In an imposter scam, fraudsters take on the identity of someone else — a government agency, a sweepstakes company, or even a relative desperate for help — to pressure victims into paying money for taxes, a prize, or a quick personal loan. Regardless of the ruse, these scams are designed to do one thing: quickly separate victims from their money.

Imagine the scenario: Your phone rings and the voice on the other end congratulates you for winning a sweepstakes. Great news, right?

Now imagine another scenario: You receive a call from someone claiming to be tech support for your computer. They say they’ve received reports that your machine may be infected with a virus and they need you to give them access so they can look into it.

Here’s an even worse thought: Your phone rings, but the caller says that they’re with the IRS, that you owe the government money, and that you will go to jail if you do not pay up immediately.

Depending on which scenario plays out on your phone line, you could be overjoyed or afraid. The odds are, however, that regardless of whether the caller says you’re a sweepstakes winner or that you owe the government money, you have just become a victim of one of the most popular scams around: the imposter scam.

In imposter scams, con artists pose as someone else — the IRS, a sweepstakes company, or a long-lost relative in need. The caller might say they need money for unpaid “taxes” owed to the IRS, or “processing fees” to claim a prize, or “lawyers fees” to get a loved one out of a jam. The set-ups vary, but these high-pressure con artists are good at what they do — convincing victims they need to pay up — or hand over personal information — in order to quickly resolve an issue.

If the victim agrees to pay, scammers typically ask for payment via a hard-to-track method such as a wire transfer, reloadable debit card, or iTunes gift card.

Unfortunately, these high pressure and often intimidating tactics appear to be working. Last year, these scams were the third most common complaint that the Federal Trade Commission (FTC) received, with more than 350,000 consumers reporting they’d fallen victim. They’re also one of the top scams that we hear about at Fraud.org year in and year out.

A consumer complaint we received at Fraud.org recently is typical of this scam. A grandfather in Florida received a phone call from a girl in tears pretending to be his granddaughter. His “granddaughter” said that she was arrested after an auto accident and that drugs were found in her car. The girl was supposedly overseas at the time and said that the American Embassy needed $1,150 to be wire transfered to her attorney overseas so that her lawyer could pay her bond, and then get her on an evening flight back home.

In this case and many others, the consumer fell victim to the imposter scam and lost the money he was tricked into sending the scam artist.

With the imposter scam coming in so many different variations, how can you and your loved ones learn to spot it and avoid becoming its next victim? Here are some basic tips you can use to help identify and protect yourself from a potential imposter scammer:

1. You can’t trust Caller ID. Scammers are pro’s at tricking Caller ID systems into showing the caller information they want it to show. Just because the Caller ID says “IRS,” “police,” or “National Consumers League,” that does not guarantee that the person on the other end is with that organization.

2. Don’t engage. Hang up. If you receive a call from someone urgently requesting money, don’t try and figure out whether they’re legitimate or not while they’re on the phone with you. Scammers are professionals who know exactly what buttons to push to get you to make a quick decision. The best thing you can do is simply hang up.

3. Be careful of emails, too. Scammers also run the imposter scam over email. If you receive an email from someone demanding money right away, it’s probably a scam. Instead of replying, simply delete the email. Don’t click on any links or attachments that come with the email. They could contain malware that will infect your computer and steal your personal information.

4. Look up the information on your own. If you’re concerned that the caller or email sender was for real, look up the phone number for the individual or agency in your phonebook or on the agency’s or company’s official website. Call that number yourself and check to see if what you were told by the caller is accurate.

5. Never pay for a prize. If someone informs you that you won a prize, you should not have to pay any taxes, delivery fees, or insurance payments to collect it. If they tell you otherwise, it’s a scam.

6. If asked for payment with a wire transfer, cash-reload card, or gift card–it’s a scam. These are all ways that scammers love to be paid because it’s practically impossible to track.

7. Report suspected fraud. If you become a victim of an imposter scam or you suspect you have spotted one, report it! You can file a complaint at Fraud.org via our secure online complaint form. We’ll share your complaint with our network of more than 90 law enforcement and consumer protection agency partners who can and do put fraudsters behind bars. The Federal Trade Commission also has many great resources on imposter scams available at www.ftc.gov/imposters.

