CARLISLE — Chief John Fisher and the Carlisle Police Department would like to call attention to a variety of scams and provide residents tips for avoiding them following an increase in scam activity that has been reported to the department.
In recent weeks, the Carlisle Police Department has received reports of “sextortion” phishing scams from residents. The scam often involves victims receiving an email from a purported hacker claiming to have hacked their computer and filmed them watching pornography. The scammer then threatens to forward the material to all of the victim’s contacts unless the victim pays a Bitcoin ransom.
The email received by the victim oftentimes addresses the victim by name and references one of their passwords, often in the subject line. It is believed that the “sextortion” scam is particularly convincing because scammers have been able to get a hold of legitimate usernames and passwords of the victim. CTIC reports that the passwords used in these scams have been obtained from large data breaches that were leaked onto the web. The victim’s computer was not actually hacked. This information may be old, but using real usernames or passwords that the victim has used at one time makes the scam seem more believable.
Carlisle Police would like to advise residents that the most important thing to do if you receive an email similar to this, is to never pay the ransom.
Additionally, if the password emailed to you by the scammers is a password you currently use for any type of account, stop using it and change it immediately. The Federal Trade Commission (FTC) offers information on creating strong passwords and enabling two-factor authentication.
Carlisle Police would also like to provide the following tips to help residents avoid email phishing scams:
- Never respond to the email.
- Don’t open emails from people you don’t know or don’t expect an email from. Pay close attention to the subject line, email address and grammar as these are often preliminary ways to tell that an email is a scam.
- The email addresses used in this “sextortion” campaign were comprised of 10-15 randomized characters @outlook.com. Furthermore, the bitcoin addresses used had three asterisks inserted somewhere in the start of the address, in an effort to avoid automated detection or analysis.
- If an email, email attachment or link seems suspicious, do not open it, even if antivirus software indicates that it is safe.
Payroll Scams and False Checks
Carlisle Police have received at least one report of an incident in which a scammer emailed a victim’s employer and asked that their direct deposit information be changed to a third party bank account. Residents should be mindful of protecting their email accounts using strong passwords and two-factor authentication.
Additionally, many scammers will contact someone selling an item online and will send a check for an amount significantly larger than the agreed upon price. The scammer then asks the recipient to cash the check and send the difference back to them. Residents should be mindful of this approach and avoid anyone who attempts to complete a transaction in this way.
Other common telephone scams that target residents — especially seniors — include:
- IRS Impostors: Callers contact you demanding immediate payment for back taxes.
- Arrested Relative: Scammers contact you claiming that a friend or relative has been arrested and needs bail money.
- Kidnapped Relative: Scammers call to report a friend or relative has been kidnapped and a ransom must be paid.
- Threatened Arrest: Scammers call to tell you that you are subject to arrest (by a variety of different agencies: U.S. Marshals, FBI, local police etc.) and must pay to avoid arrest.
- Utility Scam: Scammers pose as bill collectors from utility companies and threaten to shut off service if you do not pay. These types of scams will often target businesses as well as residents.
- Sweepstakes: Someone calls to notify you that you have won a contest or sweepstakes and must send money to collect any winnings.
- Tech Support/Malware: Someone contacts you claiming your computer needs repairs and to send money for service or asks to connect to your computer. Additionally, a pop-up can appear on your computer, stating that it is infected with malware, and to call a number to pay to remove the virus.
Prepaid Debit Cards
In many of the scams noted above, scammers will require that victims send payment via a prepaid debit card, such as a Green Dot money card. In these cases, there is little to no recourse if a scammer is provided with the card information and access to its balance.
To help people protect themselves from similar scams which can also be carried out via phone, text or social media, the FTC offers several tips, including:
- Do not take calls from unknown numbers.
- Do not share personal, identifying information like Social Security numbers, account numbers, or mother’s maiden names.
- Be wary of callers who talk quickly and pressure you to make a decision quickly.
- Do not send cash by messenger, overnight mail, or money transfer. If you pay for a product or service with cash or a money transfer, you run a risk of losing the right to dispute fraudulent charges.
Any Carlisle resident who believes they have been contacted by a potential scammer, or who believes they may have been a victim of such a scam, should contact the Carlisle Police Department at 978-369-1155.