BBB: New graduates become targets for scammers during end of school season
Experts share tips on how to navigate today's job market as graduation season is upon us
Cameron Nakashima from Better Business Bureau identified three types:
Fake Job Offers Scammers impersonate real companies or create fake ones. They offer remote jobs or 'hiring now' roles via email, text message, or social media. After a short 'interview,' victims are offered the job—but must provide sensitive information or pay for training or equipment.
Student Loan Forgiveness Scams: They mimic federal programs or call pretending to be with the U.S. Department of Education. They claim they can reduce monthly payments or eliminate loans altogether—for a fee. Victims are pressured to act quickly and give up FAFSA credentials.
Rental Scams Scammers copy real listings or invent fake ones, post them on social sites or rental apps, and collect deposits before disappearing. First-time renters are especially vulnerable because they often don't know what a legitimate lease process looks like.
Download the free KHON2 app for iOS or Android to stay informed on the latest news
Nakashima said to prevent falling into these schemes, you need to pay attention.
Watch out when people reach out to you – especially via text. Across the board, recent graduates and young adults report the primary method of losing money to scammers is through text messages and with digital payments and payment apps.
Do your research on the company. Look up its website, look for the address and contact info – does it all look legit? For example, for student loan forgiveness, that should be a government website (.gov). If its not, that's suspicious. If the website looks good though, you should also check them out on BBB.org and other online reporting agencies to learn what people and professionals have to say about those businesses.
Listen to your gut if something seems off – and get a trusted second opinion. If you feel like something is not quite right about an opportunity or offer but can't put your finger on it, get a second opinion. You can ask a friend of family member or you can even call your local BBB office and we can give you advice based on our database of information.
Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Indianapolis Star
a day ago
- Indianapolis Star
Women's dating safety app Tea hit by data breach impacting thousands of photos
A dating app for women to do background checks on men – and share information about potential bad actors – said it has been hacked, exposing tens of thousands of photos and other personal information. Tea, the company behind the Tea Dating Advice app, said in a July 25 alert posted on its website that a security breach compromised "a legacy data storage system" storing about 72,000 images. Images taken in the breach, which Tea learned about at 6:44 a.m. PST on July 25, include about 13,000 selfies and users' photo identification, plus about 59,000 images from posts, comments and direct messages within the app. No email addresses or phone numbers were accessed, according to Tea. The breach only affected users who signed up for the app before February 2024, the company said. In the app's early days, Tea required selfies and IDs "as an added layer of safety to ensure that only women were signing up for the app," according to the company's statement. The ID requirement was removed in 2023, Tea said. Third-party cybersecurity experts and Tea's internal security teams "are working around the clock to secure our systems. At this time, we have implemented additional security measures and have fixed the data issue," the company said in a statement to USA TODAY. "There is no evidence to suggest that additional user data was affected. Protecting our users' privacy and data is our highest priority," Tea said in its statement. "We are taking every necessary step to ensure the security of our platform and prevent further exposure." Hackers were able to exploit Tea's data storage system to access where data was stored before Feb. 24, 2024, because "during our early stages of development some legacy content was not migrated into our new fortified system," according to the company's statement. "As we grew our community, we migrated to a more robust and secure solution which has rendered that any new users from February 2024 until now were not part of the cybersecurity incident," the company said. The Tea Dating Advice app – its name comes from the phrase "spilling tea," or to share secrets or gossip – recently went viral, becoming the top free app in the Apple App Store this past week, claiming nearly 1 million new users, NBC News reported. Available for free on Android and iOS, Tea provides women a way to check the personal history of men including a "Reverse Image Search" feature to catch men catfishing, pretending to be someone else online to attract potential romantic partners. Other features include "Phone Number Lookup to check for hidden marriages, and Background Checks to uncover criminal records," according to the company's website. Women can also anonymously discuss men and give them "green" or "red" flags. "Tea ensures that women have the information they need before meeting someone new," the company says on its website. More than 1.7 million women have used the app, the company says. Reports from 404 Media and CNET say photos of some users and images of their drivers licenses were posted on 4Chan and Reddit message boards Friday. USA TODAY has reached out to Tea for comment about any identity theft concerns for users. If you joined the app before February 2024 and are concerned about your drivers license information or other personal information being misused, you can find tips on the Federal Trade Commission's Identity Theft website. Mike Snider is a national trending news reporter for USA TODAY. You can follow him on Threads, Bluesky, X and email him at mikegsnider & @ & @mikesnider & msnider@
USA Today
a day ago
- USA Today
Women's dating safety app Tea hit by data breach impacting thousands of photos
