Be alert for overpay wire-transfer scam and COVID-19 small-business loan frauds

Fraudsters, disguised as potential customers, are sending phishing emails to businesses to foist on them a con game. And scammers are claiming to be approved lenders under the U.S. SBA Paycheck Protection Program, which is part of the Coronavirus Aid, Relief, and Economic Security Act.

Readers beware! This version  of a wire-transfer scam (and there are several others), the check-overpayment fraud, often begins when a fraudster overpays a business for contracted work via a check or fake credit card and then asks the victim to wire the difference back to the fraudster’s or an accomplice’s bank account.

The U.S. Federal Trade Commission (FTC) is warning consumers of this dangerous swindle, which is the fifth-most common telemarketing fraud and the fourth-most common internet scam ever reported. (See FTC Warns of ‘Check Overpayment’ Scam, by Robert Longley, ThoughtCo., May 11, 2017.)

In this scam, the person you’re doing business with “sends you a check for more than the amount they owe you, and then instructs you to wire the balance back to them,” Longley writes. “Or, they send a check and tell you to deposit it, keep part of the amount for your own compensation, and then wire the rest back for one reason or another. The results are the same: the check eventually bounces, and you’re stuck, responsible for the full amount, including what you wired to the scammer.”

Example of overpay wire-transfer scam

I first learned about this scam through a friend who’s the vice president of client services for a prominent advertising firm that also designs websites. She (we’ll call her Susan Smith) called me to see if she’d handled it correctly. The fraudster first sent this email to the firm:

========== From: Fraudster ==========
Date: Tue, Mar 24, 2020 at 7:49 AM
Subject: New submission from Contact
To: Potential victim company
Name: Fraudster 
Email: xxxxxxxxxxxxx
Subject: web design

I need a website for my business. Are you available to handle that for me?

===================================

On April 1 at 3:49 p.m., Susan replied:

Hello,

We received your message regarding web design, and we are happy to help. Please let me know the name of your business, industry, and timeframe for this work.

Thank you,
Susan Smith
Vice President of Client Services

On April 2, at 8:53 a.m. the fraudster replied:

Hello Ms. Smith.

I hope my mail finds you and your family in good health,
I am not feeling too well so i’m taking things slowly. I am glad to read back from you. I have a small scale business which i intend to turn into large scale, It is located in Anchorage, AK and it is based on importing and exporting of Agriculture  products such as Hazel nut, Gacillia Nut, Almond  Nut, Cashew nut and Pistachio so I need a good layout design for it. Can you handle that for me?  So i need you to check out this site but i need something similar if possible the site would only be informational, so i need you to give me an estimate based on the site i gave you to check out, the estimate should include hosting but we do not want more than 15-20 pages for the site as we want it to only be informational and a Contact Us page. I have a project consultant that is working  the text content and logos for the site.

Note:
I do not want Videos and blogs for the site
I want only English language
I don’t have a domain yet but i want the domain name as xxxxxxxxxxx
You will be updating the site for me.
I want the site up and running before this year runs out
My budget is $10,000 to $20,000

Kindly get back to me with an estimate.

Thank you

===================================

At this point, Susan became suspicious because, based on her research, a market for the email sender’s supposed agriculture products didn’t exist in his area.

On April 2 at 10:42 a.m. Susan replied:

Hello (is your first name George)?

Thank you for your quick reply. I’m so sorry you are not feeling well but I am glad you are taking it easy during this time. I will send you an estimate for this work by tomorrow.

Thanks, and take care,

Susan Smith
Vice President of Client Services

On April 2, at 10:24 p.m. the fraudster replied:

Hello Ms. Smith,

Thanks for your concerns about my health and yes my name is George.

I will be waiting to hear from you.

===================================

On April 3 at 3:43 p.m., Susan replied with information about the quote for the web design work:

Hi George,

Please see attached for two documents: one outlines the scope of work/deliverables and the other is a cost estimate for this work. Please let me know if you have any questions or would like to discuss this on the phone.

Thanks, and happy Friday,

Susan Smith
Vice President of Client Services

On April 3 at 4:30 p.m. George, the fraudster, wrote:

Thanks for making sure my project is successful, I am okay with the stimate and thank you so much for staying within my budget, i really appreciate that. I will pay an upfront of $8800 using my credit card so work can commence. I understand the content for the site would be needed for the job to commence. I would need you to do me a little favor because the consultant that would provide the logo and contents does not have facilities to charge payments for now and i am presently receiving my illness treatment at the moment and the doctors say i would go through surgical process soon. I want you to charge $24,300 on my card then you take $8800 as deposit payment for my web design plus $500 as gratitude tip to cover charges and the excess of $15,000 you would send across to the project consultant via bank deposit to enable the consultant to release the text content and logos to me and i will forward it to you. Let me know how many percent surcharge it is for credit card processing and the processing platform you use.

