Travel Union Scam Check

Old Scam resurfaces from Travel Union, this time as an Energy Rebate Program

Updated July 2, 2013

More scams from Travel Union, this one is for an Energy Rebate Program.

Hawaii homeowners are reporting receiving checks from ENERGY REBATE PROGRAM and lists the bank as Travel Union in Scottsdale Arizona.

[Update] We have been getting calls from solar companies saying that their customers are also receiving these.

These checks, pictured below, are presented as part of an “energy rebate program” and claimed to be sponsored by the “Federal and State Government” and working directly with Hawaiian Electric.

Travel Union Scam Check


First red flag was the name Travel Union, on the check.  You may remember Travel Union from their travel voucher scams last year where they falsely used names like American Airlines to make victims believe they were receiving FREE travel vouchers. These scams had many variations from Bait and Switch offers to Phishing scams. People trying to redeem the vouchers were told they were no good , many had already given out personal information.

BOSS went undercover and called this company using the local number listed on the check as 808-206-7734.

The person who answered from the call center said they were located in Arizona, and that I was pre-qualified to receive that money and I just had to answer a few questions. These questions included if I owned my home, what my credit score and income was and other personal information. When I balked at the questions and asked him to verify this wasn’t a scam, I was told to go to their website and to call him back if I want “money in my pocket”.

This was red flag 2 as the website is very general and does not give any of the detailed information they claim will help prove they are legit.

I did call back and was asked to make an appointment so they could come out and perform and energy assessment. I was told I should have my energy bill ready.  When I asked who exactly was coming she told me to check the website for a list of the companies they use. The website has no such information.  I asked her to clarify who they were and what this was, and she said they are working directly with our energy company and the government. I asked specifically, “so you are working with Hawaiian Electric?” and she replied “That is correct.” [I will be posting this recorded call ]

I called to cancel the appointment telling her that I was uncomfortable that they wouldn’t tell me who was coming to my home.  She said that the information was readily available on the website.  When I told her that the websites was vague and did not contain any of this information or anything at all that says who they are and what they are doing, she said she that she had no other information and told to just send people to the website.

Hawaii Energy who does do the rebates, issued the following statement which says, “We would like to clarify that this mailing is neither approved nor endorsed by Hawaii Energy. Residents are encouraged to use caution when responding to unsolicited offers such as this. Official communication from Hawaii Energy will always include the Hawaii Energy logo.”

US Department of Energy, this is not how these rebates work, that they do not offer them directly to taxpayers in this way and tell you to avoid companies sending checks and claiming to be working with the Government.

On a personal note, I am amazed this company is still around. Despite being reported to the FBI, international news coverage, BBB reports, and consumer complaints from many big organizations this company has somehow still been allowed to continue these scams.

The only way to stop companies like this is to be an informed consumer and REPORT the scam immediately.  The FBI and FTC is overwhelmed with reports and act on the ones with the most reports so

eceiving a letter claiming to offer $1,350 in exchange for airline tickets. The letter urges the recipient to act quickly — “Flights fill quickly. Call now to see if you qualify.” The origin of the letter is Travel Union of Scottsdale, Arizona – a company that doesn’t exist. Another company stamped on the check and offer — US Airlines — doesn’t exist either. Yet the name is familiar enough to have fooled some recipients into redeeming the “offer”. – See more at:



Department of Energy on Fraud and how to report it

The Department of Energy is strongly committed to effective program oversight, including allegations of fraud. The Department takes such allegations seriously and is committed to keeping the public informed about fraudulent practices.

A growing number of companies provide energy efficiency services. While the vast majority operates in full compliance with the law, fraudulent companies and scams involving home energy products have been reported.

To report suspected fraud, waste, or abuse, including scams involving home energy efficiency services, please contact the Department of Energy’s Office of Inspector General (OIG) Hotline:

Please provide as much information as possible. You may remain anonymous. If you provide contact information, the OIG may contact you for more information.

