Better Business Bureau Releases First Annual Fraud Report

 

BBB Releases First Annual Report for Fraud Complaints Made to Scam Tracker

 

As I’ve reported before, the Better Business Bureau has a relatively new program to capture complaints about fraud.  Those who file a complaint about a fraud with the BBB can also agree to talk to the news media and to share the complaint with law enforcement.  Scam Tracker complaints can be filed online here or by calling most local Bureaus. The Scam Tracker also has a useful feature that can graphically display all the fraud complaints filed by people in your area.  This really helps demonstrate just how widespread fraud really is.  Click here to see a map of your area or neighborhood and what frauds are being reported.

The BBB has just released a first ever report detailing the fraud complaints it received in 2016.  It includes some great features.  First, it breaks the frauds down into understandable categories and explains very nicely what is included. Second, it attempts to determine what age and sex is most often ripped off by each fraud.  It found that those 18-24 were overall most likely to be fraud victim, and those over 65 were the least likely to report a fraud.  However, the median actual dollar loss was highest for the over 65 group.  Third, they found that women were twice as likely to report a fraud as were men.  (But not that men are exposed to fraud less often).

The BBB calculated that the three most risky frauds for those over 65 were:

  1. Family/friend emergency (grandparent scams);
  2. Sweepstakes/Lottery Prizes (Jamaican lottery frauds); and
  3. Travel/Vacations (bogus ads to rent properties and timeshare resale fraud)

The most interesting innovation in the BBB report, though, is its effort to apply a “risk index” to complaints.  As we all know, of the billions of robocalls that are made only a small fraction of those receiving the calls are actually defrauded.  (Of course enough do get defrauded that the calls make money for the frauds).  In addition, many people file complaints about robocalls or other fraud attempts even when they do not actually lose money (such complaints are still valuable to law enforcement because they can help show patterns).

The BBB has attempted to calculate three factors to determine the riskiest frauds.

  1. Exposure (how likely are you to be exposed to the con?)
  2. Susceptibility (if you are exposed, how likely are you to lose money? And
  3. Monetary Loss (if you lose money, how much is it likely to be?

Using that formula the Report concludes that the ten riskiest frauds are:

  1. Home Improvement Scams (the fraudsters actually appear at your door and ask to do work)
  2. Fake Checks and Money Orders (See the Baker Fraud Report explaining these)
  3. Employment Scams (These often include fake checks)
  4. Online Purchase Scams (goods ordered from a web site that are never delivered, or that again involve a fake check in an overpayment fraud); and
  5. Advance Fee Loan Frauds (you apply for a loan online or by phone, are asked to pay fees for things such as insurance but there is no loan every made).
  6. Investment frauds
  7. Romance Scams (see Baker Fraud Report for more).
  8. Tech Support Frauds (see Report on these here)
  9. Family/Friend Emergencies (Grandparent frauds), and
  10. Sweepstakes/Lottery/Prizes (see Report on Jamaican Lottery Frauds)

FTC settles with Mule that collected money from victims of IRS impersonators

The FTC announced this settlement with Joel Treuhalf and his company on February 15.  The FTC alleges that the defendant hired “runners” in Florida to pick up the money victims sent after being defrauded by IRS impersonators.  The runners went to Western Union and MoneyGram outlets to collect the money, kept 7% for themselves, and then deposited the rest into several different bank accounts.  The deposited money then made its way to India.  The FTC alleges that “In less than eight months, from July 2015 to February 2016, Defendants collected more than $1.5 million from approximately 3,000 consumers throughout the United States.”  Click here to read more about money mules.

Can You Here me Fraud — Is this for real?

Can you hear me frauds: No evidence that this is actually happening

Over the last several weeks there have been many news reports asserting that there is a new fraud underway in which a person receives a phone call that asks “Can you hear me.”  When the person answering the phone says “Yes” the call ends.  This is then supposedly used to sign people up for things they don’t want and didn’t intend to buy.

But is this true? Is this happening?  Snopes.com has reported that they have been unable to verify that this is actually happening.  I have also talked to the Canadian Antifraud Centre, which handles mass marketing fraud complaints from all Canadian (and even American) consumers, and they tell me that they have seen absolutely no evidence that this is a real fraud tactic.

Do scam tape record victims?  Absolutely.  Telemarketing frauds, especially those that take payment by credit cards, routinely tape record a “verification” after they make a deceptive sale.  They use these recordings to challenge those who later realize that they have been defrauded and challenge the transaction with their credit card company.  Of course these verifications recordings do not include the deceptive claims.  The FTC has also seen companies that claim they have such recordings even when they do not.  Other frauds even doctor these tapes to make it appear that victims agreed to the charges when they really did not.   This tactic may stave off complaints by individual challenges, but I have never seen this work as a defense in an FTC consumer fraud case.

