Don’t open emails to ‘confirm’ online shopping orders you didn’t make

CONSUMER FORUM

By Russ Van Arsdale, executive director Northeast CONTACT

Posted Dec. 07, 2014, at 11:09 a.m.

Click image to file

Pay close attention: If you receive an email that appears to be from Home Depot, Costco, Target or Wal-Mart about an order you don’t recall placing, you might hear a faint “ho, ho, ho.”

That sound would be the laughter of the scammers, hoping you’ll click on the nasty link included in their message. That link will download malicious software that could steal your passwords or other sensitive data or do other damage to your computer.

The scheme surfaced around Black Friday, the most frenzied of shopping days when visions of bargains may have shoved most consumers’ reality checks aside. That’s what the scammers count on.

If you received a phony email and deleted it without clicking on anything, there should be no adverse effects. If you did enter a credit card number or other personal details to “confirm the order,” notify your bank or the issuer of your card right away. Tell them you were the victim of a phishing scam so they can keep an eye on your account for fraudulent purchases and issue you a new card if necessary.

The fake emails show a new level of savvy on the part of the scammers. They have copied company logos and key wording to make the email appear real — though the phony Home Depot message urges the recipient to “sing up” for supposed savings when we assume they meant “sign up.”

Wal-Mart used social media to alert consumers to the scam, posting a picture of the phony message, which included the following bungled grammar: “This letter is to advise you about the order we have which is addressed to you. You have 4 days to pick it in any Local Store of Walmart.”

Then comes the instruction to “follow this link” for more information. However, clicking there will certainly spell trouble. Wal-Mart advises customers who have placed orders to delete the bogus emails and instead log into their website at walmart.com to check the status of orders and delivery details.

As always, keep virus software up to date on all computers.

“Crooks understand it’s easier to catch victims off-guard during the holidays,” security guru Brian Krebs writes on his website, krebsonsecurity.com.

Cyber junkies will want to know the malware is called Asprox. Krebs describes it as a “nasty Trojan that harvests email credentials and other passwords from infected machines, turns the host into a zombie for relaying junk email … and perpetuates additional Asprox malware attacks.”

Krebs wrote recently that Malcovery — a company that studies email attacks — has identified several basic tipoffs in the subject line of fake messages.

“Acknowledgement of order,” “Order Status,” “Order Confirmation,” “Thank you for buying from [company name]” and “Thank you for your order” are among the subjects most often used by spammers.

If you’re the victim of such a scheme, you can file a report with the Internet Crime Complaint Center. The center is a collaboration of the FBI and the National White Collar Crime Center. You should also file a report with your local law enforcement agency.

You can read PC World’s article on safer online shopping at pcworld.com/article/2018995/safe-online-shopping-10-tips-to-avoid-getting-burned.html.

Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s all-volunteer, nonprofit consumer organization. For assistance with consumer-related issues, including consumer fraud and identity theft, or for information, write Consumer Forum, P.O. Box 486, Brewer, ME 04412, visit https://necontact.wordpress.com or email contacexdir@live.com.

WABI appearance

Beware of check overpayment scam when selling goods online

CONSUMER FORUM

By Russ Van Arsdale, executive director, Northeast Contact

Posted June 23, 2012, at 2:42 p.m.

“It sounds ‘fishy,’ and we are both hesitant to cash the check that was received in the mail today.”

That statement was near the top of a letter we received recently from a consumer in the Bangor area. Her father-in-law had listed an item for sale on The Maine Marketplace. He had received an email from someone calling himself or herself Lemmy Curtis, expressing interest. What caught our writer’s eye was the writing style.

“I am so much interested in purchasing it, So I will really appreciate it if you can get back to me … Am awaiting your quick response so that we could proceed further …”

A return email gave the asking price and condition, and suggested a phone call for more information. The response: “… would’ve loved to call but I am an hearing impair.”

A follow-up email from our syntax-challenged would-be buyer asked for the seller’s name, address, landline and cellphone numbers and proposed a deal. The buyer would send a check for the asking price, plus “some excess funds meant for the shipping company,” plus $50 “for your compensation of the stress you may go through.”

There it was. The tipoff that this is one of an increasingly common type of rip off called the check overpayment scam. The Federal Trade Commission, or FTC, rates it the fifth most common telemarketing scam, and the fourth most common Internet scam reported. And the numbers are growing all the time.

Our volunteer caseworker who received the inquiry advised the writer that her suspicions were justified. Anytime someone asks to send you a check for more than the asking price of an item, you can bet on two things: the check you receive will be worthless, and you will be stuck for any money you send to the “buyer.”

