You (Still) Didn’t Win the British Telecoms Lottery

Any time an old Fraud Prevention Unit article sees a spike in traffic, that means an old scam, usually of the emailed variety and often of the lottery scam variety, has resurfaced. Due to a recent jump in traffic, it seems the old British Telecoms Lottery scam is out there making the rounds again.

I first wrote about this scam in early 2011. I’m not sure if the new version is the same or slightly altered, but here is the text of the one I got back then:

From: [redacted]@web.de
To: winners@btlottery.com
Sent: Monday, February 07, 2011 4:42 AM
Subject: Confirmed Today And Must Be Claimed Immediately

BRITISH TELECOMS PROMOTION DEPARTMENT.

The sum of $1 Million USD has been awarded to you by the BRITISH TELECOMS LOTTERY, Fill the form below for more details and E-MAIL: TO ([redacted]@gmail.com),

1. YOUR FULL NAME:
2. YOUR FULL ADDRESS:
3. YOUR MOBILE PHONE NUMBER:
4. YOUR AGE:
5. CURRENT OCCUPATION:

Yours Faithfully,
BRITISH TELECOMS PROMOTION DEPARTMENT.

There are so many things that don’t make sense here. If you had really won such a major award, why would you need to tell them your name? Why would a British company hand out such large amounts of money to random people who aren’t even British? Wouldn’t the prize be in GPB, not USD? Why would the message have been sent from a .de (Germany) domain? Why would the contact person be using a Gmail account rather than an official British Telecoms email address?

Regardless of the details, or whether the recent examples use this old text verbatim or if alterations have been made, the result would be the same: someone would ask you to wire a large amount of cash out of the country to cover “taxes” or “fees,” and then disappear. There really isn’t much that’s new when it comes to lottery scams.

Avoiding Mortgage Loan Modification Scams

There are a lot of people having trouble keeping up with their mortgage payments, and there are also a lot of people and companies offering fraudulent “help” that only makes things worse.

If you are at risk of foreclosure, there are legitimate ways to get help. You can contact your lender directly, call the Consumer Financial Protection Bureau at 855-411-2372, who will connect you with a HUD-approved counselor, or find out if your financial institution works with a credit counseling agency (REGIONAL members can contact Greenpath Financial Wellness at 800-550-1961).

Here are a few things to NEVER do:

Never pay an upfront fee to any company offering mortgage modification help. They will either take your money (and make your financial situation worse) and do absolutely nothing, or take your money and do something you could have done on your own for free (such as calling your mortgage lender and asking for a loan modification).

Never sign over the deed to your home to anyone.

Never believe promises of “guaranteed” modifications, or any offers to remove negative information from your credit report.

Never believe anyone claiming that your mortgage (or any other loans) are actually not legally binding because of some obscure piece of legislation they claim to have discovered, and that all you have to do is stop making payments, then tell your creditors that you don’t agree that your debt was a binding agreement under this or that section of federal law. No such clause exists, your debt agreements ARE binding, and you can end up being accused of fraud for pulling this stunt.

Never buy into promises of shortcuts. They’re not real.

Never do business with anyone selling mortgage help as a “forensic auditor.” Never make payments to anyone other than your lender, unless you’re using an accredited, reputable debt management program (such as offered by the aforementioned Greenpath) that you have thoroughly researched. The National Foundation for Credit Counseling (https://www.nfcc.org) is a nonprofit organization founded in 1951 that certifies credit counselors. Make sure the company you’re working with is certified by the NFCC, and look into their other certifications, but remember that anyone can save logos from the internet and put them on their own website. Don’t assume that an NFCC logo on a website means anything until you verify it yourself.

Funeral Notification Email Phishing Scams

There seem to be endless variations on phishing scams, but the goal is always the same: to convince victims to click on a link that takes them to a different website than they were expecting. Sometimes that website is designed to harvest personal financial information, sometimes it is set up to infect victim computers with malicious software, and sometimes it does both.

One variation is the fake funeral notification. A message with the subject line “Funeral notification” will appear to come from a funeral home, informing the recipient of the death of a friend and instructing him or her to click a link for visitation times or other information. If the link is clicked, the victim is directed to a website that attempts to install malware.

If you get such an email out of the blue, do not click any links. If you think it might be real, do a web search for the contact information of the funeral home the email appears to come from, and call them to find out if they sent the notification. Don’t call any phone numbers from the email itself.

