Fraud Prevention

Tax identity theft awareness week

The FTC has named Jan. 13-17, 2014, Tax Identity Theft Awareness Week. Tax identity theft happens when someone files a phony tax return using stolen personal information such as a Social Security number to get a tax refund from the IRS. It also can happen when someone uses a stolen Social Security number to get a job or falsely claims a child as a dependent on a tax return. Tax identity theft is the most common form of identity theft reported to the Federal Trade Commission. 

“Tax identity theft is a significant and growing issue,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “It’s critical that we make sure consumers are aware of how they can prevent it, and if they are victimized, what steps they can take to recover as quickly as possible.”
 
Tax identity thieves get personal information in a number of ways. For example:
  • Going through someone's trash or stealing mail from a home or car
  • Sending phony emails that look like they’re from the IRS asking for personal information
  • Stealing information from their place of employment such as hospitals, nursing homes, or banks
  • Phony or dishonest tax preparers misuse their clients’ information or pass it along to identity thieves
 
To lessen the chance you’ll be a victim:        
  • if possible, file your tax return early in the tax season, before identity thieves do.
  • use a secure internet connection if you file electronically, or mail your tax return directly from the post office. Avoid unsecure, publicly available Wi-Fi hotspots at places such as coffee shops or hotel lobbies. 
  • shred copies of tax returns, drafts, or calculation sheets you no longer need.
  • respond to all mail from the IRS as soon as possible
  • know the IRS won’t contact you by email, text, or social media. If the IRS needs information, it will contact you by mail.
  • don’t give out your Social Security number (SSN) or Medicare number unless necessary. Ask why it’s needed, how it’s going to be used, and how it will be stored.
  • get recommendations and research a tax preparer thoroughly before you hand over personal information.
  • if your SSN has been compromised, contact the IRS ID Theft Protection Specialized Unit at 800-908-4490.
  • check your credit report at least once a year for free at annualcreditreport.com to make sure no other accounts have been opened in your name. 
Tax identity theft victims typically find out about the crime when they get a letter from the IRS saying that more than one tax return was filed in the their name, or IRS records show they received wages from an employer they don’t know. If you get a letter like this, don’t panic. Contact the IRS Identity Protection Specialized Unit at 1-800-908-4490.
 
More information about tax identity theft is available from the FTC at ftc.gov/idtheft and the IRS at irs.gov/identitytheft.

Identity Secure - Fraud Prevention Service

Enjoy the security and peace of mind of Identity Secure's comprehensive identity protection. Identity Secure provides the advanced protection of fraud alerts and more, so you can lock down your identity and maintain control of your life.

 

 

Flyers

 

Web Sites

Visit these web sites for information to help protect you from being the victim of fraud or identity theft.

Articles

Warning about fraudulent charities

By the Risk Management Department, American Eagle FCU 

The Oklahoma Attorney General's Office is warning of renewed charity scams following the tornado so before giving money to help with the recent tornado disaster relief, it is important you verify the type of help the charity is providing to ensure the charity is legitimate. 

An increase in fraudulent charities happened within days of the Boston marathon bombings. More than 100 new websites were registered as charities and many were scams. After the grade school shootings in Newtown, Connecticut, someone set up a fake "Funeral Fund" page on Facebook.  

To locate a trusted charity, you can use an independent charity evaluator such as "Charity Navigator" as a starting point to learn how much of a donation is applied to the charity program as well as the amount applied to administration and marketing. The Charity Navigator website currently lists more than a dozen trusted charities taking donations for Oklahoma tornado relief, including the American Red Cross.   

Keep in mind that donations to certain national charities such as the American Red Cross are directed to overall disaster relief wherever assistance is most needed unless a particular disaster is specified. The Red Cross states that if donations received have exceeded the amount needed for a specific disaster, the additional donations received and designated for that disaster may be used for other relief efforts. One method of donating to the Red Cross to ensure the donation stays local is to donate to a specific Red Cross Chapter; local donations such as these will be applied in that locale.          

2012 Summer Olympics - Online Scammers Playground

By Thomas R. Nash, CFCI Senior Risk Management Analyst

The department of Homeland Security (DHS) has issued a warning concerning online access to events, news, and other information concerning the 2012 Summer Olympics set to begin on July 27.

Few  world events attract more readers, views and downloads than the Olympic games. Online scammers know that just about any subject line with the word "Olympic" will be opened by millions of people. And therein lies the problem; many that open the link will become infected with malware receiving malicious code instead of news, tickets and Olympic-related merchandise.

DHS reported that during the 2008 Summer Olympics in Beijing, China was subjected to approximately 12 million online attacks per day. DHS warns that hackers employ many schemes to lure users into downloading malicious software or handing over personal identifying credit card information.

To avoid these online scams, you are encouraged to use the following common sense cyper practices:

  • Run anti-virus and anti-spyware software and keep them updated regularly
  • Use spam filters and firewalls
  • Use reputable sources when downloading Olympic-themed apps and software
  • Don't click on links promising deals you were not looking for and scrutinize links carefully when looking for Olympic-related pages.
  • Be wary of Olympic-themed e-mails from unknown individuals or organizations or that have attachments or links - never click on an embedded link in an unsolicited e-mail

The official U.S. Olympic Committee (USOC) website is www.teamusa.org. There are other website related to specific teams such as gymnastics (www.gym.org) or volleyball (www.volleyball.org). If you are uncertain of the legitimacy of a link, Google the official USOC website for more information.

Internet Crime Complaint Center's Scam Alerts

By Internet Crime Compliant Center

This report, which is based upon information from law enforcement and complaints submitted to the IC3, details recent cyber crime trends, new twists to previously-existing cyber scams, and announcements.

Mystery Shopper Scam To Evaluate Wire Transfer Services
The IC3 has recently received over 250 complaints reporting a new twist to the online employment scam. The scam involves individuals who responded to online ads or were contacted via e-mail as a result of their resume being posted on job websites. The perpetrator posed as a research company and requested participants to complete a paid survey regarding services provided at wire transfer locations to improve the effectiveness of the company's money-transfer services.

Complainants were hired and then mailed a cashier's check or money order. They received instructions to cash the check/money order at their local bank, keep a portion as payment, and wire the remaining amount via wire transfer to a designated recipient. Victims were then asked to immediately e-mail their employer with the transfer number, amount wired, recipient's name and address, and the name of the wire transfer location evaluated. Upon sending the information, victims received a questionnaire form regarding their overall wire transfer experience to complete and return. Those who did not promptly follow through with the instructions received threatening e-mails stating if they did not respond within 24 hours, their information would be forwarded to the FBI and they could face 25 years in jail.

Shortly after the transactions, victims were informed by their banks that the checks were counterfeit and were held responsible for reimbursing their banks. Most victims owed their bank over $2,500.

Spam Referencing U.S. Military Members And Gaddafi
Criminals continue to explore new avenues to lure victims, most recently by claiming to be a US military contractor, who was performing reconstruction work in Libya. Fraudsters sent unsolicited e-mails claiming that several metal boxes were found in cellars of high-rise buildings built and occupied by Muammar Gaddafi. Each box purportedly contained large sums of money, in addition to guns, armor, bullets, and drugs. The e-mails requested the recipient’s assistance with transferring the money out of Libya. The fraudsters also told the e-mail recipients that they were expected to receive, secure, and protect the boxes until the overseas assignment elapsed and promised the victims a 30 percent profit.

