Tag Archives: Money Laundering

Online Dating Scams Can Be So Much Worse Than You Thought (OR: Incredibly Bad Romance)

The classic Online Dating Scam involves a con artist meeting a victim online, pretending to initiate a long-distance relationship, and then asking the victim to wire money.

It’s a widespread form of fraud, and despite increased awareness, it continues to thrive because we’re all convinced it only happens to other people. We’re too smart, right?

Right. There’s a reason you never hear anybody say, “Yeah, you know, I’m just really naïve and easy to manipulate.” Here’s a little trade secret known to scammers around the world: literally everyone has some area in which he or she is vulnerable. There is no such thing as a 100% scam-proof human.

But there may be an even more compelling reason to avoid the romance scam: the possibility of criminal prosecution. In this case reported by BBC News, a woman was not only tricked into wiring her own money to her online “partner” over the course of several years, but also convinced to move money between different bank accounts on behalf of the con artist, making her an accessory to money laundering.

For which she was prosecuted and convicted.

Yeah, let that one sink in for a second. The irony is, she was probably helping him launder money he was getting from other romance scam victims.

Now, I’m no legal expert, and this case did occur in the U.K., not the U.S. I’m not sure how different the laws are here, but I’m betting that there is a point at which they also no longer care that you were a victim because it should have dawned on you that you were laundering money.

So if you’re out there on the internet looking for companionship, or if you know someone who is, be aware of the risks. When someone you’ve never met is asking you to send money, or to transfer funds between different financial institutions, do not do it. Under any circumstances, okay?

BobBear anti-fraud site shutting down.

This is sort of a bummer—the website bobbear.co.uk is shutting down for good.

According to the message on the site, if someone made a serious offer, he might sell the site to them. Even so, I doubt this would be done as a non-commercial venture. Websites always lose the thread when the person with the original vision is no longer involved (look at the sad case of JumpTheShark.com, which I’m not even going to link to because it’s pathetic. That was a bad thing you did, TVGuide.com).

BobBear was dedicated to exposing money laundering and reshipping fraud websites. Often these sites were hard to spot, as they look like professional pages from legitimate companies.

However, they were anything but. People who applied for jobs would either end up reshipping stolen electronics between thieves or wiring stolen money between bank accounts.

There are still a few lessons to be learned from BobBear:

  1. You have to research companies before you apply for a job. Just because it has a website doesn’t mean it’s a real company.
  2. Poor grammar and spelling are warning signs, but an absence of bad English doesn’t prove a site is legitimate.
  3. There is no reason to hire someone to receive a shipment of goods, and then have them send it to someone else.
  4. There is no reason to hire someone to receive electronic payments, and then have them wire these to someone else.

The Dangers of Online Job Searching: Money Laundering and Reshipping Schemes

I almost don’t even know where to begin because this topic is so large, and actually sort of frightening.

The quick version is that you have to be extremely careful with online job listings, even when they appear on a site like CareerBuilder or Monster, and even if you contact them first. You don’t want to inadvertently end up helping criminals launder money or goods.

I’ve written quite a few posts on avoiding Mystery Shopper scams over the past seven months, but there are other types of employment fraud that may not even steal your money, but can lead you into being the only traceable link in a money laundering chain.

Money laundering is a felony, in case you were wondering.

There are thousands of fake companies with fake websites, offering attractive sounding part-time work-at-home jobs. Often these jobs involve transferring payments between clients, or receiving shipments of goods and forwarding them to their final destination. What’s really happening is that you’re being used as a “mule.” The process works like this:

  1. After you’ve been hired, you give the company your bank account information and wait.
  2. A large deposit, usually a little under $10,000 will be wired into your account.
  3. You are instructed to withdraw these funds, minus your “fee,” and use Western Union or Moneygram to wire it to different places, usually in chunks of slightly less than $3,000.
  4. You get arrested and interrogated for your involvement in international money laundering.
  5. You might not ultimately end up in jail, but since you gave this “company” your personal information, you become a victim of identity theft later on.

The “reshipping” version of this scheme works this way:

  1. After you’ve been hired, you wait for a shipment to arrive.
  2. A shipment of electronics arrives with instructions to send it to a “client.”
  3. You do exactly that.
  4. You get arrested and interrogated for your involvement in international fraud, because those electronics were purchased with stolen credit card information.
  5. You might not ultimately end up in jail, but since you gave this “company” your personal information, you become a victim of identity theft later on.

So, you might not be the one being robbed of money in this case, but you’re definitely helping organized criminals (usually based in Eastern Europe) steal money and conceal the source of their funds.

Whence is the money being stolen? Usually, from businesses or public entities such as the Delray Beach Public Library whose networks have been compromised with malware (the link takes you to a fascinating rundown of a real-life example of this scheme).

So, how do you separate the legitimate job listings from the money laundering and reshipping schemes? It’s not super-easy, to tell you the truth. These criminals are very skilled at creating fake websites and credentials, and they use channels like CareerBuilder and Monster to hook potential mules. There are some things to keep in mind, though.

