Tag Archives: Internet Crime Complaint Center

IC3 annual report for 2011 released

The Internet Crime Complaint Center (IC3), a collaborative effort between the National White Collar Crime Center (NW3C) and the FBI, has released its 2011 Internet Crime Report. You can view or download the document here (this requires a PDF reader…if you don’t have one, I recommend Foxit).

It can be somewhat dry reading (fancy title page notwithstanding), but it includes some interesting data. The number of complaints received by the IC3 topped 300,000 for the third year running, a 3.4% increase over 2010 (but still down from the peak in 2009).

Work-at-home scams continue to be one of the top fraud types reported, though FBI impersonation scams brought in large numbers as well. I have some questions about this statistic, though: is the ratio of FBI impersonation fraud to other types reported to the IC3 genuinely reflective of their overall ratio “in the wild” (that is, including examples not reported), or is the incidence of this particular type of fraud being reported much higher than for other types because, if you get an FBI impersonation fraud email and you know it’s a scam, if you run a Google search on the scam, it’s going to direct you to the IC3 or FBI websites, where you’re asked to report it to the IC3?

I may be splitting statistical hairs here, but I’ve got an email address that gets just about every spam, scam and 419 email in the world (lucky me, eh?), and I’ve only seen one or two actual FBI impersonation messages over the past few years. Work-at-home schemes, on the other hand, simply run riot in my spam folder.

In any case, it’s a good overview of what schemes are currently most active, and at a mere 26 pages, it’s nowhere near as dull as most government documents.

Avoiding real estate and rental scams.

Rental and real estate scams seem to be on the increase lately. Maybe they’re just getting more attention, but if they’re anything like every other scam in the universe, they proliferate in a rough economy.

There are versions that target both owners and renters.

For example, if you’ve got a property to rent out, you might be contacted by a party who claims to be interested. They will either send you a cashier’s check (first and last month’s rent, deposit, etc.) for far over the amount you’ve asked, then ask you to wire the remaining funds back to them, or give you a check then pretend to back out of the agreement later.

In this case, remember first that anyone who gives you a check then tells you to wire some or all of it back to them is attempting to commit fraud. I have yet to come across an exception to this rule. Also, if you’re renting out a property, only deal with people you can meet in person, verify their identification, and do all the credit and other checks you’d ordinarily do.

If you’re attempting to rent a property, the scam usually involves people who claim to be landlords but aren’t. You have to verify that a property is in fact owned by the person you’re talking to. Just having the key doesn’t mean anything—sometimes this scheme is run by former tenants. Ask to see the landlord’s ID, and use local websites or other resources to verify that you’re dealing with the real owner.

As a final tip, just be beyond cautious if you’re using Craigslist for renting out a property or finding a place to rent.

The IC3 has some additional information, and this site goes into even greater detail. Whichever side of a rental situation you’re standing on, it pays to stay vigilant.

How phishing and work-at-home schemes work together

I just read a really eye-opening report from the Internet Crime Complaint Center (IC3) about how phishing emails, fraudulent ACH transactions and work-at-home schemes can be connected.

It starts with a “spear-phishing” message. Spear-phishing is a targeting form of phishing, made to look like it comes from someone you know, possibly a friend or employer. This message, rather than the usual phishing angle (“click this link to verify your account information”) will either contain a malware-infected attachment, or will link to a website that infects the user’s computer with malware.

This malware includes a keylogger program, which sends a record of keystrokes back to whoever originated the scheme. Once the victim logs into one of their financial institution accounts, this information is relayed back to the crooks.

At this point, the crooks will use either wire or ACH transfers to remove money from the victim’s account. However, it doesn’t end here.

The next victims in the process are those who have fallen for some form of work-at-home scheme (usually “processing payments” or similar). The money stolen from the first victim is wired into an account held by the next victim, who then transfers it back to the criminals, thinking they are actually processing a “payment” from the original victim.

So, they’re not just logging keystrokes to steal money from one group, they’re using a second set of victims to launder the money for them.

It would be brilliant if it weren’t so slimy.

This got me thinking about US Surveys, Inc., whom I wrote about a couple months ago. In doing research on this obvious mystery shopper scam, I actually came across a few victims who, at least for their first “assignment,” had actually made around $100. “They wired $900 into my Citibank account, then had me wire $800 back to them.” It was only on their second “assignment,” when they were asked to wire their own money first, that they began to wise up.

I thought that was kind of weird at the time. Were they actually paying you the first time just to earn your trust? It seemed like an awfully big gamble, since people were realizing that it was a scam soon afterwards (not to mention the risk of someone just taking the $900 and running).

Now it makes sense. The initial $900 was probably money stolen from a spear-phishing victim. That $100 these people had made was their payoff for helping someone launder money. They weren’t being ripped off initially, but they were helping a criminal conceal the source of funds.

The second, “Now wire us your money first” assignment was probably just an attempt at an extra payoff on their way out the door; by that point, the original victim (whose money was being laundered in the first transaction) had most likely discovered the fraud and locked the account. Thieves have to move quickly from victim to victim these days.

What all this leads me to is the following:

  1. Keep your virus protection up-to-date
  2. Learn about different types of scams so you’ll know what to watch for
  3. Do not become involved in work-at-home schemes that involve “processing payments” or wire transfers; these are money laundering schemes; the only real ways to legitimately work at home are to start your own business, or to work for a company that allows telecommuting
  4. The multi-level integration of these different types of fraud is terribly sophisticated; this is organized crime
  5. Because of #4 above, your best bet is just to avoid, avoid, avoid. Lose any big ideas you might have about trying to “scam the scammers”
  6. If you are a victim of this type of crime, in addition to the standard credit locks and police reports, file a complaint with the IC3; your information could help federal law enforcement stop this type of crime in the future.