Online sellers, don’t be fooled by spoofed PayPal emails

/in /by

Scammers posing as buyers of items for sale online have mastered the art of spoofing PayPal emails to instruct sellers to send their items and get away with them for free.

With summer’s long-awaited arrival comes barbeques, vacations, and the long put-off tasks of cleaning out a garage or closet. If you are like millions of Americans that turn to websites like eBay, Craigslist, or your local classifieds section to help declutter your home and earn some extra cash, you may be at risk for the “check is in the mail” scam (also known as the “PayPal buyer payment scam.”)

In the last year, complaints to NCL’s Fraud.org from consumers who were victims of this scam have nearly doubled. In a typical scam, a consumer who has placed an item for sale on a website like Craigslist receives a reasonable offer from a scammer posing as a buyer. The scammer and the seller agree on the price, and the scammer claims to send their payment through PayPal.

However, unbeknownst to the seller, the scammer never sends their payment to PayPal. Instead, the scammer sends a spoofed PayPal email saying that the payment has been received, but that it will only be released to the seller once that item has been mailed by the buyer. Unfortunately for the seller, the buyer has no intention of ever sending the money, and will disappear as soon as they receive the item without ever paying for it.

The account one victim from Tennessee gave us is typical of the scam:

“I listed a diamond ring for $7,000 on eBay and received a purchase confirmation,” wrote the consumer. After accepting the offer, “I began to receive fake PayPal emails…informing me the payment had been sent but that the item needed to be shipped prior to the funds being deposited into my PayPal account.”

In this case, the scammer went to great lengths to appear legitimate by requesting additional photos of the item from the seller and providing confirmation after the seller sent the scammer the tracking number. The scammer even provided assurances that the money was on its way after the item had been shipped.

Fortunately, while getting ensnared in a “check is in the mail” scam can be costly, there are several tips that you can take to avoid becoming a victim:

  1. Be on the lookout for spoofed emails. A legitimate email from PayPal will always address you by your first and last name. If the email begins with “Dear user,” or “Hello,” it is a fraudulent email.
  2. Always confirm payment before sending an item. Never trust an email to determine if you have received payment. Instead, type www.paypal.com into your browser and log into your account to ensure that payment has been received.
  3. Be wary of “accidental” overpayments. Many fraudsters will send out a spoofed email that says you were overpaid for an item, and then follow up with a request for you to send some of the money back. Fortunately, it is very easy to fact check the buyer’s story. Before sending money back, log into your PayPal account and check to see how much the buyer actually sent you. It is likely that the buyer didn’t send you any money and is instead trying to not only get your item for free but also to scam you into sending them additional money.

Identifying a “check is in the mail” scam is not always easy. If you suspect that you have become a victim, report it immediately. You can file a complaint at Fraud.org via our secure online complaint form. We’ll share your complaint with our network of law enforcement and consumer protection agency partners who can investigate and help put fraudsters behind bars.

Read our other Fraud Alerts here.

Typosquatters waiting to pounce on your errant keystrokes

/in /by

We all make typos, but if you are unlucky enough to make one while entering a web address into your browser, you could fall victim to the typosquatting scam.

The typosquatting scam can trick web surfers into downloading harmful computer viruses and giving up personal information, and it can even trick vulnerable children into viewing adult content. Researchers have found that more than 12 million web users have fallen victim to the typosquatting scam in the first 3 months of 2018 alone.

Perpetrators of the typosquatting scam set up web addresses that closely resemble legitimate addresses but contain a common typo such as ending a web address with .cm instead of .com. If a user is unlucky enough to mistakenly type in the wrong address, they may be taken to a booby-trapped website filled with viruses and malware, or to a website that looks just like the legitimate website but is designed to gather their personal data for scammers. Alternatively, these fake website addresses can be set up to sell knock-off imitation products to consumers who believe they are shopping at the real retailer.

