Archive for the ‘Consumer Alerts’ Category

Put the brakes on phony online car sales — FTC offers advice


You can buy practically anything online, including used cars. But before you shell out any hard-earned cash, here’s a warning about scammers trying to sell cars they don’t have or own.

Here’s how the scam works: Criminals post ads on online auction and sales websites, like eBay Motors, for inexpensive used cars (that they don’t really own). They offer to chat online, share photos, and answer questions. They may even tell you the sale will go through a well-known retailer’s buyer protection program. Recently, sellers have been sending fake invoices that appear to come from eBay Motors and demanding payment in eBay gift cards. If you call the number on the invoice, the scammer pretends to work for eBay Motors. Trusting buyers have lost hundreds of thousands of dollars over the past year alone.

So how can you tell if an online car sale is fake?

  • You find bad reviews online. Check out the seller by searching online for the person’s name, phone number and email address, plus words like “review,” “complaint” or “scam.”
  • Sellers try to rush the sale. Resist the pressure. Scammers use high-pressure sales tactics to get you to buy without thinking things through.
  • They can’t or won’t meet in person or let you inspect the car. Scammers might have an excuse, like a job transfer, military deployment, or divorce, for why you can’t see them or the car. But experts agree that you should have an independent mechanic inspect a used car before you buy it.
  • They want you to pay with gift cards or by wire transfer. If anyone tells you to pay that way, it’s a scam. Every time.
  • The sellers demand more money after the sale for “shipping” or “transportation” costs.
  • The Vehicle Identification Number (VIN) doesn’t match the VIN for the car you’re interested in. A vehicle history report can help you spot such discrepancies.

For more tips, check out and Online Auction Buyers. Want to avoid the latest rip-offs? Sign up for free consumer alerts from the FTC at If you spot a scam, report it at


Keys to avoiding home rental scams — Federal Trade Commission Consumer Information

June 12, 2019

Need more space than an apartment, condo or townhouse can offer, but not ready to buy? A single-family home rental may fit the bill. But not all home rental listings are legit, so here are some tip-offs and tools to help you avoid a rental scam.

According to National Rental Home Council (NRHC) members, who are owners of rental homes, scammers use a variety of tactics to get people’s money. Some hijack a real rental listing by changing the email address or other contact information and then placing the altered ad on another site. Others gain access to keys in lock boxes, make copies, and pose as legitimate rental agents. Still others may list a property that’s already leased and then try to collect application fees, security deposits, and even the first month’s rent.

Here are some tips to help you avoid rental scams:

  • Do an online search of the rental company. Enter its name plus words like “review,” “complaint” or “scam.” If you find bad reviews, you may want to look elsewhere.
  • Got a good vibe? Rental home listings may appear in several places, including rental company websites and online listing services like like Zillow, Trulia or Craigslist. If you see a rental company’s listing on one of those online listing services, do a search of the home’s address to make sure it appears on the rental company’s website. If it doesn’t, it may be a scam.
  • Compare prices. Is the rent a lot less than comparable rentals? That could be a red flag.
  • Take a tour. Ask for identification. Rental agents should have photo ID badges issued by the company that owns or manages the property.
  • Nothing sketchy yet? Apply through the rental company, licensed real estate professional or listings website.
  • Before you sign a lease, look for signs at the rental with the name of the property owner or manager. Call that company before making a deal with anyone.
  • Never pay with cash, wire transfers or gift cards. If anyone tells you to pay this way, it’s a sure sign of a scam. Wiring money is like sending cash — once you send it, you have no way to get it back. As for gift cards, they’re for gifts, NOT for payments.

If you spot a rental scam, report it to local law enforcement and the FTC.

For more tips, see Rental Listing Scams. Want to avoid the latest rip-offs? Sign up for free consumer alerts from the FTC at

Knape & Vogt Recalls Office Workstations Due to Injury Hazard

Name of product:
Sit-Stand Office Workstations

The workstation can malfunction, causing the gas cylinders to separate and forcefully discharge, posing an injury hazard.

Recall date:
May 14, 2019
About 76,000

Consumers should immediately contact Knape & Vogt to arrange for a free in-home/office repair.

Source: Knape & Vogt Recalls Office Workstations Due to Injury Hazard

Recall Details


This recall involves desktop sit-stand office workstations, sold under the brand names: Adas Elevo Sit-to-Stand Desktop, K&A Manufacturing Helium Surface, 3M Precision Standing Desk, Inscape Rockit, Neutral Posture Ergonomics StandUp X1, Workrite Ergonomics Solace Desktop, Volante and IMOVR Ziplift. The black or white workstations can be used in a sitting or standing position. The workstations measure about 36 inches wide by 24 inches deep. They have two handles and two hydraulic gas pressure cylinders which enable the workstation to be raised or lowered. Affected workstations can be identified by the Lot Number label located on the inside of the right hand top surface bracket of each unit. Affected lot numbers contain the last three letters “VOL”.

