Ripped From the Headlines

There have been a couple major news stories about banks collapsing recently. The reasons for these banks entering conservatorship are outside the scope of this article (let’s just say that risky investments played a part. However, it’s enough to make some people jittery about their own financial institutions, or the banking system in general. That’s understandable.

It’s also enough for scammers to integrate into their schemes. Reports of fraudulent messages claiming that the recipient’s bank has failed have already begun to circulate.

Phishing for Account Information

These generally fall under the category of phishing attacks. They’re designed to trick victims into revealing personal or account information such as Social Security numbers, account numbers, passwords and PINs.

Legitimate financial institutions collect your personal information when you open your account. They do not suddenly “forget” your information and need you to send it to them again. They gave you your account number in the first place; they do not need you to verify this information. Your PIN or password is not even known to your bank or credit union. They have zero reason to ask for it via email.

There is no reason for a bank or credit union to email (or text) you out of the blue to ask you to login to your account or provide personal information. Different financial providers have different ways of dealing with suspected fraudulent activity, but contacting clients and asking them to relay their account details back to them is never the way.

Don’t Panic

The goal of these messages is to stoke fear, so victims will respond quickly without thinking critically about the situation. The Hitchhiker’s Guide to the Galaxy has the best advice for dealing with this sort of email or text message: DON’T PANIC.

Whenever someone presents you with information designed to make you afraid, whether of losing something or of missing out on a great deal, and then proposes that you give them money or personal information to make that fear go away, be extremely suspicious. Remember that scammers want you to react without thinking, and they will piggyback on any major news story to make their fraudulent claims look real.

Online Fraud Prevention Techniques

There are a lot of ways to detect online scams. You can try to learn about lots of different schemes and memorize the details of each one, sort of a mental “if someone says THIS, then THIS is what they’re trying to get from me” list of rules. And that works to a point, except it takes a lot of work and sometimes scammers change up their methods just enough to throw you off.

You can use ideas like, “if it sounds too good to be true, it probably is too good to be true.” That also works. But a lot of people have a high threshold for what they consider “too good to be true.” What sets off one person’s suspicions might seem perfectly reasonable to another.

My favorite method of online scam prevention is a thought experiment of sorts: how would this sound if a stranger was saying it to me on the street?

Imagine an In-Person Approach

Artist Scammer

Let’s say you were just sitting on a bench at a public park one day. Some slick-looking dude with a few generic pieces of printed-out “digital art” runs up to you. “I am an artist and you have inspired me,” he announces. “I am going to pay you to be the subject of a commissioned piece for a wealthy client. By the way, that client is going to give you ALL of the money, and then you will send most of it to me through PayPal. Friends and Family, of course.” It would seem a little off, to say the least. You’d probably try to get away from this weirdo as quickly as possible.

Advance Fee Fraud

After your run-in with Art Guy, you leave the park and head down the sidewalk. Yet another stranger approaches you. He says, “I’m extremely rich but I also have a terminal illness, and I want to give my money away to deserving people. You are obviously a very good person, and so I’m going to give you thirty million United States Dollars. To claim your money, kindly wire $7,500 to this other person to cover fees.” Would you believe a word of it?

Extended Warranty

After you escape from the moribund millionaire, you finally reach your car. Just before you open the door, someone pops out from behind a bush. “Excuse me! I have been trying to reach you concerning your vehicle’s extended warranty!” they shout as you hurry to get in the car and lock the doors.

Phishing

Having evaded these very strange people, you finally arrive at home. “Customer! CUSTOMER!” a man in a shabby suit hollers from across the street as you exit your vehicle. “Your card at our financial institution has been suspended due to suspicious activity! Please provide your card number, username and password or your account will be closed in 24 hours!” Would you give him what he asked for?

Many scams take advantage of greed, and some work on vanity. But most use fear as their primary emotion to trick victims into reacting. One of the most visceral forms is the Hitman Scam.

The Threat

Imagine this shows up in your email inbox:

I want you to read this message very carefully, and keep the secret with you till further notice, You have no need of knowing who i am, where am from, till i make out a space for us to see, i have being paid $150,000.00 in advance to terminate you with some reasons listed to me by my employer, its one i believe you call a friend…

The sender goes on to say they will not kill you if you match the fee they’ve been paid by your friend.

Scary, eh?

