The "Caldwell County Sheriff" warrant scam

This is the most-reported phone scam in our county. The caller claims to be a Sheriff's deputy, captain, or "lieutenant" — sometimes using the name of an actual person who works here, taken from the public Sheriff's Office staff page. They tell the victim that there is a warrant for missing jury duty, missing a court date, an unpaid fine, or "failure to appear," and that the only way to avoid arrest is to pay immediately.

How to recognize it

• The caller insists on staying on the phone with you while you go pay — they won't let you hang up "for security reasons."
• They demand payment by gift card (Apple, Google Play, Target, Amazon), wire transfer (Western Union, MoneyGram), or cryptocurrency (Bitcoin ATM).
• The caller ID may show (512) 398-1800 or another Sheriff's Office number — scammers can spoof any phone number.
• They warn you not to discuss this with anyone, including a spouse or attorney, "because there is an active warrant."
• They name-drop a real judge, court, or law-enforcement agency to sound legitimate.

What to do

1. Hang up.
2. Call the Sheriff's Office at (512) 398-1800 from a number you find independently — not the number that just called you, and not "press 9 to be transferred."
3. Tell us what happened. Even if you didn't lose any money, the report helps us track the scam and warn others.

Real law enforcement does not collect payment over the phone. We do not accept gift cards, period.

IRS, Social Security & government scams

These follow the same pattern as the Sheriff scam but use a different agency name. The most common variants:

• "IRS Criminal Investigation." The IRS will never call you out of the blue and demand immediate payment. The IRS communicates by US mail first, and never demands gift cards or wire transfers.
• "Social Security suspension." Your Social Security Number cannot be "suspended." The SSA will never threaten to suspend your benefits over the phone.
• "Medicare card replacement." Medicare does not call to "verify" your card number. If someone calls asking for your card number, hang up.
• "Utility shutoff." The caller threatens to shut off your power, water, or gas unless you pay over the phone immediately. Real utility companies send notices by mail and offer multiple payment channels.

If you are unsure, hang up and call the agency directly using the number on their official website — not the number the scammer gave you.

Romance scams

Romance scams are some of the most financially devastating crimes the Sheriff's Office responds to — single victims have lost their entire retirement savings. The pattern is consistent:

• An online relationship develops quickly — usually starting on Facebook, Instagram, a dating app, or a hobby website.
• The other person claims to be overseas — military deployed, oil-rig worker, doctor with an international charity, business consultant.
• They love-bomb early: declarations of love within days, future plans, "you are my soulmate."
• They never video-chat in real time (excuses: "bad connection," "military protocols," "my camera is broken").
• Eventually they have a crisis — a stuck shipment, a medical emergency, a customs hold, an investment opportunity — and they need money.
• Payment is requested by wire, gift card, cryptocurrency, or "a friend's bank account."

How to protect yourself or a loved one

• Reverse-image search every profile photo at images.google.com or tineye.com. Scammers reuse stolen photos.
• Insist on a live video call before sending any money. If they refuse for any reason, it is a scam.
• Never send money to someone you have not met in person.
• If you are concerned about a parent or older relative, talk to them gently. Shame and embarrassment keep most victims silent.

"Grandparent" scams & AI-voice fraud

This scam targets grandparents specifically: the phone rings, and a voice — sometimes a convincing AI-generated copy of the grandchild's voice — cries out, "Grandma, it's me! I'm in trouble!" The "grandchild" then puts a "lawyer" or "police officer" on the phone who explains there has been an accident, an arrest, or a kidnapping, and they need bail money right now. They are crying. They beg you not to tell their parents because they're embarrassed.

How to defeat it

• Set up a family code word (see Child Safety). Even adult family members should agree on a phrase that proves they are who they claim to be in an emergency.
• Hang up and call the grandchild — or their parent — directly using the number you already have for them.
• Be extra suspicious if the caller asks you not to tell anyone, or asks for cash, gift cards, or cryptocurrency.
• AI voice cloning needs only a few seconds of audio — from a TikTok, a voicemail, or a video on social media. The voice sounding "just like them" is no longer proof.

Tech-support pop-ups & remote-access fraud

You are browsing the web and suddenly your screen freezes with a flashing red banner that says "YOUR COMPUTER HAS BEEN INFECTED" and shows a 1-800 number. Or someone calls claiming to be from "Microsoft Support" or "Apple Support" about a virus on your computer.

• Microsoft, Apple, Google, and Norton do not call you. They never put up pop-ups that include a phone number.
• The scammer's goal is to get you to install remote-access software (TeamViewer, AnyDesk, LogMeIn). Once installed, they can see your screen, type as you, and watch you log in to your bank.
• If you have a pop-up that won't close, hold the power button on your computer for 10 seconds to force a hard shutdown. Wait 30 seconds and restart. Run a security scan.
• If you have already given a scammer remote access, immediately unplug the computer from the internet (or turn off Wi-Fi), call your bank, change every password on a different device, and consider taking the affected computer to a reputable repair shop for a wipe-and-reinstall.

How to spot phishing

Phishing is when a scammer disguises a message — email, text, or DM — to look like it came from a company you trust. The goal is to get you to click a link, enter your password on a fake page, or download malicious software.

Warning signs

• Urgency. "Your account will be closed in 24 hours." "Verify now or lose access."
• Generic greetings. "Dear Customer" instead of your name.
• Spelling or grammar mistakes. Major companies don't send out emails with misspelled product names.
• Mismatched sender. Hover over the sender's name (don't click) — the actual email address may be something like support@amaz0n-secure.ru.
• Mismatched link. Hover over any link (don't click) — the URL preview at the bottom of the screen should match the company. account.amazon.com is real; amazon.account-verify.net is not.
• Unexpected attachments. Especially .zip, .exe, .iso, or .docm files.
• Asks for your password. No legitimate company asks for your password by email.

