning regarding bogus fraud alerts about “compromised” accounts, including Amazon, Paypal, and Netflix, to name just a few.

But this can happen with any one of your online accounts. You could receive a fraud alert from your bank, your email client—anywhere you log in, and especially those accounts that could contain sensitive or financial information.

But the compromised account alert is merely just a solicitation to you to get you to compromise your account.

BBB reports this scam is happening via email and phone call. Emails—which may be disguised as coming from legitimate senders and businesses—will send you to a phishing site, asking for your login information and even your Social Security number. In the phone version, the caller tells you that suspicious charges were seen on your account. The caller will either try to get the same information out of you the email version does or will ask you to download a mysterious “anti-malware” program to your device. Spoiler alert: that “anti-malware” program will be malware.

In a stranger version of this call, the caller may direct you to…buy a bunch of Google Play or gift cards in order to…buy back access to your account? I don’t entirely understand the gambit there, but as we’ve discussed before, any time someone asks you to buy pre-paid cards in order to pay for something, it’s a scam. It’s one of the biggest red flags there is.

Just a few months ago, consumers reported calls regarding their Apple accounts being compromised.

In each case, the scammer will either use trusted branded materials or a spoofed legitimate business address to contact you via email or tell you on the phone that they’re an employee of the business in question. It is possible the phone number will be spoofed to appear legitimate, as well.

Whether the scammer contacts you by email or phone, the key here is not to give any personal information up until you can verify what they’re telling you. For example, if someone calls from your bank telling you there are suspicious charges on your account, log into your online banking before you continue the conversation. If there is indeed some kind of freeze or flag on your account, it’ll be pretty obvious once you’ve logged in.

You can also ignore the email or hang up on the call, find the phone number for that business, and call them directly to check on your accounts. If you do this, just make sure you’re getting the phone number for that business from your own search—not from any website or email the caller might give you.

The most important thing to remember—especially with scam callers—is not to let fear or pressure cause you to do something you know isn’t safe. You don’t have to share your information with just anyone who asks for it, no matter what the situation might be. And the more a caller tries to apply pressure or use fear tactics to get that information out of you? The more likely it is they are fraudsters.

Besides. What are they going to do if you don’t? Beat you up over the phone? Don’t let anyone make you feel like you’re doing the wrong thing by being protective of your personal information. Frankly, any business would be happy to know their customers are protective of their information. It saves them a lot of hassle, you know?

So now that the Christmas shopping rush is over, it might be a good time to go through all of your accounts and statements just to make sure everything is in its right place. Keeping an eye on your finances in general is another good way to thwart anyone trying to tell you that you have thousands of dollars in suspicious charges or that your accounts are frozen. Being aware of your spending and the health of all your accounts will make it much harder for someone to lie to you about it.

HHS warns the public NOT to respond to COVID vaccine scams

After a year I think we all are looking forward to forgetting, Santa has swooped in at the 11th hour to deliver us the gift that’s at the top of all of our Christmas lists: a COVID-19 vaccine.

Of course, in this festive metaphor “Santa” is all the people in the medical research field who have worked day and night to develop an injection that will end this complete and utter nightmare—and did so with a novel virus at neck-breaking speed. In this situation, I have to give credit where credit is really due. Sorry, St. Nick.

One vaccine has already been approved for use in the United States, and five others approved in different parts of the world. Behind those are several more vaccines nearing completion on trial phases.

Hopefully very soon we can return to some semblance of normalcy around here. Personally, I can’t wait to get out there and see how bizarre my loved ones have gotten since I last saw them. At least, I hope they’ve gotten bizarre. I don’t want to be the only weird one at the reunion.

But for right now—and presumably into the next several months—vaccine quantities are extremely limited. They’re rightfully being reserved for those who most need them, primarily the healthcare workers risking exposure every single day. This group also includes workers in long-term care facilities where COVID has a particularly strong stranglehold.

