Author: Jesse Mueller (Page 2 of 36)

Recurring Facebook Scams

October 21, 2023 / Jesse Mueller / 0 Comments

Here’s a (hopefully? for a while?) final run-down on recurring Facebook scams I’m seeing out there. Don’t fall for any of these, please!

Celebrity Impersonation Pages

Johnny Depp is not going to private-message you on Facebook. Lori Loughlin will not respond to your comments and Likes. Margot Robbie would never send you a Friend request. Celebrities live in a different world than us and have handlers and layers of protection that separate us from them. If an ultra-famous person on Facebook is giving you explicit attention or asking you for things, please suspect a scam. You are almost certainly dealing with a con artist.

Creepers in the Comments

This should be a no-brainer, but I have to mention it. There arelurkers & creepers on Facebook and they manifest unexpectedly in the comments of Reviews and Public Posts.

Don’t ever respond to these characters. Block them or report their comments, but don’t initiate any contact. They’re just looking to start a private conversation, and try to take advantage of you after that begins.

Puppy Adoptions

Legitimate people will try to adopt out their puppies or other baby animals. And then there’s the scammers:

These scams can often be spotted with ease. The scammer will be out-of-the-area, or pressure you for a down payment before seeing the animals. As with most internet offers, don’t hand over money before seeing firsthand what’s for sale.

Car Detailing Offers

I’ve written at length about this type of service scam, but it merits a special mention here. Bogus car detailing offers persist in many Facebook groups, and I recommend you avoid them.

Much like the duct cleaning offers, you might actually get your car cleaned through one of these posts. But you’re not dealing with a local company. If you comment on one of these posts, someone from Pakistan, using a sock puppet account, will contact you to schedule your car detailing. S/he will send some unknown person to your house to “take care” of your car.

That person may actually clean your car, or not. If anything suspicious or illegal occurs, that person is going to vanish. The individual from Pakistan will block you. And you will have no one to hold accountable, the police will be unable to assist. It’s best to report these posts and find a truly local company to clean your car for you. Shop local!

Bargain Offers for TV Streaming

I’ll be breaking this out into a separate, detailed post soon, but for now, watch out for this nonsense:

Avoid these offers, as they are too good to be true. If these were legitimate, everyone would be flocking to them, and no one would ever pay for cable TV again. People who have a go at this type of streaming might actually get to watch some of their favorite shows. But the service will be spotty. The support will be non-existent. And then suddenly, the law will catch up to the copyright infringers at the top. Suddenly, the streaming service will wink out of existence as the top executives quit the country with whatever money they still have. Spoiler alert: these companies are not paying for or obtaining licenses for the shows they allow you to stream. That’s IP theft!

Facebook Account Help

If you’ve ever been locked out of your Facebook account, you know then how decidedly unhelpful Facebook is. You cannot call Facebook for help. They don’t offer any email or chat support. It’s just crickets and tumbleweed. This creates a perfect void for the scammers to fill:

Cybercriminals have crawled all over Facebook and other social media sites, creating posts, comments and even Group Pages, promising to help recover lost Facebook accounts. And anyone who comes to them for help? These bad guys will take whatever they can: your money, your Facebook account, your email and its password, and more.

These dreadful people are also constantly scanning public posts and comments for anyone looking for this kind of help. Sometimes, they will just pop up and comment back on people’s comments, promoting fake-help scammers on Instagram.

If you’ve lost access to your Facebook, check out what I’ve written on this blog post, or head straight to the legitimate Facebook article on this topic. You’re welcome to reach out to me for further advice. But please: Avoid or ignore any strangers that claim to have magic recovery powers. They don’t.

Quishing

October 20, 2023 / Jesse Mueller / 0 Comments

That’s not a typo. The title is not missing an ‘S’. Quishing is a new term, made by combining “QR code” and “phishing”. Like smishing, it’s yet another deceptive practice that scammers are using to take advantage of people. Here’s what you need to know, to be safe out there:

QR Codes

this is not a quish, my QR code is safe to use!

