Consumer Alert
Searching for a job to work remotely? Avoid scams and identity theft
By
Gema de las Heras
Consumer Education Specialist, FTC
November 13, 2023
Found a job listing to telework as a Spanish translator or a data entry clerk with great benefits and pay? Scammers are impersonating real employers on legitimate platforms like ZipRecruiter and Indeed. When you respond, they might even schedule interviews and send you paperwork that looks legit. But it’s all a scam to get your information and steal your money or your identity. Here’s how to know you’re dealing with a scam.
Everything moves really fast. As soon as you apply, the so-called employer only wants to schedule an interview using Signal Messenger or similar text-only apps. You agree, answer a few questions — and bam, you got the job! The next thing you know, they’re asking you to fill out direct deposit and tax forms with your bank account and other personal information. In some cases, they might send you a large check with instructions to set up your home office. But by the time you realize the job is fake, the scammers already have your money and information.
To avoid job scams without passing up a good job opportunity:
- Do some research before you apply. Look up the company online or call using a phone number you know to be real. If you can’t verify the job opening, it could be a scam.
- Talk to someone you trust. Describe the offer to them. What do they think? This also helps give you vital time to think about the offer.
- Never pay for a job or equipment. Honest employers won’t ask you to pay upfront, and they won’t send you a check and then tell you to deposit it and send them part of the money. Those are scams.
Report phony job opportunities to the FTC at ReportFraud.ftc.gov and the website where you saw the job posting.
Did you give personal or financial information for a job that turned out to be fake? Go to IdentityTheft.gov to report it and get a recovery plan.
Topics
Scams
_____________________________________________________________________________________
Business Blog
Staff warning letters to trade associations and influencers convey some salty words about sweetener posts
By
Lesley Fair
November 15, 2023
A consumer spots a social media post from a dietician stating – for example – “Aspartame increasing cancer risk?! Nope! Let’s talk about it” and “It’s okay to still enjoy your non-sugar-sweetened beverages” because “these beverages are absolutely no threat to your health.” Wouldn’t it be material to consumers to know the dietician was being paid by a trade association to convey those messages? FTC staff warning letters sent to two trade associations and a dozen dieticians and other online health influencers don’t sugarcoat the principle that failure to include clear disclosures in social media posts could violate the law.
Fundamental to the FTC Endorsement Guides is the established principle that the identity of a speaker – and on whose behalf they’re speaking – can be highly material to consumers. The letter to the American Beverage Association (AmeriBev) expresses concern that the group may have violated the FTC Act by failing to adequately disclose that influencers who promoted the safety of aspartame in Instagram and TikTok posts were hired by the Association to convey that message. Here’s what the FTC said to the trade association:
The FTC’s Endorsement Guides state that if there is a “material connection” between an endorser and the marketer of a product – in other words, a connection that might affect the weight or credibility that consumers give the endorsement – that connection should be clearly and conspicuously disclosed, unless the connection is already clear from the context of the communication containing the endorsement. Material connections could consist of a business or family relationship, monetary payment, or the provision of free products to the endorser. “Clear and conspicuous” means that a disclosure is difficult to miss (i.e., easily noticeable) and easily understandable by ordinary consumers . . . . We have a number of concerns about the adequacy of disclosures by the dieticians regarding their apparent connections to [the American Beverage Association].
But the FTC didn’t stop there. Staff also sent warning letters to ten dieticians or health influencers who appear to have been paid by the American Beverage Association to tout the safety of aspartame in social media. The letters “strongly urge” the influencers to review their “Instagram, TikTok, and other social media posts as to whether they contain sufficiently clear and conspicuous disclosures of any material connections” and remind them that “Violations of the FTC Act may result in legal action seeking a federal district court injunction or an administrative cease and desist order.”