Tips to Avoid Becoming a Victim of Fraud:

  • Beware of phone calls from people claiming to represent the United States Government. Few, if any, branches of the Federal Government would contact you in this manner.
  • Beware of offers of Government grants available for a fee. As a research and development organization, the Department of Energy does not often offer grants directly to taxpayers.
  • Fraudulent callers may also ask you to send money in exchange for grant information. The Federal Government does not charge application or service fees for grants or grant information. This type of activity is commonly referred to advance fee fraud.
  • Beware of a caller that claims to be endorsed by the Department of Energy. The Department of Energy does not “endorse” any provider of goods or services.
  • When in doubt, ask for written verification of any items being offered.
  • Never provide financial information, payment, or personally identifiable information (such as a social security number or date of birth) to an unverified caller. If you have already provided personal information to the perpetrators of such a scam, you should contact your banking institution for assistance in protecting yourself from identity theft. In addition, the Federal Trade Commission (FTC) has set up an Identify Theft Web site which provides detailed information to help avoid identity theft and learn what to do if your identity is stolen.
  • If you are suspicious of a phone call or product offer, ask for more information by mail, a mailing address, and phone number. Review information carefully before committing or sending any payments.

Other SCAM reports involving TRAVEL UNION from BBB, Fodors etc:

Warning – Yahoo Mail Accounts Are Being Hijacked

A flaw on Yahoo’s website has caused hackers in Eastern Europe to get access to Yahoo accounts causing everyone to receive a large amount of spam from friends’ accounts.

Yahoo uses WordPress for their developers page but failed to perform updates, so a flaw that was fixed 9 months ago let malicious script steal Yahoo session “cookies” from browsers and use your account to send out spam.

Start by changing your password immediately and then log off.

Do not click on any links in these emails and notify your friends if you get an email from their account.

Yahoo said it fixed the flaw. But had they kept up with the latest WordPress updates it would never have happened.

So what is the lesson folks? Update!!! Update WordPress, update your browsers, update your software…UPDATE!

Yahoo’s had a lot of issues lately so my advice is that yahoo should not be used as your primary email.

And if you have to use Yahoo services, log out after each session!


Someone took my domain name! How to identify and protect from cybersquatters.

**Updated 8/7/13

Cybersquatting is the practice of buying up domain names for  profit from a trademarked name.   So someone with intentions to profit, buys up the domain address containing your Trademark and wants YOU to pay a  premium price to get back what is legally yours.  The Lanham Act, the federal trademark statute, and the case law interpreting it, place a duty on mark owners to take appropriate action to protect their marks when they discover infringement.   It is possible for a mark owner to lose rights in a mark permanently if the mark owner does not take necessary protective action to prevent infringement and improper use of the mark.

Thankfully, this is now prohibited under the Anticybersquatting Consumer Protection Act as well as a set of international guidelines called the Uniform Domain-Name Dispute-Resolution Policy created to protect companies, celebrities, and regular Trademark owners from having their names exploited for commercial purposes.

But it doesn’t stop people from trying.

Labeled “the scum of the earth” online, most cybersquatters are self-proclaimed “entrepreneurs” who try to make quick money extorting money from businesses by buying a $10 domain and attempting to sell it at a premium price.  Most know the laws, but are banking you don’t.   If they get a cease and desist, they will usually just give up and go on to the next victim.

Mostly they snatch up new domains before the owners do, but the real money is in expired domains.   There are websites that allow domain brokers to monitor expired domain names in real time.  Brokers look for popular or valuable domains that have been up for a while, have backlinks and high pagerank and then buy them.

Clients have said to me “But I am nobody, my business is small, is it even worth it?”

WELL YES, Think about it!  If you had a website up for 5 years and all your marketing and collateral and history online had that domain name.   How much time and money is it going to cost you to change all that?  A lot!   And they know you will be willing to pay to get it back.  They paid $10. Even if you pay $300 its a win for them.

Clueless Cybersquatters

Most of these guys know it is illegal and are careful about how they go about the extortion process and will quickly comply to cease and desist letters to avoid legal action.

