A new American Express phishing attack that specifically targeted American Express cardholders is unlike other attacks, according to security researchers. It contains a sophisticated method of harming the recipient that experts are not as familiar with.

Phishing attacks are nothing new. They arrive as emails, texts, social media messages or phone calls that appear to come from someone you know. It might look like your boss or co-worker, someone in your email contact list, your bank or your favorite retailer.

Each new phishing attack email has different goals, depending on what kind of ruse they are using. A fake email from your boss might tell you to change a password or send funds to a different account number, but an email from your bank might try to get you to hand over your username and password. Many phishing attacks only want the user to click a link in the email so they can be taken to a fake website where the thief steals their information. Or even worse, a link that downloads a virus to their computer.

In the case of the American Express phishing attack, the link embedded in the American Express phishing emails is two different parts. This way, the hacker can insert malicious code into the link while also confusing your antivirus software. Instead of warning you about a harmful link, your software does not recognize it as malicious.

The email itself was very typical of these kinds of attacks, namely in that it was filled with grammatical errors. Some reports have shown that the spelling and punctuation mistakes, like the ones seen in the American Express phishing attack, are intentional so that only more gullible recipients will interact with it.

Fortunately, the age-old advice about avoiding a phishing attack still holds true. These are some things to keep in mind.

Never click a link or download an attachment that you are not expecting

If the email came from your boss, pick up the phone and verify it. If it appears to come from a company you do business with, ignore the email and go directly to their website. From there, you can see if there is an issue with your account.

Spelling matters

Companies do not send out emails or other messages with multiple errors. If you see any strange mistakes, that is probably a sign it is a fake.

Check the email address and URL

If you look very carefully at the sender’s address or the website address they have included in the message, you might notice something strange. If it says “Amaz0n.com,” for example, it is fake. If the website is Citibank.card.shop.com, instead of the company’s actual web address, again, it is a fake.

Do not trust the caller ID

If the phishing attempt comes by phone, like the American Express phishing attack, do not go by what you saw on the caller ID. It is easy to change the phone number or screen name to say anything the scammer wants, such as “IRS” or “County Sheriff’s Dept.” If you receive a phoned attempt at getting you to verify your identity or make some kind of payment, hang up and contact the company directly using a phone number you have located yourself.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next…

How to File an Equifax Claim for Data Breach Settlement

SCAM: Your Social Security Number Has Been Suspended

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches

 

What It Is

Scammers are looking to cash in on the buzz surrounding the Equifax data breach, specifically the ability for consumers to check their data and file a claim if they were affected.

Who It Is Targeting

Any consumers who may have had their information stolen in the Equifax breach could be at risk of an Equifax settlement scam, but scammers may also seek out people who were not affected in order to sell them protection products.

What You Need To Know

Equifax is one of the three major credit reporting agencies, and they were breached in 2018. More than 147 million consumers had their complete identities stolen by hackers. Now, Equifax has launched its settlement website where you can find out if your information was stolen, file a claim for compensation and apply for credit monitoring. Equifax settlement scammers are capitalizing on the buzz surrounding this new website and have already targeted victims.

What You Should Do About It

  • Make sure you are only using legitimate websites for this process, namely the FTC’s site and EquifaxBreachSettlement.com.
  • You do not have to pay anything to file a claim, look into your data, receive credit monitoring services or otherwise participate in this settlement.
  • Never verify your information for someone who contacts you and offers to find out if you have been affected.
  • Never hand over your Social Security number to someone who contacts you in any way.

Read next…

How to File an Equifax Claim for Data Breach Settlement

SCAM: Your Social Security Number Has Been Suspended

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches

 

There are countless moving parts when it comes to planning your wedding, and many of those parameters can lead to scams and fraud. Wedding scams can turn your dream day can turn into a nightmare.

Say yes to the dress but no to scams. Wedding dresses that do not look like they did online and photographers who do not produce the photos of your big day despite advance payment, are just the tip of the wedding scam iceberg. Some bride and groom related scams can lead to identity theft, online account takeover and even home invasions. Here are just a few possible ways those planning a wedding can fall victim to a scam.

