Fraudsters’ slick olive oil switch
Read Time: 13 mins
Written By:
Donn LeVie, Jr., CFE
Taking Back the ID
Fraudsters Claiming Victims Via Payday and LinkedIn Scams
Please sign in to save this to your favorites.
Identity Theft Prevention Analysis
[Some links may no longer be available. —Ed.]
Susie Duke was a fanatic when it came to technology. She had all the latest hardware, including a smartphone, a laptop, an iPad and a Blackberry — all of which she used to communicate with friends and business associates. However, she was not sophisticated about protecting herself from fraud in a tech environment. She ended up falling for a telephone collection scam related to "purported delinquent payday loans."
Payday loans have become more common over the past few years because of the declining economy. The loans are short-term fixes, usually for two-week periods, to allow individuals to cover their expenses until the loans become due the next payday. A recipient normally is required to write a check for the cash amount of the loan plus the loan fee, which often is extremely high — ranging from 15 percent to 30 percent of the loan. The lender normally deposits the check in his account when the payday date arrives. If the loan recipient does not repay the loan, the lender usually extends it at the same interest rate. The real cost of these loans can easily reach from 300 percent to 1,000 percent of the loan if the recipient does not cover it in a reasonable time period.
Susie would occasionally get behind in paying her bills, so she would go online and apply for a payday loan to tide her over until she received her next payroll check. She recently had begun receiving telephone calls purportedly from a FBI representative who said he was collecting debts for a cash advance company. Susie was very upset and confused because she always paid off her payday loans when they became due. This fraudster had already obtained Susie's personal information, including her Social Security, driver's license and bank account numbers, from an unknown source and was attempting to use it to bilk her out of money. In the next two weeks, he harassed her with numerous calls, and he threatened her with legal action if she did not immediately pay off her debt of $2,000 by placing that amount on a prepaid Visa gift card and mail it to him. Susie became confused and overwhelmed and finally gave in and paid the fraudster.
THE DELINQUENT PAYDAY LOAN SCAM
This identity theft case is fictional, but it represents a fraud that has gained enough momentum to be reported by the Internet Crime Complaint Center (IC3) in an Intelligence Note on Dec. 10, 2010 ("Telephone Collection Scam Related to Delinquent Payday Loan"). Like the FBI, the Federal Trade Commission (FTC) and the Federal Insurance Deposit Corporation, the IC3 alerts the public when it receives numerous complaints about a new scam.
The IC3 mentioned that fraudsters in this scam typically purport that they are with either the FBI, the "Federal Legislative Department" (whatever that is), other high-level government agencies or a law firm. They say that they are calling to collect debts for Internet check-cashing companies, such as U.S. Cash Net, U.S. Cash Advance and United Cash Advance. In most cases, the victims are current or former payday loan recipients.
The fraudsters do their homework before calling their potential victims. They have the targeted individuals' Social Security numbers, dates of birth, addresses, employer information, bank account numbers, and names and telephone numbers of relatives and friends. How the personal information is collected is unknown, but the IC3 said that the "victims often relay that they had completed online applications for other loans or credit cards before the calls began."
Once a con artist gets a victim on the hook, he will accelerate the scheme by continually calling that person at work, at home, and on his or her mobile phone with threats of physical violence, arrest and legal action. An intended victim will question the con artist about the particulars of the loan, but he will refuse to respond, will be abusive and, in some documented cases, will harass the victim's family and friends. In many cases, this hard-sell strategy overwhelms the victim, and he or she gives in. Like many telephone and online schemes, the fraudsters have orchestrated scripts, and they are well trained to listen for victims' cues and respond accordingly to complete sales.
The U.S. Fair Debt Collection Practices Act provides consumer protection from illegal and unethical debt collection practices. According to Lawyers.com, the act does not allow bill collectors to:
- Tell people they will be arrested if they do not pay.
- Repeatedly call the person to harass or annoy him.
- Issue threats of violence or harm.
- Falsely claim to be attorneys.
- Falsely claim that the person committed a crime.
