Con Watch: Presidential Election Scams

Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.

The 2020 presidential election is in high gear and has captured the attention of the American public. Of course, anything that the public is interested in becomes an opportunity for scammers to exploit, and the presidential election is no exception. Here are some common election-year scams and how to avoid them.

Robocall Campaign Solicitations

Both former Vice President Joe Biden and President Trump are actively fund raising as we head toward the final days of the campaign. Scammers are making robocalls in which they pose as campaign workers seeking your donations. This particular scam can easily appear legitimate. Caller ID can be tricked through a technique called “spoofing” to make it appear as if the call is coming from a candidate or some political organization, and recordings of the candidate can easily be incorporated into the call to make the call appear more legitimate. Even more significantly, calls from political candidates and other political calls are exempt from the federal Do-Not-Call List, so it is legal for you to get a call from a politician or Political Action Group (PAC) seeking donations even if you are enrolled in the Do-Not-Call List.

How to Avoid this Scam: Whenever you receive a telephone call, you can never be sure as to who is really contacting you, so you should never give personal or financial information to anyone over the phone whom you have not called. If you do wish to contribute to a political campaign, the best way to do this is by going to the candidate’s official website and make your contribution. Scammers can also set up phony websites for the presidential candidates, so make sure that you are going to the candidate’s real website. You can’t trust a Google or other search engines to list the real site first because sophisticated scammers are adept at getting their phony website a high placement in search results. One good way to confirm that a particular website is that of the real candidate or Political Action Committee (PAC) is to use the website whois.com, which will tell you who owns the website you are considering. If it turns out that the website is owned by someone in Russia, it is a pretty good indication that it is a phony website.

Even then, make sure that when you are giving your donation online that the website address begins with https instead of just http. Https indicates that your communication is being encrypted for better security. If you are being asked to contribute to a political organization rather than a candidate, you should definitely do your research to determine the legitimacy of the organization before making a donation. You can check out PACs at the Federal Election Commission or the Center for Responsive Politics.

Email and Text Campaign Solicitation Scams

Political candidates and PACs supporting them may try to contact you through email and text message solicitations, but once again, you can never be sure if the communication is coming from a legitimate source or a scammer.

How to Avoid this Scam: Never click on links in these emails or text messages because the risk of downloading dangerous malware is too great. Instead, if you are inclined to contribute to a particular candidate or PAC, go directly to their website to make your contribution, but again make sure to confirm that you have gone to the real website and not that of a scammer posing as the candidate or PAC.

Registration Scams

Another common election time scam involves a call purportedly from your city or town clerk informing you that you need to re-register or you will be removed from the voting lists. You are then told that you can re-register over the phone merely by providing some personal information, such as your Social Security number. Again, through spoofing, the scammer can manipulate your Caller ID to make the call appear as if it is coming from your city or town clerk.

How to Avoid this Scam: The truth is that your city or town clerk would never call and tell you that you need to re-register. Voter registration is never done by phone. If you have any concerns as to your voter registration status, you can go to your city or town’s website or call your city or town clerk to confirm your status.

Political Poll Scams

Political polls have been a major part of our election process for years. Generally, people are contacted by telephone to answer questions about the candidates and their policies. Because it is so common at this time of year to be called by a political pollster, scammers will pose as pollsters in an effort to trick victims into providing information that can be used for identity theft. Often they will dangle the reward of a gift card or other prize to lure people into participating in the scam poll. Once again spoofing can be used to make the call appear legitimate.

How to Avoid this Scam: Legitimate pollsters do not offer prizes or other compensation for participating in their polls. They also will never ask for personal information such as your Social Security number, credit card number, or banking information. Anyone asking for such information is a scammer and you should hang up immediately.

Featured image: David Carillet / Shutterstock

Con Watch: A Continuing Pandemic of Scams — Phony Antibody Tests

Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.

