Scam of the day – October 22, 2018 – New Concerns About Hacking Sex Toys

I have been warning you about dangers in the rapidly expanding Internet of things for more than four years.  The Internet of Things is made up of a broad range of devices connected to the Internet including home thermostats, security systems, medical devices, refrigerators, televisions, cars and toys.

Last year the FBI issued a warning to consumers about the dangers posed by hacking of various devices that makeup the Internet of Things.

Here is a link to the FBI warning.

Among the toys that are now part of the Internet of Things are adult toys, namely sex toys. Already millions of people use these toys. There has been a trend in recent years in the sex toy industry to creating sex toys that can connect to smartphones and computers through Bluetooth or Wifi technology that enables the sex toy to be controlled remotely.  While this opens up new vistas for consenting adults far away from each other, it also opens up frightening new opportunities for hackers. Last year Italian researcher Giovanni Mellini published his findings that he was able to remotely hack into and take control of a sex toy described by its manufacturer as “the world’s first teledildonic butt plug.” 

Another concern is the lack of security in the large amounts of data collected by the manufacturers of these toys as to their use by their customers. Like many Internet of Things devices, significant amount of data about the users of the products is gathered by the manufacturers who may sell this information to advertisers, but also are in danger of having the very personal information stolen by hackers.


Many of the devices that make up the Internet of Things come with preset passwords that can easily be discovered by hackers.  Change your password as soon as you set up the product.  Also, set up a guest network on your router exclusively for your Internet of Things devices.  Configure network firewalls to block traffic from unauthorized IP addresses and disable port forwarding.  Make sure that you install the latest security patches as soon as they become available.  Use encryption software for the transmission of data and find out where data is stored and what steps are taken to secure the information.  Also, limit the amount of information you provide when setting up the accounts for the toys.  The less information out there, the less the risk of identity theft.  Finally make sure your router is secure and use its whitelisting capabilities which will prevent your device from connecting to malicious networks.

As for the gathering of personal information from these devices, anyone considering purchasing such a device should check the privacy policy of the manufacturer as well as consider the possiblities of data breaches by these companies.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”

Scam of the day – October 21, 2018 – Two Men Convicted of Car Related Identity Theft

Jankely Hidalgo and Jonathan Sevilla pleaded guilty last week to identity theft in regard to a scheme in which they stole cars from a number of auto dealerships in the greater New York City area. Using forged driver’s licenses and stolen personal information including, most significantly, Social Security numbers, Hidalgo and Sevilla would purchase the vehicles using car loans processed by the auto dealerships. Hidalgo and Sevilla would then take possession of the cars and never make a payment on the loans which would appear as defaulted loans on the credit reports of their identity theft victims thereby dramatically lowering their victims’ credit scores. Hidalgo and Sevilla will be sentenced on November 21st and are facing prison terms of as much as six years. Meanwhile their identity theft victims are left to clean up the mess of their credit reports. Their identity theft victims could have avoided the problem by having credit freezes on their credit reports at each of the three major credit reporting agencies, Equifax, Experian and TransUnion. If the identity theft victims had placed credit freezes on their credit reports, the car loans would not have been able to be processed and the problem could have been avoided. In these days of seemingly perpetual data breaches, it is relatively simple for small scale criminals to purchase personal information including Social Security numbers on the Dark Web where the more sophisticated criminals behind major data breaches sell the personal information they steal through data breaches so it is more important than ever to freeze your credit.


For more information about credit freezes check out this article I wrote for the Saturday Evening Post which described credit freezes in detail.

Pursuant to a new federal law credit freezes can be done at no cost. To get the maximum protection from identity theft, it is important to freeze your credit at each of the three major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”

Scam of the day – October 20, 2018 – Eight People Indicted in Sweepstakes Scam

A federal grand jury in Texas recently unsealed charges against eight men charged with operating a 250 million dollar phony sweepstakes scam and other fraudulent activities. It is hard to win any lottery. It is impossible to win one that you have not even entered and yet scam artists, the only criminals we refer to as artists have found that it is extremely lucrative to scam people by convincing them that they have won various lotteries. The defendants in the Texas case are alleged to have purchased a list of senior citizens to target with their lottery scam. The elderly are frequently targeted in lottery and sweepstakes scams. The targeted victims of the scam received mailed material informing them that they had won a sweepstakes they had never entered. Included in the package of material was a legitimate appearing check, usually in the amount of $8,000. The victims of the scam were advised to deposit the counterfeit check into their bank account and then withdraw between $5,000 and $7,000 in cash or money orders which they were then instructed to mail back in a pre-addressed stamped envelope provided in the package of materials. The victims of the scam were told that these payments were administrative fees required to collect their prize. Of course, the check sent by the scammers was counterfeit, but the cash or money orders sent by the victims from their bank accounts were real and once sent were lost forever.