QR (quick response) Codes are those delightful Bladerunner-esque hieroglyphics that you see on windows and doors of businesses. Scan a QR code, and it will quickly take you to a website, an app download, or some other useful internet function. And as society gets more comfortable with using them, they’re coming into play in many more places:

Restaurants, for viewing menus
Parking meters, for instant/electronic payments
Hospitals, for health app downloads
Storefronts, for advertising/promotional offers
Malls and public space, for connecting to free municipal Wi-Fi
Product packaging, for access to nutrition/safety info

I’ve previously blogged about using your camera on QR codes, and also how easy it is to make your own QR code, for free. Well, as QR codes become more commonplace, scammers are looking for their angle. These opportunists are finding it handy to use QR codes as they phish, because a QR code hides the URL or true intent from the human eye.

Where Quishing Occurs

Quishing is when a bad guy creates a QR code of his own, and places it somewhere (often in public), to get unsuspecting people to scan it. Since a QR code can link to anywhere on the internet, a quish could lead your phone to:

a phishing (impostor) website
a dangerous app download
a bogus Wi-Fi hotspot
malicious sites or advertisements

There’s not a lot of data yet on how common quishing attacks are, but there are reports of specific incidents out there. Austin, TX had a scam last year, where a quisher put his own QR code stickers on their parking meters. When people scanned those bad codes, they were taken to a fraudulent app that tricked them into paying the quisher. Another BBB article references where a student received a bogus financial aid letter in the mail. The printed QR code linked to a phishing website, bent on stealing his money.

Besides quishing stickers appearing in public, unsafe QR codes are also being used in phishing emails. These messages present as if your account needs attention and that you can scan the included QR code to sign in. But scanning that QR code leads the victim to a convincing fake website that asks for your email and password. Someone tricked in this manner will deliver their login info directly to cybercriminals.

For more quishing examples, check out this BBB article.

How to Be Safe Against Quishing

Don’t Panic. Quishing, while dangerous, is probably not going to shanghai if you remain mindful as you use QR codes.

Before scanning a QR sticker, judge it for legitimacy. Does it look clean and professional? Is there anything sloppy or suspicious about it? If so, trust your gut and look for a URL to type in or some other way to access the info/website/function. Or ask a legitimate employee about the QR code.
After scanning a QR code, confirm that you are where you expected to be. If you’re in a bakery, scanning a QR code for a chance to win a free cheesecake, you should be alarmed if instead you see an ad for dating hot singles in your area. If any weird pop-ups or downloads jump onto your screen, do not cooperate with them. Close those apps, or reboot your phone to get away from them!
Notice the URL of any website that comes up from a QR code. Does it match what you expected? Scanning a code at Starbucks should take you to a URL with “starbucks.com” in it, not “starb-buckss.tw”.
Do not sign-in to any unexpected password prompts, after using a QR code. Only enter sensitive information if you are 100% certain of the QR code’s trustworthiness. Double-check with anyone in authority where the code is posted, for peace of mind.

The Permission Slip App

October 11, 2023 / Jesse Mueller / 0 Comments

Consumer Reports has developed a new free app called Permission Slip. They made this tool to help the average person understand where their personal data is collected and sold, and take back some control over that information.

To use this app, you do have to sign up and hand over your personal info. CR promises to not sell it or abuse it. You’ll also have to legally agree Consumer Reports can act as your “authorized agent”. It’s some serious stuff, but they ask for this so that they can advocate on your behalf.

What This App Offers

If you cooperate and agree to the app’s requirements, you can then:

Review numerous big companies and understand what personal data they are collecting and selling.
Have Consumer Reports send an official letter (on your behalf) to any of these companies, telling them Do Not Sell My Data.
Use an easy Delete My Account function, so that the company gets rid of any and all data they have about you.

You could do these sorts of things yourself. You could visit company websites, one at a time, comb through their pages and processes for the correct forms to fill out (most companies make this deliberately difficult). Permission Slip streamlines all of that nonsense for you. Once you’ve got the app up and running, it is quick and easy to browse the companies, telling each one in turn to not sell your data.

Also, amongst the recognizable companies, you’ll notice a few data brokers, like Merkle. When you spot one of them, definitely order them stop selling your data!

Caveats

Permission Slip is relatively new, so its full benefit has yet to be realized. And when you ask a company to not sell their data, they may or may not comply. But I still think this tool is worth a try, as it is offered by a trustworthy nonprofit company, and using it sends a message to these companies that are profiting off of our personal data.

