Car Wrap Advertising Scam

March 1, 2013

There are times when a scam is completely new, but those instances are exceedingly rare. For the most part, “new” scams use tried-and-true methods to lure victims, and it usually doesn’t take long for a “new” scheme to enter familiar territory.

One “new” con is the Car Wrap Advertising Scam. It starts with an emailed offer to earn $400+ per week just to drive your own car with graphics from an energy drink or other company plastered all over it. It’s a novel offer, and it appears many of the emails are well-written and devoid of the broken English, weird tabbing/spacing and initial “Greetings!” salutation.

However, there are already three warning signs, and that’s without even looking at an actual example:

  1. The offer arrives via email
  2. They’re offering a lot of money for zero work
  3. Energy drink companies are, above all else, extremely image-conscious; they’re not going to send random people offers to wrap their cars if there’s any chance their logo might end up on some sketchy old pickup with rust holes a house cat could climb through.

So that last one’s a bit trickier, but still: at this point your inner “Scam Radar” should at least be registering that something isn’t quite right.

What happens if you respond to the message?

They send you a cashier’s check for a few thousand dollars. They tell you it’s your first payment in advance, and that the excess is for the graphic designer who will be applying the graphics to your car.

Can you guess what the victim’s next instructions are? (Hint: at this point, your inner Scam Radar should be on the brink of blowing up, because you’ve heard of this one before.)

If you said, “Wire the excess money to a stranger,” you win a shiny new silver dollar.*

It’s the secret shopper scam all over again: cash this check, wire it to us, find out a week later the check was fraudulent and you’re out several thousand dollars.

So today’s lesson is: beware of old scams wrapped in new, hip, edgy energy drink graphics.

*You don’t actually win a shiny new silver dollar.


Mystery Shopper scams escalating.

January 28, 2010

According to the Internet Crime Complaint Center (IC3), mystery shopper scams are seeing an increase in frequency.

Continued high unemployment rates are likely the root of this upswing—the longer people are out of work, the more likely they are to want to believe in a job opportunity, no matter how strongly all signs are pointing to “scam.”

Worse, it appears the scammers have become a little more patient: they’re not going in for the kill until they’ve earned your trust by sending you on what appears to be a legitimate secret shopper mission.

The victim in this case doesn’t get a cashier’s check right off the bat. First they are sent to a retail location (unspecified in the IC3 press release, but I’d bet you a dollar it’s usually Wal-Mart) with instructions to spend a certain amount of money and take notes on various aspects of their shopping experience. The victim does as told, and reports back to the “employer.”

For the second assignment, the victim is mailed a cashier’s check, which is to be (you guessed it) cashed and wired back to the scammers from the same retail location, with some kept by the victim as payment. The usual result follows: the victim cashes the check, wires most of it back, and finds out a few days later that it was counterfeit and they now owe their financial institution around $2,600.

No, the victim’s bank or credit union isn’t going to cover the fake check. Why should they? It’s not their fault the victim presented a phony check.

No, the bank or credit union from whom the fake check is drawn isn’t going to cover it, either. Why should they? They didn’t create the check. It was never drawn off a legitimate account in the first place. If someone made a fake box of checks with your name and account number on them, would you feel like you had to cover those checks? Of course not. Financial institutions feel the same way.

No, the person who ends up having to cover the check is the victim. If they’re lucky, they bank at a financial institution that puts a hold on cashier’s checks. If they’re even luckier, the teller asked them about the check and recognized it as a scam, and the check was never even deposited to begin with.

But if they’re unlucky, or if they manipulated the teller into releasing the funds right away, they’ll always end up wishing there had been a hold placed or an alert teller to dissuade them.

The problem with not having a source of income is that you generally can’t afford to lose $2,600. Most people can’t afford it when they are employed. Falling for one of these schemes will only make things worse. If you get letters or email offering jobs out of the blue, don’t trust those messages. Being almost broke is still better than being a couple thousand in the hole.


Prevent fraud by slowing down: it’s not just about the Internet.