Making typos is so easy to do, but there are steps you can take to mitigate your risk. To steer clear of the typosquatting scam:

  1. Always double-check the address before hitting enter (or return) to make sure you did not make a mistake. Taking the time to do so can save you the heartache of having your identity stolen or prevent you from purchasing counterfeit products at inflated prices.
  2. Bookmark your favorite websites. Once you are positive that the address you entered is correct, bookmark it. Doing this will save you the time of proofreading each web address and is particularly worthwhile for websites that have access to your financial information.
  3. Use a search engine. If you are not sure what the address is for a certain site, consider using a search engine like Google, Bing, or DuckDuckGo. When you are searching for the proper website, be sure not to include .com in your search. Search Engines like Google have algorithms that will most likely point you in the right direction.
  4. Be wary of links found in social media posts, which can often lead to typosquatters. Before clicking on a link or search result, look for red flags in the web address like:
    • A .com ending for a government website
    • Extra text following a .com like, www.example.com-(text)
    • A misspelling of the company’s name
    • Typos in the domain (.com, .gov, .org, etc.) — such as the web address ending with .cm instead of .com

Spotting fake websites is not always easy. If you realize you have entered one of your passwords on a typosquatter’s site, change your password immediately. Once you secure your accounts, file a complaint at Fraud.org via our secure online complaint form. We’ll share your complaint with our network of more than 200 law enforcement and consumer protection agency partners who can and do put fraudsters behind bars.

Read our other Fraud Alerts here.

Cell phone ‘port-out scam’ can threaten bank, other accounts – Fraud.org

/in /by

If you’re like most Americans, your cell phone is probably one of the first things you look at in the morning and one of the last things you look at at night. Imagine then, waking up to find that your phone suddenly doesn’t work, and it’s just constantly in emergency mode. For a growing number of consumers, this is the first sign that they are a victim of the port-out scam.

In the scam (also known as the “SIM-swap scam”), a fraudster tricks a cell phone carrier into transferring or porting a consumer’s legitimate phone number to a phone in a scammer’s controls. Once a number is ported, all calls and text messages that are sent to that number go to the scammer’s phone. With that power, scammers are able to get around security features, like two-factor authentication, that are in place to protect consumers’ sensitive email, banking, and social media account information.

In a typical port-out scam, the fraudster will first obtain key details about their victims, such as the last four digits of a Social Security number, a phone number, name on the account, and the victim’s address–all of which are widely available on online black markets thanks to years of data breaches.

Armed with this information, the scammer then calls the victim’s wireless provider and impersonates their victim. Once the scammer establishes contact with the cell phone company, if the victim did not establish a security pin, all the scammer needs to do is correctly confirm the last 4 digits of their victim’s Social Security number and mailing address. The scammer then asks the wireless company to port “their” number to a different phone. After the carrier switches the victims’ phone number to the fraudster’s phone, the victim’s phone will go dead, and the scammer will then use the phone in his possession to reset passwords or gain entry to accounts that use two-factor text authentication. The most common target for these scammers are bank accounts. Once a bank account is accessed, the scammer can quickly transfer funds to an account that the scammer controls.

This scam can be financially devastating to its victims, but there are several steps you can take to prevent the scam from happening in the first place:

  • Contact your carrier and ask them to add a unique personal identification number (PIN) to your account. This PIN number will need to be provided any time you wish to make a change to your account, including upgrading your cell phone. This extra layer of security will help stem any would-be scammer from running the port-out scam on your phone. The process for adding a PIN depends on your provider. See below for details on how to add an account PIN for each of the four major national wireless providers:
    • AT&T –  Log into your ATT.com account, go to your profile by clicking your name, and under the wireless passcode drop down menu, click on “manage extra security.”
    • T-Mobile – Call 611 or (800) 937-8997 from your cell phone to speak with a customer service agent.
    • Sprint – Sprint automatically requires their customers to set up a PIN when an account is opened.
    • Verizon – Visit vzw.com/PIN or call (800) 922-0204.
  • Always use good password hygiene. Regardless of account, choose a password that is unique, complex, and contains upper- and lower-case letters, numbers, and symbols. It is critical not to reuse passwords across multiple accounts. That way, if one account becomes compromised, then every account with that password can become compromised as well. For the best password security, use a password manager that creates and remembers random passwords.
  • Consider alternatives to text two-factor authentication. For your most important accounts, like your online bank account, see if they allow other versions of two factor authentication such as a security key or or a third-party authenticator app like Authy.
  • Be wary of suspicious emails or phone calls from people purporting to be from your bank. Remember, your bank will never ask you to enter confidential information in an email.

