Aitken: Scamming is BIG Business!

According to Kiplinger’s, people lost more than $10 Billion dollars to scams last year. It may be hard to believe but scamming has become big business for foreigners who operate out of India or Nigeria. They collect money they’ve scammed from Americans by using ‘cash mules’. These mules are given a small cut in return for picking up money envelopes or boxes of cash at designated US addresses. These addresses could be PO boxes or unoccupied homes or businesses. These US mules then send the money to their ‘bosses’ overseas. Often they send the money to Bitcoin accounts, thereby making the transaction untraceable.

Chances are you have received at least one scam message through your landline, cell phone texting app, email or Facebook. Many scams are conducted through online dating sites, also known as “romance scams”. It has been disheartening to see many actual examples of lonely widows who sent their whole retirement savings (one sent as much as $2.5M) to scammers they thought were men they would meet and marry. On Facebook, if you are a woman, you may get a lovely eloquent message in the comment section of one of your posts from what seems to be a nice looking man asking you to friend him. Often these men will have a profile depicting them in military uniform or a business suit, but not living in a state near you. Best to just ignore.

Those of you who are older and have land lines are often targeted because the scammers hope you may not be tech savvy enough to suspect something is wrong. Being in that age group myself, I often get 4-5 scam phone calls in one day, in addition to scores of email scams. One afternoon I got a call from someone pretending to be my grandson, crying that he’d been in an accident and needed money. I don’t even have a grandson.

Here are some common methods of scamming and how to recognize and report them.

Text Messages

A text message may arrive out of the blue on your cell phone from someone you do not know. They will ask for an unfamiliar name and when you say ‘sorry nobody by that name here’ they may attempt to engage you in a friendly conversation. If it really had been a mistake they should apologize and stop talking. Do not continue and simply block them.

UPDATE: NH residents, including myself who does not even have an EZ-PASS, are now getting fake messages that claim they owe money. The websites are fake, they contain copied material from the real EZ-PASS site, and are being reported to their hosting server.

Email

Email scams are quite numerous. I personally receive at least 20-30 per day. They may ask you to help them buy Amazon gift cards (spoofing a friend’s email) or tell you that you won something, or in another more sinister ploy, that they have hacked you and recorded you watching ‘porn movies’ while demanding ransom payment with Bitcoin! It never ends. Most often they will claim your software subscription or internet service was ‘renewed’ at a price charged to your credit card. Or they will claim you just purchased an expensive item such as a laptop or that you need to update billing information. They may give you a phone number to call in case you did not make the purchase. Do not fall for this or click on strange links. If you are concerned about the charges, check your CC balance by calling your bank directly to make sure there were no charges you did not make, and then report the email to the abuse address of both the server from which it came and the one from which it was sent. For example, if I received the email on Comcast, and the email was sent from a GMail address I copy both abuse@comcast.net and abuse@google.com on the forwarded scam email. Other abuse address examples are reportascam@amazon.com, abuse@aol.com, abuse@msn.com, (for email sent with Outlook), abuse@icloud.com, abuse@wix.com, abuse@earthlink.net, phishing@irs.gov, abuse@bankofamerica.com. If not listed here, you can look up the abuse address on the provider’s or bank’s website. If the address is a friend’s that is legitimate, don’t report it as spam, but let your friend know they’ve been hacked and tell them to change their password immediately.

PayPal, Netflix, Sirius, Apple...

These are the scams that come via email which may claim you owe for something you never bought or that your subscription has expired even if you don’t have one. Do not call the number they provide. One of the more egregious scams, like one I got today in fact, is a phony invoice that may actually appear inside your PayPal account if you have one. Immediately go to your PayPal account and follow the instructions for reporting it as a scam and PayPal will then block the person requesting the money. You can also forward the original email to phishing@paypal.com Copy to the abuse address of the email server from which it was supposedly sent as well as the address of the server on which you received it: reportphishing@apple.com, phishing@netflix.com, reportphishing@siriusxm.com, are just some examples.

If they send you to a website, look up the domain on https://www.whois.com/whois/ and report the site to the abuse address listed. iCANN requires one to be listed in the WHOIS, even if the owner of the site is private. If an abuse reporting address isn’t listed there, copy the information and report it to https://www.icann.org/

Now for the fun part.

Facebook

Some scammers pretending to be Facebook never seem to want to give up on telling you your Facebook page has violated something and that soon it will be shut down. I play whack-a-mole with this on Facebook daily. The scams are so poor in execution, it’s easy to see they are not from META, the company that runs Facebook.