Also, you might feel a bit of schadenfreude when you realize that these big companies are suddenly having to deal with millions of privacy requests.

iOS download

Android download

Everyday Facebook Scams

October 4, 2023 / Jesse Mueller / 1 Comment

I’ve posted recently about several scams on Facebook; here are some more! Since Meta is so negligent at policing its platforms, bad actors and their schemes thrive on their social media platform. I may often have some new everyday Facebook scams to tell you about.

Catalytic Converter Theft

If you see post about catalytic converter theft, be suspicious. They’ll have some interesting photos but no real details about the crime or who to contact. They just want you to Share the post and boost the signal.

But don’t do it! Don’t Like the post, don’t Share it. There’s no real scam to these posts, but that comes later. These posts serve as gullibility checks. The scammers watch and notice who is spreading their nonsense info, and may PM those people later with targeted scams.

Giving Away a MacBook

This is the same plan as when the scammer tries to give away a PS5. They’ll privately message you and ask you to cover their Fedex shipping costs. If you pay that, they’ll disappear with the money and you’ll then learn that there is no such thing as a free MacBook.

Amazon Work from Home Opportunities

Amazon does offer a lot of job opportunities, and some of them are work-from-home. But you won’t find them in posts that look like these:

These posts are not associated with Amazon in any way. They often direct you to click on a Google Sites URL, which would take you to a scammy site that tries to collect all of your PII. Don’t click the links! Don’t fill out any forms on these sites! You won’t get a job, but you will become inundated with spam email and junk postal mail and other scammy offers.

If you want to peruse legitimate jobs with the Amazon company, check out the real Amazon Jobs website.

Duct Cleaning Offers

I think most people know by now that these things are suspicious. But since they remain pervasive, I thought I should remind you to beware these nameless duct cleaning offers.

I’ve written at length on how these things work, but in short: The poster is in Pakistan, ready to take your info. He will schedule your duct cleaning with a mystery person in your region, and collect a commission. An unlicensed worker will come to your house and perform some kind of duct cleaning procedure. But the work may be lousy, or the bill may turn out higher than what was agreed upon. Play it safe and hire a local, licensed company for this type of work.

RV & Tiny Home Giveaways

This is another one that I’ve gone over, but deserves a mention since they are still commonplace. These posts claim that there was a lottery for a free RV or other small home, and the winner did not claim the prize! They offer the chance for someone else to step up and be a winner.

This scam presses people to Share, Share, Share their post, but please don’t do that. Don’t help the scammer get this rubbish in front of more faces. And don’t Like the post or Message the poster. They’ll just tell you that you’ve won the prize, and then try to collect a “transport fee” from you. And then, they’ll ghost you.

More Telltale Signs of a Facebook Scam

The poster Likes their own post.
The first comment is also from the poster, urging you to message them or click a URL.
The language seems off, for example: “Kindly check your private messaging.”
They ask you to text them, email them or otherwise go off-platform (away from Facebook messages).
They claim they are licensed, but won’t produce a license number or other hard details for you to verify.

Google Safe Browsing

October 2, 2023 / Jesse Mueller / 0 Comments

Google does a whole lot to protect us as we surf the web. They study web activity the world over, analyze traffic and trends, and then use that info to protect us from harmful sites. They call this service “Safe Browsing”, and it comes built into the Chrome browser and other Google products. If you’ve ever seen a scary red screen from Google, that was Safe Browsing, stepping in to save you from harm:

Levels of Protection

But Google offers different levels of Safe Browsing protection. You should know a little more about them and choose one that feels best for you.

Enhanced Safe Browsing
Standard Safe Browsing
No Protection

Enhanced Safe Browsing is the highest level of protection you can choose in your browser/Google account. But it involves allowing Google to see more of your browsing activity, in real-time, as you surf the web. I use this option myself, but if you have privacy concerns, you may prefer to remain at the Standard level.

Standard Safe Browsing is still a good level of protection. Google will help warn you about phishing websites and malicious downloads, as you use the internet.

No Protection is not to be used. Please don’t opt for this. I suspect it is only there for development and testing purposes. Unless you a tech professional and know what you are doing, ignore this option.