Often times in online scams, once communication with the fraudsters begins, they will request personal information, including but not limited to bank account details, claiming funds are needed to cover various expenses.

Be wary of any unsolicited e-mail, especially those requesting personal information or soliciting the submission of money for any reason. Unsolicited e-mails should not be opened, as they often contain viruses or other malicious software.

Pox Party Online Advertisements
Recently, the IC3 received a complaint from an individual reporting an advertisement on a social media site that offered ways to obtain "natural immunity" from the chickenpox by sharing lollipops licked by children infected with the virus. Parents have been known to take their child to a "Pox Party" as an alternative to vaccinating children from varicella, otherwise known as chickenpox, but sending virus-covered lollipops through the mail is against Federal law.

One individual posted a message stating "fresh batch of pox in Nashville shipping of suckers, spit, and Q-tips available tomorrow 50 dollars."

As a disclaimer, the social media site posted the following notice on their page:

"This page has never condoned the mailing of infectious diseases. For our members: The mailing of infectious items, such as lollipops, rags, etc, is a federal offense. This page is not private and can been seen by members and non members alike. You may post on the page that you have the pox and are willing to share in YOUR AREA but please keep your specifics in private messages between members. Again, this page can be seen by anyone and mailing is a federal offense. We are all intelligent adults but these guidelines will help protect your privacy."

According to the Center for Disease Control's (CDC) website, www.cdc.gov, chickenpox is spread in the air when an infected person coughs or sneezes. It can also be spread by touching or breathing in the virus particles that come from the chickenpox blisters. The CDC also discourages chickenpox parties because the disease can be serious. Dangerous diseases like hepatitis A and strep can be transmitted via saliva according to the CDC's website. Therefore, not only is the contaminated candy not likely to provide exposure to chickenpox, it could expose children to an entirely different disease.
 

Beware of Money Transfer Scams

By Tom Nash, Senior Risk Management Analyst, American Eagle FCU

Fraudsters use a number of elaborate (and some not so elaborate) schemes to get you to part with your hard earned cash. Many involve money transfers through Western Union or MoneyGram. Money transfers such as these are appropriate when you are dealing with someone you know and trust – but they are totally inappropriate when you are dealing with a stranger or unknown business that is not nationally branded.

The reason fraudsters pressure you to use money service wire transfers is so they can quickly get their hands on the cash before you know you have been cheated. Typically, once you send money in this manner, there is no way to reverse the transaction or trace where the funds went.

There are many convincing stories used in counterfeit check scams. The scam begins when someone mails you a check with instructions to deposit it and wire a portion of the proceeds back to them or a third party. By law, financial institutions are required to make funds from deposited checks available within days, but uncovering a fake check can take weeks, or longer. You are responsible for the checks you deposit, so if a check turns out to be fraudulent, you will owe the financial institution for any money you withdrew.

The following are variations of a counterfeit check scam:

Lotteries and Sweepstakes: You just won a foreign lottery! You receive a letter notifying you of your winnings and a check is included to help you pay taxes, insurance, processing fee or some other type of fee. All you have to do is deposit the check, follow instructions provided to you and wire the necessary funds via Western Union or MoneyGram. But the check is a counterfeit! The use of the lottery story is to get you to wire cash to someone you do not know and if you do this, you will be obligated to repay your financial institution for the money withdrawn.

Overpayment Scams: Someone responds to your online posting or advertisement. You accept their offer and receive a check that is most likely made payable to someone else for more than the agreed upon selling price. The so-call buyer informs you his agent made a mistake and all you need to do is wire the excess back less the cost of the wire. The check is a counterfeit and you will be held responsible for the amount withdrawn.

Mystery Shopper Scams: You are hired to be a mystery shopper and asked to evaluate the customer service of a money transfer company. You are provided with a check to deposit in your personal account. You are told when the funds are available, make a withdrawal of a specific amount in cash and wire the funds using a specific money transfer service. Many times the funds are to be wired to Canada or to another foreign country. The results are the same. The check is a counterfeit and you are responsible for any funds withdrawn.

Just to recap…NEVER WIRE MONEY TO:

• a stranger – in this country or anywhere else
• someone claiming to be a relative in a crisis
• someone who says a money transfer is the only form of payment that is acceptable
• someone who asks you to deposit a check and send some of the money back

If you have received a check under these circumstances, please inform your branch manager before depositing it. Doing so can save you a lot of money!
 

Phishing, Vishing and Smishing

By Tom Nash, Senior Risk Management Analyst, American Eagle FCU

Phishing schemes designed to obtain personal identifying information (PII) from you are by all reports, again on the increase. The typical phishing scheme is a socially engineered e-mail worded to lure you into responding and providing your PII along with account details. Now there is “vishing,” phishing over the telephone and “smishing,” text message phishing.

The vishing and smishing scams contain messages warning you of problems with your account requiring your response. A return call number is provided and when you call the number, you are instructed by voice prompts to enter your PII and account information including the account number and PIN.

These socially engineered scams rely on methods American Eagle Federal Credit Union (for that matter, no financial institution) will ever employ. To avoid being a victim of fraud you should:

• Never give out personal or financial information in response to an unsolicited phone call, fax, e-mail or text message.
• Contact the credit union at 860.568.2020 X5101 (800.842.0145 X5101) to confirm the legitimacy of any e-mail that appears to come from the credit union that asks for the submission of personal or account information.
• Check your credit card and account statements regularly for unauthorized transactions.
• Make sure websites are secure when submitting financial information online – check for a padlock or key icon at the bottom of your monitor screen. Secure Web addresses also use “https.”
• Contact your branch manager if you have questions. 

Fraudulent Check Scams

By Tom Nash, Senior Risk Management Analyst, American Eagle FCU

Organized International check fraud rings are continuing to bilk innocent consumers in their time-tested check fraud scams. Our members are being exposed to significant losses to scams such as lottery frauds, mystery or secret shopper scams, overpayment frauds and a host of other similar check frauds.

No matter what the fraud scheme is, there are common elements that tie them together that you need to be watchful for. They are:

• Did you receive a check for an item you sold on the Internet or for payment related to a rental?
• Is the amount for more than the selling or agreed upon rental price?
• Did you receive the check via an overnight delivery service such as FedEx or UPS?
• Is the check drawn on a business or individual account that is different from the person buying your item?
• Have you been informed that you were the WINNER of a lottery that you have never purchased a ticket for?
• Have you been instructed to either “WIRE”, “SEND”, or “SHIP” money via Western Union or MoneyGram?
• Have you been offered employment as a “MYSTERY or SECRET SHOPPER", or as a “RESHIPPING AGENT” or similar job?
• Are you receiving “PAY” or a “COMMISSION” for facilitating money transfers through your account?
• Did you respond to an e-mail requesting you to CONFIRM, UPDATE or PROVIDE you personal identifying information or account information?

If you can answer “YES” to any of these questions, you could be involved in a FRAUD SCHEME or are about to be SCAMMED!