The checks look real. These crooks use high-quality paper, so good it fools some well-trained bank employees who have been asked to deposit them; that done, the crooks ask you to wire them some money. Of course, when the check fails to clear, it’s the seller who is on the hook.

Legitimate buyers will never do this, and legitimate buy-and-sell sites discourage such lawbreaking. The Maine Marketplace urges people who believe they have been contacted by scammers to ignore them; you can’t get burned if you don’t respond. Uncle Henry’s has a list of hints on avoiding fraud, starting with an appeal to deal with people you can meet in person; offers to buy originating in other countries often mean scam.

Another sound piece of advice comes from the FTC website: There is no legitimate reason for someone who is giving you money to ask you to wire money back. Besides not passing the straight-face test, such a tactic is designed to have you lose your money to a criminal whom you cannot track.

The FTC asks consumers to report check overpayment scams to their state Attorney General, the National Fraud Information Center/Internet Fraud Watch, operated by the National Consumers League, at www.fraud.org,or by calling 800-876-7060 or directly to the FTC atwww.ftc.gov or 877-FTC-HELP. There’s more advice on avoiding Internet fraud atOnGuardOnline.gov.

If you receive a phony check in the mail, postal inspectors would like to know. You can file a complaint electronically at postalinspectors.uspis.gov/forms/MailFraudComplaint.aspx, or you can print and mail the form if you prefer.

Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s membership-funded, nonprofit consumer organization. Individual and business memberships are available at modest rates. For assistance with consumer-related issues, including consumer fraud and identity theft, or for information, write Consumer Forum, P.O. Box 486, Brewer 04412, visit necontact.wordpress.com or email contacexdir@live.com.

Maine’s Office of Securities Issues Advisory to Warn Consumers about “Crowdfunding” Investments

Agency Encourages Business Development, but Urges Caution with New Kind of Offering

GARDINER – Maine’s Office of Securities issued an advisory Tuesday warning investors to approach “crowdfunding” investment opportunities with great caution.  The advisory accompanies this news release and is posted on the Office’s website at www.investors.maine.gov.

Crowdfunding is an online money-raising strategy that began as a way for the public to donate small amounts of money, often through social networking websites, to help artists, musicians, filmmakers and other creative people finance their projects.

Through the federal Jumpstart Our Business Startups (JOBS) Act, small businesses and entrepreneurs will be able to tap into the “crowd” in search of investments to finance their business ventures.  Under the new law, however, these investments opportunities will not be regulated or scrutinized for their legitimacy.

“The Office of Securities encourages business development and investment opportunities, but because the potential for fraud with crowdfunding is significant, investors must be extremely cautious,” said Maine Securities Administrator Judith Shaw.  “Crowdfunding will be exempt from oversight—making it even more important for potential investors to do their research, checking references and asking the right questions.”

Congress enacted the JOBS Act last month and directed the Securities and Exchange Commission (SEC) to adopt rules within 270 days to implement a new exemption to allow crowdfunding.  Until the rules are adopted any offers or sales of securities purporting to rely on the crowdfunding exemption would be unlawful under the federal securities laws.

“Before the SEC rules are adopted, investors should beware of promoters who jump the gun by offering investments through crowdfunding now,” Administrator Shaw added. “Once exempt, crowdfunding investments will not be reviewed by regulators before being offered to the public, nor will they be required to provide the same level of disclosures to investors or regulators that are required of securities offerings.  Investors should expect to be bombarded with offerings and sales pitches.”

Similar exemptions, such as the 1996 passage of the National Securities Markets Improvement Act (NSMIA) which prohibited states from reviewing private offerings made under SEC Regulation D Rule 506 before they were sold to the public, led to many cases of fraud and numerous scams.  The North American Securities Administrators Association (NASAA), of which Maine’s Office of Securities is a member, reports these offerings are the most frequent source of enforcement cases handled by state securities regulators.

In issuing the crowdfunding advisory, Administrator Shaw also announced that NASAA has created a new task force to focus on Internet fraud.  The Internet Fraud Investigations Project Group was formed to monitor crowdfunding and other Internet offerings.

Consumers with questions about crowdfunding offerings, or any other investment issue, should contact Maine’s Office of Securities before investing.  The Office can be reached toll-free at 1-877-624-8551.  Information is also available online at www.investors.maine.gov.

The Office of Securities is part of Maine’s Department of Professional and Financial Regulation, which encourages sound ethical business practices through the oversight of insurers, financial institutions, creditors, investment providers, and numerous professions and occupations for the purpose of protecting the citizens of Maine.  Consumers can learn more about the Department at www.maine.gov/pfr.

###