8. Print our Avoid Imposter Scams graphic and leave it by your phone to help loved ones know what to do in case they receive a call.

Read our other Fraud Alerts here.

What would you do if you suddenly were unable to access your treasured family photos, work documents, music collection, or other important files on your computer? What if you knew that you could lose them permanently unless you paid a hacker hundreds or thousands of dollars to unlock the files? Would you pay to get your files back?

Few things are more unsettling than watching a computer hacker take over your computer and demanding a ransom. Yet, more and more Americans are faced with these ransom demands as Internet “ransomware” has grown in popularity amongst fraudsters. In the first three months of 2016, cyber criminals have used ransomware to extort $209 million from businesses, schools, governments, and consumers, according to the FBI.

Ransomware can easily be downloaded onto your computer without your knowledge. This can happen through a number of different ways: by clicking on an infected Internet advertisement, opening an infected email, or by visiting a suspicious website.

Once the infected file is secretly installed, the software will begin encrypting your computer files.  Hackers use advanced forms of encryption so that computer professionals have no way to decrypt an infected computer. Once the hacker has successfully encrypted your computer, it will lock up and a screen will pop up demanding a ransom. The scammer may demand payment via a virtual currency like Bitcoin, a wire transfer, or by some other payment method. Failure to pay in a set amount of time can result in the hacker deleting the key necessary to unlock your files. Then, your files would become permanently inaccessible.

Ransomware has serious real-world implications. Ransomware attacks on several hospitals including Medstar Health, Hollywood Presbyterian, and Kentucky-based Methodist Hospital prevented access to patients’ medical records. Hospitals had to revert back to paper record keeping and many patients in need of care had to be turned away until the ransom was paid or until they were able to relaunch their system. Similar attacks have taken place at other health centers, schools across the country, and even in the U.S. House of Representatives.

Basic steps to protect yourself from a ransomware attack:

1. Backup your important files on a regular basis. That way, if your computer does get hacked, you have a way to recover your important files without paying the ransom.

2. Do not click on suspicious links or attachments in emails.

3. Use reputable security software, which can help prevent you from visiting many malicious websites as well as help identify infected email attachments.

4. If you believe that you may have clicked an infected link, immediately turn your computer off.  Although this will not always prevent the spread of ransomware amongst your computer files, it will sometimes prevent the hacker from being able to encrypt your computer.

Unfortunately, you can never be fully protected from ransomware. If you happen to become a victim, never pay the demanded ransom because you can not be sure that the hacker will give you the key to decrypt your data. In addition, by paying the ransom, you will embolden the hacker to continue their operations, and will encourage other hackers to undertake ransomware operations of their own.

Have you been a victim of a ransomware attack? We want to know! You can file a complaint at Fraud.org via our secure online complaint form. We’ll share your complaint with our network of more than 90 law enforcement and consumer protection agency partners who can and do put fraudsters behind bars.

Read our other Fraud Alerts here.

Unwanted software are programs that are downloaded—often unknowingly as part of a software bundle—that can cause serious problems for computer users. Research into unwanted software infection rates finds that at least tens of millions of computers are infected. Unwanted software is associated with billions of dollars in fraud every year.

How does unwanted software affect consumers?

A consumer’s first inkling that her computer is infected with unwanted software may be when she opens her Internet browser and finds that the browser’s default search engine or homepage has been changed without her consent. In other cases, the unwanted software may cause new tabs to automatically load in the browser, pop-up windows to appear, or even change the browser itself (such as by adding a “toolbar” or extension). Another common symptom of unwanted software is when ads start to appear where they aren’t expected (such as weight loss ads on a children’s website or on browser error screens). Additionally, another form of unwanted software are so-called “PC cleaners” or other programs that claim to speed up your computer’s performance.

Consumers can often be confused about the source of this behavior. First, unwanted software often waits several weeks after download to affect the consumer, meaning that a consumer is unlikely to connect the downloaded software with the problems with their browser. In addition, unwanted software can be hard to find and delete—this software often masks its filename so consumers can’t find it and can regenerate even if it gets deleted.  