FTC staff sent a similar warning letter to The Canadian Sugar Institute, raising concerns that two dieticians who posted videos on Instagram endorsing the consumption of products containing sugar were paid by the Institute to convey that message. Like the letter to American Beverage Association, the warning letter to The Canadian Sugar Institute states, “We strongly urge you to review your social media policy. You should also review the Instagram and other social media posts made by endorsers you have paid as to whether they contain sufficiently clear and conspicuous disclosures of any material connections to the Canadian Sugar Institute.” The two dieticians received warning letters, too.
The letters give recipients 15 business days to contact FTC staff with how they intend to address the stated concerns.
If you use influencers in your marketing campaigns or if you’re an influencer yourself, the warning letters offer important reminders about FTC truth-in-advertising principles.
Both advertisers and influencers have an obligation to disclose material connections. The legal responsibility for disclosing material connections is a two-lane highway. Advertisers should explain the rules of the road to influencers they bring on to promote their products and monitor what influencers are doing on their behalf. At the same time, influencers have an obligation to disclose in their posts who they’re working for. Furthermore, the fact that most of the influencers in question were registered dieticians wasn’t lost on FTC staff. Consumers are likely to give greater weight to the opinions of health professionals, which compounds the potential for injury when material connections aren’t properly disclosed.
How and where you disclose a material connection matters. It’s not enough to disclose a material connection any old place in social media. As the warning letters state, “Consumers should be able to notice the disclosure easily, and not have to look for it.” What’s more, “Any required disclosure should be presented without having to click.” In some instances, influencers “disclosed” their connection with obscure hashtags, at the end of longer descriptions that Instagram truncates, or in poorly contrasting type – methods the FTC staff says are insufficiently conspicuous.
Disclosures in videos may need to be audible, visual, or both. When endorsements are made audibly in a video, the video should include a prominent audible disclosure. When endorsements are made visually, there should be a prominent visual disclosure in the video as well. Videos that have both audible and visual endorsements should have prominent audible and visual disclosures.
It’s unwise to rely solely on platforms’ disclosure tools. Some influencers used Instagram’s “Paid partnership” tool to disclose they were being compensated. Here’s what FTC staff said in some of the warning letters: “The Commission has previously expressed concerns about the conspicuousness of such built-in disclosure tools alone.” That doesn’t mean influencers shouldn’t use those tools, but they’re likely to be more effective when used in conjunction with other, clearer forms of disclosure.
Influencers should clearly identify the sponsor of their posts. Standing alone, the “Paid partnership” disclosure conceals a highly material fact: Who’s the partner doing the paying? As some of the letters to influencers warn, “Without knowing who the sponsor of the post is, viewers might not be able to adequately evaluate the weight and credibility to give your endorsement.” Furthermore, in referring to some influencers’ social media posts, the letters note, “Even the language of the ‘Paid partnership with ameribev’ disclosure in your June 29 Instagram post may be inadequate, as many viewers may not understand what ‘ameribev’ is.”
Future violations could prove costly. Included with the warning letters is the FTC’s Notice of Penalty Offenses Concerning Deceptive or Unfair Conduct Around Endorsements and Testimonials. As staff explained, “[R]eceipt of the enclosed notice puts you on notice that engaging in conduct described therein could subject you to civil penalties of up to $50,120 per violation.”
Looking for resources to keep your social media campaigns compliant? The recently revised FTC’s Endorsement Guides: What People Are Asking is a good place to start. You’ll find more information on the Endorsements, Influencers, and Reviews page.
Tags:
- Consumer Protection
- Bureau of Consumer Protection
- Advertising and Marketing
- Endorsements, Influencers, and Reviews
- Online Advertising and Marketing
- Advertising and Marketing Basics
______________________________________________________________________________________
Consumer Alert
Slow your scroll: Spot and avoid social media giveaway scams
By
Terri Miller
Consumer Education Specialist, FTC
November 15, 2023
Image
You may have heard us say when you’re shopping online, check things out before checkout. The same advice applies to giveaways on social media sites like Facebook and Instagram. Here’s why: One in four people who reported losing money to fraud since 2021 said it started on social media. Scammers make it hard to tell what’s real and what’s fake. Want to avoid scams on your feed? Slow your scroll and keep reading to find out how.
