Think Twice Before You Open That Google Doc

If you can’t trust an official Google login page then what can you trust, eh? An innovative phishing scam briefly spread like wildfire today before being snuffed out by Google – it was using the company’s own security against unsuspecting users.

Here’s how it worked. The chain would start with you receiving an unsolicited email from a known contact. It looked like the standard “invitation to view a document” that compulsive users of Google Docs will know very well. So far, so phishy.

But unlike traditional phishing attacks that try to coax personal details out of you with an official-looking imitation page, this cunning scam took you to a genuine Google login window. Once you signed in, you inadvertently gave access to a malicious third-party app (cunningly named “Google Docs”), allowing it access to your contacts and email, extending the scam go further.

Google is aware of the issue and has already taken steps to close the loophole, writing in a statement on its Product Forums that: “We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”

Just because the known malicious apps have been closed, doesn’t mean another similar exploit account couldn’t open – so do be vigilant.

If you think you were taken in by the scam, head over to Google’s security page, and remove any connected apps that looks fishy or phishy.

On the Eve of 4/20, The Florida Department of Health Urges Caution to Avoid Medical Marijuana Scams

The Florida Department of Health is urging Florida residents to use caution to avoid medical marijuana scams. Last week, it came to the department’s attention that there are businesses advertising free or reduced-cost access to medical marijuana and in some cases are asserting that they are the “Office of Compassionate Use” when soliciting credit card information. The department reports all incidents of potential fraud and scams to law enforcement, but wants to ensure residents are aware of what to avoid.

Below are tips to help protect you from scams involving medical marijuana:

  • The department’s Office of Compassionate Use is the only entity issuing identification cards for medical marijuana in Florida. No third party is authorized to process applications. Do not provide credit card information to any third party entity advertising the ability to obtain medical      marijuana cards.
  • The department does not currently accept credit cards as a form of payment for an Office of Compassionate Use identification card. There is no need to ever provide your credit card information to the department’s Office of Compassionate Use.
  • There are seven dispensing organizations authorized to cultivate, process and dispense medical marijuana. These seven are the only businesses in Florida authorized to dispense medical marijuana to qualified patients and legal representatives.
  • The Office of Compassionate Use maintains a list of physicians who have completed the required 8 hour education course. To find a qualified ordering physician click here.

The department updates the Office of Compassionate Use webpage regularly with accurate information. Patients and legal representatives are encouraged to visit this webpage often.

To report scams to the Florida Department of Agriculture and Consumer Services call 1-800-HELP-FLA (1-800-435-7352).

To report fraud to the Attorney General’s office call 1-866-966-7226.

Florida Real Estate Agents Targeted By Elaborate Fake Realtor Group

Realtors in the state of Florida are being targeted and threatened with the suspension of their license as part of an elaborate scam allegedly perpetrated by a fake Realtor group, the state’s actual Realtor group warned on Monday.

Florida Realtors, which boasts 165,000 members in 55 boards and associations, issued a warning to its members this week after Realtors in the state recently began receiving letters from the “Florida Board of Realtors” that claim the Realtors real estate license is in danger of suspension.

The issue? The “Florida Board of Realtors” doesn’t exist.

And according to Florida Realtors CEO Bill Martin, whoever is perpetrating the scheme went through a great deal of effort to make the group appear legitimate.

“It’s a scam,” Martin said. “And it’s not a simple scam. High-tech criminals put a great deal of work and planning into this.

According to Martin, Realtors in Florida called the legitimate Realtor group after receiving “final notice” letters from the “Florida Board of Realtors,” which threatened the Realtor with a license suspension unless the Realtor submitted a $225 renewal fee.

“Failure to respond with your 2017 Agent Board Listing may lead to closure of board listing,” the letter states. “Response required to be included in the Agency listing.”

According to Florida Realtors, Realtors sent in copies of the letter, which appears to be professionally done. The group also said that the letters include a “Make check payable to:” address that appears to be a post office in Deerfield Beach, Fla.