This very morning on Facebook I got what I knew immediately was a money phishing scam. A man looking like many other of my NH-type friends (and was even “friends” with one of my real friends) messaged me with a friendly greeting and told me about a grant he’d gotten for $550K. He explained this was not a loan and did not have to be repaid and sent me to another profile that would have me fill out an application. Out of curiosity I went to the page and messaged it. The person who responded wanted my name, and full address to fill out the “application.” When I asked why I was not allowed to fill it out myself, he responded with “Have a good day.” I was not surprised as the page was obviously a fake government page, very sparse, and had a nice looking man dressed in a business suit on the profile. I reported it with screen shots. The first man asked me to keep him posted and when I told him that I was not allowed to fill out the application myself, he told me to keep working with him and that he had to give his address to get his money. I told him that I would never give my information to someone to fill out an application without seeing the application myself. And neither should you! The page he sent me to was obviously not a government agent but I was curious to see how he would try to scam me.

Landline Phones

Calls may come claiming to be from Publishers Clearing House, Spectrum Cable, Comcast Cable, IRS, Medicare Card, or Social Security, etc.

I recently got a Publishers Clearing House scam call. PCH never calls ahead to let you know you won so these calls are always a phone scam, and you should hang up immediately. If someone claims you have to pay to receive your winnings note that this is illegal.

Often the scammers will spoof a normal looking NH address on the caller ID, with a name that you might think is someone you know. I found that if I answer with mention of the name (“Hello, Joe Smith, nice to hear from you”) they will realize you’ve seen the caller ID and will immediately hang up.

A Mule is Caught?

Yesterday I got an interesting phone scam. The minute I heard the tell-tale beep I could hear the rest of them working in the same Indian boiler room using the same script. I was bored so I decided I would play along and have some fun. The woman claimed to be from Spectrum Cable and that she would give me a $10 discount on my monthly $30 bill, but first I had to pay a ‘security’ fee of $199.87. I told her I did not have a CC so I could send a check. She gave me a PO Box in New Mexico which I later reported to the postal inspector as a ‘mule’ drop-off point for money gained via mail fraud. I also sent an email to the local police dept in NM. The funniest part of the scam was when she told me to turn off my TV so they could ‘update’ the software. She then played 3 beeps from her computer to pretend she had done something to my TV cable box. (I could hardly contain my laughter at this little charade. BTW, I don’t even have Spectrum.)

What was even more appalling was, I got a call from the same scammer today and I told her “I already sent you a check!” She asked me where I sent it and I told her the address. She seemed satisfied but then said “OK, let me connect you to my supervisor.” At that point I hung up.

Watch and Learn

If you want to see some real instances of how scammers are being caught by tech savvy crusaders, check out these accounts on YouTube. In some cases the police in India are complicit and will not do anything about the “boiler rooms” even after being given their locations and proof they are scamming people.

Scammer Payback uses a computer just for the purpose of scam-busting, using software that allows access to each others’ machines. (But do not ever let anyone convince you to download software that will allow them to access your computer) Somehow when he is able to get inside theirs, he exposes their names, faces, locations and victims. He will often copy and then delete all their files, which contain the information on people they have scammed. Sometimes he can even contact a victim to stop them just in time from sending money in ‘refund’ scams.

Trilogy Media also hunts down mules and scammers. In one sad case they could not convince Jodi, a woman who was living on assistance, to stop sending $300-$500 a month to her online ‘lover’ as she had been doing for the last 7 years. They showed her that he was using a fake name and actually calling her from Nigeria She refused to believe he wasn’t a real serviceman, and that it was not a real romance, despite the fact that she had never met the man and Trilogy proved the photos he was sending her were not his.

Catfished tells many sad stories of women who have been duped out of millions in romance scams. It’s hard to imagine that what you will see in these videos is real, but yet, it is happening every day.

Scamming is big business. Don’t be a victim. In just the time I have been writing this piece, I got two scam phone calls and 7 scam emails.

ADDED on 9-14-2025

BLOB FILES

What's a 'blob' file? It's a virtual page that is used in phishing scams that cannot be reported using the link in your Help menu. But you can copy it and send it to Google because you can still report the domain.

How blob file scams work:

A victim receives a phishing email that contains a link which sends you to a site that appears to be from a legitimate company, like DocuSign, Microsoft, or a bank. I just got one for CHASE BANK. This page uses JavaScript to create a "blob" in the user's browser, which contains the actual phishing page's code. The URL in the address bar, will begin with the word blob. If any page asks you for login credentials and the URL starts with blob:, it is malicious. Legitimate services will never use a blob URL for login.

How to report the scam:

Even if the final phishing page is a blob file, you can still report the original domain or email address.

• Report the phishing email. Forward the message to reportphishing@apwg.org to alert the Anti-Phishing Working Group.
• Report the initial domain. Copy the URL from the email link, and submit it to Google's Safe Browsing tool at safebrowsing.google.com/safebrowsing/report_phish/.
• Submit a report to the FBI. Use the Internet Crime Complaint Center (IC3) at ic3.gov to file a report.
• Notify the impersonated company. Inform the company the scammers are pretending to be, such as Microsoft or your bank, so they can take action.