Your Face is Data. What Can Scammers Do with it?

By Cristina Leiva

How often do you use your face to unlock your phone? Gain access to your bank account? Turn on your car? With the evolution of technology, facial recognition software has become essential in our everyday activities. A simple scan of your facial features can provide access to so much. This realization came to me as a consumer reported an incident where a scammer asked her to download a facial recognition app and submit a scan of her face.

“Criminals who have collected enough personal information on you could commit identity fraud.”

Equifax

Your face can be used in crimes, either targeting you or as an accomplice to one. The Wall Street Journal recently reported on synthetic identity fraud: “a fast-growing type of financial crime where fraudsters use an amalgamation of real and fake information to create a new identity.” Thanks to your facial features, a scammer can bypass facial authentication systems, making the scammer’s face challenging to identify, because “attackers are typically unwilling to use their real face when committing a crime.” And who’s to say you didn’t commit a crime when your face is all over the issue?

There are numerous concerns about the fraudulent activity that can occur because of criminals gaining access to your face. Thankfully there are already a few companies working on this issue:

  • Apple’s camera projects more than 30,000 invisible dots to create depth maps of a person’s face while also capturing an infrared image of the face making it the most difficult to fool, and it’s also good to note that a user’s Face ID never leaves the iPhone.
  • Some banks and financial service companies use third-party facial identification services and request additional verification information; if it so happens that the facial ID is not recognized and gets flagged, a human reviewer will take a look and conclude the analysis.

Your face can be captured anywhere; all that is needed is a clear image. There’s a lack of privacy on how individuals can gain access to your face because your face can be captured just by walking past a camera outside—you likely aren’t aware of it.

What can you do?

Always be careful about who you allow access to your face.

Avoid Facial Identity Fraud: -Be mindful of where you post pictures of your face online and set profiles to private to help protect your identity.
-Use two-factor authentication when it’s available-Use facial recognition sparingly and only with companies you know and trust-Do reverse-image searches of your face online to see if it shows up in unexpected places-Monitor your credit report and financial accounts and review for suspicious activity to determine if financial theft is occurring
Avoid Facial Identity Fraud – Tips from the VT Attorney General’s Consumer Assistance Program

Navigating the identity theft recovery process can be overwhelming. Vermonters with questions about the process can call the Consumer Assistance Program at 1-800-649-2424 or the Federal Trade Commission at 1-877-438-4338. 

Content Editor: Crystal Baldwin

Resources: Equifax, The Wall Street Journal, WeLiveSecurely.com

TOP 10 SCAMS OF 2021 RELEASED BY THE ATTORNEY GENERAL’S OFFICE

Reports of scams to the Attorney General’s Consumer Assistance Program (CAP) totaled 5,154 in 2021, up just slightly from the previous year’s 5,021 reports. Two variations of the Computer Tech Support scam and the Online Listing scam claimed the number one, three, and seven spots respectively on CAP’s list of top ten scams in 2021, covering nearly a quarter of the total reports filed by Vermonters. Businesses were also targeted by internet-based scams in 2021. The Business Imposter Email Scam, where scammers represent themselves as business personnel to extort funds, had 62 reports filed—a figure that did not make the top ten but notably jumped nearly 50% from the previous year.         

The prevalence of internet-based scams in 2021 sends a clear message about the importance of staying safe online in our social and work lives. If you receive a suspicious contact, whether it’s made by email, online message, or phone, know that CAP is here to help.

Vermont Attorney general t.j. donovan

Impersonation scams remain of concern, with an adapted law enforcement and lawyer imposter scam at the number four spot in 2021, threatening arrest and lawsuits on unsuspecting call recipients. The Family Emergency/Imposter scam, which includes the Grandchild Imposter also known as the “Grandparent scam” and needy friends and relatives asking for funds, made the top ten list again in 2021. A similar scam, which fabricates a romantic relationship or friendship of confidence, the Romance Imposter scam, saw a 36% increase in reports. As imposter scams are of ongoing concern in Vermont, CAP recently distributed a video imposter scam prevention project, highlighting three concerning imposter scams with high dollar loss: the Romance Imposter scam, the Family Emergency/Imposter Scam, and the Business Imposter Email Scam.