Martin said that the scam came to light in the last few days after Realtors all over the state began receiving the fake letters.

But the scam isn’t limited to the letters.

According to Florida Realtors, the letter also directs recipients to floridaboardofrealtors.org, which presents itself as a legitimate, functioning website.

But clicking on any of the links listed on the site shows that the website does have much detail beyond a few high-level landing pages. Most links are dead-ends.

Florida Realtors General Counsel Margy Grant said the group is already in contact with various governmental agencies about the letters.

“For now, members should ignore these demand letters, and we ask brokers and agents to spread this message to everyone working in the Florida real estate industry,” Grant said.

“Florida Realtors is still investigating and in contact with Florida authorities. It’s now also in front of the Senior Assistant Attorney General in the Economic Crimes section in Florida Attorney General Pam Bondi’s office,” Grant continued.

Grant also said that the group contacted both Florida Department of Business and Professional Regulation and the Florida Real Estate Commission about the scam, and is considering legal action.

“Be vigilant. Be safe. And tell everyone you know,” Grant concluded. “Criminals created a truly impressive fake website, sent a complex fake letter and successfully alarmed Realtors across the state.”

Don’t Fall for These Holiday Shopping Scams

It’s easy to get caught up in the craziness of the holidays. You have parties to plan, cards to send, and gifts to buy, and that can be a lot to squeeze into just a few weeks. Don’t let the stress cloud your better judgment. Watch out for these scams that prey on holiday shoppers.

Fake Store Apps

The FBI recently sent a press release warning consumers about fake app scams. Once you download these apps, they steal personal info from your device.

They’re usually disguised as games, but some scammers create fake apps that mimic well-known brands like Zappos, Pandora, Dillards, or Dollar Tree. Smartphone users download the app, connect it to their Facebook account or email, and unknowingly give away a bunch of personal information. The apps can also infect your phone with malware.

To prevent this, look beyond a brand’s logo when you download an app from Google Play or the Apple Store. It’s easy to just search for an app and download the first one that looks right. Chris Mason, co-founder of Branding Brand, warns of a few additional red flags to watch out for, specifically typos and run-on sentences in app descriptions. Check customer reviews, too. If there are a lot of one-star reviews or users complain about advertising, that could be a red flag that the app is fake.

Fake Online Stores

The FBI also warns about fake deals from unfamiliar sites. It seems like it would be fairly obvious to spot a bunk online storefront, but criminals are smart about making these stores look legit. As Inc.com explains, some of these sites price most products competitively, but then they list other items ridiculously low to entice shoppers. The regular-priced items make them look like a real store and help them show up in Google search results. Thus, just because a store shows up in Google search results doesn’t automatically mean it’s legit.

Sometimes these scammers will even create fake social media handles and ads to promote their “deals.” These posts might include coupons, holiday promotions, contests, or free gift cards. They’re often accompanied by an online survey, which scammers use to steal your info. Here are a few ways to tell you might be on a fake shopping site:

  • The URL is complicated and includes hyphens like “givenchy-gear-for-less.com” or it uses a popular store on its main domain (zara.domain.com, for example).
  • The contact email is through an email client like Hotmail or Google, rather than the domain of the store itself. It might also include a bunch of random numbers or letters—a typical throwaway address.
  • The brand selection is completely random. As Complex.com puts it, “When was the last time you saw Angry Birds T-shirts sharing retail space with Balmain jeans?” Phony sites target people with popular brands; there’s usually no curating involved.

In general, if you come across a deal that’s too good to be true, it probably is. That said, there are a lot of decent holiday discounts out there, so that rule of thumb doesn’t always work. If you spot a truly awesome deal, chances are, deal sites have already found it. Check sites like Kinja Deals, Slickdeals, or DealNews to verify the discount. You can also use resources like Consumerist or the Better Business Bureau to research potential scam sites. Additionally, WhoIS.net allows you to look up information on the “company” or individual that registered the domain.