Then there are some who just don’t know it is illegal.   I was surprised to see Mayor Caldwell on the news warning people about someone who had bought up a number of domains relating to Honolulu Rail Transit, and had set up websites with rail information.  This person not only contacted them about purchasing the domains, but admitted it to reporters and has it listed on their site, that they were an “entrepreneur” who bought them with the intention of selling them.

I actually tried to do a good deed and warn the guy because I assumed he was some clueless guy who thought he was on to something based on how careless he was.  But based on the this response he is either a cybersquatter or a clueless jerk or both.

Either way I expect his domain squatting business will be over very soon!



cybersquatters suck

Which brings me to the next type of cybersquatter.  The Nasty ones.

There is a local woman squatting on my Trademarked name  She registered this 8 years ago for a business called BOS and even though that business dissolved 4 years ago, and she was notified I own the Trademark and was asking her not to renew, she continued to renew it.   We have mutual friends that reached out to her.   But she refuses to release the domain to me.  She has no intention of using it.  At this point she is just being mean, because she knows I want it and wants to make things difficult for me.  It is despicable thing to do to another business because the way the law is now, I have to incur thousands of dollars to file with ICANN who may or may not make her pay half, and once they seize the domain from her I have to file a lawsuit to recover that cost, damages and my legal fees.  It will take at least a year and I will be out thousands of dollars until it is settled.


The best way to avoid losing your domain in the first place is to do the following:

  • Trademark your name and logo. Through companies like Trademarkia you can do so easily and affordably.  You have no legal recourse to recover a domain if you don’t have a Trademark.
  • Never start a business or announce a project online without reserving your domain names and as many variations as you can.   You also need to consider including mispellings because these guys also like to buy mispellings hoping to get traffic from people who type in the wrong address.
  • Make sure that you control your domains, and keep your account information current.  This is very important.  Set up auto renewals and make sure your email notifications are turned on. But don’t depend on that. Take a few minutes and add a reminder to your calendar.  You get lots of warnings before a domain expires but if you miss them you are in trouble and once it is gone it is too late.


Ok so it is too late no what. Follow these steps:

  1. First use “WHOIS Lookup” at to see who owns it.   Find out whether there is a reasonable explanation for the use of the domain name, or if the registrant is willing to sell you the name at a price you are willing to pay.
  2. Send a Cease and Desist Letter on Your Letterhead.   This is a letter that states: (i) I have a trademark (ii) you are infringing on my trademark and causing me damage, (iii) you must immediately cease using the mark and not use it in the future, (iv) you must transfer the domain name to me, and (v) if you fail to take the action demanded, I’m going to turn the matter over to my attorney to take appropriate legal action, which includes a claim for damages. This is worth a try. I have had success with this because the person was smart enough to know when to cut bait.  But most of the time, the letter from the mark owner is usually ignored because they know you have to incur cost to take action.
  3. Hire a Lawyer to Send a Cease & Desist Letter.  This approach costs money (maybe less than a lawyer prepared trademark license agreement), but it does greatly increase the chance that you will get the desired result. It is common for the infringer without substantial resources to comply with the mark owner’s demands rather than risk being the defendant in a lawsuit or an ICANN Uniform Domain Name Dispute Resolution Policy action.
  4. File a Lawsuit in Federal Court Alleging Violations of the Anticybersquatting Consumer Protection Act (the ACPA) or Other Laws.

Using the ICANN Procedure

In 1999, ICANN adopted and began implementing the Uniform Domain Name Dispute Resolution Policy (UDNDRP), a policy for resolution of domain name disputes. This international policy results in an arbitration of the dispute, not litigation. An action can be brought by any person who complains (referred to by ICANN as the “complainant”) that:

  • a domain name is identical or confusingly similar to a trademark or service mark in which the complainant has rights
  • the domain name owner has no rights or legitimate interests in the domain name, and
  • the domain name has been registered and is being used in bad faith.

All of these elements must be established in order for the complainant to prevail. If the complainant prevails, the domain name will be canceled or transferred to the complainant. However, financial remedies are not available under the UDNDRP. Information about initiating a complaint is provided at the ICANN website.

