Fraud Prevention

Web Sites

www.fdic.gov/consumers/consumer/guard/

www.ic3.gov (Internet Crime Complaint Center)

www.fakechecks.org

www.onguardonline.gov

www.lookstoogoodtobetrue.com

www.mostwantedinCT.com

National ID Recovery service

 

Articles

Phishing Alert from NACHA (November 12, 2009)

Phishing for Your Information (October 14, 2009)

Top Six Counterfeit Check or Money Order Schemes (September 14, 2009)

The Facts About Credit Repair (August 29, 2009)
 

Teens, Tweens and Silver Surfers: Social Networking Safety for All Ages (July 2009)

Fraud in the Perfect Storm (May 2009)

Stop DotCons (April 2009)

Phishing Alert from NACHA

(November 12, 2009) Random individuals and/or companies may have received a falsified e-mail with the subject title “Rejected ACH Transaction.” This e-mail appears to be from NACHA – The Electronic Payments Association telling them that there is a problem with an ACH transaction they have originated. The e-mail includes a link which redirects the individual to a fake web page which appears like the NACHA website and contains a link which is almost certainly executable virus with malware. See sample below.

Please alert any financial institution and/or company who have questions about this site and inform them that the e-mail did not originate from NACHA, the website is not that of NACHA’s, and inform them to not click on the link.

= = = = = Sample E-mail = = = = = =

From: nacha.org [mailto:report@nacha.org]
Sent: Thursday, November 12, 2009 10:25 AM
To: Doe, John
Subject: Rejected ACH transaction, please review the transaction report

Dear bank account holder,

The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association. Please review the transaction report by clicking the link below:

Unauthorized ACH Transaction Report  (this is the how the link is presented)

------------------------------------------------------------------

Copyright ©2009 by NACHA - The Electronic Payments Association

= = = = = = = = = = = = = = = = = = =

Please do not click on the link in the email. NACHA says the link redirects the individual to a fake web page which appears like the NACHA website and contains a link which is almost certainly an executable virus with malware. Sean Carter, from NEACH, has also contacted us to ensure members are aware of that the email is fraudulent.  

Phishing for Your Information

On Wednesday, October 7, the Federal Bureau of Investigation (FBI) announced that nearly 100 people in the U.S. and Egypt were charge in a major cyber fraud phishing case dubbed "Operation Phish Phry."

The defendants allegedly targeted U.S. banks and reportedly scammed account holders by stealing their financial information and used it to transfer upwards of $1.5 million to bogus accounts under their control.

The Anti-Phishing Working Group (APWG) defines phishing as: "A criminal mechanism employing both social engineering and technical subterfuge to steal consumers' personal identity data and financial accounts credentials. Social-engineering schemes use spoofed e-mails purporting to be from legitimate businesses and agencies to lead consumers to counterfeit web sites designed to trick recipients into divulging financial data such as user names and passwords. Technical-subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using systems to intercept consumers online account user names and passwords-and  to corrupt local navigational infrastructures to misdirect consumers to counterfeit websites (or authentic websites through phisher-controlled proxies used to monitor and intercept consumers' keystrokes)."

According to the APWG, phishing is a major problem that continues to grow. They estimate that nearly four billion phishing e-mails are sent across the Internet every day.

Investigation and prevention of phishing related crimes is extremely difficult. Attacks can originate from anywhere in the world and hide behind technology.

The best protection remains individual users who practice safe computing habits and maintain a cyber awareness of current scams. The experts remind consumers that banks and other legitimate entities will not request your identifying information or account particulars in an e-mail. If you receive an e-mail requesting you to divulge such information, call the bank or business. Do not use the number listed in the e-mail. Additional precautionary measures recommended by the FBI and other experts are:

• Use a phishing filter on your computer. Many current web browsers have them built in or offer them as plug-ins.

• Never click on a link to a secure site embedded in the body of an e-mail. Always enter the URL manually into your browser.

• Do not be fooled by the latest scams. Visit the Internet Crime Complaint Center (IC3.gov) and Lookstoogoodtobetrue.gov websites for more fraud prevention tips and information.

Top Six Counterfeit Check or Money Order Schemes

Work-at-Home

• You are awarded a job from an online ad. The job requires that you receive checks on behalf of the company, deposit checks into a personal bank account, and wire back the money when the funds are posted. You may keep 5 to 10 percent as you salary.

Overpayment

• You place goods for sale online. The perpetrator poses as a buyer, sends you a check or money order for more than the purchase price, and asks you to wire the excess money to a third party (often someone in a foreign country who allegedly handles shipping logistics). This scheme may be used for large item sales, such as automobiles, motorcycles, or boats.

Sudden Riches

• You receive a letter offing a chance to receive a substantial sum of money (e.g., you won a foreign lottery or are the beneficiary of an estate), but must pay a tax or fee before receiving it. You receive a check or money order to cover the expense and are instructed to deposit the check and wire the money to a third party, usually in a foreign country.