As highlighted in the prevention project, taking steps to verify can help individuals avoid scams. A simple verification process to follow for all scams is the SLOW Method:

SLOW Method
  • S – SLOW DOWN
  • Scammers pressure you to act urgently. Don’t!
  • L – LOG THE CONTACT
  • Write down the info of the contact and disengage.
  • O – ONE CALL
  • Make one call to a primary contact and discuss the incident.
  • W – WHO CARES?
  • Call CAP to identify and report scams at 1-800-649-2424.

CAP reminds Vermonters to never give out personal information or make payments to parties you cannot verify. Scammers will ask for payment in all forms, including wire transfer, cryptocurrency, cash, peer-to-peer payment, money order, check, credit/debit card, and gift cards. If you have sent money to a scammer, follow recovery steps now.

Vermonters can help stop scams by sharing information with community members and by reporting scams to CAP to support educational outreach. To report scams, complete CAP’s online scam reporting form or call 1-800-649-2424.

CAP Assistant Director on Across The Fence reviewing VT’s Top 10 Scams of 2021

The Top 10 Scams of 2021:

  1. Computer Tech Support (Variation)
  2. Social Security Number Phishing
  3. Computer Tech Support (Traditional)
  4. Legal Authority Imposter
  5. Sweepstakes/Lotteries
  6. Identity Theft
  7. Online Listings
  8. Medicare Card Phishing
  9. Family Emergency/Imposter
  10. Auto Warranty Expiration
The Top 10 Scams Reported to the Vermont Attorney General's Consumer Assistance Program in 2021
The Top 10 Scams Reported to the Vermont Attorney General’s Consumer Assistance Program in 2021

The scam: A variation of the traditional Computer Tech Support scam (see # 3 below). You receive an automated phone call, text message, or email claiming that you have been charged for an online order, have an outstanding balance on your account, or are sent an item you did not order. The scammer then instructs individuals to call a number provided in the scammer’s communications to get a refund or to resolve the charge. At this point, they will ask you to provide your card number to “confirm your account” or prompt you to provide them remote access to your computer. As soon as the scammer has remote access to your device, they can access every single document, file, and transaction you have saved to your device.   

How to spot the scam: Companies will not call with tech support unless you requested that they contact you. If you receive a package that you do not recall ordering, check your statement history to see if you have been charged. Packages without a return address are highly suspicious.

What to do: Hang up the phone immediately and do not call back. If you receive an email or text regarding a package delivery or order that has been made, do not click on any links. Mark the email as “Junk” or “Spam”. Furthermore, never allow remote access to your device to unknown parties. If you are concerned about charges made to your accounts, log in to your account directly and contact your financial institution. If you receive a package that you did not order, mark it return to sender and give it back to the mail carrier.

The scam: You receive a phone call (often a robocall) stating that there has been criminal or fraudulent activity involving your Social Security number. The call may even claim you will lose your benefits, or they will expire.

How to spot the scam: Social Security and other government agencies typically contact you by mail before initiating phone communication; they usually don’t call you first, you call them. They also would not threaten you for your information or payment.

What to do: Whenever you receive an unsolicited contact, take steps to verify. Never provide personal information to unknown contacts. Report robocalls to CAP for enforcement.

The scam: You receive a phone call, pop-up, or email on your computer claiming to be from Norton, Microsoft, Apple, or another well-known tech company. They will make claims such as your electronic device has a virus, your device security subscription has been automatically renewed, or stating you have been charged for services you did not receive or ask for. You may be prompted to click a link or call a number to contact. They will try to persuade you to give remote access to your device to fix the issue, and sometimes will even ask for immediate payment for their services.  

How to spot the scam: Legitimate tech support companies do not display communications to their customers as random pop-ups on your device. Tech support will not call you to warn of security incidents; that your account has been renewed for a subscription you do not recognize; and will not send you random links, often shortened, with instructions for you to click on URLs. 