Most lottery scams involve the victim being told that they need to pay taxes or administrative fees directly to the lottery sponsor, however no legitimate lottery requires you to do so.  As with many effective scams, the pitch of the scammer seems legitimate. Income taxes are due on lottery winnings, but with legitimate lotteries they are either deducted from the lottery winnings before you receive your prize or you are responsible for paying the taxes directly to the IRS. No legitimate lottery collects taxes on behalf of the IRS from lottery winners.  Other times, the scammer tell the “winners” that in order to collect their prizes, they need to pay administrative fees. Often, the victims are told to send the fees back to the scammer by prepaid gift cards or Green Dot MoneyPak cards. Prepaid cards are a favorite of scammers because they are the equivalent of sending cash. They are impossible to stop or trace. Again, no legitimate lottery requires you to pay administrative fees in order to claim your prize.


As I have often told you, it is difficult to win a lottery you have entered.  It is impossible to win one that you have not even entered.  You should always be skeptical about being told that you have won a lottery you never entered.  It is also important to remember in regard to the Jamaica lottery and other foreign lotteries that it is illegal to play foreign lotteries except when you are actually present in the other country.

Receiving a check for more than what is owed you and being instructed to deposit the check and send the difference back to the person sending you the check is at the basis of many scams.
Whenever you receive a check, wait for your bank to tell you that the check has fully cleared before you consider the funds as actually being in your account. Don’t rely on provisional credit which is given after a few days, but which will be rescinded once a check bounces and never accept a check for more than what is owed with instructions to send back the rest. In this particular case, the scam may have seemed more believable because it could appear to the targeted victim that he or she was being apparently being paid from his or her winnings the amount necessary to cover the costs of administrative fees involved in claiming his or her prize, however, as I mentioned earlier, no legitimate lottery requires you to pay an administrative fee to claim your prize.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”

Scam of the day – October 19, 2018 – Medicare Open Enrollment Scams

The open enrollment period for Medicare began on October 15th and continues until December 7th.  This is the only time during the year that people enrolled in Medicare can change their Medicare health plans, Medigap plans and their prescription drug plans.  By now, people already enrolled in Medicare should have received an Annual Notice of Change from their health insurance providers describing any changes to their plans such as the dropping of particular drugs from their prescription drug plan.  If you are satisfied with your plans, you do not need to do anything.

We are only four days into the Medicare open enrollment period and already scammers are hard at work on a number of different scams. Many of these scams relate to those people who still have not received their new Medicare card and are still using their old card that uses their Social Security number as their Medicare number. According to the Centers for Medicare and Medicaid Services while many people have received their new cards, the process of replacing the old cards with new Medicare cards with random numbers will not be completed until April of 2019.

Scammers and identity thieves view the open enrollment period as senior citizen hunting season as myriads of Medicare scams are common during this time. Among the scams are phone calls or emails purporting to be from the Centers for Medicare and Medicaid Services (CMS) informing you that Medicare is issuing new Medicare cards and that in order to continue to receive benefits, you need to obtain a new card which can be done by providing the person contacting you with your Medicare number which is your Social Security number. Between April 2018 and December 31, 2019 a Medicare recipient who has a new card has the option to use either his or her old number or the new, more secure Medicare number. Starting in 2020 only the new numbers will be used.

Scammers are already taking confusion about this transition to the new Medicare numbers by pretending to be Medicare employees, calling Medicare recipients and telling them that they need to register on the phone to get their new card or they will lose benefits. They then ask for their intended victim’s Medicare number which is the same as their Social Security number and use that information to make them a victim of identity theft. In another variation of the scam, targeted victims are told they need to pay for the new card through a credit card or by giving the caller their bank account number. The truth is that there is no charge for the new card, but anyone providing this information to a scammer will quickly become a victim of identity theft.

