White Plastic Scam
White plastic is a term given to any piece of plastic used as a credit card. Normally, a blank piece of plastic embossed and encoded with a stolen account number is used for fraudulent cash withdrawals at ATM machines or with cooperation by merchants.
White plastic is also being used in a scheme called "shoulder surfing" which either involves setting up a video camera or person to record individuals using an ATM.
The camera is focused on the PIN pad to capture a customer's PIN or is accomplished by merely standing in a position to see what you type.
At the end of the day or periodically, suspects retrieve discarded receipts from around the ATM which contain the account number and time of transaction. Once the criminal has both the PIN and the account number, they can produce a duplicate card.
Nigerian Scam Letter amd Advanced Fee Letters
The sender claims to be a bureaucrat, banker or royal toadie, who wants to cut you, and only you, in on the financial deal of a lifetime.
The writer claims to be in a position to skim public accounts or in other ways move vast amounts of cash, ethically obtained or not, into your hands. Hint: There is no money to be laundered - except yours. Palms must be greased. With your money. Generally in the form of a Western Union money order. A few K here, a few K there... eventually you get wise, and retire to lick your wounds.
Other versions of the scam may play on your sense of charity, or your naiveté (you can't win a lottery you didn't enter!) or your embarrassment about appearing suspicious. Refugee farmer, orphan, cancer patient, dead bank customer, phony job offer, overpayment with a cashier's check for the car you were trying to sell, different pot of money, different countries... same scam.
Vishing
Vishing is a term used to describe attempts to gain confidential information via telephone. Scammers call members of the public and engage them in conversations asking them to confirm details or pretending to sell them a product – with the goal being to gain personal details such as names, addresses, dates of birth and bank account details. Several such techniques are detailed below.
Recent attempts have the caller pretending they are from the local Primary Care Trust calling about requests for Emergency Services. The caller states that a call has been made for an emergency doctor and they are returning the call to arrange an appointment. The caller then asks a number of questions in an attempt to get the correct name, address, date of birth and telephone number. Mail Order accounts have then been set up in their names.
Another technique scammers use is to leave a voicemail message, posing as a representative of a financial institution and indicating that an anomaly has been discovered in the person’s account. The caller provides an 800 number for the person to return the call. The person believes the number is legitimate, when in fact it connects directly to the scammer, who then asks leading questions to “verify” the person’s identity.
Other methods have callers pretending to be major companies, such as Argos, promoting new deals on financial products such as accident coverage. The caller then asks for birth details, marriage and family details and bank account details.
Phishing
E-mails purporting to come from bank security departments are circulated to consumers requesting username and password details in connection with Internet banking. The email invites account holders to click on a URL (Uniform Resource Locator), which generates a web page that looks strikingly similar to that of the actual bank. Unsuspecting account holders complete their user names and passwords on the web page. Unknowingly, the account holders are logged into a web server run by a criminal enterprise.
Once the user name and password have been obtained, the criminal can log into the consumer's on-line banking system account and transfer money from that account into another account from which he will be able to obtain the funds.
In order to facilitate the transfer, a number of people are recruited who have accounts at the same bank as the target account. The recruitment involves advertisements on Internet forums and unsolicited emails offering jobs as ‘money processors'. Respondents to the advertisements are in receipt of 7% commission of the monies that they handle.
Once the stolen funds are received into the money processor’s bank account, they are given instructions to withdraw the money in cash and then to use money transfer agents and send the money to criminal organizers.
Free Webcam Scam/Cyber Spying
Scammers send out free Webcams to unsuspecting consumers. With the free webcam comes installation instructions and software. What the consumer doesn't know is that the software contains a Trojan horse that allows the scammers to control the webcams. Scammers can then do a variety of things from gathering embarrassing footage of the victim (and possibly using it for blackmail purposes) to using the Trojan to take control of the machine and send private information back to the scammer.
Similarly, scammers send out Webcams accompanied by a letter claiming the recipients have been randomly selected by a fictitious company for an Internet usage survey. But when the recipients load the software, they're actually running a program that gives the scammer control of the camera and the computer itself.
Scholarship Scam
Many scholarship scams are Internet sites that ask for your credit card or another form of payment before it’ll help you find funding, once they have your personal information, they can use it for a variety of illegal purposes. Similarly, student's parents are targeted by an unfamiliar organization that invites them to an “interview” or “seminar” about preparing and paying for college. Before falling prey to any of these scams, do your homework. Ask your high school counselor or a college financial aid administrator whether they’ve heard of the organization and know it’s legitimate. In many cases, such invitations are a way to get you to come listen to a sales pitch: the company wants you to pay for advice on scholarships and other funding.
The FTC cautions students to look for tell tale lines:
"The scholarship is guaranteed or your money back."
"You can't get this information anywhere else."
"I just need your credit card or bank account number to hold this scholarship."