After that, it is expected the second priority group in most states will be people over 65 years of age. This is especially critical because, aside from seniors being vulnerable in general, it will cut off the virus’ favorite breeding ground: nursing homes. Nursing facilities have been the source of many early outbreaks in this country.

Producing, shipping, and administering vaccines to those highest on the priority list is a process certain to take quite a bit of time. Secretary of Health and Human Services Alex Azar estimates the general public won’t have access to the vaccine until Spring 2021, so it looks like we’ll have quite a while to wait.

Knowing that, none of us should be expecting to receive any kind of communication telling us to pull up at the COVID Shot Store any time soon. Even seniors who will be among the first to receive the vaccine shouldn’t expect it—we’ve only just started to deliver doses to frontline health workers.

With thousands of healthcare workers waiting on the first vaccines to arrive, there is absolutely NO chance of getting any kind of early access to the shot. Zero. Zilch. Not possible. No way, and no how. There are very few doses even being made yet, and every last one of them is spoken for.

But if we know ANYTHING about scammers, we know they are shameless opportunists. Judging by how they reacted to the first available COVID tests, the Department of Health and Human Services is getting out in front of the vultures before they really start circling.

The Office of the Inspector General at HHS is already issuing warnings about any communication the public might receive—be it email, phone call, or text—about offers and access related to the COVID vaccine.

To paint a picture of just how fast scammers can mobilize campaigns, the Food and Drug Administration authorized use of the first COVID vaccine six days ago. Just three days later, we got the first reports about vaccine-related scams.

Per usual, scammers are making these calls and emails sound and look as if they’re coming from genuine government and health institutions, like the FDA, the CDC, Medicare, or local physicians and pharmacies. There may be very little in the way of red flags to let you know the communication is from an imposter: emails will spoof email addresses and use legitimate branding materials, and calls may used spoofed phone numbers that on a cursory look-up seem to be coming from a legitimate place.

But as we’ve explored in the past on this blog, it is nothing for a scammer to fake a local or legitimate number or throw together a halfway decent facsimile of a recognized and trusted website. This is 101-level stuff for a fraudster.

Normally I’d give some tips about how to recognize these things or maybe a list of things you can do to steer clear (I do LOVE a bulleted list). But telling you how you can avoid having your personal information stolen by these particular scammers is, thankfully, much simpler than that:

You can’t get the vaccine.

There is no vaccine available to the general public.

There won’t be a widely available vaccine until second quarter next year.

That’s really all you need to know. Anyone offering you some kind of super secret VIP access to the shot in the meantime is trying to get something from you. Absolutely NO ONE can get this shot except a select few who really, really need it. That’s it. That’s all. End of.

The day we have enough of the vaccine to distribute it to the public, it will absolutely consume the news cycle. I imagine there will be lines outside every PCP and pharmacy door that would make you think someone was handing out free suitcases of diamonds (or toilet paper, AM I RIGHT?! Hahahaha! Help, someone, please.).

There will be no questions at all when this thing becomes available or if it’s available. We will all know when that time comes. And that time is not any time soon.

So, know that in the coming months these vaccine scams will be everywhere. Scammers will contact people in all the ways they usually do, via any means, and they will be really good at making themselves out to be something that they’re not.

And as it gets colder and darker and the cabin fever starts setting in (if it hasn’t WELL before now), they’re going to use that to tempt victims into thinking they can get this shot that will allow them to get back to life.

Don’t fall for it. It’s going to be a tough winter, but we made it this far. We all just need to keep following the rules for a few more months so we can end this nonsense once and for all.

“Can you hear me?”

There are few things I hate more than the sound of my own ring tone at noon on a Monday.

To be fair, I hate the sound of my ring tone at all other times, too. Since settling into my quarantine life, I’ve really gotten used to a minimal amount of social stimulation. A ringing phone sounds like a baseball going through a picture window at this point.