Even despite our best efforts, fraudsters will likely still be able to pull off the port-out scam. If this happens to you, and your phone stops working, you should:

    1. Immediately notify your cell phone provider, and report any fraud to your bank. Quick action on your part can minimize any damage the fraudster could inflict on you. Your cell phone provider can turn off your phone number and prevent scammers from using that number to bypass two-factor text authentication. Notifying your bank the moment you notice unauthorized charges or that you are at risk for fraudulent two-factor authentication can also minimize your liability.
    2. File a report at Fraud.org via our secure online complaint form. We’ll share your complaint with our network of law enforcement and consumer protection agency partners who can investigate and help put fraudsters behind bars.
    3. File a police report at your local police station.

Read our other Fraud Alerts here.

Giving gift cards this holiday season? Resolve to steer clear of gift card resale scams – Fraud.org

/in /by

Gift cards are a popular and convenient gift idea, so it’s no wonder that nearly $27 billion in gift cards are purchased by Americans during the holiday season. For whatever reasons, nearly $1 billion worth of those gift cards go unused by their recipients each year, and there’s even a market for buying back unused gift cards at discounted prices. But, be careful if you intend to sell back an unused card–or else you may fall victim to a gift card resale scam.

Each January at Fraud.org, we see a spike in scams involving the resale of gift cards. In a typical scam, a consumer will attempt to sell their unused gift cards on eBay or Craigslist. Once they find a buyer, they email the codes on the back of the card, and the buyer pays them.  However, unbeknownst to the seller, the fraudulent buyer will cancel his digital payment as soon as he receives the codes and quickly spend the card’s funds–leaving the seller without any payment and with a depleted gift card.

While gift card resale fraud is a concern, you don’t have to be saddled with an unwanted gift card if you have no need for it. Legitimate merchants have started to help consumers sell their cards safely.  If you follow our tips, you should be able to buy or sell on the gift card exchange market without falling victim to fraud.

  1. Know the market. With a legitimate gift card exchange, the gift card will sell for less than its original worth. If you find a seller that is offering to pay face value or higher, it is likely a scam.

  2. Do not sell to unknown buyers. Avoid selling your gift card to someone you don’t know personally. Websites like Craigslist or eBay lack the protections needed to verify that a buyer will not back out on their payment or that the gift card being sold has the advertised amount loaded on it.

  3. Treat your gift card code as cash. Scammers may request that you provide your gift card code so that they can confirm the card’s value. However, as soon as you give it to them, they can empty your card’s funds.

  4. Use legitimate gift card exchanges. If you are not selling to a friend or family member, you should always use a legitimate gift card exchange, such as Cardpool.com or Giftcardzen.com. Legitimate gift card exchanges serve as an escrow service between buyer and seller, offering post-purchase guarantees and payment tracking. Another way to make sure your transaction will be legitimate is to check the Better Business Bureau’s (BBB) complaints for each exchange you are considering, or to use websites like Gift Card Granny to locate the best exchange for your card.

  5. If you are purchasing a gift card, use an exchange that offers balance verification. Make sure the exchange you choose offers balance verification on cards that are for sale. This will assure you that you are purchasing a gift card with the correct amount advertised on it. If the exchange does not offer balance verification, you may be purchasing a gift card with a $0 balance, or a lower-than-advertised balance.

  6. Consider using an in-store exchange or donating your card to charity. If you do not want to use an exchange and you have access to the card’s merchant, you can always trade your gift card in at a store or donate it to charity. Some stores, like Target, allow you to exchange your unwanted gift cards for one of their gift cards. Alternatively, you can try donating your gift card to a charity for a tax write off.

It can be difficult to spot a fraudulent gift card buyer or seller. If you think you may have come across a scam, let us know! Please file a report at Fraud.org via our secure online complaint form. We’ll share your complaint with our network of law enforcement and consumer protection agency partners who can investigate and help put fraudsters behind bars.

