Robert E. Holtfreter, Ph.D., CFE
Robert E. Holtfreter, Ph.D., CFE, is a distinguished professor of accounting and research at Central Washington University. He serves on the ACFE Advisory Council, the ACFE Editorial Advisory Committee and the ACFE’s inaugural CFE Exam Content Development Committee. In 2005, he received the ACFE’s Outstanding Achievement in Accounting award and the ACFE’s Educator of the Year award in 2006. Holtfreter was the recipient of the Hubbard Award for the best Fraud Magazine feature article in 2016. Contact him at doctorh007@gmail.com.
College summer job search ripe for fraud
College student employment scams have been common for many years and continue to proliferate because of their profitability. Students learn about these fraudulent “job opportunities” by visiting college employment websites at which fraudsters post phony ads or send via emails to their school accounts.
Written By: Robert E. Holtfreter, Ph.D., CFE
Business email compromise fraud
Once fraudsters have identified the individual who has the authority to perform wire transfers, fraudsters search social media websites and phishing emails to learn more about this person before they precede with the BEC scam. They can gain an accurate understanding of the roles that individuals perform in a business and the messaging procedures for wire transfers.
Written By: Robert E. Holtfreter, Ph.D., CFE
‘Juice jacking’ plus music gift cards
Juice jacking is a form of cyberattack in which a malicious hacker can gain access to personal or sensitive corporate data stored on a personal or business-issued mobile device or inject malicious code into it when an unsuspecting victim uses a compromised public charging station at an airport, business center or hotel at a conference or other public place. All travelers, especially frequent ones, are at a heightened risk of this type of data breach that can lead to increased identity theft activity.
Written By: Robert E. Holtfreter, Ph.D., CFE
Not so savvy
Technical support scams are very lucrative because fraudsters have a captive audience of electronic device users who know the importance of keeping updated with recent security software and, as a result, will normally listen to spiels about an offer to do a “free” check to spot malware on their computer or “new” software products that they can purchase that supposedly will fix current or future security problems. But, alas, good things sometimes have dire consequences.
Written By: Robert E. Holtfreter, Ph.D., CFE
Sun, sea ... and travel fraud?
Travel scams have been around for years, and fraudsters continue to come up with new versions. Vacationers need to be especially careful from the beginning when they book their travel plans and throughout their entire vacations as fraudsters wait to hijack their personally identifiable information (PII) and use it for identity theft purposes.
Written By: Robert E. Holtfreter, Ph.D., CFE
Employees are the weakest links, part 1
This study shows that untrained employees are the linchpins for most data breaches. Organizations can help prevent them if they're filled with savvy and aware employees at all levels.
Written By: Robert E. Holtfreter, Ph.D., CFE, Adrian Harrington
Beware tax preparer and charity scams, plus unemployment insurance benefits fraud
Fraudsters continue to harvest PII by targeting professional tax preparers, compassionate givers and COVID unemployment insurance benefits money.
Written By: Robert E. Holtfreter, Ph.D., CFE
Scams abound: phony online job postings, student loan forgiveness and much more
Fraudsters want your personally identifiable information. And they’ll steal it by trying to convince you to apply for phony jobs, respond to a fake alert that illegal goods were shipped in your name and have been intercepted, and bogus student loan forgiveness programs. Foil them before they try to punk you.
Written By: Robert E. Holtfreter, Ph.D., CFE
Immunize your organization
A major finding of this study is that contrary to public opinion data breaches have hit organizations of all sizes and in every type of industry. Nobody is safe. Immunize your employees to prevent the insidious infections.
Written By: Adrian Harrington, Robert E. Holtfreter, Ph.D., CFE
Avoiding fake AI online ads and confronting malware problems
Using a computer these days is fraught with fraud risks. That ad about artificial intelligence may be interesting, but a click on the wrong website and you could be hacked. Here are some tips to avoid malware and having your personal identifying information stolen.
Written By: Robert E. Holtfreter, Ph.D., CFE
Business email scam rampant
Fraudsters target businesses working with foreign suppliers and/or businesses that regularly perform wire-transfer payments. The crooks use social engineering or computer intrusion techniques to compromise real business email accounts and create unauthorized transfers of funds out of business bank accounts.