Where to Check Safe Browsing Settings

On a computer, open Google Chrome and go to the 3-dots button in the upper-right corner. Click Settings, then click Privacy and Security (on the left), then click Security (in the middle). You’ll see this sort of screen, where you may adjust your protection:

On a mobile device, the steps are very similar: Open Google Chrome and go to the 3-dots button in the upper-right corner. Tap Settings, then click Privacy and Security, then scroll down to Security and tap Safe Browsing.

You can also turn on Enhanced Browsing for your entire Google account, if you have one. This extends your protection into other apps and services you may use with Google, and may also alert you if Google notices your info in data breaches. This link should take you directly to the relevant panel in your Google account.

Final Tidbits

If you check or change this setting, please review it on all of your devices and computers. In my experience, setting it on one device does not automatically carry over to others.

Most browsers offer extra protection in this way, and many use Google’s Safe Browsing service, albeit under a different label. You can open a different browser and go into its Settings -> Security panel to see what’s offered.

I generally recommend setting this browser protection to its maximum level. I see a lot of infected computers in my daily work, and I do suspect that some of the malware I remove might’ve been stopped by stricter browser security.

If you ever want to check a specific site against Google’s Safe Browsing list, go to this page and paste in any URL you want. It’ll tell you if they think the site is safe or a phishing hazard. And if you have found a dangerous site that you wish to report to Google, submit the URL at this page.

On-Screen Keyboards

September 29, 2023 / Jesse Mueller / 0 Comments

Did you know that computers offer on-screen keyboards, similar to mobile devices? They are rarely useful, since the physical keyboard is far easier to type with. But you should know where to find the on-screen keyboard on your computer. You might someday find yourself in a jam, and suddenly need it!

How To Activate

Activating the on-screen keyboard is different for each type of computer.

Microsoft describes how to open the On-Screen Keyboard at this site. But there are others ways to bring it up. If you are at the Windows login screen, you can click the Ease of Access icon to the lower-right and then click On-Screen Keyboard. You may also press WIN + R and enter “osk” in the Open field.

Apple calles this tool the Keyboard Viewer, and this site describes where to find it.

Chromebooks also offer an on-screen keyboard, check out this site for details.

Once this on-screen keyboard is open, you are welcome to click on any key you see, and get the same effect as if you touched the physical keyboard’s key.

Possible Uses

The original intent behind the on-screen keyboard is to help offer a different way of typing, in case it makes the computer more usable and accessible. Let’s say you find yourself in an arm-cast — mouse-clicking might be preferable while you heal up. But consider the on-screen keyboard also as a tool for troubleshooting:

If your physical keyboard is typing erratically, or missing keystrokes, open the On-Screen Keyboard and test with it. The results might help you figure out if you have a defective physical keyboard or a systemwide problem.
What about when your wireless keyboard depletes its batteries? You’ll be hard-pressed to log in with your PIN or password, if you’re out of AAA’s. The on-screen keyboard will help you get back into your computer and you can go buy more batteries later.
Your on-screen keyboard may help you find a hard-to-find key that you want to press. It may even offer you keys that your keyboard lacks!
Example: the Scroll Lock function on my laptop was disabled. I could not turn it back on, because I had no Scroll Lock key on my laptop. But I could press that key in the on-screen keyboard and fix my situation!

Caller ID Spoofing

September 21, 2023 / Jesse Mueller / 0 Comments

Caller ID spoofing, or phone number spoofing, is important to understand. If you’re not familiar with this practice, let me explain:

Caller ID Is Fallible

When you receive a phone call, most phones display some identification about the inbound call. You may see:

First Name, Last Name, Area Code and Phone Number
Business Name, Area Code and Phone Number
Private
Unknown Caller

You need to know: The info shown on your Caller ID can be altered. Both the number and the name on your Caller ID display could be inaccurate or untrue. It is easy and often free for someone to change (spoof) their Caller ID info.

Legality

Phone call spoofing, as a practice, is legal in our country. But using spoofing to defraud or cause harm is illegal. If this gives you some pause, if you’re wondering why spoofing is legal at all, consider some possible legitimate uses:

Law enforcement may need to alter their identity as they investigate crimes.
Collections agents might spoof their Caller ID info so that a debtor won’t avoid their calls.
A doctor or counselor may spoof their number when calling a patient to maintain a crucial level of privacy.
Friends might use Caller ID spoofing for pranking each other, without causing harm.

Scammers!

