COMMOM FRAUD SCAMS

Cybercriminals trick company employees into transferring large sums of money to them by impersonating CEOs and other company executives in spoofed or masqueraded emails. The schemers first study their intended victims by using the company’s website, social media and Phishing to get information like employees’ names, job titles, email addresses and phone numbers. With the company’s information, scammers can spoof or fake an email to an employee who they know can transfer money or pay invoices for the company, making the email look like it is coming from an executive officer or other trusted source.

A form of identity theft in which criminals steal your valid online banking credentials. In most cases, the fraudsters introduce malware into your computer system which may go undetected for weeks or months. This malware can be introduced into your computer via email attachments or websites you visit that have been infected. Account-draining transfers using the stolen credentials are then conducted.

Just as with other types of fraud, criminals attempt to pose as a person with whom you have gained trust; for example, a relative, an executive at your company, your bank, an attorney, or a government agency. They send a fake request instructing you to wire funds immediately using payment instructions they provide – and they reiterate the urgency of their request. This is meant to pressure you into making a mistake that is difficult to correct. Once the money has been wired, it is nearly impossible to recover the funds.

Recently, banks across the country have been experiencing a drastic increase in issues connected to mail fraud. The most common occurrence is business checks being altered after being stolen from the mail or fraudsters making a counterfeit check with the same account information on it. A business’ cash flow can be greatly affected after falling victim to mail fraud so it is important to closely monitor your business’ accounts.

To avoid falling prey to mail and check fraud, keep these tips in mind:

• Monitor your account closely so you can identify if an original item did not clear or if it’s payable to a different payee (which could be the result of an altered check). Don’t wait for a vendor to reach out and say they didn’t receive a payment.
• Don’t mail checks from your business location or by using the outdoor blue collection boxes. Instead, mail them from inside the post office.
• If your vendor tells you they did not receive payment, but you can see the check has cleared your account, contact the bank as soon as possible to start a Forged Endorsement claim. The payee of the endorsement that was forged will have to sign a Check Fraud Affidavit. These claims must be sent to the bank that negotiated the check and can take some time to get a response back.
• If your company issues a large volume of checks, you may want to talk to your bank about what fraud prevention tools are available to you.

This scam is similar to the overpayment scam except, in this case, the scammer does not send a check to the victim. Fraudsters will contact you, usually over text or email, claiming to be a familiar company (ex. Amazon, Apple, Norton Life Lock). The scammer will claim that the company issued a refund, but the payment was an excess amount of money.

The scammer will request remote access to your computer and advise you to log into your online banking account in order to verify the overpayment. Then the scammer is able to make transactions from your account. They will transfer funds from other accounts you are a signer on to make it appear as if an overpayment was made (for example, transferring $1,000 from a savings account to a checking account). Then you will be asked to wire out money to the scammer to correct the overpayment.

In another version of this scam, fraudsters will contact you via text or email claiming there is fraud on your account. The scammer will request remote access to your computer and then advise you to log into online banking. Once they have access, the fraudster will put up a fake page so you cannot see what they are doing and secretly transfer money out of your account via Zelle®. If the scammer makes a transfer while they have access to your computer and online banking, it will not appear to be suspicious activity to the bank, as it is originating from your normal IP address (your device).

You should NEVER grant someone access to your personal computer when you are logged into your Online Banking account.

• If someone asks you to grant them access, you should hang up and call the company back directly at a phone number known to you to verify the story you were provided.
• Remember, if you conduct the wire request to the bank directly, and these funds are sent out to the scammer, it is very difficult to recover those funds. More than likely, you would not get these funds back.​​​

In a smishing scam, fraudsters send a linkless text message claiming there’s been a bank transfer from your account. The message usually asks if you’ve authorized the transaction from your debit card, through Zelle, or even from a retailer. Anyone who answers the ‘yes’ or ‘no’ question in the text message receives a phone call almost immediately after. The person calling claims to be from your bank’s fraud department to help secure your account. They then ask you for your online banking username and tell you to read back the passcode sent to you via text or email. When the fraudster enters your username into your banking website, he/she initiates the “forgot password” feature, which generates this passcode text message. By giving out this passcode, you allow the fraudster to reset your password and successfully gain access to your account without your knowledge.