Love Losses

• You fall in love with someone overseas you have been cyber-dating. Your "soulmate" sends you counterfeit checks or money orders to cover travel expenses and instructs you to deposit them into a bank account and transfer a portion of the funds to an overseas account.

Foreign Business Offer

• You receive an e-mail from a "foreign official" or "business-person" with a proposal. He or she wants to move a large sum of money from a foreign country and needs assistance. You are offered 25 to 40 percent of the proceeds. You receive a substantial check in the mail, which you deposit into your account. The official then wants to send you more money, but says he or she will need about $40,000 as a bribe or to cover some sort of fees. Believing the previous check has cleared, you wire back the funds.

Rental Schemes

• You post an ad, online or in the newspaper, for a roommate or to sublet an apartment. The respondent supplies a check covering costs such as the first and last month's rent, utilities, and a security deposit. Shortly after you deposit the payment, you are informed that he or she will not be able to rent the property. You are asked to wire back a partial refund.

What happens in all cases?

You deposit the check into your account and wire the money to contact (the employer, shipper, cyber-soulmate, businessman, etc.) when the funds are posted to your bank account.

Few consumers realize that, while banks are required to post checks within a matter of days, it generally takes weeks for a check to clear.

Weeks later the bank notifies you that the check was counterfeit or stolen, and you are responsible for the full value of the deposited check.

Learn more at: FakeChecks.org

Back to Top

The Facts About Credit Repair!

The worst economic depression since World War II has seriously impacted the credit of many Americans who have lost their jobs and are finding it difficult to maintain their credit obligations. Credit repair scams flourish during these times and we are bombarded with ads from companies offering services that erase bad credit, remove bankruptcies, judgments, liens and bad loans from our credit files.

"Credit problems? No Problem!"

"We can erase your bad credit - 100% guaranteed!"

The Federal Trade Commission (FTC) advises not to believe these claims adding they are very likely signs of a scam. FTC attorneys say they have never seen a legitimate credit repair operation making those claims. Truthfully, there is no such thing as a quick fix for creditworthiness. Consumers can improve their credit rating legitimately but it takes time and concerted effort to manage their credit.

Consumers who have poor credit histories are targeted by companies making promises to clear up their credit report for a fee, of course. The truth is no company can deliver an improved credit report using the tactics they promote...it is illegal! No one can remove accurate negative information from your credit report. Here is how to identify questionable credit repair companies:

• You are required to pay advance fees for credit repair before service are performed. Under the Credit Repair Organizations Act, companies cannot require payment until they have completed the services promised.

• You are not informed of your rights and what you can do yourself for free!

• It is recommended you not contact the three major credit reporting agencies directly.

• You are informed the company can eliminate most of the negative credit information even if it is current and accurate.

• It is recommended you invent a "new" credit identity and obtain an Employer Identification Number (EIN) to use instead of your Social Security Number.

• You are advised to dispute all information in your credit report regardless of accuracy and timeliness.

Remember...it is a federal crime to provide false information on a loan or credit application!

The only thing credit repair companies will do is take your money. Do your self a favor by obtaining information about credit repair scams from the Federal Trade Commission at www.ftc.gov

Back to Top

Teens, Tweens and Silver Surfers: Social Networking Safety for All Ages: By Thomas R. Nash, CPP, CFCI

Social networking sites such as Twitter, Facebook and MySpace are hugely popular with people of diverse ages for many different reasons. Growth in the popularity of these sites has attracted the attention of hackers, virus writers, identity thieves, spammers and a host of other criminal types. No matter what age group you fall into, everyone needs to be aware of the dangers associated with participation. Research has revealed that experts generally agree there are certain things people should and should not do. A few of these are:   

• Personal Information – Restrict access to your personal information and restrict the amount of information contained in your profile. Never use your full date of birth, list your street address or telephone number. Your true friends should already have this information. There are a number of documented cases in which stalkers have tracked their victims’ movements using this information.
• Do Not Trust Message Source - Be careful about who you accept into your network as a friend. Hackers are known to break into accounts and send messages that appear to be from friends. Remember, on the Internet you can be anybody or anything you wish to be.
• Do No Allow Network Services to Scan Your E-Mail Address Book – This allows harvesting of e-mail addresses leaving everyone in your address book susceptible to unwanted spam e-mail.
• Be Careful of Links Embedded in Messages - Use caution with links in messages as you would links in e-mail. Malware and viruses continue to wreak havoc with the Internet and could easily infect your computer.
• What You Post is Forever – Once you post information online you cannot take it back. Be sure that what you post will not be embarrassing to you, your family, friends or co-workers. Many companies and schools search social network sites as part of their hiring or background process. What may seem funny or laughable today could have negative consequences years from now. Even law enforcement agencies are viewing posts to identify criminal activity.