The Coronavirus pandemic continues to spread throughout much of the country with many states facing serious increases in the numbers of infected people and crowded hospital intensive care units. With no vaccine presently in sight, much attention has been focused on antibody tests for COVID-19. A proper antibody test can determine if you have developed antibodies against COVID-19. Antibodies are typically a sign that you have previously been infected with the virus. While many people assume that the presence of antibodies means that you are protected from future infections by COVID-19, researchers are still studying whether or not this is true and, if so, for how long such immunity would last. Still the attraction of a positive antibody test is easy to understand.

Legitimate antibody tests are available, but it’s no surprise that scammers are jumping on the bandwagon and trying to sell you bogus tests that not only are worthless, but can make you a victim of identity theft. The FBI recently issued a warning about these scams.

Scammers often falsely claim that the Food and Drug Administration (FDA) has approved their test. Fortunately, it’s easy to confirm with the FDA whether or not the test being offered is an approved test. The FDA lists the actual tests that they have authorized.

Phony antibody tests are offered through phone calls, emails, text messages, and social media posts. You should immediately be skeptical of any antibody test being offered through these means because you can never be sure as to who is really contacting you. Through a simple technique called “spoofing” a scammer can pose as a public health official and manipulate your caller ID to make it appear that the call is from a legitimate source. Similarly, text messages, emails, and social media posts can all be easily hacked to appear to come from a reliable source when they actually are coming from a scammer. Trust me, you can’t trust anyone.

You should be particularly wary of anyone who contacts you offering a free antibody test or even offering to compensate you for taking such a test. These offers are used to gather information that can make you a victim of identity theft.

Never provide your Medicare or other health insurance information to someone offering an antibody test unless you have absolutely confirmed that the offer is genuine. Your Medicare identification number or your health insurance policy information can be sold on the black market, which can have dire consequences when an imposter’s information becomes mixed in with your medical records.

Before taking or purchasing any kind of antibody test, you should first confirm that the test is approved by the FDA. Most importantly, consult with your primary care physician about taking such a test. You also should make sure that the laboratory doing the test is one approved by your health insurance company and confirm that they will cover the cost of such a test.

Featured image: Monika Wisniewska / Shutterstock

Con Watch: Confusion with Stimulus Payment Debit Cards

Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.

On March 27 the CARES Act was signed into law to help people financially affected by the coronavirus pandemic. Under the CARES Act, qualifying people receive payments of as much as $1,200 per person, with additional payments of $500 for qualifying dependent children. In the program’s first four weeks, the Treasury Department electronically sent more than $200 billion of CARES Act stimulus payments to approximately 130 million Americans.

Starting on April 13, people who had provided their bank account number and bank’s routing number to the IRS as a part of their federal income tax return had their payments sent to their bank accounts electronically.

After May 18, the federal government began sending paper checks and prepaid debit cards to those people qualifying for the stimulus payments who did not provide bank account information on their most recent federal income tax return. At first it was thought that only people who were eligible for a CARES Act payment who hadn’t filed an income tax return would be getting the debit card. But now the Bureau of Fiscal Service (part of the Treasury Department), is issuing debit cards to many others. Most households were expecting a check, not a debit card, and many didn’t even know that these federal debit cards existed.

This has created a problem, as people receiving debit cards think that the card is a scam. Their reactions aren’t surprising: to activate the card, you are asked to provide your name, address, and Social Security number. This has the markings of a scam where criminals send phony debit cards and lure people into providing information that can lead to identity theft.

So how do you know if the card you receive is legitimate?

The legitimate cards are Visa debit cards, and the back of the card has the logo for MetaBank. It is being sent in a plain envelope that does not indicate that it is being sent by the federal government, but rather from “Money Network Cardholder Services.”  Along with the debit card will be a letter from the Treasury Department indicating that the debit card is being sent in lieu of a paper check. The letter will also contain the 800 number and the website for you to use to activate the card. Make sure you are using the official website or 800 number and not that of a scammer. The only official website to use to activate the card or to get further information about the card is https://www.eipcard.com/, and the only phone number to use is 800-240-8100.