Please seek the immediate assistance of your branch manager! 

Child Identity Theft

By Tom Nash, Senior Risk Management Analyst, American Eagle FCU

Child Identity Theft was first identified as a problem nearly eight years ago. ABC News in a report by Geraldine Sealey dated September 2003, reported that child identity theft may go unreported for years, unlike adult victims who typically discover they have become a victim within a relatively short period of time.

Child Identity Theft occurs when a child’s identity is used by another person for personal gain. Identity theft occurs when the Social Security Number (SSN) and the child’s name are used to open new lines of credit. The identity thief may be a family member, of someone known by the family. It may also be a stranger who targets children knowing the theft will not be discovered for years, usually when the child reaches adulthood and applies for a student loan or employment.

Most people do not understand that credit issuers have no way of verifying the true age of an applicant when no prior credit record exists. In these cases, the date of birth provided is accepted without question and becomes “official” until a dispute is filed and proven.

Steps to Prevent Child Identity Theft

Here are a few things you can do to reduce the possibility of your child becoming a victim of Child Identity Theft: 

  • Consider purchasing identity theft protection service with a family plan
  • Monitor Equifax, Experian and TransUnion credit bureau reports – credit reporting does not begin until a person’s personal identifying information (PII) is used to open a line of credit. There should not be a report for a minor child
  • Keep your child’s Social Security card in a safe and secure place – it should not be carried in a purse or wallet 

Clues Your Child May Be a Victim 

  • An attempt to open a bank account in the child’s name is rejected due to a bad check record
  • Collection agencies call or send letters about accounts in the child’s name
  • When credit card offers, bills or account statements are received in the child’s name
  • When a police officer tries to serve an arrest warrant on the child or a sheriff attempts to serve civil papers 

If you suspect your child may be a victim, contact one of the three major credit bureaus: 

  • Equifax 800.525.6285
  • Experian 888.397.3742
  • TransUnion 800.680.7289 

If you confirm your child has been a victim: 

  • File a report with your local police authority
  • Notify the credit grantor in writing and provide the police case number along with a copy of the police report
  •  Report the theft to the Federal Trade Commission. 
  • For more information, visit ftc.gov/idtheft

2011 Year of the Skim

By Tom Nash, Senior Risk Management Analyst, American Eagle FCU

2011 is becoming known as the “year of the skim.” Financial institutions across the country and their customers are being victimized by thieves employing sophisticated “skimming” technology placed on ATMs that is designed to secretly steal their account information and access code (PIN).

 

And it is not only at ATMs that consumers are vulnerable. Any place an ATM card can be used to make a transaction can be rigged with a device. Point-of-sale terminals at store check-out registers, gasoline pumps, Red Box movie rentals, wait staff in restaurants and even in-branch teller PIN pads are known to have been rigged with skimming devices.

Manhattan U.S. Attorney Preet Bharara recently stated, “Skimming is a devious form of high–tech robbery that threatens the integrity of our financial institutions and the privacy of banking customers.”

Here in Connecticut and the other New England states, most reported skims involve placement of a bogus card reader over the ATM card slot. When a card is introduced to the reader, the fake reader captures account data from the magnetic strip on the card. The fake reader also has a pin hole camera that records the PIN when it is entered.

Skimming sessions typically last for between one and three hours. Account information obtained during the session is then used to create a new mag strip which is placed on a “white plastic” (fake) card or a gift card. The thieves then withdraw funds from the stolen accounts using ATMs anywhere in the world. Card skimming reportedly accounts for more than 80 percent of ATM fraud.

There are steps you can take to avoid being a victim. First, use ATMs you are familiar with. If something does not look right or the card slot appears altered, do not use the machine. Notify the financial institution of what you observed.

If you do make a transaction, use your free hand to cover your other hand as you enter your PIN. A debit or credit card number without the PIN is useless to the thief.

Be mindful of your surroundings. Look to see if there is anyone loitering to observe the ATM’s activity. If the activity seems suspicious, notify the local police.

 

When checking out at a retail store, cancel the default debit card PIN based transaction and opt instead for the signature based credit card type transaction.
Finally, frequently monitor your account activity online and immediately call AEFCU at 860-568-2020 if you see any fraudulent transactions in your account. 

 Is Your Computer Protected?

By Tom Nash, Senior Risk Management Analyst, American Eagle FCU

In a recent press release, the U.S. Department of Justice and FBI said they had taken what they characterized as the most complete and comprehensive enforcement action ever by U.S. authorities to disable an International botnet.

The botnet, known as Coreflood, is believed to have been operating for nearly a decade and infected more than 2 million computers worldwide. The DOJ called Coreflood a particularly harmful type of malicious software that records keystrokes and private communications primarily on Windows computers.

A computer infected with Coreflood can be remotely controlled by another computer. Coreflood is used to steal user names, passwords, private personal information and financial information such as account number and access codes.

So, the question of the day is, is your computer adequately protected against viruses and malware?

Clearly, fraudsters have the capacity to access your computer from anywhere in the world. Hundreds of new viruses and variants are introduced daily. If you do not employ good virus and malware protection and update it regularly, and download and install patches when they become available, your computer very well could become infected without your knowledge.

The Internet provides access to information, entertainment, financial and countless other services. Failure to maintain the security of your computer may leave you vulnerable to online fraudsters and identity thieves.

To learn more about safe computing and safe Internet practices, go to:

www.stopthinkconnect.org

www.onguardonline.gov

New Year’s Resolution

By Tom Nash, Senior Risk Management Analyst, American Eagle FCU

With 2010 drawing to a close it is that time of the year when people begin to think about their resolutions for the New Year. Here is a suggestion for consideration; resolve to protect the health of your personal computer. Doing so may not only enhance the performance of your computer, but also protect you against identity theft, viruses, malware and other fraud schemes that can place you and your finances at risk.

Keeping your firewall, anti-virus and spyware updated plays a critical role in keeping your computer secure. By enabling auto updates you will be ensured the most current definitions and critical updates are installed for optimum performance and protection.

That said be certain you only install firewalls, virus protection and anti-spyware from recognizable brands and trusted sources. Recent reports indicate there has been an increase in the number of spam e-mails for these products that when you purchase and install them, your computer becomes infected with malware.

Do not click on or open e-mail from unknown sources and do not open attachments from known senders that seem unusual or suspicious. Phishing attacks seeking to obtain your personal identifying information for identity theft continue to be a major problem.

Keep your browser updated to keep you protected from security threats. Out of date browsers probably have security flaws leaving you vulnerable to malicious software attacks.

Finally, keep yourself informed about what is happening on the Internet. Doing so will give you peace of mind as you surf the web with confidence.

For more information, visit www.onguardonline.gov.

Have a Happy and Safe New Year!


Telephone Collection Scam Related to Delinquent Payday Loans

The IC3 receives a high volume of complaints from victims of payday loan telephone collection scams. In these scams, a caller claims that the victim is delinquent in a payday loan and must repay the loan to avoid legal consequences. The callers purport to be representatives of the FBI, Federal Legislative Department, various law firms, or other legitimate-sounding agencies. They claim to be collecting debts for companies such as United Cash Advance, U.S. Cash Advance, U.S. Cash Net, and other internet check cashing services.

