Scam of the day – December 26, 2016 – FBI warns about increase in Business E-Mail Compromise scam

The Boston Division of the FBI is warning companies about a huge surge of Business E-Mail Compromise scams (BEC).  Losses to companies in the New England area under the authority of the FBI have ranged from $500 to 5.9 million dollars with the average loss per company being $90,000. The scam involves an email to the people who control payments at a targeted company. These people receive an email purportedly from the CEO, company attorney or even a vendor with which the company does business requesting funds be wired to a phony company or person.   At its essence, this scam is remarkably simple and relies more on simple psychology instead of sophisticated computer malware.  Often the scammers will do significant research to not only learn the name of the key employees involved with payments within a company, but also will infiltrate the email accounts of company employees for a substantial period of time to learn the protocols and language used by the company in making payments.  The scammers will also gather information from the company’s website and from social media accounts of its employees, all in an effort to adapt their message to seem more legitimate.

TIPS

In order to avoid this scam, companies should be particularly wary of requests for wire transfers made by email. Wire transfers are the preferred method of payment of scammers because of the impossibility of getting the money back once it has been sent.  Verification protocols for wire transfers and other bill payments should be instituted including, dual factor authentication when appropriate.  Companies should also consider the amount of information that is available about them and their employees that can be used by scammers to perpetrate this crime.  They also should have strict rules regarding company information included on employee social media accounts that can be exploited for “spear phishing” emails which play a large part in this scam. Finally, employees should be specifically educated about this scam in order to be on the lookout for it.

Scam of the day – November 15, 2016 – Post election scams

Merely because the presidential election is over doesn’t mean that scammers are not using the election as a further opportunity to scam people out of their money.  Scammers are always exploiting whatever is foremost in the minds of people and with a close election exposing how deep the divide is between many Americans, scammers are utilizing new scams designed around the election.

Both President Elect Trump supporters as well as his detractors will legitimately be doing fund raising at this time for their respective causes while emotions are running high.  You can expect to be contacted by phone, text messages, social media and email about contributing to various organizations claiming to advance your cause, whatever it may be.  Many of these people contacting you will be scammers.  Trust me, you can’t trust anyone.

You also may be contacted by scammers posing as people either taking a political survey or petitioning about current issues, such as the electoral college.  The danger here is that the scammers lure people into trusting them and then ask for personal information, such as birth dates and Social Security numbers that can be used for purposes of identity theft.

TIPS

Whenever, you are contacted by phone, text message, email or through social media, you cannot be sure who is really contacting you so you should never give out personal information including credit card information to anyone contacting you in those ways unless you have independently verified that the contact is legitimate.

No legitimate pollster and no one asking you to sign a legitimate petition needs your Social Security number so never give it to anyone asking you to sign a petition.

Scam of the day – October 5, 2016 – Latest twist on the grandparent scam

I have been reporting to you about the grandparent scam for more than four years because people continue to fall for this scam losing thousands of dollars to scammers posing as an elderly victim’s grandchild.  The scam starts with a late-night telephone call to an elderly victim from a scam artist, the only criminal, we refer to as artists, posing as their intended victim’s grandchild who has been involved in some sort of emergency and needs the grandparent to send them money right away. The criminals often manage to gather valuable information from obituaries and social media of young people, such as the particular names the grandchild may use to refer to their grandparents to make the calls seem more legitimate.

For years the preferred method that the scammers instructed their victims to use for sending funds was by wiring the money from Western Union or MoneyGram, however, employees of these companies are now being trained to inquire when suspicious amounts are being sent, particularly overseas.  In response, scammers are now telling their victims to buy iTunes Gift cards and give the scammers the numbers by phone so they can access the funds.

TIPS

Never wire money unless you are absolutely sure about to whom you are wiring the money and it is not a scam.  Once you have wired money, it is gone forever.  If a claim about a medical or legal emergency is made, contact the hospital or legal authorities in the area to confirm that the information is accurate.  Make sure that you have the cell phone number of your grandchild as well as  anyone with whom your child or grandchild is traveling so you can confirm any calls claiming that an emergency has arisen.  Call the child directly on his or her cell phone to confirm the story.  Students traveling abroad should register with the State Department’s Smart Traveler Enrollment Program at https://travelregistration.state.gov/ibrs/ui/.  This program can help with communications in an emergency situation.

