Category Archives: Uncategorized

Mystery Shopper Scam: Kiboshed!

Last Friday afternoon, one of our Member Service Representatives here at REGIONAL helped a member avoid becoming a victim of a mystery shopper scam.

The member let us keep the check, and I spent quite a while examining it.

It was a very good counterfeit. The kind of thing that might slip right by if you weren’t paying attention (or even if you were). In this case, the member’s story tipped her off—he was going to wire almost the entire amount after he cashed it.

For one thing, the check was on genuine cashier’s check stock. It had all the security features, including watermarks and “fingerprint security” (where you hold your thumb over a symbol and it reacts to your body heat and disappears). So the presence of security features doesn’t prove anything anymore.

The check was from a company called Malteurop (more on that later), with an address in Milwaukee, WI. It was drawn on US Bank in Havre, MT. The routing number was a valid US Bank number, but for Minneapolis, MN. It just didn’t add up. To tell you the truth, I don’t know if those different cities are a reliable sign of fraud or not, but it did seem a little suspicious. A Milwaukee firm using a Montana bank with a Minnesota routing number?

Furthermore, Malteurop is a real company—one that supplies malt to beer companies all over the world. It would make no sense for this company to be checking out the customer service at Western Union.

At any rate, examining the check was interesting, but as I said before, the teller knew it was counterfeit just by talking to the member. I suppose that’s good advice for all financial institutions: have your frontline staff engage your members or customers in conversation. The information you gain could help save someone from fraud or identity theft.

I haven’t acquired the ability to read the fractional routing numbers on checks, to see if they agree with the routing number at the bottom, but I’ll be working on that skill soon.

I’d like to be like Frank Abagnale (remember Catch Me If You Can?), where you can hand me a stack of drafts and I can flip through them one time and say, “This one’s fake!” Only I’d like to get there without, you know, having committed check fraud or done time in prison for it.

Takeaways:

  1. Security features and a valid routing number on a check don’t mean a thing
  2. I can’t help but feel proud when one of our tellers makes a catch like this. Nice!

Child Identity Theft: protect your children from yourself

Child identity theft is a very real problem. Children are attractive targets for this crime, since their credit, employment and criminal histories are clean.

There is definitely a threat from other people stealing your child’s identity; your new baby arrives and a few days later someone who claims to be from the hospital calls, asking for the child’s Social Security number because you forgot to give them this information in your excitement.

The problem, of course, is that the call wasn’t from the hospital; it was from somebody who saw the birth announcement in the newspaper and saw an opportunity.

However, the biggest risk to your child’s identity isn’t strangers. Most child identity theft is committed by parents and family members who have easy access to the child’s personal information.

Most of the time, these parents are facing unemployment, poverty and generally stacked odds. They figure they’ll just use the child’s information to qualify for an apartment or telephone service—just this one time—and they’ll make it all better by the time the kid grows up.

Of course, that’s not how it usually plays out. The parent gets an apartment or automobile they can’t actually afford and starts to fall behind. They apply for a few credit cards in the child’s name, just to make purchases for essentials until they get back on their feet, which never happens. By the time a few years have passed, the situation has snowballed and the child’s credit is ruined, along with any trust the child ever felt for his or her parent.

It’s a fact: on this day in 2009, a lot of people are struggling to make ends meet. In fact, no matter when you’re reading this, a lot of people are having a hard time getting by, and you might be one of them. It can be very tempting to use your child’s personal information in times like this.

However, please remember these points:

  1. Any use of your child’s information to obtain credit, services or employment for yourself is identity theft
  2. Stealing your child’s identity is a crime; plenty of parents have gone to jail for it
  3. Don’t think you’re going to “make it all better” before the child gets older—it never really works out that way (and it’s a crime, too, remember?)
  4. You do not own your children, they are not your property to do with as you please, and their future creditworthiness is theirs, not yours
  5. Don’t think your child won’t press charges when they find out about your crime. How do you think those parents in #2 above ended up in prison?
  6. Yes, they’re going to find out. They always find out.