Read our other Fraud Alerts here.

Fake MoneyPak websites stealing consumers’ cash – Fraud.org

/in /by

Many of America’s 33.5 million unbanked and underbanked households rely on prepaid debit cards to pay bills and make purchases. Cash reload packs–like Green Dot’s MoneyPaks–are used by these consumers to load money on their prepaid debit cards. While cash reload packs offer people without bank accounts critical access to the financial system, they are also a frequent target of scammers who see them as a quick way to get access to cash.

In the last few months, Fraud.org has received dozens of complaints about a disturbing new scam designed to prey on consumers using MoneyPaks as a payment method. While some of the details of the scam may differ, a consumer is typically tricked out of their money in the end.

A typical MoneyPak scam works like this:

A consumer will go to a retailer such as CVS or 7-Eleven to purchase a MoneyPak to add funds to their prepaid card. However, once the consumer purchases the card, instead of registering the card at the official MoneyPak.com website, the consumer goes to a fake website, sometimes designed to look like the official MoneyPak site. It’s unclear how exactly consumers are finding their way to these fake sites. However, we suspect consumers may find the fake website through an ad they see on a search engine, by mistyping the Web address of the real MoneyPak website, or by malware on their computer misdirecting the consumer’s browser to a fake site. Unfortunately for the consumer, many of these fake websites might look very convincing. Some even have fake customer service phone numbers as part of the ploy. While these sites are fake, the consequences for consumers who fall into this trap are all too real.

In the complaints Fraud.org has received, once the consumer enters a MoneyPak card number on the website or provides the number to a scammer impersonating a customer service representative (to “register” the card, for example), the funds are quickly transferred from their MoneyPak to an account the scammer controls. The consumer will  only become aware of the scam when they check their prepaid debit card’s balance and see that no funds have been transferred to their card. Unfortunately, once this occurs, it is almost impossible to stop the transaction, and the scammer will have already made off with the money he has stolen.

While the results of the MoneyPak scam can be devastating on consumers’ pocketbooks, there are several easy steps you can take to protect yourself from this fraud:

  1. Always type in the www.moneypak.com web address on your browser. There are websites out there designed to mirror the actual MoneyPak website so as to trick consumers into giving up their MoneyPak account number. There are also links which appear to send you to the legitimate MoneyPak website, but it will in fact redirect to a lookalike site. The easiest way to steer clear of this scam is to type in the exact website found on the back of your MoneyPak (www.moneypak.com) and follow the directions carefully.

  2. Never create a MoneyPak account or deposit your MoneyPak into a prepaid debit card over the phone. The only way to create an account or deposit your MoneyPak onto a prepaid card is on the MoneyPak website found on the back of your card. If someone over the phone offers to help you deposit your funds onto your card, it is a scam.

  3. Treat your MoneyPak number and receipt as cash. Anyone who has your MoneyPak number has the ability to drain its funds. Safeguard this number as you would cash and do not give it to anyone who you do not want to have access to your funds.

  4. Remember, no legitimate business or government agency will ever request a MoneyPak as a form of payment. Anyone who is asking you to pay by MoneyPak is most likely a perpetrator of one of the many other MoneyPak related scams.

While MoneyPak is used successfully every day to help consumers access e-commerce, it is important to remain vigilant to protect yourself from falling victim to fraud. If you suspect that you may have become a victim, or if you think you stumbled upon a fraudulent MoneyPak website or phone number, please report it immediately. You can file a complaint at Fraud.org via our secure online complaint form. We’ll share your complaint with our network of law enforcement and consumer protection agency partners who can put fraudsters behind bars. You can also fill out MoneyPak’s Victim Assistance Fraud form, to report fraudulent activity.

Read our other Fraud Alerts here.

‘Blessings’ scams preying on vulnerable guidance-seekers – Fraud.org

/in /by

In an uncertain world, it can be reassuring to ask for advice to help avoid the pitfalls that life inevitably throws at you. In many cultural traditions, people seek out such advice from spiritual guides, seers, gurus, or others who are thought to have special knowledge or abilities. People find comfort and guidance in a variety of ways that are personal to them–but unfortunately, this natural human tendency to seek spiritual advice often makes people a ripe target for fraudsters.

