Iron Man Is Taking Your Money In This Resurfaced Scam

Movie stars have all the luck. Everyone wants to be them, including cyber criminals. Robert Downey Jr., who is perhaps most well known as playing Iron Man in the recent Marvel movies is warning his fans that someone is impersonating him and asking for “contributions” to various “causes.”

This is not a new scam, but it seems it is making the rounds again. Watch out for any request that is supposedly from someone famous. Other famous names impersonated in this scam include musicians Brad Paisley and Elton John, actors Ryan Reynolds, Ryan Gosling, Hugh Jackman, Ben Stiller, and Mark Ruffalo. However, it’s likely many others are out there too.

If you want to donate to any of the wonderful charitable causes out there, go directly to those websites and make your contributions there. Alternatively, send checks to their official addresses from their websites. Never send money to sites that randomly appear on your social media news feeds or on those of famous or well-known people. While it is not out of the question that stars may be trying to help their favorite cause, they won’t directly ask their fans.

If you see a plea for help in your social media feed from one of your contacts, be sure to investigate it before sharing it with yours. If you cannot find a link to someone in your network, perhaps reconsider whether you want to ask your contacts to donate.

Famous people typically don’t communicate with their fans individually to ask for contributions of any kind. In fact, Downey Jr. wrote on his Facebook page: “I will never ever communicate via private chat platforms, and I would never ask individual fans for money for any reason.” He continued, “Any communication from me will originate from my public, verified social media pages, and all fundraising is done via broad, public campaigns.”

Brad Paisley wrote a similar notice when his name was being used for this scam.

© Copyright 2017 Stickley on Security
September 11, 2107

Equifax Isn’t Calling

Ring, ring. “This is Equifax calling to verify your account information.” Stop. Don’t tell them anything. They’re not from Equifax. It’s a scam. Equifax will not call you out of the blue.

That’s just one scam you might see after Equifax’s recent data breach. Other calls might try to trick you into giving your personal information. Here are some tips for recognizing and preventing phone scams and impostor scams:

– Don’t give personal information. Don’t provide any personal or financial information unless you’ve initiated the call and it’s to a phone number you know is correct.

– Don’t trust caller ID. Scammers can spoof their numbers so it looks like they are calling from a particular company, even when they’re not.

– If you get a robocall, hang up. Don’t press 1 to speak to a live operator or any other key to take your number off the list. If you respond by pressing any number, it will probably just lead to more robocalls.

If you’ve already received a call that you think is fake, report it to the FTC.

If you gave your personal information to an imposter, it’s time to change any compromised passwords, account numbers or security questions. And if you’re concerned about identity theft, visit to learn how you can protect yourself.

For more information about the Equifax breach, visit Equifax’s website,  (This link takes you away from our site. is not controlled by the FTC.) or contact their call center at 866-447-7559.

Lisa Weintraub Schifferle, Attorney, FTC, Division of Consumer and Business Education
September 14, 2017

Avoid Hurricane Clean-Up Scams

After natural disasters like Hurricanes Irma and Harvey, unlicensed contractors and scammers often come into the affected area promising immediate clean-up and debris removal. Some demand payment up-front for work they never do. Others simply lack the skills, licenses, and insurance to legally do the work.

Here are some tips to protect yourself, your property, and your money:

– Check with local consumer protection officials to find out whether tree and debris removal contractors need to be licensed in your area. If so, check out the license for the contractor you’re considering. Never sign any document or pay any contractor before verifying their license.

– Ask contractors for references and, if possible, call previous clients. Talk with your neighbors about what they’re paying for similar work.

– Write down the contractor’s driver’s license and vehicle information (make, model, and license plate number) in case you need to report the contractor to authorities.

– Ask a contractor to give you their license and certificate of insurance once they are on your property. If a contractor tells you certain work is covered by your insurance, call your insurance company to confirm.

– Get a written estimate and sign a written contract. Make sure it includes a description of the work, the materials included, when the work will be finished, the price, and the address and phone number of the contractor. Read all contracts and make sure all the blanks are filled in before you sign.