I’m being pretty blunt here—I don’t even like to see greedy adults get swindled when they should know better; I really hate to see children being victimized by the people they should be able to trust above all others.

Your situation might be tough right now, but time is going to pass and life is going to move forward, and what is happening now will one day be what happened years ago. You will only make things worse by committing identity crime against your own child—financially, and by making sure your child never wants to see you again once he or she is grown.

I’m sure some would protest my harsh words here, “You’ve never been broke,” someone might say. “You don’t know what it’s like. You do what you have to do in order to survive.”

And they would be right. I’ve never been truly destitute before. I still don’t buy the excuse, though. There are ways to get by without stealing your own child’s identity. You’re being lazy and not thinking if that’s the only route you can fathom.

Scam Alert: Microsoft Awards 2009

Here’s one that seems to mostly circulate around Europe, but I’m sure some folks here stateside have ended up with this message in their inbox, too:

Microsoft Lottery Promotion
Unit 7, Metro Trading Centre,
Second Way, Wembley, Middlesex,
HA9 0YU – United Kingdom

DATE: 14th of March 2009

Microsoft Lottery! E-mail is pleased to announce you as one of the 10
lucky winners in the ongoing Microsoft E-mail Promotions.

Microsoft Lottery! is a free service that does not require you to register
or be a Microsoft registered user before winning.

This award program is conducted anually to promote the use of the
Internet.You have been awarded ONE MILLION GREAT BRITAIN POUNDS.

To file for your claim, do contact our accredited corresponding claims
agent as below for category “A” winners immediately with your Name and
Phone Number for the speedy release of your fund;

AGENT: Gabriel Phillip
EMAIL: g.phil.@live.com
Tel: +44 703 5963368

Warning!!! Winners that do not respond to this notice within seven days of
receiving this E-mail will authomatically be disqalified.

FOR VERIFICATION, PLEASE REPLY TO THIS MESSAGE WITHOUT MODIFYING THE SUBJECT.

There is no need to include any additional information in your reply.

Regards

Notification Department
Microsoft On-line Email Draws

Let me make this perfectly clear: This is a scam. Éste es fraude. C’est une escroquerie. Dieses ist ein Betrug. Ciò è un raggiro. This is a scam, innit, guv’ner?

(By the way, I used Babelfish for those translations. English is the only language I speak reliably well. If I’ve said something bizarre in your native tongue, please correct me.)

More specifically, this just is a variation on the old advance fee fraud. If you respond, you’ll be instructed to wire money or send a cashier’s check to someone. Then you’ll never hear from them again. Just like with a lottery scam.

As it turns out, Microsoft does give away awards every year. However, they give them to people like Peer Bork from the European Molecular Biology Laboratory, not randomly to people like you and me (to be somewhat blunt about it). Unless you happen to be a research scientist of some renown, in which case you might be in the running for 2010.

But even then, they’re not going to notify you by email and say “Winners that do not respond to this notice within seven days of receiving this E-mail will authomatically be disqalified.” For one thing, Microsoft knows how to spell “automatically” and “disqualified.”

For another, they give their awards to people who are doing notable work and advancing knowledge. It’s not a random giveaway.

How phishing and work-at-home schemes work together

I just read a really eye-opening report from the Internet Crime Complaint Center (IC3) about how phishing emails, fraudulent ACH transactions and work-at-home schemes can be connected.

It starts with a “spear-phishing” message. Spear-phishing is a targeting form of phishing, made to look like it comes from someone you know, possibly a friend or employer. This message, rather than the usual phishing angle (“click this link to verify your account information”) will either contain a malware-infected attachment, or will link to a website that infects the user’s computer with malware.

This malware includes a keylogger program, which sends a record of keystrokes back to whoever originated the scheme. Once the victim logs into one of their financial institution accounts, this information is relayed back to the crooks.

