How many straws until the camel’s back is broken on data breaches? – National Consumers League

/in , , , /by

John BreyaultAnother day, another data breach. The data breach roulette wheel this times landed on health insurer CareFirst. Who loses? The 1.1 million consumers whose names, birth dates, email addresses and CareFirst subscriber ID numbers are now in the hands of cyber crooks.

First things, first, what’s the risk to consumers? The mostly likely effect is that consumer affected by the breach may be on the receiving end of convincing-looking phishing emails. These attacks are designed to trick consumers into clicking on links or attachments that install malware or send users to phishing websites. The phishing emails (and possible telephone calls) are likely to reference CareFirst in some way, and may even masquerade as notifications about the breach itself.

Bottom line: If you are a CareFirst customer, the first place you should be going to get reliable information about the breach and what CareFirst is doing about it is www.carefirstanswers.com. The website has been set up by CareFirst to give affected customers up-to-date information about the breach and what steps they can take to mitigate their risk, including taking advantage of free credit monitoring and identity theft protection CareFirst is offering via Experian.

With that out of the way, there are a number of key questions that regulators, legislators and advocates should be asking in the coming days and weeks.

First, why are health insurers being targeted? CareFirst is the third major health insurer to disclose a breach in the past six months. There are troubling signs that the breaches at Anthem in February, Premera in March and now CareFirst are part of a coordinated attack on U.S. health insurers, possibly by state-sponsored hackers. Regardless of the origin of the hack, it’s clear that medical information is especially lucrative for thieves. According to cybersecurity experts, stolen medical info is worth 10-20 times more than stolen credit or debit card data goes on the cyber black market. With 2.3 million Americans falling victim to medical identity theft in 2014, it’s not hard to see why medical information presents such an attractive target to cybercriminals

Second, why did it take 10 months to notify consumers? According to CareFirst, the intrusion into their network was first detected in June 2014 and “immediate action” was taken to contain the threat. However, it was not until April 2015 that the company discovered that the crooks had exfiltrated their systems with stolen data. With nearly 10 months lead time, cybercrooks had ample time to create mischief with the stolen data before CareFirst notified consumers. Why did it take so long to find out that data was actually lost?

Finally, would more stringent data security standards or data breach notification laws have reduced the risk of this breach? There is no way to make a system 100% safe from hacking. However, far too many companies only invest significant resources in protecting their customers’ data after a hack, not before. This leaves millions of consumers at risk of breach-fueled fraud as companies elect to invest elsewhere while they wait for a hack to force them to spend on data security. What kind of incentives and/or penalties should Congress and Executive Branch consider to shift the cost/benefit equation for companies towards spending on data protection before a breach? NCL’s 2015 Data Security Agenda is a good roadmap for policymakers looking for consumer-friendly answers to these important questions.

The CareFirst breach is yet another straw on the pile of reasons why consumers can’t wait on businesses to take care of the data security problem on their own. It’s time for leaders in Washington to step up and pass real data security reform before the next straw breaks the camel’s — and our — backs. In the meantime, here are tips consumers can use to reduce the risk of identity theft.

Bravo! FTC’s “Start With Security” initiative announces seminar on data security – National Consumers League

/in , , , /by

Federal Trade Commission Chairwoman Edith Ramirez this morning announced the next step in the FTC’s efforts to craft data security guidelines for businesses. As part of its “Start with Security” program, originally unveiled in March, the Commission will hold an initiative at the University of California on September 9. This follows on the heels of the February 13 Summit on Cybersecurity and Consumer Protection at Stanford University.NCL has long advocated for the FTC to take a leadership role in the federal government on data security and is very pleased about this announcement. We applaud the FTC for taking this step to improve data security and help businesses protect consumers.

While details of the September meeting aren’t yet fully known, we do know a few things about the Commission’s “Start with Security” program. At the IAPP summit in March, FTC Bureau of Consumer Protection Director said that the program’s goal is to provide businesses with resources, education and guidance on data security. Chairwoman Ramirez (who NCL will be honoring in October, incidentally) elaborated on this theme, stating that the initiative will be aimed at bringing together experts on data security to share best practices, particularly for small and medium-sized businesses.