January 13, 2010

Yesterday I wrote about the problem with “shortened” web addresses on Twitter and other social media outlets—namely, that the actual web addresses are obscured, which could lead to malware infections on your computer.

I suggested using a shortened URL decoder, sort of a “reverse lookup,” such as LongURL, to check links before you click. It takes a few extra seconds now, but it can save you massive headaches later.

I also spoke about the need to back off a little when it comes to instant online gratification. Phishing attacks, for example, thrive on getting victims to respond without thinking.

Today, though, I came across a small article about yet another set of mystery shopper scam victims. The details aren’t that important for our purposes today. Suffice it to say they lost around $4,000 they couldn’t afford (assuming they’re like most of us).

I started thinking about how the concept of slowing down doesn’t just apply to shortened web addresses. Think about the mystery shopper scam setup, and how each approach plays out.

Scenario #1: You receive an email offering lucrative employment as a mystery shopper. Not wanting to miss out on a big payout, you immediately respond. You are mailed a cashier’s check and instructed to cash it, keep some, use some for purchases at Walmart, and wire the rest back as quickly as possible, or you’ll miss out on future opportunities to work for them again. You rush out the door to your financial institution, hit the Wal-Mart and wire a few thousand dollars back via Western Union. About a week later, you find out the check was fraudulent and that you owe your financial institution $2,600. Life goes on, but with a painful “learned that one the hard way” lesson under your belt.

Scenario #2: You receive that same email, but decide to take a moment and check it out first. You Google a snippet of the message or the name of the company, and find thousands of people telling you it’s a scam. You delete the message and life goes on.

Bonus Scenario: You’re an avid Fraud Prevention Unit reader, and already know without checking that it’s a scam. You delete the message and life goes on.

There are a lot of scams that depend on victims who either act without thinking or who haven’t taken any time to be educated first. In fact, a vast majority of these crimes seem to hinge on a quick response from their victims.

I’m a big advocate of stepping back and taking a moment to think. There was an auto advertisement on television several years ago that just offended my every sensibility. I think it was for some kind of Toyota SUV, but I can’t quite remember. What I do remember is that it featured sped-up footage of a generic “supermom” (that’s not a compliment—I feel sorry for these people and their kids) dropping her children off at a million different places. The tagline had something to do with “your supercharged family.”

I could not believe they were depicting this lifestyle as something you should strive for. Now, if you honestly enjoy constant stress, then I guess I can’t vouch for you, but when I hear 99% of people talk about how frantic their lives are, they’re complaining, not bragging.

The thing is, many people think they don’t have a choice. I say you do. You can find space to slow down and take some time to think, but not if you’re convinced that you’re powerless to do so. Tell the kids to pick one sport they love, instead of signing them up for ten just to show off how busy you are.

That frantic, stressed-out, hollow-eyed, constantly-on-the-go way of living doesn’t lend itself to thinking before you act. It’s not only bad for your health, it will make you more susceptible to phishing and lottery scams and every other type of fraud under the sun.

So the same idea that applies online goes for your offline life, too: just take a second and relax, think about your decisions. It’s when you’re in a hurry that preventable mistakes happen. I’ll loan you some live Dead tapes if you need some mellow tunes, okay?


Mystery Shopper Scam: Kiboshed!

November 16, 2009

Last Friday afternoon, one of our Member Service Representatives here at REGIONAL helped a member avoid becoming a victim of a mystery shopper scam.

The member let us keep the check, and I spent quite a while examining it.

It was a very good counterfeit. The kind of thing that might slip right by if you weren’t paying attention (or even if you were). In this case, the member’s story tipped her off—he was going to wire almost the entire amount after he cashed it.

For one thing, the check was on genuine cashier’s check stock. It had all the security features, including watermarks and “fingerprint security” (where you hold your thumb over a symbol and it reacts to your body heat and disappears). So the presence of security features doesn’t prove anything anymore.

The check was from a company called Malteurop (more on that later), with an address in Milwaukee, WI. It was drawn on US Bank in Havre, MT. The routing number was a valid US Bank number, but for Minneapolis, MN. It just didn’t add up. To tell you the truth, I don’t know if those different cities are a reliable sign of fraud or not, but it did seem a little suspicious. A Milwaukee firm using a Montana bank with a Minnesota routing number?