What to do: When contacted about a supposed business relationship, take steps to verify, especially if you do not remember signing up for services. Never click on links or provide remote access to your computer from an unknown email sender or pop-up message on your device’s screen. If you received a pop-up message you cannot click out of, shut down, restart, or unplug your device. If you get a call from “tech support”, hang up. Also, be careful when searching for tech support online. Some users have been scammed by calling illegitimate phone numbers listed on the internet.  

  • Legal Authority Imposter

The scam: You receive a phone call unexpectedly, claiming to be a police officer, U.S. Marshall, U.S. Customs and Border Protection, or an attorney with legal authority. The caller threatens arrest or pending lawsuits against you. When you engage, urgent payment is demanded to make the problem go away. Payment does not solve the supposed problem, and they keep calling. 

How to spot the scam: The police would not warn you ahead of time about a pending warrant. If you were going to be sued, the papers would be served without notice.

What to do: Know your rights. Harassing debt collection practice is unlawful, and collectors aren’t allowed to make claims they can’t or won’t pursue. Hang up on all threats and report them.

The scam: You will be notified by phone, email, or mail that you won a prize or a quantity of money. In some cases, you will even receive a realistic-looking check – but it is fake! You are instructed to pay fees and give your financial and personal information to claim your prize. They often use a legitimate sweepstakes name, like Publishers Clearing House.

How to spot the scam: Legitimate sweepstakes and contest businesses, like Publishers Clearing House and Mega Millions lottery, will contact you in person if you win a major prize. For prizes under $10,000, the notification is done through certified mail by overnight delivery services (FedEx, UPS). They will not contact you by phone, nor require a payment or processing fee to release your prize.

What to do: If it sounds too good to be true, then it’s not true. You don’t need to pay fees or give your financial information in order to claim a prize.

The scam: You receive a letter that claims you have requested government benefits, opened a bank account, filled a credit card application, or are notified about a security breach. Sometimes you will stop receiving legitimate bills and other mail or start to get bills for products and services that you didn’t pursue.

How to spot the scam: Be aware of unsolicited phone calls, mail and emails stating unexpected bank transactions, credit card or benefit applications. If your expected bills are not showing up, or you are receiving correspondence in someone else’s name, report it.

What to do: Don’t give out personal information, such as your Social Security number, passwords, personal identification numbers, and financial accounts. Review your credit reports at least once a year. Carefully check bank account statements and benefits to verify transactions. Shred documents and expired credit cards before you throw them out. Verify security breach notification letters received on the Attorney General’s website. If your information has been stolen by an identity thief, take identity theft protection steps.

The scam: Fake websites or phony listings on sites like Facebook Marketplace and Craigslist draw you into a purchase that’s likely too good to be true. This scam can also appear in online rental listings, and as a buyer offering well-over the selling price for an item. As a seller, the fake buyer sends a fake check or pays with a fraudulent credit card and asks you to advance funds to another fake vendor, causing you to be out the funds.

How to spot the scam: Be skeptical of unrealistic offers. Watch out for requests for money in any form (gift cards, wire transfers, cash) when not made in person. Scammers likely will not want to talk on the phone or meet in person. Heed warnings in user reviews and other online commentary.

What to do: Playing it safe online takes a bit of detective work to determine legitimacy of an offer. Investigate the person/profile of the seller. If their profile is new and they have no friends and photos, they are likely a scam. Research new websites you are considering doing business with by looking up online reviews and state business registrations, taking note of how long the company has been operating. Perform online searches of the business with “scam” and “complaints” to see if issues generate. Complete your transactions in cash and preferably a safe place in-person.

The scam: Scammers will call, often with a live call and from a spoofed caller ID number, and pose as Medicare representatives to gain your personal information and money. These scams are most frequent during times of open enrollment but can occur year-round. The scammers will state they need your Medicare card number or Social Security number to keep your coverage active and verify medical information. The calls may also claim that coverage is expiring or in need of renewal. Scammers will also ask if you received a “new Medicare card”, often referred to as a “gold card” or “red, white, and blue card”.