Social Media Oversharing

Your engagement means you will be planning a wedding, booking a honeymoon and perhaps looking for a new place to live. It could even mean expensive gifts will be arriving at your residence. Social media is great for keeping your friends and family updated on your wedding preparations, but it can also have some pitfalls.

If you do not choose to keep your posts private, then you need to be on your guard against too-good-to-be-true offers and advertisements. Worse, a bride-to-be could be sharing both her married name and her maiden name with a would-be identity thief, or alerting a burglar to a possible payday.

Honeymoon Travel

Whether you are taking a far-flung distant trip of a lifetime or a more low-key weekend getaway, your honeymoon does not need to be ruined by a travel scammer. From phony listings, reservations that steal your credit card information and bookings with bogus hidden fees, there are a lot of ways someone can take advantage of your finances and your identity.

To avoid this trap, only use reputable sites that you can trust with your private information, and monitor the payment accounts you used carefully for any sign of fraudulent activity. Remember, this is not only true for your pre-wedding planning. Follow up in the weeks and months after your trip to make sure nothing is amiss.

Gift Registries

If you are accepting gifts from your friends and family, a gift registry really does help them out. It can provide a wide price range to choose from, and helps ensure their thoughtful gesture is really something you want or need – but no one needs identity theft.

Establishing an account with a reputable online retailer with a proven history of security gives peace of mind about making an online purchase. You will also have a better chance of receiving a tracking number for purchases, as well as customer service protection.

Credit Reports, Social Security Cards and More

Part of getting married inevitably involves your government documents. Some brides choose to change their last names, which means applying for new drivers’ licenses, Social Security cards, credit cards, insurance benefits and more. Newly married couples may also need new tax withholding forms, wills, insurance paperwork, utility or rental agreements and other similar considerations.

What it boils down to is an abundance of paperwork with your complete identities on it, waiting to be stolen, copied or forged. It is vital that newlyweds keep all of their important papers secured and out of sight, and destroy completely before discarding. That might mean adding a home-model cross-cut shredder to your gift registry, just to be safe!

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Is Deepfake the Next Step in Cybercrime?

Things to Consider When Using VPN

New Tool Helps Consumers Make Sense of Data Breaches

Savvy online shoppers look forward to the veritable Christmas in July that is Amazon Prime Day, but scammers look forward to this event too. Amazon scams account for a significant percentage of internet retail fraud so it is important that consumers know what to look for. Armed with the ability to spot an Amazon scam, you can work to avoid them while still saving big during online shopping.

Amazon scams are so prevalent simply because they tend to work. With the sheer number of Amazon and Amazon Prime customers using the website, there is a good chance that any phishing attempt hiding behind the Amazon name and logo will find its way to a customer. There is no single type of Amazon scam, but they can take on so many different forms that it can be hard to tell what is real and what is a trap.

Many online shoppers are about to embark on a two-day shopping spree full of great deals for Amazon Prime Day. However, good deals could also mean lots of scammers. This Amazon Prime Day, which runs through July 15 and 16, make sure you know how to protect yourself from these scams:

Phishing Scams

There are several different phishing scams involving Amazon, especially on Amazon Prime Day, and other retailers, but some of the more common ones include:

  • “There is a problem with your account, please click here to verify your account or change your password”
  • “Here is your receipt and shipping confirmation” for a product you never ordered
  • “Please verify your payment method”

The goal is always to get you to click an included link then enter your sensitive account information for the scammers. The link may even install a virus or other harmful software on your computer.

Discount and Coupon Scams

Amazon is not the only retailer whose name and logo are used for fake coupons and discounts. This tactic offers phony discounts of up to $100 to use on the website in exchange for filling out an online form. The coupon is not real, and the scammers have just stolen all of the information you supplied to them. These can often be seen making the rounds on social media sites like Facebook and in consumers’ email inboxes.