Written By: Robert E. Holtfreter, Ph.D., CFE
Veterans’ frauds, caution in answering online questions and ways to avoid all scams
Prior to the U.S. Veterans Day holiday, Winston Mittens, a retired Army staff sergeant, answered a call from someone who said he worked at Mittens’ bank. The caller said the bank was beefing up its security, so it needed Winston to verify his account information and Social Security number, which he did. But in the next week, Winston visited his bank to deposit a check and found he had a zero balance in his account. A bank official told Winston that someone had used his identity to steal his banking credentials and drain his money. Lucky for him, the bank covered the fraud and restored his balance. The bank also changed his account credentials so he hopefully wouldn’t be a victim again.
Written By: Robert E. Holtfreter, Ph.D., CFE
COVID test kits scam, hurricane recovery and charity scams, and AI email security gaps
U.S. citizens can receive free COVID tests again; beware of scammers who want to charge you. Fake charities are following the recent hurricane disasters. And fraudsters are using artificial intelligence to gain the upper hand to invade inboxes with sophisticated malicious emails.
Written By: Robert E. Holtfreter, Ph.D., CFE
Beware of social media takeovers and compromised credit reports
It seems like identity thieves never sleep. Now they want to imitate your friends and hack into your social media accounts. And they want to compromise your credit scores. Here’s how to protect yourself and your loved ones.
Written By: Robert E. Holtfreter, Ph.D., CFE
Hook, line and sinker
Did you think phishing campaigns were passé? Well, what’s past is prologue. Phishing attacks, which have increased 30 percent in each of the last three years, are still responsible for most data breaches. Here’s how to understand and prevent them from crippling your organization.
Written By: Robert E. Holtfreter, Ph.D., CFE
Fraudsters targeting your phone, college prep and paycheck
Do you even answer your cellphone anymore? Fraudsters are sending phone messages with spoofed area codes, numbers and names. Here’s how to avoid the scammers plus information on college test prep scams and online payroll check thefts.
Written By: Robert E. Holtfreter, Ph.D., CFE
W-2 spear phishing taking a toll, plus phone hijacking
With the W-2 email phishing scam, the scammers ask payroll or human resources staff members for copies of W-2 forms for all employees. The forms contain a wealth of PII, including names, addresses, Social Security numbers, salary, wage and withholding information. The criminals use the pilfered information to file fake income tax returns and sometimes follow up with a request to wire transfer money to an account.
Written By: Robert E. Holtfreter, Ph.D., CFE
2018 FTC numbers paint worsening fraud picture
Three million fraud complaints in 2018. That’s what the Federal Trade Commission received — many of them for identity theft. When we look at the stats since 2001, we see the fraud problem is worsening.
Written By: Robert E. Holtfreter, Ph.D., CFE
Tax season has ended but scams haven't
Fraudsters have invented new themes on old schemes. They threaten to suspend Social Security numbers or tell victims they owe money to fake government organizations.
Written By: Robert E. Holtfreter, Ph.D., CFE
Ransomware continues to evolve into new variants
Ransomware, which morphed from scareware fraud around 1998, isn’t abating. Fraudsters are still holding electronic devices ransom with creative variants and extorting money and personally identifiable information. Here are some of the historical and current developments plus ways to help others avoid ransomware.
Written By: Robert E. Holtfreter, Ph.D., CFE
Impersonating the good guys
Susan West was perplexed when she received an email from the Internet Crime Complaint Center (IC3) notifying her that she was eligible for restitution after internet fraudsters had ripped her off. She didn’t remember that she’d been a victim. But she followed the directions to claim the restitution by clicking on an attachment, downloading a form that she filled out with her personally identifiable information (PII) and emailing it to the “IC3.”
Written By: Robert E. Holtfreter, Ph.D., CFE
Telephone and phishing scams taking their toll
Fraudsters know that we sometimes get rushed and make mistakes when we dial telephone numbers. So they’ve purchased hundreds of telephone numbers, including those of the toll-free variety, that are similar to common business numbers — except for one digit.