How to spot the scam: In general, Medicare cards do not expire. Unless you have called Medicare using the 800 number on the back of your card and requested a callback, Medicare will not call you. If a phone call is required, you would receive a letter from the Social Security Administration to schedule a call. Medicare representatives will never call you to verify your information, sell you products, tell you that your coverage is expiring, or to issue you a new card.

What to do: Never provide your Medicare number or other personal information and payment to unknown callers. In Vermont, representatives of the State Health Insurance Assistance Program (SHIP) at 1-800-642-5119 through local Area Agencies on Aging can help address Medicare questions. Other questions and concerns about Medicare coverage can be directed to Medicare at 1-800-MEDICARE. You may also report this scam to the Federal Trade Commission.

The scam: Scammers pose to be someone you trust and pretend to be in an emergency to convince you to send them money or will ask you for a favor. These scammers pose as grandchildren, friends, relatives, and close contacts and seem like the real deal. Scammers impersonate people you love and play on your fears to have you send money urgently. After the initial call, you may be told a lawyer, parole officer or courtroom may contact you for further information.

How to spot the scam: Contacts come in as calls or emails or online messages. Sometimes it’s someone you haven’t heard from in a while. They require urgency and ask for secrecy. You may not be allowed to speak to your loved one on the phone.

What to do: Take steps to verify. Check out if they really are who they say even if they sound like a loved one. Slow down your response and contact someone you trust to verify if there is an emergency. You can also choose a “code word” with friends and family to verify the person is who they claim to be. If they don’t know the word, they are not your friend or family member.

  • Auto Warranty Expiration

The scam: You receive a call or mail from fake representatives of auto dealers, manufacturers, and insurance companies, trying to convince you to renew your auto warranty or insurance or claim your warranty is expired. You may be instructed to press a number or stay on the line for a representative that seems like a real person. When contacted by these scammers, you may be asked personal information about yourself and your vehicle or financial information to pay off this fake claim.

How to spot the scam: Be mindful that only a vehicle’s manufacturer can extend factory warranties, not an outside company. Avoid any call or mailing that states it’s urgent for you to take immediate action to continue your car’s warranty.

What to do: If you have inquiries on your vehicle or its warranty, call the number on your purchase paperwork. You can also contact the dealership you purchased the vehicle from to inquire about the warranty as well. Hang up on or discard any suspicious mailing or person claiming to know about your auto warranty. Do not provide any personal or identifying information unless you can verify you are dealing directly with a verified company that you have a business relationship with.

Introducing: Business Imposter Email Scam Prevention Videos

By Crystal Baldwin 

Businesses get scammed by imposters, too. This notion was news to me when my office received our first business imposter email scam report about five years ago. A small law firm had transferred $30,000 as directed to do so in an email. In yet another scam involving a real estate law office, it was more than $100,000 of the seller’s money that had been unwittingly transferred to a scam account. 

:30 – Avoiding the Business Imposter Email Scam. Hear the whole story at ago.vermont.gov/cap/business-imposter

We’ve heard from a retailer, who was in the process of completing their annual supply order: a container of supplies for the holiday season, with their supplier in Hong Kong. The Hong Kong supplier’s email was hacked, and the Vermont small business responded to a valid email address of the supplier to provide updated account information—to a scammer. Charities and small membership organizations have been subjects of this scam as well. 

Recently, we heard from a nurse, who, with kind intentions to appreciate fellow frontline workers purchased gift cards as suggested by their supervisor in an email, was responding to a business imposter email scam. 

In each of these scams, the personnel involved were simply following standard operating procedure: you get an email from a figure of authority to complete a financial transaction, and you do. It is easy to assume that this kind of scam won’t happen to you or your business, but with ever-evolving technology and growing capability of scammers to deceive, it is becoming more important for businesses to be on the lookout for and arm against scams.  

:60 – Avoiding the Business Imposter Email Scam video. Hear the whole story at ago.vermont.gov/cap/business-imposter

Whether an email system is hacked and the scammer takes control to send out the transfer request, or a scammer creates a fake account email with all the boss’ credentials, these emails appear as though they are coming from a legitimate source within the business.  