Review Scams

After a big shopping event like Black Friday or Amazon Prime Day, you might suddenly be inundated with requests for product reviews, whether you bought anything or not. Some of these offers will even sweeten the deal with promises of cash in exchange for your review. Paying someone for a review is a clear violation of Amazon’s terms and conditions and can lead to problems with your account. More importantly, these offers are not real. The scammer may steal your personal information, launch a spam email campaign, install malicious software on your computer or worse.

Amazon Prime Day can also lead to account takeovers. It is important to monitor your debit card and credit card accounts for any suspicious activity, and report anything unusual to your financial institution or the retailer immediately.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

How To Spot a Fake Website

Things to Consider When Using VPN

New Tool Helps Consumers Make Sense of Data Breaches

A virtual private network (VPN) is a digital tool that keeps outsiders, such as hackers, identity thieves, spammers and even advertisers from seeing your online activity. VPN is an installed piece of software on your laptop or desktop that is either stand-alone or bundled with your antivirus or security software. For mobile devices, VPN can be a downloadable app from your manufacturer’s preferred app store.

Everyone needs one, especially people who use their computers or devices for any kind of sensitive activity like business or data management. It might be work-related communications, file sharing with your team members or collaborating on a project. From a personal-use stance, using a VPN protects you while online banking, shopping at your favorite websites or just surfing online.

VPNs can have a few issues, namely that they are simply a safety net and not a catch-all for security. You can still end up hurt if you do not follow the rules of smart internet use, like good password hygiene and being careful of untrustworthy websites.

There is another problem with using VPNs: blocking. When you are traveling for business, for example, some hotels and airports may block the ports for a VPN, meaning you cannot use your VPN if connected to their Wi-Fi.

If your VPN is blocked and you need to rely on a public connection, your personal identifying information (PII) can be picked up by someone monitoring the connection. This is not just a concern for airport or airplane Wi-Fi. In one event, hackers used luxury hotel Wi-Fi to steal business executives’ data.

How serious is the problem? According to the Identity Theft Resource Center’s monthly data breach reporting of publicly available breach notifications, there have already been 246 business breaches this year. Of those, 23 percent of the exposed records involved unauthorized access attempts like phishing attacks. Another report stated hackers were able to infiltrate the public Wi-Fi of hundreds of different hotels, convention centers, and data centers in 29 different countries, including the U.S.

Fortunately, there are some steps you can take if you are having no success using your VPN:

  • Disguise your VPN traffic as regular web browser traffic, which makes it impossible for the hotel’s network to block your VPN service
  • Check with your office IT administrator about your computer’s configuration so they can log the situation and troubleshoot it for you
  • If you cannot connect your computer to your VPN, try connecting your VPN to your hotspot on your phone for sensitive internet activities 

NOTE: While a VPN can have performance issues like taking longer to connect or slowing down the browser, it is still a good way to keep your information safe and reduce your risk of falling victim to a crime. The slow-down “cost” is outweighed by the benefit of protecting your information.

Finally, whether you are using your VPN or not, it is important to never leave your device unattended at a conference, hotel, coffee shop, or other location, even for a moment. Make sure your passcode is enabled to help keep others out of your device, and enable the “find my device” option in your settings if the manufacturer provides it. You can also set up a pre-installed or downloaded tool to wipe your device remotely if it falls into the wrong hands.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Government Cracks Down on Robocalls

Millions of Venmo Payment Apps Accessed Publicly

Rental Car Risks: What it means for Your Identity

Gift card scams are nothing new, but there is a new avenue for thieves to go after your money. While criminals have long relied on prepaid debit cards or iTunes gift cards for everything from IRS scams to fake online buying and selling, the latest “currency” is Google Play cards. As a result, Google Play gift card scams are on the rise and may already be targeting you or your loved ones.

You may have already learned about avoiding scams involving iTunes gift cards. These cards, which are only intended to be used for Apple Store purchases became a favorite tool for scammers who demanded untraceable payment in this card currency. Now with more criminals aware of the opportunity, the go-to choice for scammers is quickly becoming Google Play gift card scams. Here are some of the ways scammers target consumer finances by demanding payment through Google Play gift cards.