When you activate your card, whether online or over the phone, you will need to provide the last six digits of your Social Security number along with the three-digit security code on the back of the card. You may be asked for further information to confirm your identity. At the time of activation, you will also be prompted to create a four-digit PIN that can be used for ATM transactions or enable automated assistance. Debit cards sent to married couples will contain the name of both spouses, but may be activated only by the spouse listed first on the card.

The debit card is referred to as an EIP Card, which stands for Economic Impact Payment Card. It can be used at stores, online, to get cash from an ATM, and even to deposit funds into your bank account.

Scammers are using the CARES Act stimulus payments as a basis for many scams.  It is important to remember that neither the IRS, the Treasury Department, nor any other federal agency will contact you by phone, email, or text message about the stimulus payments. Anyone contacting you in this manner who says they are a federal employee is a scammer, and you should not provide them with any personal information.

Featured image: Shutterstock

Con Watch: The Coronavirus Brings Increased Danger of Income Tax Identity Theft

Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.

When the CARES Act was passed by Congress at the end of March, many people happily anticipated receiving their much needed payments of as much as $1,200 per person. Few expected that due to a perfect storm of circumstances, not only would some people not receive their CARES Act stimulus payment, but also would also become victims of identity theft.

This is just what happened recently to Jim and Dawn Ackerman of Illinois, who were expecting to receive their $1,200 stimulus checks, but instead learned that their checks had been sent to someone who had stolen their identities, according to CBSN Chicago. Making matters worse, the Ackermans were also victims of income tax identity theft, which occurred when someone filed a phony 2019 federal income tax return in their name before the Ackermans filed theirs. The Ackermans found out about the theft when the IRS notified them that someone had already filed their 2019 federal income tax return, and that they would not be receiving their income tax refund until the matter had been investigated.

Unfortunately, it currently takes the IRS an average of 166 days to complete income tax identity investigations; during the Coronavirus pandemic, it can be expected that this time will lengthen.

Stimulus payments under the CARES Act are usually determined by the information contained on your 2019 federal income tax return or, if you have not filed a 2019 income tax return yet, by your 2018 income tax return. And with the filing deadline extended to July 15, many people have not been in a rush to send in their 2019 returns. According to the IRS, as of April 17 the total income tax returns filed were down by 15.5 percent compared to last year. With the delay, income tax identity thieves will be filing phony 2019 income tax returns in larger numbers this year before their victims file their legitimate returns. This will enable the thieves to also direct the CARES Act stimulus payments of their victims to the criminals’ bank accounts. People who have delayed filing their 2019 income tax returns may be getting a rude awakening.

Things may look even more grim if you filed your return by mail instead of electronically. In April, the IRS announced it was not currently processing paper income tax returns. This leaves identity thieves with a greater opportunity to file an electronic income tax return in your name, which will be processed before your paper income tax return. They can then easily steal your CARES Act payment.

What should you do? If you have already filed your 2019 income tax return electronically and provided your bank account number and bank routing number with your return, you should be fine.  If you filed your 2019 income tax return electronically, but didn’t provide the IRS with your bank account information, you can go to the IRS’s Get My Payment tool and provide a bank account to which your CARES Act stimulus check can be sent.

Unfortunately, some people are finding that the Get My Payment tool does not allow them to provide this information.  In most instances this is due to security issues with the IRS not being able to verify your Social Security number, address, or other personal information. The IRS updates the Get My Payment tool each day with new information, so you can try to provide your banking information again the next day, but there is no guarantee that you will be successful. In no event should you file a second income tax return with bank account information.

If you have not yet filed your 2019 federal income tax return, you should do so as soon as possible both to prevent income tax and stimulus check identity theft. Filing early is always the best defense against income tax identity theft. It is important to remember that when you do file your 2019 federal income tax return, you should do so electronically because we have no idea when the IRS will start processing paper income tax returns again.

Featured image: Shutterstock

Con Watch: Coronavirus Stimulus Check Scams

Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.