Written By: Robert E. Holtfreter, Ph.D., CFE
Tech support and BEC scams explode
According to the FBI’s Internet Crime Complaint Center (IC3), in most cases the fraudsters claim to work for cable or internet companies and offer to resolve technical problems with victims’ routers, modems, digital cable boxes or connections to the internet.
Written By: Robert E. Holtfreter, Ph.D., CFE
Scammers targeting students with loans, bankruptees, LinkedIn users and more
Fraudsters, who find bankruptcy information and contacts in public records, are effective because they prey on the fears of stressed, panicked victims.
Written By: Robert E. Holtfreter, Ph.D., CFE
Your biggest problem? People.
Organizations in every industry sector — private and public — need to step up to the plate and develop comprehensive risk management strategies that include strong ongoing data protection and security awareness programs to help protect the PII and other sensitive information of their customers, clients and employees.
Written By: Robert E. Holtfreter, Ph.D., CFE, Adrian Harrington
Fraudsters fleecing with child tax credits and QR scams
U.S. federal government agencies will never text, email or contact citizens on social media or via robocalls. But scammers will. Here’s information on the child tax credit, broadband benefit program, pandemic-related economic payments and fake QR frauds.
Written By: Robert E. Holtfreter, Ph.D., CFE
Spear-phishing scam targets teacher identities
According to the ITRC, fraudsters sent emails to New York teachers from two school districts purportedly from their superintendents asking them to send their PII, including Social Security numbers. One employee complied. Instant compromise. Phishing schemes, the most common of fraudsters’ mechanisms for stealing PII and using it for identity theft purposes, come in two types: mass driven and custom made.
Written By: Robert E. Holtfreter, Ph.D., CFE
XFINITY, Amazon, Facebook and Wal-Mart identity theft scams
Online scams abound! Cybercrooks aren’t resting as they work to pry cash from your wallets and purses. The Identity Theft Resource Center (ITRC) recently reported scams involving XFINITY, Amazon, Facebook and Wal-Mart.
Written By: Robert E. Holtfreter, Ph.D., CFE
Inheritance scam, improving cybersecurity protection and what to do if you get scammed
Susan Jones received a letter from a law firm that told her that she might be the recipient of a long-lost relative’s multimillion-dollar inheritance. To process the claim, she wired the firm a deposit, her Social Security number (SSN) and bank account numbers, but she didn’t receive any correspondence after that. Two weeks later, her bank account had a zero balance.
Written By: Robert E. Holtfreter, Ph.D., CFE
ChatGPT AI voice cloning, plus fake income-tax refund scam
Don’t send in the clones! Fraudsters are using ChatGPT to replicate voices to pull off classic grandparent and family-emergency scams. And beware of this new fake income-tax refund scam.
Written By: Robert E. Holtfreter, Ph.D., CFE
Be alert to Medicare hospice fraud and new mobile job-offer cons, plus spot phishing scams
Creative scammers offer Medicare hospice services (to those who aren’t terminally ill). Beware of sophisticated job-offer frauds on mobile devices. And here’s how to spot pesky phishing scams.
Written By: Robert E. Holtfreter, Ph.D., CFE
Fake Geek Squad scams and what to do if you fall victim to credit card fraud
Kerry Binder thought of herself as a real computer jock. When she had a problem with her computer that she couldn’t solve, she contacted the Geek Squad, retailer Best Buy’s tech support service, for help. One day she received a text message saying she’d been charged hundreds of dollars to renew her Geek Squad membership. She knew nothing about this and thought that this was an error. The text message said Binder could dispute the charge or cancel her membership by calling a phone number within 24 hours. When she made the call, a scammer told her that he had to gain remote access to her computer to help her. When he’d finished rummaging around in her computer, he told her that he’d corrected the error and apologized for the mistake.
Written By: Robert E. Holtfreter, Ph.D., CFE
Phishers use AI to bypass email security, fake life insurance policy scams and more
Phishing scams never disappeared; they’re just more sophisticated. Also reject letters promising millions from insurance policies. And beware of invoices for COVID-19 tests you never ordered.
Written By: Robert E. Holtfreter, Ph.D., CFE
Toll-charge scam, five AI threats, CISA impersonation and reducing spam messages
Fraudsters pose as employees of toll road agencies and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to steal money and personal information from unsuspecting consumers. Also in this column, the author details how artificial intelligence is making it easier to commit cyberfraud, and how consumers can reduce the number of spam emails in their inboxes.
