XFINITY, Amazon, Facebook and Wal-Mart identity theft scams

Online scams abound! Cybercrooks aren't resting as they work to pry cash from your wallets and purses. The Identity Theft Resource Center (ITRC) recently reported scams involving XFINITY, Amazon, Facebook and Wal-Mart.

XFINITY phishing email scam. Massachusetts police reported this scam that targeted customers of Internet service provider XFINITY. Fraudsters initiated the scam by randomly sending an email message that said that a recent payment couldn't be processed until the recipient sent personally identifiable information (PII), including the victim's full name, username, password and Social Security number.

Delete these emails. Or if you're not sure, find XFINITY's actual phone number online and give them a call. Of course, don't use the telephone number included in the email message.

Amazon password phishing email scam. Cybercriminals are taking advantage of a recent announcement that some Amazon customers might have had their passwords exposed. The scammers are emailing phishing messages at random to Amazon users to attempt to download malicious malware onto their computers that will search for PII.

Facebook quiz scam. Cybercriminals snare Facebook users with fake quizzes that grab their PII, including contact information, friends' lists, photos and other personal social media content and history. They then use it for the usual identity theft purposes, but they also sell it to advertisers and other cybercriminals.

Cybercriminals have targeted Facebook with thousands of scams. I reported on some of the worse ones in my July/August 2013 column, Facebook phishing schemes are turning ‘friends' into enemies. Don't be tempted to give up any of your PII under any circumstances, including via spam emails and phishing attempts. And, equally important, to avoid being targeted by cybercriminals, restrict the personal, friends and family information you place on your Facebook account.

Wal-Mart employment scam. Cybercriminals are using Wal-Mart as a front for an employment scam to drain victims' bank accounts and grab their PII. The scammers work the fraud by mailing a victim an official-looking check from Wal-Mart and telling the individual in an accompanying letter that it's "your first payment in your new position as a ‘quality control' expert at Wal-Mart." The victim, who actually doesn't work for Wal-Mart, tries to cash the check anyway, and in the process the cybercriminal drains his bank account. Recipients of these bogus checks should shred them and the letters.

Top 10 scam predictions from Scambusters

We're well into 2016, but let's look at some of the scams the Scambusters website says will be hot this year. Following are Scambusters' predictions with the 2015 ranking in parentheses.

1. (1) "Phishing and ID theft. We see no real signs of improvement. Even though security software is getting stronger, the crooks seem to stay one step ahead, with new techniques for hacking and for fooling people into giving away their confidential information."
2. (5 and 6) "Imposter scams. We decided to roll the hit-and-run and grandparent/imposter scams into a single category because they all involve the crooks pretending to be someone they're not. We think the IRS unpaid tax scam will continue to be strong in 2016, sadly with evidence that crooks are starting to use threats of violence or jail to force their victims to pay up. In one outrageous case we encountered recently, victims were told they would be beheaded if they didn't pay their tax bill!"
3. (3) "Lottery and sweepstakes scams. The message isn't getting through! The aging population is simply creating a bigger target for the scammers, and names of susceptible people are being passed around on so-called ‘sucker lists. These victims may get dozens of calls a day, while others simply refuse to believe it's a scam. It's an area where we all must do more to alert and monitor vulnerable people."
4. (4) "Malware. As we said earlier, crooks are getting better at tricking people into thinking their messages are genuine. [The year] 2015 saw a huge surge in crooks posing as Microsoft support techs wanting remote access to victims' PCs, and the company has recently issued a new warning that the crime is on the increase. Also, as people increasingly use mobile devices in place of PCs, they're often unaware of how vulnerable some of them may be to malware and so fail to install security software."
5. (6) "Bogus online sites and telesales. There could be a jump in this category as crooks switch to making random robocalls to cell phones. Also, as of this writing, debt-collection robocalls to cell phones are not outlawed, although there's been a move in Congress to do so."
6. (-) "Dating scams. Out of nowhere, we're seeing more and more reports of ‘lonely-hearts' falling for scams in which they pay tens of thousands of dollars to their fake online dates. In a sense, it may seem like just another imposter scam but there's more to it than that. As the recent hacking of the Ashley Madison dating site demonstrated, once crooks get their hands on member details, they potentially could use them for all manner of tricks including identity theft and extortion."
7. (8) "Investment scams. Interest rates may rise slightly but they'll stay at historic lows, while continuing stock market instability might lure investors into ‘sure thing' scams. Ponzi schemes, reverse mortgages, real estate con tricks, and private stock offerings are all on the rise."
8. (7) "Advance fee scams. Financially hard-pressed students are in the sights of the scammers, with offers of phony jobs, especially ‘secret shopper' scams. Victims are younger, inexperienced and, therefore, potentially more easily fooled."
9. (-) "Social media scams. They're mostly harmless in the sense that victims may not lose money, but ‘like' harvesting, where victims can supposedly win a big car or get a free gift card for ‘sharing' a page are rocketing. Links to supposed sensational stories on social media sites may also lead to malware and ID theft."
10. (9) "Economy-related scams. With an election looming we might see all sorts of scare stories using the ‘get-it-while-you-can' tactic for grants and loans, so this isn't disappearing from our top scams chart just yet!

Most interesting but predictable, phishing and identity theft" is ranked No. 1, which reinforces the FBI's contention that identity theft has been the numero uno fraud problem in the U.S. in the past 10 years.

Scam No. 4, malware, of course, is directly related to identity theft. Cybercriminals commonly use the rest of the scams in the list to download malware onto victims' computers and PII for identity theft.

As is well known, cybercriminals are very clever in continuing to develop new scams to steal the identities of individuals and rob them of their resources. The above scams represent a small but very lucrative sample. As they've emerged, I've reported on these and others in this column and in Fraud Magazine, and I'll predict that we'll see many new identity theft scams in the rest of 2016. You've been forewarned, so be alert.

More help for the community

I hope you'll share this information with your family, friends and clients and include it in your outreach programs. We must step up our efforts to educate the public about these problems.

As you can see, cybercriminals take advantage of any opportunity to develop schemes to trick consumers and rob them of their resources. Even though they have the upper hand, an educated community will help curb the damage.

Please contact me if you have any identity theft issues you'd like me to research and possibly include in future columns or if you have any questions related to this column or any other cyber security/identity theft issue. I don't have all the answers, but I'll do my best to help. Stay tuned!

I'd like to acknowledge Central Washington University's Faculty Research Program in its support of this work.

Robert E. Holtfreter, Ph.D., CFE, CICA, CBA, is distinguished professor of accounting and research at Central Washington University in Ellensburg, Washington. He's also on the ACFE Advisory Council and the ACFE Editorial Advisory Committee. His email address is: doctorh007@gmail.com.