But at noon on a Monday when I don’t have a prescription for pick-up or a pet due for a wash and cut the next day? There is only one type of person who calls me. And that’s generously assuming it’s a human being.

When I hear that sound at noon on a Monday, I start making gentleman’s bets with myself.

It’s the police.

No, it’s the “Social Security Officer.”

Ooh, no, it won’t be the Officer this time—it’ll be the Agent.

Maybe I’m feeling especially lucky and it’ll be the guy who really just wants to give me deals on medical equipment.

No, I definitely won a free cruise today.

I’m not feeling particularly special or lucky today—today, I thought, I’m going to play it safe and guess that my Social Security number has been suspended. That’s what it’s usually been lately.

But I was wrong. Good thing it was only a gentleman’s bet. I would hate to lose the ten dollar bill I found in my jacket pocket to the responsible part of myself who would put it in the piggy bank.

I daresay I was almost excited after I picked up the phone. It’s a little embarrassing to admit certain types of scam calls make me excited, but, hey. We’ll just chalk it up to the quarantine lifestyle.

The call I received was exciting because I hadn’t considered it for several years. It’s been about three or four years since I’ve read anything about it. Even then, reports about it were dubious at best. It was a call everyone was getting in 2017, but despite the panic headlines, there were just as many questioning whether or not the scam existed at all.

When I answered the phone, I didn’t get a “hello,” “hi, this is–,” or “is this–?”

The first thing I heard was, “can you hear me?”

Part of the reason I answered with more of a grin than an audible response is the caller caught me in the middle of a vicious battle with my post-holiday writer’s block. Little did the caller know he was doing me a real solid in the middle of the day.

But part of it was also getting that verbal response is the goal of the caller’s game. In 2017, this scam was known as the “Just Say Yes” scam.

This phone scam is actually pretty interesting because although we have a detailed rundown of how it works and what the caller is trying to gain from asking a weird question as a greeting, there are very few documented cases of this scam occurring. If you Google it, the second and third search results are from CNET and Snopes calling these calls a potential hoax.

Here’s how they’re supposed to work:

You receive a call and the caller asks, “can you hear me?” Or greets you with some other question with a yes or no answer.

You say, “yes.” And then the caller immediately hangs up.

The caller asked you a question to get you to say, “yes” because they were recording the call. They now have a recording of you saying, “yes.”

From there, the caller will attempt to gain access to your financial accounts by using the recording of your voice saying a confirmation word. This could result in new accounts appearing in your name or fraudulent charges showing up on your bank statement.

What isn’t up for debate is that these strange calls were all the rage several years ago. Tons of people reported receiving this weird call—and I, myself, received it just now. “Can you hear me?” And then click. There isn’t a question that it’s something that happens.

What IS questionable is whether this call is being made to record your voice and gain access to your personal information.

Back when this “scam” was a hot topic, I even thought it was a weird premise. It’s possible, sure, but…does it make sense?

Think about it: how many customer service phone trees do you use that rely on voice recognition to determine your identity? It would nice to not play 20 Questions every time I need to call my bank, but unfortunately, I’ve had to provide at least three pieces of critical information to prove who I am since the day I had my own bank account.

And that’s another thing. Knowing someone would at least have to provide my birth date and the last four numbers of my Social Security number or account number (probably both) to gain access to my account, what would having a recording of me saying one word do?

So you have me saying, “yes.” What about the other hundred words you’re going to need to use? The call would have to be in two different voices.

I’ve never been sure what having a recording of me saying one word would accomplish. My best guess is because financial institutions often record calls for quality control, it may be a defensive measure in the event the recording of that call is used as evidence to prove fraud. In that case, it might be a good thing to have my actual voice on the line giving someone permission to look into my private information.

But given the fraudster would use far more words than just “yes” to access my accounts, it still seems a little far-fetched.

Nevertheless, there ARE reports—albeit, very few—of people receiving this call and experiencing some kind of fraud soon after the call.

