If you use Apple devices, there’s a new feature in the latest OS updates called NameDrop. This function allows you to quickly and easily share contact info with other Apple device users. Simply place the two devices near each other, and NameDrop will appear! Each device user will get a pop-up, asking if they want to exchange contact cards.
I want to emphasize: NameDrop always asks permission to exchange any info. I’ve got a bit of rumor control to do here, as people across the internet have noticed this new iOS addition and are reacting poorly. Misinformation and fearmongering is afoot.
If you see any posts, urging you to turn off NameDrop, take a breath and Don’t Panic. Please understand that NameDrop only works under strict conditions:
Two devices have to be very close to each other (almost touching)
The Apple devices are powered on and unlocked
Each user taps Share to authorize their data to transmit
Apple NameDrop is safe and well-implemented. I don’t see any real risk here. You are still welcome to disable the feature under Settings -> General -> AirDrop -> Bringing Devices Together. Just don’t buy into the viral hysteria; there’s no major safety loophole or hazard here.
In the technology world, people are jeopardized by two separate yet equally scary groups: the big tech companies, who care only for monetizing their users’ data; and the opportunistic scammers, who prowl the web looking for victims. These are their stories.
I’m writing this letter to you about your kiddo. Please don’t worry, this is not one of those Are-you-sitting-down? notes. But let me explain something that you might think is a teachable moment:
Facebook recommended your daughter’s profile to me, as a potential friend-connection. I haven’t Friended her, but I did click on her name to look at her profile. And Egad, She’s got too much personal info out there. I am able to view all of this info on her profile, because it’s all set to Public visibility:
Complete FB Friends List
Name of high school and college, with admission years and major
Hometown and current city/state of residence
Mother, father, brother and uncle’s names, with links to their FB profiles
If I can view this info, then anyone in the world can. I’m thinking about the scammers that are having a field day on Facebook — all of this sensitive info is essentially low-hanging fruit to them. “Easy pickin’s”, if you’re into that country vernacular. And I’m not so concerned about your daughter here, as I am the people connected to her. She’s probably smart enough to dodge the average Facebook criminal, but what about all of her friends and family?
A publicly-visible Friends List is what attracts scammers that clone profiles. In essence, a bad guy could create a brand new FB account, and give it your daughter’s name. S/he could copy and use your daughter’s profile pic. And then they’ll start sending Friend Requests to everyone they see on her F-list. If any of her FB Friends are too trusting or naive or quick-with-the-mouse, then they may connect with an impostor-scammer, who is ready to pretend to be your daughter and con some money from them.
Publicly-visible family connections are interesting to a different type of crook. Sometimes, cybercriminals attempt the “grandparent scam“, where they call a family member and pretend to be someone else in the family. The scam usually starts with a phonecall: “Uncle Ned, it’s me, Saoirse, I’m in NYC and I’m in jail! Can you wire-transfer me some bail money?” In order to carry out these schemes, they study family names & connections and it really can help their ruse hold up. Full disclosure: I unknowingly contributed to a grandparent scam, several years ago. A scammer saw some family names on my FB masthead photo, glommed some specifics about my family, and tried to scam someone important to me. Live and learn, never again!
And showing your hometown and school info to the public is just all-around ill-advised. That info is commonly connected to account security questions, so an identity thief might appreciate this kind of info.
My hot-take on Facebook is this: Mr. Zuckerberg & Co. spares all expense in running their platform, and they are not looking out for their users. When on Facebook, we are not customers, we are simply “the Product.” The scammers are very aware of what Facebook tolerates and ignores, and they exploit that knowledge to their greatest benefit. This has been happening for a long time now, and I have no reason to anticipate any improvement. If we’re going to use Facebook, then it’s up to each user to mind their own safety.
So, if you think your daughter would be receptive to some advice, let her know she should go to her Facebook Profile, and change all of her personal info to be less Public. To the right of the Friends List is a 3-dots button that allows you to Edit Privacy. She can also go through all of the sections under “About” on the profile, and use the Pencil or 3-Dots buttons to up the privacy levels. Personally, I’ve set most of my Profile to the “Only Me” level, but the “Friends” level is good, too. Anything besides “Public!”
And if she makes these improvements, there a tool for her to check herself. If she goes to her Profile, there’s a 3-dots button to the right, just below the masthead photo. She can click that and then go to “View As”. This presents her profile as it appears to the public (to people who are not connected to her on FB). She can traipse through her own profile in this mode and judge if she missed anything that needs hiding away.