There are other ways to spot this scam up front, though. If it does not contain the name of the deceased, and instead only refers to “your friend,” that’s a sign that it’s a generic email being sent to lots of people. Also, how would a funeral home have a list of a deceased person’s email contacts in the first place? They might publish a notification on their website, or publish viewing times in the local newspaper, but for the most part it’s up to the family and/or friends of the departed to contact individual people.

Here’s What a Debt Collection Scam Call Sounds Like

I was able to get my hands on the audio from an actual debt collection scam robocall recently, and it’s kind of interesting to listen to and pick apart.

Here is the audio, left on a friend’s mobile phone:

And here is a transcript of that voicemail:

[sharp inhalation] Yes! This is Jessica Thompson. I’m calling in reference to your federal student loan. Um, I need to discuss your repayment options with some new changes that have taken effect recently, so… [sharp inhalation] If you could please [unintelligible] just give me a call back, my number is 866-371-3232…um, I’m gonna go [ahead] and give you a reference number, if you would have this number handy when you call back, it just makes things a lot easier. Your reference number is 909902. Thank you.

A few points about this robocall:

  1. The caller never states the name of the organization calling. Is it a lender? A collection agency? The federal government? Is Jessica Thompson an independent student loan wrangler?
  2. If you search online for the phone number (in quotation marks) along with the reference number (also in quotes), you’ll find a lot of people who have received this exact same message with the exact same reference number. You’d think the reference number would be unique to each individual.
  3. It ends with a little bit of “electronic noise” (including a small beep) that wouldn’t usually occur with a live caller, which is a sign of a prerecorded robocall.
  4. Most telling of all: the person who received this has had their student loans, federal or otherwise, paid off for around 13 years now.

In any case, if you get a call like this, it’s safe to hang up or delete the voicemail. It’s nothing but a phony debt collector.

How to Identify a Debt Collection Scam

Debt can be unpleasant even if you’re making your payments in a timely manner without much trouble. It can become especially unpleasant if something interrupts your capacity to repay, because it doesn’t take long for the calls from debt collectors to start. Even if they’re courteous and helpful, being reminded that you owe money is seldom fun.

However, debt collectors are a reality, and they serve an important purpose. They are also required to play by certain rules, on both the federal and state level. Most states require a license. And there are a LOT of fraudulent debt collectors, who either use personal information gleaned from data breaches and other sources, or who simply make cold calls to random people, in hopes of frightening someone into sending a payment or two.

How can you tell the difference?

First, know what you owe. Go to AnnualCreditReport.com three times per year and download your credit report from one of the three major bureaus (Experian, Equifax, Transunion)—they should all have the same information, so it doesn’t matter which one you choose when. Use these to check for errors, but also use them to keep abreast of your actual debts. That way, if someone calls with a claim that you owe an unpaid amount, you will know whether or not they’re telling the truth.

Fraudulent debt collectors almost always use fear to motivate victims into paying up. One way is by threatening the victim with arrest, sometimes by claiming to represent some arm of the criminal justice system. Remember that local, county or state police officers do not make phone calls on behalf of lenders seeking to recoup an unpaid loss. Nor do FBI, CIA, ATF, DEA or Homeland Security agents, or judges at any level of government. As soon as the caller claims to be one of these, or tells you that the cops are on their way to your house, hang up and move on with your life—it was a scam.

Some of those rules I mentioned earlier have to do with how a debt collector is allowed to address you over the phone. A legitimate debt collector is not allowed to threaten or harass you in any way, and they nor to use abusive or profane language. They’re not allowed to call before 8 in the morning or after 9 in the evening, and if you ask them not to call again, they’re required to stop. (That doesn’t mean the debt is gone, though…you’re basically saying, “I know I owe this amount, but you calling every day isn’t causing money to magically appear.”)

Any violation of these is a sign that something isn’t quite right, and of course if you know you don’t have any outstanding debts, or are aware of exactly how much you owe and to whom, it’s easy to spot the deception when someone calls out of the blue.

Choosing Answers to Online Security Questions

When you set up online access to a financial institution or credit card company, many of these providers include a step in which you pick from a list of two or three “security questions” and then type in your own answers.

It’s an extra authentication step, so that if you log in later from a different computer or location, the system can show you one or two questions as a safeguard to make sure you’re the person who is supposed to be logging in, and not someone trying to gain unauthorized access.