One of the most insidious aspects of this scam is that the callers have accurate information about the victims, including social security numbers, dates of birth, addresses, employer information, bank account numbers, names and telephone numbers of relatives and friends. The method by which the fraudsters obtained the personal information is unclear, but victims often relay that they had completed online applications for other loans or credit cards before the calls began.

The fraudsters relentlessly call the victim's home, cell phone, and place of employment. They refuse to provide to the victims any details of the alleged payday loans and become abusive when questioned. The callers threaten victims with legal actions, arrests, and in some cases physical violence if they refuse to pay. In many cases, the callers even resort to harassment of the victim's relatives, friends, and employers.

Some fraudsters instruct victims to fax a statement agreeing to pay a certain dollar amount, on a specific date, via prepaid visa card. The statement further declares that the victim would never dispute the debt. These telephone calls are an attempt to obtain payment by instilling fear in the victims. Do not follow the instructions of the caller.

If you receive telephone calls such as these, you should:

  • Contact your banking institutions;
  • Contact the three major credit bureaus and request an alert be put on your file;
  • Contact your local law enforcement agencies if you feel you are in immediate danger;
  • File a complaint at www.ic3.gov.
     

Holiday Shopping Tips

 
By Internet Crime Compliant Center
 
Holiday Shopping Tips
In advance of the holiday season, the FBI reminds shoppers to beware of cyber criminals and their aggressive and creative ways to steal money and personal information. Scammers use many techniques to fool potential victims including fraudulent auction sales, reshipping merchandise purchased with a stolen credit card, sale of fraudulent or stolen gift cards through auction sites at discounted prices, and phishing e-mails advertising brand name merchandise for bargain prices or e-mails promoting the sale of merchandise that ends up being a counterfeit product.

Fraudulent Classified Ads or Auction Sales
Internet criminals post classified ads or auctions for products they do not have. If you receive an auction product from a merchant or retail store, rather than directly from the auction seller, the item may have been purchased with someone else's stolen credit card number. Contact the merchant to verify the account used to pay for the item actually belongs to you.

Shoppers should be cautious and not provide credit card numbers, bank account numbers, or other financial information directly to the seller. Fraudulent sellers will use this information to purchase items for their scheme from the provided financial account. Always use a legitimate payment service to protect purchases.

Diligently check each seller's rating and feedback along with their number of sales and the dates on which feedback was posted. Be wary of a seller with 100% positive feedback, if they have a low total number of feedback postings and all feedback was posted around the same date and time.

Gift Card Scam
The safest way to purchase gift cards is directly from the merchant or authorized retail merchant. If the merchant discovers the card you received from another source or auction was initially obtained fraudulently, the merchant will deactivate the gift card number, and it will not be honored to make purchases.

Phishing and Social Networking
Be leery of e-mails or text messages you receive indicating a problem or question regarding your financial accounts. In this scam, you are directed to follow a link or call the number provided in the message to update your account or correct the problem. The link actually directs the individual to a fraudulent Web site or message that appears legitimate; however, any personal information you provide, such as account number and personal identification number (PIN), will be stolen.

Another scam involves victims receiving an e-mail message directing the recipient to a spoofed Web site. A spoofed Web site is a fake site or copy of a real Web site that is designed to mislead the recipient into providing personal information.

Consumers are encouraged to beware of bargain e-mails advertising one day only promotions for recognized brands or Web sites. Fraudsters often use the hot items of the season to lure bargain hunters into providing credit card information. The old adage "if it seems too good to be true" is a good barometer to use to legitimize e-mails.

Black Friday has traditionally been the "biggest shopping day of the year." The Monday following Thanksgiving has more recently (2005) been labeled Cyber Monday, meaning the e-commerce industry endorses this special day to offer sales and promotions without interfering with the traditional way to shop. Scammers try to prey on Black Friday or Cyber Monday bargain hunters by advertising "one day only" promotions from recognized brands. Consumers should be on the watch for too good to be true e-mails from unrecognized Web sites.

Along with on-line shopping comes the growth of consumers utilizing social networking sites and mobile phones to satisfy their shopping needs more easily. Again, consumers are encouraged to beware of e-mails, text messages, or postings that may lead to fraudulent sites offering bargains on brand name products.

Tips
Here are some tips you can use to avoid becoming a victim of cyber fraud:

  • Do not respond to unsolicited (spam) e-mail.
  • Do not click on links contained within an unsolicited e-mail.
  • Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders. Always run a virus scan on attachment before opening.
  • Avoid filling out forms contained in e-mail messages that ask for personal information.
  • Always compare the link in the e-mail to the web address link you are directed to and determine if they match.
  • Log on directly to the official Web site for the business identified in the e-mail, instead of "linking" to it from an unsolicited e-mail. If the e-mail appears to be from your bank, credit card issuer, or other company you deal with frequently, your statements or official correspondence from the business will provide the proper contact information.
  • Contact the actual business that supposedly sent the e-mail to verify that the e-mail is genuine.
  • If you are requested to act quickly or there is an emergency, it may be a scam. Fraudsters create a sense of urgency to get you to act impulsively.
  • If you receive a request for personal information from a business or financial institution, always look up the main contact information for the requesting company on an independent source (phone book, trusted internet directory, legitimate billing statement, etc.) and use that contact information to verify the legitimacy of the request.
  • Remember if it looks too good to be true, it probably is.
  • To receive the latest information about cyber scams, please go to the FBI Web site and sign up for e-mail alerts by clicking on one of the red envelopes. If you have received a scam e-mail, please notify the IC3 by filing a complaint at www.ic3.gov. For more information on e-scams, please visit the FBI's New E-Scams and Warnings webpage at http://www.fbi.gov/cyberinvest/escams.htm.

 

Claims of Being Stranded Swindles Consumers Out of Thousands of Dollars  

By Internet Crime Compliant Center


The IC3 continues to receive reports of individuals' e-mail or social networking accounts being compromised and used in a social engineering scam to swindle consumers out of thousands of dollars. Portraying to be the victim, the hacker uses the victim's account to send a notice to their contacts. The notice claims the victim is in immediate need of money due to being robbed of their credit cards, passport, money, and cell phone; leaving them stranded in London or some other location. Some claim they only have a few days to pay their hotel bill and promise to reimburse upon their return home. A sense of urgency to help their friend/contact may cause the recipient to fail to validate the claim, increasing the likelihood of them falling for this scam.

If you receive a similar notice and are not sure it is a scam, you should always verify the information before sending any money. If you have been a victim of this type of scam or any other Cyber crime, you can report it to the IC3 website at: http://www.ic3.gov/. The IC3 complaint database links complaints for potential referral to the appropriate law enforcement agency for case consideration. Complaint information is also used to identity emerging trends and patterns.
 

FREE Annual Credit Reports

By Tom Nash, Senior Risk Management Analyst, American Eagle FCU

Did you know that the Fair Credit Reporting Act guarantees you access to your credit report for free from each on the three nationwide credit reporting agencies - Experian, Equifax and TransUnion – every 12 months?

By law, the ONLY authorized source for this totally free credit report is AnnualCreditReport.com.