Suing Under the ACPA

The Anticybersquatting Consumer Protection Act (ACPA) authorizes a trademark owner to sue an alleged cybersquatter in federal court and obtain a court order transferring the domain name back to the trademark owner. In some cases, the cybersquatter must pay money damages.

In order to stop a cybersquatter, the trademark owner must prove all of the following:

  • the domain name registrant had a bad-faith intent to profit from the trademark
  • the trademark was distinctive at the time the domain name was first registered
  • the domain name is identical or confusingly similar to the trademark, and
  • the trademark qualifies for protection under federal trademark laws — that is, the trademark is distinctive and its owner was the first to use the trademark in commerce.

Even though there are these laws to protect you, it is time consuming and costly and you have to deal with  unpleasant people so the best strategy prevention.  Don’t let a cybersquatter get your domain names!

DNS Services is a scam!

If you received a letter that looks like this, Please be warned. THIS IS NOT  bill DO NOT PAY IT,  it’s a scam


Several of my Hawaii clients have reported receiving “invoices” from “DNS Services” for $65 to renew their domain names.

To read more about these types of scams, check out this WIKIPEDIA article.

There is fine print indicated by the red arrow,  containing a disclaimer that it is a solicitation and not actually a bill of invoice.  This is the same tactic that Domain Registry of America uses,  it is a trick to lure you away from your registrar and switch to them.  By paying you inadvertently switch your domain names to them.

What makes these scam appear genuine is the clever way they are designed to look like real bills and how they conceal the fine print. It also contains valid information extracted from DNS records, including your company’s domain and the ISP records and expiration date.  Often the person who received the mail, like business managers, secretaries or accountants assume its valid and pay it, not knowing that its not who currently holds their domain names.

What should I do if I get a letter like this?

Don’t do anything, Not unless you want to pay $65 for your domain which is usually no more than $12.   If you want to do your part in stopping scams like this, REPORT it to the FTC.

How to prevent from being scammed

To avoid scams like these, make sure you are clear WHO your domains were purchased under.  Usually these are companies like GoDaddy, Network Solutions, etc.  Be sure to let everyone in your company know that any bills related to the website must go through the IT person, or designate someone to be responsible for monitoring the website bills and that they know who is being paid for what.  This way anything else coming in can be ignored.

image courtesy of: m

Who is calling me? Identifying call scams.

This morning I got a call from 818-890-3853 in Northern Los Angeles.  I didn’t answer it, they didn’t leave a message.  They have been calling every morning for the past week. Earlier this week I got a call from someone claiming to be from Facebook, another from Microsoft.  With so many scams nowadays, it is hard to know what is legit and what is not. So what do you do?

Here is what I do when I get a call from unknown callers:

First, I do not answer calls from numbers I do not recognize. If for some reason I do answer, and I am unsure if the caller is legit, I ask them if I can call them back.  This gives me time to research.

  • I simply type the number into the Google search box.
  • Leave off the 1.  Just the area code and number with the dashes. Like this format: xxx-xxx-xxxx

If the phone number was from a legitimate business, that persons business would come up in the top of the searches either from their website or their Google business listing.

In this case however, the search results I saw were from sites like,, etc.  This tells me it is most likely a scammer already because these  websites contain comments from others, like you, who have gotten calls from that number and reported it.  After reading these comments you can quickly determine if the call is legitimate or not and even leave a comment of your own.

In my case, I immediately saw people reporting various scam type activity.  One person had even done the research and was providing the providers information, so we could report it and attempt to get our names off the list.

Many of these calls manage to get people to give up their credit card numbers.  There is even one that claims to be the Federal Court, getting you enrolled in Jury Duty and people give out their Social Security numbers and more.

Unfortunately, too many people fall victim to these scammers.  When in doubt CHECK IT OUT.  Nothing is so urgent that you can’t take 5 minutes to look into it first.  Remember to never give out personal information unless you have done your homework!