The focus on data security at small-to-medium sized businesses is a logical choice for the agency. Its ongoing legal tussle with Atlanta-based LabMD illustrates challenges the Commission faces as it seeks to enforce data security obligations on small businesses. Such entities are often ill-equipped to adequately protect the growing amounts of sensitive personal information they are collecting.  This is an incredibly important issue. As NCL’s #DataInsecurity Report found, nearly 6 in 10 data breach victims indicated that their trust in retailers decreased following a breach. For a small business struggling to stay afloat, losing the confidence of customers due to a data breach can mean the difference between keeping the lights on and a “closed” sign on the front door.

So what can the Commission hope to accomplish at its September meeting? In the interests of promoting consumer data security, we propose that the meeting agenda cover some basic data security policy topics, such as:

  • Is there a sufficient flow of information and best practices on breach trends, emerging threats from hackers, etc. being shared by the FTC with business that are entrusted to store consumer data? If not, how can this improve?
  • The Online Trust Alliance estimated that 90% of data breaches in 2014 could have been prevented if basic security measures had been taken. With this in mind, how can businesses be incentivized to make sure they are taking the basic steps to protect their data?
  • Small and medium-sized businesses often lack the budget and/or expertise to craft robust data security protections, yet they are increasingly collecting large amounts of sensitive data about their customers. What requirements should be placed on a pizza parlor, for example, when it comes to data security?
  • We often hear that it’s not “if,” it’s “when” when it comes to data breaches at businesses. However, it seems that businesses, particularly small-to-medium sized businesses, aren’t prepared to protest against the data breach threat. Is this accurate? If so, what can the FTC do to change that mindset?
  • Government data security mandates can only do so much to create a climate where data security is taken seriously by business. What flexible, market-based incentives exist to promote data security? Is cyber-insurance the answer?
  • There is no shortage of cybersecurity firms offering high-priced solutions to small-to-medium sized businesses. Are there free or low-cost solutions that businesses can take today that will measurably reduce their data security risks (e.g. enable multi-factor authentication, create stronger passwords, encrypt sensitive data)?

The “Start With Security” initiative is a good opportunity for the FTC to promote solutions that businesses can take to reduce their data security risk. However, absent reforms in Congress to tackle tough issues like data breach notification and a comprehensive data security standard, education can only do so much. We hope that the Commission will use the September 9 forum to highlight the impact that breaches continue to have on consumers and businesses and to push Congress to pass real data security reforms.

Beware: Online pet adoption scams – National Consumers League

/in /by

92_puppy_sale.jpgBringing a new puppy or kitten home is right at the top of many consumers’ wish lists. Unfortunately, scammers know all too well how emotionally connected we can get to idea of adopting a cuddly ball of fuzz. Since the beginning of 2015, NCL’s Fraud.org has received a surge of consumer complaints about pet adoption scams. Learn how the scam works.First, a consumer searching for a pet sees a desirable animal listed for sale online, often on a classifieds website like Craigslist.org or Oodle.com. Next, the consumer reaches out to the prospective seller and expresses interest in acquiring the animal. After a consumer sends money to the alleged owner to pay for the pet, she is told that additional funds are needed to cover the cost of things like “a ventilated shipping crate,” “insurance,” or other reasons. Regardless of how much money is sent, the alleged seller will find new reasons to ask for additional payment. This continues until the victim, now often out hundreds or thousands of dollars catches on and stops sending money.

In reality, the entire act is a farce. The cute pet pictures that prompted the initial outreach by the consumer are usually simply pulled off the Internet and used to create attractive (but fake) listings. The alleged sellers don’t own any actual pets and are just out to milk victims of all the cash they can.

A Massachusetts woman we’ll call “Sue” (not her real name) recently sent us a complaint that is typical of this scam. Sue writes:

“I was looking to purchase a Yorkshire terrier puppy for my 2 little kids. I found one that I was really interested in. It was a 9-week-old female Yorkie. I emailed ‘the owner’ … The puppy was $500 and he told me that was already included with shipping and everything. He told me to put the $500 on a Reloadit card, which I did, and I gave him that. He sent me an email of a flight ticket, which I now know that it was not real because I called American Airlines and the flight ticket was a fake.