Seniors also may be contacted by someone purporting to be from their insurance company asking them to verify information. Again, this is a common tactic of identity thieves trying to trick their victims into providing information. They also may be contacted by people claiming to have supplemental insurance programs that will save them thousands of dollars. Here too, you cannot be sure that they are legitimate when they contact you by phone, text message, email or even regular mail.


Never give personal information to anyone who calls you on the phone because you can never be sure who is actually on the other end of the line.  Through a technique called “spoofing,” a scammer can manipulate your Caller ID and make it appear that the call is from the government or some legitimate company when in fact, it is from an identity thief who is eager to steal your money.  If you want to get information you can trust about what insurance plans are available to you and at what cost, merely go to the “Plan Finder” section of Medicare’s website  If you want to speak with someone on the phone, call Medicare at its 24 hour hotline 1-800-MEDICARE.

If you have already received your new Medicare card, you should start using it instead of your old, less secure Medicare card. There is no charge for obtaining the new Medicare card and you do not have to register or provide any personal information to anyone to receive the new card.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”

Scam of the day – October 18, 2018 – Important Cell Phone Security

Last week’s visit by Kanye West to the White House was startling on many levels, however, for me I was particularly disturbed by videos of the visit in which Kanye’s password to unlock his phone was shown and the password was the appallingly simple 000000. This is also troubling because many people use the same password for all of their accounts. Having such a weak password for your phone puts you in great danger of having all of the data on your phone vulnerable to a someone who manages to steal your cell phone. We all conduct many  activities on our cell phones which contain much personal information that can lead to identity theft if our phone falls into the wrong hands so it is important to follow basic security steps to keep your phone safe I have written many times about protecting your cellphone from a cyberattack or hacking, but what about an old fashioned theft of your phone? Cell phones can get lost or stolen and it is important to protect yourself from those dangers as well.

A Subscriber Identity Module, more commonly known as a SIM card, is an integrated circuit that stores information used to authenticate subscribers on mobile devices, such as a cell phone.  The SIM card is able to be transferred between different devices, and often is, when people update into a newer cell phone.  However, as more and more financial transactions, such as online banking, are now done through cell phones, identity thieves with access to their victims’ SIM cards are also increasingly becoming able to intercept security codes sent by text messages for online banking as part of dual factor authentication and thereby providing the identity thief with the opportunity to empty their victims’ bank accounts and cause other financial havoc.
Porting is the name for the crime where someone convinces your phone carrier to transfer your SIM card to a phone controlled by the criminal. To prevent someone from stealing access to your phone through porting, you should have a PIN added to your account so that no one can call your cell phone provider posing as you and ask to have your SIM card transferred.   


The best protection for your phone starts with a strong password, facial recognition or fingerprint scanner.  Also, set your phone so that it locks when you are not using it.  Make sure that you back up everything in your phone regularly. Install the Find My iPhone app if you have an iPhone or the Find My Device app if you have an Android phone.  These will enable you to locate your cellphone if it is lost or stolen and also allow you to send a command to erase everything in your cellphone even if the phone has been turned off.  If your phone is lost or stolen, you should immediately contact your wireless provider to have them disable the SIM card in your phone so that your phone cannot be used by someone else.  As for protecting your phone from cyberattacks, it is important to both download and continually update security software.

The best thing you can do to protect yourself from spear phishing emails and text messages is to never click on links in emails or text messages, regardless of how legitimate or innocuous they may appear unless you have absolutely confirmed that the communications are legitimate. The risk of downloading malware to your phone is too great if you click on links without verifying that they are legitimate.

There are things that you can do and there are things that the wireless carrier industry can do to reduce porting. Fortunately, there is an easy way to enhance your security to protect your SIM card from being switched and that is to set up a PIN or password to be used for access to your mobile service provider account.  Sprint and Verizon use PINs while T-Mobile and AT and T will let you set up a password.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”

Scam of the day – October 17, 2018 – New Fortnite Security Threats

As I have often said, anything popular with people in general is popular with scammers and so it is with Fortnite Battle Royale, the world’s most popular multi-player video game. Fortnite was originally available on iOS, PC, PlayStation4 and Xbox One. Recently an Android version was released, however it is not available on Google Play. Numerous scams perpetrated through emails, text messages and bogus websites are attempting to lure people into downloading malware infected versions of Fortnite. Knowing how to protect yourself from Fortnite based scams is imperative for players of this popular game.