  • Often, when using mobile email services, only the email sender’s name is plainly visible, rather than the entire email address. So, if the email address is “yourboss@yahoo.com,” you don’t see the Yahoo account extension unless you click on the email.   
  • Another tactic scammers use is copying the signature block of the person of authority. Scammers can easily copy signature blocks used in external out-of-office autoreply messages by receiving a reply message that includes the signature block. All the scammer had to do was send an email to get the autoreply with the signature block.  

There are countless ways in which scammers can infiltrate business systems. Businesses can never be too cautious in protecting themselves and their customers from scams. In an effort to help businesses prevent scams from derailing operations, we produced the Avoiding the Business Imposter Email Scam videos and toolkit, which includes scam warnings and actual steps that businesses can take to verify funds transfer requests.  

Avoiding the Business Imposter Email Scam video. Learn more at ago.vermont.gov/cap/business-imposter

Learn more at ago.vermont.gov/cap/business-imposter 

Get more information for businesses from the Consumer Assistance Program

Report Scams:  

If you or someone you know has encountered a scam in Vermont, report it. Use the Consumer Assistance Program’s online scam reporting form. 

Help us stop these scams by sharing this information with your colleagues and business personnel. 

Introducing: Family Imposter/Emergency Scam Prevention Videos

By Crystal Baldwin

Family Imposter: Know your relationships-take steps to verify

“I need help…”
“I’m in prison…” 
“I’m in the hospital. I need help…” 
“I had a bad car accident, and people are injured…” 

No matter what the scammers say when they initiate the family imposter/ emergency scam, it is sure to spike emotion. Scammers call, claiming to be one of your most cherished loved ones—your grandchild—and ignite fear that those you care about are in dire need. With emotions running high, how can you not engage with the call, stay on the line, and find out more? You are worried and feel helpless because all you have to validate this story is the phone in your hand and the fear of what if.   

What if you do nothing and your grandchild really is in trouble?

:30 – Avoiding the Family Imposter Scam video. Hear the whole story at https://ago.vermont.gov/cap/scam-prevention-through-awareness-and-education/family-imposter-scams

I considered these very questions when writing the script for the newly released Avoiding the Family Emergency Scam videos. I recalled the stories of actual Vermont families receiving such alarming calls in the middle of the night with nothing to go on but the urgency of the call, the deep love for their family member, and the desire to resolve the issue at hand. As our volunteer actress, Ruth Wallman, relays as the unsuspecting grandparent in the video, “What was I supposed to do? He needed my help!…I like to be there for my family. But, this just went too far.” 

Slow Down: Scammers pressure you to act urgently. Don't! Regain your calm. Log the Contact: write down the info of the contact and disengage. One Call: make One Call to a primary contact to discuss the incident. Warn others by sharing your scam story and report scams to help prevent them. The Consumer Assistance Program (CAP) at 1-800-649-2424 is your local Vermont resource for scam prevention.
The SLOW method. Share this strategy with someone you care about.

In creating this video series, I hoped to help Vermont families find a way to still be there for their families when emergencies arise by arming them with useful verification strategies to decipher between a scam and an actual family crisis. Verification of the family imposter scam starts with the SLOW method, a scam response strategy I created specifically to pause and identify scams. It urges people to Slow Down, Log the Contact, make One Call to a primary contact to discuss the incident. Warn others by sharing your scam story and report scams to help prevent them. The Consumer Assistance Program (CAP) at 1-800-649-2424 is your local Vermont resource for scam prevention.

:60 – Avoiding the Family Emergency Scam video. Hear the whole story at https://ago.vermont.gov/cap/scam-prevention-through-awareness-and-education/family-imposter-scams

Engaging with others is a crucial verification step, because scammers often demand secrecy in family emergency scams and make would-be valid claims that they would be too embarrassed or ashamed, or afraid of ensuing punishment if other family members were made aware of the damning incident. 

Family support and open, frequent communication among families is essential to putting an end to the family imposter/emergency scam. If questions remain, family cannot be reached or communications are limited, contacting a third-party organization, like CAP is the next best step. CAP is familiar with scams and can help to identify them. By contacting CAP, you can also make a scam report, which helps our office identify and alert the public about scam trends.  