A man in Washington reported receiving this call and finding fraudulent hotel charges on his bank statement several days later. Though he is convinced the call was the source of the mystery charge, there’s little in the way of direct evidence to link the call to the charge. And it still doesn’t explain how the scammer could have made the charge without also getting the victim’s financial details.

According to the director of Consumer Federation of America, it’s possible the people who receive these calls have already had their information stolen. The call might be occurring only because a scammer has already managed to steal your identity.

But if that’s true, I still don’t entirely understand why a scammer would need to go to these lengths to access your financials. Unless they also have a recording of you saying all of your information on top of every other word in the English language, it seems a little pointless. Having had my credit card maxed out by a thief in a matter of hours just weeks ago, I can attest to the fact that nobody needs a recording of your voice to buy 10,000 followers on Instagram on your dime.

And, yes. Someone stole my credit card number to buy Instagram followers. These are strange times we live in.

All my questions aside, did I answer the question with a yes or no? Absolutely not. I’d much rather protect my bank account from any future would-be social media influencers than be right about this scam not making much sense. At the end of the day, I can’t use smugness to pay my light bill. If I could, I’d be cruising around in an Aston Martin right now.

The fact remains this call is still happening and we aren’t entirely sure why. And it’s happening enough that the Better Business Bureau just recently put out warning. It may not make a lot of sense, but as it concerns your money and identity, being safe is always better than being sorry.

At the very least, these calls could be nothing more than a scammer checking for a live phone number. Every time you answer a scam call, you’ve just let an entire network of scammers know you’ll answer your phone. See here if you want to know how THAT works out for you in the end. I’m STILL getting texts because of that little investigation.

The best thing to do is refuse to pick up the phone from an unknown caller. And if you do? Don’t ever say “yes” or “no” to someone asking you a question before they even greet you. I recommend a hearty and cheerful “mmm-hmmm” if you absolutely must speak.

Social media “Secret Sister” gift exchange is an illegal pyramid scheme in a Santa suit, says Better Business Bureau

It’s that time of year,

When the world falls in love,

Every song you hear seems to say,

Merry Christmas,

Please give us your name, address,

The contact information for several of your close friends and family,

And ten dollars, and you might receive,

Up to 36 gifts in return from everyone participating,

In this year’s Secret Sister game!

Well, not every song. But if you spend a lot of time on Facebook during the holiday season, it will probably seem like it.

The “Secret Sister” gift exchange post has popped up on social media going back to 2015, and this year appears to be no different.

If you don’t know what I’m talking about, here’s an example of what the post might look like:

“Creating some positivity?” That sounds like a fantastic idea. After the way THIS year has been going for all of us, positivity is in short supply. Why not join in on a light-hearted Secret Santa while it looks like we won’t be able to join in on any in-person celebrations this winter?

…Aaaand that’s how they’ll get you. That thought process right there. Because although this scam was around long before COVID, it will be far more enticing this year than any previous. We’re all primed to conduct our holiday cheering online—and we’re far more likely to seek out ways to put ourselves in the Christmas spirit after eight months of doom and gloom.

You see, the whole “Secret Sister” thing is a lie. In reality, it’s a clever recruitment tool to get you involved in a good old fashioned pyramid scheme, according to Better Business Bureau.

You throw in $10 and tell your friends. And then they throw in $10 and tell their friends. …And then they throw in $10 and tell their friends… And so on, and so on, and so on, until the last person on Earth has put her Hamilton into the basket and there are absolutely no gifts to go around—assuming anyone gets any gifts in return at all, of course.

To make matters worse, your $10 isn’t the only thing at stake in these gift exchanges. In order to make the sending and receiving of mystery gifts from strangers possible, the exchange operators will need your full name, your address, and quite possibly your financial information depending on how they’re asking you to send your buy-in. That’s MORE than enough information for someone to get the ball rolling on stealing your identity.