While unwanted software can appear to be simply an annoyance that detracts from the experience of using a browser, these dangerous downloads in fact pose a significant security risk to consumers’ personal information. Often, such software will disable security protections and settings to take control of a consumer’s computer, leaving that computer vulnerable to hackers and data thieves.

How prevalent is unwanted software?

Unwanted software has been around for some time, but in recent years, it has become an even bigger concern for Internet users.

For example, a May 2015 study by Google, UC Berkeley, and UC Santa Barbara found that tens of millions of visitors to Google’s serviceshad unwanted adware installed on their computer. Within that group, half had at least two, and nearly one-third of users had at least four such programs infecting their machines. And that’s just for one type of unwanted software infection. Unwanted software was the source of nearly 20% of complaints from Chrome users alone in 2014.

A similar study by security firm Namogoo found that 15-30% of e-commerce website visitors were infected with malware that causes them to view injected ads, malicious links and fraudulent spyware on otherwise legitimate sites.

Research conducted by security firm WhiteOps found that unwanted software such as ad injectors are a significant contributor to the $7.2 billion in ad fraud that occurs every year.

How can you spot unwanted software?

The following are telltale signs of unwanted software:

• “Express” setup options for software. When installing new software, be wary when you’re prompted to use “express” (or similarly worded) setup options. This could allow the program to install unwanted software. Instead, consider a “custom” setup so that you have control over what exactly is being installed.

• Pre-checked boxes. When installing one program (say, a PDF reader), you may notice a pre-checked box offering to install another program (like a search toolbar or antivirus) at the same time. Make sure you review these pre-checked options and uncheck those boxes before continuing setup if you don’t know what they are or they look suspicious.

• No “I decline” option. When installing a new program, you may be prompted to accept an end-user licensing agreement (EULA) as part of the installation. If there’s no “I decline” option with the EULA, or if you’re unable to uncheck the “I accept” box, it could be a red flag that your download is packaged with unwanted software.

• “Download managers.” Most reputable software publisher websites will let you download programs directly from the site. Watch out for websites that make you install a download manager in order to download the software you really want. It’s common for download managers to include additional unwanted software.

Tips on protecting yourself from unwanted software

• Get your software directly from the source. When you’re looking for a new program, look on the publisher’s website first. Software download repositories may bundle in unwanted software with legitimate downloads.

• Avoid clicking on pop-ups or banner ads that warn you of slow performance on your computer. This is often a ruse to lead you to websites that host unwanted software.

• Make sure everything is up-to-date. To best protect yourself, repeatedly update your browser and operating systems; older systems are more susceptible to being infected by malware. Be sure to check for computer and browser updates in computer settings. Ads claiming that your computer software is out-of-date are likely to lead you to more unwanted software.

• Routinely scan your computer. Use antivirus software to regularly scan your computer for programs that you don’t recognize.

• Pay attention when installing new software. When downloading programs and extensions, pay attention to the fine print. In particular, be on the lookout for pre-checked boxes that offer to install things like toolbars or other software in addition to the software you were looking for.

• Heed your browser’s warnings. Most major Web browsers now have functionality built-in that will warn you when you are about to enter an unsafe website. Chances are that if your browser is telling you to not visit a certain website or download a particular program, you’re better off steering clear.

Here are a few examples of warnings from the most popular browsers:

Google

Firefox

Safari

 

What to do if you suspect you’ve already installed unwanted software

Despite our best efforts, it’s still possible to inadvertently install unwanted software. Once it happens, there are several steps you can take:

• Ensure that the latest versions of your browser and operating system are installed. The best way to defend yourself against unwanted software is to ensure that your Internet browser (Safari, Firefox, Chrome, Edge, etc.) and operating system (Windows, OSX, Linux, etc.) are up-to-date.

• Run a security scan using a reputable antivirus removal tool. While this software isn’t perfect, an antivirus tool can help detect and remove unwanted software. If you suspect you have unwanted software on your computer, make sure your antivirus tool is up-to-date and then run a full scan. The antivirus may help to detect and remove such software.