– Pay with a credit card or check so you can dispute charge or cancel the payment if there are problems later. Be wary of contractors who ask you to pay them in cash – even for a deposit. Negotiate a reasonable down payment, and only pay in full when the work is done to your satisfaction.

– Trust your gut. If you have any doubts about hiring someone, take your business elsewhere.

– If you have second thoughts about the contractor you hired, you have the right to cancel a contract within three days if you signed it in your home or at a seller’s temporary location, like a hotel room, convention center, or restaurant.

For more information, visit Dealing with Weather Emergencies.


by Colleen Tressler, Consumer Education Specialist, FTC
September 12, 2017

Everything You Touch On Your Mobile Device Can Be Stolen

Recently researchers at Kaspersky Lab discovered that a dangerous piece of malware has just become more dangerous. It has always been able to get access to smartphones, overlay legitimate apps with fake ones, and steal financial account login credentials. Now, it can also infiltrate the accessibility features on Android devices and become a keylogger.

But what exactly is a keylogger, you might be wondering?

Keyloggers can track and log every single keystroke made on the device. This means if you type anything into any text area of the device, it’s being recorded and going to the cybercriminals. So now, not only can Svpeng make phone calls, get access to administrator functions, intercept text messages, take screen shots, it now can also log everything you do; including get your banking credentials and drain your account. Talk about intrusive!

Always be cautious of installing any app on your mobile devices. Do a lot of research first to make sure you really do want to download any given product. Read the reviews and analyze whether or not they are legitimate. If there are only a few reviews and they are glowing, perhaps it’s better to wait until a few more people are the guinea pigs.

Also be sure to download them from the product’s official app store. While there is no guarantee these are 100% safe, they generally do go through more security scrutiny than those that are on third party sites.

Keep current backups of important data and photos too in case malware does strike. Then it’s easy to restore the last copy to the device and keep your precious family photos. All the data can be stored in the cloud, on a computer, or an external hard drive. Sometimes it will cost a bit, but it will be worth it should you ever need to take advantage of it.

Remember that malware isn’t limited to free apps. Sometimes it is found in paid ones as well.

One more thing; this evolution of Svpeng seems to be pretending to be an Adobe Flash Player installer. Remember, Adobe Flash Player does not exist for Android. Don’t fall for it.

This version also does not steal from those who have their primary language on the device set to Russian. So, if you meet that criterion, you’re safe this time. The malware still installs and checks the language of the device to see if it is Russian and it could have an effect on other functionality, such as speed. However, it exempts those people from the damage it can do.

As of last count, this reboot of Svpeng has affected users in 23 countries.

© Copyright 2017 Stickley on Security

Four Common Scams That Take Advantage Of Current Events

There are a lot of scams being perpetrated by the unscrupulous wanting to make a buck. Many of them are surprisingly simple to pull off and therefore, persist and evolve over time and to keep up with current events. With the recent weather patterns depositing massive amounts of wind and water on land causing millions of dollars in damages, it’s not unusual to see an uptick in scams that take advantage of human suffering and compassion. Following are several of the most common ones that are currently making the rounds.

1. Disaster Relief/Charity

Americans are an empathetic group and scammers are very aware. That’s why scams persist that piggyback on natural disasters such as the recent one, Harvey that hit the Gulf Coast of the U.S. Similar ones appeared after Hurricane Katrina, the earthquake in Nepal, and others.

Often these are so successful because they spread very quickly on social media such as Facebook and Twitter. It’s likely that the upcoming Hurricane Irma, expected to hit the coast of the U.S. by the weekend, will be used in such scams in the very near term, so be aware of these and don’t fall for them.

When natural disasters happen and you want to send money, donate through a well-known and respected charity. They will accept payment cards on their websites, can add it to your mobile bill via well-advertised text numbers, and deduct it directly from your bank account at some ATMs. All are a better option than clicking links seen in email or on social media.

2. Insurance Scams

In the case of hurricanes and flooding, the Federal Trade Commission receives many complaints about flood insurance scams targeting those in the affected areas. Homeowners receive robocalls claiming that their insurance premiums are overdue. To receive compensation for flood damage, money needs to be paid immediately.

Work with your insurance agent when filing claims against your policies. This goes for any type of insurance for which you pay premiums. Your agent will be able to assist you on a personal level.