On March 27th, the Coronavirus Aid, Relief and Economic Security Act (CARES Act) was signed into law. A significant part of this legislation provides checks of up to $1,200 per person that will be sent to most Americans. Direct deposit payments are expected to start April 13th, and the mailing of paper checks will start May 4th.

Scammers have been waiting for weeks for this law to be passed, and they are ready to strike. Posing as government employees, they may contact you by phone, email, and text message asking you to pay a fee in order to receive your government check. Or they may ask for your Social Security number, bank account number, or credit card number in order for you to qualify for a payment. 

The truth is that you do not have to do anything to qualify for a payment. You do not need to pay a fee. You do not need to apply for your check. You do not need to provide any personal information. Your eligibility will be determined by the IRS. Then your check will be either wired directly into the same bank account you use to receive your income tax refund or sent to you by mail if your past income tax refunds were mailed. It is as simple as that.

Trust me, you can’t trust anyone. Remember, whether by phone, email, or text message, you cannot be sure who is really contacting you. Even if your Caller ID indicates the call is from a legitimate federal agency such as the Treasury Department, it is easy for a scammer to “spoof” that number and make it appear as coming from a legitimate source even if the call is coming from another number.

Scammers posing as IRS or Treasury Department employees are also sending emails and text messages with links and attachments that purport to provide important information you need in order to receive your stimulus payment. However, these links or attachments are really malware such as ransomware or keystroke logging malware. Neither the IRS nor the Treasury Department will be contacting you by email or text message. For information you can trust about the stimulus checks, visit the IRS website.

The Treasury Department is presently working on a website where you can provide your bank account information to the IRS if you had previously had your income tax refund sent to you by mail, but now wish to have the relief check sent electronically to your bank account. If you had already provided your bank account information to the IRS in your 2018 or 2019 income tax return, you do not need to provide this information again. The new website will also enable you to check on the status of your stimulus check.

The IRS will also be mailing a confirmation letter to payment recipients within fifteen days after the payment was made. The letter will provide information about what to do if you have not received your payment.

These are difficult times, and they are made more difficult by scammers with no conscience. But armed with some knowledge about how the stimulus check program works you can avoid becoming a victim.

Featured image: Shutterstock

Con Watch: Coronavirus Scams

Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.

Scammers are adept at manipulating anything that has captured the attention of the public and turning it into an opportunity to scam people. With the attention of the world focused on the rapidly spreading coronavirus, related scams are increasing at an even faster rate.

Here are two of the more common scams.

Pump and Dump

Everyone would like to be able to invest in a stock while the price is still low, but predicted to rise dramatically. This desire for a quick buck is exploited in a scam called the “pump and dump.”  In this scam, you hear about a company with a stock price that is currently low, but about to rise tremendously. You may hear about this great deal by email, phone call, or text message, or even in chat rooms or on social media. The advice almost always comes from someone you don’t know. Most often these companies are small capitalization companies, often referred to as penny stock companies. These stocks are often thinly traded.

The victim buys the stock, and sure enough, the stock price promptly rises. But then without warning, the stock plummets in value, and the investor is left with a poor investment. This scam is created by criminals who buy the stock themselves at a low value and then influence others to buy the stock. Once the stock has shot up in value, the criminals sell their stock, make a profit, and leave the victims with losses when the stock reverts to its true, lower value.

The Securities and Exchange Commission (SEC) has warned of “a number of Internet promotions, including on social media, claiming that the products or services of publicly-traded companies can prevent, detect, or cure coronavirus, and that the stock of these companies will dramatically increase in value as a result.” In regard to the coronavirus, the World Health Organization has strongly indicated that there are currently “no known effective therapeutics” available to prevent or treat the coronavirus.

Protecting Yourself from the Pump and Dump Scam

Always consider the sources of any investment advice. How reliable is the source? What are the credentials of the people advising you? What do they stand to gain? Some particular red flags that a stock offer is a scam include unregistered investment advisers approaching you. You can find out if a particular investment adviser is registered by going to the SEC’s Investment Adviser Public Disclosure database.

Also be wary of promises of huge profits with little or no risk.

