Active Fraud and Scams
Payroll ACH Fraud
Fraudsters are taking advantage of HR and payroll departments by changing an employee’s payroll to go into the fraudsters' accounts. The fraudsters either email or call the responsible party within an organization and request to update routing and/or account numbers for future payments. The organization updates the account number, and future payments are sent to an illegitimate party.
Social engineering is the general activity of tricking individuals into disclosing personal private information such as usernames and passwords, social security numbers or bank account numbers to conduct ID theft and financial fraud. Social Engineering is the beginning of most scams or cons and is perpetrated by phone, email, text messaging and even by mail.
How to Avoid Being Scammed
Talk to your bank about the safest way to conduct a financial transaction you want to make with someone you do not know, have just met or have any suspicions about.
Know who you are dealing with. If you are dealing with someone locally, meet face-to-face. This will help you avoid most scam attempts. Don't accept cashier/certified checks or money orders from people you don’t know. A bank cannot determine if an item is fraudulent before it’s deposited. If you deposit a check or money order and it is fraudulent, you are responsible.
- Personally check out what you are buying. Be sure it exists. A picture is just a picture.
- Never give out personal or financial information such as your social security number or bank account.
- When buying online, only buy from reputable retail sites.
Email Takeover Scams
Business Email Compromise (BEC)
Business Email Compromise (BEC) is a sophisticated type of payment fraud that involves the compromise of legitimate business email accounts for the purpose of conducting a fraudulent wire transfer.
- First, fraudsters compromise a business executive’s business email. They try to target someone with the authority to authorize a wire transfer. They can get this information from the business website. In most cases, they compromise the legitimate business email accounts through social engineering or malware.
- They then review the business’s legitimate email communications and travel schedules to look for a bank contact they can use.
- This goes on until they get enough information to send wire transfer instructions using either the victim’s email or a spoofed email account. The difference in the spoofed email account is very subtle and can easily be mistaken for the legitimate business email address.
- The fraudster then sends an internal email to another employee within the business who can conduct wire transfers. The fraudsters utilize multiple methods to ensure their email communications are successful. In some instances, fraudsters have created rules using the compromised business email account to send all communications associated with the fraudster’s activity to the trash folder or to a hidden folder the victim is unaware of.
- Often the fraudster will wait until the CEO/CFO is on official travel before sending wire transfer instructions, making it more likely that the individual would use email for official business and, therefore, harder to verify the transaction as fraudulent. These requests will typically state that the wire transfer is related to urgent or confidential, even personal matters and must not be discussed with any other company personnel. The wire is then sent to the bank through the normal channels used by the company.
- The bank will perform its normal security reviews, however, typically the wire is similar to others sent in the past regarding dollar amount and payee, so the bank is not suspicious. The bank may even call back the company to verify the wire. The company representative, thinking it is a wire order by an executive, will confirm and authorize the bank to send.
- The executive returns or someone else in the company receives a wire confirmation from the bank and the company realizes they’ve been a victim of fraud.
- The company calls the bank to recall the wire, but can’t. Wires are guaranteed funds to the receiver. The bank can send a message to the receiving bank to let them know it’s fraudulent, but typically the money is gone as soon as it is received.
Online Social Sites
Dating or other sites that connect people socially are filled with scammers. Scammers on these sites work to build a fake personal relationship with you. They are willing to spend months convincing you to trust them. They prey on your kindness and desire to help. Do not send them money or give them any account information to send you money. Many scams on social sites are to get you to assist in laundering money. You may not lose money, but you will be an accomplice in illegal activity.
Caretaker Job Offer Scam
You may see an ad for a caretaker job or receive an email offer. The job is typically offered by an individual. The scammer says they are looking for a caretaker for a child, special needs or adult family member because they will be temporarily working or living in your geographic area.
Because they are out of the area they will say they need someone local to help get them set up. This may mean purchasing caretaking supplies, often large dollar items such as a hospital bed, wheelchair or crib or even putting a down payment on a rental.
Once you have found the items they want and provided them a price, they will send you a cashier check or money orders to cover the cost. Sometimes the payment they send you is for too much and they will ask you to wire back the balance. Sometimes they will have you purchase the items and ship them to an accomplice. Either way, when the check or the money order turns out to be fraudulent and the bank charges your account, the loss is yours.
Consumers continue to be successfully targeted by fraudsters sending an official-looking piece of mail saying you won a lottery. The scam starts with a very official letter claiming you are a “Winner.” It often comes by priority mail and is often postmarked in a foreign country.
Often the letter includes a fraudulent check for your winnings. It asks you to deposit the fraudulent check at your bank and wire back a portion for processing fees, taxes, etc. When the fraudulent check comes back, your bank will charge your account and you will lose the money.