Beware toll-road, Facebook and donation scams

Katie Calvin drove on a toll road every day to work and back. One day she received an email informing her that she hadn't paid a recent toll fee and she had to pay immediately. She couldn't remember ever driving through a tollgate without paying. Good thing she didn't download the invoice and become the latest victim of this phishing scheme.

Fraud taking its toll

This case is fictional but representative of a scam that the Internet Crime Complaints Center (IC3) reported Nov. 3, 2014. IC3 has received hundreds of complaints from across the U.S. about this scheme.

The fraudsters typically take on the identity of E-ZPass, an automated vehicle identification and payment system used by a group of 26 toll agencies in 15 states.

The criminals use the E-ZPass logo in fraudulent but genuine-looking email messages to target those who use and don't use toll roads. A message includes a violation notice claiming the recipient used a toll road but failed to pay the required fee.

The Scambusters.org article, When Toll Roads Become a Highway to a Scam, gives an example of a fraudulent message:

E-ZPass Service Center

Dear customer,

You have not paid for driving on a toll road. This invoice is sent repeatedly, please service your debt in the shortest possible time. The invoice can be downloaded here.

Scambusters reports, "in some cases, the email message is marked as 'From: Collection Agency' and has the subject line 'Indebtedness for driving on toll road' (or similar wording) and begins with 'Dear Customer.' … However, some other news reports suggest the link may also install more dangerous viruses or link to a fake E-ZPass page seeking personal financial information, which can then be used for identity theft."

The email message includes a "Get Invoice" link that when clicked gives the victim instructions to pay for the fraudulent request for the fee. The action activates a file that installs malware onto the victim's computer, which then becomes part of a botnet or network of hacked computers that fraudsters use to spread their other fraudulent activities.

Drivers who regularly use toll roads are given the option to set up their debit or credit cards with the "toll agency," so their toll fees will be deducted after their license plates are read when going through tollgates.

Legitimate toll agencies often send out monthly invoices or payment statements, which conditions drivers to their agency logos. So drivers might not give much thought to the fraudulent email messages and in haste click on the "Get Invoice" link. Game over!

The Scambusters article provides the following precautionary advice:

• "The important thing is not to click on a link in this type of email and, definitely, never to send payment by wire transfer."
• "If you receive email notification of an invoice or other communication from the toll agency, go to the agency's website and check it out from there."

Scambusters says that toll agencies that use the E-ZPass system usually send non-payment notices via USPS mail and not email.

New Facebook schemes

Scambusters recently reported 10 common Facebook schemes, most of which lead victims to download malware onto their computers allowing fraudsters to expedite scams.

Facebook, of course, is a gold mine for ever-changing schemes. Thousands are victimized every day. The first five of the following 10 most common Facebook scams reported by Scambusters were included in a recent two-year study of more than 850,000 Facebook scams by the security group Bitdefender.

1. "Guess who viewed your profile — A false claim that an app, often called 'WhoViews,' will show you who's viewed your Facebook profile, but it actually installs a spying and spamming virus on your PC."
2. "Explicit photos or videos of friends — Victims who click on supplied links are told they need to update their Adobe Flash viewer but they actually install malware."
3. "Ads for fake products and services — Bitdefender identified 50,000 questionable domains supposedly selling pharmaceuticals and dating services. A third of the sites were also bogus replicas of genuine pages, used for phony sales or phishing for personal info."
4. "Morbid images — A faked video supposedly of a woman being beaten to death is being used to attract victims to gruesome sites that either charge fees or install malware. Another recent fake video claims to show a woman being killed by her husband.
         "Sadly, Bitdefender predicts big growth in this category as a means of grabbing attention for all sorts of dubious marketing purposes, notably because of children's increased tolerance of violent images."
5. "Funny videos — This is a variation on No. 2 above, though it doesn't claim to show friends, just people in embarrassing situations. Again, this is a ruse to get victims to install a special video player that is really malware.
         A variation claims to link to explicit photos and videos of well-known celebrities — most recently Harry Potter star, Emma Watson."
6. "A link to what purports to be the "10 Hottest Leaked Snapchats Ever." — For those who don't know, Snapchat is an instant photo messaging service owned by Facebook; this scam leads to a malware download.
7. "The big prize giveaway — Most common recent bait includes a Disney-related prize and an SUV or luxury vehicle. Some current scam pages have upwards of 60,000 'fans.'
         "The pages are then renamed and used to bombard fans with spam-type advertising either from the original scammer or whomever they sold it to."
8. "Danger targets — Scammers use 'Yard Sale' and similar pages on Facebook to lure victims to specific locations where they may be robbed or assaulted.
         "In one recent incident in Lexington, Kentucky, a couple responded to an ad supposedly offering a cell phone for sale. Instead, they were robbed and shot at by the bogus vendor in a parking lot."
9. "Facebook identity theft — In this scam, crooks hack and clone a victim's page and pose as them. Then they try to scam money out of the victim's friends, usually by claiming to be in financial trouble."
10. "A change of color — This one has been around for a while but is still going strong. Quite simply, it claims that an app can change the color of Facebook profiles from the default blue. It asks users to provide their sign-on details, which, of course, are then used to hack the victim's account."

Stop and think before you click on any Facebook links with which you aren't familiar. Be very skeptical when faced with suspicious activity that illustrates morbid behavior or offers a big prize giveaway.

Also, limit what personal information you provide about yourself and family members on your Facebook account.

IC3 Donation Overpayment Scheme

The IC3 reported on Nov. 20, 2014 it has received "numerous complaints from businesses, charitable organizations, schools, universities, health-related organizations, and non-profit organizations" that receive cash donations from individuals.

A fraudster donates a sum of money — typically thousands of dollars — to one of these organizations with a stolen credit card. The fraudster then contacts the donor organization to report that he or she made an error, say, by mistakenly entering $10,000 instead of $1,000 and requests that most of it be returned to a different credit account number.

Fortunately many of the organizations reporting the scheme don't return any funds because they discover that "the original card was stolen, or the credit card company notified them of such. Also, some of the organizations' policies did not allow funds to be returned to a different credit card," according to the IC3. Organizations should initiate policies that they will automatically investigate donations paid with credit cards to determine their validity.

More help for the community

I hope you'll share this information with your family, friends and clients and include it in your outreach programs. We must step up our efforts to educate the public on how to detect these scams and prevent themselves from being victimized. Cybercriminals take advantage of any opportunity to develop schemes to rob consumers of their resources. Even though the hackers have the upper hand, an educated community will help curb the damage.]

Please contact me if you have any identity theft issues you'd like me to research and possibly include in future columns, or if you have any questions related to this column or any other cybersecurity/identity theft questions. I don't have all the answers, but I'll do my best. Stay tuned!

Robert E. Holtfreter, Ph.D., CFE, CICA, CBA, is distinguished professor of accounting and research at Central Washington University in Ellensburg, Washington. He's also on the ACFE Advisory Council and the ACFE Editorial Advisory Committee. His email address is: doctorh007@gmail.com.