You must be living right. An unexpected $2,500 check with your name on it just landed in your mailbox.

Come on. You know it’s too good to be true. You’ve never even heard of the company that sent it.

But a greedy little part of you wants to make a run for the bank and deposit it — and wire a portion of the money back to the sender as the accompanying letter requests.

We really shouldn’t have to tell you this, but yep, it’s a scam.

Hundreds of check scams — and plenty of other cons such as telemarketing fraud, investment fraud and Internet auction fraud — take place nationwide each year.

But some fake check scams can be particularly worrisome.

“This is a pretty bad one because the checks look really real,” said Molly Butters, a spokeswoman for the Indiana attorney general.

Butters said her office receives complaints “all the time” on check scams. Here’s how it works:

A check comes in the mail with the U.S. Bank logo on it. It matches the exact logo of the real company.

With it is a letter from HR Consult Financials that tells receivers they were electronically selected from an Internet database and have won $80,000.

It then gives instructions for proceeding with the first portion of the winnings — that $2,500 check.

Deposit the check in the bank. Then call the telephone number provided to activate the winnings. At that time, you will be asked to wire a processing fee of $800 and an administrative fee of $700. Those can only be made through Western Union or MoneyGram.

Once you send that money, the letter explains that the rest of your winning check will be sent to you in the amount of $77,500, delivered by FedEx or DHL.

“People forget if it sounds too good to be true, it usually is,” said Lisa Clark, spokeswoman for U.S. Bank.

To read the full story: USA Today

The White House is considering a plan to beef up national home loan modification efforts to the tune of $30 billion in credit to struggling homeowners (it wants big banks to pay for it, but that’s another story).

If the government gets its way, expect loan modifications to rise exponentially, but homeowners should temper their enthusiasm – more loan modification cash means more scammers and fraudsters out there looking for a quick score.

The evidence shows that there is no shortage of loan modifications already out there. A year-long study by the National Fair Housing Alliance shows that loan modification scams are widespread. The study examined 80 loan modification outfits and uncovered some startling conclusions:

• 55% required an upfront fee to start the loan modification process, sometimes requiring a fee to conduct only the minimal first step in reviewing loan documents.
• 43% guaranteed they could secure a loan modification, even before learning about the homeowner’s financial limitations.
• 24% advised or encouraged homeowners to stop making their mortgage payments or to stop contacting their lenders.
• 16% guaranteed a new, much lower interest rate ranging between 2% and 6% on modified loans.
• 12% discouraged homeowners from seeking free help from government-approved housing counseling agencies.
• 8% encouraged homeowners to give fraudulent information to their lenders.

To read the full story: MainStreet.com

The Better Business Bureau and federal authorities are warning consumers to be on their guard against fake charities trying to scam money in the name of Mississippi flood relief.

While neither the BBB’s Wise Giving Alliance nor the U.S. Computer Emergency Readiness Team released specific details on possible scams, but both issued general warnings for consumers. US-CERT — which keeps tabs on computer and online crime — said in its alert that it would release more information as it became available.

The federal US-CERT issued an alert this week to watch out for potential e-mail scams and phishing attacks linked to the Mississippi flooding disaster. The agency reminded consumers to ignore unsolicited web links or attachments and to make sure their antivirus software was up to date.

The Wise Giving Alliance said to keep the following in mind before making a donation:

• Check out the charity by reviewing its website or investigate it through another group to help determine if it’s legitimate.
• Identify what stage of relief the charity will provide. Flood relief has three basic stages — emergency response, disaster relief and recovery — and each stage has its own needs. The charity should be able to tell you which stage it gears itself toward.
• Determine if the charity is giving direct aide or raising money for other groups.
• Be wary of any charity that claims 100% of donations go to relief victims. While this sounds good, the reality is, every group has administrative and fundraising costs.
• Verify the charity is registered to ask for donations within your state. Groups usually have to register with the state’s attorney general’s office or secretary of state.

To read the full story: Walletpop.com

If you receive an email claiming to contain photos or videos of Osama bin Laden’s death, delete it immediately.

The FBI is warning computer users to be on the alert for virus-laden emails that trick consumers into opening them by promising to show images or video of bin Laden’s recent shooting by U.S. Navy SEALS in Pakistan.

And President Barack Obama’s decision not to release photos of the slain terrorist’s corpse should make users doubly suspicious of any such emails.

These mails, the FBI warns, may contain a virus that could take control of your computer and steal sensitive data, including your name, address, Social Security number, tax records, passwords, and bank account and credit card information.

Malicious software, also known as “malware” or “badware,” embeds itself in computers and spreads itself via email contact lists, infecting the machines of friends, colleagues and family members.

The Internet Crime Complaint Center (IC3), a partnership between the FBI and the National White Collar Crime Center (NW3C), urges computer users never to open unsolicited emails or click on links in these spam emails — even if the sender is familiar.