Not only is this a pretty straightforward pyramid scheme—which are extremely illegal in the United States—but it’s also a form of illegal gambling, says the U.S. Postal Inspection Services.

Participating in a gift exchange like this could get you in hot water for mail fraud. Note that strange little comment in the example image about “don’t comment that it’s illegal for sending people a $10 Christmas gift.” Yeah. This person knows exactly what they’re doing.

And for the record? It IS illegal.

This scam is mostly being seen on Facebook, but you should keep an eye out for it on all of your social media platforms. It goes without saying you should completely ignore any posts or requests to join any Secret Santa-style gift exchanges with strangers, but if you see any of your friends and family sharing posts like this, give them a heads-up: not only is this a scam, but it’s one that can get everyone who participates into big, big trouble.

“Smishing”: scammers’ newest tool in the smart phone era

Last night, while I was sitting around daydreaming about all the bills I was going to pay on time, I received an unusual text message:

Three delinquent payments, I thought. I only ever have two delinquent payments on my credit report—how dare you suggest I’m the type of person who would have a third!

It just so happens I pulled my free credit reports for the year a few days ago, so I know perfectly well there’s nothing delinquent on my credit record. And while a quick Google investigation didn’t yield any results for this phone number or the verbiage used in that text, I know I’m just one of the thousands of people on the receiving end of this message today.

This is an example of what’s now being called “smishing.”

Don’t be fooled: “smishing” might be one of the funniest words ever invented, but it describes something that could have a dramatically negative impact on your life IF you aren’t on the lookout for it.

“Smishing” comes from the combination of “SMS,” or short message service, and “phishing,” a practice in which scammers pretend to be legitimate organizations seeking information to ensnare victims.

Typically, phishers have relied on casting a wide net of emails to direct victims to bogus websites. Once navigated to the site, users are usually asked to input critical login information or private details a scammer can exploit, but sometimes users are tricked into downloading malicious software that can be used to gain access to sensitive data.

But in 2020, most of us have traded our desktops and laptops for mobile devices. And instead of using email to communicate, we are favoring short message services for an increasing amount of our day-to-day business.

Ten years ago, it would have been unusual to receive a business text.

Today, I would conservatively estimate that I receive between ten and 37 thousand texts a day from my utility providers, my financial institutions, my doctors, mail delivery services, and everywhere I have ever shopped in my entire life. At this point, I wouldn’t be surprised if I received a text message from a gumball machine I put a quarter into in 1995–“WE MISS YOU! USE COUPON CODE ‘GUM95’ TO GET YOUR FREE CHERRY DUBBLE BUBBLE TODAY!” Things have really gotten out-of-hand.

Naturally, our growing trust and comfort with conducting business over text messages has created a favorable environment for phishers to move their operations to SMS.

In fact, the environment is so favorable, scammers are—excuse me for a second. I just got a text notification.

Nevermind. Just another smish. And from the same scammer, too. Check out that URL.

Anyway. Now, what was I talking about…

…Oh, right.

The environment is so favorable for text-scammers that they stand to make more money duping users through texts than they ever did through email. As many as 98% of text messages get opened compared to 20% of emails, and 45% of texts get responded to versus a measly 6% of emails.

Case in point: the reason I received a second smish attempt from the same bogus URL is because I opened the first one. Unfortunately, by reading the first text about my derogatory credit marks, I’ve just let the scammer know my phone number is live and I can be intrigued enough to open a message. Though I didn’t take the bait about my credit report, the scammer will likely keep trying me with different tactics hoping he sends me one I can’t resist.

In the phishing game, getting a potential victim to open the message in the first place is half the battle. And phone users, like myself, have proven we are much more likely to open a text than an email.

What the scammer doesn’t know is that I opened his texts to make an example out of him on blog about scams. Sorry to get your hopes up, friend, but thanks for the content!