There are many more safety messages concerning the Internet and social network sites. Readers are encouraged to visit the following sites for more information: www.staysafe.org and www.getnetwise.org.

 Back to Top

Fraud in the Perfect Storm: By Thomas R. Nash, CPP, CFCI

The unemployment rate is soaring, financial institutions are failing, the housing market is in a prolonged slump, General Motors and Chrysler are bankrupt and consumer confidence continues to wane. The government has spent trillions of dollars to prop up failing financial institutions and automobile manufacturers. Consumers are under immense pressure from different fronts as they struggle to keep their jobs and save their home from foreclosure. These and other factors have combined to create the “perfect storm” for fraud to flourish!

Fraudsters worldwide are taking advantage of conditions favorable to the furtherance of cons and swindles by enticing otherwise innocent, albeit naďve consumers to either participate in their criminal activities or to provide personal identifying information (PII) leading to their being a victim of identity theft.

No one has any idea of the total dollar amount lost by financial institutions, businesses or individuals. Based on the number of known incidents and reports made public it is safe to estimate losses running into the $ billions.

Currently popular are, “phishing” scams, work-from-home and “secret” or “mystery Shopper” frauds and cross-border lottery frauds.

Phishing

Phishing is an identity theft scam. Identity thieves use the names of well-known banks, retailers or credit card companies to create (spoof) what appear to be official websites of those entities. E-mails are sent informing the recipients of some sort of problem with their account requiring an update of their information within 24 or 48 hours or else they will be locked out of access to the account. The recipient is instructed to “click here” on an embedded link to verify or update their information. A pop-up screen appears requesting the account number, name and address, date of birth, social security number and other personal identifying information.

Another method of phishing is lure people to participate in a survey by offering a monetary enticement. A recent phishing incident offered $150 to participate in a nine question McDonald’s customer satisfaction survey. Of course, participants are required to provide their account and access information to receive the award.  

An ever increasing danger associated with opening e-mail from an unknown source is that malware may be included. Once the recipient opens the e-mail, a virus infects the computer.

Work-From-Home

Work-from-homes scams have been around for years. Computers have allowed fraudsters to become more creative and reach a broader audience. Many such scams originate from overseas and the perpetrators are outside of the long arm of the law.

Current work-from-home scams include the so-called “secret” or “mystery” shopper, payment processor and reshipping agent. Typically, the victim will receive an unsolicited e-mail advertising a job described as “quality” or “performance” checker. One needs only to evaluate the service at the selected business.  

The victim completes the accompanying application and of course, is hired. Soon after, the assignment sheet with instructions, an evaluation form and a check arrive in the mail. The victim is told to deposit the check and when the funds become available, withdraw a certain amount of cash and take it to Wal-Mart where they will send a MoneyGram. They are to complete the service evaluation form and fax it to a number provided in the instructions. The pay for this “probationary” assignment is typically around $400. The check, of course, is a counterfeit.

Other work-from-home scams include being a money forwarder and reshipping agent. Typically, an unsolicited e-mail with a job offer is received. Money forwarders are “hired” to act as processors of check payments for non-existent overseas companies. Those hired will receive ten percent of the amount of all checks processed. The work consists of depositing checks and forwarding the proceeds less commission via MoneyGram to individuals in foreign countries.

Cross – Border Lottery Frauds

Consumers are especially susceptible to this type of fraud. Many of the winning notification letters received in the U.S. are mailed from Canada bearing postmarks from Ontario, Quebec and British Columbia. Recipients are advised they have won hundreds of thousands of dollars in a foreign lottery (anywhere in the world). A check drawn on a U.S. based business or an official check from a U.S. bank is enclosed. The recipient is told to call a processing or claim agent identified in the letter who will instruct him to negotiate the check and when the funds are available, to wire a specific amount via MoneyGram to pay for a processing fee or taxes.

A significant number of recipients of the letters never question the validity of the lottery or check and simply follow the instructions given. The end result is they lose several thousand dollars from the negotiation of a counterfeit check.

Too good to be true!

The consumer’s first line of protection against fraud is to ask, “Is this too good to be true?”

Unsolicited e-mail and e-mail from unknown sources must be considered as high risk. Many of these e-mails contain offers of products or services at extremely low cost. Do not be swayed by this and definitely do not click on links in the e-mail as a significant number contain viruses and malware that will infect you computer 

Finally, practice safe computing habits. For more information, go to www.onguardonline.gov

Back to Top

Stop DotCons: By Thomas R. Nash, CPP

The Internet, for better or worse, has become an important and useful tool in our daily lives. It has changed how we communicate with each other, how we conduct daily business and how news is communicated to us. This is the bright side of the Internet. 

There also is a dark side where cyber thieves lurk seeking ways to victimize consumers by drawing them into their world wide web of deceit.