Social Media Scams

Social media channels like Facebook are a perfect platform for scammers. It’s easy enough to post a counterfeit ad or update, and the nature of social media allows them to share that scam effortlessly.

The “Secret Sister” scam, for example, has made its rounds on Facebook recently. It’s basically an illegal chain letter scheme in which consumers are asked to buy a gift for a stranger to get gifts back in return. You invite friends, they send gifts, and you get more gifts. It sounds completely ridiculous, but people fall for it. One woman told Pennsylvania’s WNEP:

At first when I read it, I thought it was pretty cool. The girl who tagged me in it is pretty reliable and is really nice, so it seemed like something she came up with. It seemed like this original thing.

Perhaps because social media seems like such a personal platform, it’s easy to fall for fraud. A few other holiday scams that have made their rounds on social media:

  • Fake Deals from Strangers: You Tweet about a gift you’re trying to find, then you get a direct message or tag from someone willing to sell you the item. The scammer takes your money or credit card/bank account information, and you never hear from them again.
  • Fake Gift Cards: Scammers post fraud gift certificates on social media, collect your personal info, then sell it to telemarketers or worse, steal your identity.
  • URL Scams: Scammers bait you with a message or a post that includes a link you have to click on for more information. Once you click on it, it steals your login credentials or installs malware on your computer.

It should go without saying that you don’t want to give out any personal information to a stranger, especially when that information includes financial details, like your credit card number. You should also avoid clicking on any unknown links someone DMs or tags you in.

Phishing Emails From Fake Retailers

Email fraud is nothing new, but it peaks around the holidays when people expect to receive order updates and shipping information from retailers, and busy shoppers may not inspect confirmation emails or account creation emails as closely as they would otherwise. These emails look like they come from legitimate companies, like Amazon or UPS. Some of them may claim there’s a problem with your order. Others may offer a deal or discount. You either click on the link and inadvertently download malware, or you enter your password, address, or other personal information and scammers steal it.

These emails look pretty convincing, but if you hover over any links to see the URL or just check the email address, you’ll notice the link is off. Chances are, it’ll be something like www.amazon.subdomain.com. This link won’t take you to Amazon at all, but to whatever URL “subdomain” is. If you’re still unsure about the email and it’s asking for personal information or to check the status of an order, go directly to the website in question and look up your order or tracking number. As a general rule, think twice about retailer emails and don’t click on any links or attachments if you’re not sure about them.

Misleading Store Credit Cards

Okay, store credit cards aren’t a scam exactly, but they’re almost always a terrible deal. People still fall for them, though, and get stuck in an endless debt trap. Stores bait customers with “deferred interest” cards, which seem like “0% introductory APR” credit cards, but they’re not.

With a “0% introductory APR” card, you don’t pay interest at all for an introductory term, and, afterward, your balance is charged at a regular interest rate. Deferred interest cards piggyback on these rules, but there’s an important difference: you have to pay the entire balance before the end of the promotional period, otherwise, you’ll owe interest for that entire term. Interest rates are high, too. A study from MagnifyMoney found that the average rate is 24.8 percent.

Deferred interest cards can be a decent deal if you have the cash on hand to pay off the balance and you get some great discount, cash back, or other deal for signing up, but the terms of store credit cards are usually terrible. They’re not great for your credit score, either. If you’re interested in the discounts those cards offer, consider opening a rewards card instead. Sites like NerdWallet can help you find a decent one, and they lay out the terms for you before you sign up. Of course, you always want to read the fine print yourself.

A lot of these tips seem like common sense, but keep in mind: thieves are good at creating the illusion of credibility. In general, maintain a skeptical eye. Think twice before giving out any personal information, especially over social media or email. You should also check your bank statements and credit reports periodically to look out for any fraudulent purchases or accounts. Beyond that, make sure to update your antivirus and anti-malware apps. This way, you’re protected even if you accidentally click something suspicious.