Written By: Robert E. Holtfreter, Ph.D., CFE
Identity thieves steal PII with fake Google Authenticator ads, WhatsApp job scams and phony airline customer service reps
Identity thieves continue their quest for consumers’ personally identifiable information with three new scams. Beware fraudsters posing as airline customer service representatives on social media, mystery companies targeting job seekers on the WhatsApp instant messaging service and fake Google Authenticator ads masquerading as malware.
Written By: Robert E. Holtfreter, Ph.D., CFE
Fraudsters steal pandemic cash in your name, infect business web gateways, and pilfer children’s health insurance money and PII
Fraudsters stole billions from U.S. federal COVID-19 loan programs. Now unsuspecting victims, who never applied for those loans, are receiving bills. Plus, business ‘NetScaler Gateways’ are attacked, and Medicaid children’s health insurance recipients are scammed.
Written By: Robert E. Holtfreter, Ph.D., CFE
Identity thieves target social media influencers and college students in latest job scams
The FTC warns social media influencers and college students of job opportunities that are actually ploys to steal personal and financial information. Plus, identity thieves continue to scam people via work-from-home jobs and what you can do to avoid becoming a victim of these schemes.
Written By: Robert E. Holtfreter, Ph.D., CFE
Fake tax refunds, business license scams and risky AI platforms
What makes fraudsters see dollar signs in their eyes? Personally identifiable information. Here are schemes designed to squeeze PII from victims via web links, the mail and insecure AI platforms.
Written By: Robert E. Holtfreter, Ph.D., CFE
Scammers rip off desperate school-loan debtors, plus analyzing sensitive data leakage
In March, a U.S. district court shut down a student debt-relief operation that stole $8.8 million in junk fees from school debtors. Here we detail how others can avoid falling victim to scams that claim they’re helping people pay off their student loans. And a recent data security report sounds the alarm on organizations sharing data internally.
Written By: Robert E. Holtfreter, Ph.D., CFE
Scammers using FedEx and COVID-19 ruses to collect PII
In separate scams, fraudsters target would-be victims who are worried about packages they might never receive plus COVID-19 threats. The criminals play on fears to harvest personally identifiable information.
Written By: Robert E. Holtfreter, Ph.D., CFE
Attack of DoS/DDoS
Fraudsters are doing more than shutting down sites by flooding them with millions of automated inquiries. They’re infecting websites with malware that unsuspecting users are downloading on their devices. Here’s how to advise your organizations and clients to protect domain name servers that will prevent loss of revenue, productivity and reputation.
Written By: Robert E. Holtfreter, Ph.D., CFE
Beware of ‘boss gift card,’ Medicare equipment scams
Fraudsters always find new ways to rip off consumers. They’re stealing money via gift cards, back- and knee-brace schemes and your American Express credit card.
Written By: Robert E. Holtfreter, Ph.D., CFE
Unemployment benefits identity theft, contact-tracing scams and more
Fraudsters add to COVID-19 woes by ripping off unemployment benefits. And, of course, they’ve figured out how to profit from contact-tracing programs. Plus, employers must reduce risk of data loss and theft after layoffs and furloughs.
Written By: Robert E. Holtfreter, Ph.D., CFE
Be alert for overpay wire-transfer scam and COVID-19 small-business loan frauds
Fraudsters, disguised as potential customers, are sending phishing emails to businesses to foist on them a con game. And scammers are claiming to be approved lenders under the U.S. SBA Paycheck Protection Program, which is part of the Coronavirus Aid, Relief, and Economic Security Act.
Written By: Robert E. Holtfreter, Ph.D., CFE
Supply-chain fraud is alive and escalating
The last time you probably thought about supply chains was during the early days of the COVID-19 crisis when the toilet-paper shelves were empty. But that TP had to wend its way through a complex journey from pulp mills to your home that involved many parties and chains of events. Disrupt just one step — say because of pandemic fears or fraud — and the chain breaks. Here’s how to help prevent supply chains from fraudulent acts and mitigate them when they do break.
