Select Page
Weekly Alert  |  January 31, 2024

Your Personal Information Online Puts You at Risk! Have you ever wondered why cybercriminals know so much about you? They seem to know our full names, our email addresses, our phone numbers, and sometimes even our physical home addresses!  We’ve shown you hundreds of scam emails and texts in which we’ve had to blur out people’s personal information. Part of the answer may surprise you. Would you believe that there are at least 195 data brokers online who buy and sell your personal information for profit? Some of these data brokers even provide some of your information for free to anyone who wants to look it up! The use of your personal information by scammers and others who want to hurt you is a serious problem! And not just from cybercriminals looking for victims! Have you ever heard of “doxxing?” Doxxing is the practice of exposing someone’s private information for hurtful reasons, such as publishing the home address of a politician or phone number of a School Board member if you have an “ax to grind.” (Check out this 2023 article on CNN about doxxing.) Fortunately, there are excellent services, like Onerep.com, that can show you the kind of data that is available about you from these online data brokers. You can either manually visit each one of these 195+ brokers yourself and request that your personal data be removed, or you can pay a service, like Onerep.com, a reasonable fee to do it for you, and monitor that information.  We’ve tried both!  We learned that removing personal information from online data brokers is like playing Whack-A-Mole! Join us as we share our experiences navigating the world of personal data removal.…

The exposure of personal information has a significant ripple effect that can lead to victimization by many types of fraud. Besides sending malicious clickbait as emails or texts, and doxxing someone, personally identifiable information (PII) can be used for identity theft and even credit card fraud. For example, recently the National Council on Identity Theft Protection (a privately owned website, not affiliated with any government) stated that “Identity theft is a serious concern for individuals not only in the US but globally. Identity theft issues have been a common concern for several years and its frequency has sky-rocketed in the past few years.” Their post included a statement from the FTC that 25% of 5.7 million cases reported to the FTC in 2023 were related to identity theft. I am one small example of this type of theft. In 2021, criminals stole my personal information, including my details about my place of employment, and filed for unemployment benefits on my behalf, claiming that I was “out of work” due to the pandemic. It wasn’t true, of course, and I only discovered it when my employer brought it to my attention after being contacted by the State government agency asking them to confirm my unemployment!

As I was working on the draft of this very article, I received a voicemail message from one of our long-time readers. She asked if the voicemail she had received on January 24 was legitimate.  It wasn’t!  It’s a nasty scam in which cybercriminals will try to take control of a victim’s computer! If you listen to this 33 second voice message, you’ll hear the caller identify himself as “Chris Baker” the “technician from computer support maintenance team” and making a “security call” to the woman.  In addition to having the woman’s phone number, he clearly states her FULL NAME and email address, both of which we have cut out of the recording to protect her identity. Once again, the exposure of this woman’s personal information, made this call possible!

During the last decade of my teaching career, I taught a unit in my Internet Literacy class called Online Privacy is an Oxymoron.In that unit, students learned how easy it was to acquire someone’s personal information. (I taught them how to search for their parents’ personal information, with their parents’ permission.) They learned about the risks associated with this exposed personal information, and the steps that they should take to better protect their private information online. As a part of that unit, I had students use the free service provided by Onerep.com.  You can enter your full name and location, along with your email address, and Onerep will conduct a search for your full name on nearly 200 online data broker websites. I did this myself over two years ago and from the report provided by Onerep, I manually visited each of the dozens of websites Onerep revealed to me and, used the “Opt Out” forms to request that they remove all of my personal information. It took hours of work! 

When I began exploring content for this article in early September, 2023 I visited Onerep.com again. When I again checked if they could find any of my personal information online from the ever-expanding sea of data brokers, I was shocked to find that they found my personal information posted on another 53 websites!

The information Onerep showed me included my personal cell phone number and multiple current and former physical addresses and email addresses! For example, the data broker at ThatsThem[.]com had me listed 5 times! (These listings were associated with my full name, including middle name.) Each listing was a different address and phone number. And two of these 5 listings had completely wrong information! If you try to search for your own information, no doubt, you’ll also discover a small percentage of that information is incorrect. 