Furthermore, Malteurop is a real company—one that supplies malt to beer companies all over the world. It would make no sense for this company to be checking out the customer service at Western Union.

At any rate, examining the check was interesting, but as I said before, the teller knew it was counterfeit just by talking to the member. I suppose that’s good advice for all financial institutions: have your frontline staff engage your members or customers in conversation. The information you gain could help save someone from fraud or identity theft.

I haven’t acquired the ability to read the fractional routing numbers on checks, to see if they agree with the routing number at the bottom, but I’ll be working on that skill soon.

I’d like to be like Frank Abagnale (remember Catch Me If You Can?), where you can hand me a stack of drafts and I can flip through them one time and say, “This one’s fake!” Only I’d like to get there without, you know, having committed check fraud or done time in prison for it.

Takeaways:

  1. Security features and a valid routing number on a check don’t mean a thing
  2. I can’t help but feel proud when one of our tellers makes a catch like this. Nice!

How phishing and work-at-home schemes work together

November 4, 2009

I just read a really eye-opening report from the Internet Crime Complaint Center (IC3) about how phishing emails, fraudulent ACH transactions and work-at-home schemes can be connected.

It starts with a “spear-phishing” message. Spear-phishing is a targeting form of phishing, made to look like it comes from someone you know, possibly a friend or employer. This message, rather than the usual phishing angle (“click this link to verify your account information”) will either contain a malware-infected attachment, or will link to a website that infects the user’s computer with malware.

This malware includes a keylogger program, which sends a record of keystrokes back to whoever originated the scheme. Once the victim logs into one of their financial institution accounts, this information is relayed back to the crooks.

At this point, the crooks will use either wire or ACH transfers to remove money from the victim’s account. However, it doesn’t end here.

The next victims in the process are those who have fallen for some form of work-at-home scheme (usually “processing payments” or similar). The money stolen from the first victim is wired into an account held by the next victim, who then transfers it back to the criminals, thinking they are actually processing a “payment” from the original victim.

So, they’re not just logging keystrokes to steal money from one group, they’re using a second set of victims to launder the money for them.

It would be brilliant if it weren’t so slimy.

This got me thinking about US Surveys, Inc., whom I wrote about a couple months ago. In doing research on this obvious mystery shopper scam, I actually came across a few victims who, at least for their first “assignment,” had actually made around $100. “They wired $900 into my Citibank account, then had me wire $800 back to them.” It was only on their second “assignment,” when they were asked to wire their own money first, that they began to wise up.

I thought that was kind of weird at the time. Were they actually paying you the first time just to earn your trust? It seemed like an awfully big gamble, since people were realizing that it was a scam soon afterwards (not to mention the risk of someone just taking the $900 and running).

Now it makes sense. The initial $900 was probably money stolen from a spear-phishing victim. That $100 these people had made was their payoff for helping someone launder money. They weren’t being ripped off initially, but they were helping a criminal conceal the source of funds.

The second, “Now wire us your money first” assignment was probably just an attempt at an extra payoff on their way out the door; by that point, the original victim (whose money was being laundered in the first transaction) had most likely discovered the fraud and locked the account. Thieves have to move quickly from victim to victim these days.

What all this leads me to is the following:

  1. Keep your virus protection up-to-date
  2. Learn about different types of scams so you’ll know what to watch for
  3. Do not become involved in work-at-home schemes that involve “processing payments” or wire transfers; these are money laundering schemes; the only real ways to legitimately work at home are to start your own business, or to work for a company that allows telecommuting
  4. The multi-level integration of these different types of fraud is terribly sophisticated; this is organized crime
  5. Because of #4 above, your best bet is just to avoid, avoid, avoid. Lose any big ideas you might have about trying to “scam the scammers”
  6. If you are a victim of this type of crime, in addition to the standard credit locks and police reports, file a complaint with the IC3; your information could help federal law enforcement stop this type of crime in the future.

Follow

Get every new post delivered to your Inbox.

Join 196 other followers