New Rules Would Require Debt Collectors Have Proof You Actually Owe Money

One of the most common complaints about debt collectors is that they harass people over debts that are either no longer owed, or weren’t owed in the first place. Federal regulators are now proposing rules that — among other protections — would cut down on these annoying, bogus collections actions by requiring that debt collectors have some sort of evidence that the person they are calling actually owes money.

This actually happened to me when I received a telephone call from a very aggressive collection agency rep who began yelling at me when I questioned a mystery debt to resident Polk County cab company Airport & Local Taxi. The man on the phone said that I owed a debt to Gary Navickas, owner of said company. I immediately demanded that he furnish proof of the alleged debt, which of course he could not, and this only infuriated him more. My simple recourse was to tell him to “F*ck Off” and block his number. Seems to have worked. Others however are not so fortunate.

The 2010 Dodd-Frank financial reforms not only created the Consumer Financial Protection Bureau, but tasked the CFPB with issuing regulations to prohibit unfair and deceptive practices by certain financial institutions and services, including debt collectors.

After a three-year process of consulting the industry, consumer advocates, and everyday Americans, the CFPB is releasing the outline for new protections intended to cut down on nuisance, zombie, and mistaken-identity debt collections.

Debt Collectors Are The Worst

The problems with errant debt-collection attempts are many. Having to repeatedly tell debt collectors you are not “Zeke Zekeson” and you have never been hospitalized in Tucson is an annoyance. It puts the onus on you to try to prove a negative:
You: “Look, here’s my ID and my current phone bill.”
Them: “You could have changed your name. Pay up.”

The Fair Debt Collection Practices Act already requires collectors to stop calling or contacting you — unless it’s to notify you of an actual legal action — if you ask them to. That would be fine, if it (A) always worked [it doesn’t], and (B) that debt collector didn’t just sell off the debt to yet another collector a few months later, starting the cycle all over again.

A 2013 study by the Federal Trade Commission found that debt buyers — the companies that purchase debt for pennies on the dollar in the hope of being able to collect — rarely get the information they need to ensure the people they hassle are bona fide debtors, or that the relevant statute of limitations hasn’t expired on the debt.

The companies selling these debts are frequently not telling buyers if any of the individual debt accounts have been disputed, nor are they supplying the debt buyers with supporting documentation regarding these accounts. Usually, the only information that regularly transfers from one company to another is: name, amount allegedly owed, last known phone number, last known address; all the info you need to begin hassling someone, but nothing you need to prove you have the right person or that the debt is legitimate.

Yes, some people complain — tens of thousands of them a year to the CFPB, FTC, and state consumer protection agencies — or take legal action against collectors that overstep their bounds, but those who don’t have the resources or know-how to dispute these collections attempts may feel trapped and choose to pay debts they no longer owed or never owed to begin with.

The New Rules

While some companies and financial institutions do their own debt collection, most of the problematic collections actions involves third-party collectors and debt buyers. Thus, the rules being proposed by the CFPB at this juncture primarily deal with these companies.

The CFPB’s proposal tries to combat nuisance collections actions in three ways: limiting excessive calls and messages; providing more information about the supposed debt and how to dispute it; and, most importantly, making sure collectors are connecting the right debt to the right person.

Here’s a breakdown of what would be required if the rules are enacted as they stand now:

• More than just a phone number:
Before contacting any consumer about an alleged debt, the collector would need to have more than just a name, dollar figure, and phone number. According to the CFPB, the collector would have to confirm it has — in addition to the usual info — account number associated with the debt, date of default, amount owed at default, and the date and amount of any payment or credit applied after default.

This way, if you’re being hassled for a cable bill that was defaulted on in 2012 and you can show you didn’t live at the address associated with that specific account until 2015, it makes disputing the debt easier.