An agency started emailing me stating that I had to send them $970.00 for a ‘crate’ for the puppy to arrive to me safe while on flight due to the weather. I was told it was refundable when my puppy would arrive. I was told to send it by Western Union, which I did. Once that happened … I was asked to send $1,500 now for the pets insurance to get sent to me, which was also supposed to be refunded to me. I sent that money through MoneyGram. I was supposed to receive my puppy on March 7, 2015 in the morning and I never received the puppy.

Then I received another email stating I had to send ANOTHER payment of $760.00 to update her shots before she takes off. It was already sounding a little bit too good to be true to me but that’s when I finally realized that this was a scam.”

Fraud.org has received more than a dozen complaints about these scams so far this year. Consumers can see additional examples of these scams at the ASPCA’s Pet-Related Scams website.

It’s easy to get emotionally attached to the idea of acquiring an adorable new pet. Consumers in the market for a new furry friend, can protect themselves by following these safe pet-buying tips:

  1. Never send money for a pet purchase unless you have seen the animal in person (as opposed to simply online).
  2. Beware of any seller who says she’s located out-of-town (or worse, overseas). Dealing with local sellers is usually the smart move.
  3. Requests for payment via wire transfer (Western Union or MoneyGram) or prepaid debit card (Green Dot MoneyPak, Reloadit, or similar cards) are often a red flag for potential fraud. Payment sent via these methods is practically the same as sending cash.
  4. Consider adopting from a local shelter instead of a private seller. There’s likely to be a lower cost to obtain the pet, and you’ll be dealing with a reputable non-profit organization.
  5. Do your due diligence on the seller BEFORE sending money. Ask for detailed information on the seller, including full name, phone number and mailing address. Search online for information on the seller. If no information comes up in the search, or you see negative reviews, it could be a scammer instead of a legitimate seller.
  6. Watch out for offers of “free” pets. While it may seem like a good deal, scammers have been known to use these to lure unwary consumers in to paying for “shipping” and other costs for nonexistent pets.

If you’ve been a victim of one of these scams or been approached by someone you suspect of being a scammer, file a complaint at fraud.org so that we can share your information with our network of law enforcement and consumer protection agencies.

Lovers, beware: ‘Tis the season for romance scams – National Consumers League

/in /by

love_stinks.jpgThink you’ve found your Romeo or Juliet online? Experts are warning, especially this time of year, to be on the lookout for predators posing as the perfect sweetheart. These Romance Scams can be a long, drawn-out process–it takes a long time to kindle a relationship in which the victim might actually consider sending cash. We’ve heard from countless victims who were more than just unlucky in love. Read on to hear their stories.After being single for many years, 51-year-old “Dan” befriended a woman on a dating Web site. She said she was an artist in Lagos. The two developed a spiritual connection and grew romantically involved. The woman told Dan that she longed to come to California to be with him. That’s when she asked him for money, and he happily wired her $2,500. Dan was soon contacted by a man claiming to be the woman’s doctor, who said Dan’s true love had been in a terrible accident and wasAfter being single for many years, 51-year-old “Dan” befriended a woman on a dating Web site. She said she was an artist in Lagos. The two developed a spiritual connection and grew romantically involved. The woman told Dan that she longed to come to California to be with him. That’s when she asked him for money, and he happily wired her $2,500. in a coma. Dan never heard from her again.

Ugh!

Hearing about these victims is really tough. They’re devastated emotionally and sometimes out a ton of money. The worst thing is how far from unique Dan’s story is. Sure, there’s a melodramatic twist at the end “explaining” his swindler’s disappearance. But, time and again, the reports we get at NCL’s Fraud.org often contain a drama: an accident, a tragedy, some sudden need for monetary assistance. And, inevitably, love triumphs over caution, and a soon-to-be-heartbroken consumer victim sends the money via wire transfer, preloaded card, or even cash.

Though the details of the scammers’ stories vary with each individual case, the gist is almost always the same: some tragedy has befallen the scammer and he or she desperately needs money. After spending time communicating and building a relationship with the victim, the scammer will ask for help. In a report we received from a woman we’ll call “Molly,” she had met a man on a major online dating site, and they conversed regularly for about a month before the man told Molly that his daughter needed heart surgery. Over the course of several months, Molly sent the man a total of $1,000. Only later did she realize that the man was after her money and nothing more, and that the daughter who needed heart surgery probably didn’t even exist.

