I’m reading through my Fraud Magazine November/December 2015 edition and came across an article, written by Robert E. Holtfreter, Ph.D., CFE, CICA, CBA, entitled, “Beware fake gov’t sites and spoofed email accounts“.
It never fails to amaze me the level of new fraud schemes invented every day. The government has very informative websites that offer guidance for anything you may want to research with ways to communicate with them and the scammers know it.
Fake Government Sites
They know you will want to easily use the government services and provide all of your sensitive private information (or personally identifiable information (PII)) online because they’re fairly confident they’re dealing with actual government service agencies. So they put up a fake site, assume you will be fooled and give up all of your sensitive information!
“Duke Franklin had lost his Social Security card, so he applied for a replacement on the Social security Administration (SSA) website [SO HE THOUGHT]. He clicked on the first link that came up in his search and followed the instructions to fill out the required forms to apply for a new card. The site asked for some personal information and a $150 fee. He was told to send his birth certificate and other personal items to a specified address. The site said the SSA would mail his new card within a few days to a few weeks. After waiting more than two months, he called the phone number listed on the website but it was “out of service.” He realized he’d been scammed.
Duke was a victim of a new government services website scam reported by the FBI on its Internet Crime Compliant (IC2) website on April 7. (See “Criminals Host Fake Government Services Web Sites to Acquire Personally Identifiable Information and to Collect Fraudulent Fees”)
In the end, the victim never receives the requested government documents and can never reach anyone to help. The article mentions that the FBI says that “the victim uses a search ignite to contact a government service agency to obtain a new or replacement document and that the first link in the search is ally fraudulent.” This raises some concern. Everyone seems to trusts Google’s algorithms, typically believing that the first hits are used the most and probably would be legit. Be aware – this is not always true!
The article further states that, “The FBI does provides some advice on this issue –
- “Use search engines or other websites to research the advertised services or person/company you plan to deal with.”
- “Search the Internet for any negative feedback or reviews on the government services company, [its] Web site, .. email address, telephone numbers, or other searchable identifiers.”
- Research the company policies before completing a transaction.”
- Be cautious when surfing the Internet or responding to advertisements and special offers,.
- Be cautious when dealing with person/ companies from outside the country.”
- “Maintain records for all online traction,”
- “And, victims should file a complaint with the FBI’s Internet Crime Complaint Center at http://www.IC3.gov.
Email Account Compromise Scam (Spoofed Email Accounts)
The article also mentions email account compromise scams –
On August 27, the FBI reported that fraudsters are directing the sophisticated email account compromise (EAC) scam to individuals in the general public and at professional business firms, including financial and lending institutions, real estate companies and law firms.
…The scam’s purpose is to use a victim’s stolen or spoofed email address to contact his or her financial institution and make an unauthorized request to wire funds to the fraudster’s account outside of the US or to a money mule in the US, who’ll then transfer the funds to the fraudster’s account.
The scammers compromise email accounts of potential victims via computer intrusion and social engineering techniques. Typically, a fraudster will gain access to a victim’s real email account address when doing reconnaissance work. The fraudster adds, changes or deletes a character to create a spoofed email account that resembles the victim’s real account.
The spoofed email fools a financial institution employee who unwittingly wires the money to the frauds.
The article provided the following recommendations from the FBI to help protect yourself from this scam:
- Do not open e-mail messages or attachments from unknown individuals.
- Be cautious of clicking links within e-mails from unknown individuals.
- Be aware of small changes in e-mail addresses that mimic legitimate e-mail addresses.
- Question any changes to wire transfer instructions by contacting the associated parties through a known avenue.
- Have a dual step process in place for wire transfers. This can include verbal communication using a telephone number known by both parties.
- Know your customer. Be aware of your clients typical wire transfer activity and question any variations.
All professionals should step up our efforts to educate the public about these scams. Cyber-criminals take advantage of trusting internet users and use any opportunity to develop schemes to trick consumers and steal their information.
I will never forget a long conversation I once had with an internet programmer, her statement always stays in my mind. “The internet is the wild, wild west.” Don’t forget that. It isn’t as regulated as people assume and it is nearly impossible for anyone to try. Protect yourself.