Protect yourself from the latest scams

Investment, mortgage, Internet, and other kinds of fraud are on the rise

Consumer Reports magazine: October 2012

Illustration: Rafael Ricoy

The economy may be struggling but the fraud business is booming. Although comprehensive data aren’t kept, the fingerprints of a crime wave are all over. Fraud and identity-theft complaints tracked by the Federal Trade Commission topped 1.2 million last year, up 19 percent over 2010 and 800 percent since 2000.

Moreover, the FBI says fraud involving investments, mortgages, and the Internet is growing. Government takedowns of multimillion-dollar schemes are common.

“Fraud is as high as it’s ever been, because the scam artists are using brand-new channels and technology that didn’t exist 15 years ago,” says Martha Deevy, director of the Financial Fraud Research Center at Stanford University’s Center on Longevity. The center estimates the measurable direct cost of financial fraud to Americans to be $40 billion to $50 billion a year.

Experts also say the need for law enforcement to pursue terrorists has shifted FBI resources from fraud cases. “After 9/11 the scammers realized, ‘This is our time,’” says Doug Templeton, chief investigator for the Pinellas County (Fla.) Department of Justice and Consumer Services, who has tracked criminals in the state for 13 years.

David Vladeck, director of the bureau of consumer protection at the FTC, says, “What we’re seeing is ‘last dollar’ fraud aimed at taking the last dollar from the unemployed or underemployed.”

Like a good novel, a scam is all about the story. It must be convincing and, above all, new. Consequently, con artists change their techniques to respond to changing consumer awareness, says the latest threat assessment by the International Mass-Marketing Fraud Working Group.

We interviewed experts, scoured the complaint files of regulatory and consumer-protection agencies, and followed our readers’ tip-offs to present the latest frauds making the rounds—and some of the classics. Here’s what to watch out for.This solar-energy system pays for itself, cuting your bills by $1,000 a year

A new twist on the home-improvement scam targets folks who want to cut their energy bills with rooftop solar panels or windmills. Solar energy, of course, can reduce your electric bill. But making the big up-front investment is the equivalent of paying for 30 to 40 years of electricity in advance. And lots of variables can confound payback, including living where cloudy weather is commonplace or in the shadow of towering trees, terrain, or nearby tall buildings.

Solar-panel scams. Consumers unfamiliar with those caveats give double-dealers an opportunity to lowball costs and talk up savings. The promised best-case scenario can lure you into paying a big deposit to a contractor who skips town or otherwise never delivers the system or savings. Some victims have been burned for several thousand dollars. Home-improvement companies are the third most complained about businesses, according to the latest survey of consumer-protection agencies by the Consumer Federation of America and the North American Consumer Protection Investigators.

Protect yourself: California is the leader in residential solar, so go to its electric utility website to see whether solar makes sense for you. If it does, work only with licensed contractors specializing in solar installation. Conduct an energy audit and get bids from at least three companies. Check their Better Business Bureau rating and references. Never pay the full price up front or a deposit of more than $1,000 or 10 percent of the project price, whichever is smaller.



We’ll remove the virus we found for $100

Some scoundrels fly under the radar via telephone. A tech-support person, purportedly from a trusted company like Dell or Microsoft, calls to warn you that its security systems have remotely detected a virus on your computer and offers to remove it—for a fee of $100 or more.

Bogus tech-support scams. Of course, there is no virus, so you pay for unnecessary service. The crook may also take the opportunity to install mock antivirus software that later starts “finding” nonexistent malware. That can cost you a bundle for removal. Worse, the tech may also install software that scans your computer to steal your passwords and hijack your computer to generate ads and spread spam.

Protect yourself: See our June 2012 report on security software to find legitimate antivirus and antimalware software that we’ve rated, install it on your PC, and keep it up to date. Hang up on anyone outside your home who claims to find trouble on your PC.


Confirm the flight reservation you didn’t make

Smart phones can be subject to the same security threats as PCs.

You get an e-mail notifying you about airline reservations you didn’t make, a package from UPS you weren’t expecting, or a problem with your bank account. Just click on this link or attachment.

Phishing and malware scams. If you follow the instructions, you might end up downloading malware designed to take control of your computer and turn it into a spamming robot, harm it with a virus, or mine your files for financial information. Following the link will take you to a site that looks real but is fake. When you log in, it captures your user name and password so that the bad guys can get into your real accounts.

For years, those threats were limited to your PC, which should be protected with security software. But the popularity of smart phones has opened the door to “smishing.” (The word combines “SMS,” or short-message service—aka text messaging—and “phishing.”) Some smart-phone users don’t realize that their phone is a computer and prone to the same security risks as a PC.

Those deceptions work. More than 9 million households had at least one member who gave up information to phishers, and 30 million suffered a malware attack in the previous year, according to our latest survey of online households. The Better Business Bureau pegged phishing as its top scam of 2011. Moreover, today’s fake sites are more believable than ever.

Protect yourself: Never click on a link to your online accounts through e-mail or call an account-related phone number in a text message someone sends you. Instead, open your PC or mobile Web browser and type in the desired address on your own. And don’t click on an e-mail attachment unless you’re expecting it.

“Hi Grandma” Scam Makes Blood Boil


They say blood’s thicker than water. But what happens when the water is only pretending to be your blood? Let me explain…


The “Hi Grandma, it’s me” scam starts with a phone call from a grandchild in urgent need of money because they’re in jail in Canada…or for some other reason. Only the person on the phone is really a con artist—sometimes they pose as cops or lawyers. In every case, the scammer says you need to wire money immediately through Western Union or Moneygram.