Of course, the main point of this post is to talk about scams, and make you alert to them. Scammers love to use Caller ID spoofing when they call their potential victims. They know that people tend to believe what they read, especially when it flashes by quickly. Robocallers and spammers also use phone spoofing, but the biggest danger is from scams like these:

Caller ID shows the name of a US Court System or the IRS, and the caller says you need to pay off your fine/charges now, or be incarcerated.
Apple/Microsoft/Amazon/Facebook Support shows on the Caller ID, and a robocall tells you that your account has had suspicious activity on it. Press 1 to be connected to an agent who will help (steal) your account.
Your bank shows on the Caller ID, and they are calling to reset your PIN and password, as someone has tried to hack into your accounts.

To be absolutely clear, the above examples are scams. The IRS, Microsoft, your bank, etc. are NOT going to call you for account changes or payments. Please hang up if you ever answer a call like these!

Scams of all kinds use spoofing to make their calls show the same area code and exchange as your number. This is called Neighbor Spoofing. They make their number look very close to your number, so that you think it is someone local to you and might answer more quickly.

It is also possible for someone to spoof your exact phone number. This can be done to confuse you and get you to answer. But it can also be done to deflect blame to you. If you ever get angry calls from other people, telling you to stop with the spam calls, understand that a bad actor may be using your number in their spoofing scheme.

How to Defend Against Call Spoofing

You’re doing it right now. Maintaining awareness that Caller ID is not to be trusted is the best defense against Caller ID spoofing. After that, you can consider some extra tactics:

Talk to your phone provider and see if they offer/recommend any particular call screening options or apps with spoofing protection.
Put your phone number on the National Do Not Call Registry.
Don’t answer unfamiliar numbers. Let every unexpected mystery call roll to voicemail.
Report persistent spoofing problems to your phone carrier and/or the police.

Commonplace Facebook Scams

September 18, 2023 / Jesse Mueller / 0 Comments

There is no end to the scams I see on Facebook. I know I’ve posted at length about specific FB scams, but in this post, I want to run down quickly on a bunch of commonplace Facebook scams. Watch out for these, don’t fall for these, definitely report these:

(Don’t) Buy This Shirt!

This offer may tug at your heartstrings, because they’ve mentioned their son is autistic. But there is no son, and the poster is from another country. The URL will take you to a web-storefront, where you can pay money for a shirt. But it’s at an online marketplace where anyone can quickly open up a shop and have shirts printed:

You might actually get a (lousy) shirt, but please realize that you’re giving your card info to a stranger who may be halfway around the world. The big risk here is getting mystery charges on your card, later on.

Neon for Free

Want a neon sign? You’re not going to get one from these jokers. Their plan is to privately message you, gently guilt you towards making a small donation, and then disappear with any money you’ve sent them.

Vendor Fee for Non-Existent Fair

Looking to sell your hand-crafted art in your region? Community fairs and festivals are the way to go, but beware generic scam posts as shown below.

While at first glance, these may look legitimate, it’s a lie and a trap. The poster has used Google to find an address commonly used for public events. Any email or phone number provided is not connected to the stated address; they go straight to the scammer. They’ve crafted this post so that people will contact the scammer and not the venue. And if you contact the scammer, they’ll take your “reservation fee” and disappear with it.

Egg Sales

I’ve picked this scam apart before, but it deserves a mention, since I’ve seen it often this month. It’s similar to the above scam, in that they want to privately message you and get an advance payment for eggs. But you’ll be sitting by the door waiting forever for that henfruit. The poster is just using a sock puppet account, as they sit in an internet cafe in Kenya.

Giving Away a Gaming Console

Those PS5’s are super-expensive, so seeing someone giving away one for free on Facebook may seem like a miracle. And even more convincing is to see someone local, someone believable!, posting about how you can have their unwanted video game hardware:

But this type of scam is usually carried out using a stolen Facebook account. If you contact them for the console, they’ll say that they moved to another state, but can Fedex the device to you, as long as you cover their shipping. Once again, if you send them any money, they’ll ghost you and you’ll never get anything in return.

Moving, Everything Must Go

If a real person has to move and sell off a lot of stuff, they’ll give you an address to visit, and a phone number to reach them at. But some posts only lead to private messages, where you are urged to pay a small amount to “hold” the item for you. I think by now you know what’ll happen if you give them any money.