A year ago, I blogged about Zelle and why scammers often push their victims to use it. Money sent through Zelle is generally transmitted in an instant and that means the transaction is irreversible. Scammers want your money, and they don’t want you to be able to claw it back. They know that Zelle doesn’t help much with scam refunds.
Up until recently, Zelle (and the big banks behind it) have been unsympathetic to scam victims. Their stance was simply that customers were responsible for their own transactions. But there’s a change a-coming: Senator Elizabeth Warren and other congress-people have mounted investigations and pressure on the big banks. And the results are swaying banks to do more for scam victims.
It’s a needless annoyance and accomplishes nothing. You should only use the Facebook Highlight Tag on something important, something you think all of your Facebook friends should be drawn to see and read. They don’t need to see your comment on someone else’s silly post. If you see this sort of thing on Facebook, just ignore it.
Here’s a (hopefully? for a while?) final run-down on recurring Facebook scams I’m seeing out there. Don’t fall for any of these, please!
Celebrity Impersonation Pages
Johnny Depp is not going to private-message you on Facebook. Lori Loughlin will not respond to your comments and Likes. Margot Robbie would never send you a Friend request. Celebrities live in a different world than us and have handlers and layers of protection that separate us from them. If an ultra-famous person on Facebook is giving you explicit attention or asking you for things, please suspect a scam. You are almost certainly dealing with a con artist.
Creepers in the Comments
This should be a no-brainer, but I have to mention it. There arelurkers & creepers on Facebook and they manifest unexpectedly in the comments of Reviews and Public Posts.
Don’t ever respond to these characters. Block them or report their comments, but don’t initiate any contact. They’re just looking to start a private conversation, and try to take advantage of you after that begins.
Legitimate people will try to adopt out their puppies or other baby animals. And then there’s the scammers:
These scams can often be spotted with ease. The scammer will be out-of-the-area, or pressure you for a down payment before seeing the animals. As with most internet offers, don’t hand over money before seeing firsthand what’s for sale.
Much like the duct cleaning offers, you might actually get your car cleaned through one of these posts. But you’re not dealing with a local company. If you comment on one of these posts, someone from Pakistan, using a sock puppet account, will contact you to schedule your car detailing. S/he will send some unknown person to your house to “take care” of your car.
That person may actually clean your car, or not. If anything suspicious or illegal occurs, that person is going to vanish. The individual from Pakistan will block you. And you will have no one to hold accountable, the police will be unable to assist. It’s best to report these posts and find a truly local company to clean your car for you. Shop local!
Bargain Offers for TV Streaming
I’ll be breaking this out into a separate, detailed post soon, but for now, watch out for this nonsense:
Avoid these offers, as they are too good to be true. If these were legitimate, everyone would be flocking to them, and no one would ever pay for cable TV again. People who have a go at this type of streaming might actually get to watch some of their favorite shows. But the service will be spotty. The support will be non-existent. And then suddenly, the law will catch up to the copyright infringers at the top. Suddenly, the streaming service will wink out of existence as the top executives quit the country with whatever money they still have. Spoiler alert: these companies are not paying for or obtaining licenses for the shows they allow you to stream. That’s IP theft!
Facebook Account Help
If you’ve ever been locked out of your Facebook account, you know then how decidedly unhelpful Facebook is. You cannot call Facebook for help. They don’t offer any email or chat support. It’s just crickets and tumbleweed. This creates a perfect void for the scammers to fill:
Cybercriminals have crawled all over Facebook and other social media sites, creating posts, comments and even Group Pages, promising to help recover lost Facebook accounts. And anyone who comes to them for help? These bad guys will take whatever they can: your money, your Facebook account, your email and its password, and more.
These dreadful people are also constantly scanning public posts and comments for anyone looking for this kind of help. Sometimes, they will just pop up and comment back on people’s comments, promoting fake-help scammers on Instagram.
If you’ve lost access to your Facebook, check out what I’ve written on this blog post, or head straight to the legitimate Facebook article on this topic. You’re welcome to reach out to me for further advice. But please: Avoid or ignore any strangers that claim to have magic recovery powers. They don’t.