Finally, be skeptical when you receive a stock solicitation through an email, text message, phone call, or any other communication that you have not initiated. Be particularly skeptical if the promoter of the stock tells you that they have inside information, because trading on inside information is a criminal offense.

Phishing Emails

In another coronavirus related scam, cybercriminals send phishing emails to lure people into downloading malware-infected attachments. The malware might be keystroke logging software that can steal personal information from your phone or computer and use that information to make you a victim of identity theft. In other instances, it could be ransomware malware that will hold your data hostage until you pay the criminals.

These phishing emails purport to provide important information about the virus. Often these emails appear to come from the Centers for Disease Control or the World Health Organization, which are two legitimate organizations leading the fight against the coronavirus. These phony emails may even contain the official logos of these organizations.

Protecting Yourself from Phishing Emails

Any time you get an unsolicited email that asks for personal information or instructs you to click on a link or download an attachment, you should be wary. Remember my motto, “trust me, you can’t trust anyone.” Never provide personal information, click on a link, or download an attachment unless you have absolutely confirmed that the email is legitimate.

You should also make sure that your phone, computer, and any other devices are protected by security software, and be sure to update that software with the latest security patches as soon as they become available. It is important to remember, however, that the most up-to-date security software will always be at least 30 days behind the latest strains of malware, so you cannot depend on your security software to be 100 percent effective.

Some Final Advice

There is a lot of misinformation about the coronavirus, so if you want information you can trust on this subject, go to a legitimate source such as the World Health Organization or the Centers for Disease Control.

Featured image: Shutterstock

Con Watch: Avoiding Weight Loss Scams

Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.

Weight loss scams are among the most common, and with good reason. Many people want to lose weight, and most of the scam products promise to do that for you easily without diet or exercise. The unfortunate truth is that there is no magic formula for fast and easy weight loss, but con artists continue to prey on people looking for that quick solution to their weight difficulties.

In 2014, the Federal Trade Commission (FTC) and the State of Connecticut settled a case against the marketers of LeanSpa and refunded money to its victims. Now the FTC is making further refunds to people who lost money to them. LeanSpa promoted ineffective açaí berry and colon cleanse weight-loss products, falsely telling consumers that they could get free samples of these products if they paid a small shipping and handling cost. The truth is that the consumers were not only charged $79.95 for the “free” products, but also were billed monthly for additional products that were extremely difficult to cancel.

Weight loss scammers use a variety of methods to lure you into purchasing their worthless products. Many create websites that appear to feature articles from legitimate magazines or news organizations touting the miraculous weight loss products. Often they will use photos of celebrities and suggest that these celebrities endorse their products, which in many cases, they do not. Recently, a phony weight loss advertisement appeared on Instagram that contained photos of movie director Kevin Smith, who lost 60 pounds in the last year. The advertisement also contained Smith’s endorsement for the particular diet pills. However, while the before and after photos of Smith were real, having been taken from Smith’s own Instagram account, Smith took to Instagram to vehemently deny he had ever taken the diet pills or endorsed the product.

Even if a celebrity does endorse a product, it does not mean that it is effective. The FTC took legal action against former baseball great Steve Garvey for endorsing a weight loss product that was totally ineffective. Although a federal court ruled that Garvey did not knowingly misrepresent the effectiveness of the phony weight loss product, the fact remains that the product itself was worthless.

Many of the advertisements for phony weight loss products appear on social media. In June, Facebook changed its algorithm to reduce the distribution of phony weight loss products, although their efforts have not been totally effective.

As exemplified by the LeanSpa scam, many of the weight loss scam products are advertised as free trial offers. However, these free offers also ask for your credit card number, allegedly for identification purposes. The scammers then enroll the victim in monthly subscription programs that regularly charges their credit card. They also make it all but impossible to cancel the order or get a refund.

So how can you determine if a weight loss product is a scam or not? Here are the ten commandments of avoiding phony weight loss products.