If you receive a suspicious message

1. Do not click any links or open any attachments.
2. Do not reply.
3. If it claims to be from your bank, log in to your account by typing the bank's address into your browser directly — not by clicking a link in the email.
4. Report the phishing attempt: most banks have a "report phishing" address (often phishing@bankname.com). For US email scams generally, forward to reportphishing@apwg.org and to reportfraud.ftc.gov.
5. Delete the message.

Strong passwords & password managers

Most account breaches happen because a password was reused on another site that got hacked. The most important password-related rule is: use a different, long password for every account.

How to do this without losing your mind

• Use a reputable password manager — 1Password, Bitwarden, Dashlane, or Apple/Google's built-in keychains are all fine. The manager creates and stores unique, random passwords for every site. You only have to remember one master password.
• If you absolutely won't use a password manager, use a passphrase: four or five unrelated words strung together, like orange-trumpet-sandstone-coyote. These are easier to remember and harder to crack than Pa$$word123.
• Never use the same password for your email account and any other account. Your email is the master key — if it is compromised, every "reset my password" link in the world will be sent to the attacker.
• Don't write passwords on Post-It notes stuck to the monitor.
• Don't share passwords by text or email. Use the password manager's "share" feature, or speak the passphrase in person.

Multi-factor authentication (MFA)

Multi-factor authentication ("MFA" or "2FA") is a second step required when you log in — usually a code from an app on your phone. Even if a scammer has your password, they can't log in without the code.

Turn on MFA for, at minimum:

• Email accounts (Gmail, Outlook, Yahoo)
• Banking apps and websites
• Social media (Facebook, Instagram, X/Twitter, TikTok)
• Cloud storage (iCloud, Google Drive, OneDrive, Dropbox)
• Anywhere a credit card is on file (Amazon, Walmart, Target)

Prefer an authenticator app over text-message codes. Authenticator apps (Google Authenticator, Microsoft Authenticator, Authy, Duo) are free and cannot be intercepted by "SIM swapping" attacks the way text messages can.

Social-media privacy

• Set your profile to "friends only" or "private." Don't post your home address, your child's school name, or your daily schedule publicly.
• Turn off location data on photos before posting. Most phones embed GPS coordinates in every photo by default.
• Don't fill out viral quizzes that ask security-question-style information: "What was your first pet's name? Your high school mascot? The street you grew up on?" These are the questions banks ask to reset your password.
• Be careful with "Marketplace" and "Facebook Buy/Sell" groups — meet buyers in person, in a public place, in daylight (the Sheriff's Office parking lot at 1204 Reed Drive in Lockhart is a safe-exchange zone open 24/7).
• Review your friends list once a year. Unfriend anyone you don't recognize.

Home & public Wi-Fi safety

Home

• Change the default admin password on your router. The factory password is usually printed on the router and is in public databases.
• Use WPA3 or WPA2 encryption — never an open network or WEP.
• Hide the network name (SSID) if your router supports it, or at least don't name it after your family ("The Smith Family Wi-Fi") or your address ("203MainSt").
• Create a separate "guest" Wi-Fi network for visitors and smart-home devices.
• Keep router firmware updated. Most routers have a button in the admin page; check once a year.

Public Wi-Fi (coffee shops, hotels, airports)

• Don't do online banking on public Wi-Fi.
• Turn off file sharing and AirDrop when on public networks.
• Use your phone's cellular hotspot instead of public Wi-Fi when possible.
• If you must use public Wi-Fi for anything sensitive, use a reputable VPN.

Children online

See our dedicated Child Safety Resources page for in-depth guidance on talking with children about online safety. Headline rules:

• Devices come out of the bedroom at night.
• Parental controls turned on (Apple Screen Time, Google Family Link).
• Social-media accounts set to private; no location-sharing.
• If anyone asks for a photo of any part of their body, they tell you immediately — and they are not in trouble.

Online shopping & payments

• Use a credit card instead of a debit card. Federal law caps your liability on a credit card at $50; debit-card fraud can drain your checking account before the bank refunds you.
• If a deal looks too good to be true, it is. Common red flag: a brand-name product at 70 percent off on a website you've never heard of.
• Look for https:// (with the padlock) in the address bar — but remember that the padlock only proves the connection is encrypted, not that the seller is honest.
• Check the seller's reviews on the platform and independently (Better Business Bureau, Reddit, Google).
• Pay through the platform's protected payment system (Amazon, eBay, Etsy, Facebook Marketplace checkout). Don't go off-platform to send Zelle, Venmo, or wire transfers.
• Avoid Zelle, Venmo, and CashApp for purchases from people you don't know — these are designed for sending money between friends and family, and they are very difficult to reverse if fraud occurs.

If you are a victim

1. Stop sending money immediately — even if the scammer promises everything will be fine if you "just send a little more."
2. Call your bank and credit card companies. Some wire transfers can be reversed in the first 24-48 hours.
3. Change passwords for any account that may have been compromised — starting with email.
4. Run a malware scan on any computer where you may have clicked a link or downloaded a file.
5. Report to the Sheriff's Office by calling (512) 398-1800. We will take a report and add it to local statistics; even small incidents help us understand trends.
6. Report to the FBI's Internet Crime Complaint Center at ic3.gov. This is the federal database for cybercrime — every report increases the chances of identifying and shutting down the scammer.
7. Report to the Federal Trade Commission at reportfraud.ftc.gov.
8. Check your credit report at annualcreditreport.com (free) and consider a credit freeze with Equifax, Experian, and TransUnion (also free).

If the scam was a romance or grandparent scam involving significant money, contact AARP's Fraud Watch Network Helpline at 1-877-908-3360 for support and counseling.