"We'll do all the work."
"The scholarship will cost some money."
"You've been selected by a 'national foundation' to receive a scholarship" or "You're a finalist" in a contest you never entered.
Jury Duty Scam
Jury duty scammers pose as workers of local courts, calling citizens and informing them they have failed to report for jury duty. They claim that a warrant has been issued for the person’s arrest. When a victim responds that no jury duty notification was received, the scammer asks for “verification” information, including Social Security number and birth date – and sometimes, credit card account numbers.
Disaster Relief Scam
After disasters such as hurricanes or tornadoes, scammers will set up fake websites or call people for donations. Beware of such practices; if you wish to donate, you can find legitimate charities on news channels or from established organizations such as the Red Cross.
Account Verification Scam
An email that appears to be from eBay or PayPal asks for credit card information, social security number and other data to verify your account. This is a scam to gain access to your personal information.
Additionally, scammers send emails that appear to be from other organizations (such as cable or utility companies) with which you have an account, threatening to cancel the account if you don’t supply them with updated credit card information.
VISA/MasterCard Scam
Phone calls from people posing as employees of VISA or MasterCard alert intended victims of unusual spending activity on their accounts. The scammer will ask to verify account information, including the security code on the back of the credit card. If you receive such a phone call, do not supply the caller with the requested information. Call your credit card company directly and notify the company of the scam.
“Do Not Call” Verification Scheme
People posing as officials of a Government agency such as the Federal Trade Commission are calling consumers under the guise of verifying that the consumers are on the “do not call” telemarketing list. The scammers ask for personal data such as Social Security number, bank account details and credit card information.
IRS Audit/Exemption Schemes
Taxpayers are being scammed via both e-mail and fax by people posing as IRS officials. The e-mail scam involves purported IRS sources notifying taxpayers that they are under audit and must complete a questionnaire within 48 hours to avoid paying penalties and interest. The e-mail refers to an "e-audit" and references the IRS Form 1040. The taxpayers are asked for social security numbers, bank account numbers and other confidential information. The IRS does not notify taxpayers of audits via e-mail, nor does it conduct “e-audits.”
The fax scam has occurred in Winnipeg, Manitoba. Local businesses there have received faxes purporting to be from the U.S. Internal Revenue Service. The fax, which appears to be on official IRS letterhead, indicates that the business owner is a “non-resident alien” who is exempt from certain taxes. It asks the business owner to fill out the attached Form W-8BEN-11 to “protect” the exemption – and the form requests information such as passport number, Social Security number, mother's maiden name, bank account numbers and other personal data.
eBay Order Processing Scam
The eBay scam entices people to a specific web site by sending e-mails to them stating that their [phony] orders have been completed and shipped. The e-mails indicate that the recipient can cancel the order by going to the web site and entering identifying information, such as Social Security number. An example of the scam e-mail appears below.
Dear eBay Customer,
Your order has been completed and will be mailed within 24-48 hours. Your credit card has been charged $1460.50 for the following purchase...
( Micron Pentium III Computer )
…plus shipping and handling. If you feel that your credit card has been billed wrongly, please visit our site and fill out all the needed information to cancel the following order. http://ebayservices-cancelorder.cjb.net
Thank you,
eBay Services.
Retail Order Confirmation Scam
An e-mail that claims to be from an overseas retailer, often a well-known company, arrives confirming that you have placed an order. Typically it states:
“Thank you for your order. If you paid with a credit card, the charge on your statement will be from [shop name]. This email is to confirm the receipt of your order.”
It then provides the order details such as date, order number, payment method, product and cost – which may be into the thousands of dollars. The e-mail indicates that it has been sent from an automatic confirmation system to which you cannot reply and thus requests that you open an attachment for more details of the order. Here is where the danger lies. The attachment contains a Trojan which may contain:
- • Spyware to capture your personal information such as passwords, user names and account numbers, enabling the scammer to access your account; or
- • Worms or viruses that harvest email addresses from your address book or destroy your personal files.
“Free Gift” Scam
Scam artists send e-mails or make phone calls indicating that the recipient has won a “free gift” and must supply credit card information to pay for shipping and handling. This is clearly an attempt to steal credit card data. Do not respond to such solicitations. In addition to gaining access to credit card account information, they may also be attempting to discover legitimate phone numbers and e-mail addresses for future spam and telemarketing efforts.
"Free Credit Report" Scam
E-mails offering a “free credit report” are attempts to discover your social security number. If you receive an official-looking e-mail making such an offer, investigate the company through the Better Business Bureau or Federal Trade Commission.
BBB Scam
Scammers are using the Better Business Bureau (BBB) name and a false BBB e-mail address of operations@bbb.org to entice recipients to access potentially damaging hyperlinks. Bogus messages are sent to businesses and consumers indicating that a complaint has been filed with the BBB and directing the recipient to click on a link and download a document. The download is actually an executable file that is believed to be some form of a computer virus. A sample e-mail is shown below.