The Federal Trade Commission has received complaints from consumers who thought they were ordering their free annual credit report who later learned they were paying fees or buying services they neither wanted nor needed. TV and radio ads, online searches and e-mail offers may tout “free” credit reports but there is only one authorized source for a truly free report.

How Do I Order My Totally Free Report?

You can order your free report online, by phone or by mail. Visit AnnualCreditReport.com, call 1.877.322.8228, or fill out the Annual Credit Report Request form and mail it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281.

You may order all three reports at one time however by ordering one at a time you can monitor your credit throughout the year.

Why Should I Monitor My Credit?

Information in your credit report is used to evaluate you’re your applications for credit, insurance and employment among other things. You need to be sure your information is current and accurate. Most importantly, monitoring your credit is one of the best ways to detect identity theft, spot unauthorized activity and afford you the opportunity to correct errors.

What Should I Look for When I Review My Credit Report?

If you see accounts you do not recognize or inaccurate information, contact the report issuer and the information provider.

If you suspect identity theft, you may need to place a fraud alert on your credit report.

In either case, obtain more information regarding the steps to take by visiting FTC.gov/idtheft .
 

Work-From-Home Job Scam "Reshipping"

 
By Tom Nash, Senior Risk Management Analyst, American Eagle FCU

With high unemployment continuing to be a problem and the prospects of finding meaningful employment slim at best, many people are falling victim to offers of work-from-home job scams.

Watchdog groups report that nearly one-fourth of recruiting ads on sites such as Monster.com, CareerBuilder.com and similar sites are fraudulent. Craigslist, where job ads are free to employers, has become notorious for fraudulent job ads.

If you are seeking a job and responding to these online ads, you should use extreme caution by carefully researching the hiring company and limiting the amount of personal information you provide up front on a job application. Never give out your social security number or bank account information. Many of these fake job sites simply want your Social Security number and other personal identifying information to steal your identity.

A popular work-from-home job offer involves reshipping packages. Fraudsters post job offers for a “merchandising manager,” “package processing assistant,” or a similar job title. Duties include receiving packages mailed to your home and reshipping them to an overseas address. Most U.S. businesses will no longer ship outside the country due to the high incidence rate of credit card fraud originating from foreign countries.

To circumvent this problem, scammers have resorted to “hiring” legitimate people like you to participate in their fraud scheme. Most people have no idea they are participating in a criminal enterprise and could be subject to arrest on felony fraud charges.

There are very few legitimate work-from-home jobs, especially ones that offer seemingly high pay for little or no work experience. Remember, if the offer seems too good to be true, it probably is.
 

Significant Increase in 2009 Online Fraud


By Tom Nash, Senior Risk Management Analyst, American Eagle FCU

The Internet Crime Complaint Center (IC3) Web site reported receiving 336,655 complaints during 2009, a 22.3% increase as compared to 2008. More than 146,600 of these complaints were forwarded to law enforcement agencies for further consideration or investigation. Those complaints in which there was documented “harm or loss” or complaints where neither the complainant nor perpetrator resided within the United States were not forwarded.
 
The IC3 is a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance (BJA).
 
The report cited e-mail schemes falsely claiming affiliation with the FBI represented 16.6% of all complaints followed by non-delivered merchandise at 11.9% and advance fee frauds at 9.8%. Identity theft and overpayment scams fill out the list of the top five categories of complaints submitted.
 
The report identified investment fraud ($3,200), overpayment fraud ($2,500) and advance fee fraud ($1,500) as having the highest median dollar losses.
 
All expectations are that cybercrime will continue increase as more people gain Internet access and usage broadens. An impediment to any investigation is the fact that Internet related crimes are crimes without borders in which perpetrators can “hide” with a degree of anonymity.
 
Education and awareness are a prevention strategy that should be employed by Internet users to protect themselves from victimization. Even those who employ best practices strategies may find themselves victims of computer-related crimes.
 
An excellent source of information for consumers seeking ways to protect themselves from Internet crimes is www.lookstoogoodtobetrue.com

 

Mystery and Secret Shopper Schemes 

By the Internet Crime Complaint Center (IC3)

The IC3 has been alerted to an increase in employment schemes pertaining to mystery/secret shopper positions. Many retail and service corporations hire evaluators to perform secret or random checks on themselves or their competitors, and fraudsters are capitalizing on this employment opportunity.

Victims have reported to the IC3 they were contacted via e-mail and U.S. mail to apply to be a mystery shopper. Applicants are asked to send a resume and are purportedly subject to an extensive background check before being accepted as a mystery shopper. The employees are sent a check with instructions to shop at a specified retailer for a specific length of time and spend a specific amount on merchandise from the store. The employees receive instructions to take note of the store's environment, color, payment procedures, gift items, and shopping/carrier bags and report back to the employer. The second evaluation is the ease and accuracy of wiring money from the retail location. The money to be wired is also included in the check sent to the employee. The remaining balance is the employee's payment for the completion of the assignment. After merchandise is purchased and money is wired, the employees are advised by the bank the check cashed was counterfeit, and they are responsible for the money lost in addition to bank fees incurred.

In other versions of the scheme, applicants are requested to provide bank account information to have money directly deposited into their accounts. The fraudster then has acquired access to these victims' accounts and can withdraw money, which makes the applicant a victim of identity theft.

Once the pop-up appears it cannot be easily closed by clicking "close" or the "X" button. If the user clicks on the pop-up to purchase the software, a form is provided that collects payment information and the user is charged for the bogus product. In some instances, whether the user clicks on the pop-up or not, the scareware can install malicious code onto the computer. By running your computer with an account that has rights to install software, this issue is more likely to occur.

Here are some tips you can use to avoid becoming a victim of employment schemes associated with mystery/secret shopping:

  • Do not respond to unsolicited (spam) e-mail.
  • Do not click on links contained within an unsolicited e-mail. 
  • Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders. Virus scan all attachments, if possible. 
  • Avoid filling out forms contained in e-mail messages that ask for personal information. 
  • Always compare the link in the e-mail to the link you are actually directed to and determine if they match and will lead you to a legitimate site. 
  • There are legitimate mystery/secret shopper programs available. Research the legitimacy on companies hiring mystery shoppers. Legitimate companies will not charge an application fee and will accept applications on-line. 
  • No legitimate mystery/secret shopper program will send payment in advance and ask the employee to send a portion of it back. 
  • Individuals who believe they have information pertaining to mystery/secret shopper schemes are encouraged to file a complaint at www.IC3.gov.

 

It's Tax Season, Beware of Frauds

By Tom Nash, Senior Risk Management Analyst, American Eagle FCU

It is that time of the year again when we begin to gather our documents in preparation for paying our taxes. Fraudsters and scam artists know this and rest assured, they have been working diligently to figure out ways to obtain our personal identifying information (PII) and access to our financial information.

The first rule to remember is: “The IRS does not send out unsolicited e-mails regarding tax returns, financial information or any personal identifying type of information,” said IRS spokesman Michael Dobzinski. The IRS won’t ask and generally won’t discuss any personal tax matters by e-mail, he added.

There are recent reports of tax payers receiving an e-mail requesting completion of an “updated version” of a W-2 Form, the form most employees receive reporting their wages and taxes withheld.