The website also advises consumers to do the following if they receive suspicious phone calls about a debt:
- Ask the caller to send the loan information in writing.
- Refuse to verify any bank account, credit card or personal information over the phone.
- Report any telephone harassment or threats to the FTC, which enforces the Fair Debt Collection Practices Act.
- File a Better Business Bureau complaint to help let others know about the scam.
- Contact the state attorney general's office to find out about state debt collection and consumer protection laws that might apply.
In addition, the IC3 says to do the following:
- Contact your banking institutions.
- Contact one of the three major credit bureaus and request that an alert be put on your file.
- Contact your law enforcement agencies if you feel you are in immediate danger.
- File a complaint at www.IC3.gov.
SCAMS USING LINKEDIN
Recently, there have been reports of con artists culling personal information from the online business social network LinkedIn to commit fraud. LinkedIn has more than 120 million members worldwide, and as of June 30, its membership included executives from all 2011 Fortune 500 companies. LinkedIn members share personal information on the site, including their names, titles and places of business, which allows them to create opportunities for themselves and others. LinkedIn can be a great resource for identifying and networking with key people at other companies. However, some join LinkedIn to gather information on other members and perpetrate fraud. Many of them will email spear-phishing messages to LinkedIn members.
Spear Phishing
In a typical phishing scheme, a fraudster casts his net wide by sending a fraudulent email message to millions of individuals to try to hook some victims into a scam. However, in a spear-phishing scheme, the fraudster directs an email to an individual or a select group of individuals within a company or industry. The fraudster wants to convince the recipient that the message is coming from someone who is in a position of authority within the company — for example, a network administrator — who is asking for confidential information. The message typically includes a request for the person's username and password, or it will ask the recipient to click on a link that turns out to be corrupt and allows a banking Trojan to download onto the victim's computer. The banking Trojan contains a key logger that will harvest the email recipient's business or corporate bank account information. At that point, the fraudster can masquerade as the legitimate user and transfer money out of the account.
ZenuS Malware Scheme
Fraudsters also have used LinkedIn to install a malware called ZenuS on LinkedIn members' computers by sending invitations to accept new contacts. A member clicks on a link in the email message, the malware becomes embedded in the member's browser and is used to steal personal information, including passwords for personal or corporate bank accounts, depending on whether the message was received at home or work. The end result is the fraudster can transfer funds out of the accounts.
A couple of other versions of this scheme recently happened to me. Over the past four months, I have received five suspect emails. The first four were purportedly from people I knew who wanted to add me to their LinkedIn network. To accept, I would have to click on a link provided in the message. One of the individuals was a student in one of my summer classes. I immediately became suspicious and declined the offer. I then went to the LinkedIn website and entered the name of the student; up came 25 individuals with the same name, along with their profiles. I contacted the student and asked him for an explanation. He said he never contacted me via LinkedIn, but he had used his Gmail account to email me throughout the course. The only explanation I have is that the hacker stole his Gmail account from the LinkedIn website and used it to capture a contact list, which included my email address.
The fifth suspect email included a message, with an embedded link, that read, "Your LinkedIn account was blocked due to inactivity. Please follow this link to learn more. Thank you for using LinkedIn! – The LinkedIn Team." I do not have a LinkedIn account, so I can only assume it was another fraudster's attempt to install the ZenuS malware on my computer. If you receive a similar message, do not click on the embedded link. If you know the individual, contact that person to see if he or she sent it, and if they did not, alert LinkedIn. I am sure that LinkedIn is doing an excellent job trying to prevent this type of fraud. However, its website is a gold mine of personal information for fraudsters to exploit with their schemes.
MORE FOR THE COMMUNITY
To help prevent identity theft, share these scams with your friends, family and colleagues. Contact me if you have any identity theft issues that I might be able to research and report back. Stay tuned!
Robert E. Holtfreter, Ph.D., CFE, CICA, is distinguished professor of accounting and research at Central Washington University in Ellensburg, Wash.