The affected lot numbers include:






Consumers should immediately contact Knape & Vogt to arrange for a free in-home/office repair.


Knape & Vogt has received two reports of the gas cylinder separating from the workstation, in one case, the cylinder discharged from the unit resulting in damage to drywall in an office.

Sold At:

Knape & Vogt authorized sellers nationwide including online at eBay,,,,,,, and from October 2016 through February 2019 for between $350 and $560.


Knape & Vogt Manufacturing Company, of Grand Rapids, Mich.

Manufactured In:
Recall number:

State Publishes Anti-Scam Guide for Consumers Buying Homes

March 28, 2019

Contact: David Leach, Principal Examiner;

In response to a growing number of scams affecting consumers purchasing houses, the state’s Bureau of Consumer Credit Protection announced the release of a new consumer publication in its Downeaster series, titled the New Homeowner Anti-Scam Advisor.

Mainers who are in the midst of the mortgage application process, those who are approaching their closing date and those who have just moved into their new homes, are all attractive targets for scam artists, said David Leach, principal examiner at the Bureau and primary author of the booklet. The newest and potentially most costly of these scams occurs when consumers about to close on homes receive email instructions changing the money-wiring instructions for down payments or even entire purchase prices, when those instructions are sent by dishonest individuals who have hacked into the email systems of real estate brokers, closing agents or lenders.

Unless the falsified wiring instructions are discovered and canceled before funds are sent, monies re-directed to fraudulent recipients may be lost forever, said Leach. In one such recent case in Maine, payment was stopped shortly before the funds were wired to a European location.

The booklet, which is available online at, or free in printed form for Maine residents who call 1-800-332-8529, addresses additional scams affecting soon-to-be and new homeowners, including the door-to-door home improvement scam, the transient-contractor driveway paving scam, the fly-by-night roofing scam, the “Sorry I missed you” door hanger ID theft scam, and mortgage modification/foreclosure rescue scams.

With respect to the closing funds redirection scam, Leach said, Last-minute emails instructing consumers where their down payment funds should be sent or notice of surprise additional fees for items already paid for, are hallmarks of scam operators. This new publication gives Mainers the skill-sets necessary to recognize a variety of new homeowner scams and stop the scammers before they separate consumers from their funds.

Online versions of the new guide, and all other Downeaster Common Sense financial publications, can be found at by clicking Publications.  Copies can also be ordered by calling the Bureau of Consumer Credit Protection at 1-800-332-8529 (toll-free in Maine) or 624-8527.

The Maine Bureau of Consumer Credit Protection was established in 1975 to enforce credit-related consumer laws. The agency licenses lenders, creditors and collectors; conducts periodic examinations of creditors to determine compliance with state laws; and responds to consumer complaints and inquiries. The Bureau operates the state’s pre-foreclosure hotline, referral and counseling service, and provides speakers to advise consumers and creditors of their legal rights and responsibilities.

Last Updated: March 26, 2019 4:45 PM

Too Many Consumers Believe Identity Theft Services Can Remove Personal Data from the Dark Web

Many Also Believe ID Theft Services Can Prevent Use of Information Sold on Dark Web

Press Release

March 19, 2019

Washington D.C. — A new survey commissioned by the Consumer Federation of America (CFA) revealed that 36 percent of consumers who have seen ads for “dark web monitoring” incorrectly believe that identity theft services can remove their personal information from the dark web. An equal number (37%) mistakenly believe that these services can prevent people who buy their personal information on the dark web from using it.

“Our survey indicates that many consumers are making assumptions about how dark web monitoring protects them that simply aren’t true,” said Susan Grant, CFA’s Director of Consumer Protection and Privacy. “Dark web monitoring may be able to alert consumers that their stolen personal information is being offered for sale on the internet, but it can’t put the genie back in the bottle.”

CFA commissioned the survey because dark web monitoring is featured in many advertisements for identity theft services. “The dark web sounds scary, so there is the potential for advertising that plays on consumer fears,” said Ms. Grant. The dark web, which is a small part of the internet, can only be reached by special browsers. Those browsers disguise the computers that are being used, providing a high degree of privacy. While the dark web is used for many legitimate purposes, including by whistle-blowers, investigative journalists, people organizing against repressive governments, law enforcement agencies, and others who need to shield their identities and locations in order to communicate safely, it is also attractive to people who take advantage of its anonymity to sell stolen personal information and other illicit goods and services.

Identity theft services that monitor consumers’ personal information, including on the dark web, can be helpful in alerting them about possible fraudulent use of their data. These services also provide advice about what to do to avoid or limit the damage that could be caused and remedy any problems that have occurred. They can’t erase the information on the dark web, however, or keep buyers from using it.

When information about consumers resulting from identity theft shows up in records maintained by legitimate companies, agencies or organizations, it can be corrected or removed. That is not the case in the dark web marketplace. “The people who trade in consumers’ personal information on the dark web aren’t going to cooperate with an identity theft service or anyone else who asks them to remove the information, stop selling it, or not to use it,” Ms. Grant said.

