Identity thieves steal PII with fake Google Authenticator ads, WhatsApp job scams and phony airline customer service reps

Molly Anderson was stranded at the airport after her flight was canceled. As she vented her frustration about the situation on Facebook, a message popped up from an airline customer service representative. The customer service rep told Molly that they could help her cut through lines and get on a new flight as soon as possible, but they’d need her account number and bank information. Exhausted from her long day at the airport, Molly eagerly provided her personal information to the customer service representative. But she didn’t board a new flight. That helpful customer service rep was actually a scammer who used Molly’s misfortune to steal her personal information.

This story is fictitious, but it represents a recent scam targeting beleaguered airline travelers for their personally identifiable information (PII). While the airline industry is having a banner year — the U.S. Department of Transportation reports record-breaking levels of air travel in 2024 — inclement weather and other unforeseen events still ground flights, and many travelers are often left stranded at airports waiting to be rerouted. While they wait, discouraged travelers might take to social media to air their grievances. And fraudsters look for those posts from frustrated travelers to seize the opportunity to steal PII. Scammers reply to travelers through fake social media accounts, impersonating proactive airline customer service representatives, swooping in to offer help. The scammers then ask travelers for personal information, including their booking confirmation number, telephone number or bank account number. They may also direct travelers to spoofed sites that steal their PII and rack up fraudulent charges on their accounts. (See “Scammers impersonate airline customer service representatives,” by Alvaro Puig, FTC, July 25, 2024 and “Summer Travel 2024: Record Air Travel, Fewer Cancellations, Better Airports, More Passenger Protections,” U.S. Department of Transportation, July 2, 2024.)

The Federal Trade Commission (FTC) recommends taking the following actions when you’re dealing with the hassles of travel to avoid the unneeded stress of falling victim to an airline impersonator scam:

• Log in to your airline account and contact customer service directly through the airline’s official app, website, chat or phone number.
• If you’re at the airport, speak to a customer service representative in person.
• If you reach out through social media, find the airline’s official social media page on its website. Look for a verification symbol or badge. And never give out your personal information on social media.

You can report imposters to the FTC at ReportFraud.ftc.gov. Visit FlightRights.gov to learn about the airline passenger protections to which you’re entitled or to file a complaint with the U.S. Department of Transportation if you believe an airline isn’t treating you fairly.

WhatsApp job scam

Job scams have increased over the last year largely because artificial intelligence (AI) has allowed identity thieves to create high volumes of legitimate-looking job listings on social media and craft convincing offers via messaging apps. (See “Online job scams continue to rise, with AI playing a larger role,” by Carolyn Crist, HR Dive, Sept. 13, 2024 and “Job scams surged 118% in 2023, aided by AI. Here’s how to stop them,” by Greg Iacurci, CNBC, July 7, 2024.) In August, the FTC posted an alert about one of those new job scams. In this latest scheme, fraudsters use instant messaging service WhatsApp to pose as mystery companies offering remote jobs that pay up to $600 a day. In the fake job offer, the scammer says the new hire only has to meet an age requirement, then they make the bid for PII by asking for the prospective victim’s Social Security number. If the job seeker complies with the fake company’s request, they end up sending their identity to a fraudster.  (See “Don’t send your Social Security number to an ‘employer’ on WhatsApp. It’s a scam,” by Andrew Rayo, FTC, Aug. 15, 2024.)

The FTC offers the following advice if you receive an unexpected instant message masquerading as a job offer:

• Don’t respond to unexpected text messages. Ignore an unsolicited job offer text message. It’s best to communicate with hiring companies directly using websites or phone numbers you know to be real. Disregard the information contained in the text message.
• Do your research. Scammers won’t provide much information about the nature of the job. Look online for the name of the company using search terms like “review,” “scam” or “complaint” to learn more about the company and whether the offer is legit. Don’t pursue the opportunity if you can’t find information about the company online.
• Block unwanted texts. Fraudsters design their scam messages to capture your attention. Avoid getting caught off guard by a scammer by using your phone’s settings or a call-blocking app to intercept unwanted text messages. (See “How to Recognize and Report Spam Text Messages,” FTC.)

You can report text job scams at ReportFraud.ftc.gov and forward messages to 7726 (SPAM) or use your phone’s “Report Junk” option to delete and report them. If you’ve given personal or financial information for a job that turned out to be a scam, you can go to IdentityTheft.gov to report it and get a recovery plan. (See “Job Scams,” FTC.)

Fake Google Authenticator ads

According to an SC Media article published in August, fraudsters are setting up fake ads for the popular Google Authenticator multifactor-authentication app as a ruse to get people to download malware from a GitHub site. Unsuspecting users click on what they think is a link to a tool that’ll enhance the security of their devices only to find they’ve downloaded malware instead. (See “Fake Google Authenticator ads lure users to download malware on GitHub,” by Steve Zurier, SC Media, Aug. 1, 2024.)

Fraudsters are perceptive to use trusted tools like Google Authenticator as props for their schemes. By doing so, they lull people into thinking the ad is safe and compromise their instinct to question its legitimacy.

Fraudsters are perceptive to use trusted tools like Google Authenticator as props for their schemes. By doing so, they lull people into thinking the ad is safe and compromise their instinct to question its legitimacy. The Google Authenticator scam is analogous to fraudsters who masquerade as government agencies to get victims’ PII. (See “Toll-charge scam, five AI threats, CISA impersonation and reducing spam messages,” by Robert E. Holtfreter, Ph.D., CFE, Fraud Magazine, September/October 2024.) Malware that intrudes on a victim’s network is especially dangerous because it gives fraudsters easy access to a victim’s bank account and payment card information.

As noted in the article, GitHub is a trusted hosting platform for developers to store files. But anyone, including fraudsters, can open an account with GitHub and upload their files, whether genuine or not. (See “Fake Google Authenticator ads lure users to download malware on GitHub.”)

According to the SC Media article, AI has made it especially easy for fraudsters to create complex and convincing malware ads that avoid detection. Individuals are advised to install apps directly from official sites to minimize the danger posed by clicking on a fake ad. The evolving security landscape also increases the pressure on organizations to continually update their AI training programs and keep their employees aware of fake malware ads. It’s extremely important that companies employ ongoing audits to determine whether employees are complying with security policies.

I’m here to help.

Please use this information in your outreach programs and among your family members, friends and co-workers.

As part of my outreach program, please contact me if you have any questions on identity theft or cyber-related issues that you need help with or if you’d like me to research a scam and possibly include details in future columns or as feature articles.

I don’t have all the answers, but I’ll do my best to help. I might not get back to you immediately, but I’ll reply. Stay tuned!

Robert E. Holtfreter, Ph.D., CFE, is a distinguished professor of accounting and research at Central Washington University. He serves on the ACFE Advisory Council, the ACFE Editorial Advisory Committee and the ACFE’s inaugural CFE Exam Content Development Committee. In 2005 he received the ACFE’s Outstanding Achievement in Accounting award and the ACFE’s Educator of the Year award in 2006. Holtfreter was the recipient of the Hubbard Award for the best Fraud Magazine feature article in 2016. Contact him at doctorh007@gmail.com.