In another report, “Pam” told us about a man she’d met online who asked her for $150 because he’d been hit by a car and needed treatment. He then sent her a document that he claimed was a copy of his medical receipt, and asked her to send him another $760 to help him come to the United States so that they could be together. Pam was in love, and she sent the money. He never showed up, but Pam reported that the man still harasses her for more money from time to time.

We’ve heard reports about such scams occurring on all of the major dating sites, and from victims of varying backgrounds. Men, women, young, old, black, white, gay, straight, etc. So while you shouldn’t let this deter you from finding love online, you should remember that these scammers are out there. And while they may not love you, they would love to take your money, so be sure to only consider giving money to someone you’ve met in person, have known for a long time, and can truly trust. Or be prepared to kiss your money – and your special friend – goodbye.

Don’t let your new computer get filled with scammy software – National Consumers League

/in , , /by

With the holidays upon us, many consumers will soon be unwrapping new laptops, tablets, and desktop computers. Out of the box, these new devices run great, but over time they can become clogged with all manner of scammy software. At best, these programs can degrade performance. At worst, they can lock down your new device and steal personal information.

Web browsers are a popular way that scammers gain entry to consumers’ computers. This is often done via deceptive browser tools and extensions.  These programs are typically legitimate and useful software that add new features to Web browser or otherwise alters the default Web surfing experience.  Popular examples include browser toolbars, language translators, and email notification icons.

Unfortunately, as many victims know too well, scammers also creating browser downloadables that promise one thing, but unleash a parade of horribles on unsuspecting consumers.  For example, these programs can rewire your browser settings and degrade your browser and computer performance.  They may also overlay scammy or inappropriate ads all over the web pages you visit, often covering up content that you want to see.  Even worse, these unwanted programs can introduce malware and other security and privacy threats, including stealing passwords and account login information.  And in many cases, they are impossible to get rid of without expert (read: expensive) help.

 So, what else can consumers do? Here are some tips for spotting and avoiding being a victim:

  • Keep your browser and operating system up to date. Most operating systems and software will notify you when it’s time to upgrade – don’t ignore these messages and update as soon as you can. Old versions of software can sometimes have security problems that criminals can use to more easily get to your data.

  • Know what you are downloading. Software from unfamiliar third parties may contain unwanted add-ons or malware. Be sure to know from where the software originates and only download it from a reputable source or a well-known app store.

  • Review Installation Options. When you download programs and extensions, pay attention to the fine print details and any auto-checked checkboxes. Make sure that you understand what programs are being installed.

  • Read the User Agreement. In addition to only downloading software from a reputable source, also be sure to read disclosures on the download site to understand exactly what you’re installing. Don’t install software from sites your browser tells you may contain malware or software bundled with “additional offers” unless you fully understand what is in them.

  • Recognize the signs of infection. Here are some clues that a suspicious program is affecting your browser:
    • Your browser doesn’t block pop-up ads from showing
    • Your homepage, startup page, or default search engine has changed to a site you don’t recognize
    • Unfamiliar extensions or toolbars are added to your browser
    • The browser’s desktop shortcut opens an unfamiliar website

  • Remove scammy software. Routinely scan your computer for malware with antivirus software you trust.

  • If you get hit with a scammy download report it Fraud.org or the FTC.

These tips are part of the National Consumers League’s continued commitment to helping consumers keep themselves safe online. In particular, NCL’s #DataInsecurity Project raises awareness about the need for reforms aimed at better protecting consumer data and calls on our policymakers to act now to strengthen cybersecurity standards.