Recently the software company Malwarebytes issued a report in which they found a large number of scam Fortnite ads and videos on YouTube that appear legitimate, but actually are merely vehicles for malware being installed on to the computers and phones of unsuspecting Fortnite players. Much of the malware is of the type to steal personal information from the victim that is then used for purposes of identity theft. Parents of young children who may use the same computer to play fortnite and other video games that the parents use for online banking and other sensitive financial transactions should be particularly wary.


Phishing emails and text messages that lure you into clicking on links, downloading attachments or providing information are a constant security threat to all of us. You should never click on any link, download any attachment or provide information in response to an email or a text message unless you have absolutely confirmed that it is legitimate. You also should be wary of YouTube videos and ads related to Fortnite as it is impossible to be sure that the video or ad is not a scam. For specific trustworthy information about Fortnite, you can always go to its official website

If you are interested in downloading the new Android version of the game, the only place to safely do this is a the Fortnite official website. After you have installed Fortnite on your phone or tablet it is important to deselect the “Third-party sources” option in your Android settings to protect your security. Failing to do so can result in your phone or tablet mor readily being hacked by cybercriminals. Also an earlier edition of Fortnite was found susceptible to cyberattacks so use the Fortnite Launcher 21 version of the game to avoid problems. In addition, there are rumors that Epic, the maker of Fornite suffered a data breach in March of 2018 that compromised logins and passwords so if you had an Epic Games account before March of 2018, it is a good idea to change your password. Epic Games suggests and I concur that you use dual factor authentication so that even if your password is compromised, you account cannot be accessed. Epic recommends the use of Google Authenticator for this purpose.

Finally, parents may wish to use a separate computer exclusively for their financial online activities such as banking, retail purchases or filing taxes. Don’t use the same computer as your children who may not be as careful in their computer use and may unwittingly download malware while searching for videos, music or games which are frequent carriers of malware.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”

Scam of the day – October 16, 2018 – Important Facebook Data Breach Update

While the recent Facebook hacking message being widely circulated was essentially a hoax, the data breach announced by Facebook a couple of weeks ago presents a serious threat to the security of thirty million people affected by the data breach. Facebook announced that it had suffered a data breach in which personal information of approximately thirty million of its users was compromised. The presently unidentified hackers accessed the information through software flaws in its “View As” feature which permits Facebook users to see what information others can see about them. The personal information compromised included names, phone numbers, birth dates, relationship status, gender and work status. Ironically, this feature was installed to enhance the privacy of Facebook users. By exploiting this flaw, the hackers would also be able to gain access to apps such as Spotify, Instagram and many other apps that permit users to log into their systems through Facebook. As I have warned you repeatedly, your security is only as good as the security of the weakest place that holds information about you, which is why it is important to limit the information held by companies and others with which you do business to the minimum that they need. The compromised information could be used in a variety of ways to harm you such as using the information to answer security questions at online accounts, change your password and gain access to those accounts or form the basis for carefully crafted spear phishing emails, smishing text messages and vishing phone calls all of which could be done to lure you into clicking on links and downloading dangerous malware or providing personal information that can be used to make you a victim of identity theft. Names and birth dates in particular are often be used by banks or medical care providers over the phone to confirm legitimacy. While it is fun to have many birthday wishes appear on your Facebook page, you are probably better served by not making that information public.


If you have used Facebook to log in to apps and other accounts, you should check to see which apps and websites you have accessed through your Facebook account. You can find this information by going to your Facebook settings under “apps and websites.” From there click on “logged in using Facebook” to see what apps and accounts my be vulnerable. You may wish to remove these apps and websites from being accessed through Facebook as a precautionary measure. You also may wish to change your passwords for these accounts. While Facebook says that you do not need to protect your account by changing your Facebook account, it still may make sense to change your Facebook password and while you are at it, make sure that you are using unique passwords for each of your online accounts. You also may want to consider enabling dual factor authentication for your Facebook account that will help prevent someone from misusing your Facebook account. So long as you are accessing your Facebook account from your usual devices, there is no inconvenience.

If you want to find out if you were one of the victims of the data breach, click on this link provided by Facebook

Finally, whenever personal information is stolen, there is always the possibility that the personal information will be leveraged by a cybercriminal to send you specifically socially engineered spear phishing emails or smishing text messages intended to lure you into clicking on links in the emails and text messages that will download dangerous malware on to your computer or phone. Never click on any link unless you have verified that it is legitimate.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”