However, there are a few important points to be made about the way you answer these questions. First, they’re usually case-sensitive. If you type in “Sycamore Street” and then try “sycamore street” later when the question pops up, it’s going to reject your login. You have to remember exactly how you typed it the first time.

More importantly, however, is the fact that a lot of the answers to these questions may not be all that obscure due to the widespread use of social networks like Facebook. How many people have posted photos of their first car online? That’s one of the more common security questions. There are even images that look like fun, nostalgic discussion prompts, but might actually be social engineering campaigns designed to get large numbers of people to publicly reveal security question answers. Some of these ask about first cars, streets grown up on, or schools (revealing mascots, school colors, etc.).

The first thing is to avoid commenting on such items when they make the rounds on Facebook. Make sure your profile is set to that only friends can view your posts, in case you want to put up any old photos.

But also remember this: nobody says you have to answer security questions honestly.

As long as you can remember your answers, there is nothing stopping you from typing “Batmobile” for your first car, or “Electric Avenue” for the street you grew up on. You can even answer the questions as a favorite fictional character, but it might be a good idea not to pick too popular of one…if you’re a known Harry Potter fanatic, “Privet Drive” isn’t going to be very obscure if you’re answering as the title character.

Of course, you also have to remember which fictional character you’ve answered as for each website. The real point is, anything you can do to make your security question answers harder for someone else to guess (but still easy to remember yourself) can help prevent unauthorized access.

Why You Can’t Keep Funds from a Bad Check

We sometimes get questions from members who deposited a check that turned out to be fraudulent (such as a counterfeit check used in some form of overpayment scheme), or was returned for non-criminal reasons (nonsufficient funds being the most common scenario). The question is: “Why don’t I get to keep the funds?”

The short answer is: because there were no funds to begin with.

The longer answer has to do with what a check is, and what happens when one is written and deposited.

A check is essentially a symbol of money. It is not money itself—even in the old days when a cashier’s check was assumed to be “as good as cash,” a check was still a symbol.

(If you really want to get into it, money is also a symbol, of stored labor or stored value, but that’s outside the scope of today’s article.)

I’m going to oversimplify and leave out the details like electronic transfers and intermediaries, but the story is pretty much as follows. We’ll start with the standard-issue case with no problems: Person A writes a check to Person B.

At the start, Person A has money in an account at Bank A. He writes a check to Person B, who takes it to his Credit Union B.

At Credit Union B, the check is taken in, and a deposit is made to Person B’s account. However, Credit Union B does not make all of those funds immediately available from that check, because it needs to make sure the check is good first. A “hold” is placed on some or all of the funds, depending on if the check is local, non-local, the type of check, etc.

Credit Union B presents the check to Bank A, who looks at Person A’s account and says, “Yes, these funds are available.” Bank A gives the money to Credit Union B, who then makes the funds available to Person B. The money has now successfully moved from Person A to Person B.

Now let’s see what happens if a check is fraudulent.

Person A writes a check to Person B. The check appears to come from an account at Bank A, but in fact Person A has simply created a fake check on a computer. He has no account at Bank A whatsoever.

Person B presents this check at Credit Union B. The check is deposited, and the standard hold is placed on the funds. Credit Union B presents the check to Bank A, who responds, “No, this account does not exist, and we have no customer with that name.” The funds are NOT transferred from Bank A to Credit Union B, and the hold is NOT lifted from Person B’s account. The deposit is reversed. When Person B calls to ask why it’s taking so long for the check to clear, he will find out that the check he deposited turned out to be counterfeit.

And here’s the real kicker: if Person B took out funds equal to the amount of the check, either because he already had enough money at Credit Union B to cover the amount, or because he bullied a teller into lifting that hold prematurely (it used to happen quite often!), that cash is now lost. If he simply held onto it, no harm done: he can re-deposit the money. If he wired it back to Person A, or spent it himself, it’s gone. If his account has been drawn negative, he now owes money to Credit Union B, because he essentially withdrew funds that did not exist. He doesn’t get to keep it because it was never his to begin with—money cannot be created out of nothing.

From Credit Union B’s perspective, Person B came in with a check that turned out to be fraudulent. Bank A will never cover that check, because all Bank A did was exist for Person A to create a fake check for. Credit Union will not cover it, because from their perspective, here is what it saw: Person B presented a check that turned out to be fake.