Scams of this type come in many forms–blessings scams, fake fortune tellers, phony psychics–the list goes on and on. What all of these scams have in common is the fraudster’s goal to gain the victim’s confidence and, ultimately, get them to hand over cash or other valuables in exchange for supernatural “help.” What’s worse, many of these scams prey on members of particular ethnic, national, or religious groups, and seek to exploit victims’ trust of members of their communities and the mistrust for traditional institutions like banks or the police.

A common scenario involves a “chance meeting” with a “spiritual healer” who says there is a curse on your possessions that must be removed. The healer will tell you all you need to do is bring your valuables so that he can bless them and remove the curse. When you bring your items to him, you close your eyes as part of the ritual and he takes your bag of items and replaces it with a bag filled with paper. At the end of the ceremony he instructs you not to open your blessed bag for a month or the blessing will be undone. By the time you open the bag and realize your valuables are not there, this “spiritual healer” will be long gone.

Imagine another fortune-telling scam:

You walk into a fortune teller’s business and they peg you as someone who is genuinely troubled, not someone there for fun. The fortune-teller informs you that a curse has been placed on you and that she may be able to remove it, over time, for a fee. After you pay for the service, you come in for an update on the curse’s removal. The fortune-teller informs you that while she tried her best, she was unable to fully remove the curse. She needs more money for an even more elaborate ceremony to try again. Unfortunately for their victims, perpetrators of the “curse” scam will continue “trying” until their victims catch on that they are being duped.

Fortunately, you do not need a crystal ball to identify some of the telltale signs that you may be getting scammed. To steer clear of scam artists, follow these four steps:

  1. Be very skeptical of a fortune-teller who informs you that you have been “cursed” and that you can pay a fee to have the curse removed. Ethical fortune tellers will always disclose the cost of their services upfront and will not uses gimmicks like curses to coerce additional money from you.

  2. If you bring valuables to be blessed, keep your eyes on them at all times. Many scam artists will instruct you to place your belongings in a bag to be blessed, and then swap out the bag once they are able to distract you.

  3. Never accept financial advice from a fortune teller or spiritual healer. Be very wary of phrases like, “tomorrow you will receive a financial opportunity of a lifetime.” Scam artists will often use phrases like this to set their victims up to fall prey to an “investment opportunity” their partner will pitch to the victim tomorrow. If you are interested in investing, check out websites like this one to learn how to start saving for the future.

  4. Never accept medical advice from a fortune teller. While you are free to consult spiritual or holistic healers, all fees should be disclosed upfront, and you should always continue to take any prescribed medications and remain under the care of a licensed medical professional.

Sometimes it may feel like you need to be a soothsayer to identify a fortune-telling or blessing scam. If you think you may have come across spiritual scam, let us know! File a report at Fraud.org via our secure online complaint form. We’ll share your complaint with our network of law enforcement and consumer protection agency partners who can investigate and help keep other consumers from falling victim to these scams and put fraudsters behind bars.

Read our other Fraud Alerts here.

Scammers targeting victims in and out of disaster zones after recent hurricanes, earthquakes – Fraud.org

/in /by

Hurricanes in Texas and Florida. Earthquakes in Mexico. Wildfires in the western states. Devastating natural disasters have been making major headlines in recent weeks. While the human and financial toll these disasters take is bad enough, there’s a category of scam artists that aims to add insult to injury when events like these occur: disaster scammers.

At Fraud.org, we have heard a growing number of complaints regarding three scams in particular that affect consumers both in and outside of disaster zones.

The fraudulent contractor scam

In the aftermath of a major weather event like tornadoes and hurricanes, victims understandably want to fix their homes as quickly as possible. Taking advantage of this, scammers have been known to show up on a would-be victim’s doorstep and offer to start work right away. Here are some red flags to distinguish between a legitimate contractor and a scam artist looking to cause trouble:

  • A “contractor” who asks to be paid in cash. Always pay with a credit card or check. If a contractor asks to be paid in cash, it is most likely a scam.