If you follow your favorite businesses on social media to get updates about upcoming events or promotions, you’re not the only one. Scammers are watching too — and they may hijack legit businesses’ giveaways and promotions to try and get your personal and financial information. Imagine your favorite photographer is giving away a free photo session. You follow the steps to enter — liking their page, tagging a few friends, and sharing the post. Then someone who looks like the business owner tags you in a comment saying that you’ve won. They send you a link — and ask for financial information — to claim your prize. What’s your next step?[Hint: it rhymes with Jaws!]
Before you respond, pause. Don’t click on any links since they might contain malware. Then:
- Ask yourself: Does this business need information like my credit card number to get this free prize? If it’s legit, probably not!
- Contact the business using a phone number, email, or website that you know is real. Ask if they really sent the message. If they didn’t, report the post and let them know that their account may have been hacked.
Learn more about how to spot, avoid, and report scams—and how to recover money if you’ve paid a scammer—at ftc.gov/scams. If you spot a scam, report it to the FTC at ReportFraud.ftc.gov.
Topics
Scams
_________________________________________________________________________________
Business Blog
What we have here is a failure to communicate…among other things
By
Larissa Bungo
Senior Attorney
November 16, 2023
Yes, if a tree falls in the forest and no one is there to hear it, the tree does make a sound. And, yes, if a data breach happens and you fail to timely notify affected customers, that’s an unfair practice. That’s just one of the lessons businesses can learn from the FTC’s proposed settlement with Global Tel*Link (GTL) and its subsidiaries, Telmate and TouchPay.
Another lesson? When it comes to safeguarding consumers’ personal information, the duty extends regardless of where the business stores the data and what it uses the data for—even testing. Read on to learn more. GTL is one of the country’s largest providers of communications and technology services for jails, prisons, and similar institutions, providing both communications and payment services for incarcerated consumers and their non-incarcerated contacts, including loved ones. According to the FTC’s complaint, in August 2020, unknown attackers accessed the personally identifiable information (“PII”) of hundreds of thousands of people who used GTL’s products when the data was left unprotected and accessible via the internet.This included:names, contact information, driver’s license numbers, passport numbers, Social Security numbers, payment card and financial account information, personal messages, health information, and grievance forms.
How did this happen? In the process of upgrading their search and analytics software, GTL allegedly moved a database containing PII to a test environment in the cloud. According to the FTC’s complaint, GTL left the database of PII unencrypted and did not take other measures to protect the data stored in the test environment, such as automated monitoring. When a contractor employed by GTL to work on the software upgrade changed the security settings of the test environment, the environment—and all the PII it contained—was left accessible via the internet without password protection.
You can probably guess what happened next. One or more unauthorized people were able to access and download information from the database. A data security researcher notified GTL that the data was exposed—specifically, that he could access the database and view PII about GTL’s users. You guessed it. Next, someone downloaded information from the database and made it available on the Dark Web. Consumers began to tell GTL directly that they received alerts that their information was found on the Dark Web.
Can you guess what didn’t happen next? According to the FTC’s complaint, at least eight months went by where GTL and its subsidiaries failed to notify affected customers. Instead, the FTC alleged the company misrepresented its efforts to do so and falsely represented to prospective institutional customers that GTL hadn’t experienced unauthorized access to its data.
When GTL and its subsidiaries finally did notify consumers of the breach, the FTC alleges they chose to notify only a fraction of the affected users that their information was affected, denying hundreds of thousands of users any opportunity to take self-help measures such as implementing a fraud alert or credit freeze.
For years the FTC has stressed to businesses the importance of having effective breach detection and response as essential components of a reasonable data security program. The FTC’s settlement with GTL and its subsidiaries underscores these principles. It also makes clear that reasonable data security protections to safeguard consumers’ PII apply even when that data is being used for testing—and require a company to inventory and track the flow of consumers’ personal information. And, should a breach occur, businesses must promptly notify consumers about the incident, particularly when failing to do so puts the affected consumers at increased risk of harm, such as from identity theft.