Stop Robocalls for FREE – if your phone service works over the Internet

If there is one thing everyone hates it is prerecorded “robocalls.” Though the Federal Trade Commission has the Do Not Call list, and has brought over a hundred cases closing down robocall operations, these continue to be a problem. I got one ten minutes ago. The FTC recently reported that complaints about robocalls went up 50% in 2016, so we are nowhere near an end to these.

A company called Nomorobo offers a free service to block robocalls, even many by politicians, while still allowing calls about prescription refills and the like. But it does not work with the traditional land line phones most of us grew up with. But many of us now get our phone service through the internet, often packaged with our TV cable system. (Apparently it does not work with Magic Jack).

To get this just go to Nomorobo.com. This company won the FTC award for the best technology to fight robocalls. They do this by compiling a list of known robocalls and not permitting those to ring through to your phone.

But what about calls to my mobile phone?

Nomorobo also offers a service for cell phones, though you have to pay for it. They also offer a paid service that will also block calls on one smartphone for $1.99 per month. In addition, there are a variety of apps, some free, designed to help. This article by a cell phone industry group lists some of these apps.

What about my old home landline?
Sorry, I’m not aware of any effective way to cheaply end calls to landlines, though the Federal Communications Commission has announced that it is working with the phone companies to find a way to end the scourge of robocalls.

TOP TEN FRAUDS FOR 2016 — NCL

The National Consumers League has just released data on the top 10 complaints they received in 2016. You can find it here. A few points to mention about their data, and some useful tips.

• #1 overall was things ordered over the internet that were paid for but never received. This includes used cars, counterfeit designer or sports goods, event tickets, and pets.

• #2 was sweepstakes and lottery fraud, such as Jamaican lottery fraud.

• #3 was fraud involving fake checks. These were up by 1/3 from 2015.

• #4 was demands for money that you really don’t really owe, such as IRS impersonators.

• # 5 was tech support fraud, wanting money to fix supposed problems with your computer.

• Average losses for these fraud complaints doubled from the year before, with the biggest losses coming from romance scams.

• The age range with the most complains were victims 26-35 years old

Helpful tips:

• Before paying money to any business check them out with the Better Business Bureau. The BBB has reports on essentially ALL real businesses, not just members. It is easy to check in advance. Go to BBB.org.

• Especially if you are buying on line never pay any way other than by credit card. If you use a credit card you may be able to get your money back if it is a fraud. Anyone who will not take a credit card is very likely a fraud.

• Never pay for anything by buying gift cards.

The National Consumers League takes consumer complaints on line and shares them with law enforcement in the US and Canada. They also download these complaints into the FTC’s Consumer Sentinel Database. Many of these are internet-based complaints, often from around the world. You can file a complaint with them here.

Operation Avalanche takes out International Computer System Used by Frauds

We all get dodgy spam emails, some of which initially appear to be legitimate bills or notices from companies we deal with. But many of these are actually “phishing scams” that have attachments which, when opened, install secret programs on our computers. Some news reports, in fact, suggest that the hack of John Podesta’s emails at the Democratic National Committee were the result of such an attack.

But if our emails are not dumped onto wikileaks, what exactly happens if we open a bad attachment? In December the Justice Department, working with Europol and 40 other countries, announced “Operation Avalanche” against a massive worldwide operation that had been providing very sophisticated computer support to hide the activities of the crooks since at least 2010.

What were the frauds?
This seems to involved both ransomware and stealing money from victim’s online bank account.

Ransomware
This fraud appears to be exploding in size, and is expected to account for a billion dollars in losses in 2016. In addition to defrauding businesses, it also is now being seen on people’s personal computers and cell phones. It is relatively simple. A victim opens an email attachment from a phishing email, which then encrypts all the data on the computer or phone. The victim gets an email telling them they can only get their data back if they send money through bitcoin to the fraudsters. It is essentially impossible to learn who received the money.

Stealing money from bank accounts
This was the other fraud that was involved here. After victims opened the attachment, spyware on their computer would monitor keystrokes on their computer and thus get the login information for victims’ online bank accounts. The frauds would then wire money from the victims account to a money mule, someone working with the fraudsters. The Mules would then buy goods, presumably computers and other electronics, and ship them to the fraudsters. (for more on how mules operate see this article on Baker Fraud Report.

