04-28-97
08-14-95
InternetSCAMS
High-Tech Confidence Games
Scams and confidence games have been around as long as history records. All scams, modern or old, have a single critical factor without which they cannot succeed: the willing participation of the victim. Scam and con perpetrators prey upon people's desire — for profit or money, for gratification, for advancement, or for anything else the schemer can identify that will attract potential victims.
For years, law enforcement and other officials working to combat scams and cons have used a simple slogan that you'll see a number of times on this website — it remains true regardless of the mechanism used by the perpetrator: "If it sounds too good to be true, it probably is."
Exercise caution and a healthy skepticism when considering ANY transaction. Your guard should be up all the time; the old Latin phrase "caveat emptor" (let the buyer beware) remains universally true. When a transaction appears irresistible, that's the time to take a second look. Be sure you make an informed decision based on ALL of the best available information.
The perpetrators rely on another emotion to avoid being reported and caught: embarassment. Numerous victims of scams and cons identified in the course of law enforcement investigations have said they didn't report their loss because they felt so foolish after realizing they'd been duped. Law enforcement and the rest of the criminal justice system rely on input and participation from the public. If you realize you've been victimized, make a report. If you don't, you are not only allowing the perpetrator to get away with your loss, but to continue to victimize others. Please help us!
In an FBI press release, Assistant Director of the agency's Cyber Division, Jana Monroe says, "Bogus e-mails that try to trick customers into giving out personal information are the hottest, and most troubling, new scam on the Internet."
The growing ranks of Internet crooks are using new tricks called "phishing" and "spoofing" to steal your identity.
"Spoofing," or "phishing," frauds attempt to make Internet users believe that they are receiving e-mail from a specific, trusted source, or that they are securely connected to a trusted web site, when that is not the case.
Phishing (also known as "carding" or "brand-spoofing") is hacker-speak for "link alteration", —a "verification scam" where criminals (the "phishers") imitate legitimate companies in e-mails to entice people to share passwords or credit-card numbers.
For several years, individuals have bought Internet domain names that are similar to those of real, legitimate companies — for example: "change-ebay.com", where the real company website is "ebay.com".
The "phisher" (scammer) sends out millions of E-mail messages asking consumers to "verify account information" by providing key personal data —even SSN. This is the "phishing" (fishing) part —the bait (bogus email) is thrown out with the hope that, while most will ignore the bait, some "phish" (victims) will be tempted into biting.
When you get an email talking about an account you don't have, or from a company/vendor you don't use, you probably just ignore it as "junk mail". But, when customers of a real company get a cleverly-forged email, and presume it's from the legitimate company they do business with, they often respond.
The three most common ways the phisher hooks a phish (victim/consumer) is when—
- the victim responds, by return email, to a fraudulent "account verification" or "account update" request letter from the phisher.
- the victim fills out an email form (an HTML-based submission form, in the phisher's email message), which forwards the victim's input to the criminal's email/website address.
- the victim clicks on a website "link" in an email, that leads to the phisher's website, rather than the legitimate site.
Recent "phishing expeditions" (scams) used the look-alike site names "ebay-verification.net", "change-ebay.com" and "http://ebayservices-cancelorder.cjb.net" —to scam eBay (ebay.com) customers. Similarly, a scam site with a URL starting with "paypalsys.com" was used to scam customers of PayPal (paypal.com). Companies that have been known to be victims of this scam include: AOL, MSN, Earthlink, Yahoo, PayPal, eBay, Best Buy, Discover Card, Bank of America, Providian, and even the IRS.
__________________________
According to a May, 2004 press release by the research firm Gartner, phishing scams have a high success rate. Based on data from a survey (completed in April, 2004) of adult Internet users, Gartner estimates that about 19 percent of those attacked by phishing scams, or nearly 11 million U.S. adult Internet users, have clicked on the link in a phishing attack e-mail. Moreover, 3 percent of those attacked, or an estimated 1.78 million adults, report giving phishers their financial or personal information, and the data indicate that phishing attack victims are almost three times as prone to identity-theft related fraud as other online consumers.
__________________________
Click HERE to jump to the FTC's Consumer Alert, How Not to Get Hooked by a "Phishing" Scam.
Spoofing is generally used as a means to convince individuals to provide personal or financial information that enables the perpetrators to commit credit card/bank fraud or other forms of identity theft.
In "E-mail spoofing" the header of an e-mail appears to have originated from someone or somewhere other than the actual source. Spam distributors and criminals often use spoofing in an attempt to get recipients to open and possibly even respond to their solicitations. The "From" field (the "sender's" address) of an email can easily be altered (spoofed) —it is not a reliable indicator of the real origin of any email.