You’ll want to read the six-count complaint for details on how GTL’s practices allegedly harmed consumers. To settle the case, GTL and its subsidiaries agreed to implement a comprehensive information security program with third-party assessments, to provide credit and identity monitoring for consumers not previously notified of the breach, and to notify affected consumers about the breach. The proposed settlement also requires GTL and its subsidiaries to notify the FTC and, in a first for an FTC order, affected consumers and facilities about future data breaches. Finally, under the agreement, GTL and its subsidiaries are prohibited from making misrepresentations about privacy, data security, and data breaches.
What are the key takeaways for your business?
- Businesses must promptly notify consumers when a breach has occurred that puts them at increased risk of harm, such as identity theft. The GTL settlement requires GTL and its subsidiaries to notify the FTC of any future breach. The proposed Order adds a novel additional requirement. Whenever the duty to notify any government agency is triggered by a future data breach, GTL and its subsidiaries must also timely notify affected users and facilities.
- Reasonable data security requirements apply regardless of where the business stores consumers’ personal information or what it uses that information for—including testing. A best practice is to avoid using PII for testing or development in the first place, but if using PII is unavoidable, then that PII must be protected to the same extent as in the production environment.
- Businesses should inventory and track the flow of PII. Knowing what data is stored where is critical to a business’s ability to assess what protections are needed and timely identify consumers who should be notified following any breach.
Tags:
____________________________________________________________________________________
Business Blog
FTC announces challenge to prevent harms of AI-enabled voice cloning
By
Lesley Fair
November 17, 2023
As text-to-speech AI has improved, so has voice cloning technology. The prospects could be promising, but from the FTC’s perspective, voice cloning also presents serious consumer protection concerns. The FTC is committed to using a wide range of tools to prevent harm to the public. That’s the reason for the just-announced Voice Cloning Challenge.
While voice cloning technology holds out hope for some people – for example, those who have lost their voices to accident or illness – the FTC has called attention to the ways that fraudsters are adding AI to their arsenal of artifice. You’ve probably heard about family emergency scams where a person gets a call supposedly from a panicked relative who’s been jailed or hospitalized and needs money immediately. Until recently, scammers had to come up with excuses for why the voice might not sound quite right. But enter artificial intelligence and the crook on the other end could use voice cloning technology to impersonate the family member.
This will be fifth challenge the FTC has sponsored under the America Competes Act, which allows agencies to create challenges to promote technology development and innovation. For example, other challenges spurred the creation of new tools to reduce illegal robocalls and address security vulnerabilities related to Internet of Things devices. Submit the best approach to protect people from the harms caused by the misuse of AI-enabled voice cloning – everything from imposter fraud to the misappropriation of someone’s voice to create music. The top prize for the Voice Cloning Challenge is $25,000. Read the FTC Voice Cloning Challenge page for more information about participating.
We’ll start accepting submissions on January 2, 2024. But now is the time to get the genius gears cranking to consider potential solutions at various intervention points, including:
- Prevention or authentication, including limiting the use of voice cloning software to authorized users;
- Detection and monitoring to alert consumers if their voice has been cloned without their knowledge or if they’re speaking to a cloned voice, and/or to block phone calls using cloned voices; and
- Evaluation resources, systems, or tools that help consumers or businesses check if audio clips contain cloned voices.
Those are just a few possibilities, but to quote Thomas Edison, “There’s a way to do it better. Now find it.”
Tags:
- Consumer Protection
- Bureau of Consumer Protection
- Imposter
- Technology
- Privacy and Security
- Artificial Intelligence
More from the Business Blog
Business Blog
What we have here is a failure to communicate…among other things
Larissa Bungo
November 16, 2023
Business Blog
Staff warning letters to trade associations and influencers convey some salty words about sweetener posts
Lesley Fair
November 15, 2023
Business Blog
File online comments about FTC’s proposal to ban junk fees
Lesley Fair
November 13, 2023
Business Blog
New resources to help protect consumers and small businesses from fraud
________________________________________________________________________________