In order to protect themselves against badware such as the bin Laden emails, the IC3 says consumers should make sure they’re running updated firewall and anti-virus software on their computers.

The IC3 recommends the public also do the following:

• Adjust the privacy settings on social networking sites you visit to make it more difficult for people you know and don’t know to post content to your page. Even a “friend” can unwittingly pass on multimedia that’s actually malicious software.
• Never download software to view videos. These can infect your computer.
• Read your emails carefully. Fraudulent messages often contain misspellings, poor grammar and nonstandard English. Report emails you receive that purport to be from the FBI. Criminals often use the FBI’s name and seal to add legitimacy to their fraudulent schemes. It’s important to note that the FBI does not send unsolicited e-mails to the public.

If you receive unsolicited messages featuring the FBI’s name or seal or that reference a division or unit within the FBI, report it to the Internet Crime Complaint Center at www.ic3.gov.

Story from WalletPop.com.

It’s a scam that’s designed to play on grandparents’ heart strings, and the latest version of it has prompted a national awareness campaign as well as consumer alerts from two state attorneys general.

It works like this: A con artist calls senior citizens, posing as a grandchild in need and asks for money to be sent through a wire service or via money order. The hardship stories they tell can be very convincing, as Nellie Harper of Charlestown, W.Va., found out last week.

Harper got a tear-filled, panic-stricken call from someone claiming to be her grandson. The caller said he’d been driving a friend to North Carolina, got into a car accident and now needed money to help get the charges reduced.

“I was terrified,” Harper said in a statement released through the West Virginia attorney general’s office. “My grandkids are everything to me. I don’t think anyone would want to hear a grandchild upset to the point where they can barely catch their breath.”

But Harper soon realized that even though the crying disguised his voice, the caller wasn’t her grandson. What really tipped her off was that he kept asking for money, which she refused to send. After the caller hung up, she called her real grandson and learned he was fine.

“The key to protecting consumers from fraud is public awareness,” said Susan Grant, CFA’s director of consumer protection. Scam artists often use marketing lists and get details of family members from social networking sites. The callers will also insist on immediate action and tell victims not to tell anyone else.

In West Virginia, that state’s attorney general’s office has received 44 complaints about the grandparent scam since 2009. The scammers usually asked for the money to be wired through Western Union.

The state urged consumers to be wary of any calls where the number on the caller ID shows up as “private” and also cautioned people never to give out any account numbers or personal ID numbers over the phone.

The FTC asked consumers to watch out for the following signs of a scam:

• The caller wants you to wire money. Don’t do it! Wiring money is just like sending cash — once it’s gone, you can’t get it back.
• They want you to pay to get your winnings. Real sweepstakes don’t require payment to claim the prize.
• The caller claims to be from a government agency. No federal agency ever runs a sweepstakes.
• The caller claims to be someone you care about.
• The person wants you to act now.

To read the full story: Walletpop.com

In the past four months, caches of customer e-mail addresses, not banking and credit card information, have become the key target of data thieves. The goal: Use the legitimate e-mail addresses and the specific companies their owners have business relationships with to get people to buy worthless goods or to infect their PCs.

The recent theft of potentially tens of millions of consumer e-mail addresses from online marketing firm Epsilon followed a spate of similar hacks in December, USA TODAY research shows.

Web marketing and cybersecurity experts say there are several ways cybercriminals can make profitable use of the stolen e-mail addresses. Just like legit advertisers, criminals can correlate a person’s demographics and shopping patterns “and use that to their advantage,” says Thomas Jelneck, president of Internet marketing firm On Target Web Solutions.

The Better Business Bureau, for instance, has issued a warning about a fake Chase Bank e-mail stemming from the undisclosed number of e-mail addresses that hackers stole from Epsilon. The security breach was disclosed last week. Some 50 Epsilon clients were affected, ranging from Chase Bank and Verizon to Hilton and Target. Those companies, in turn, have been sending e-mail warnings to their respective customers.

Loren Spallina, support manager at anti-virus maker PC Tools, says, “We’re definitely expecting any number of potential malicious actions” making use of recently stolen e-mail addresses.

Dallas-based Epsilon is part of a cottage industry of companies that help major businesses use e-mail to offer promotions and special services to customers. Chenxi Wang, security and risk analyst at Forrester Research, says data thieves are taking advantage of the comparatively “immature” data security practices of those marketing companies.

In late December, Honda reported a hacker stole e-mail addresses to 2.2 million Honda owners and 2.7 million Acura owners. Also in December, data thieves stole 13 million e-mail addresses from the artists website DeviantArt, 1.3 million e-mail addresses from Gawker Media and an undisclosed number from McDonald’s.