Impersonation Scams

Every malicious thing you have heard about iTunes gift cards, prepaid debit cards and even wire transfers is also true about Google Play gift cards. Callers pretending to be with the IRS, with law enforcement, with medical offices, bogus charities and other plausible outlets, may call and demand payment via gift cards. Remember, no credible agency or company will ask for an untraceable payment via gift card.

Reselling Gift Cards

There are multiple online platforms where users can sell unwanted, unused gift card balances. Criminals have taken advantage of this opportunity and steal the balances from unsuspecting sellers. One commonly reported Google Play gift card scam is the three-way call. The purpose of the call is to have you dial the number on the back of your card and verify the balance while the potential buyer listens. That makes a lot of sense when you think about it. However, as you are entering the card number on your phone’s keypad, the listener is recording the tones. After you end the call and before the scammer buys your card, they simply use the recorded tones to transfer all the money off your card and onto one they own. Avoid Google Play gift card scams by only using reputable sites and verifying buyer reputation when possible.

Balance Inquiry Scams

Checking the balance on your gift cards is a good idea. It helps you know how much to spend and how much you have left on a reloadable card. However, hackers have invented a tool that allows them to wipe gift cards clean by attacking the computer network that keeps up with the balances. In order to avoid that kind of theft, it is a good idea to use your gift cards shortly after receiving them. Also, remember that some types of cards can start to lose value each month if you do not spend them. You can avoid this with a Google Play card by installing the card in your mobile wallet on your Android device.

Protect Card Numbers

Google Play gift cards, just like other gift cards, are only as safe as the information on the magnetic stripe or in the assigned number on the back. If you lose your card or someone gets the number, they have access to your money. Never share your card information with someone who contacts you, and never verify your gift card number for someone.

Providing Emergency Help

One common Google Play gift card scam is for a person to claim they need a Google Play card for some reason, such as to download an app they must have for work or to buy a movie or book they need for school. The only catch is supposedly they are living in a location where they cannot buy the cards. They reach out to you on social media and offer to pay you to buy them a card, giving you the price of the card and a little something extra for your time. Once you read them the information from the back of the card, they will drain the funds off it and you will not be reimbursed. Remember, there is no valid reason why someone should need you to buy them a card, and you will be violating terms of service for gift cards if you provide one.

Google asks its users to remember two very important truths about Google Play gift card scams, and these are true of any kind of reloadable payment card. First, it can never be used for any purpose other than downloading content from the Google Play Store. Second, you must protect the number like cash. No one will ever have a genuine reason to ask you for the number from the back of a card. If you have been a victim of a gift card scam, report the instance to the Federal Trade Commission.

Of course, the Identity Theft Resource Center is here to help. Speak to an identity theft advisor for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Experian proudly provides financial support to the Identity Theft Resource Center.


You might also like…

Imposter Scams Were the Most Reported Complaint in 2018

In New Scam, Criminals Pose as Government Pretending to Help With Identity Theft

Study Explores Non-Economic Negative Impacts Caused by ID Theft 

 

Pass the sunscreen and umbrella because summer is here! Consumers are not the only ones who are happy to throw off those long sleeves and head out into the sunshine. Scammers also look forward to warmer weather in order to target victims with very specific summer scams.  

Employment Scams

Teachers, bus drivers, college students, residents of resort areas or anyone with some spare time can make a lot of extra money, especially in the summer months. prey on people who are looking for flexibility, significant income and easy work that will not conflict with other jobs.

There are a few telltale signs that a job offer might not be genuine. Unbelievably high hourly rates for basically no work, requirements that you pay for supplies or training materials, any offer that requests your complete identity in order to apply and any online offers that contain misspellings, vague information, links to click or software to download should be avoided.

Travel Scams

The myth of jetting off on vacation every summer is not the reality for a lot of people. Lots of consumers rely on specials, last minute deals, gig economy platforms like Airbnb or Uber and other options to save money while still taking a little trip. It is important to be aware of travel summer scams before you act.