The rise in smishing success is also largely due to a common misconception that our phones are more secure than our computers. Most of us have had decades to understand our computers are susceptible to malware, scams, and other suspicious activity. But we still don’t have a common understanding that our phones are computers, too. They are just as vulnerable to attack as any other device. We need to view unknown texts with the same amount of suspicion that we do unknown emails on our computers.

Smishing attempts can be about anything, but usually things that would cause a user alarm enough to motivate them to open the message and click a link:

You owe the IRS money.

You have bad marks on your credit report (check!).

You have bad marks on your driving record (double-check!).

You have packages waiting at the post office.

Your bank is closing your account.

You’ve won a prize!

Your Social Security number is being suspended.

Your Apple/Google account has been locked.

You’ve been exposed to COVID (this one is the Flavor of the Month)

If you’ve received something like this, step one is to scrutinize the number of the sender. Many times the number won’t look remotely like a real number. It could also simply say “restricted.” Hard pass on those messages. But, it is worth noting that a scammer can spoof any number they’d like—including those you trust.

Step two is to scrutinize the message content. A lot of these messages are somewhat…bizarre. Using my “Auto Vehicle Department” text as an example, the first thing I notice is…what the hell is the “Auto Vehicle Department?” The next thing I notice is This Sender Definitely Feels Strongly About First Letter Capitalization. That doesn’t strike me as being too professional. I’d certainly expect more from the prestigious Auto Vehicle Department.

These texts will usually include a link. So, step three is DON’T CLICK THE LINK. There is a possibility all it will do is take you to a fake website where the real damage will be done, but there’s also a possibility that just clicking the link will install something nasty on your phone. So the safest thing you can do is not click anything within the message.

LOOKING at the link in the message, however, might give you some further clues it’s illegitimate. The reason I knew my messages were fraudulent is because aside from being really absurd URLs for allegedly important organizations, they are also…the same URL.

…Then again, that could just be a coincidence.

And now that I think about it, I AM pretty concerned about my driving record…

…Maybe I should just check it out a little bit more before I—wait, phone’s beeping again.

Wow! I’ve won an iPad! I’ve always wanted one of those!

Except…there’s those capital letters again.

…And there’s that URL again. I guess that’s a triple-check for today.

I probably should have made “step one” don’t click to open the message in the first place. I have a feeling I’m going to be paying for writing this article for a few days.

…Hang on a minute.

…Yeah, I’m definitely going to be paying for this one.

The data security experts at Kaspersky have some additional tips to protect you from the rise in smishing scams. And as always, if you’re receiving texts like this, report them to the FCC.

Speaking of which, I have some some reporting of my own to do, it seems.

Good luck and stay safe on your phones out there!

Study shows Americans are increasingly comfortable sharing health, Social Security, and financial information in the wake of COVID-19

The Advertising Research Foundation recently released results from its third annual Privacy Study, a survey conducted to find out how Americans perceive and treat their personal and private information. Among other things, the survey measures how well Americans understand privacy terminology and concepts, and how willing they are to release different kinds of private data.

This year’s study occurred within the context of the COVID-19 pandemic, a unique environment where we’re being asked to share deeply personal information we might not otherwise. Not only are we readily sharing medical information in an effort to slow the virus’ spread, but we’re also engaged in a nationwide discussion about hardship—one that shines a spotlight on our individual finances.

Given the dialog about contact tracing, personal health habits, and economic relief, most of us could have guessed at the results of this year’s survey. Though this has been a gradual trend over the years, the 2020 Privacy Study indicates a sharp uptick in how comfortable people are with sharing all kinds of sensitive personal information.

Some examples of this uptick include the amount of people willing to share medical information (34% in 2020 versus 27% in 2019) and an increase in data-sharing among those who have experienced job loss or wage decreases.

It was also found that despite this increase in sharing, more Americans understand the terms of privacy agreements. For example, the study shows that respondents have a much greater understanding of what “third party” information sharing means. Not only are we sharing more of our personal information than in the past two years, but we are also much more aware of what we are agreeing to when we share that information.