In this scam, fraudsters send a text message posing as your financial institution, i.e., PlainsCapital Bank. The text claims to be “urgent” and falsely says your debit card account is locked. They provide a phone number to call to “unlock the card.” Cardholders who call the number provided reach an automated menu with a computerized voice. They are then asked to provide their personal card information—full card number, expiration date, security code on the back of the card, and their PIN. The fraudster then tells the customer they will receive a code via text message on their phone, and they are to give that code to the fraudster. By giving out this code, the fraudster now has a digital version of the customer’s debit card on their own phone.

This scam first surfaced back in 2019, but fraudsters are back trying it again. It starts with an unsolicited phone call from a random number. The person calling claims to be a law enforcement agent, usually with the FBI. The “agent” says your name is tied to a rental car in Texas found with blood and cocaine inside. You’re asked to give your Social Security number and financial account information. Another version of the scam involves a person calling claiming to be a Social Security Administration representative. They say, in addition to a rental car with blood and cocaine, they have found an offshore account in your name with a large amount of cash. You are then told your Social Security benefits will be suspended if you do not provide your personal information, including your Social Security number and financial account information.

The opportunity to work from home is becoming a very popular and an attractive option for many. As the interest increases, so do the opportunities to be conned with jobs that pay “big financial rewards.” Although there are many legitimate work from home jobs, these schemes do not guarantee a regular salary and almost always require an “up-front” investment.

During a romance scam, the victim is courted online for some time before the scam starts. At first, the criminal is very interested in the victim and will make many promises. After a period of time, they will ask the victim for help, either due to an illness, accident, job loss, family emergency, or their bank accounts have been frozen for some unknown reason. Once a small amount is sent they will ask for larger amounts and become very demanding.

In this scam, the victim may be selling goods in a marketplace, over the internet, or through a trade site. The buyer will send a cashier’s check for the goods, but the amount will be incorrect, normally for a much larger amount then the goods were sold for. The victim will be asked to deposit the check and then wire the extra funds back to the buyer. After the victim wires out the funds, the deposited check will charge back as fraud. The victim is out the amount that was wired out and will never receive back the merchandise the criminal “purchased” from them.

Card Cracking begins with a criminal posting on Facebook or another social media site, asking if someone would like to make easy money. The victim is advised to open a bank account (if they don’t already have one) and then give the scammer the debit card for the account. The scammer will then make fraudulent deposits into the victim’s account and withdraw funds via the ATM. The account holder is advised they will get to keep some of the cash from the deposits and they are to claim their card was lost or stolen. The scammer tells the account holder there is nothing the bank can do to them as they did not make the fraudulent deposit.

Skimming is a common method used by fraudsters to obtain credit card or debit card information. The “skimmer” device is a small tool with a mag-stripe reader that stores card information. Generally, the card is swiped through the skimmer when making an ATM withdrawal or a purchase at a location where the consumer inserts their card into a machine. The information obtained is used to create a counterfeit card or is sold to other fraudsters.

This type of scam is a criminal activity that uses fraudulent techniques to trick you into providing personal information. These techniques include the use of fake emails, phone calls, and/or websites posing as legitimate and trusted organizations to fool you into divulging personal financial information that is then used to commit identity theft or other types of fraud.

This scam is used in the same manner as Phishing; however, the contact is made by text messages instead of an email or phone. The victim is asked to provide their personal information.

The Mystery Shopper scam is similar to the “Work from Home” scam. The victim is approached to earn money for little to no work. They receive a letter and check in the mail asking them to deposit the check, withdraw cash, and then shop at the merchant stated in the letter. One of the merchants will be a money service business (Western Union, Money Gram, or similar business) and the victim will be directed to wire funds out, then report on the service they received while conducting the wire. As with other scams, the victim is advised to keep a small amount of the funds as well as the items they purchased. However, the check deposited charges back as fraud and the victim is out the funds.