The rest of the message lays out the details for how they will accept an initial payment. Sometimes they promise a later in-person meeting where you can pay the rest in cash.

What They Really Want

Basically, they want you to wire money. The amount can vary but will usually be steep, in hopes that people will draw on any available resource to save their own lives. The scammer is counting on a fear response.

If you get one of these messages, whether by email or text message, do not panic, and never send money. These scams generally originate overseas. The sender is not a hitman and has not been hired harm anyone. They have no intention of coming anywhere near you. Usually, they do not even have means to do so. It is nothing more than an attempt to frighten people into sending money. It’s safe to delete and ignore, whether the threat arrives by email or text message.

Further Reading

• WA ScamNet: Hitman Scam
• FBI: Online Extortion – E-Mail Scam Includes Hit-Man Threat (2007 article)
• AARP: Hit Man Hoax Returns

“Pig Butchering” is an updated take on Investment Scams, in which victims are lured into phony cryptocurrency schemes. The name comes from the practice of “fattening up” victims for financial “slaughter” later.

It’s a gross scam with a gross name.

The perpetrators of this scam convince their victims to buy cryptocurrency and “invest” it through a website. The site will appear to show the victim’s balance growing at a high rate. The scammer convinces their mark to keep adding money to their account, as this alleged balance reaches into the tens and even hundreds of thousands of dollars or more. When the victim finally decides to cash out, there will be a significant “fee” involved in doing so, often in the tens of thousands. Once this final deposit is made, the website and the scammer both disappear. There was never any investment, never any account, just an untraceable crypto wallet the victim was transferring funds into.

How They Get You

Pig Butchering scams often start one of two ways, and usually play the long game with their victims. It may start with a “wrong number” text message. When you respond to this message, the stranger will thank you profusely for being so nice, then attempt to strike up a conversation. This exchange, lighthearted and flirty, including photos of the (attractive, of course) stranger, may continue for weeks before the topic of investing and cryptocurrency is even brought up. Eventually, though, this person you’ve come to like and trust brings up the subject of a new opportunity they’ve invested in. Their returns, of course, have been incredible, and they’d be happy to let you in on the secret.

The other method of hooking victims involves posting fake profiles on dating websites. Again, the scammer might exchange messages for a very long time before broaching the subject of investments and cryptocurrency.

“Why would someone just keep putting in more money once they find out that withdrawing it is going to require putting in more?” you may ask. Pig Butchering victims who rack up serious losses generally are falling for the sunk-cost fallacy; they’ve already deposited $20,000, so what’s another $10,000, especially if it might mean walking away with a quarter million?

Keep in mind that some versions of this scam may allow the victim to withdraw some of their funds early in the scheme as a way to “prove” that it’s a legitimate investment. Later, when the victim believes their investment has grown to half a million dollars, another $30,000 might not seem unreasonable. After all, they were able to successfully withdraw $100 that one time, right?

How to Avoid It

To avoid this scam, first watch out for wrong number text messages. These usually include someone else’s name (the fake intended recipient) and references to some mundane-but-specific subject. Other times they may claim to have lost all their contacts, and are trying to remember everyone’s number. You can be cordial, but don’t take the bait if the stranger seems to want to continue talking. They’ll get around to their investment scam eventually. Also, those photos aren’t really him or her.

On dating websites, the same rules apply to avoiding other types of Romance Scams. As soon as they bring up investing, guaranteed returns, or cryptocurrency, block them and cut off all contact. You do not want what they are offering.

Further Reading

• Krebs on Security: Massive Losses Define Epidemic of ‘Pig Butchering’
• Gizmodo: What Is ‘Pig Butchering,’ the Crypto Scam That’s Flooding the FBI’s Phone Lines?
• Vice: From Industrial-Scale Scam Centers, Trafficking Victims Are Being Forced to Steal Billions

Con artists have a long history of appealing to two very basic human emotions: fear and greed. Just about any scam you can think of plays on one or the other.

But a third human trait can also be exploited: vanity. And nowhere is vanity more prevalent than the photo-sharing website/app Instagram. When combined with greed, vanity can be employed by online scammers for a new take on the old fake check scheme.

The Setup

The Instagram “Artist” Scam starts with a stranger sending you a message about one or more of your photos. Claiming to be an artist, they tell you how inspired they were by your photo and ask for permission to create an original work of art based on it. In fact, they’ll pay you quite well for the opportunity!