Prior to committing your payment details or any other identifying information, be on the lookout for too-good-to-be-true offers like $99 for airfare and accommodations in the Bahamas, or the “I bought this non-refundable week-long stay in Miami and cannot go” messages that offer you ridiculously low prices. Some summer scammers go so far as to create entirely fake websites or steal photos of real properties to lure their victims. Others rely on genuine sites, like Airbnb, in order to post fake listings and steal money. Make sure you avoid shady opportunities and investigate options thoroughly before buying.

Moving Scams

Summer is a popular time to move, especially for recent graduates or families who wanted to let their kids finish the school year. Moving Scams can strike at any time during the year, but are especially prevalent during the summer. There are many different kinds of moving scams, but most of them involve hidden fees, estimates that are far less than the amount of the final bill and companies that change their names constantly to shirk off bad reviews online.

Social Media Scams

Your Facebook account or Instagram can when the weather turns warm. Everything from romance scammers and phishing attempts to burglars who scope out who is not home based on their posts can lead to harm.

Be mindful of what you post online, especially if you are taking that once-in-a-lifetime vacation. Also, beware of friend requests from accounts you do not recognize, or requests from people you thought you were already connected (i.e., hacked or spoofed accounts). Make sure if you are sharing interesting information that you are not oversharing or giving away too many of your details to anyone who can see them. Skip over messages from accounts you do not recognize.

Ticket Scams

Outdoor concerts, music festivals, and big-name concert tours are great summer fun if you do not fall for a ticket scam. The internet is flooded with everything from scalpers who overcharge for a legitimate ticket to completely bogus sites that steal your information and sell you a non-existent ticket. One of the ways to avoid ticket summer scams is to only purchase your tickets from legitimate, trusted retailers. If you cannot get tickets from the original source, you can go through a trusted reseller. Do your homework and make sure you are dealing with an honest company.


You might also like…

Imposter Scams Were the Most Reported Complaint in 2018

In New Scam, Criminals Pose as Government Pretending to Help With Identity Theft

Study Explores Non-Economic Negative Impacts Caused by ID Theft 

 

In one of the most ironic twists to come along in identity theft-based crime, there is a new scam attempt making the rounds, one that works so well because it tries to protect you from – you guessed it – identity theft. According to one victim’s story, criminals posed as members of government agencies and pretended that the victim’s identity had been stolen and asked him to cooperate in resolving this issue.

It started with a call from a scammer claiming to be from the Social Security Administration (SSA). “Your Social Security number has been used to rent a car,” the scammer said. That seems fairly straightforward and basic. The catch, though, is that the agent eventually transferred the call to someone pretending to be a Border Patrol agent who said the car had been recovered at the border and that there was a large amount of illegal drugs within the vehicle.

The callers threatened the victim in a very plausible way, even admitting that the victim probably had nothing to do with this, but would spend tens of thousands of dollars in attorney’s fees clearing his name. You can read the full story, but the short version is this: before the victim got through with this three-hour ordeal, he bought thousands of dollars in Google Play gift cards, and sent photos of the card numbers and PIN numbers to the scammers. After the callers received the information and money, they vanished.

Here are some of the multiple warning signs that could have prevented this crime if the victim had only known what to look for:

  1. You cannot trust your caller ID to be a verified identity. Any name or number—even your own—can be programmed to appear on that screen.
  2. The Social Security Administration does not call citizens about these or benefits matters.
  3. The government does not call individual consumers and enlist their help in an investigation.
  4. No one will ever call you with a legitimate issue and only give you an hour to comply, so be on your guard against high-pressure tactics.
  5. You will never be told by SSA or any other government agency to buy gift cards and give them the card details.
  6. A simple Google search for the phone number and the story the callers used would have told the victim that this was a scam.

The right thing for the victim to do would have been avoiding the scam with a few simple steps. First, ask for the name and agent identification number, then hang up. Contact the SSA yourself using a verified phone number, and ask the agent about this call. You can do this for any government agency the scammer claims to be from. In fact, imposter scams were the most reported complaint in 2018 to the Federal Trade Commission.

Once you call the agency for yourself, provide the agent’s name and number, and tell them what you were told. You will immediately be informed that your information has not been compromised and this was a scam.

