Frauds and Scams

One of the most requested workshop we get from senior groups is on Frauds and Scams. We talk about the top ten scams in Canada. The top ten scams in Canada in 2017 were:

1.          Romance scam ($17 million lost)

2.          Wire Fraud — "Spearphishing:'' $13 million lost

3.          Identity fraud ($11 million lost)

4.          Online purchase scams ($8.6 million lost)

5.          Binary options scam ($7.5 million lost)

6.          Employment scam ($5.1 million lost)

7.          Canada revenue agency ($4.3 million lost)

8.          Fake lottery/contest winnings ($3 million lost)

9.          Advance fee loans ($1.1 million lost)

10.    Fake online endorsement and sponsored content

I thought it might be interesting to see what scams are being used by crooks in the United States that will soon come to Canada. So, over the next two posts, I will highlight some of the scams and frauds making the rounds in the US. The information about the scams in the US is from Senior Planet.

Scams are repeated because they work. The ones that work are often driven by financial life moments such as taxes, holiday shopping, and utility scams. Identity thieves and scammers often try new twists on old scams that worked in the past. So far this year, a number of different and new scams have made the news, listed here in alphabetical order, not by ranking.

Airbnb Scam

This scam involving users of the popular AirBnB site that lets travelers rent an apartment or house. The scam starts with an impostor home or apartment owner directing the renter towards a fraudulent or “spoof” website to finalize payment for the rental. Those fake sites result in lost money and no place to stay because the rental property being discussed is usually not even available. In fact, the real owners are most likely unaware that their property is being spoofed by scammers.

“Can You Hear Me” and “Yes” Calls

This scam happens when you answer the phone and the person on the other line asks: “Can you hear me?” and you respond, “Yes.” Your voice is being recorded to obtain a voice signature for scammers authorize fraudulent charges over the phone. You can visit the FCC website to block any unwanted calls. The BBB Scam Tracker received more than 10,000 reports on the ‘Can you hear me?’ scam, but none of the reports resulted in an actual loss of money.

Car Scams

The FBI shared information on a growing scam where crooks are targeting those looking to buy cars and other vehicles online. The FBI has received 26,967 complaints with losses totaling $54,032,396 since tracking this issue from May 2014 through December 2017. This car scam starts with a criminal posting an online advertisement with a low price to get the attention of a buyer, including photos of the vehicle and contact information. When a buyer reaches out, the “seller” sends more photos and what appears as a logical reason why the price is discounted and indicates a need to sell.

The criminal then instructs you to purchase prepaid gift cards in the amount of the sale and share the prepaid codes. You’re usually told you’ll receive the vehicle in a couple days. Then you don’t hear back from them again you’re left without your money and still in need of a car.

Friend in need; maybe not

Fraud is a crime, and many seniors fall for this scam. I was in Pemberton BC, giving a workshop on Scams and Frauds and at the end one of the participants approached me and told me she had received an email from a friend who appeared to be in trouble. She was concerned because of the message she had been sent. She shared the email with me.

 Am so sorry that i didn’t inform you about my trip. I’m writing this with tears in my eyes. I came down here to Odessa Ukraine for a short vacation unfortunately i was mugged at the park of the hotel where i stayed. all cash, credit card and cell were stolen off me but luckily for me i still have my passports with me.

I ‘ve been to the embassy and the Police here but they’re not helping issues at all and my flight leaves in less than hours from now but having problems settling the hotel bills. the hotel manager won’t let us leave until i settle the bills, I’m freaked out at the moment.

I advised her not to respond and later I found out that this was an email scam, so I did some research and thanks to the good folks at AVG here is some information about this type of fraud.

Using various communications channels to finagle money or information from someone has a long and varied history. Many of the scams rely on the promise of easy returns. The Nigerian Prince is a case in point. 

The scam is similar to the 19^th Century Spanish Prisoner scenario, but has usually relied mainly on mail, faxes, and email as part of a multistage setup that targets people with enough money to supposedly help smuggle millions of dollars out of an African country, often Nigeria (hence the name). Those that take the bait and pay the (fake) transfer fees are promised exponential returns on their investments that never emerge. 

There are scores of variations on the scam. For instance, a long-lost relative leaves a person a pile of money; to get the inheritance, the person needs to pay all the legal fees. But in general, most of these scams rely on greed to hook interest.

By contrast, “stranded friend” phishing attacks take advantage of a reader’s good will. We all want to help people we know and like. I certainly do. In this case, the con men had used malware (probably a Trojan) to hack her friend’s email account and access her contacts. 

The message was addressed to around two dozen people. It’s unclear whether the hackers created their shortlist of targets using the communications history between my friend and her contacts or their geographic locations, but it seems likely given that other scams employ similar tactics. For example, hacked mailing lists from charitable organizations allow bad guys to set up fake charities and target the people most likely to donate based on past activity.

Email is cheap and easy. By stealing or buying stolen databases, scammers can obtain access to hundreds of thousands of addresses. With a bit of segmentation, they put the odds in their favor that someone will bite on their hooks.

Criminals have access to the same analytics as governments and major corporations. They’ve also been practicing their trade for decades (sometimes centuries), so have tremendous insight into how best to influence even the strongest of minds. To stay sharp, there are several things you can do:

1.  Know what phishing is. Awareness is a huge step towards prevention. Knowing that the scammers are out there and masquerading as trusted contacts goes a long way to spotting them.

2.  Know what they’re after. Any email requests (or social media for that matter) asking for money should be immediately suspect. So too requests asking for personal data or account names and passwords.

3.  Watch for the signs. In addition to requests for money or hints that money may be needed, watch for poor spelling, bad grammar, and other oddities of speech. Check the email address itself – it may look like the supposed sender’s, but check for missing characters or additional characters added in. Pretty much all banks and most government and commercial organizations never ask for personal information, login information, or money via email; so if this information is part of the request, be very suspicious.

4.  Never click, copy, paste, or forward. For any email even remotely suspicious, do not click on anything, do not copy text and paste it into another email or document, and do not forward. To document the email (for alerting your friend or a company), the best approach is to take a screen shot.

5.  Don’t reply Your reply tells the conmen that you pay attention to and open such emails. The bad guys will note this, and quite possibly save your email for another, more tempting scam later on.

The steps above may not be foolproof. But they can help ensure the adoption of a security mindset.

Finally, remember the fraudster is well trained and without a conscious. The most common form of getting to you is through Phishing. Which is convenient, in a way, as there are some practical steps you can take to avoid getting scammed. 

Probably the most important is to maintain an online “stranger danger” mindset. If an email looks even the slightest bit suspicious, don’t open it. If it’s from someone you don’t know, don’t open it. If it says you’ve won the lottery, are being watched by some security agency, asks about an order (you did not make), or promises rewards in some other way, don’t open it. (Similar phishing attacks also appear on Facebook.)

For emails you’ve opened, if they include links or attachments you weren’t expecting or didn’t ask for, don’t click or download. If you feel that you must do either, reply to the sender (if you know them), and ask if they did indeed send you something. If you do not know the sender – delete the email.