Why so much money? Because this alleged artist has a client who is paying them thousands of dollars for their work. It’s only fair to give you a cut. This “artist” fills their profile with images of stunning artwork, stolen from real artists’ profiles.

If you agree to have your photo used as “inspiration,” they’ll tell you that the client will pay you the full amount using a peer-to-peer payment app like Venmo or Cashapp. They instruct you to forward the artist’s cut and keep some for yourself.

What Happens Next

Here’s where the modern take on the old fake check scam happens. The scammer sends you a large amount of money from an account using stolen credit card information. You forward all but a few hundred to the “artist.” Later, the app platform gets the chargeback from the original theft and pulls it from your account. By then, the money you sent has been transferred out of the account you forwarded it to. This leaves you as the only link in the chain from which the company can attempt to recover the first victim’s funds.

It is rare that a completely new type of scam or fraud emerges. Almost every fraud warning you encounter involves a slightly modified take on something that’s been around for years, decades, even centuries (the Nigerian Prince scam has roots dates from at least the early 1800s).

This makes scam prevention mostly about recognizing patterns and tendencies. Here are five things that people only seem to do when they’re trying to separate you from your money.

Ask you to pay to work for them

It’s the exact opposite of how jobs actually work—the employer should be the one giving money to the employee—yet countless job scams involve someone asking for money for the privilege of working for them.

Ask you to move off-platform

It never fails—list something for sale online, and the first response you get will be someone asking for your phone number so they can take the transaction away from the site you posted it through. They’re also taking you away from the seller protections offered by the company.

Approach strangers about cryptocurrency

Cryptocurrency is pure speculation. You buy it and hope the price goes up. (And, lately, in the summer of 2022, you then get disappointed.) There are no “put in x dollars, get 10x dollars back in 24 hours” investment systems. This makes that direct message you got about a guaranteed way to multiply your money nothing more than a pickpocketing attempt. The same applies to that “wrong number” text where they tell you how nice you are, then eventually bring up crypto.

Send you money, then ask you to send it back

This is one is a “classic,” if such a word can be used for a common grift, and scammers reuse it because it WORKS. The most well-known version is a fake cashier’s check and a request to wire the funds back, but they also use things like CashApp and Venmo, but it’s still the same “oops, I sent that to the wrong person” or “oops, I paid too much for that thing you’re selling, please send it back” scheme that leaves you out hundreds or thousands of dollars if you fall for it.

Tell you their life story for no good reason

You can shop online. You can buy things from private sellers online. But there really isn’t a huge need for discussion beyond what it is, how much, and how you’re going to get it. Anything beyond that is reason to doubt. When they start telling you their life story, or using complicated excuses to dictate the terms of the sale and why they can’t do it the normal way, it’s time to cut off all contact. They can’t talk on the phone because of throat surgery. You can’t see the apartment because they’re overseas on business. That car is so cheap because they need money fast because their aunt has the gout. They can’t afford PayPal fees, so how about Venmo? It doesn’t matter what the details are, these interactions will never work out in your favor.

You probably get a lot of email, and a large portion of it is probably spam.

“Spam” is a term for any unsolicited, unwanted electronic communication. It can happen over email, text message, website, social media post, comment section and more. We will focus on email spam today.

When you get a legitimate commercial email—in other words, when you’ve done business with a company, or signed up for special offers or other information—there is going to be a link at the bottom of the message. The link will either say “unsubscribe” or something like “change email preferences.” In either case, the link will allow you to take your email address off their mailing list. The senders are required by law (the CAN-SPAM Act of 2003) to include this option.

If you’ve done business with these senders, it’s fine to click the “unsubscribe” link.

However, a lot of unsolicited, scammy emails also include an “unsubscribe” link. These are the messages from “companies” you’ve never interacted with, who are just sending based on a list purchased from someone else that has been passed around between spammers and scammers, using email addresses gleaned from who-knows-where (hacked websites, data breaches, etc.).

In this case, you should never click the link to unsubscribe. These emails come from people who are not following the rules for sending bulk email, and they are not offering you a way to receive less spam. All you are doing is confirming that your email address is live, which makes it more attractive to spammers and raises its price when they sell lists. You might also be tricked into providing additional information. In any case, the number of junk emails you receive will only increase.