It’s not hard to understand why this trend is occurring. We are being actively encouraged to share medical information to help healthcare professionals fight the virus. And we all have a tendency to volunteer our experience when we talk about economic policy and impactful stimulus measures.

But while this sharing is necessary in many respects, it can also make us susceptible to the dangers of putting too much out there to too many people.

Within the first weeks of COVID making it to our shores, financial predators repainted, refurbished, and reintroduced their scams to suit our pandemic-anxious climate. Instead of impersonating Social Security Administration workers or law enforcement, they now impersonate doctors, nurses, and contact tracers. Instead of offering lottery prizes, they now offer COVID testing and stimulus checks.

The critical takeaway from this study is knowing that we’re living in a world where we are being asked to share more and more—and most of us are doing it.

Unfortunately, the more we put our concerns about our privacy to the side for the greater good, the more we prime ourselves to be okay with it in the future. And that could create a pretty big problem moving forward.

We say all of this just to remind you to stay vigilant about who you tell what. There are so many reasons why putting your experience out there is important—we rely on people telling their stories about illness and financial struggle to advocate for positive change.

But not everyone who asks to hear your story is trying to work for you. Some of them might be actively working against you. And they don’t need very much information about you to do it.

So continue to be mindful and alert when it comes to your personal information. This is both true of direct contact from a potential scammer AND generally sharing your personal details on social media. Ask those who may approach you to share your personal information to verify their identity or purpose, and never, ever feel like you HAVE to trust someone asking for it.

Cell phone users receiving “missing package” texts are in for a nasty surprise

Have you received a text lately that looks like this?


I certainly hope not. If you have, there’s probably a very high likelihood you clicked the link. Even if we were living in a normal situation, it would be almost impossible to resist finding out what you could possibly have stuck at the post office.

But we aren’t living in a normal situation. Thanks to COVID-19, we’re shipping and receiving more packages than ever. And with nationally reported postal slowdowns, a lot of those packages are stuck in shipping limbo for unusually long periods of time.

If YOUR experience of the past few months is anything like mine, you probably have 2, 3, 4…15 packages floating around in the postal network right now. And you’ve probably also lived the joy of seeing that “scheduled for delivery tomorrow” on the shipping tracker about five days past “tomorrow” with no kind of update.

So, if I was to receive this text? I wouldn’t be surprised. Not only do have no idea where some of my packages are right now, but in my late night quarantine boredom, I may have made one or two completely unnecessary purchases I no longer even remember.

…Okay, fine. It’s more than one or two. I admit it, I admit it.

Fortunately after writing so many of these blogs, I’m thoroughly convinced no one has ever sent me a legitimate text in the entire history of my owning a mobile device. I say “fortunately” because it’s an extremely convenient excuse to use when you want to ignore people.

No, I’m not ACTUALLY that paranoid yet. But I DO take text messages—and especially links in text messages—from people I don’t know very seriously. There are any number of things clicking a link can do to your device and your personal data if it’s coming from a ill-intentioned sender. It’s always good policy to do some web search homework when you receive a text message like this.

If you performed a quick web search after receiving THIS text, you’d find out pretty quickly this is another one of those risky links.

Officials are sending out a heavy word of warning to anyone who might receive a “missing package” text message.

Users clicking on the link are being navigated to phony Fed Ex and postal delivery login portals and possibly even unknowingly installing malware on their devices. This malware can lock you out of your device, steal the credentials to your email, bank apps, and other critical software, and pull sensitive data from your phone.

If you venture to log in to these fake postal delivery portals, you could also be directed to input vital personal information that could be used to steal your identity.

So, word to the wise: if you become one of the thousands of Americans who receive a text message telling you to visit a link to claim your “missing package?”

Do NOT click the link.

DO block the number and report the sender to the Federal Trade Commission.

The only “package” you’ll be missing by deleting this text message is one you DEFINITELY want to stay lost.