  1. Be wary of any weight loss product that is sold exclusively either over the Internet or through mail-order advertisements.
  2. Don’t believe the claims of any weight loss product or program that promises that you can lose large amounts of weight quickly without dieting or exercise.
  3. No cream that you rub into your skin can help you lose substantial weight.
  4. Weight loss body wraps that purport to melt fat away don’t work. If you lose any weight, it is merely water loss. Once you rehydrate, you will gain back the lost weight.
  5. No product can block the absorption of fat or calories. There is no magic potion that will help you lose weight while still eating a high calorie diet.
  6. Spot reducing of hips, thighs or anywhere else is impossible.
  7. Seek advice from your doctor before starting any weight loss program or using any weight loss product.
  8. If a company touts scientific studies that support the miraculous claims they make for their product, you should check to see if there are any legitimate scientific studies that support their position.
  9. Be skeptical of celebrity endorsements. Often, as in the case of Kevin Smith, the celebrity didn’t endorse the product. Even if a celebrity endorses a product, it doesn’t mean the product is effective.
  10. Be particularly wary of weight loss products that claim to have a secret formula to drop weight without diet or exercise. There are no such secret formulas and if there were, they would not remain a secret for long.

Featured image: Shutterstock

Con Watch: The Terror of the Virtual Kidnapping Scam

Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.

In a scheme that ultimately resulted in her conviction and incarceration, Yanette Acosta would call parents, claiming that she had kidnapped their child and threatening them with violence if they reported the crime. The parents would often hear a distressed child’s voice in the background. She would then tell them to wire money or make cash drops in order to see their child alive again. In fact, Acosta was never anywhere near the child. The parents were victims of a kidnapping scam.

Phony kidnapping scams, also known as virtual kidnapping, have been going on for about twenty years. Their frequency has recently increased. In Laguna Beach, California, police are currently investigating two virtual kidnapping scams that occurred earlier this month. Police were able to thwart one of the scams before one family paid the ransom, but the other family was scammed out of $5,000.

According to FBI Assistant Director in Charge Paul Delacourt, “Virtual kidnapping schemes targeting American families are on the rise, and those perpetrating the crime have perfected their techniques. Victims of this terrifying scheme have experienced trauma, in addition to losing large sums of money.”

When the scam first began, the calls were largely in Spanish and targeted Spanish speaking people in California and Texas. However, around 2015, according to the FBI, they started expanding, and the calls started coming in English. The scam has expanded throughout the country with one FBI investigation identifying victims in California, Minnesota, Idaho, and Texas.

How It Works

The scam generally starts with a telephone call saying that a child or other relative has been kidnapped. If the family does not wire money right away, they threaten that relative will be killed. As with so many scams, we are often our own worst enemy, and this is no exception. In many instances, the criminals gather personal information about the intended victims from social media. The victim may indicate that they are traveling on vacation, making it easier to make the phony kidnapping appear legitimate. Armed with personal information, the “kidnapper” can provide personal information about the victim so it appears that they actually do have the person in their custody.

Sometimes the phony kidnappers manipulate Caller ID through a technique called “spoofing” to make it appear that the call is coming from a family member’s cell phone. However, the criminals may not bother to spoof the call. If the call does not originate with your family member’s phone, you can be pretty sure it is a scam.

Phony kidnappers will often request a ransom that seems low. (The average ransom demand in 2012 was $2 million.) Recently, WTHR in Indiana reported that Mark Walker received a phony kidnapping call demanding a $1,000 ransom for his kidnapped daughter. Walker, a private investigator, was immediately skeptical due to the low ransom amount. These small ransom demands are consistent with virtual kidnapping scams originating in Mexico, where there are legal restrictions on wiring larger amounts of money. While Walker continued to talk with the phony kidnapper, Walker’s wife called their daughter, who answered her cell phone and confirmed that she had not been kidnapped.

How to Protect Yourself

Although receiving a phone call about a kidnapping is very upsetting, try to be skeptical if you receive such a call.

If you do engage the caller, do not mention the name of your family member, and pay attention to see if they provide a name of the person they say they have kidnapped. Ask to speak to your family member.