Written By: Robert E. Holtfreter, Ph.D., CFE
IRS telephone scams, remote-working risks and VPNs for tax pros
The IRS won’t call you or text you to threaten jail. And the pandemic has created security threats and opened new opportunities for cybercriminals. Plus, tax pros need VPNs.
Written By: Robert E. Holtfreter, Ph.D., CFE
Formjacking, Netflixphishing and new Medicare card scams
Shopping online is almost second nature now, right? But you could be jeopardizing your identity by just entering information into web page forms. Learn about “formjacking,” how fake Netflix sites are phishing for your PII, Medicare scams and more.
Written By: Robert E. Holtfreter, Ph.D., CFE
Grandparents' scam revisited and jury-duty fraud
The grandparents' scam, which began about 10 years ago, is still claiming victims regardless of alerts from the media and government agencies. I’ve reported on this scam, but it’s important to address it again because fraudsters, of course, have devised a new-and-improved version that makes the voices of the targeted “grandchildren” even more believable.
Written By: Robert E. Holtfreter, Ph.D., CFE
New phishing scams, fake FTC letters and more
Nothing’s sacred. Cybercriminals are now faking those “https” secure websites. Don’t fall for them plus assorted new phishing scams and fraudulent Federal Trade Commission letters.
Written By: Robert E. Holtfreter, Ph.D., CFE
Fake calls from Amazon and Apple, vaccine scams, strengthening passwords
Amazon and Apple aren’t calling you to warn you of suspicious activity. And vaccine scammers are here. Plus don’t get lax in concocting new passwords.
Written By: Robert E. Holtfreter, Ph.D., CFE
EFIN tax scam, selecting reputable tax preparers, weather-related scams
Unusual circumstances open opportunities for fraudsters, and 2021 is no exception. Not only has an uptick in online tax filings during the pandemic spurred new ways to cheat Americans out of their refunds, but utility scams related to winter deep-freezes are on the rise. Here’s what you should do to protect yourself.
Written By: Robert E. Holtfreter, Ph.D., CFE
Fraudsters use states' COVID-19 lotteries to swipe PII, money
You knew that when U.S. states began holding vaccine lotteries and sweepstakes, fraudsters would get in on the action. Also, here’s what happens when crooks attack their victims — again.
Written By: Robert E. Holtfreter, Ph.D., CFE
During tax season beware risks of losing your identity
You’re ahead of the curve — you’ve filed your tax return early, but then you discover that a fraudster has stolen your PII and already filed one in your name. You’re a victim of the stolen identity federal income tax refund fraud scheme.
Written By: Robert E. Holtfreter, Ph.D., CFE
Fraudsters find novel ways to steal money and PII
Identity-theft fraudsters with no consciences use any opportunity to find new victims. Witness attempts to rip off vaccine hunters, caring grandparents and desperate job seekers.
Written By: Robert E. Holtfreter, Ph.D., CFE
Playing dodgeball with yet more scams
Think you’re completing your tax return? Think again. That frightening call from the Social Security Administration? Not who you think it is. And believe you’re getting the protection and settlement from the Equifax breach? Buyer, beware.
Written By: Robert E. Holtfreter, Ph.D., CFE
Avoid the "blue" in Bluetooth
Bluetooth can connect your phone to your car so that you can use the car’s stereo system. But vulnerabilities expose users to crooks wanting to steal personally identifiable information (PII). The column also covers phone hacking, another popular method of stealing PII.
Written By: Robert E. Holtfreter, Ph.D., CFE
Internet of Things
It’s all connected. From comic-book enthusiasts to conspiracy theorists to new-age acolytes — many believe that those seemingly random dots do connect. And now the “Internet of Things” (IoT) might start us down that road.
Written By: Robert E. Holtfreter, Ph.D., CFE
COVID-19 and utility bill scams
The pandemic is bad enough, but scammers are out there waiting to steal your money and identity via COVID-19 fraud. Here also is the newest utility bill scam.
Written By: Robert E. Holtfreter, Ph.D., CFE
Begin Your Free 30-Day Trial
Unlock full access to Fraud Magazine and explore in-depth articles on the latest trends in fraud prevention and detection.