The second rule to remember is: If the sender’s address does not end in “.gov” the e-mail is not from the IRS.

The scammers are clever and may even use the IRS logo to make the e-mail look “real.” Some have other signs indicating they are frauds such as misspellings and bad grammar.

Recipients of these e-mails are cautioned against clicking on or opening any attachments as often there are viruses or Malware attached that will infect your computer. The e-mail should be either deleted or forwarded to phishingirs.gov.

The last rule to remember is: If you have questions or need specific information, go to IRS.gov for current information.
 

Medical Identity Theft

By Tom Nash, Senior Risk Management Analyst, American Eagle FCU

Identity theft has been very much in the news over the past ten years. The Federal Trade Commission reported in 2009 there were 10 million victims with $50 million in losses.

Most recently there are growing numbers of reports of medical identity theft. According to James Quiggle, a spokesman for the Coalition Against Insurance Fraud, “Medical identity theft is a sleeping giant that’s waking up and becoming a serious national fraud problem as the fastest-growing form of identity theft in America today.”

Jilian Mincer in her column Health Costs states the problem has grown during the recession as more uninsured people use the coverage of a friend, relative or even a stranger to get care. An example of this provided by Pam Dixon, executive director of the nonprofit World Privacy Forum is the case of a Pennsylvania man who discovered that someone used his identity at five different hospitals to receive more than $100,000 worth of medical treatment. Ms. Dixon says states with high numbers of retirees are experiencing the most dramatic increases.

Damage to victims of medical identity theft can be not only financially costly, but also life threatening. Medical history records can be corrupted and show conditions a victim has never had resulting in treatment or medications that may be harmful. And, people may not be able to obtain future health insurance coverage.

How to Protect Yourself
“Think of your health-insurance card as a credit card with a spending limit of a million dollars,” says Byron Hollis, managing director of the national antifraud department for the Blue Cross Blue Shield Association. He advises people to keep their personal number private.

Get an annual copy of your medical records from each of your doctors. According to HIPAA, patients are allowed to review their files on demand. Go over them carefully, preferably with your doctor, and look for errors.

Always open mail from your insurance company and read the explanation of benefits (EOB) statement. Make sure the dates and type of treatment match your records.

Check your credit reports for collection notices or liens for unpaid medical bills. Everyone is entitled to a free annual credit report from each of the three major consumer credit reporting agencies. To get yours, go to www.annualcreditreport.com.

Phishing for Your Information

The Federal Bureau of Investigation (FBI) announced that nearly 100 people in the U.S. and Egypt were charge in a major cyber fraud phishing case dubbed "Operation Phish Phry." The defendants allegedly targeted U.S. banks and reportedly scammed account holders by stealing their financial information and used it to transfer upwards of $1.5 million to bogus accounts under their control.

The Anti-Phishing Working Group (APWG) defines phishing as: "A criminal mechanism employing both social engineering and technical subterfuge to steal consumers' personal identity data and financial accounts credentials. Social-engineering schemes use spoofed e-mails purporting to be from legitimate businesses and agencies to lead consumers to counterfeit web sites designed to trick recipients into divulging financial data such as user names and passwords. Technical-subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using systems to intercept consumers online account user names and passwords-and to corrupt local navigational infrastructures to misdirect consumers to counterfeit websites (or authentic websites through phisher-controlled proxies used to monitor and intercept consumers' keystrokes)."

According to the APWG, phishing is a major problem that continues to grow. They estimate that nearly four billion phishing e-mails are sent across the Internet every day. Investigation and prevention of phishing related crimes is extremely difficult. Attacks can originate from anywhere in the world and hide behind technology.

The best protection remains individual users who practice safe computing habits and maintain a cyber awareness of current scams. The experts remind consumers that banks and other legitimate entities will not request your identifying information or account particulars in an e-mail. If you receive an e-mail requesting you to divulge such information, call the bank or business. Do not use the number listed in the e-mail. Additional precautionary measures recommended by the FBI and other experts are:

  • Use a phishing filter on your computer. Many current web browsers have them built in or offer them as plug-ins.

  • Never click on a link to a secure site embedded in the body of an e-mail. Always enter the URL manually into your browser.

  • Do not be fooled by the latest scams. Visit the Internet Crime Complaint Center (IC3.gov) and Lookstoogoodtobetrue.gov websites for more fraud prevention tips and information.

Top Six Counterfeit Check or Money Order Schemes

  1. Work-at-Home

    You are awarded a job from an online ad. The job requires that you receive checks on behalf of the company, deposit checks into a personal bank account, and wire back the money when the funds are posted. You may keep 5 to 10 percent as you salary.

  2. Overpayment

    You place goods for sale online. The perpetrator poses as a buyer, sends you a check or money order for more than the purchase price, and asks you to wire the excess money to a third party (often someone in a foreign country who allegedly handles shipping logistics). This scheme may be used for large item sales, such as automobiles, motorcycles, or boats.

  3. Sudden Riches

    You receive a letter offing a chance to receive a substantial sum of money (e.g., you won a foreign lottery or are the beneficiary of an estate), but must pay a tax or fee before receiving it. You receive a check or money order to cover the expense and are instructed to deposit the check and wire the money to a third party, usually in a foreign country.

  4. Love Losses

    You fall in love with someone overseas you have been cyber-dating. Your "soulmate" sends you counterfeit checks or money orders to cover travel expenses and instructs you to deposit them into a bank account and transfer a portion of the funds to an overseas account.

  5. Foreign Business Offer

    You receive an e-mail from a "foreign official" or "business-person" with a proposal. He or she wants to move a large sum of money from a foreign country and needs assistance. You are offered 25 to 40 percent of the proceeds. You receive a substantial check in the mail, which you deposit into your account. The official then wants to send you more money, but says he or she will need about $40,000 as a bribe or to cover some sort of fees. Believing the previous check has cleared, you wire back the funds.

  6. Rental Schemes

    You post an ad, online or in the newspaper, for a roommate or to sublet an apartment. The respondent supplies a check covering costs such as the first and last month's rent, utilities, and a security deposit. Shortly after you deposit the payment, you are informed that he or she will not be able to rent the property. You are asked to wire back a partial refund.

What happens in all cases?

You deposit the check into your account and wire the money to contact (the employer, shipper, cyber-soulmate, businessman, etc.) when the funds are posted to your bank account.

Few consumers realize that, while banks are required to post checks within a matter of days, it generally takes weeks for a check to clear. Weeks later the bank notifies you that the check was counterfeit or stolen, and you are responsible for the full value of the deposited check.

The Facts About Credit Repair

The worst economic depression since World War II has seriously impacted the credit of many Americans who have lost their jobs and are finding it difficult to maintain their credit obligations. Credit repair scams flourish during these times and we are bombarded with ads from companies offering services that erase bad credit, remove bankruptcies, judgments, liens and bad loans from our credit files.

The Federal Trade Commission (FTC) advises not to believe these claims adding they are very likely signs of a scam. FTC attorneys say they have never seen a legitimate credit repair operation making those claims. Truthfully, there is no such thing as a quick fix for creditworthiness. Consumers can improve their credit rating legitimately but it takes time and concerted effort to manage their credit.