And other “moving” posts lead you to other weird websites or private Facebook groups, where you’ll meet with other scams and attempts at collecting your personal information.

Fake Job Listing

If you think you’ve found your dreamjob on Facebook, think again. Many of them are traps:

A real job listing should state a well-known company name, and will refer you to Indeed.com or some other corporate website. This scam job listing has no real contact info, and will only lead to a fake job interview over chat, and then they’ll try to get your bank account info or worse.

Telltale Signs of a Facebook Scam

The poster has a locked account, or has turned off Comments to their post.
They need you to pay them a little bit of money first, to prove that you are not scamming them!
They won’t meet you in person for a transaction.
You cannot call to speak with them.
They want you to use Venmo or CashApp instead of a credit card.
You meet with resistance when asking for basic info, like a website URL or address or phone number.
They comment a link to a website, but the URL shows a Google sites address, or something that just doesn’t look relevant.

Free Audio Editing Software

September 14, 2023 / Jesse Mueller / 1 Comment

For those looking to edit audio files, or mix and create digital music files, please consider these open source options. There are a lot of free audio editing software options out there!

Audacity is the mainstay for editing and recording, and is available for Windows, MacOS and Linux. It looks like you might even get this to install on a Chromebook. And they still offer legacy downloads that may work on very old computers.

LMMS is comparable to Audacity, but more for editing and not recording. It’s available Windows, MacOS and Linux.

GarageBand is for Apple devices only, and is a digital audio workstation, like LMMS. You can get it for your Apple computer or iOS device, but it is not available for Windows computers. If you encounter anyone offering GarageBand for PCs, beware, it is likely a scam or a virus!

WaveShop is like Audacity, but old-school. Try this one if you like the retro feel, or if you have a very old Windows computer that can’t handle newer software.

Mixxx is more for DJs and mixing together audio tracks. It works on Windows, MacOS and Linux.

Mail2World ↔ Gmail Problems

September 11, 2023 / Jesse Mueller / 1 Comment

If you use Shentel (or other Mail2World) email, you might notice that you can’t get an email to go through to someone’s Gmail address. Or maybe a Gmail user is telling you that they can’t send email to you at your Shentel.net address. I’ve seen Mail2World ↔ Gmail Problems off and on for many years now. Here are Too Many Words™ about why that is:

Email Authentication

As email flies around the globe, it runs through many checks and authentication. Mail servers scan email for legitimacy, spam content and other safety concerns. These authorization methods are a bit above my paygrade to discuss in detail, but the main ones are called SPF, DKIM and DMARC. You can look them up and read about them, if that’s your cup of tea.

Google takes security seriously. They are very strict with their email authentication, and they frequently improve their server security. Due to Google’s size, when they raise the bar for email authentication, it affects the entire world. Other providers take notice and follow suit whenever Google makes a change to their email protocols. If email providers don’t update their email security to match Google, some legitimate email may be marked as spam. Other email may simply not get through.

The Email Block

And here we get to a problem I frequently see with Shentel email and other Mail2World-offered email addresses. It goes both ways:

Gmail user sends a message to a Shentel address, and receives an Undeliverable message in response.
Shentel mail user sends a message to a Gmail address, and receives an Failed_Precondition message in response.

You can always try sending your email in a different way. Log into a different browser or a different email app. Try using the webmail site, if you haven’t already. Go to a different computer or device. If the problem persists across multiple pieces of technology, then the problem is not yours and it’s out of your hands.

What to Do About It

If you’ve got Mail2World ↔ Gmail Problems, it is Mail2World’s fault. M2W needs to update & fix their email security. For anyone impacted by this, please consider these options:

Call Shentel tech support at 1-800-SHENTEL and report the details of your email error messages.
Email Mail2World tech support at support@mail2world.com
Consider creating/switching to another email address

I really do need you to consider that last one, if you suffer from this problem. Shentel can only report your trouble to Mail2World. Mail2World may or may not respond to your direct queries. They do respond to emails… sometimes. They have fixed this kind of problem before… but it took weeks or even months. Please know that Gmail/Outlook/AOL/Yahoo/ProtonMail/Apple email addresses typically do NOT have this problem! There are more reliable email products out there for you!