The number of online scams is huge and growing. The sheer number of scams makes it difficult to catalog them all but there are similarities in the methodologies used by scammers that apply across a broad range of cyber crimes. It is important to recognize these techniques and know how to react when they are being used. Many of the newest scams are not really new, but modified versions of old scams.
1. Payment Forwarding and Processing Scam
Unfortunately, high unemployment and scarce job opportunities have led to a proliferation of scams that take advantage of individuals seeking a way to earn income. There are a number of ways scammers try to take advantage of unsuspecting job seekers.
One scam involves the victim’s participation in illegal money laundering activities. Two variations of this scam entice the job applicant to become part of a criminal operation. These are the payment forwarding or processing scam and the postal forwarding or reshipping scam. In both cases, the victim can be contacted by the scammer as a result of a response to an unsolicited e-mail, a resume posting or the victim sending a resume in response to a rebate or payment processing job.
In the payment forwarding or processing scam, the victim is asked to provide bank account information to the scammer (the new employer) or to open a new account using information supplied by the scammer. The scammer deposits money into the account and asks the victim to wire the money (less a commission) to a third account usually outside the country. There is no processing of rebates or payments, just the illegal laundering of money for a small commission.
2. Postal Forwarding and Reshipping Scam
In the postal forwarding and reshipping scam, the victim receives shipment of goods and then reships them to a foreign buyer, in return for a commission. This scam involves shipping products to the victim and then having the victim reship those products to another destination, usually another country. A scammer has likely purchased the products with stolen credit cards or other hijacked funds and the victim merely ships the products to another (usually foreign) address, where they will be fenced. This is obviously an illegal activity.
3. Phishing Expeditions
Many job applicants are anxious to secure employment and cyber criminals are more than willing to exploit that anxiety. Applicants post their resumes on a job site and wait to hear from an interested employer. Unfortunately, not all jobs posted are legitimate and criminals troll some job sites looking for unsuspecting victims. In many cases, the scammer has designed professional looking ads that may include links to what appear to be legitimate company websites.
Not all job sites are the same. Some require verification of recruiters to protect the applicants and have clearly defined privacy policies. Others may be more open and have fewer protections. The posting of bogus ads is often simply a ploy to capture the personal information of the unsuspecting applicant. The simplest trick is to include a link to a bogus site and instruct the applicant to click the link where additional information is requested. Other approaches may be a follow up e-mail from the “employer” offering an attractive sounding job and requesting personal information. Often, the excitement of finding a job after a long and frustrating search may cause the applicant to let down their guard and be taken in by the scammer.
Because of this threat, online job applicants should include only work-related information on the posted resume. After gaining credibility with the applicant, the scammer will try to get the applicant to reveal sensitive personal information such as social security number, date of birth, bank account numbers, and home address. A common rationalization is that the company needs the information because employee paychecks must be direct deposited. The applicant should not disclose this information based on an online job offer.
4. Jobs That Require Paying the Employer
Everyone has heard the expression that you should never pay for a job. Some scammers pose as headhunters or employment agencies that insist that the applicant pay a fee before starting the job. Once the fee is paid, the headhunter and the job disappear. If you want to deal with an employment agency, always thoroughly check them out before making any commitments.
A second type of scam involves trying to trick the applicant into making up front payments for some type of training as part of getting the job. A related scam involves the applicant receiving an advance paycheck for the job that is an overpayment and then the victim is asked to wire the amount of overpayment back to the “employer”. Once wired, the cash is gone and the employer’s check proves worthless, resulting in the victim’s loss of the wired funds.
Be Alert and Use Common Sense
Common sense is the best defense against employment scams. Examine how well the ad is written and if its language, spelling, grammar and sentence structure are up to standard. If not, the originator may be a foreign scammer. Before providing any personal information, think long and hard about why an employer would need the information. Do they really need your social security, bank account and credit card numbers and do you want to give anyone this information until you are 100% sure of their legitimacy?
5. Denial of Service Scam
Denial of service is a new scam that has been reported in certain areas of the country, particularly the northeast. In this scam, the criminal first gains access to personal information through one of the usual phishing methods such as e-mail, social media, careless telephone conversations or malicious software. Once enough information has been gathered, the criminal launches a denial of service attack. This involves using automated dialing programs and multiple accounts to tie up all of the victim’s means of communications, including phones.
By incapacitating the victim’s communications, the cyber criminal creates a diversion, making it impossible for the bank to verify transactions with the victim. The criminal impersonates the victim either by phone or online and raids the victim’s bank, online trading, or other asset management accounts.