Consumers who have poor credit histories are targeted by companies making promises to clear up their credit report for a fee, of course. The truth is no company can deliver an improved credit report using the tactics they promote...it is illegal! No one can remove accurate negative information from your credit report. Here is how to identify questionable credit repair companies:

  • You are required to pay advance fees for credit repair before service are performed. Under the Credit Repair Organizations Act, companies cannot require payment until they have completed the services promised.

  • You are not informed of your rights and what you can do yourself for free!

  • It is recommended you not contact the three major credit reporting agencies directly.

  • You are informed the company can eliminate most of the negative credit information even if it is current and accurate.

  • It is recommended you invent a "new" credit identity and obtain an Employer Identification Number (EIN) to use instead of your Social Security Number.

  • You are advised to dispute all information in your credit report regardless of accuracy and timeliness.

Remember...it is a federal crime to provide false information on a loan or credit application. The only thing credit repair companies will do is take your money. Do your self a favor by obtaining information about credit repair scams from the Federal Trade Commission.

Teens, Tweens, and Silver Surfers: Social Networking Safety for All Ages

By Tom Nash, Senior Risk Management Analyst, American Eagle FCU

Social networking sites such as Twitter, Facebook and MySpace are hugely popular with people of diverse ages for many different reasons. Growth in the popularity of these sites has attracted the attention of hackers, virus writers, identity thieves, spammers and a host of other criminal types. No matter what age group you fall into, everyone needs to be aware of the dangers associated with participation. Research has revealed that experts generally agree there are certain things people should and should not do.

A few of these are:

  • Personal Information – Restrict access to your personal information and restrict the amount of information contained in your profile. Never use your full date of birth, list your street address or telephone number. Your true friends should already have this information. There are a number of documented cases in which stalkers have tracked their victims’ movements using this information.

  • Do Not Trust Message Source - Be careful about who you accept into your network as a friend. Hackers are known to break into accounts and send messages that appear to be from friends. Remember, on the Internet you can be anybody or anything you wish to be.

  • Do No Allow Network Services to Scan Your E-Mail Address Book – This allows harvesting of e-mail addresses leaving everyone in your address book susceptible to unwanted spam e-mail.

  • Be Careful of Links Embedded in Messages - Use caution with links in messages as you would links in e-mail. Malware and viruses continue to wreak havoc with the Internet and could easily infect your computer.

  • What You Post is Forever – Once you post information online you cannot take it back. Be sure that what you post will not be embarrassing to you, your family, friends or co-workers. Many companies and schools search social network sites as part of their hiring or background process.

  • What may seem funny or laughable today could have negative consequences years from now.

Even law enforcement agencies are viewing posts to identify criminal activity. There are many more safety messages concerning the Internet and social network sites. Readers are encouraged to visit the following sites for more information: www.staysafe.org and www.getnetwise.org.

Fraud in the Perfect Storm

By Tom Nash, Senior Risk Management Analyst, American Eagle FCU

The unemployment rate is soaring, financial institutions are failing, the housing market is in a prolonged slump, General Motors and Chrysler are bankrupt and consumer confidence continues to wane. The government has spent trillions of dollars to prop up failing financial institutions and automobile manufacturers. Consumers are under immense pressure from different fronts as they struggle to keep their jobs and save their home from foreclosure. These and other factors have combined to create the “perfect storm” for fraud to flourish!

Fraudsters worldwide are taking advantage of conditions favorable to the furtherance of cons and swindles by enticing otherwise innocent, albeit naïve consumers to either participate in their criminal activities or to provide personal identifying information (PII) leading to their being a victim of identity theft.

No one has any idea of the total dollar amount lost by financial institutions, businesses or individuals. Based on the number of known incidents and reports made public it is safe to estimate losses running into the $ billions. Currently popular are, “phishing” scams, work-from-home and “secret” or “mystery Shopper” frauds and cross-border lottery frauds.

Phishing

Phishing is an identity theft scam. Identity thieves use the names of well-known banks, retailers or credit card companies to create (spoof) what appear to be official websites of those entities. E-mails are sent informing the recipients of some sort of problem with their account requiring an update of their information within 24 or 48 hours or else they will be locked out of access to the account. The recipient is instructed to “click here” on an embedded link to verify or update their information. A pop-up screen appears requesting the account number, name and address, date of birth, social security number and other personal identifying information.

Another method of phishing is lure people to participate in a survey by offering a monetary enticement. A recent phishing incident offered $150 to participate in a nine question McDonald’s customer satisfaction survey. Of course, participants are required to provide their account and access information to receive the award.

An ever increasing danger associated with opening e-mail from an unknown source is that malware may be included. Once the recipient opens the e-mail, a virus infects the computer.

Work-From-Home

Work-from-homes scams have been around for years. Computers have allowed fraudsters to become more creative and reach a broader audience. Many such scams originate from overseas and the perpetrators are outside of the long arm of the law.

Current work-from-home scams include the so-called “secret” or “mystery” shopper, payment processor and reshipping agent. Typically, the victim will receive an unsolicited e-mail advertising a job described as “quality” or “performance” checker. One needs only to evaluate the service at the selected business.

The victim completes the accompanying application and of course, is hired. Soon after, the assignment sheet with instructions, an evaluation form and a check arrive in the mail. The victim is told to deposit the check and when the funds become available, withdraw a certain amount of cash and take it to Wal-Mart where they will send a MoneyGram. They are to complete the service evaluation form and fax it to a number provided in the instructions. The pay for this “probationary” assignment is typically around $400. The check, of course, is a counterfeit.

Other work-from-home scams include being a money forwarder and reshipping agent. Typically, an unsolicited e-mail with a job offer is received. Money forwarders are “hired” to act as processors of check payments for non-existent overseas companies. Those hired will receive ten percent of the amount of all checks processed. The work consists of depositing checks and forwarding the proceeds less commission via MoneyGram to individuals in foreign countries.

Cross – Border Lottery Frauds

Consumers are especially susceptible to this type of fraud. Many of the winning notification letters received in the U.S. are mailed from Canada bearing postmarks from Ontario, Quebec and British Columbia. Recipients are advised they have won hundreds of thousands of dollars in a foreign lottery (anywhere in the world). A check drawn on a U.S. based business or an official check from a U.S. bank is enclosed. The recipient is told to call a processing or claim agent identified in the letter who will instruct him to negotiate the check and when the funds are available, to wire a specific amount via MoneyGram to pay for a processing fee or taxes.

A significant number of recipients of the letters never question the validity of the lottery or check and simply follow the instructions given. The end result is they lose several thousand dollars from the negotiation of a counterfeit check.

Too good to be true!

The consumer's first line of protection against fraud is to ask, "Is this too good to be true?"

Unsolicited e-mail and e-mail from unknown sources must be considered as high risk. Many of these e-mails contain offers of products or services at extremely low cost. Do not be swayed by this and definitely do not click on links in the e-mail as a significant number contain viruses and malware that will infect you computer

Finally, practice safe computing habits. For more information, go to www.onguardonline.gov

Stop DotCons

By Tom Nash, Senior Risk Management Analyst, American Eagle FCU

The Internet, for better or worse, has become an important and useful tool in our daily lives. It has changed how we communicate with each other, how we conduct daily business and how news is communicated to us. This is the bright side of the Internet.