Many of these kidnapping scams originate in Puerto Rico or Mexico, so be particularly skeptical if you receive a call originating from Puerto Rican area codes 787, 939 or 856. Also be wary of calls from Mexico which has many area codes. According to the FBI, many of the virtual kidnapping scams originating from Mexico are often being made by prisoners who have bribed guards to supply them with cell phones.

Never wire money to anyone for anything unless you are totally convinced that what you are doing is legitimate. Unlike paying for something with a credit card, once your wired funds have been sent, they are impossible to get back. Requests for money to be wired to an account in Mexico is a big indication that this is a scam.

Talk to the alleged kidnapper as long as possible, thereby giving someone else with you the time to call or text the alleged kidnap victim on their cellphone. If the purported kidnapping victim is a young child, call the school to confirm they are safe.

Ask the kidnapper to describe your relative, as well as provide information such as a birth date.It’s important to remember, however, that much of this kind of information may be available through social media or hacked accounts.

It also can be helpful for the family to have a code word to use to immediately recognize that this is a scam. If the kidnapper can’t provide the code word, it is clear that it is a scam.

If it were a real kidnapping, you would contact the FBI. However, for scam kidnappings, you should contact the Federal Trade Commission and the local police.

Con Watch: Automobile Recall Scams

Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.

When defects are discovered in automobiles or trucks that pose an unreasonable safety risk, their manufacturers send out recall notices to affected vehicle owners. Most often these recalls are done voluntarily by the automobile manufacturers, but sometimes the defects are ordered by the National Highway Traffic Safety Administration. As part of the recall, depending on the particular problem, the manufacturer will either repair the car, offer a refund, or in unusual circumstances buy back the vehicle (an option in the 2017 recall of Volkswagen vehicles due to emission control issues).

These notices are important and should get your immediate attention because they are often related to serious safety defects. When you do get a legitimate recall notice, you should contact your local automobile or truck dealer to schedule an appointment to have the problem fixed. There is never a charge for work performed by the automobile dealer in regard to a recall.

Here Come the Scams

Anything that demands your attention will inevitably be corrupted by scammers, which includes automobile recalls. The FTC recently settled a lawsuit against three car dealerships in Virginia and Maryland — Passport Toyota, Passport Nissan of Alexandria, and Passport Nissan of Marlow Heights. These dealerships sent out notices by mail entitled “URGENT RECALL NOTICE” to more than 21,000 vehicle owners, although few actually were subject to recalls. The intention of these phony notices was to lure people into the dealerships in an effort to increase business.

Other scams related to phony automobile recalls start with a telephone call informing you of a recall and then asking for personal information that the scammers then use to make you a victim of identity theft. The scammers will often use a technique called “spoofing” to manipulate your Caller ID to make it appear as if the call is coming from your automobile or truck manufacturer. Other times the call will appear to come from a self-proclaimed consumer advocacy group. Scammers may also contact you by email or text message.

Never give personal information to anyone who calls you on the phone, email, or text. You can never be sure that the source is authentic. If you think the recall may be legitimate, contact your automobile manufacturer at its 800 customer service number or contact the NHTSA for more information.

Legitimate recall notices are always sent by regular mail by the manufacturer. If you receive a telephone call, text message or email purportedly being sent by your car manufacturer notifying you of an automobile recall, you can be confident that this is a scam. In addition, NHTSA rules require official recall notices to be sent in an envelope that has the NHTSA’s logo as well as the logo of the Department of Transportation. Some scammers will copy the logos on their phony recall notices, so a logo on the envelope doesn’t mean that it is a legitimate recall notice. Always check with your dealer or the NHTSA.

The Solution

Fortunately, if you want to investigate whether your car or truck is subject to a current safety recall, you can go to NHTSA.gov and enter your vehicle identification number. In addition, you can sign up to be notified by NHTSA by email whenever there is a recall.

Automobile recalls are serious business and you should respond to legitimate recalls promptly, but it is important to make sure the recall is authentic.