  • A “contractor” who requests a large upfront payment. Many scammers will request to be paid upfront, and then disappear, never to be heard from again. To minimize your risk, you should try to keep your down payment to around 10 percent of the total cost.

  • A “contractor” that asks you to sign an AOB (Assignment of Benefits). By signing this document, you are giving your contractor control over your insurance policy. This allows the contractor to inflate the cost of your repairs, and could cause a drawn-out legal dispute between you, the contractor, and your insurance company.

If you find yourself in a situation where you need a home repair, follow these tips to protect yourself:

  • Verify that your contractor is properly licenced and insured to complete the work you are hiring them to do.

  • Ask the contractor for references and check consumer review websites. Former client recommendations can offer peace of mind.

  • Write down their driver’s license number and vehicle information (make, model, and license plate number) so that you are able to report them to the authorities if something goes wrong.

  • Get a written estimate and sign a contract before work begins.

  • If you are planning to have your insurance company cover the repairs, be sure to call your insurance agent and confirm that they will cover it.

The charity scam

In the aftermath of natural disasters, many “charities” run by scam artists pop up to take advantage of Americans’ willingness to help others. Follow these steps to steer clear of crooks looking to make a quick dollar off of your generosity:

  • Avoid charities that seem to have sprung up overnight in response to a disaster. Instead, give to charities with a proven track record of helping natural disaster victims.

  • Make sure the charity you are donating to is legitimate. You can do this by checking out websites like Charity Navigator,Charity Watch, orGuideStar. There you can find information like tax records that explain what the charity does, how long they’ve been doing it, and who their head employees are.

  • Pay by credit or debit card. That way, if the charity turns out to be a scam, you can dispute the charge.

  • If you receive a solicitation from a group fundraising on behalf of another organization, be sure to ask what percentage of a donation is kept by the fundraising organization. If the caller is unable or unwilling to provide that information, or if the fee seems unusually high, it could be a scam.

The storm-damaged used car scam

Vehicles damaged by floods and hurricanes are often cleaned up and shipped across the country to be re-sold by unscrupulous car salesmen. While these cars may look and run fine at first, flood-damaged vehicles often have malfunctioning airbags or hidden rust and mold problems, and may not run properly in the long term. To protect you and your family from this scam, follow these steps:

  • Check the vehicle history report through a trusted source like the National Insurance Crime Bureau’s free database.

  • Look for signs of flooding like water stains in the glovebox or fogging inside headlights and tail lights.

  • Consider the smell of the vehicle. While a mildew smell is a definite red flag, a heavy disinfectant smell should also set off your alarm bells, as these heavy-aroma cleaners can be a sign that someone is trying to hide mold.

Natural disaster scams come in many forms and can be difficult to spot. If you think you may have come across a scam intended to take advantage of a natural disaster victim, let us know! Please file a report at Fraud.org via our secure online complaint form. We’ll share your complaint with our network of law enforcement and consumer protection agency partners who can investigate and help put fraudsters behind bars.

Read our other Fraud Alerts here.

“Secret” Federal Reserve account scam increasing in popularity – Fraud.org

/in /by

As summer comes to an end, and we are reconciling our bills from summer vacation or beginning to plan for back-to-school purchases, many of us could use a financial boost. The thought of discovering a “secret” account to pay our bills may be alluring. Imagine learning that there is an account to which you have unknowingly been contributing through payroll deductions. Seems too good to be true? Unfortunately, it probably is, but consumers are reporting that they are falling for the pitch.

Fraud.org has seen a growing number of reports about consumers being scammed into believing that they have a secret bank account at the Federal Reserve that they can use to pay off bills or other debts.

It’s not true–and consumers who are falling for it will find themselves in deeper trouble with the debts they owe. Some consumers may also expose themselves to identity theft or end up facing criminal charges for bank fraud.