In collaboration with identity theft service providers and consumer advocates, CFA issued Best Practices for Identity Theft Services several years ago to encourage companies to provide clear, complete information about their services and discourage unfair and deceptive practices. The Best Practices document addresses many concerns, including the fact that the benefits and limitations of some identity theft services may not be easy for consumers to understand, and calls for clear and unambiguous explanations. It also says that identity theft service providers should be careful not to overstate or misrepresent, directly or by implication, how the features of their programs help consumers. “It is worrisome that more than a third of consumers who have heard about these services think they can remove or prevent the sale of their information on the dark web,” said Grant. “It would be helpful for the companies that offer dark web monitoring to do a better job explaining its limits as well as its benefits.”

To address consumer misperceptions, CFA has developed a short consumer guide, Dark Web Monitoring: What You Should Know, explaining what the dark web is, how dark web monitoring works, and what to do if one’s information is in danger of fraudulent use. CFA has also updated Nine Things to Consider When Shopping for Identity Theft Services to help consumers learn more about identity theft services and what they can do to reduce the chances of becoming identity theft victims, spot fraud, and remedy problems. CFA’s website also provides additional information about identity theft from many trusted sources.

FTC’s Tech Support Takedown 2019

We read you loud and clear! Last year, the FTC got nearly 143,000 reports about tech support scams. We’ve been warning people about this type of scam for years. But one piece of information in the FTC’s newest Consumer Protection Data Spotlight was an eye-opener. People 60 and over were about five times more likely than younger people to tell us they lost money on this scam, even though they were less likely than younger people to say they lost money to many other types of scams.

The FTC has brought many cases against tech support scammers, including our case just announced against Elite IT. With our law enforcement partners at the Department of Justice, other federal and state offices, and international colleagues, we’re fighting to protect older adults. And this is all part of the largest-ever nationwide elder fraud sweep focusing on tech support fraud.

But that’s not all. Visit to see, hear, and read how to help the people you care about spot and avoid these scams – and get tips on what to do if you were scammed. Need a quick, shareable (and printable) snapshot on how to spot tech support scams? Check out our tech support scam infographic.

And, because we save the best for last, check out our new video – a compelling first-person account of how Mr. Donald Holmes of Arizona faced a tech support scam, and what he did about it.

How to Avoid a Tech Support Scam
The first-person story about a retired business consultant’s tech support scam experience, what he did about it.

Spotted a tech support scam? Report it at And after you report it, use this handy information from to talk to your family and friends about what happened so they can avoid it too.


Dealing with Ransomware: advice from KrebsOnSecurity

What should be done, if you too are being harassed online by someone using your own email and threatening to reveal all to everyone in your address book?  First you appeal to your security software vendor.  Then you take the advice given and share with your readers.

Jul 12, 2018

Sextortion Scam Uses Recipient’s Hacked Passwords

Here’s a clever new twist on an old email scam that could serve to make the con far more believable. The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist? The email now references a real password previously tied to the recipient’s email address.

The basic elements of this sextortion scam email have been around for some time, and usually the only thing that changes with this particular message is the Bitcoin address that frightened targets can use to pay the amount demanded. But this one begins with an unusual opening salvo:

“I’m aware that <substitute password formerly used by recipient here> is your password,” reads the salutation.

The rest is formulaic:

You don’t know me and you’re thinking why you received this e mail, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).

BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT8V72
(It is cAsE sensitive, so copy and paste it)


You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.

KrebsOnSecurity heard from three different readers who received a similar email in the past 72 hours. In every case, the recipients said the password referenced in the email’s opening sentence was in fact a password they had previously used at an account online that was tied to their email address.

However, all three recipients said the password was close to ten years old, and that none of the passwords cited in the sextortion email they received had been used anytime on their current computers.

It is likely that this improved sextortion attempt is at least semi-automated: My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.

I suspect that as this scam gets refined even more, perpetrators will begin using more recent and relevant passwords — and perhaps other personal data that can be found online — to convince people that the hacking threat is real. That’s because there are a number of shady password lookup services online that index billions of usernames (i.e. email addresses) and passwords stolen in some of the biggest data breaches to date.

Alternatively, an industrious scammer could simply execute this scheme using a customer database from a freshly hacked Web site, emailing all users of that hacked site with a similar message and a current, working password. Tech support scammers also may begin latching onto this method as well.

Sextortion — even semi-automated scams like this one with no actual physical leverage to backstop the extortion demand — is a serious crime that can lead to devastating consequences for victims. Sextortion occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favors, or money.

According to the FBI, here are some things you can do to avoid becoming a victim:

-Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.
-Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know.
-Turn off [and/or cover] any web cameras when you are not using them.

The FBI says in many sextortion cases, the perpetrator is an adult pretending to be a teenager, and you are just one of the many victims being targeted by the same person. If you believe you’re a victim of sextortion, or know someone else who is, the FBI wants to hear from you: Contact your local FBI office (or toll-free at 1-800-CALL-FBI).

%d bloggers like this: