Tech support and BEC scams explode

Erik Franklin seemed to have more problems using his electronic devices than most and bugged his friends for help when issues came up. One day when he couldn't connect to the web, he received a call from someone claiming to be an employee of an internet company. The person said his company had received a notice that Erik had a problem with his internet connection and offered to resolve the problem if Erik would provide the caller with remote control of his computer. Perfect timing for a scam! Erik agreed, and the fraudster told him his computer was plagued with numerous viruses and malware, but the fraudster said he could fix the problem for a fee. Erik paid the charge with his credit card but, of course, the caller didn't restore the internet connection. And now the fraudster had his credit card information.

Technical support scam

Erik was a victim of the longtime technical support scam that fraudsters have reinvigorated with new methods, variations and trends. According to the FBI's Internet Crime Complaint Center (IC3), in most cases the fraudsters claim to work for cable or internet companies and offer to resolve technical problems with victims' routers, modems, digital cable boxes or connections to the internet. The IC3 says that fraudsters also claim "to work on behalf of government agencies to resolve computer viruses and threats from possible foreign countries or terrorist organizations." The IC3 received 3,668 complaints with adjusted losses of $2,268,982 from January 1 through April 30.

• Fraudsters — who normally initially contact victims via cold phone calls — claim that the victims' electronic devices with internet capabilities are sending error messages, and they've detected numerous viruses. (Victims report the subjects have strong foreign accents.)
• Some victims receive on-screen pop-up messages that claim viruses are attacking devices. The messages include phone numbers to receive assistance.
• Others report receiving frozen, locked screens — the dreaded "blue screen of death" (BSOD) — with accompanying phone numbers and instructions to contact a (phony) tech support company. Some victims, who are often accessing social media and financial websites, report they were redirected to alternate websites before the BSOD occurs.
• Pop-up messages and locked screens are sometimes accompanied by recorded, verbal messages to contact phone numbers for assistance.

When fraudsters target mobile devices, they instruct the victims to provide remote access to the devices and then connect it to computers. The fraudsters then tell the victims that they can remove viruses, malware and/or scareware by paying fees via debit, credit, or prepaid cards, electric and personal checks, or wire transfers.

In a newer version of this scam, a fraudster steals thousands of dollars from a victim by telling them that a tech support company has closed and offers a refund for previous support. To give the appearance that the refund was processed, the fraudster convinces the victim to grant him access to his device and log into his online bank or retirement account. The fraudster then transfers money from the victim's account to another to give the appearance that actual refunds were deposited. Then the fraudster tells the victim that too much money was transferred and asks the victim to wire the difference back to the subject's company. The victim checks their balances and discovers the fake refund was never transferred to their account.

When the victim grants access to their device, the fraudster can:

• Take control of the victim's device and/or bank account and won't release control until the victim pays a ransom.
• Access computer files that might contain financial accounts, passwords and personally identifying information (PII), such as health records and Social Security numbers.
• Intentionally install viruses on the device.
• Threaten to destroy the victim's computer or continue to harass the victim.

To mitigate against these threats:

• Cease all communication with those who wish to create a sense of urgency that produces fear and lure you into immediate action.
• Don't give unknown, unverified persons remote access to devices or accounts. Legitimate software or security companies won't directly contact individuals.
• Ensure all computer anti-virus, security and malware protection is up to date. Some victims report their anti-virus software provided warnings prior to the attempt. (Too bad they didn't heed the warnings.)
• If you receive a pop-up or locked screen, shut down the device immediately to remove them.
• If a fraudster gains access to a device or an account, take precautions to protect your identity. Immediately contact your financial institutions to protect and monitor your accounts.

If you think you're a victim, file a complaint with the IC3 at ic3.gov. If you can, report the possible fraudster's name, company, telephone numbers, email addresses, websites, account names and numbers, financial institutions and interactions. Retain all documentation including logs, faxes and emails.

Business email compromise: $3.1 billion scam

According to the IC3, the business email compromise (BEC) scam "continues to grow, evolve, and target businesses of all sizes" with victims in 50 states and 100 countries. Fraudulent transfers have been sent to 79 countries with most going to banks in China and Hong Kong. Since January 2015, losses have increased by 1,300 percent.

Multiple sources have reported these statistics to the IC3, which included complaints from victims and those filed with international law enforcement agencies and financial institutions:

Victims reported these BEC stats in their complaints from October 2013 through May 2016:

Scam's methodology

This scam affects every business industry sector and companies of all sizes that deal in multiple types of services and goods. Fraudsters typically employ social engineering procedures, including spear-phishing techniques, to identify those who process wire transfer payments and study their protocols. Targeted individuals download malware when they click on links in spear-phishing emails, which gives fraudsters complete access to the company's PII, including passwords and financial account information.

According to the IC3, rental, employment, lottery and romance frauds are linked to the BEC scam. The IC3 says victims usually live in the U.S. Fraudsters, who often recruited them as unwitting money mules, send the fraudulent funds to the victims' personal accounts and then direct them to quickly transfer them to another bank account — usually outside the U.S. Fraudsters might then direct mules to open bank accounts or shell corporations.

BEC scenarios

In the November/December 2015 issue of Fraud Magazine I reported on the sophisticated email account compromise (EAC) scam, which is directed to individuals in the general public who are doing business with professional business firms, including financial and lending institutions, real estate companies and law firms.

I first reported on four scenarios of the BEC scam in the January/February issue and provided ways that companies could prevent themselves from being victimized. Although related, BEC differs from the EAC scam in that it directly targets businesses rather than individuals in the general public.

A new version of BEC — "data theft" — emerged prior to the 2016 tax season, according to the IC3. Fraudsters send spear-phishing emails to those in the human resources, auditing or bookkeeping departments to request employees' Form W-2s (Wage and Tax Statement) or a company PII list. Sometimes this scenario involves the request for a transfer of funds.

More help for the community

I hope you'll share this information with your family, friends and clients and include it in your outreach programs. We must step up our efforts to educate the public on how to safeguard their resources and reduce identity theft.

An educated community will help curb the damage. Please contact me if you have any identity theft issues you'd like me to research and possibly include in future columns or if you have any questions related to this column or any other cybersecurity and identity theft questions. I don't have all the answers, but I'll do my best. Stay tuned!

Robert E. Holtfreter, Ph.D., CFE, CICA, CBA, is distinguished professor of accounting and research at Central Washington University in Ellensburg, Washington. He's also on the ACFE's Advisory Council and the Editorial Advisory Committee. His email address is: doctorh007@gmail.com.