The Federal Reserve “secret” account scam typically works like this:

Scammers have set up videos on YouTube that look like public service announcements meant to educate consumers about these secret accounts. These videos walk the consumer through the “process” of looking up their Federal Reserve routing number (which in reality doesn’t exist) and how to make authorized withdrawals. The con artists behind the videos are smart; the videos look legitimate, and the money transfer may even appear to consumers to go through.  However, after the bank has time to review the transfer, it will surely cancel it, and victims of the con may face a slew of fees from their financial institution, and/or the merchant they attempted to pay through the Federal Reserve account.

Alternatively, scammers may choose to reach out to individual consumers via email, phone, and social media. As in the video version of this fraud, the scammer explains to the consumer that the Federal Reserve has a secret account in the his or her name that can be accessed to pay bills or other expenses. However, in this variation, the scammer will require their victims to provide their Social Security number, bank account routing information, or other personal information to “look up” their secret account number. Once this information is provided, the consumer is vulnerable to a slew of dangerous frauds, including identity theft in addition to facing several fees for a bounced payment.

Consumers who have tried to use this secret account to pay bills quickly find out that it doesn’t exist. The reality is that only banks–not consumers–have accounts with the Federal Reserve. But many people don’t know this, and in some cases, consumers will end up owing late fees to the companies they try to pay via the secret account.

Even if you don’t think you’d ever fall for this scam, there are several steps you should take to protect yourself:

  1. Never send your Social Security, credit card, or banking account numbers to anyone who reaches out to you through an email or phone call. Only give this information to financial institutions and merchants you trust–and who you have contacted yourself. This information is often collected by scammers to steal your identity.

  2. Remember: The Federal Reserve only does business with banks and government entities. Individuals are not able to bank with the Federal Reserve. Anyone who tries to tell you otherwise or help you access a “secret account” at the Federal Reserve is trying to scam you.

The Federal Reserve secret account scam is growing in popularity amongst fraudsters. We need your help stopping these scammers in their tracks. If you come across a video or receive a phone call or email telling you about a “secret” account at the Federal Reserve, please report it immediately to Fraud.org via our secure online complaint form. We’ll share your complaint with our network of law enforcement and consumer protection agency partners who can investigate and help put fraudsters behind bars.

Read our other Fraud Alerts here.

Your lucky Facebook friend might be a scammer – Fraud.org

/in /by
Facebook is a great social media channel used by millions of consumers to keep in touch with family and friends. We share pictures, videos, and even private messages with trusted loved ones. But, with data breaches giving hackers what they need to log into people’s accounts, we might not always be communicating with who we think we are.

At Fraud.org, a consumer from Kentucky recently shared her story with us:

“I was contacted by a friend of mine on Facebook, because she had recently won $70,000 and saw that I was on the list of winners as well. She put me in touch with a company that was handling the prize disbursement, and I was told I had to pay $830 to get my prize. This friend of mine lives in my town and is the apartment manager where my blind son lives, so I really thought this was true, and I sent the money. A few days later, the prize disbursement company reached back out to me and requested an additional $1,250 for taxes. I told my friend that I didn’t have it, but she told me she ‘wanted to help’ me out, so she paid the shipping company $500. That left me with a balance of $750 to pay, which I did. I eventually realized that there was no prize and that I had been scammed out of $1,330.”

Turns out our Kentucky consumer wasn’t the only scam victim. Her prize-winning friend had also been hacked. She wasn’t a part of the scam; she was a victim herself–of identity theft!

Over the past 18 months, NCL has received more than 100 complaints about scams committed via social media. The scam our friend from Kentucky fell victim to, which we’re calling the “Facebook friend scam,” is particularly convincing and lucrative for scammers who are able to pose as a friend of the victim.

The pitch is often that the fraudster has just won a prize or qualified for a federal grant, and that the friend they’re writing to will also qualify for the prize or grant. The scammer (still posing as a friend) will inform the victim that all they need to do is pay the tax for the prize, or pay a filing fee to a company in order to receive the winnings. In some cases, fraudsters have even been known to offer to “pay” a portion of the fee or tax as a favor for their friend because they just won the prize as well.

As data breaches continue to give scammers access to account and login credentials, experts predict that this kind of account hijacking is likely to increase and result in more money being stolen from consumers’ pockets as a consequence. Fortunately, consumers can take precautions to reduce the risk of falling prey to these scams and prevent their friends and family from becoming a victim of the Facebook friend scam.