There also is a dark side where cyber thieves lurk seeking ways to victimize consumers by drawing them into their world wide web of deceit.

Many of the scams and cons practiced by these cyber thieves have existed for years only now they have morphed into 21st century versions. The Internet has opened a new channel for these grifters to practice their craft by allowing them to remain anonymous far from their intended victims. Their frauds represent low risk of being identified and arrested while providing them with high monetary returns.

Outlined below are several of the more popular Internet related frauds currently in use, how consumers can identify them and how they can avoid becoming victims.

Phishing = Identity Theft

The sole purpose of “phishing” is identity theft. Elements of phishing are the spoofing of a legitimate e-mail header to look like the e-mail originated from a recognizable entity and convincing the recipient that their account with the entity is in jeopardy. The recipient is informed if they do not “update” their account information their access will be locked out. They are then directed to a hyperlink in the body of the e-mail “Click Here” to update account information. The victim is then directed to a fraudulent web site and a pop-up screen appears that requests account numbers, name and address, date of birth, Social Security Number, mother’s maiden name and other personal identifying information.

Consumers should never click on links embedded in e-mail. If uncertain if the e-mail is legitimate, err on the side of caution and delete the e-mail.

For more information about phishing and safe computing habits, go to: www.OnGuardOnLine.gov

Advance Fee Frauds

In advance fee frauds, victims pay a fee in the expectation of obtaining something in return. Two of the more popular current advance fee frauds are the “secret shopper” and “cross-border lottery” scams. It should be noted that in addition to the Internet, both of these are also perpetrated using the U.S. Mail.

Secret Shopper

Victims in this scam receive an unsolicited e-mail advertising for secret shoppers. The job detail includes evaluating the service of a business. Recipients are directed to complete an online job application and of course, all who apply are hired. There also is a good possibility they will become identity theft victims.

The victim then receives a letter in the mail outlining a trial assignment that includes instructions to visit a local WalMart or other outlet where Money Gram wire transfers may be conducted, or Western Union. The assignment is to wire funds to a relative. A check payable to the victim is included with the letter. A typical amount is around $3,900. The “secret shopper” is instructed to take the check to the bank and as soon as the funds become available, withdraw cash and proceed to the store to send the wire. Typical amounts to be wired are around $3,500 with the remaining amount becoming pay for the assignment and the cost of the wire transfer. The letter includes instructions to whom the transfer is to be made and how it should be directed. Victims realize they have been had several days later when their bank informs them the check they negotiated is a counterfeit and they are expected to make good on it.

Lottery Frauds

Victims in cross-border lottery frauds receive an e-mail informing them have won an international lottery and are instructed to contact a claim or processing agent for additional information. In the Internet version, victims are directed to wire funds covering taxes or processing fees overseas via Money Gram or Western Union. They typically are asked for an account number and financial institution information where their winnings may be deposited. Many of the Internet versions of this scam appear to originate from Great Britain.

In the mail version, the victim will receive a letter bearing a Canadian postmark, typically from Ontario but Quebec and British Columbia are other origination points. The letter informs the victim of winning a foreign lottery and includes a check of an amount up to around $4,900 to be used for payment of taxes or processing fees. All notification letters are basically worded the same. They inform the “winner” to first contact the claim or processing agent for instructions and that winning is to be kept a secret to prevent multiple claims. The agent will instruct the winner to deposit the check and as soon as funds are available to wire a specific amount out of the country following instructions given. The checks are either counterfeit “Official” or “Cashier’s” checks purportedly drawn on a U.S. financial institution or a counterfeit check drawn on a U.S. based business. Consumers who believe they have won a lottery they have never played and who negotiate these checks soon realize they have been had when they are notified by their financial institution that the check was returned unpaid as a counterfeit that they are expected to make good on it.

Internet Sale of an Item

Many consumers either advertise items for sale on the Internet or other locations where the Internet will be used to contact them for more information. Craig’s List, eBay and similar online sites provide a valuable service for those who legitimately participate and they diligently work to protect their brand name.

A typical Internet sale fraud occurs when a seller receives an e-mail from a prospective buyer interested in the item. The buyer agrees to purchase the item and advises a check will be sent by someone who owes him money. In all cases, the check is for more than the agreed upon sale price. The seller is instructed to cash the check and simply wire the excess amount to the buyer minus the fee for the wire. The buyer indicates his shipping agent will pick up the item being sold.

Again, the victim seller in these frauds realizes too late the check that was negotiated is a counterfeit and is expected to repay the bank for lost funds.

Conclusion

The Internet is a valuable tool that provides us with access to information that impacts our lives in ways that only a few years ago were unimaginable. Consumers must be constantly aware of what they are doing on the Internet and maintain a healthy awareness that there are people with ulterior motives detrimental to their financial security seeking to defraud them.

About the Author

Tom Nash

Thomas R. Nash, CPP is a Senior Risk Management Analyst for the American Eagle Federal Credit Union in East Hartford, CT. He is the president of the Connecticut Chapter of the International Association of Financial Crimes Investigators, is a Certified Financial Crimes Investigator, and is Board Certified in Security Management by ASIS International. You may contact Tom by e-mail at tom.n@aefcu.com.

 

 

 

“Tax identity theft is a significant and growing issue,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “It’s critical that we make sure consumers are aware of how they can prevent it, and if they are victimized, what steps they can take to recover as quickly as possible.”
 
Tax identity thieves get personal information in a number of ways. For example:
  • Going through someone's trash or stealing mail from a home or car
  • Sending phony emails that look like they’re from the IRS asking for personal information
  • Stealing information from their place of employment such as hospitals, nursing homes, or banks
  • Phony or dishonest tax preparers misuse their clients’ information or pass it along to identity thieves
To lessen the chance you’ll be a victim:        
  • if possible, file your tax return early in the tax season, before identity thieves do.
  • use a secure internet connection if you file electronically, or mail your tax return directly from the post office. Avoid unsecure, publicly available Wi-Fi hotspots at places such as coffee shops or hotel lobbies. 
  • shred copies of tax returns, drafts, or calculation sheets you no longer need.
  • respond to all mail from the IRS as soon as possible
  • know the IRS won’t contact you by email, text, or social media. If the IRS needs information, it will contact you by mail.
  • don’t give out your Social Security number (SSN) or Medicare number unless necessary. Ask why it’s needed, how it’s going to be used, and how it will be stored.
  • get recommendations and research a tax preparer thoroughly before you hand over personal information.
  • if your SSN has been compromised, contact the IRS ID Theft Protection Specialized Unit at 800-908-4490.
  • check your credit report at least once a year for free at annualcreditreport.com to make sure no other accounts have been opened in your name. 
Tax identity theft victims typically find out about the crime when they get a letter from the IRS saying that more than one tax return was filed in the their name, or IRS records show they received wages from an employer they don’t know. If you get a letter like this, don’t panic. Contact the IRS Identity Protection Specialized Unit at 1-800-908-4490.
 
More information about tax identity theft is available from the FTC at ftc.gov/idtheft and the IRS at irs.gov/identitytheft.