As for being asked to send fund by way of iTunes Gift cards as scammers are increasingly doing in this scam and other scams, this is always a scam so it is easy to spot.

Scam of the day – January 18, 2016 – Identity theft dangers of social media

Social media is as much a part of modern day life as a morning cup of coffee.  Facebook, Twitter, Instagram and many other social media sites are the primary way that many people communicate.  With more than 500 million people on Facebook alone, you can expect that identity thieves will be there taking advantage of the opportunities for identity theft presented by social media.  Although many social media scams involve luring people into clicking on links containing keystroke logging malware that will steal the information from your computer or smartphone and use it to make you a victim of identity theft, a major source of identity theft involving social media involves people posting too much personal information about themselves that can be manipulated by identity thieves for their illegal purposes.

Recently the Niagara County New York County Clerk Joseph A. Jastrzemski issued a warning about people putting photographs of their driver’s licenses on Facebook and other social media.  Too often, a young person who just got his or her driver’s license will post a photo of the license on social media without realizing that he or she is providing information, such as address and birth date than can be used to either contribute toward their becoming a victim of identity theft or for purposes of creating phony driver’s licenses which can be sold on the black market that can result in the victim of the identity theft having motor vehicle offenses that turn up on his or her  own driving record.

TIPS

When it comes to posting personal information on social media, often the less you provide the better. Don’t ever post driver’s licenses or other forms of personal identification.  Too much personal information in the hands of an identity thief can make his job easier to target you for spear phishing emails or text messages that use the information they have harvested from their intended victim’s social media to make their spear phishing communications seem legitimate.  This can result in the victims trusting the communications and downloading keystroke logging malware.

Don’t befriend everyone that asks.  Identity thieves will contact you with phony profiles to lure you into providing information they can use to make you a victim of identity theft.  Also, check out the privacy policy of the various social media sites you use.  You may be providing more information than you want to share with other people.

Scam of the day – August 28, 2015 – Money flipping scam

Social media is suddenly being flooded with advertisements for money flipping opportunities.  In one version of the scam being found on Instagram, there is a photograph of someone folding a pile of money with text that says that it is easy to “flip” a couple of hundred dollars to as much as thousands of dollars and then gives you contact information in order to take part in this great opportunity.  Once contacted the scammer then instructs the victim to provide their debit card and PIN to the scammer in order to be able to deposit a check into your account.  The scammer then tells you that he or she will deposit a check into your account and then withdraw the money shortly thereafter.  You then get paid for allowing the scammer to use your account in this manner.  The problem is that the check the scammer deposits into your account is counterfeit, but the money withdrawn from your account in the amount of the counterfeit check is not so you lose money from your account.

TIPS

Certainly everyone wants, as Dire Straits sang years ago, “money for nothing,” however, you should always be skeptical of anyone proposing a scheme that appears to offer that kind of reward.  What possible legitimate reason could there be for a stranger to need to use your bank account to cash a check?  This is an obvious scam and one that should be avoided.   You also should never consider giving your debit card and PIN to a stranger or even a friend for that matter.

Scam of the day – January 9, 2015 – Post holiday delivery scam

Although the holiday shopping season is essentially over, there are still many people who may have ordered gifts at the last minute that are just starting to arrive and scammers are taking advantage of this situation.  Reports are surfacing of people receiving communications purporting to be from national retailers either by email or social media messages in which the people receiving the messages are told that their delivery is ready for pickup or delivery.  The messages and emails often look quite legitimate and carry the logo of the particular retailer from whom the message appears to be sent.  As is an essential part of this type of scam, the email or social media message contains a link which you are advised to click on for more delivery information and that is where the problem starts.  Clicking on the link either will take you to a website that asks for personal information used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will have unwittingly downloaded keystroke logging malware that will steal all of the information from your computer and use it to make you a victim of identity theft.

TIPS

Just as the IRS does not initiate contact with taxpayers by telephone so that if you get a call purporting to be from the IRS you know it is a scam, so do retailers not communicate about deliveries with customers by way of Facebook and other social media.  It certainly is important to keep track of all of your legitimate orders from retailers so if you get such an email message, you can ignore it, knowing you do not have a delivery, but even if you have any question that it may be a legitimate message, you still shouldn’t click on any link without confirming that it is legitimate and the best way to do that is to call or go to the website of the company directly at a telephone number or website address that you know is correct.  Don’t use the phone number or website address provided in the email. Remember, “trust me, you can’t trust anyone.”