EDITOR’S NOTE: We’ve taken the step to put all the Better Business Bureaus blogs under one website: BBBhelp.com.
A scammer calling Treasure Valley residents about a huge sweepstakes had no catchy comeback for Kathie Hilliard.
“I answered the call and was told I had won $5.5 million, a car and an all expense paid cruise from Publisher’s Clearing House,” she says. “When he finished telling me I’d won, he asked me how I felt about such a big winning.”
Looking at the phone number 876-387-6554, listening to the accent, and knowing she’d never entered the PCH Sweepstakes at any point, she responded.
“I told him it was pretty amazing, especially because I have never entered a contest,” she says.
His comeback to her was this – “You probably just didn’t remember entering when you shopped at CVS or Walmart.”
Hilliard said he mentioned several other stores she didn’t even recognize, before she says, “I told him we don’t have most of those stores in our area, and that I never shop at Walmart.”
But the scammer wasn’t going to give up: “Are you sure?”
“I replied, ‘Yes! I know where I shop and you haven’t named one store, yet,’” she says.
He hung up.
“I guess that means I didn’t really win, huh!?” she says.
Record the call if you can, or take notes and then contact the BBB – Write down the phone number. Then, contact BBB at email@example.com or (208)342.4649.
You must enter to win. Remember lottery tickets must be purchased and sweepstakes must be entered to win. Sweepstakes usually involve application paperwork that you have personally completed and government grants have a thorough application process as well.
Never pay any money to collect supposed sweepstakes winnings. If you have to pay to collect your winnings, you’re not winning. Legitimate sweepstakes don’t require you to pay “insurance,” “taxes” or “shipping and handling charges” to collect your prize.
Never wire money. Scammers pressure people to wire money through commercial money transfer companies because wiring money is the same as sending cash. When the money’s gone, there’s very little chance of recovery. Likewise, resist any push from the caller to send a check or money order by overnight delivery or courier. Con artists recommend these services so they can get their hands on your money before you realize you’ve been cheated.
Phone numbers can deceive. Internet technology allows con artists to disguise their area code so it looks like they’re calling from your local area. But they could be calling from anywhere in the world.
Ask Questions. If the caller has a difficult time answering any “off script” questions, this is a red flag that it’s not legitimate.
Never give personal information. Scammers can be very charming and charismatic and will lure or pressure for personal information.
Foreign lotteries are illegal. Foreign lotteries violate federal law and participating in any way is illegal. The only legal lotteries in the United States are state-run.
By Robb Hicken/ BBB’s chief storyteller
With her grandson in a hospital back east, Idaho Falls resident Carol Jones says she mistakenly picked up the phone thinking it was going to be an update when she saw the 202- prefix.
The caller said he was with Lloyd’s of America and needed to discuss “her $350,000 winnings.”
“The minute I heard him say I would need to get a $250 Green Dot card, I knew it was a scam caller,” Jones says. She ended the call.
Sweepstakes/lottery scams use Lloyd’s or other insurance companies’ names to add credibility to the scam.The purpose of the scam is to steal the money sent for the supposed insurance premium.
Perpetrators of sweepstakes/lottery scams may also claim to be calling from actual or fictitious government departments or agencies trying to lend further credibility to their scam.Calls from pseudo-Publisher’s Clearing House to a woman from Shelley, an American Sweepstakes in Blackfoot, a Spain Lottery winner in Caldwell, and a US Consumer Protection Bureau prize have been taken at Better Business Bureau.
Scammers pretend to be official prize coordinators to get you to send them money. They might promise lottery winnings if you pay “taxes” or other fees, or they might threaten you with arrest or a lawsuit if you don’t pay a supposed debt. Regardless of their tactics, their goal is the same: to get you to send them money.
Anyone taking a call should not send money or talk to them. Lloyd’s and/or other insurance companies would never contact any person directly asking them to pay a premium to collect any ‘alleged’ winnings.
Here are tips to avoid them:
You can’t win a contest you didn’t enter: You need to buy a ticket or complete an application to participate in a contest or lottery. Be very careful if you’ve been selected as a winner for a contest you never entered.
Verify — but not by using a source scammers gave you. Check if an offer is real, but don’t call the phone number in the email or website you suspect may be a scam. If it is a con, chances are the person on the other line will be involved too.
Don’t pay up to claim your prize: You should never have to pay money or buy products in order to receive a prize. Be especially wary of wiring money or using a prepaid debit card.
The only legal lotteries in the United States are the official state-run lotteries. Foreign lotteries are illegal.
If you get a call from a government imposter, file a complaint at ftc.gov/complaint, with the BBB, 208-342- or firstname.lastname@example.org. Be sure to include:
Business owners need to be aware of a computer bug that targets computer servers running the most widely used Internet encryption security system, according to Better Business Bureau serving the Snake River Region.
Security engineers discovered that the “Heartbleed” bug exploits a flaw in OpenSSL, which allowed them to view passwords and user names when they tested the virus. Secure Sockets Layer (SSL) is an open-source software program that encrypts data over the Internet. It is used to secure business transactions, email, instant messaging services, social media sites and any other sort of web-based system that must secure the data that is transmitted to and from its servers.
Heartbleed compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the real content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
“Once the specialists understood how it worked, they avoided publicizing the discovery until OpenSSL’s developers could create an update that eliminates the security loophole,” says BBB CEO Dale Dixon. “We’re reading that the Heartbleed has also been seen in places like Gmail and Facebook, exposing your personal and financial information.”
Yahoo was among the first-named websites where Heartbleed was detected. Yahoo and other major companies that rely on OpenSSL moved quickly to fix the vulnerability. SSL is used on web servers, but not on PCs or mobile devices.
The bug is believed to have originated two years ago, but researchers say it covered its tracks to leave no trace of its presence. There is no word on how many servers were infected.
BBB recommends businesses consult a qualified information technology (IT) professional, to see whether their servers are infected with the bug, and if so, remove it and apply the updated, secure version of OpenSSL.
Consumers and businesses should change their passwords, and regularly scan their computers with an updated computer security application. In addition, install operating system updates and software patches, which often address emerging security flaws.
This Q&A was published as a follow-up to the OpenSSL advisory, since this vulnerability became public on 7th of April 2014. The OpenSSL project has made a statement at https://www.openssl.org/news/secadv_20140407.txt or https://www.cert.fi/en/reports/2014/vulnerability788210.html.