• Check your browser extensions. Unwanted software may be installed as an extension on your browser. You can review extensions and disable suspicious-looking ones by checking your browser’s settings page. Click here for instructions on how to do so for several popular browsers.

• If all else fails, format and reinstall. In extreme cases, unwanted software may be so persistent that it disables operating systems or browser updates and resists antivirus removal. If it comes to that, it may become necessary to format your hard drive and reinstall your operating system and Internet browser. Before you do this however, be sure to create backups of important files (like photos, videos, and documents). WARNING: This may be a time-consuming process and beyond the skill of some users. If you don’t feel comfortable doing so, you may need to look for outside help from your local electronics store or computer manufacturer.

Find Fraud Alerts related to this scam here.

Trying out online dating for the first time or a seasoned dater? Maybe you are one of the hordes of people who look to online dating sites this time of year, when sites typically see a surge in sign-ups before Valentine’s Day. Online dating can be fun and convenient, but falling for an romance scam can be costly. Falling in love with a con artist has consistently been ranked as one of, if not, the most expensive scams for the victims who have shared their stories with Fraud.org.

In 2015, NCL received more than 80 complaints from consumers who were approached by con artists seeking to defraud them through a romantic scheme. Unfortunately, falling for this scam can be extremely costly. It has consistently been ranked as one of, if not, the most expensive scams for the victims who have shared their stories with us. In many cases, consumers report sending tens, or even hundreds, of thousands of dollars to the scam artists.

It’s not hard to see why. Love is a powerful emotion. Most of us would do practically anything to help out a friend or loved one in need. Fraudsters know this, which is why they devote significant time and energy to developing friendships and “love” with their marks. However, these criminals aren’t looking for a soulmate. They’re looking for victims that they can wring every last cent out of.

In many of the stories we hear from consumers, the scams begin the same way. The victim is first approached on an online dating website (Match.com was frequently mentioned in our complaints), a social media platform such as Facebook, or another type of online forum. The con artist may claim to be interested in the victim romantically. When the victim responds, their new “friend” tells them a story about how they are located far away from the victim, often overseas.

As the relationship develops and false trust is built, the “friend” asks the victim to send money to help them out of some fake situation. The “friend”—who is, in reality, a con artist who is likely running the same scheme on other victims—may claim that they need the money to come visit the victim, for medical bills, to get out of jail, or some other reason. If the victim agrees to pay, there will inevitably be more requests for money to cover other fictitious expenses until the victim comes to realize it is a scam and stops paying, or worse, runs out of money to give.

So how can you spot a romance scam and avoid falling victim? Here are red flags that the person you’re dealing with is after your cash, instead of your heart:

• She requests that you wire money or to cash a check or money order for them.
• The “relationship” becomes romantic extremely quickly, with quick pronouncements of love or close friendship.
• He claims to be a U.S. citizen who is abroad, very wealthy, or a person of important status.
• He claims to be a contractor and needs your help with a business deal.
• She makes excuses about not being able to speak by phone or meet in person.
• He quickly asks you to communicate via email, instant messaging, or text messaging instead of the online dating sites’ messaging services.
• She claims to be American, but makes frequent spelling or grammar mistakes that a native English speaker wouldn’t.

If you’ve been approached by someone you think could be a romance scammer or if you’ve already fallen victim, DON’T keep speaking with the person who approached you. Ignore their emails, phone calls, IMs, or other communications. Instead, use the online dating site’s abuse flagging system to mark the account as suspicious and file a complaint at Fraud.org.

Read our other Fraud Alerts here.

From lighting the menorah and trimming the tree to celebrating Kwanzaa and the impending new year, December is a time when friends and family gather to celebrate all the joys the season brings. Unfortunately, it’s also a time of year when fraudsters roll out a cornucopia of time-tested scams to prey on consumers’ holiday habits. Read on to learn about the season’s most common scams so you can spot and avoid them.

Not-so-great holiday shopping deals.