Help protect yourself and others by taking time to watch the video. Review the information on our website, and encourage those you care about to learn more about scams and prevention strategies to stop them.   

Avoiding the Family Emergency Scam video. Learn more at at https://ago.vermont.gov/cap/scam-prevention-through-awareness-and-education/family-imposter-scams

Learn more at https://ago.vermont.gov/cap/scam-prevention-through-awareness-and-education/family-imposter-scams 

Read more blogs about family imposter scams.  

Report Scams:   
If you or someone you know has encountered a scam in Vermont, report it. Use CAP’s online scam reporting form.    
  
Help us stop these scams by sharing this information with those you care about.  

Introducing: Romance Scam Prevention Videos

By Crystal Baldwin

Anyone who has overheard the conversation of online streaming video game players on opposite sides of the globe knows that real and true friendships can form online between parties that have never met before. As shared in the following open letter, this is how scam prevention advocate Pat McCarty’s online relationship began just two years ago.  

:30 – Avoiding the Romance Scam video. Hear the whole story at ago.vermont.gov/cap/romance-imposter

From Pat McCarty:
Until it happens to you, it’s impossible to understand; a man or woman freely sending money to someone they’ve never met in person. But I’m here to tell you, even the most cynical, worldly, educated, and discerning person can, and does, get scammed!  

There are hundreds of different scams out there, I got caught up ‘catfished’ into a ‘Romance Scam’ that crippled me financially, undermined my self-confidence, and ended up breaking my heart. I was a 58-year-old, recent divorcée after a 30 year marriage, living on my own for the first time in my life. I’m a college graduate, fairly bright, cynic, who doesn’t suffer fools gladly. But, I’m also a Christian woman, who tries to help those in need, and THAT is what my scammer preyed upon—my compassion for others.  

I was not out looking for a mate, date, or companion on some dating site. I was playing Words With Friends online, which I often did. And that is where this scammer targeted me. The conversation was very generic at first, but slowly, over weeks, developed into an online friendship. From there, it took a turn into a private chat room, and then he had me right where he wanted me! It’s a long twisting story, but ended with me selling all my gold jewelry, sending every spare cent I had to him, as these scammers are polished and sophisticated, they have a plausible story for EVERYTHING! At the point I actually sold my car, my only transportation, to “help” him. I knew I’d ‘jumped the shark,’ and started doing some digging myself!  

What I found was heartbreaking, infuriating, and devastating.  

:60 – Avoiding the Romance Scam video. Hear the whole story at ago.vermont.gov/cap/romance-imposter

That was 2 years ago. After some time, good therapy, and scam-specific education, I no longer see myself as a victim, but as a SURVIVOR! My life is mine again, my finances are healthy again, and I’ve taken back my power by volunteering at a Fraud Watch call-in center, advising others how to get out of scams like mine and so much more. With literally hundreds of scams out there, and new ones popping up daily, I’m so honored to help others get out of their scams and find THEIR power again. And, if I’ve learned anything, it’s that literally ANYONE can be scammed! I hear stories every day of those who thought it would NEVER happen to them. Knowledge is power. Learn all the red flags and warnings….BEFORE it  happens to you!  

As Pat relays, enlisting in a scam-specific education to learn more about scams in order to stop them, is the best defense against scams. Today, our office announced the release of the Avoiding the Romance Scam prevention video (embedded throughout this post in varying lengths), an effort produced here in Vermont, based on true accounts of scams experienced by our neighbors like Pat. Help protect yourself and others by taking time to watch the video. Review the information on our website and encourage those you care about to learn more about scams and prevention strategies to stop them.  

Avoiding the Romance Scam video. Learn more at ago.vermont.gov/cap/romance-imposter

Learn more at ago.vermont.gov/cap/romance-imposter

Read more blogs about romance scams

Report Scams:  
If you or someone you know has encountered a scam in Vermont, report it. Use CAP’s online scam reporting form.   
 
Help us stop these scams by sharing this information with those you care about.