New cyberschemes are targeting individuals, universities and businesses

When Duke Franklin received a bill from his telecommunication carrier, he was shocked to see that he owed triple the amount he normally paid. He immediately called the company to report the discrepancy, but the customer service representative told him his account balance was correct.

During the call, the company rep reviewed with Duke a long list of his supposed calls. Duke only confirmed two. Obviously, someone had stolen Duke's account information and used his identity to make fraudulent telephone calls.

Telecommunication scam

Duke was a victim of a phishing scam that the Internet Crime Complaint Center (IC3) reported on May 8, 2013. (See Phishing Attacks on Telecommunication Customers Resulting in Account Takeovers.) Like most phishing scams, this one is still going strong.

According to the IC3, a potential victim receives an automated telephone call that claims to be from that person's telecommunication carrier. The victim is directed to a phishing site at which the victim is told that he or she will be able to receive a "credit, discount or prize ranging from $300 to $500."

At the fraudulent site, which is a replicate of the telecommunication company's real site, the victim is asked to provide his or her login credentials and the last four digits of his or her Social Security number. After the victim enters personally identifiable information (PII), he or she is redirected to the company's actual website where the cybercriminal makes changes to the customer's account and uses it to make fraudulent telephone calls, which, of course, are charged to the victim's account.

As with any phishing scheme, individuals should be aware of any emails, text messages or unsolicited telephone calls that promise some sort of financial reward for providing PII. Always verify the validity of messages by contacting the company referred to in the message before providing any type of PII. The IC3 recommends that victims contact their telecommunication companies.

International callback scam

The IC3 reported on Feb. 13 that individuals and businesses in the U.S. are being victimized by a new scam called International Revenue Share Fraud (IRSF) in which missed calls turn into revenue for the fraudsters. (See Callback Scheme Used In International Revenue Share Fraud.)

According to the IC3, fraudsters initiate the scam by using "call generators with automated spoofing capabilities to place calls to a large volume of U.S. cell phone numbers," which typically ring only one time. The fraudster knows that individuals normally can't answer the telephone after one ring, so they'll probably miss the calls. Therefore, all a recipient sees is an international telephone number on his or her caller ID. The number typically originates somewhere in the Caribbean.

If the call recipient returns the call, he or she will listen to a recorded message that's crafted to keep the victim on the line, such as "Hello, you have reached the operator, please hold." To maximize revenue from the scam, the fraudster will attempt to keep the caller on the line as long as possible. Those who return the calls don't realize that they're calling an international telephone number that will be appear on their next bills because all U.S. telephone companies are charged required fees to transfer the calls to foreign countries. The fraudsters who spoofed the calls then share in the revenue from them, hence the IRSF scam name.

According to the IC3, "area codes used in the spoofed numbers are from Anguilla, Antigua, Barbados, British Virgin Islands, the Commonwealth of Dominica, Grenada, Montserrat, and the Turks and Caicos Islands. These countries' numbers are part of the North American Numbering Plan and do not require 011 to be dialed as with other international calls."

Never answer or return calls from numbers you don't recognize.

According to the IC3, "companies that do not conduct business with companies in the above-mentioned countries may want to consider blocking these area codes to avoid this type of charge."

University scams

The IC3 reported on May 5 that U.S. universities are being attacked with a number of cyber-related scams. (See Cyber-Related Scams Targeting Universities, Employees, and Students.) Hackers break into university networks to find vulnerabilities in software programs and databases and compromise email addresses, tax information, bank account numbers and other PII. No doubt, the cybercriminals obtained the PII they used in most of these scams via data breaches.

Cybercriminals are sending university employees spear-phishing email messages that they fashion to appear to be from their employers. Spear-phishing email scams — as compared to general phishing scams for mass audiences — are directed to specific individuals within an organization and include "urgent" messages to immediately resolve specific problems.

In this scam, the victim is asked to provide a username and password, which the fraudster uses to hack into the university's network so he can redirect the employee's payroll allocation to a student's bank account. The fraudster previously had hired the student through a work-at-home ad and obtained his or her bank account information.

In another university-related scam, fraudsters use professors' stolen PII to file for fraudulent income tax returns. Crooks in an additional scheme reroute student loan reimbursement money — which they would use to pay for tuition, books and living expenses — to the fraudsters' bank accounts.

Business email scams

The IC3 reported on June 27 that, for more than a year, businesses have been receiving fraudulent messages — via email addresses of their legitimate suppliers — asking them to change the wire transfer payments of invoices. (See Business E-mail Compromise.) When the legitimate suppliers deliver the goods and ask for payment, the businesses know they've been rooked. (The crime originally was called the "man-in-the-email scam," but it's been renamed the "business e-mail compromise.")

Another version of the scam targets upper-level executives in an organization who receive email requests for wire transfers to bank accounts. According to the IC3, "the e-mails are spoofed by adding, removing, or subtly changing characters in the e-mail address that make it difficult to identify the perpetrator's e-mail address from the legitimate address." The IC3 reported that the losses from these scams have averaged about $55,000 with some losses of more than $800,000.

In another version of the scam, fraudsters sent spoofed emails to suppliers — supposedly from their customer companies — asking for quotes or orders for merchandise. Many suppliers received the emails at the same time, which alerted them to possible suspicious behavior. Some companies followed up and easily linked the Internet Protocol addresses to previous email scams based in Nigeria.

According to the IC3, these are some common denominators among the complaints:

• Victims are generally from the U.S., the U.K. and Canada, although there have been complaints from other countries such as Belgium.
• Victim businesses often trade internationally — usually through China.
• Victim businesses conduct high-dollar wire transfers, so requests for larger monetary amounts aren't uncommon.
• Most, but not all, victims receive the fraudulent email requests through AOL, Gmail or Hotmail addresses. A few companies have reported that scammers were able to access their internal servers.
• Victims' fraud departments traced transactions mostly to banks in China or Hong Kong. However, they also reported transactions with banks in South Africa, Turkey and Japan.
• Victims of any of these cyberscams should report the crimes to the IC3 and to local media law enforcement agencies, and the Federal Trade Commission.

More help for the community

I hope you'll share this information with your family, friends and clients and include it in your outreach programs. We must step up our efforts to educate the public on how to safeguard their computers from hackers to avoid having sensitive information stolen, which will help to reduce identity theft.

Cybercriminals take advantage of any opportunity to develop schemes to rob consumers of their resources. Even though the hackers have the upper hand, an educated community will help curb the damage.

Please contact me if you have any identity theft issues you'd like me to research and possibly include in future columns, or if you have any questions related to this column or any other cybersecurity and identity theft questions. I don't have all the answers, but I'll do my best. Stay tuned!

Robert E. Holtfreter, Ph.D., CFE, CICA, is distinguished professor of accounting and research at Central Washington University in Ellensburg, Washington. He also serves on the ACFE Advisory Council.