  1. Ignore any job offer in which you were contacted out of the blue. You’ve heard this one from me before.
  2. If you’ve got a resume up on a job search site, be extremely careful of any company that contacts you first. Take a few extra minutes to check out their website and carefully read the offer. If it has anything to do with “part-time work-at-home,” there’s about a 98% chance that it’s not something you should pursue.
  3. Don’t assume that having a website means a company is legitimate.
  4. Watch for poor English in the job listing or on the website. One dead giveaway is placing a definite article before a city (“We are based in the London”), which I hear is typical of Russian speakers who aren’t quite fluent in English. However, they also cut and paste from real websites, too—absence of this type of evidence is not an automatic green light for you.
  5. Just be extremely cynical about any company that claims to be in the shipping business.
  6. Also be extremely wary of jobs with titles like “Financial Agent,” Financial Manager,” or anything involving “processing payments.” Companies either process their own payments, or hire other companies (not individuals) to do it for them.
  7. Ask yourself this: why would an international corporation trust some random person out of the general public to receive payments or goods and forward them to their destination? What legitimate reason could they have for needing a middleman?
  8. Apply for jobs only with companies you’ve either heard of, or with companies with a verifiable web presence beyond just their own websites.
  9. Look up the company address on Google Maps, and look at the Street View. Compare it to the photo of the company’s headquarters on their website.
  10. Run a virus and spyware check after you’ve visited any website that ended up looking fishy. Just to check.

It’s hard to even come up with these guidelines, because some of these job listings are so similar to real ones. However, I think the first place I would start when checking out a company is to head over to bobbear.co.uk.

Bobbear is an excellent site (despite its funky “straight outta 1995” appearance), with a running list of over a thousand active and inactive websites from fake companies. Under the section titled “Active Frauds,” you can view screenshots of these fake websites and a rundown of all the warning signs that they are fraudulent. I wouldn’t click any links under “Undocumented, Verified Fraud Sites” though, because these lead to the actual sites (and you never know what kind of malware might be lurking).

As you can see, there are hundreds of active sites. Check out nine or ten on bobbear, though, and you’ll start to see patterns that will help you stay vigilant when you’re looking for a new career.

How phishing and work-at-home schemes work together

I just read a really eye-opening report from the Internet Crime Complaint Center (IC3) about how phishing emails, fraudulent ACH transactions and work-at-home schemes can be connected.

It starts with a “spear-phishing” message. Spear-phishing is a targeting form of phishing, made to look like it comes from someone you know, possibly a friend or employer. This message, rather than the usual phishing angle (“click this link to verify your account information”) will either contain a malware-infected attachment, or will link to a website that infects the user’s computer with malware.

This malware includes a keylogger program, which sends a record of keystrokes back to whoever originated the scheme. Once the victim logs into one of their financial institution accounts, this information is relayed back to the crooks.

At this point, the crooks will use either wire or ACH transfers to remove money from the victim’s account. However, it doesn’t end here.

The next victims in the process are those who have fallen for some form of work-at-home scheme (usually “processing payments” or similar). The money stolen from the first victim is wired into an account held by the next victim, who then transfers it back to the criminals, thinking they are actually processing a “payment” from the original victim.

So, they’re not just logging keystrokes to steal money from one group, they’re using a second set of victims to launder the money for them.

It would be brilliant if it weren’t so slimy.

This got me thinking about US Surveys, Inc., whom I wrote about a couple months ago. In doing research on this obvious mystery shopper scam, I actually came across a few victims who, at least for their first “assignment,” had actually made around $100. “They wired $900 into my Citibank account, then had me wire $800 back to them.” It was only on their second “assignment,” when they were asked to wire their own money first, that they began to wise up.

I thought that was kind of weird at the time. Were they actually paying you the first time just to earn your trust? It seemed like an awfully big gamble, since people were realizing that it was a scam soon afterwards (not to mention the risk of someone just taking the $900 and running).

Now it makes sense. The initial $900 was probably money stolen from a spear-phishing victim. That $100 these people had made was their payoff for helping someone launder money. They weren’t being ripped off initially, but they were helping a criminal conceal the source of funds.

The second, “Now wire us your money first” assignment was probably just an attempt at an extra payoff on their way out the door; by that point, the original victim (whose money was being laundered in the first transaction) had most likely discovered the fraud and locked the account. Thieves have to move quickly from victim to victim these days.

What all this leads me to is the following:

  1. Keep your virus protection up-to-date
  2. Learn about different types of scams so you’ll know what to watch for
  3. Do not become involved in work-at-home schemes that involve “processing payments” or wire transfers; these are money laundering schemes; the only real ways to legitimately work at home are to start your own business, or to work for a company that allows telecommuting
  4. The multi-level integration of these different types of fraud is terribly sophisticated; this is organized crime
  5. Because of #4 above, your best bet is just to avoid, avoid, avoid. Lose any big ideas you might have about trying to “scam the scammers”
  6. If you are a victim of this type of crime, in addition to the standard credit locks and police reports, file a complaint with the IC3; your information could help federal law enforcement stop this type of crime in the future.