Thank you

===================================

Susan became even more suspicious because the charge to the fraudster’s credit card exceeded the quote for the web design, and it included an unusual request for a wire payment to the project consultant’s bank account. Also, she checked out the fraudster’s IP address and found that it came from Wichita, Kansas, not Anchorage, Alaska.

On April 3 at 4:45 p.m., Susan replied:

Hi George,

We are unable to proceed with this kind of financial arrangement, unfortunately. If something should change, please let me know.

Susan Smith
Vice President of Client Services

The fraudster then re-sent the original email when he first contacted Susan in March. Susan abandoned the project before the exchange of any money. Good thing. No doubt, the fraudster is actively promoting this scam to other organizations.

Paycheck protection program and economic injury disaster loan scams

On April 28, the U.S. Federal Trade Commission (FTC) warned small-business owners about scams involving funding from the U.S. Small Business Administration’s (SBA) programs in response to the COVID-19 fallout. (See New funding for Coronavirus SBA loans attracts scammers, by Rosario Méndez, Federal Trade Commission, April 28.)

The alert is especially important for small-business owners thinking of applying for the loan programs in the future.

According to the FTC, fraudsters are setting up phishing emails and fake websites to steal struggling small business owners’ personally identifiable information (PII), such as Social Security numbers and bank information.

On April 17, the FTC charged a Rhode Island company, Ponte Investments LLC, and its owner, with falsely claiming to be an approved lender under the SBA Paycheck Protection Program (PPP), which is part of the Coronavirus Aid, Relief, and Economic Security Act.

According to the FTC’s complaint, the defendants directly called small businesses, claimed to be representing the SBA, and solicited loan applications and victims’ PII on behalf of the businesses’ banks. Ponte Investments also said on its website that it was a direct lender for PPP.

In its filing, the FTC asked the court to order the defendants to immediately stop representing themselves as associated with a federal agency or an authorized SBA lender. As of press time, the case is pending.

If you’re a business owner, go to sba.gov/coronavirus to find information about PPP loans. Click on “Coronavirus Funding Options” to learn more about available SBA loan and debt relief options.

Here are a few tips:

• If you get an email that looks like it’s from the SBA or your bank, don’t click on any links. Go directly to the organization’s website for information.
• The government won’t ask you to pay up front, and it won’t call to ask for your Social Security, bank account or credit card number.
• Be cautious about companies that offer to expedite or facilitate your ability to get PPP loans. If you’re considering using an online provider or lender, stick with those you already know and trust. Be wary of unfamiliar companies that call or send you emails out of the blue.

In another recent alert, the FTC provided some helpful information for those who’ve had their economic stimulus checks stolen or are still waiting to receive them. (See Did an ID thief steal your stimulus payment? Report it to us, by Seena Gressin, FTC, May 4.)

Gressin recommends that you should report a theft of your stimulus payment check plus contact the FTC to complete an Identity Theft Affidavit (IRS Form 14039) and obtain a personal recovery plan. For small-business owners and others who already received or are waiting for their stimulus payments, she offers this advice:

• The IRS won’t call, text, email or contact you on social media asking for PII or bank-account information — even related to the stimulus payments.
• Watch out for emails and texts with attachments or links that claim to have special information about payments. They’re probably phishing for your PII or might download malware to your computer, tablet or phone. Visit consumer.FTC.gov for more information.

Contact me

Include these scams and important information to protect your online identity in your outreach programs and with your family, friends and business associates.

As part of my outreach program, please contact me if you have any questions on identity theft or cyber-related issues that you need help on or you’d like me to research and possibly include in future columns or as feature articles. I don’t have all the answers, but I’ll do my best to help. I might not get back to you immediately, but I’ll reply. Stay tuned!

Robert E. Holtfreter, Ph.D., CFE, is a professor of accounting and research at a university in the U.S. Northwest. He’s a member of the Accounting Council for the Gerson Lehrman Group, a research consulting organization and is a member of the White Collar Crime Research Consortium Advisory Council. He’s also on the ACFE’s Advisory Council and the Editorial Advisory Committee. Holtfreter was the recipient of the Hubbard Award for the best Fraud Magazine feature article in 2016. Contact him at doctorh007@gmail.com.