A dating app for women to do background checks on men – and share information about potential bad actors – said it has been hacked, exposing tens of thousands of photos and other personal information. Tea, the company behind the Tea Dating Advice app, said in a July 25 alert posted on its website that a security breach compromised "a legacy data storage system" storing about 72,000 images. Images taken in the breach, which Tea learned about at 6:44 a.m. PST on July 25, include about 13,000 selfies and users' photo identification, plus about 59,000 images from posts, comments and direct messages within the app. No email addresses or phone numbers were accessed, according to Tea. The breach only affected users who signed up for the app before February 2024, the company said. In the app's early days, Tea required selfies and IDs "as an added layer of safety to ensure that only women were signing up for the app," according to the company's statement. The ID requirement was removed in 2023, Tea said. Third-party cybersecurity experts and Tea's internal security teams "are working around the clock to secure our systems. At this time, we have implemented additional security measures and have fixed the data issue," the company said in a statement to USA TODAY. "There is no evidence to suggest that additional user data was affected. Protecting our users' privacy and data is our highest priority," Tea said in its statement. "We are taking every necessary step to ensure the security of our platform and prevent further exposure." Hackers were able to exploit Tea's data storage system to access where data was stored before Feb. 24, 2024, because "during our early stages of development some legacy content was not migrated into our new fortified system," according to the company's statement. "As we grew our community, we migrated to a more robust and secure solution which has rendered that any new users from February 2024 until now were not part of the cybersecurity incident," the company said. What is the Tea app? The Tea Dating Advice app – its name comes from the phrase "spilling tea," or to share secrets or gossip – recently went viral, becoming the top free app in the Apple App Store this past week, claiming nearly 1 million new users, NBC News reported. Available for free on Android and iOS, Tea provides women a way to check the personal history of men including a "Reverse Image Search" feature to catch men catfishing, pretending to be someone else online to attract potential romantic partners. Other features include "Phone Number Lookup to check for hidden marriages, and Background Checks to uncover criminal records," according to the company's website. Women can also anonymously discuss men and give them "green" or "red" flags. "Tea ensures that women have the information they need before meeting someone new," the company says on its website. More than 1.7 million women have used the app, the company says. Tea app breach prompts identity theft concerns Reports from 404 Media and CNET say photos of some users and images of their drivers licenses were posted on 4Chan and Reddit message boards Friday. USA TODAY has reached out to Tea for comment about any identity theft concerns for users. If you joined the app before February 2024 and are concerned about your drivers license information or other personal information being misused, you can find tips on the Federal Trade Commission's Identity Theft website. Mike Snider is a national trending news reporter for USA TODAY. You can follow him on Threads, Bluesky, X and email him at mikegsnider & @ & @mikesnider & msnider@ What's everyone talking about? Sign up for our trending newsletter to get the latest news of the day
Forbes
2 days ago
- Forbes
FBI Warning To 10 Million Android Users — Disconnect Your Devices Now
Discconnect now, FBI warns 10 million Android users. Update, July 26, 2025: This story, originally published on July 25, has been updated with a statement from the researchers which initially disclosed and disrupted the BadBox 2.0 operation that the FBI and Google are tackling head-on. In March, I reported that one of the largest botnets of its kind ever detected had impacted over a million Android devices. That massive attack was known as BadBox, but it has now been eclipsed by BadBox 2.0, with at least 10 million Android devices infected. Google has taken action to protect users as best it can, as well as launching legal action against the attackers, and the FBI has urged impacted users to disconnect their devices from the internet. Here's what you need to know. The FBI, Google And Others Warn Of Android BadBox 2.0 Attacks The FBI cybersecurity alert, I-060525-PSA, could not have been clearer: ongoing attacks are targeting everything from streaming devices, digital picture frames, third-party aftermarket automobile infotainment systems and other assorted home smart devices. The devices, all low-cost and uncertified, mostly originating in China, allow attackers to access your home network and beyond by, the FBI warned, 'configuring the product with malicious software prior to the user's purchase.' It has also been noted, however, that mandatory 'software updates' during the installation process can also install a malicious backdoor. Point Wild's Threat Intelligence Lat61 Team reverse-engineered the BadBox 2 infection chain and, as a result, uncovered new indicators of compromise that have been shared with global Computer Emergency Response Teams, as well as law enforcement. 'This Android-based malware is pre-installed in the firmware of low-cost IoT devices, smart TVs, TV boxes, tablets, before they even leave the factory,' Kiran Gaikwad from the LAT61 team said, 'It silently turns them into residential proxy nodes for criminal operations like click fraud, credential stuffing, and covert command and control (C2) routing.' Google, meanwhile, confirmed in a July 17 statement that it had 'filed a lawsuit in New York federal court against the botnet's perpetrators.' Google also said that it has 'updated Google Play Protect, Android's built-in malware and unwanted software protection, to automatically block BadBox-associated apps.' Human Security Behind Initial BadBox 2.0 Disclosure And Disruption Human Security, whose Satori Threat Intelligence and Research Team originally both disclosed and disrupted the BadBox 2.0 threat campaign, said at the time that researchers believed 'several threat actor groups participated in BadBox 2.0, each contributing to parts of the underlying infrastructure or the fraud modules that monetize the infected devices, including programmatic ad fraud, click fraud, proxyjacking, and creating and operating a botnet across 222 countries and territories.' If nothing else, that provides some context to the scale of this campaign. Now, Stu Solomon, the Human Security CEO, has issued the following statement: 'We applaud Google's decisive action against the cybercriminals behind the BadBox 2.0 botnet our team uncovered. This takedown marks a significant step forward in the ongoing battle to secure the internet from sophisticated fraud operations that hijack devices, steal money, and exploit consumers without their knowledge. Human's mission is to protect the integrity of the digital ecosystem by disrupting cybercrime at scale, and this effort exemplifies the power of collective defense. We're proud to have been deeply involved in this operation, working in close partnership with Google, TrendMicro, and the Shadowserver Foundation. Their collaboration has been invaluable in helping us expose and dismantle this threat.' FBI Recommendations And Mitigations — Disconnect Your Devices Now The FBI has recommended that Android users should be on the lookout for a number of potential clues that your Chinese-manufactured smart device could be infected with BadBox 2.0 malware. When it comes to mitigation, the advice is straightforward: users should 'consider disconnecting suspicious devices from their networks,' the FBI said.