By correlating names and e-mail addresses with information about where a person banks and shops, criminals can more effectively bypass spam and anti-virus filters and fine-tune phishing attacks — spoofed messages designed to trick you into clicking on a viral attachment or poisoned Web link. The intruder then takes full control of the victim’s PC. “The No. 1 attack vector today is the human,” says Jose Granado, principal at Ernst & Young’s information security practice.

From 2005 to 2009, most thefts of customer information from U.S. businesses targeted personally identifiable information or payment card data. But in the past four months, several major cyberattacks have targeted valid e-mail addresses for specific customers doing business with specific banks and merchants.

To read the full story: USA Today

Top banks, retailers and service companies have begun warning consumers to be on high alert for spoofed e-mails that may attempt to coax them into clicking on viral attachments or harmful Web links.

This follows the theft of potentially millions of individual customer names and e-mail addresses from Epsilon, a Dallas-based firm that provides e-mail marketing and other services for some 2,500 large companies.

Loss of clients and even lawsuits could result, says Kevin Lee, CEO of online marketing firm Didit. “Epsilon has a huge way to go to earn back the trust of its clients,” Lee says.

Epsilon has alerted Citigroup, JPMorgan Chase, U.S. Bank, Barclays Bank, Best Buy, Hilton WorldWide, Marriott International, Disney Destinations and The College Board, which runs the SATs, among others.

The companies, in turn, have been sending e-mail warnings to their respective customers. “When one reports, the others feel pressure to do the same,” says Richard Mackey Jr., of consultancy SystemExperts.

By correlating specific names and e-mail addresses to information about where a person banks and shops, cybercrime gangs can fine-tune so-called spear-phishing attacks. In such attacks, spoofed messages can be customized to trick specific individuals into clicking on a viral attachment or harmful Web link. The intruder can then take full control of the victim’s PC.

The infected PC is then used in scams for worthless software or drugs or to steal from the victim’s online accounts. Elite gangs can use infected PCs as footholds to probe deep inside company networks.

“The next time you get an e-mail from your favorite store with an amazing offer, you may want to think twice,” says Marcus Carey, community manager at penetration-testing firm Rapid7.

Epsilon said on Monday that just 2% of its clients were affected. The incident is one of a spate of similar disclosures.

RSA, the security division of EMC, recently disclosed that intruders gained access to the technology behind RSA security tokens, small devices that issue one-time pass codes generally used for accessing sensitive corporate accounts.

To read the full story: USA Today

Could playing video games give someone access to your credit card? It happened to one local family thanks to a hacker.

In the wake of Japan’s quake crisis, many Americans are eager to help. But they must be aware of scammers seeking to take advantage of them.

The Federal Bureau of Investigation said they are already investigating one potential scheme where fraudsters misrepresent themselves as the British Red Cross and seek donations in the form of wire transfers.

“I hadn’t heard about this yet, but sadly this has happened previously,” said Penny Sims, spokeswoman for the British Red Cross. “After a major disaster there are some unscrupulous people that try to use other people’s misfortune to their own end.”

So far this is the only scam the FBI has received complaints about, but “agents are looking for more of those types of appeals,” said Jenny Shearer, a spokeswoman with the FBI.

After the earthquake in Haiti, more than 350 complaints were filed about fraudulent activity, she said.

“Anytime something comes into your inbox asking for money, rather than answer, call your local Red Cross yourself,” FBI’s Shearer advised. “Anytime someone comes to you asking for money, you should be suspicious.

“In my experience, the Red Cross has never emailed me, never,” she added.

To further protect those eager to make donations, the FBI has issued the following guidelines:

• Do not respond to any unsolicited incoming emails.
• Be skeptical of individuals claiming to be surviving victims or foreign government officials asking for help in placing large sums of money in overseas bank accounts.
• Go directly to recognized charities’ and aid organizations’ websites instead of following a link from an email or another site.
• Attempt to verify the legitimacy of nonprofit organizations by checking their status with Guidestar.org.
• Be leery of emails that claim to show pictures of the disaster areas in attached files, as the files may contain viruses. Only open attachments from known senders.

To read the full story: CNN Money

Maybe you’ve already been “smished,” and don’t know it. The scam has been around since 2006, but it’s just erupted because of the recent upsurge in wireless devices, says professor Glenn Booker of the iSchool at Drexel University. The scammers usually tell you you’ve won a prize, or maybe something has happened to your debit card and you need to respond a.s.a.p.

The goal is to get your personal information (and make money)—so don’t respond. At the end of the text, there’s usually a message that says to text back a word like “STOP,” if you’re not interested in this or future offers. Don’t do it!That just lets them know they’ve hit an active phone. The best advice from the experts: Hit delete.

For Tracy Davidson’s Consumer Watch video on this subject, click here.

Main Line Today “In the Know” Blog by Tracy Davidson