Turning cybersecurity awareness into cybersecurity reform – National Consumers League

/in , , /by

Facebook_NCSAM_icon.jpgOctober is National Cyber Security Awareness Month, which is a good time for consumers to take stock of their online safety habits and practices. Great tips and tricks for creating stronger passwords, taking advantage of two-factor authentication and learning to spot phishing scams and other cyber threats abound from organizations like the Federal Trade Commission, Stop. Think. Connect., and NCL’s own Fraud.org.In partnership with the U.S. Department of Homeland Security and the National Cyber Security Alliance, NCL is helping to raise awareness about cybersecurity and give consumers advice on how to protect themselves from hackers and other online scam artists. However, 2014’s NCSAM comes at a unique time. Consumers’ concern about the security of their personal data has rarely been higher. Due in part to massive data breaches at retailers like Target and Home Depot—and, just this week, news regarding JP Morgan Chase—there is a new urgency for action in Washington and in corporate boardrooms to address data security.

While NCSAM is a perfect opportunity to take ownership of your own data, one person cannot protect all of their data by themselves. In today’s connected economy information about consumers is held by hundreds, if not thousands of entities – often without your knowledge. However, a data breach at just one of these companies can expose millions of consumers’ records to fraud.

This summer, NCL organized events in Miami, Los Angeles, and Chicago to raise awareness about the problem of data breaches. Armed with new research from a groundbreaking survey and a report on the consumer impact of data breaches, we met with federal and state law enforcement and consumer protection authorities, local media, and American consumers. What we heard was not surprising: Consumers are fed up with the constant stream of data breaches, which they often feel powerless to stop. They want businesses to do more than just offer up free credit monitoring – they want a way to hold businesses and government accountable when their sensitive data is not protected.

That’s why this October, we’re calling on policymakers in Congress, at the White House and throughout the country to not just be aware of cybersecurity, but to do something about it. Through our #DataInsecurity Project, NCL is working to raise the alarm about the urgent need for data security reforms, including passing a national data breach notification standard, creating meaningful national data security requirements and giving enforcement agencies like the FTC the tools they need to go after hackers and companies that put profits ahead of securing consumers’ data.

As we look towards a new Congress, we at NCL will be redoubling our efforts to make sure our elected leaders don’t sit idly by while hackers profit off our data. Instead, we’ll be making our voice heard in Washington and throughout the country to push for real reforms that start to put a dent in the data security problem.

Dos and Don’ts for College-bound $tudents – National Consumers League

/in , /by

92_college_movein_.jpgMillions of young people are arriving on the nation’s college campuses this month—finally, life without parents for the first time for many! Unfortunately, many of these young people will be entering the consumer marketplace with little understanding of how to navigate it successfully—credit cards? utility bills? rent? And even worse—many students may fall prey to scams targeting college students.Whether they are heading off to college, a job, or to their first apartment, young adults should keep these dos and don’ts in mind this fall:

  • DO read the fine print. While credit card companies are now largely prevented from offering their wares on college campuses, there are still many “gotchas” lurking out there for unsuspecting consumers. Those gotchas love to hide in the fine print of things like apartment leases, gym memberships, cell phone contracts, student loan applications, spring break vacation package agreements and yes, credit card applications.
  • DON’T sign anything until you understand your responsibilities. Will you be locked in to that gym membership for years to come? Does that free t-shirt come with a credit card that has a high interest rate and annual fee? How much will it cost to break the lease on your apartment if your roommate unexpectedly moves out and leaves you with the full month’s rent?
  • DO make sure you have contact info (the phone numbers or Web addresses for services that can help) if you get in trouble. The local Better Business Bureau, Office of Tenant Advocate, and state and local consumer protection bureaus are good numbers to have handy if you feel that a local business or landlord is taking advantage of you.
  • DO create a budget and stick to it. Create a list of all the expenses you’ll be responsible for, like books, regular meals, rent, and transportation. That way you’ll have a system to help make sure nights out with friends don’t eat in to you required living expenses.
  • DON’T leave personal information unsecured. While young consumers may not have a lot of money to drain from bank or credit card accounts, their credit reports are often clean. This makes them tempting targets for identity thieves. File away important documents, shred credit card offers and keep a close eye on credit and debit card statements for suspicious charges.
  • DO watch out for scams targeting young people. For example, educational grant scams regularly make Fraud.org’s list of top scams each year, suggesting that scammers may be going after students looking for ways to pay for college in a tough economic environment. Watch out for scams that promise “guaranteed scholarships” or “an inside track on getting money for college.” Also stay away from any service that requires a credit or debit card account number to apply for or hold a scholarship.
  • DON’T leave your social network privacy settings unattended. Scammers scan these networks for information they can use to pitch believable-sounding scams. It usually only takes a few minutes to set privacy settings to make them more secure. Many college students may be surprised to find just how much of their personal information they were sharing in the first place.