What were the effects of this fraud?
Hundreds of millions of dollars were lost through the fraud using the Avalanche network. Tens of millions of computers were infected. This network was using at least 500,000 infected computers every day. The cybercriminals use the computers they have infected as networks, known as “botnets.” Thus if your computer is running slow it may be part of a botnet, sending email and other information when you don’t even know it. This enterprise sent at least one million phishing emails out every week.

So what did Operation Avalanche Accomplish?
This enterprise was involved in sending out more than two dozen of world’s most pernicious families of malware. Five people were arrested, 37 locations were searched, and 39 servers were seized. Another 221 servers were taken off line. In addition, law enforcement crippled the connection between individual computers and this fraud network. Thus for likely millions of people, the spyware is still on their computers, but communications now go back to law enforcement instead of the fraudsters.

DOJ press release
Europol press release

FTC shuts down Craigslist rental fraud

FTC shuts down large Craigslist rental fraud

Many people looking for a house to rent or buy go to Craigslist. Craigslist provides a great free service – but the crooks are using the site as well to rip people off. The FTC has just shut down Credit Bureau Center. This company advertised attractive rentals by posting pictures of great places at good prices. Addresses were not provided in the ad. Those interested in renting could only contact the company by email. The company responded by email, telling victims that in order to see the property they had to go to a website, get a “free” credit report, and bring it along to the walkthrough.

But those who obtained the credit report were not told that by putting in their credit card number and other personal information, such as a social security number, they were really signing up with a credit monitoring service – and would be charged $29.95 every month until they could make the charges stop. The FTC says that this company billed victims for more than $6 million.

There was no walkthrough. The rental properties either did not exist or the Defendants had no right to rent them. The fraud was all about conning people into providing their credit card numbers.

The FTC’s court brief said between it and the BBB there were over 500 consumer complaints.

This is not the only case involving fake houses offered for sale on craigslist. Last fall there were news reports of a search warrant being served in Santa Barbara, CA.

A study was released a year or so ago doing an in depth look at Craigslist rental frauds.

Sextortion on the Rise

Sextortion

 One of the new kinds of cybercrime has resulted in a new word – Sextortion.  This term has come to cover two different kinds of online activity. It is not surprising that sexual predators or those trafficking in child porn sometimes obtain, or coerce people into providing, nude pictures or videos and use those for blackmail. A number of these have been prosecuted.  In fact, Nigerian police recently arrested two Canadian women, Kardashian look-alikes, who apparently had sex with wealthy Nigerian men, recorded the events, and then blackmailed them for money.

But this has also become a very widespread scheme run internationally by organized fraud gangs.  A group that deals with this fraud, scamsurvivors, says that it has helped over 15,000 people around the world who have become victims.   Though victims are often reluctant to go to law enforcement, UK officials say that the number of complaints that they receive have doubled in the last year, and they are aware of at least four suicides.  In addition, this scam has been targeting young members of the U.S. military.

Here is how it works

A young man (usually) meets a beautiful young woman online at a chat site or a dating site.  They communicate, perhaps texting and exchanging photos, and then she suggests that become friends on Facebook.  Before long they both use webcams such as Skype to perform sexually explicit acts.  The crooks tape record the session, and then demand money or they will send the video to the victim’s family and friends.  Sometimes victims are called by the woman’s “father” claiming the girl was underage, and that this was therefore child pornography that could be reported to the police and result in criminal charges against the guy.

Who is behind this?

The organized frauds appear to be operating primarily from the Philippines, Morocco, and the Ivory Coast. But of course the victim does not know that they are dealing with someone outside the country.

How do they contact victims?
It is sometimes dating sites, but they often reach victims through chat sites such as such as chatroulette or omegle.   The frauds also typically set up fake Facebook profiles, stealing pictures of women from porn sites or other places on the internet.  Then they scour Facebook for likely subjects.  From looking at a victim’s Facebook page they may have a good idea of their social status and thus how much money they have.  Some frauds also seem to be using Linkedin to contact potential victims.

Who are the women?

The “women” in these situations don’t really exist.  They are computer generated sexbots, though that is not apparent to the viewer.  Those running the frauds can easily control the actions of these bots, making them wave, toss their hair, or do other things.

Who are the victims?

The vast majority of victims are males between 15 and 25.  Some are young members of the military.  The Naval Criminal Investigative Service (NCIS) reports that it received 300 sextortion reports over four years, but in 2016 they received more than 120.  It seems likely that this fraud is also targeting military members in other countries as well.  Here is a good article on the response to this scam by the US military.

How much do they want?

This varies depending on the fraudsters estimate of ability to pay, but initial demands seen to be about $500.  Of course anyone who pays will face demands for still more money.

What effect does this have on victims?

