Other Fraud Risks
Advance Fee ("419")/Overpayment/Fake Check Fraud
In this funds transfer scheme, the target receives an unsolicited e-mail containing either a money laundering proposal or what looks like a legitimate business proposal. There are many variations of this scam, including "over-invoiced" goods, money left to you in a will or payment for an auction purchase with a check larger than the amount required, asking for change to be returned.
The target is then asked to front an amount of money for customs, duties or bribes in order so that he/she is able to receive his/her portion of the money. This typically will happen several times – excuses and amounts will vary. In some cases, the scammer will forward to the target a seemingly real check and ask the target to deposit the check and wire some of the proceeds back to the scammer, while keeping the balance. The check will turn out to be fake and the target will be responsible for the entire balance.
Note: Federal law requires banks to make deposited funds available within a certain time period, but this does not mean a deposited check has "cleared." If available funds are withdrawn and the check is subsequently returned unpaid, the Customer is responsible for repaying the withdrawn amount.
A typical lottery scam begins with an unexpected e-mail notification that you have won a large sum of money in a lottery – often originating from free e-mail accounts such as Yahoo, Hotmail, MSN, etc. Scammers will also often use the names of legitimate lottery organizations, thereby trying to make themselves look legitimate. You are usually told to keep the notice secret and to contact a claims agent to validate. After contacting the "agent" you are asked to pay supposed processing fees or transfer charges so the winnings can be distributed. Of course, you never hear from them again.
Online Shopping Scams
Buying online is fast, easy and convenient – but it may mean doing business with merchants you have never seen or heard much about. The following guidelines will help ensure that your online transactions are secure
- Do your homework on the company or individual to ensure they are legitimate. Reputable merchants will have easy-to-find information about themselves, their location and contact numbers.
- Make sure there is enough detail on the website to allow you to make an informed decision. What are the terms of the contract? Is a warranty offered? What's the merchant's payment policy? How do they handle complaints and returns?
- Be careful with online auctions. Before you bid for an item, be sure you understand how the auction works, what your obligations are and what the seller's obligations are. Verify who is selling the item. Better sites will keep records of sellers and customer satisfaction with them, and should also have dispute resolution mechanisms.
- Print and save the confirmation page when completing an online purchase, as well as contract terms. Make your own notes of all transactions and store them in a secure place.
- If you think you've given credit card or banking information to a fraudulent site, notify your credit card company and/or financial institution immediately.
Peer-to-Peer File Sharing
Peer-to-peer (P2P) developers have created decentralized, encrypted, anonymous networks that can find their way through corporate and residential firewalls. Moreover, criminals actively search P2P networks for personal information they can use to commit identity theft. There are several ways for confidential data to find its way to a P2P network, including instances where users accidentally share folders containing such data. Examples include users storing music and other data in the same folder that is shared, or users unknowingly downloading malware that exposes their file directories to the network.
Removable Media Devices
Removable media devices (thumb drives, flash drives, MP3 players, etc.) have become one of the largest security threats to businesses. Employees can easily download corporate information – sales figures, customer lists, marketing plans, etc. – onto a small storage device, slip it into their pocket and walk out the door. A defined acceptable-use policy and controls to prevent the download and transfer of sensitive data should be in place.
Vishing (or "voice phishing") are attacks in which bank customers are contacted by e-mail or sometimes automated phone call and told that their checking accounts have been compromised. Instead of being referred to a website (as in phishing scams), customers are urged to call a local or toll-free number. The number connects to an automated response system that answers the call and asks you to input account information and/or your Social Security number to clear up the "problem."