From: operations@bbb.org [mailto:operations@bbb.org]
Sent: Tuesday, February 13, 2007 6:06 AM
To: XXXX
Subject: BBB Case #263621205 - Complaint for XXXX
Dear Mr./Mrs. XXXX
You have received a complaint in regards to your business services. The complaint was filled by Mr. XXXX on 02/05/2007/
Use the link below to view the complaint details:
DOCUMENTS FOR CASE #263621205
Complaint Case Number: 263621205
Complaint Made by Consumer Mr. XXXX
Complaint Registered Against: Company XXXX
Date: 02/05/2007
Instructions on how to resolve this complaint as well as a copy of the original complaint can be obtained using the link below:
DOCUMENTS FOR CASE #263621205
Disputes involving consumer products and/or services may be arbitrated. Unless they directly relate to the contract that is the basis of this dispute, the following claims will be considered for arbitration only if all parties agree in writing that the arbitrator may consider them:
- Claims based on product liability;
- Claims for personal injuries;
- Claims that have been resolved by a previous court action, arbitration, or written agreement between the parties.
The decision as to whether your dispute or any part of it can be arbitrated rests solely with the BBB.
The BBB offers its members a binding arbitration service for disputes involving marketplace transactions. Arbitration is a convenient, civilized way to settle disputes quickly and fairly, without the costs associated with other legal options.
"Get Out Of Debt" Scam
Scammers send an e-mail promising to help recipients eliminate their debt with a no-fee service. The e-mail directs the reader to click on a link, which goes to a form that asks for personal information. The scammers then use this information for identity theft. Avoid clicking on any links or downloading attachments from unknown senders.
Oprah Tickets Scam
This scam involves emails or letters telling recipients that they have won tickets to a taping of the Oprah’s talk show in Chicago, or that they can purchase a tour package that includes a taping of the show. The communication asks recipients to submit personal information for verification purposes or to wire money to an unknown third party. The Oprah Winfrey Show does not sell tickets or tour packages. Reservations for the show are only available by phoning the Audience Department of The Oprah Winfrey Show.
Advance Fee Loans Scam
Consumers receive e-mails or telephone calls promoting a pre-approved loan or credit card regardless of credit history. The communication asks for an up-front fee and may ask for credit card information, bank account information or Social Security number. Never provide this information over the telephone or Internet unless you are familiar with the company and know why the information is necessary. In fact, unless you have initiated the contact, it’s best not to engage in any such dialogue.
Wireless Network Scam
The Wireless Network Scam centers on hackers fooling wireless network users into logging onto rogue access points set up to emulate legitimate wireless Lan equipment.
Once hackers have set up these wireless networks next to commercial hotspots, and conned users into logging on, they can begin taking data from the laptops connected to the wireless networks.
Bluetooth Exploit
While the security available to Bluetooth devices has improved, many devices are not implementing the needed technology to protect end users from abuse. During TraceSecurity testing of hands free car devices we found that almost half the devices we tested were vulnerable to the most simple of attacks. There attacks allowed us to access the hands free devices from a remote location and listen in to conversations that were taking place between passengers in cars on the road.
During our testing we followed a few car lengths behind a car that was equipped with one of the bluetooth hand free car devices and listened in on the conversation taking place between the passengers in the car. The test showed that not only could we access the device and hear the conversation, the occupants of the car had no warning or indication we had accessed the device and were listening in.
The problem is that many of the devices that we found to be vulnerable is that they did not require the user to set the device in "pairing mode". Pairing mode is what allows the device to connect with another device. Because these devices were always in pairing mode it made them simple to connect with. In addition these devices used default security pins such as 0000 or 1234 and did not allow the user to change the pin.
When purchasing a hands free device users should verify that the device is not always in pairing mode and when possible change the pin to something other then the default. For users who already have these insecure devices the best advice is to leave them off or unplugged except when needed.
Ecard Exploit
Ecards are growing in popularity; they’re an easy and inexpensive way to send greetings, but they’re also becoming a tool for scammers. The Ecard Exploits we’ve seen have generally fallen into 2 categories.
- Email is sent notifying the recipient that they have and ecard waiting for them. The recipient follows a link to the site to see the ecard. The recipient is told that they have out-of-date software and need to update it in order to view the ecard. The “software” may actually be a virus or spyware or a Trojan that can damage the computer or start collecting sensitive information from the user.
- Recipient gets card. Recipient goes to the link, the site they go to has malicious software that exploits vulnerabilities in their web browser. Recipient’s computer is compromised automatically without their knowledge.
In general, if you get an email claiming you've received an ecard from a generic 'friend' or 'family member' rather than from someone whose name or personal e-mail address you recognize, the e-mail is likely fraudulent and should be immediately deleted.
|