Many of the scams and cons practiced by these cyber thieves have existed for years only now they have morphed into 21^st century versions. The Internet has opened a new channel for these grifters to practice their craft by allowing them to remain anonymous far from their intended victims. Their frauds represent low risk of being identified and arrested while providing them with high monetary returns.

Outlined below are several of the more popular Internet related frauds currently in use, how consumers can identify them and how they can avoid becoming victims.

Phishing = Identity Theft

The sole purpose of “phishing” is identity theft. Elements of phishing are the spoofing of a legitimate e-mail header to look like the e-mail originated from a recognizable entity and convincing the recipient that their account with the entity is in jeopardy. The recipient is informed if they do not “update” their account information their access will be locked out. They are then directed to a hyperlink in the body of the e-mail “Click Here” to update account information. The victim is then directed to a fraudulent web site and a pop-up screen appears that requests account numbers, name and address, date of birth, Social Security Number, mother’s maiden name and other personal identifying information.

Consumers should never click on links embedded in e-mail. If uncertain if the e-mail is legitimate, err on the side of caution and delete the e-mail.

For more information about phishing and safe computing habits, go to: www.OnGuardOnLine.gov

Advance Fee Frauds

In advance fee frauds, victims pay a fee in the expectation of obtaining something in return. Two of the more popular current advance fee frauds are the “secret shopper” and “cross-border lottery” scams. It should be noted that in addition to the Internet, both of these are also perpetrated using the U.S. Mail.

Secret Shopper

Victims in this scam receive an unsolicited e-mail advertising for secret shoppers. The job detail includes evaluating the service of a business. Recipients are directed to complete an online job application and of course, all who apply are hired. There also is a good possibility they will become identity theft victims.

The victim then receives a letter in the mail outlining a trial assignment that includes instructions to visit a local Wal Mart or other outlet where Money Gram wire transfers may be conducted, or Western Union. The assignment is to wire funds to a relative. A check payable to the victim is included with the letter. A typical amount is around $3,900. The “secret shopper” is instructed to take the check to the bank and as soon as the funds become available, withdraw cash and proceed to the store to send the wire. Typical amounts to be wired are around $3,500 with the remaining amount becoming pay for the assignment and the cost of the wire transfer. The letter includes instructions to whom the transfer is to be made and how it should be directed. Victims realize they have been had several days later when their bank informs them the check they negotiated is a counterfeit and they are expected to make good on it.

Lottery Frauds

Victims in cross-border lottery frauds receive an e-mail informing them have won an international lottery and are instructed to contact a claim or processing agent for additional information. In the Internet version, victims are directed to wire funds covering taxes or processing fees overseas via Money Gram or Western Union. They typically are asked for an account number and financial institution information where their winnings may be deposited. Many of the Internet versions of this scam appear to originate from Great Britain.

In the mail version, the victim will receive a letter bearing a Canadian postmark, typically from Ontario but Quebec and British Columbia are other origination points. The letter informs the victim of winning a foreign lottery and includes a check of an amount up to around $4,900 to be used for payment of taxes or processing fees. All notification letters are basically worded the same. They inform the “winner” to first contact the claim or processing agent for instructions and that winning is to be kept a secret to prevent multiple claims. The agent will instruct the winner to deposit the check and as soon as funds are available to wire a specific amount out of the country following instructions given. The checks are either counterfeit “Official” or “Cahier’s” checks purportedly drawn on a U.S. financial institution or a counterfeit check drawn on a U.S. based business. Consumers who believe they have won a lottery they have never played and who negotiate these checks soon realize they have been had when they are notified by their financial institution that the check was returned unpaid as a counterfeit that they are expected to make good on it.

For more information, go to: www.fakechecks.org

Internet Sale of an Item

Many consumers either advertise items for sale on the Internet or other locations where the Internet will be used to contact them for more information. Craig’s List, eBay and similar online sites provide a valuable service for those who legitimately participate and they diligently work to protect their brand name.

A typical Internet sale fraud occurs when a seller receives an e-mail from a prospective buyer interested in the item. The buyer agrees to purchase the item and advises a check will be sent by someone who owes him money. In all cases, the check is for more than the agreed upon sale price. The seller is instructed to cash the check and simply wire the excess amount to the buyer minus the fee for the wire. The buyer indicates his shipping agent will pick up the item being sold.

Again, the victim seller in these frauds realizes too late the check that was negotiated is a counterfeit and is expected to repay the bank for lost funds.

 For more information, go to: www.fraudwatchinternational.com

 Conclusion

The Internet is a valuable tool that provides us with access to information that impacts our lives in ways that only a few years ago were unimaginable. Consumers must be constantly aware of what they are doing on the Internet and maintain a healthy awareness that there are people with ulterior motives detrimental to their financial security seeking to defraud them.