Protect yourself and your social media contacts:

  1. If a friend reaches out to you via email or social media with a deal that seems too good to be true, call them directly to see if they really sent the message.

  2. Reduce the risk of your account from getting hacked. You can do this by:

  3. If your Facebook account is hacked, immediately report it and follow Facebook’s prompts to take the steps necessary to regain control of your account.

Identifying a hacked Facebook account is not always easy. If you suspect that you have become a victim, report it immediately. You can file a complaint at Fraud.org via our secure online complaint form. We’ll share your complaint with our network of law enforcement and consumer protection agency partners who can investigate and help put fraudsters behind bars.

Read our other Fraud Alerts here.

Summer heating up with advance-fee loan scams – Fraud.org

/in /by

Summer has arrived! For many, that means backyard BBQs, road trips, and fireworks. For some, it’s a common time to make a big purchase, such as a new car or a family vacation. Recent college grads who don’t have the benefit of a grace period on their loans will start seeing their first student loan bills this month, which can be an expensive shock.

Consumers who find themselves needing access to quick cash are vulnerable to scammers offering guaranteed loans, so Fraud.org is issuing a warning this month about one of the most commonly reported scams: advance-fee loans.

In advance-fee loan scams, a consumer might see an ad in a respected publication or receive a phone call or email offering loans or debt consolidation. Scammers often offer “guaranteed” low rates regardless of credit history. The most sophisticated scammers will even provide fake application forms seeking personal information (including Social Security numbers) that can eventually be used to help them commit identity fraud.

In order to get the loan, the consumer must provide an upfront (or advance) fee to cover things like “application fees,” “security deposits,” or “insurance.” Once the fee is paid, the scammer will continue requesting additional fees until the victim catches on, at which point the fraudster will simply disappear without providing the loan.

One victim from Pennsylvania shared his story with Fraud.org after he lost $1,800 to an advance-fee loan scam.

“[The loan officer] was so believable. After I spent the entire day on the phone with the loan officer, he conned me into buying iTunes gift cards to pay for loan fees and insurance. It was not until my fourth payment with iTunes gift cards that I realized the reality of the situation. There is no one to help and now no money to pay my bills or feed my children.”

Advance-fee loan scammers are sneaky but can be patient, taking their time to tactfully lure their victims into the trap. Fortunately, there are things that consumers can do to protect themselves from this scam:

  1. Watch out for anyone offering a loan without a credit check. Legitimate lenders require a credit check to ensure that the borrower is likely to pay it back. If a lender says they’ll provide a loan without a credit check, beware! There’s probably an expensive catch, and it may be a scam.

  2. Never wire money to people you don’t know. Legitimate lenders should not ask for payment via wire transfer. One reason scammers ask for this form of payment is because consumers have little recourse to get their money back if they suspect fraud. If a lender is pressuring you to use a wire transfer service to pay the loan, especially if they are asking you to wire the money to an individual and not a loan company, it is most likely a scam.

  3. Never pay with gift cards. Legitimate loan companies will never ask you to pay with gift cards, such as iTunes cards.

  4. Never borrow from a lender who is not registered in your state. All lenders are required to register with each state in which they operate. You can easily check their registration status by contacting your state’s attorney general.

  5. Remember, just because they have an advertisement in a respected publication, or a legitimate-looking website does not mean they are real. Fraudsters know that appearances matter and will often go the extra mile to create a professional-looking ad or website to look convincing and avoid suspicion.

Spotting an advance-fee loan scam can be tricky. If you suspect that you have become a victim, report it immediately. You can file a complaint at Fraud.org via our secure online complaint form. We’ll share your complaint with our network of law enforcement and consumer protection agency partners who can put fraudsters behind bars.

Read our other Fraud Alerts here.

NCL’s Programs

NCL-logo

Fraud.org is a project of
The National Consumers League.

info@nclnet.org
(202) 835-3323

1701 K St NW
Suite 1200,
Washington, DC 20006

© Copyright 2025. All rights reserved.