Consider these tips the beginning of your journey to becoming a savvy consumer. Remember that the good consumer habits you develop as a college student can yield benefits in school and beyond.

Fraud warning: Malware scams locking computers for ransom

/in , /by

92_computer_lock.jpgCrooks are targeting consumers and businesses with sophisticated technology that, spread through email and difficult-to-detect downloads, encrypts the contents of a hard drive, making it impossible to use one’s files. Hackers target unsuspecting users and then claim that their data is being held for ransom — and, once a consumer pays, there’s no guarantee that the data will be unlocked.According to the Federal Trade Commission, after the malware is installed by an unsuspecting computer user, the Cryptolocker crooks send a ransom note demanding hundreds of dollars in payment via Bitcoin or another anonymous payment method before they will unlock the files. Once a consumer pays the ransom, there’s no guarantee that the fraudster will not simply ask for more money.

Even if you pay the ransom, are you really willing to bet that the criminals running this scam will honor their promises and unlock your computer files? Experts say it’s unlikely.

Ransomware has been around for a decade, but the frequency and severity of CryptoLocker scams appears to be on the rise, raking in millions of dollars for crooks.

A study by the University of Kent found that 2 out of every 5 CryptoLocker victims pay the ransom. This malware is especially sneaky, as it can be disguised as JPEG images, as PDF files, as Microsoft Office files, and other innocuous, familiar files. There are even reports that Facebook could be one of the likeliest places to get a CryptoLocker malware. Businesses have also been reported to be victimized by these scams.

It’s not just individuals who are vulnerable. but even computers for whole businesses. ABC 33-40, a news station in Birmingham, Alabama, was hit with the Crypto Locker virus. The director of engineering for ABC 33-40, Ron Thomas, described his station’s experience with the virus. “You buy this $300 Green Dot MoneyPak, you cannot use a credit card for it, it had to be cash or debit card. Once they claim the funds, they unlock your files. If those files had been lost, it could’ve affected 10 years’ worth of work by several departments,” said Thomas in a local news report.

Avoid Cryptolocker and other malware scams!

  1. Back up your files frequently on a separate device (which does not remain connected to your main computer) or use free cloud storage systems that are available online.
  2. Be on the lookout for suspicious looking phishing emails and links. Do not click on links or attachments from untrusted senders.
  3. Consider using ad-filtering applications that are free for your web browser to avoid clicking on suspicious links from ad pop-ups either by accident or by compulsion.

Familiar faces in 2012 Top Ten Scams Report – National Consumers League

/in , /by

In 2012, fake check scams earned the dubious distinction of being the top scam reported by consumers to the NCL’s fraud complaint site, Fraud.org. Nearly 32 percent of the total scams reported fell into this category, and it is the second time in three years fake check scams topped our list.Many consumers do not realize that if they deposit a fake check the account holder is responsible for paying the money back to the bank. Fake check scams take many forms, but the common thread in nearly all fake check scams is a request to wire money to a third party. Tip: Don’t wire money to someone you’ve never met and you should be able to avoid this scam.

Read the full report.

Internet-based scams including bogus online merchandise scams, lottery scams, and phishing scams totaled more than half of all complaints received by Fraud.org this year. The Jamaican lottery scam, which asks people to send an advance fee before receiving their prize, was widely publicized in 2012. While American and Jamaican law enforcement authorities have begun working together to curb this widespread fraud, prevention remains the best option for most consumers.

Consumers reported being contacted by phone in more than 42 percent of the total complaints received in 2012. Tip: Whenever someone asks you on the phone to send money ahead of time in order to receive a prize, don’t do it! In fact, never send money to anyone you don’t know and you will avoid much heartache and headache.