3. Dying or Sick Baby

The Dying or Sick Baby version is when someone pretends they have a very sick or dying child who needs medical care. In a twist on this, often seen on Facebook and other social media are desperate requests for some type of assistance to pay recovery costs for friends or friends of friends with links to crowdfunding sites. While some of these may be legitimate, be aware that it is a very common scam as well.

When sharing requests for donations on social media, verify that the need is real before passing it on to your friends. If you cannot trace it back to someone in your network, reconsider if you want to forward it on to your friends, family, or colleagues.

Always take time to verify any such stories independently; even if it sounds like a very urgent matter. It doesn’t usually take much time to confirm if a relative or friend is sick or really does need help. If you cannot verify it, don’t send money.

4. Phishing and Copycat Scams

Finally, always watch out for phishing scams. These usually increase during times of crisis. Don’t click links or attachments from unknown persons or if the content is unexpected. If you want to help, verify with the sender before clicking. Copycat scammers will use website addresses that are very similar to the ones for which we are all familiar during natural disasters and emergencies. Check URLs closely before clicking and if the name is slightly different or the site is not secure (there is no padlock icon, no “https” preceding the address, or some other indication of safety), don’t put in any sensitive information.

As always, if you are told that cash, gift cards, a money service such as Western Union, or pre-paid cards are the only form of payment accepted, question the legitimacy of any request.

If you come across these scams or have been a victim, file a complaint with the Federal Trade Commission (FTC). There is information at the website on how to do this efficiently.

© Copyright 2017 Stickley on Security

5 Things to Do With an Unexpected Inheritance

Unexpected money from a friend or relative can be a great surprise or a potentially difficult money lesson. How you plan for unexpected money issues overall can be a key to how well you’ll handle a sudden windfall.

Many people don’t do so well. A recent study from Ohio State University suggests that adults who inherit money are saving only about half of what they receive. Researcher Jay Zagorsky reported that about only 11 percent of the participants had received an inheritance with the median amount only around $11,340. Zagorsky suggests awareness of such high spending numbers suggest it is time for a campaign on saving inherited wealth.

Want to get there early? Here’s a plan for dealing with an unexpected inheritance or any other surprise money issues in the future:

1. Start by getting control of your current finances. Why wait for an inheritance? In 2013, the Gallup organization reported that only 1 in 3 Americans actually prepared a written or computerized household budget. If you’ve never prepared a budget before, know that it is the traditional starting point for all personal finance decisions.

2. Start saving now. The long-term purpose of budgeting is to find excess dollars so you can save and plan for the future. Even if it’s a few dollars a week as other resources go toward everyday expenses, get in the habit of regular savings and investment now. Consider activating direct deposit to build those amounts automatically. If an inheritance happens, you will already have savings habits in place and account relationships set up to receive the money.

3. Line up qualified advice. Skilled financial or tax experts can help you review what you’ve done so far with your money and suggest ways to make your personal savings or investments go farther. Having this relationship in place before an expected – or unexpected – windfall is valuable. They’ll know your situation and the best ways to handle new money. If an inheritance happens, consider a certified financial planner, certified public accountant and an attorney involved in trust or estate matters for your financial team.

4. Evaluate your relationships. Money can change people for better or worse. This is why you see so many troubling news stories about people who have an unexpected windfall. The best approach to sudden money is to go quietly and immediately into the planning phase – don’t make announcements and involve only key loved ones who need to be part of the process.

5. Don’t go on a spending spree. If you’re lucky enough to receive an inheritance of significant size, planning doesn’t mean quitting your job, buying a car or moving out of your current place, at least not immediately. Involve members of your financial team in your planning. After any tax or estate issues are settled and money is free for use, extinguish long-standing expenses, build an emergency fund and then establish savings and investments that are appropriate for you and your loved ones. Once details are complete, do have some fun, but try to keep the cost below 10 percent of the total inheritance amount.

Bottom line: Inherited money can help build a financial future. Get some advice, plan thoughtfully for taxes and investments and save a little bit for fun or luxury. Without proper planning, windfalls don’t always last as long as you think.