Like many frauds, victims suffer from more than the loss of money.  As noted, there are several reported suicides. In addition, victims who are Muslim or come from a family with strong religious beliefs may be especially worried.

How do victims pay? 

Most of the time the money is sent through Western Union or MoneyGram, though a few use Paypal.  Other payment methods are possible.

What if you don’t pay? 

In this fraud the gangs apparently do not actually follow up with their threats.  It is easier to just move on to new victims.

Similar tactics of recording sessions on webcams are also sometimes used by romance scammers, and those frauds have been known to actually post explicit videos.  But romance fraudsters tend to have a longer term interest in their victims and may know about their ability to pay or vulnerability to this type of blackmail.

What is law enforcement doing? 

International fraud is a real challenge for most law enforcement.  However, after a suicide in Scotland by a 17 year old victim UK police worked with Interpol to take action in the Philippines.  In 2014 police searched a number of large operations near Manila that were engaged in this fraud and arrested at least 55 people.  These fraud operations had victims in Hong Kong, Singapore, the UK and the U.S.  U.S. service members were also victims.

The woman in charge of one operation was reportedly the owner of two different Western Union outlets that was used to receive the money from victims.  In an interesting twist, this enterprise was texting with potential victims and convincing the victims that they had a problem with their phones. The fraudsters sent them a “fix” to install on their phone which contained a Trojan virus.  This allowed the fraudsters to download all the victims’ contact information.  Armed with that information, the crooks apparently could even threaten to send the video to specific people such as their mother or father.

There is an excellent TV news report on this effort on Undercover Asia.  It runs about 45 minutes but is extremely well done and is fascinating.

I’ve seen no news on convictions in this case.  In the Philippines victims must file formal complaints, and many victims are, understandably, reluctant to come forward.

Law enforcement in the UK has also made a real attempt to educate the public about this fraud and encourage victims to come forward.

 What to do if you’re a victim.

DO NOT PAY!  I would recommend as a first step going to scamsurvivors.com.  They have a step by step guide for victims to go through, such as closing down all Facebook pages and cutting off all communications from the fraud.

COMPLAIN TO LAW ENFORCEMENT.   Even if  an agency can’t help with this particular instance,  the information you provide may help them stop the fraud and help protect other people from becoming victims.  Here is information on where and now to complain.

Robocalls in the Rise

Robocalls on the rise

On December 9 the Federal Trade Commission released a report on data about Do Not Call for the previous year.   Most of us know about the National Do Not Call list — 226 million phone numbers are now registered.   To no one’s surprise, it shows a dramatic rise in robocalls.

 

We all also know that being on the Do Not call list does not stop illegal robocalls. Though the Federal Trade Commission has brought over a hundred cases involving robocalls these illegal calls  continue.  In fact, the new report shows that Do Not Call complaints rose from 3.5 million in 2014 to 5.3 million in 2015 – a 50% increase in the last year.

The report also lists the states that have the most complaints per 100,000 people.  The top 4, in order, are the District of Columbia (2771), New Jersey (2282), Connecticut (2147), and Illinois (2116).  This does not necessarily mean that those locations get more illegal calls, just that they are more likely to complain.

The states with the most registrations for Do Not Call per capita are:  New Hampshire, the District of Columbia, New Jersey and Massachusetts.

Law enforcement uses these complaints  to track patterns and locate violators.  It is quick and easy to complain.  Go to:

And if you are curious about a call, simply do an internet search of the number that appears in the Caller ID.  Often you can learn more about the scam behind the call.

Steve Baker

December 16, 2001

Costa Rica Sweepstakes Fraudsters Sentenced

Costa Rica Sweepstakes Scammers Sentenced in Federal court

On December 14, 2006 the three people in the US were sentenced to federal prison for running sweepstakes fraud schemes in Costa Rica that ripped off elderly US consumers.  One Costa Rica room running this fraud took in nearly $10 million.  One Defendant was sentenced to 15 years in federal prison.  Here is the DOJ press release.

How the fraud worked

US consumers received calls telling victims that they had won a large prize from a sweepstakes.  These calls used “spoofed” caller ID’s to make it look like they were coming from area code 202 (Washington DC).  They pretended to be calling from government agencies informing victims of their winnings.   (I know that some of these sweepstakes frauds were impersonating real people at the Federal Trade Commission, including me).  Victims were told to send money by Western Union or MoneyGram to pay a “refundable insurance fee.”  Those who paid were then called again, told that their winnings had increased, and that they needed to send additional money.  Of course no one had actually won anything.

This is, of course, very similar to sweepstakes frauds coming from Jamaica.  See my separate in depth article on Jamaican sweepstakes fraud.