Finally, report the phone call to your local law enforcement agency. They can post the incident on their social media pages so that others in your community are not victimized.

Of course, the Identity Theft Resource Center is here to help. Speak to an identity theft advisor for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read more: Imposter Scams Were the Most Reported Complaint in 2018

 

Renting out your home might be the key to making big money, especially if you live in a sought-after location. While in the past you might have had to hire a property management company among other hurdles, technology has made it easier to take advantage of this opportunity. Companies, like Airbnb, let you post a listing for your home or property online, and people can rent the use of it at prices you determine and dates that fit your schedule. It might be your beautiful beach house in an exotic tropical location or just the spare bedroom in your house or apartment – some users have even posted their lawn space for camping.

While apps and technology make it easier to list and more affordable to rent properties, there is a downside. Criminals have flooded this innovative market place with scams. Scammers have used Airbnb to conduct rental scams, posting properties for rent they never managed. Now users are reporting fraudulent activity has taken place in the Airbnb platform. Account owners have noticed reservations being booked for non-refundable rentals that the users did not make themselves. Some have had their cards charged and money removed from PayPal accounts.

According to Airbnb, the platform has not been attacked or breached. In a statement from Airbnb they called these fraudulent charges “isolated incidents.” Airbnb’s investigation shows that these accounts were logged into with accurate login credentials and then the accounts were used to rent accommodations, charging the victims’ payment methods.

In short, that means someone got a hold of the victims’ login credentials. It’s quite likely that the information was gleaned from a previous data breach of a different company. This practice, known as credential stuffing, means if a users’ login information was breached in a previous attack their accounts using the same login are also in jeopardy. The Yahoo email breach, for example, would give criminals access to every single account you own if you are reusing that compromised username and password combination on other accounts.

While the damage appears to be rather limited, it is a good idea to change your Airbnb account password, even if you were not affected by these fraudulent charges. Monitoring your accounts regularly will also help you recognize suspicious activity as soon as it occurs.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read more: First American Financial Breach Exposes Millions of Complete Identities

 

Scams and Seniors: If You See Something Say Something

You may have heard of the phrase, “If you see something say something.” The intent behind this concept is that if the public looks out for each other and reports suspicious activity, crimes have a better chance of being prevented.

Recently one of ITRC’s advisors was shopping at his local grocery store. An elderly woman in front of him at the register was trying to buy $2,500 in gift cards. The cashier called the manager to the front because the store has a $2,000 limit on gift cards. While the employees were discussing the situation, the ITRC advisor politely interrupted asking the woman why she needed so much in gift cards. The elderly woman replied she had been contacted by US Bank regarding a sweepstakes she had won totaling $750,000 in cash. In order to collect her winnings she needed to pay $2,500 upfront in gift cards to cover the taxes. Our advisor immediately recommended she not make the purchase.

He explained that this was a scam, and that a valid lottery will not ask you to pay taxes or other fees upfront in gift cards or via wire transfer before receiving your winnings. The elderly woman was apprehensive at first saying she needed to complete this step to receive her prize. Our advisor elaborated on his role with ITRC and the commonality of these scams. The woman decided to not move forward with her transaction and was relieved that he intervened. She thanked him for speaking up and for saving her $2,500 dollars.

According to the Federal Trade Commission, lottery scams were the third most common type of fraud reported to them in 2017. In many cases, scammers will take the gift card approach because it is an untraceable payment. Meaning once you release the physical cards or card numbers, scammers will take the money and run. Leaving you with no way to link the crime back to a specific individual and out a significant amount of money. Sometimes ITRC hears about cashiers and other employees educating shoppers to help prevent these scams, but not every victim is so fortunate.

By speaking up when you see something suspicious or educating friends and family about identity crimes, you can help others minimize their risks. By taking a few minutes to politely address a situation, like that of this elderly woman, you too can help save someone a lifetime of woes.

If you or someone you know is a victim of a scam or identity crime and needs assistance, you can receive no-cost help from ITRC. Contact one of our expert advisors via phone or LiveChat today. You can also download our app.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Help! My Parent or Friend is a Victim of a Scam