    Also rather shocking was how many data brokers displayed a list of my relatives. Yes, this included my spouse, my children and a parent. But surprisingly, it also included a cousin, aunts, uncles and relatives by marriage! And of course, a couple of “close relatives” included a individuals who were not related to me at all.  Once again, early last September, I started to visit each of these 53 data brokers, locate their “opt out” forms and demand that they remove my personal information! But after about 2 hours of this effort, I stopped and wondered what it would cost to sign up for the Onerep.com services to do this for me and continue to monitor my personal information? I checked the pricing on Onerep.com but didn’t immediately make a decision to purchase their services. A few days later, Onerep helped me to decide by sending an email offering a 50% discount for their services for one year…

    Their discount offer helped me to decide to make this investment in protecting my PII online. I learned that each month, Onerep will issue its members a new report of their findings about the progress they are making to remove your personal information and where they found it.  Relative to this effort, I have learned several things about online data brokers in the last few years…

    • Each data broker has a different policy about the time it takes to remove your personal information from their database once you request removal. Some say 1-3 days while others say 1-3 weeks to remove it! Also, some data brokers require you to send them a lot of confirming personal details to “prove” you are the person matching the profile you want removed! (This also felt very uncomfortable!)
    • Online data broker websites are like Whack-A-Mole!  New ones popup routinely and, I suspect, that these newer ones may be owned/operated by many of the same owners of other data broker sites. Think about it…. If a new one pops up under a new name, they can repost your personal information again, forcing you to go through the “opt out” process all over again!

    On October 23, 2023 I visited my Onerep account, about six weeks after signing up for their services, to see what progress they had made. I was surprised to see that they had found my personal information on a total of 110 data broker websites and had successfully removed that data from all but 1, which was still in progress. But I was equally alarmed to see that the total number of online data brokers had now expanded to 198 services from 142 services in early September! This is not some “sleight of hand” by Onerep because Onerep will provide you with a full list of these data broker websites if you want to explore them. (Believe me, I’ve explored many of them!)

      By mid-December, Onerep had successfully removed my personal information from 169 online data brokers out of 199 data brokers they had found and checked. Below is a screenshot of my dashboard in my Onerep account. My dashboard shows that lots of personal information about me was found and removed on my behalf. They show a list of the types of information that may be found online and removed by them, if found. It  includes social security numbers, cell phone numbers, property records, and political contributions. It also includes information related to evictions, bankruptcies, debts and liens, legal judgements and more, if they exist. The listed items don’t mean that each of these PII pieces about me were discovered. But it does mean that the data brokers that were scrubbed have been found to post this type of information and, if found by Onerep, it would be removed. 

      Now, several months into this service and in consideration of all of the private personal information I have found about me online, would I use the Onerep service again? Yes! I must admit that the discounted rate was very attractive and helped me to decide on using this service. Also, I have spot checked a few online data brokers in December since signing up for for this service last September. Guess what I found?….. NOTHING!  We’re also thrilled to say that Onerep is offering a 50% discount to our readers if they wish to sign up for their service. You’ll find the link below this Top Story. Also, if you do sign up, you’ll find a new Dashboard design to your account.

      I’ll close this story by saying that I am not naive enough to think that this will stop all of the targeted attacks against me through email, text, phone calls or even the USPS mailbox. But removing my personal information makes those attacks harder for cybercriminals to execute and are likely less convincing if they find less information about me. However, the value of information in this data-collecting age is only increasing. This is now compounded since the release of open artificial intelligence tools!  Check out this article posted in late December on the NYTimes website titled “How Strangers Got My Email Address from ChatGPT’s Model.”  It’s clear to this author that the problems associated with easy access to PII (Personally Identifiable Information) are getting worse, not better. We recommend doing your due diligence in any way you can to limit it.  Below are several articles that our readers may find helpful. And coincidentally, the Federal Trade Commision announced Identity Theft Awareness Week just 2 days ago!