At this point, the crooks will use either wire or ACH transfers to remove money from the victim’s account. However, it doesn’t end here.

The next victims in the process are those who have fallen for some form of work-at-home scheme (usually “processing payments” or similar). The money stolen from the first victim is wired into an account held by the next victim, who then transfers it back to the criminals, thinking they are actually processing a “payment” from the original victim.

So, they’re not just logging keystrokes to steal money from one group, they’re using a second set of victims to launder the money for them.

It would be brilliant if it weren’t so slimy.

This got me thinking about US Surveys, Inc., whom I wrote about a couple months ago. In doing research on this obvious mystery shopper scam, I actually came across a few victims who, at least for their first “assignment,” had actually made around $100. “They wired $900 into my Citibank account, then had me wire $800 back to them.” It was only on their second “assignment,” when they were asked to wire their own money first, that they began to wise up.

I thought that was kind of weird at the time. Were they actually paying you the first time just to earn your trust? It seemed like an awfully big gamble, since people were realizing that it was a scam soon afterwards (not to mention the risk of someone just taking the $900 and running).

Now it makes sense. The initial $900 was probably money stolen from a spear-phishing victim. That $100 these people had made was their payoff for helping someone launder money. They weren’t being ripped off initially, but they were helping a criminal conceal the source of funds.

The second, “Now wire us your money first” assignment was probably just an attempt at an extra payoff on their way out the door; by that point, the original victim (whose money was being laundered in the first transaction) had most likely discovered the fraud and locked the account. Thieves have to move quickly from victim to victim these days.

What all this leads me to is the following:

  1. Keep your virus protection up-to-date
  2. Learn about different types of scams so you’ll know what to watch for
  3. Do not become involved in work-at-home schemes that involve “processing payments” or wire transfers; these are money laundering schemes; the only real ways to legitimately work at home are to start your own business, or to work for a company that allows telecommuting
  4. The multi-level integration of these different types of fraud is terribly sophisticated; this is organized crime
  5. Because of #4 above, your best bet is just to avoid, avoid, avoid. Lose any big ideas you might have about trying to “scam the scammers”
  6. If you are a victim of this type of crime, in addition to the standard credit locks and police reports, file a complaint with the IC3; your information could help federal law enforcement stop this type of crime in the future.

Fraud Alert: The Internet Crime Complaint Center (IC3) warns of new fraudulent email

United States Attorney General Eric Holder’s name is being used in a new fraudulent email currently making the rounds. Below is an excerpt from the IC3 Intelligence Note:

The current spam alleges that the Department of Homeland Security and the Federal Bureau of Investigation were informed the e-mail recipient is allegedly involved in money laundering and terrorist-related activities. To avoid legal prosecution, the recipient must obtain a certificate from the Economic Financial Crimes Commission (EFCC) Chairman at a cost of $370. The spam provides the name of the EFCC Chairman and an e-mail address from which the recipient can obtain the required certificate.

The full text of the Note further explains that the government does not use email to contact people in this way. I would also add that the FBI and the DHS are not going to let people suspected of terrorism or money laundering buy their way out of trouble for $370.

Online Scams Epilogue: How to actually make money on the Internet

So, how do you make money on the Internet?

Perhaps I’ve given the impression that it can’t be done, but that’s not true. However, the answer may not be what you want to hear.

Basically, you have to have something or create something that other people want, and figure out how to deliver it over the Internet.

The easiest way is the most obvious: sell things on eBay. If you have a supply of antiques, collectables or anything else lots of people desire, create an eBay account and go for it. It’s probably not going to be a full-time career or bring you millions of dollars (unless you’re extremely shrewd), but it can be a source of income that doesn’t involve a ton of work on your part.

Other than that, you pretty much have to create something. If you make things by hand, there’s a site called Etsy that allows you to put up a “store” for your wares. Again, it’s probably not going to be a career, but it’s a way to leverage a hobby into extra income.