That’s not a typo. The title is not missing an ‘S’. Quishing is a new term, made by combining “QR code” and “phishing”. Like smishing, it’s yet another deceptive practice that scammers are using to take advantage of people. Here’s what you need to know, to be safe out there:
QR (quick response) Codes are those delightful Bladerunner-esque hieroglyphics that you see on windows and doors of businesses. Scan a QR code, and it will quickly take you to a website, an app download, or some other useful internet function. And as society gets more comfortable with using them, they’re coming into play in many more places:
Restaurants, for viewing menus
Parking meters, for instant/electronic payments
Hospitals, for health app downloads
Storefronts, for advertising/promotional offers
Malls and public space, for connecting to free municipal Wi-Fi
Product packaging, for access to nutrition/safety info
I’ve previously blogged about using your camera on QR codes, and also how easy it is to make your own QR code, for free. Well, as QR codes become more commonplace, scammers are looking for their angle. These opportunists are finding it handy to use QR codes as they phish, because a QR code hides the URL or true intent from the human eye.
Where Quishing Occurs
Quishing is when a bad guy creates a QR code of his own, and places it somewhere (often in public), to get unsuspecting people to scan it. Since a QR code can link to anywhere on the internet, a quish could lead your phone to:
a phishing (impostor) website
a dangerous app download
a bogus Wi-Fi hotspot
malicious sites or advertisements
There’s not a lot of data yet on how common quishing attacks are, but there are reports of specific incidents out there. Austin, TX had a scam last year, where a quisher put his own QR code stickers on their parking meters. When people scanned those bad codes, they were taken to a fraudulent app that tricked them into paying the quisher. Another BBB article references where a student received a bogus financial aid letter in the mail. The printed QR code linked to a phishing website, bent on stealing his money.
Besides quishing stickers appearing in public, unsafe QR codes are also being used in phishing emails. These messages present as if your account needs attention and that you can scan the included QR code to sign in. But scanning that QR code leads the victim to a convincing fake website that asks for your email and password. Someone tricked in this manner will deliver their login info directly to cybercriminals.
Don’t Panic. Quishing, while dangerous, is probably not going to shanghai if you remain mindful as you use QR codes.
Before scanning a QR sticker, judge it for legitimacy. Does it look clean and professional? Is there anything sloppy or suspicious about it? If so, trust your gut and look for a URL to type in or some other way to access the info/website/function. Or ask a legitimate employee about the QR code.
After scanning a QR code, confirm that you are where you expected to be. If you’re in a bakery, scanning a QR code for a chance to win a free cheesecake, you should be alarmed if instead you see an ad for dating hot singles in your area. If any weird pop-ups or downloads jump onto your screen, do not cooperate with them. Close those apps, or reboot your phone to get away from them!
Notice the URL of any website that comes up from a QR code. Does it match what you expected? Scanning a code at Starbucks should take you to a URL with “starbucks.com” in it, not “starb-buckss.tw”.
Do not sign-in to any unexpected password prompts, after using a QR code. Only enter sensitive information if you are 100% certain of the QR code’s trustworthiness. Double-check with anyone in authority where the code is posted, for peace of mind.
I’ve posted recently about several scams on Facebook; here are some more! Since Meta is so negligent at policing its platforms, bad actors and their schemes thrive on their social media platform. I may often have some new everyday Facebook scams to tell you about.
Catalytic Converter Theft
If you see post about catalytic converter theft, be suspicious. They’ll have some interesting photos but no real details about the crime or who to contact. They just want you to Share the post and boost the signal.
But don’t do it! Don’t Like the post, don’t Share it. There’s no real scam to these posts, but that comes later. These posts serve as gullibility checks. The scammers watch and notice who is spreading their nonsense info, and may PM those people later with targeted scams.
Giving Away a MacBook
This is the same plan as when the scammer tries to give away a PS5. They’ll privately message you and ask you to cover their Fedex shipping costs. If you pay that, they’ll disappear with the money and you’ll then learn that there is no such thing as a free MacBook.
Amazon Work from Home Opportunities
Amazon does offer a lot of job opportunities, and some of them are work-from-home. But you won’t find them in posts that look like these:
These posts are not associated with Amazon in any way. They often direct you to click on a Google Sites URL, which would take you to a scammy site that tries to collect all of your PII. Don’t click the links! Don’t fill out any forms on these sites! You won’t get a job, but you will become inundated with spam email and junk postal mail and other scammy offers.
I think most people know by now that these things are suspicious. But since they remain pervasive, I thought I should remind you to beware these nameless duct cleaning offers.
I’ve written at length on how these things work, but in short: The poster is in Pakistan, ready to take your info. He will schedule your duct cleaning with a mystery person in your region, and collect a commission. An unlicensed worker will come to your house and perform some kind of duct cleaning procedure. But the work may be lousy, or the bill may turn out higher than what was agreed upon. Play it safe and hire a local, licensed company for this type of work.