Credit Union B did not see Person A make that fake check, or give it to Person B. Person B might have made that fake check himself, or even fabricated Person A from whole cloth. If Credit Union B gave Person B money for a fake check and then said “oh, just keep it,” nothing would stop Person B or anyone else from simply making fake checks, cashing them, then claiming to be a fraud victim and keeping the money.

Check holds absolutely exist to protect the financial institution that places them, sure. But they also absolutely exist to protect consumers from taking out nonexistent money, and ending up on the hook for thousands of dollars.

Avoiding Pet Adoption Scams

Emotions can be manipulated, and every scammer knows it.

Usually, they go for fear. Sometimes, they try greed. But pet adoption scams target a different set of feelings: love for animals, sympathy, and the instinct to want to take care of something.

These scams tend to follow the same pattern: put a listing on the internet for a puppy that needs a home, convince everyone who answers the listing to wire money (repeatedly if they can), disappear.

(For whatever reason, these scams usually involve puppies.)

The short version of avoiding these scams is this: only adopt locally. If you can’t see the animal in person, and meet its current caretaker in person, don’t do it.

Getting into the details a bit more, these fraudulent ads will usually be posted on classifieds websites or social networks. Sometimes they entice victims with a too-good-to-be-true price (a couple hundred dollars for a purebred), or after a few emails, tell the victim they need only pay for the dog to be transported on an airplane.

In any case, payment will be requested either by wire (Western Union) or by prepaid gift card, where the victim purchases the card and then relays the numbers to the scammer.

In some cases, it ends there. In others, the scammer will create new complications that need to be paid for in advance; the puppy needs shots before traveling, they need to purchase an expensive crate, there is a third-party courier involved, etc. They’ll say anything to get the victim to continue sending money until the point when the scammer disappears entirely.

Not all online pet adoption listings are fraudulent, but stick to local listings only, or contact a local organization that helps find homes for pets. Any stranger asking you to wire money or purchase prepaid gift cards is trying to take your money. There are plenty of people looking for pets everywhere—there is no reason a dog would need to be flown thousands of miles to find a home.

Remember: The IRS doesn’t threaten you with arrest over the phone

As April 15th nears, fraudulent IRS robocalls are bound to proliferate. Many of people get a tax refund around this time of year, and the scammers want a chunk of that money for themselves before it gets used for something else.

Consider this your yearly reminder: if someone claiming to represent the IRS calls you, informs you that you owe unpaid taxes, and then threatens you with arrest if you don’t pay up, that’s a scam.

Every single time.

Just hang up the phone.

Every single time.

The IRS doesn’t call people on the telephone as a first point of contact—if someone does contact you by phone, it’s regarding an issue you are already aware of and are in the process of resolving.

They also don’t keep the police waiting on the other line, ready to storm your house as soon as they get the word that you didn’t pay.

They also also don’t accept payment by wire transfer, prepaid gift card, iTunes card, or over the phone with a debit or credit card.

(They’re really not even all that big on throwing people in jail, other than for crimes related to tax evasion. If you owe money, they want the money.Putting people in jail would be counterproductive.)

Don’t let anybody trick you into a fear response over the phone.

Fraudulent Calls that Don’t Make Sense

I am going to present a few fraudulent phone call scenarios that exist in the real world and that claim numerous victims, and you see if you can determine what the scammers are doing that actually doesn’t make sense if you stop and think about it:

  1. A caller claims to be a Social Security Administration representative calls and warns you that your benefits are about to be suspended because of some problem or other. The caller ID shows the correct SSA customer service line. She needs you to verify your Social Security number in order to fix the issue.
  2. A caller claims to represent a credit card company. He says that your card has been deactivated due to suspicious activity. In order to get your card working again, he needs the card number, expiration date, and three-digit code from the back of the card.
  3. A caller claims to be a Medicare representative and informs you that your benefits are going to be suspended because of an issue. Before he can fix the problem, he needs you to verify your Medicare ID number.

Did you catch it?

In every case, the caller is asking for a piece of information that the claimed agency or company would already have…because they created that piece of information in the first place.

  • The Social Security Administration has your Social Security number. They’re the ones who assigned it to you.
  • Your credit card company assigned your card number and other details to you. They already know it.
  • Medicare already knows your ID number because they gave you that number. If there’s a problem with your account, it’s one piece of information they don’t need.

(You could also make the more general observation that these all involve a stranger attempting to alarm you and then asking for personal information, but these specific questions should really tip you off that the caller is not who he or she claims to be.)