• Enough already with the calls every five seconds:
Rather than receiving six debt collection calls a day (on a good day), third-party debt collectors would be limited to six communication attempts — of any kind — per week. So two calls, one letter, and an email in one would would be four total communications attempts. Thus, collectors can’t spam your phone, mailbox, or inbox, with annoying notices and demands for payment.

• This debt is old (but please still pay us):
Many people don’t know that there are statutes of limitations for many forms of debt, meaning that after a given number of years, you can no longer be sued for non-payment. However, collectors can still ask you to pay, because you do still technically owe the money.

What they don’t tell you is that, by making a payment on that otherwise dead debt, you could be restarting the statute of limitations, effectively resurrecting the debt and creating a financial zombie that can possibly end up in a lawsuit if you can’t make payments this time around.

Under the new rules, the collector would have to disclose on the notice that a particular debt is too old for the debtor to be sued over. Pay those debts at your own risk.

• E-Z debt disputes:
“Dispute that thing!” your friends say when you tell them about the $700 debt payment demand you received for a gym membership your former roommate ran up in your name.

“How do I do that?” you ask. Your friends shrug. “Send a letter or something maybe?”

The CFPB is proposing that collections notices include a “tear-off” dispute/pay stub that recipients could easily tear off and send back to the collector. It would include options for why the recipient of the notice thinks the collector’s demand is wrong.

• Right to a speedy dispute:
If you send back that stub — or dispute the debt through any other written form — within 30 days of your first notice, the CFPB proposes that the collector would have to provide you with a debt report that states in writing all the information it has substantiating the debt.

The debt collector would be barred from pursuing the debt further until it provides this report, so it would be in their best interest to respond quickly to your dispute.

• No documentation, no collection:
If that dispute turns up a lack of documents to support the collections action, the collector would have to stop chasing the debt, at least until it can gather all the info it needs to make its case.

• Looking for red flags:
Collectors would be required to look at the debt information they obtain and if they notice certain red flags — a high rate of disputes in a particular portfolio of debts, a debt seller that is unwilling or unable to provide supporting documents — they must stop collections actions.

• No passing the buck on disputes:
Currently, you might spend weeks or months trying to dispute a debt with Collector X only to find out your debt has been sold to Collector Y and they know nothing about your dispute.

Under the proposed rules, if Collector X sells that under-dispute debt, Collector Y can’t try to to collect on it until the dispute is resolved.

This would mean that collectors would be required to transfer dispute information along with the debts they resell, a practice that appears to be largely unheard-of in the industry today.

“This is about bringing better accuracy and accountability to a market that desperately needs it,” said CFPB Director Richard Cordray in a statement.

Far From Perfect

Consumer advocates have long pushed for reform in the debt collection market, and today’s announcement is met with applause, but also with the acknowledgement that this is just a beginning for an industry that has been rife with anti-consumer practices for decades.

Suzanne Martindale, our colleague at Consumers Union, notes that it’s incredibly important to hold debt collectors accountable by requiring them to have a reasonable basis to collect a debt, but the CFPB proposal falls short of putting the full burden of proof on the collector.

“Requiring third-party collectors to obtain and review key information throughout the process will prevent the most abusive collection practices,” notes Martindale. “However, we urge the CFPB to require that collectors review actual documents related to the original account in question. Relying on the prior owner’s claims that the information is ‘accurate’ could still cause collectors down the line to pursue the wrong people or the wrong amounts.”

Margot Saunders of the National Consumer Law Center is similarly critical, saying that the proposal “sets up a complicated and inadequate system that lets collectors rely on information that may be inaccurate.”

Both Consumers Union and the NCLC also question whether or not telling someone a debt is to old to be sued over is sufficient.

“We urge the CFPB to do more to protect consumers and simply ban all collection attempts on ‘time-barred’ debts, both in and out of court,” says Martindale about CU’s position on the issue.

The proposal released today only addresses third-party debt collectors. A forthcoming proposal from the CFPB will deal with debt collection actions that regulated financial services — like banks and credit card companies — take on their own behalf.