RV & Tiny Home Giveaways
This is another one that I’ve gone over, but deserves a mention since they are still commonplace. These posts claim that there was a lottery for a free RV or other small home, and the winner did not claim the prize! They offer the chance for someone else to step up and be a winner.
This scam presses people to Share, Share, Share their post, but please don’t do that. Don’t help the scammer get this rubbish in front of more faces. And don’t Like the post or Message the poster. They’ll just tell you that you’ve won the prize, and then try to collect a “transport fee” from you. And then, they’ll ghost you.
More Telltale Signs of a Facebook Scam
The poster Likes their own post.
The first comment is also from the poster, urging you to message them or click a URL.
The language seems off, for example: “Kindly check your private messaging.”
They ask you to text them, email them or otherwise go off-platform (away from Facebook messages).
They claim they are licensed, but won’t produce a license number or other hard details for you to verify.
Caller ID spoofing, or phone number spoofing, is important to understand. If you’re not familiar with this practice, let me explain:
Caller ID Is Fallible
When you receive a phone call, most phones display some identification about the inbound call. You may see:
First Name, Last Name, Area Code and Phone Number
Business Name, Area Code and Phone Number
You need to know: The info shown on your Caller ID can be altered. Both the number and the name on your Caller ID display could be inaccurate or untrue. It is easy and often free for someone to change (spoof) their Caller ID info.
Phone call spoofing, as a practice, is legal in our country. But using spoofing to defraud or cause harm is illegal. If this gives you some pause, if you’re wondering why spoofing is legal at all, consider some possible legitimate uses:
Law enforcement may need to alter their identity as they investigate crimes.
Collections agents might spoof their Caller ID info so that a debtor won’t avoid their calls.
A doctor or counselor may spoof their number when calling a patient to maintain a crucial level of privacy.
Friends might use Caller ID spoofing for pranking each other, without causing harm.
Of course, the main point of this post is to talk about scams, and make you alert to them. Scammers love to use Caller ID spoofing when they call their potential victims. They know that people tend to believe what they read, especially when it flashes by quickly. Robocallers and spammers also use phone spoofing, but the biggest danger is from scams like these:
Apple/Microsoft/Amazon/Facebook Support shows on the Caller ID, and a robocall tells you that your account has had suspicious activity on it. Press 1 to be connected to an agent who will help (steal) your account.
Your bank shows on the Caller ID, and they are calling to reset your PIN and password, as someone has tried to hack into your accounts.
To be absolutely clear, the above examples are scams. The IRS, Microsoft, your bank, etc. are NOT going to call you for account changes or payments. Please hang up if you ever answer a call like these!
Scams of all kinds use spoofing to make their calls show the same area code and exchange as your number. This is called Neighbor Spoofing. They make their number look very close to your number, so that you think it is someone local to you and might answer more quickly.
It is also possible for someone to spoof your exact phone number. This can be done to confuse you and get you to answer. But it can also be done to deflect blame to you. If you ever get angry calls from other people, telling you to stop with the spam calls, understand that a bad actor may be using your number in their spoofing scheme.
How to Defend Against Call Spoofing
You’re doing it right now. Maintaining awareness that Caller ID is not to be trusted is the best defense against Caller ID spoofing. After that, you can consider some extra tactics:
Talk to your phone provider and see if they offer/recommend any particular call screening options or apps with spoofing protection.
There is no end to the scams I see on Facebook. I know I’ve posted at length about specific FB scams, but in this post, I want to run down quickly on a bunch of commonplace Facebook scams. Watch out for these, don’t fall for these, definitely report these:
(Don’t) Buy This Shirt!
This offer may tug at your heartstrings, because they’ve mentioned their son is autistic. But there is no son, and the poster is from another country. The URL will take you to a web-storefront, where you can pay money for a shirt. But it’s at an online marketplace where anyone can quickly open up a shop and have shirts printed:
You might actually get a (lousy) shirt, but please realize that you’re giving your card info to a stranger who may be halfway around the world. The big risk here is getting mystery charges on your card, later on.
Neon for Free
Want a neon sign? You’re not going to get one from these jokers. Their plan is to privately message you, gently guilt you towards making a small donation, and then disappear with any money you’ve sent them.
Vendor Fee for Non-Existent Fair
Looking to sell your hand-crafted art in your region? Community fairs and festivals are the way to go, but beware generic scam posts as shown below.