      Credit Score Scam Have you received texts from Equifax that say your credit score dropped or your account was flagged? Hold on! Check out on this scam and protect yourself with this 100% FREE, all-in-one tool

      Top 10 Scams of 2023, 188 Fake Banks and More — We recently came across an excellent article on the Consumer Affairs website. The author described the top ten scams of 2023, as reported to Consumer Affairs and evaluated by a team of 18 experts in the field. The article is well written. Sadly, we’re all too familiar with all of the scams listed and would likely have included most of them in our own list. You’ll find the article here at ConsumerAffairs.com.  Last week we reported on a scam in which Nigerian cybercriminals pretended to be a woman offering her late husband’s piano for free. All you had to do was to pay the shipping fee, which would NEVER be recovered if you did! And no piano would be delivered. This story jogged the memory of our friend Rob and sent him searching his email inbox. Sure enough, he found an email from December, 2022 in which a fellow scambaiter was targeted by the same scam!  Check out what the man had to say about it…

      “I had a scammer going for almost a month! “Adrian Kemp” was down sizing in Memphis, giving away his baby grand piano, in pristine condition. The movers were a logistics company, charging $870 to move it to Ottawa Canada. When I said to the movers I can’t afford it, “Adrian” replied within one hour saying ‘I’ll pay $400 if you can cover the $470.’  I guess this is the “Something is better than nothing scam!” Then in another message, Adrian said “better hurry I have someone else who can pay $570 to move it to next state.  But what he hadn’t noticed was that I was the other person! He hadn’t notice the other email came from my address! Finally, he sent a message back to me saying someones got it. I joked and asked him if it was to the tune of “I lost a gift?” Of course, I got no reply from Adrian but one scammer got angry and sent me the message “you are a bastard.”  Mission accomplished!   

      On January 15, a woman reached out to us for help. She wanted our opinion to see if we thought that a man she had met online was a scammer or a legitimate person. Sadly, we had to inform the woman that he was a romance scammer and we confirmed it by explaining to her that the bank website he was involving her in was a complete fraud. The bank was called the Royal Cayman Islands Federal Credit Union or ​​rcifcu[.]com. The language used on this fake bank site is ridiculous! For example, on the “About Us” page, under “Our Goal” they say: “RCIFCU will serve their customers from all over the world and becomes the popular bank in this universe.”  The ​​rcifcu[.]com website also includes 3 reviews. We noticed that one of these reviews was so weirdly written that we decided to run a Google search for exactly this review.  What we uncovered shocked us! We discovered 188 FAKE BANKING WEBSITES created over the last 4 years! You can see the full list of all 188 fake banks posted at the bottom of our Fake Bank & Financial Services web page.

      We believe that English is not the first language of most cybercriminals. Therefore, it is often possible to become suspicious about content, messages and information you see online just be reading carefully.  Here’s another example. The same woman who contacted us on January 15 about the romance scammer also explained that her “new friend” was asking for her financial help to deal with a crisis. His apartment had been “burgled” (this is the UK version of “burglarized”) and all his money was stolen. To prove what he was saying to the woman, he provided a photo of the police report, shown below. This police report form itself has 2 errors in it that we choose NOT to point out in case these idiot criminals find our article. HOWEVER, check out the sentences typed at the bottom of the police report form. They are filled with errors! Details matter!

      At the other end of the “read carefully” spectrum is this email below that our friend Rob received a couple of weeks ago. Good news!  Rob is being offered a position at the United Nations and the salary and perks that they offer are INCREDIBLE! Should we ignore the fact that the ID Card contains major signs of being photoshopped?  In particular, the name “Efraim Gomez,” his role and his photo were dropped onto the card image.

      We have a couple of interesting links to leave you with….

      Microsoft, Comcast and Paypal Continuing with our point that proper English matters in emails and texts, check out this brief opening paragraph that appeared in a phishing email sent to us by one of our readers…

      “The present resstoration of your Norton membership will  bring about a charge of $ 359.00  from your record Debited From Your Account will be deducted. The Debited Amount will Be Reflected Within The Next 24.hour” Well said, right? Speaking of well said, how about this lovely email from the “Billing Team” that starts with the endearing phrase “To Our Esteemed Client.” Wow, you gotta love that opening!  If you continue to read the paragraph that follows, we can assure you that REAL businesses DO NOT write like that!

      Deeeeeleeeeeete!

      Recently we saw a post on Nextdoor.com from a man named Leo.  He described a phishing scam call that woke him at 1:30 in the morning.  It’s a very clever scam, trying to trick Comcast account holders into giving scammers a security code to access their accounts.  He described the scam well, and provides great advice too!  Check it out….

