Other Fraud Risks
Advance Fee ("419")/Overpayment/Fake Check Fraud
Identity Theft Protection
You can help protect your credit and your identity with ITAC Sentinel®
Plus Identity Theft Protection.
First 30 days at no cost, then $12.99 per month!**
† | View details
Already a member? Log in
In this funds transfer scheme, the target receives an unsolicited e-mail containing either a money laundering proposal or what looks like a legitimate business proposal. There are many variations of this scam, including "over-invoiced" goods, money left to you in a will or payment for an auction purchase with a check larger than the amount required, asking for change to be returned.
The target is then asked to front an amount of money for customs, duties or bribes in order so that he/she is able to receive his/her portion of the money. This typically will happen several times – excuses and amounts will vary. In some cases, the scammer will forward to the target a seemingly real check and ask the target to deposit the check and wire some of the proceeds back to the scammer, while keeping the balance. The check will turn out to be fake and the target will be responsible for the entire balance.
Note: Federal law requires banks to make deposited funds available within a certain time period, but this does not mean a deposited check has "cleared." If available funds are withdrawn and the check is subsequently returned unpaid, the Customer is responsible for repaying the withdrawn amount.
Business blogging refers to internal or external information exchange operated by an organization. Blogs can be used to share ideas and communicate quickly, but copyright infringement, invasion of privacy, defamation, sexual harassment claims and discovery disasters are all possible with blogs. Blogs also put organizations at tremendous risk for security breaches, with the potential loss of trade secrets, financial information or other confidential material.
Cell Phone Text Messages
Beware of text messages received on your cell phone telling you to use your computer to access the web address given in the text message. You are told that unless you comply you will be charged or subscribed to a service. Once you use your computer to go to the web address given, your computer may be compromised with a Trojan Horse program and your data security may be at risk.
A typical lottery scam begins with an unexpected e-mail notification that you have won a large sum of money in a lottery – often originating from free e-mail accounts such as Yahoo, Hotmail, MSN, etc. Scammers will also often use the names of legitimate lottery organizations, thereby trying to make themselves look legitimate. You are usually told to keep the notice secret and to contact a claims agent to validate. After contacting the "agent" you are asked to pay supposed processing fees or transfer charges so the winnings can be distributed. Of course, you never hear from them again.
Peer-to-Peer File Sharing
Peer-to-peer (P2P) developers have created decentralized, encrypted, anonymous networks that can find their way through corporate and residential firewalls. Moreover, criminals actively search P2P networks for personal information they can use to commit identity theft. There are several ways for confidential data to find its way to a P2P network, including instances where users accidentally share folders containing such data. Examples include users storing music and other data in the same folder that is shared, or users unknowingly downloading malware that exposes their file directories to the network.
Pharming is a variation of phishing in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent websites without their knowledge or consent. Once on the fraudulent site, the user will be asked to submit confidential information and the attackers will capture this information for illegal use.
Removable Media Devices
Removable media devices (thumb drives, flash drives, MP3 players, etc.) have become one of the largest security threats to businesses. Employees can easily download corporate information – sales figures, customer lists, marketing plans, etc. – onto a small storage device, slip it into their pocket and walk out the door. A defined acceptable-use policy and controls to prevent the download and transfer of sensitive data should be in place.
Vishing (or "voice phishing") are attacks in which bank customers are contacted by e-mail or sometimes automated phone call and told that their checking accounts have been compromised. Instead of being referred to a website (as in phishing scams), customers are urged to call a local or toll-free number. The number connects to an automated response system that answers the call and asks you to input account information and/or your Social Security number to clear up the "problem."