While at first glance, these may look legitimate, it’s a lie and a trap. The poster has used Google to find an address commonly used for public events. Any email or phone number provided is not connected to the stated address; they go straight to the scammer. They’ve crafted this post so that people will contact the scammer and not the venue. And if you contact the scammer, they’ll take your “reservation fee” and disappear with it.
I’ve picked this scam apart before, but it deserves a mention, since I’ve seen it often this month. It’s similar to the above scam, in that they want to privately message you and get an advance payment for eggs. But you’ll be sitting by the door waiting forever for that henfruit. The poster is just using a sock puppet account, as they sit in an internet cafe in Kenya.
Giving Away a Gaming Console
Those PS5’s are super-expensive, so seeing someone giving away one for free on Facebook may seem like a miracle. And even more convincing is to see someone local, someone believable!, posting about how you can have their unwanted video game hardware:
But this type of scam is usually carried out using a stolen Facebook account. If you contact them for the console, they’ll say that they moved to another state, but can Fedex the device to you, as long as you cover their shipping. Once again, if you send them any money, they’ll ghost you and you’ll never get anything in return.
Moving, Everything Must Go
If a real person has to move and sell off a lot of stuff, they’ll give you an address to visit, and a phone number to reach them at. But some posts only lead to private messages, where you are urged to pay a small amount to “hold” the item for you. I think by now you know what’ll happen if you give them any money.
And other “moving” posts lead you to other weird websites or private Facebook groups, where you’ll meet with other scams and attempts at collecting your personal information.
Fake Job Listing
If you think you’ve found your dreamjob on Facebook, think again. Many of them are traps:
A real job listing should state a well-known company name, and will refer you to Indeed.com or some other corporate website. This scam job listing has no real contact info, and will only lead to a fake job interview over chat, and then they’ll try to get your bank account info or worse.
Telltale Signs of a Facebook Scam
The poster has a locked account, or has turned off Comments to their post.
They need you to pay them a little bit of money first, to prove that you are not scamming them!
They won’t meet you in person for a transaction.
You cannot call to speak with them.
They want you to use Venmo or CashApp instead of a credit card.
You meet with resistance when asking for basic info, like a website URL or address or phone number.
They comment a link to a website, but the URL shows a Google sites address, or something that just doesn’t look relevant.
Rental scams are common on the internet. And they pertain to those looking for a place to rent, as well as landlords looking to rent out their property. Consider this info and be careful out there!
If You Are Looking to Rent as a Tenant
When you reach out to a landlord and inquire about a rental, pay attention to how they communicate and what they offer. There are a lot of warning signs for a rental scam:
The listing photos have a watermark from another website (because the pictures have been copied/stolen)
They ask to send you a code, for you to repeat back to them, “to prove your identity.” This is either the Google Voice Verification Scam, or an attempt to steal your Facebook or other social media account. Do not give any verification codes to anyone!
They ask you to make a deposit:
urgently, immediately, before other offers come in!
before you can tour the property
before you’ve met the owner/landlord face-to-face
through a wire transfer or gift card purchase
by going off-platform. Example: you’ve responded to an AirBnB listing, and the owner asks you to pay him through Venmo for a lower price
The rental price is too-good-to-be-true
They don’t check your background or credit history
Please understand that rental listing scams are very easy to concoct. You may encounter them on Facebook Marketplace, Craigslist, AirBnb and other public sites. Cybercriminals can easily look over legitimate real estate listings, and copy them in very convincing ways. Sometimes, they’ll copy every single detail from a listing, and then only change the phone number and email address.
If your gut tells you something, listen to it and do your due diligence before handing over any money. And if you feel like you’re in over your head, find a real estate professional. A seasoned Realtor® will protect you from all the scams out there, and many will help you find your next place to live without charging you for their service.
If You Are Renting Property as a Landlord
Landlords also have to watch out. That person reaching out to you about your apartment? They could be a scammer, too.
Don’t accept payment for more than the agreed-upon amount. If someone wants to send too much money, so that you can refund them the overage, that’s an overpayment scam.
Run the credit/employment checks yourself. If the tenant offers their own copies, that might seem kind of them, but those could be fakes. Trust but verify!
They ask to send you a code, for you to repeat back to them, “to prove your identity.” This is either the Google Voice Verification Scam, or an attempt to steal your Facebook or other social media account. Do not give any verification codes to anyone! (Yes, landlords have to deal with this, too!)