One of the most common complaints we receive at Fraud.org involves consumers who try to take advantage of a “can’t-miss” deal online for popular merchandise, particularly in-demand items such as electronics and fashion. Online classifieds, such as Craigslist, are well-known havens for operators of unscrupulous merchandise sales websites claiming to offer high-dollar items like iPhones or Air Jordan sneakers for a fraction of the typical price. In reality, however, these websites often exist only to harvest consumers’ payment card or personal information to be used by scammers to purchase merchandise elsewhere or commit identity theft.

To reduce your risk of falling victim to bogus holiday shopping scams, consider the following steps:

• If you see a “great” deal online, do a price-check on conventional online retailers (e.g. Amazon, Zappos, Best Buy, etc.) before you enter payment information. If the price you’re being offered is far below typical prices, it could be a scam;
• Check out who’s behind the website you’re shopping at. Take a look at the “contact us” page. If there’s no telephone number to call, or if the number doesn’t work when you call, it could be a scam. Check out the registration details of the web domain at WHOIS.net. Is the website registered in the U.S.? Try calling the phone numbers for the domain’s administrative and technical contacts. If they don’t work, or you are routed to a domain registration company’s support line, it could be a scam.
• Don’t shop at a website that lacks the SSL padlock. Legitimate online retailers should protect the information you share on the site with Secure Socket Layer (SSL) encryption. You can tell if a site uses SSL by the padlock that shows up to the left of the website’s URL in your browser’s address bar. If you don’t see the padlock, shop somewhere else.

Charity scammers prey on consumers’ best intentions.

Non-profit organizations depend on donations from supporters to help them keep the lights on. Charitable fundraising always spikes around the holidays, as consumers look to support their favorite NGOs and get in a handy tax deduction before the end of the year. Unfortunately, scammers are well aware of this trend. December is usually one of the top months that consumers complain about bogus charities that purport to support a good cause, but are in fact little more than fraudulent money-grabs.

Differentiating between a legitimate charity and a scam can be difficult, but the following tips can help you avoid supporting a charity scam:

• If a charity calls on the phone and requests a donation, ask for information like the charity’s registered name, mailing address, and phone number. If the caller is unable or unwilling to provide that information, it could be a scam.
• Before you donate, check out the charity online. Sites like the BBB’s Wise Giving Alliance or CharityNavigator keep information on legitimate charities. If the organization soliciting a donation isn’t listed on one of those websites, it could be a scam.
• If you receive a solicitation from a group fundraising on behalf of another organization (such as a local police or firefighter support group), be sure to ask what percentage of a donation is kept by the fundraising organization. If the caller is unable or unwilling to provide that information, or if the fee seems unusually high, it could be a scam.
• When you do pay, make sure to pay by credit or debit card. That way, if the charity turns out to be a scam, you can dispute the charge.
• The Federal Trade Commission has plenty more tips on spotting and avoiding charity scams here.

Gift card scams can drain your cash.

Gift cards are a favorite present during the holiday season and big business for retailers. A low-tech, but effective, scam is when fraudsters copy the codes and information on gift cards and place them back on the rack for someone else to purchase. They then periodically check online or over the phone to find out if legitimate consumers have purchased the cards and loaded funds on to them. When they get a hit, the scammers will use the codes they obtained to drain funds from the cards.

To reduce your risk from this scam, consider the following steps:

• Examine any gift cards you intend to purchase for signs of tampering — scratches on the card or exposed PIN numbers can be a sign that all is not right.
• Be careful buying gift cards on online auction sites. Despite efforts to police these sites, they are known to be used by scammers to peddle counterfeit gift cards.
• When you purchase a gift card, ask the cashier to scan the card to ensure that it has the correct balance.
• Keep receipts for all of the gift cards you purchase. If you find out later that funds have been deducted from the card improperly, having a paper receipt can help you recover lost funds.

If you’ve spotted signs of any of these scams or, worse yet, if you or someone you know has been a victim, it is important to report it! At Fraud.org, consumers can submit complaints via our secure online complaint form. These complaints are then shared with our network of local, federal, state, and international law enforcement and consumer protection partners who can investigate.

Read our other Fraud Alerts here.