The Agency Insider with Linda McGlasson

Top Internet Scams for You - and Your Customers - to Avoid

Top Internet Scams for You - and Your Customers - to Avoid

Among the layoffs, companies downsizing, slashing budgets and falling stock prices, there is one area of the economy that appears to be flourishing - crime via the Internet.

The Internet Crime Compliant Center (IC3) says that reports of Internet-based crime jumped 33 percent in 2008, according to the group that monitors web-based fraud.

The IC3 says in its annual report that it received more than 275,000 complaints last year, up from about 207,000 in 2007.

The total reported dollar loss from such scams was $265 million, or about $25 million more than the year before. About one in three complaints were for nonpayment or non-delivery. The other most common complaints were for auction fraud or credit and debit card fraud.

The IC3, for those who may not be familiar with the group, is a partnership of the FBI and a nonprofit group that tracks white collar crime. The group forwarded more than 70,000 of the complaints to various law enforcement agencies for further investigation, and the report lists some of those who got their just desserts from being arrested.

Top Internet scams reported to IC3 in 2008 involved spam, bad checks, roommates and the names of FBI officials. The report describes the basic characteristics of the scams and shows how they often overlap with other types of crimes.

Spam was listed as one of the more significant scams the IC3 saw last year. Spam is described as fraudulent, unsolicited e-mails used to commit identity theft. The FBI says while the idea of using spam to steal identity information is nothing new, these e-mails are distinguished by looking like they've been sent by the FBI.

Employees and regular consumers can fall for these emails that ask for personal information, such as one's bank account number. The emails falsely claim the FBI needs such information in order to investigate an impending financial transaction. This transaction typically involves a transfer of funds from a source in a foreign country, often Nigeria, to a bank account belonging to the e-mail recipient.

The report notes that those unknowing recipients of these emails are led to believe that, by cooperating with this investigation and providing the necessary information, they may help the FBI determine the legitimacy of the transaction and facilitate its processing. They are duped into believing they may profit greatly as a result of their cooperation, or they are threatened with prosecution by the FBI and even told they would become the subject of a terrorist investigation if they don't cooperate. The sure sign that these emails are not legitimate is the gross spelling and grammatical errors, a characteristic of many Nigerian 419 advance fee frauds.

The IC3 says it has recently changed its data collection system to isolate complaints about these kinds of emails, but says it isn't able to quantify the total. The group says it is seeing a substantial number of complainants that indicate the popularity of this method among identity thieves.

Another scam commonly reported combines computer intrusion techniques with social engineering. This scam exhibits a more personal appeal in an attempt to defraud people. It begins with the hacker/scammer getting unauthorized access to an email user's account.

After the email account is taken over, the scammer then uses it to send emails to the real email owner's contact list. The scammer says they are the email account owner and tells the person they are stranded in a foreign country and have been robbed and need money wired to them to get a hotel room or a plane ticket. Same as in the FBI emails, these emails are filled with spelling and grammatical errors. Word to anyone receiving this kind of email: Contact your friend or relative by another way to confirm the request for help.

Another area of note: overpayment scams. Fraudsters negotiate formal or informal contracts requiring payment to victims. Almost invariably, the victim receives payments in excess of the amount owed. Fraudsters then instruct them to deposit the money and to wire the excess amount back to them or some third party, usually supplying a credible story explaining the excess amount.

If the fraudsters are successful, the victims follow their instructions, only to find out later that the payment instrument (usually a bank check or money order) the fraudster used was fake. Stuck with the bad check or money order, the person is also held liable by their banks for losses generated by the fake check.

Several varieties of the overpayment scam exist. Such scams include the secret shopper and pet schemes that appeared in the 2007 IC3 report. In 2008, the most common form reported was the "roommate" scam. Someone advertises for a roommate, the fraudster contacts them and says they'll pay with a check or money order. Then the same predictable actions occur: The person who wanted a roommate gets a bad check over the amount originally agreed upon, deposits it into their bank account, and then the fraudster asks them to wire the excess amount to someone involved in their move to the new location, (sometimes it is a bogus furniture supplier or moving company.) The real status of the checks sent by fraudsters usually doesn't surface until after the excessive funds have been wired and cashed, and the roommate seeker is stuck with the losses.

These scams are just some of the ones reported to IC3 in 2008. Why it is important for financial institutions to know about them is because these scams are being perpetrated against your employees and customers. The scams you don't tell them about today will visit them tomorrow. To keep on top of the latest scams hitting consumers, you'll want to check the IC3, FBI and FTC websites for updates and encourage your customers to report them to the IC3.



About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.