The blogging world has some success stories. A lot of sites (I Can Has Cheezburger? comes to mind) that have become cultural icons are essentially using a fairly standard blog format. They mostly generate income through advertising revenue (and some of them get book deals later on).

It’s tough to do, but it can be done. Remember; Google, Yahoo!, MySpace, Facebook and Twitter were all created by small groups of people with ideas for sites people might like.

So that’s how you make money on the Internet: create content that people want, or sell a service or product. Perhaps there was a time when putting up a page with nothing but paid links to other sites would have worked, but those days are long gone. The Internet just isn’t “neat” enough anymore, in and of itself, for that sort of thing to work. You’ve got to create your own business on the Internet. It’s not easy, and you might fail over and over, but I hear it’s a pretty sweet life when it works.

Well, don’t be PARANOID, per se.

All this talk about fraud and identity theft can paint a pretty grim picture of the world.

This is not the intent of the Fraud Prevention Unit.

The point of this information is to help you know what to look for when it comes to this type of crime. You have to be watchful, but to become cynical and paranoid is taking things too far.

We each have an individual view of the world, a lens through which we view ourselves, other people, society and life in general. We each have a set of values and beliefs that influences how we perceive every single piece of data we encounter.

This is a good thing. It’s what makes us all different, and that keeps life interesting. But this flipside is that, whether we realize it or not, we also seek confirmation of those same values and beliefs. We seek out those things that reinforce our view of reality, and reject those that would contradict it.

If you convince yourself that “everyone but me is dishonest and is trying to steal everyone else’s identity and money,” you will end up only seeing those things which confirm this view of the world.

Without realizing it, you may even set yourself up to become a victim, since you expect it to happen all the time anyway. For example, if you always expect to be ripped off, you may actually decide to take your car to a less-than-trustworthy mechanic, without realizing why you even made this decision (your subconscious desire to prove that the world is an ugly, terrible place with nothing but bad people in it).

The fact is, most people are honest. Even in a crummy economy, if you drop your wallet, most people will try to return it to you. There are so many people doing good things to help out others every single day, all around the world. Let yourself see it. Sure, you’re getting phishing emails a couple times a week, but those are coming from a very small number of criminals. Be alert, but don’t let yourself become cynical. Life is just no fun that way.

Stay Vigilant

Nobody is ever 100% safe from fraud, scams or identity theft. Even if you’ve done everything possible to prevent becoming a victim, it can still happen.

Take, for example, the data breach at Heartland Payment Systems a few months ago. Through no fault of their own, thousands of people experienced unauthorized use of their credit or debit cards. It wasn’t that they fell for a phishing email or a fake phone call. They simply made a purchase or two at a store or restaurant that used Heartland as their card processor.

However, there is no reason to panic. By taking simple steps to stay safe on your end, you can drastically reduce your chances of becoming a victim of fraud.

The key is to be informed and vigilant. Know what the threats are, know how to spot a scam and keep a close watch on your financial statements, and you’ll be miles ahead of where the crooks would like you to be.

That’s why REGIONAL Federal Credit Union is bringing you this new website. We believe that education is key to achieving financial security and independence.

It’s not all doom and gloom, though. In fact, it is my aim to make this site as entertaining as possible (despite the admittedly bone-dry seriousness of this first post). I’ll be posting some Video Dispatches from the FPU very soon. Be sure to check those out. There’ll be enough weird props, strange pop culture references, silly music and bad acting for everyone, and you’ll learn something, too.

I’ll be learning, too. After all, there are new variations on these scams popping up all the time. It will be a chore to keep up, but I will do my best. In the meantime, questions, comments and suggestions are always welcome! Use the comment function below, or email me directly at cturpen@regionalfcu.org. Also be sure to follow the FPU on Twitter (@fraudprevunit). I’ll be posting tips and updates there as well.

And always remember: stay vigilant.