6. Official Looking Phishing Scams
One popular scam is to use official looking communications from Government agencies to trick the victim into giving a scammer sensitive personal information. This may include getting e-mails from Medicare or the Treasury Department asking for information to apply for some type of rebate, refund or stimulus check. Official looking communications may come with the IRS logo asking for information so you can get a tax refund, update your file or some other reason.
If you click on a link to these e-mails, you will likely be communicating with a cyber criminal, not an agency of the US Government. If you provide the personal information requested you are setting yourself up to be a cyber crime victim. Keep in mind that these agencies do not send you e-mails and they do not ask for any personal information in any reply to e-mails. If you receive any of these e-mails seeking to get personal information, notify the appropriate authorities.
7. Social Media and Online Dating Scams
Social media scams prey on the sociability of members. Although social media have become a very popular way to keep in contact with friends, relatives, business contacts and former work associates, they also can be a hunting ground for scammers. This risk can be mitigated by limiting the amount of personal information that can be used by scammers on phishing expeditions.
Cyber criminals will hack accounts when possible and use the member’s contacts to send out e-mails to their friends asking for money. Often, the rationale for the money request is that the friend is stranded somewhere and they have been robbed. Without their credit cards, passport and cell phones, they have no way to get home. A new scam, often called “grandparent distress”, has arisen. In this scam, the grandparent is urgently requested to send money because the grandchild is in desperate need of help because of an accident, medical emergency or some other reason.
Other scams may relate to dating. Often, the victim develops a relationship with a boyfriend or girlfriend who may or may not be in another country. After the relationship and emotional attachment develop over time through online and telephone communications, the foreign boyfriend or girlfriend wants to come for a meeting so they can deepen the relationship with an in person meeting. At first, the scammer may not ask for any money for the trip to keep from arousing suspicion. Often, just before the trip the friend needs money for the plane ticket, visa or for some medical emergency and requests the funds. If the ploy works, the money is sent and the friend is never heard from again.
8. Advance/Upfront Payment Trick Scams
The number of advance or upfront payment scams is too numerous to mention. These scams are designed to achieve one goal – trick the victim into making an upfront payment or reveal sensitive personal information in return for a promise of a much larger payment. In addition to the well-known up front payment Nigerian 419 Scam, there are lottery scams, inheritance scams, prize winning scams, real estate and vacation rental scams and many others.
The current real estate market has produced a new scam where the scammer offers to pay an above market price for an advertised property but needs and advance payment for some trumped up reason. A scam commonly called the “mistake scam” involves the scammer issuing a counterfeit check or money order for more than the purchase or rental price and then having the victim reimburse them for the difference with a wire transfer. In the case of the prize-winning scam, the scammer may ask for your bank acct number and PIN to pay for shipping and handling.
Eleven Tips to Reduce the Chances of Being Scammed
- Keep all of your virus protections and computer security features up to date.
- When you receive an unexpected message on your computer, avoid the temptation to act quickly and take your time and think before reacting.
- Online, on the phone and in everyday activities, be aware of the need to keep your personal information protected.
- Never respond to unsolicited e-mails asking for verification of personal information even if the request looks like an official communication and has a familiar look and logo. Call the real company and ask them if they sent you a message.
- Be alert to the dangers of responding to scary messages imploring you to click on a link for a download to fix a problem with your computer or virus protection.
- Never send money or agree to deposit a check from someone you don’t really know and then agree to wire money back to them. Once you wire money, it’s gone. Do not fall for this well-known scam.
- If you receive a job offer online, do the research and make sure the employer is legitimate by thoroughly checking them out with independent third parties.
- Limit online resume postings to job related information. Use job sites that require employer verification to view the resume and have privacy policies.
- Be diligent in reviewing your bills and financial statements, including statements received in the mail and viewed online.
- Use common sense and be very skeptical of any investment recommendation sent to you by e-mail. Remember the popular saying of economists that there is no such thing as a free lunch.
- Watch out for trick sign ups. Know the originator, you may end up with a difficult to cancel subscription or inadvertently download malicious software on to your computer.
Online Activities Require Vigilance
Modern society depends on online communications taking place in a secure environment. Because online communications have become such an integral part of everyday life, caution must be exercised in using these capabilities to their fullest without allowing the criminal element to take advantage of the situation to exploit unsuspecting users. Every user has to take every precaution to protect themselves and others from the threat of cyber crime.
Sources for this article included the FBI’s new e-scams and warnings and the Federal Trade Commission’s On Guard Online website.