I found many of these Red Flags of a Grandma Scam and Tips on the Washington State Attorney General’s website:

  • You’re asked to send money quickly – and secretly.
  • The call or message originates from overseas. (Know that technology can allow scammers to bypass caller ID systems.)
  • The person can’t or won’t answer questions your relative would know.
  • The person doesn’t sound like your relative but says they have a bad cold.
  • You’re asked to wire money by a stranger or to send a check or money order by overnight delivery. Con artists choose these services so they can steal your money before you realize you’ve been cheated. (Money transfers can be picked up at any location, which makes it harder for authorities to catch the thieves.)


  • If the caller says, “Hi Grandpa, it’s me,” do not respond by saying “Logan?” Instead, ask the caller for their name. Ask for information only you and people close to you would know.
  • Call your grandchild or his or her parents to confirm whether the story is true, using a phone number you know to be genuine.
  • Refuse to send money via wire transfer.
  • If you have wired money and it hasn’t been picked up yet, call the wire transfer service to cancel. Once the money has been picked up, there is no way to get it back but you should still complain and file a fraud report and a police report.
  • If you have been scammed into wiring money to Canada, ****CONTACT YOUR LOCAL LAW ENFORCEMENT AGENCY.
  •  Remember, scammers want to push you into acting quickly—without thinking. Nothing is so urgent that you have to act within the next two minutes. Breathe. Relax. Talk to someone. Still aren’t sure what to do? Call your local BBB. We are here to help.


Consumer Alert

June 2012

Taxpayers should be on the lookout for a new, email-based phishing scam now circulating that targets Department of Defense military members, retirees and civilian employees. The email appears to come from Defense Finance and Accounting Services and displays a .mil email address. The email states that those receiving disability compensation from the Department of Veterans Affairs (VA) may be able to obtain additional funds from the IRS. Email recipients are then asked to send various VA and IRS documents containing their personal and financial information, such as copies of VA award letters or their income tax returns, to an address in Florida.

The information on these documents is then used by the scammers to commit identity theft. Typically, identity thieves use someone’s personal data to empty the victim’s financial accounts, run up charges on the victim’s existing credit cards or apply for new loans, credit cards, services or benefits in the victim’s name.

For more information on phishing scams, please see Suspicious e-Mails and Identity Theft.,,id=98129,00.html



The IRS Warns of Scam E-Mails

Update Nov. 10, 2011 — A suspected phishing email on the Employer Identification Number (EIN), claiming to come from the IRS Office of Professional Responsibility, is currently circulating. This email was not sent by the IRS. For more information, see Latest News from Office of Professional Responsibility (OPR).

The IRS does not send unsolicited e-mail to taxpayers either about their tax accounts or requesting sensitive personal and financial information.       

Nevertheless, taxpayers do receive e-mails claiming to come from the IRS, sometimes containing a real or made-up employee name, address and similar information to make an e-mail seem credible.    

These e-mails usually are scams whose purpose is to obtain personal and financial information — such as name, Social Security number, bank account and credit card or even PIN numbers — from taxpayers which can be used by the scammers to commit identity theft. Identity thieves use the data to empty the victim’s financial accounts, run up charges on the victim’s existing credit cards, apply for new loans, credit cards, services or benefits in the victim’s name, file fraudulent tax returns and more.

Typically, IRS-impersonation scam e-mails state that the IRS needs certain personal and financial information to process a tax return, tax payment or refund. They may claim the e-mail recipient is being audited. They may mention specific monetary amounts or genuine programs, such as the Electronic Federal Tax Payment System (EFTPS), to add credible detail to the scam. The e-mails often contain links or attachments to what appears to be the IRS web site or an IRS form. However genuine in appearance, these phonies are designed to elicit the information the scammers are looking for.

Alternatively, a link in a scam e-mail may download malicious software onto the taxpayer's computer when clicked. The software is often designed to search out and send back to the scammer personal and financial information contained on the taxpayer's computer or obtained through keystrokes that the scammer can use to commit identity theft.             

Unsolicited e-mails claiming to be from the IRS or an IRS-related component, such as EFTPS, should be reported to

For more information on consumer scams, see Protect Your Personal Information and Suspicious e-Mails and Identity Theft

Now you really can see who views your Facebook profile!!!

Social-media networks are fertile ground for fakery. You might have received, for example, news-feed messages from Facebook friends raving about an app that claims to let you see who’s checking out your profile. Such messages can be spam in disguise, leading to “bait pages.” Other bait involves purportedly bizarre or salacious videos. Consumers who take the bait never get the promised software or film.

Instead, the link drives the curious to a fake Facebook website. You’re asked to “like” the app or other bait, which forwards the spam to all of your friends. Then you have to complete a survey, which collects personal information and opinions.

Survey scams. The goal is to trick you into filling out surveys for online advertisers, with the person who set up the operation collecting commissions for each one completed by an ever-expanding circle of friends, says Chet Wisniewski, senior security adviser at Sophos, an information security firm. One “clickjacker,” Adscend Media of Wilmington, Del., raked in a significant amount of money, according to a lawsuit filed by the Washington state attorney general. The case was settled in May under a consent order in which the company agreed to stop certain marketing.

There’s a difference between scam surveys and legitimate surveys, like those Consumer Reports e-mails to subscribers. Our surveys link you directly to the questionnaire; you don’t need to “like” us first. And your responses are confidential; they aren’t used for marketing or fundraising.

Protect yourself: Don’t reveal personal information online to anyone who initiated contact with you unless your trust is certain. Look for the survey company’s name and go to its website independently by reopening your browser, or call it. Ignore product promos from Facebook friends. Use caution in granting access to your profile. And think before you “like.”