      Microsoft phishing scams have been on the rise lately.  Below are two samples that our readers have sent to us. Remember to report your smelly phish! https://safebrowsing.google.com/safebrowsing/report_phish/

      Earn Money by Promoting Products! NOT! Last week we heard from the CEO of a Digital Marketing Agency, a man name Igor. The Agency is called Fortunatos and they have offices in the US, Poland and Ukraine. Igor contacted us to report that scammers had created a look-alike domain to the Fortunatos business and were contacting people about fake jobs! However, the ploy that was used in this scam was very clever! On January 18, several people contacted Igor to ask whether these job interviews were legitimate. It appears that they were all invited for a text-only job interview with the fake company and the job was for them to promote various products for which they would be paid based on how much promoting they did. HOWEVER, to sign up and boost these products, they had to deposit $100 to open their accounts! Thankfully, they were all suspicious and reached out to the real Fortunatos.io website. Igor and his staff informed each of them that this job interview was NOT legitimate. The scammers had created a similar website using the real brand name and logo from Fortunatos, but using the domain Fortunatos-cek[.]com. The scammers had then used direct messaging on (WhatsApp, Telegram) to reach out to potential victims. 

      Here’s how this scam lured victims…. People were invited to interview for a job doing “promotion boosts.” But it required that they deposit $100 to begin receiving the first few “tasks.” (See screenshot below.) Once you hit start, Igor tells us, the bogus account shows you some product, its value, and how much you get if you hit submit to “boost” the ratings on that product. It claims that you get a small percentage for your commission.  This is complete nonsense! REAL businesses don’t operate like this!

        Making this scam seem even more insane is that “investors” are promised higher percentage earnings if they invest more than the original $100!  This almost feels like it could be Ponzi Scheme but we strongly suspect that victims will simply lose whatever money they wire into this crazy job!  Keep in mind that the website created to mimic the real business was Fortunatos-cek[.]com and this domain was registered less than 3 weeks before Igor contacted us to report this fraud!  The scammers also use the messaging service called Telegram to support this scam.  Victims, ahhh…. We mean new employees can reach out to Fortunatos Customer Service representatives through a bogus Telegram account at: https://t.me/FortunatosCustomerService 

        Igor thinks that this scam may be targeting people in South Africa more heavily than other in other countries, based on information he’s received from victims. Fortunately, Igor has reported the malicious mimic website to the hosting service and registrar and it looks like it has already been taken down. We suspect it could pop up again soon. The fake Telegram customer support site was still available as of January 27. 

        Remember Those 2 Guys and You’ve Been Implicated in a Crime! — Cybercriminals use lots of social engineering tricks to manipulate your clicking behavior and this is a common one! The man who sent it to us said that he knows the sender, named Frank. HOWEVER, he recognized that Frank’s email address was NOT the email that Frank had always used. This is exactly the type of malicious clickbait that is created and sent to people after someone’s social media account is hacked and all the contact information is stolen. Scammers then pretend to be someone you know and send you a malicious link, along with statements like “I assume you should remember those 2 guys in the photographs here.”  We GUARANTEE that there is a malware trap waiting for you at the end of that weird link!

        It’s been a while since we’ve seen this next scam. A woman contacted us last week to ask if we thought this email and attached pdf document were real. They were not!  The woman was supposedly contacted by the US Social Security Administration about instances in which her SS number had been used in “unlawful activity in both New Mexico and Texas.”  The email, however, came from a free Gmail account called susierothnkjv02. It’s important to point out that the REAL SS Administration and law enforcement agencies WOULD NEVER just send you an email like this! They’ll show up at your door! If you read the “suspension notice” we hope you’ll agree with us that it is complete nonsense! Oh, and let’s point out that the phone number that the woman was asked to call, 888-488-3074, does NOT belong to the SSA.gov or any law enforcement agency, according to Google!

        Madelyn From Indeed Has a Job Offer! —We’ve posted hundreds of job scams which are a form of “advance check” scam.  Oddly, just days apart, two of our readers who live in Massachusetts in the US, sent us nearly identical texts they received from “Madelyn”. Don’t believe these texts!  Real employers would never do this!

        Until next week, surf safely!

        Copyright © 2023 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
        have subscribed to it via Scamadviser.com or thedailyscam.com

        Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

        Contact Webmaster