Recently, there have been reports of con artists culling personal information from the online business social network LinkedIn to commit fraud. LinkedIn has more than 120 million members worldwide, and as of June 30, its membership included executives from all 2011 Fortune 500 companies. LinkedIn members share personal information on the site, including their names, titles and places of business, which allows them to create opportunities for themselves and others. LinkedIn can be a great resource for identifying and networking with key people at other companies. However, some join LinkedIn to gather information on other members and perpetrate fraud. Many of them will email spear-phishing messages to LinkedIn members.
Spear Phishing
In a typical phishing scheme, a fraudster casts his net wide by sending a fraudulent email message to millions of individuals to try to hook some victims into a scam. However, in a spear-phishing scheme, the fraudster directs an email to an individual or a select group of individuals within a company or industry. The fraudster wants to convince the recipient that the message is coming from someone who is in a position of authority within the company — for example, a network administrator — who is asking for confidential information. The message typically includes a request for the person's username and password, or it will ask the recipient to click on a link that turns out to be corrupt and allows a banking Trojan to download onto the victim's computer. The banking Trojan contains a key logger that will harvest the email recipient's business or corporate bank account information. At that point, the fraudster can masquerade as the legitimate user and transfer money out of the account.
ZenuS Malware Scheme
Fraudsters also have used LinkedIn to install a malware called ZenuS on LinkedIn members' computers by sending invitations to accept new contacts. A member clicks on a link in the email message, the malware becomes embedded in the member's browser and is used to steal personal information, including passwords for personal or corporate bank accounts, depending on whether the message was received at home or work. The end result is the fraudster can transfer funds out of the accounts.
A couple of other versions of this scheme recently happened to me. Over the past four months, I have received five suspect emails. The first four were purportedly from people I knew who wanted to add me to their LinkedIn network. To accept, I would have to click on a link provided in the message. One of the individuals was a student in one of my summer classes. I immediately became suspicious and declined the offer. I then went to the LinkedIn website and entered the name of the student; up came 25 individuals with the same name, along with their profiles. I contacted the student and asked him for an explanation. He said he never contacted me via LinkedIn, but he had used his Gmail account to email me throughout the course. The only explanation I have is that the hacker stole his Gmail account from the LinkedIn website and used it to capture a contact list, which included my email address.
The fifth suspect email included a message, with an embedded link, that read, "Your LinkedIn account was blocked due to inactivity. Please follow this link to learn more. Thank you for using LinkedIn! – The LinkedIn Team." I do not have a LinkedIn account, so I can only assume it was another fraudster's attempt to install the ZenuS malware on my computer. If you receive a similar message, do not click on the embedded link. If you know the individual, contact that person to see if he or she sent it, and if they did not, alert LinkedIn. I am sure that LinkedIn is doing an excellent job trying to prevent this type of fraud. However, its website is a gold mine of personal information for fraudsters to exploit with their schemes.
MORE FOR THE COMMUNITY
To help prevent identity theft, share these scams with your friends, family and colleagues. Contact me if you have any identity theft issues that I might be able to research and report back. Stay tuned!
Robert E. Holtfreter, Ph.D., CFE, CICA, is distinguished professor of accounting and research at Central Washington University in Ellensburg, Wash.
The Association of Certified Fraud Examiners assumes sole copyright of any article published on www.Fraud-Magazine.com or ACFE.com. Permission of the publisher is required before an article can be copied or reproduced.
Begin Your Free 30-Day Trial
Unlock full access to Fraud Magazine and explore in-depth articles on the latest trends in fraud prevention and detection.
The doctor who took on Goliath
Read Time: 13 mins
Written By:
Emily Primeaux, CFE
Fraud in education, part 2
Read Time: 4 mins
Written By:
Tonya J. Mead
Fraudsters’ slick olive oil switch
Read Time: 13 mins
Written By:
Donn LeVie, Jr., CFE
The doctor who took on Goliath
Read Time: 13 mins
Written By:
Emily Primeaux, CFE
Fraud in education, part 2
Read Time: 4 mins
Written By:
Tonya J. Mead