This requires knowing the difference between “spam” and legit commercial emails, though. If you’ve got a relationship with a company or signed up for promotional offers—sales from stores you shop at, new releases from online retailers you’ve bought from, for example—that’s not spam, even if you decide you don’t want the messages anymore. Click “unsubscribe” and the messages will stop.

But all those “You’ve won a $500 gift card,” “Cure dementia with this miracle food,” something-or-other-about-gutter-guards, and fake McAfee virus software messages (where they use anything BUT standard text characters to spell out the subject line)? Don’t even bother trying to get off their email list. Your best bet is to delete them immediately, without opening.

If you’re selling something online beware of fake payment scams.

When you use an online platform to accept payments (PayPal is the most common), you generally will get some kind of notification when the funds show up in your account. Fake payment scammers will purchase an item, then create a email message designed to trick you into believing that an actual payment has been made. They may use graphics and text from actual, legitimate messages, and many will spoof the sender address to make it more realistic.

 If you simply trust this email message without logging in directly to check your account and verify that payment has been made, you might send the item without having been paid for it at all.

In some cases, the scammer will also send you a message claiming they received confirmation and asking you to check your junk/spam folder for yours. This is a ploy to trick you into viewing the fake confirmation email, as many spam filters will flag them as suspicious.

The key to avoid this type of fraud has already been hinted at: never trust a confirmation email on its own. If a buyer claims to have sent a payment, login to your account and verify it with your own eyes. Contact the service’s support if you think the payment was legitimate but hasn’t shown up yet.

On a related note, as soon as a buyer tells you to check your junk or spam folder for the confirmation email, that’s a major red flag. And as always, never go off-platform (switching to direct text messages, for example) on any online transaction.

Are you a business owner? Do you handle the bills and invoices for a business? Be on the lookout for Invoice Fraud.

Invoice Fraud is when a business receives a bill for a service or supplies that it never agreed to purchase. The invoice looks like a legitimate bill. It may include language implying that legal action will be taken if it is not paid immediately. Sometimes substandard office supplies are shipped to the business out of the blue, then a bill shows up. Some scammers make phone calls demanding payment, but usually the bills show up in the mail or email.

Of course, if the business pays the invoice, that money just goes to the scam artist who sent the fake bill. These con artists bank on poor communication between departments. This increases the chance that someone will pay a fake bill.

Some of the most popular invoice scams involve online services, especially “online directory” listings and website address renewals. While there may be times when it makes sense to pay for a directory listing (your local chambers of commerce, for example), never blindly pay an invoice for an entry on some random website. Some scammers call asking to confirm details from a legitimate online directory, then send a bill. Make sure you always know whom a bill is coming from.

Your business probably manages its own website domain name. However, bills for “domain name renewal” will show up, claiming your URL is about to expire. Don’t pay more than you have to. Renew through the original domain registrar. They send email reminders when your URL is going to expire.

The best way to prevent Invoice Fraud is to communicate and be organized. Keep track of everything your business purchases, and never pay any bill without matching it up to a verified expense.

The Better Business Bureau has released its Scam Tracker Risk Report for 2021. Once again, the type of scam that topped the list was Online Purchases.

But under the category of Online Purchases, one specific type of fraud was the most likely to cause monetary loss to victims: Puppy Scams.

Puppy Scams start with a website that looks like it was created by a legitimate dog breeder. The site will feature photos of adorable purebred puppies, all just waiting for their Forever Home.

However, when you contact the breeder, you will find out that it’s not possible to see the dogs in person. COVID-19 provided a perfect excuse for this, but the scam far predates 2020. The alleged breeder will instead offer to have the animal shipped to your home after you pay up front for the puppy, as well as the shipping costs, which will often involve air travel with another person. In some cases, they promise to refund the shipping later.

You do not need a crystal ball to predict what happens next. Once you’ve sent money to this supposed breeder, always by means that give you no protection (wire transfer, PayPal Friends & Family, peer-to-peer payment app), you end up with nothing.

Preventing this scam is simple: never buy pets online. While there are legitimate breeders who have websites, none of them are going to sell an animal over the internet and have it shipped to you. You will always be able to meet the dogs in person. There is a slight crossover with Romance Scams in this regard—as soon as you find out that meeting in person is off the table, end all contact immediately.

If you’re set on a purebred, always visit the breeder face-to-face, no exceptions. Also consider a shelter or rescue dog, who make some of the best companions you’ll find anywhere.