A growing scam in Fraud.org’s complaint data is the office directory/ad sales scam. Complaints about this scam increased by 7.36 percent from 2011 to 2012. In a typical office directory scam, a small business or non-profit organization is called and the receptionist or other front-line employee is asked to verify information about the business. If the mark does so, the organization shortly begins to receive threatening invoices for bogus online business listings or other advertisements. The scam artist may even threaten legal action if payment is not sent.

Regardless of the type of scam, many instances of fraud can be avoided by remembering the old rule of thumb: if something seems too good to be true, it probably is.

If you ever do have questions about a potential fraud or think you might be a victim of a scam, report it immediately via Fraud.org’s secure online complaint form. Embarrassment or fear of friends and relatives finding out about the crime causes many victims of fraud to remain silent. Only by speaking out can we give law enforcement the tools they need to bring these criminals to justice.

Avoid a Valentine’s Day hangover: Don’t fall for a romance scam – National Consumers League

/in /by

Think you’re lucky in love? People who find that special someone online could be in for a rude awakening if they don’t take precautions against con artists, who use clever tactics to meet victims online, form a bond and gain their trust, and bilk them out of hard-earned money.At first, it seems like the perfect match. You meet someone online that you can really connect with, who is everything you’ve ever dreamed of in a significant other. As the relationship develops, you start to talk seriously about meeting each other face-to-face. It’s a big step in any online relationship, but it seems like the two of you just click so why wouldn’t you take a chance on love? When the request for money to help with travel expenses comes, you send the money. After all, it seems like a small price to pay for the chance at a lifetime of happiness.

Unfortunately, this scenario is what happens all too often to victims of the romance scam. A scam artist is the person on the other end of the relationship, who knows just how to make someone believe a story and ultimately send money. If the victim sends money, it’s followed by additional requests for cash, which continue until the victim either catches on to the scam or runs out of money.

A woman we’ll call “Sarah” recently shared her story with Fraud.org. Sarah met a man calling himself “Robert” on a popular online dating website. Robert claimed to be from Georgia and he and Sarah began exchanging emails and text messages.

A few weeks into the relationship, he told Sarah that he was sent on business to the Philippines. While allegedly abroad, he claimed that he was robbed, had emergency surgery, and was arrested for tax evasion among other misfortunes. He asked Sarah to send him money to help him get back on his feet and make the return journey to the U.S. He promised to pay her back once he had access to his late wife’s safe deposit box back home.

Robert convinced Sarah to help and she sent the money. Before she caught on to the scam, Sarah had lost almost $30,000.

Sarah is not alone. In 2013, romance and friendship scams were the 10th-most reported type of scam to Fraud.org. They were also by far the most expensive type of scam for their victims, with losses averaging more than $13,000 per incident. It’s not surprising to see why, either. Love is one of the most powerful emotions. What wouldn’t you do to help out someone with whom your share a deep connection? Scammers operating these scams are skilled in manipulating their victim, gaining their target’s trust, and ultimately defrauding them of as much money as possible.

This Valentine’s Day, NCL is urging consumers to learn more about these scams so that they can spot the warning signs and avoid a costly fraud. Red flags include:

Any request to send money from someone you’ve never met in real life.

Wire transfer services like Western Union and Moneygram are favorites of scammers, but we’ve also received complaints where the victim is asked to send money via bank transfers, prepaid debit cards (like Green Dot MoneyPaks), newer services like Xoom, or even mailing cash stuffed inside magazines or books.

The person you’re communicating with says they are located overseas.

A favorite tactic by romance scammers is to claim to be a U.S. citizen who is temporarily out of the country on business or military deployment.

Requests to communicate outside of an online dating sites’ internal messaging system.

Many online dating sites monitor their messaging services for suspicious activity. Romance scammers will often ask to use other communications technologies such as instant messenger, text messaging, or email.

Requests to cash a check or money order from someone you’ve never met in real life.

Often, the check is fake and the scammer is only trying to get you to cash the check and wire her or him the proceeds before your bank catches on.

Allusions to great wealth.

Romance scammers will often claim that they have access to or are about to have access to significant amounts of money. With their victim’s financial help, they claim they’ll be able to access the cash and potentially share it with their “lover.”

Think you’re a victim of a Sweetheart Swindle? Report it to Fraud.org.