Even the FBI is not immune; a 2003 e-mail scam directed recipients to a web site that appears to be the official FBI public web address. It was actually a hoax site that was titled "Mass theft of debit cards". The site encouraged users to submit personal information (relating to their debit cards) in order to ensure that "any fraud operations with your account" not be made.
For more information on "spoofing" scams, click HERE to jump to the FBI press release, "FBI Says Web "Spoofing" Scams are a Growing Problem"
These bogus emails can be very tricky, using HTML mail/forms or other "phishing" techniques to hide/disguise the ultimate destination of the email's return/reply address, form submission, or "clickable" website links in their solicitation for your personal/account information.
Companies like eBay and PayPal request that you forward the suspect email to them, then delete it from your mailbox...
- PayPal's account-update spoof warning— "If you think you have received a fraudulent email, please forward the email to spoof@paypal.com and then delete the email."
- eBay's account-update spoof warning— "If you have any doubt whether an email is from eBay, forward the message to spoof@ebay.com immediately. Don't alter the subject line or forward the message as an attachment - doing so makes it more difficult for us to react quickly."
To prevent identity theft, eBay recommends that you should contact your bank and/or credit card companies immediately if you've already replied to a fraudulent email with sensitive personal information or entered data through a fake webpage. eBay also recommends that eBay users check their "Account" and "My eBay" preferences periodically to ensure there's been no account tampering.
For more information relating to online auction/retail fraud, click HERE to jump down to that section of this page.
—Mass-Mailing Identity-Theft Worm Example...
Click HERE for a detailed look at a specific, recent (Jan/2004) mass-mailing worm that pretends to be a real PayPal.com mailing —an email message sent to cleverly steal the recipient's identity. This page details one variation of what this type of scam can look like. Forewarned is forearmed!A good rule to follow: Don't send sensitive personal information via email —period.
—No companies (that you would probably want to do business with) will ever ask you to enter your password or financial information in an email "form", or send such information to them in an email. You should only share information about your account once you have logged in to what you are sure is the company's secure website.
Use caution with email that includes attachments or links! —Never "click" on any links or attachments in a suspicious email. Don't download/install anything from attachments/links in unsolicited email. No companies (that you would probably want to do business with), involved in any form of e-commerce, will ever send you an unsolicited attachment or software update to install on your computer.
The recent (2003) success of various widespread computer worms and Trojan-horse programs has spurred virus writers to put an increasing effort into creating official-looking e-mails and websites. Virus writers even fake convincing Microsoft security update mailings with attached official-looking "cumulative patches" and other security updates, for products like Windows, MS Internet Explorer, Outlook and Outlook Express.
These "malware"* attachments, if installed, can download malicious code from remote websites, installing back-doors on compromised office and home computers, making them vulnerable to remote control. They download/install executable files that open a TCP port(s) to listen for remote-control commands from the attackers.
(* — Malware is an abbreviated term for "malicious software"; generic tech-speak for any form of malicious software: viruses, worms, trojan horses, malicious active content, hijackers, web bugs, spyware, adware, etc.)
Some new, sophisticated malware comes in email letters (usually HTML-format email) that may have no links or attachments, and only need to be "opened", or even momentarily viewed in a email client's preview pane*, to secretly/instantly download malicious code into your computer.
(* — Enabling the "Preview Pane" feature in some email clients, such as MS Outlook, constitutes "opening" a mail message, and can automatically, without your knowledge, lauch malware.)
Microsoft NEVER emails out update files or "patches" to its software users —Microsoft ALWAYS requires users to go to the Microsoft website to download software updates.
For the very careful... Suspicious of a "link" in an email that seems to be from, for example, Microsoft, and wants you to click on a link for a download location? —Instead, jot down the update name or MS article number from the email, and go to www.microsoft.com. You can then manually go to the software download page, for the product in question, to find the update manually. Or, enter the update name or article number in a search box at the Microsoft (www.microsoft.com) website to see if such an update actually exists.
There's a lot of malicious software out there —Trojans, worms, malicious Java/JavaScript code in HTML email and on websites, etc.
—But, many of the horrible "viruses" that you hear about aren't really out there at all. Hoax virus warning messages are more than just time-wasters; like in the story of the "'Little Boy Who Cried Wolf", repeated hoaxes do condition us.
After repeatedly becoming alarmed and wasting time/effort on a hoax warning, only to learn that there was no real virus, home and office computer users may get into the habit of ignoring all virus warning messages —and that would be a big mistake —a lesson to be taught by the next real, destructive virus they encounter.
Don't forward any email virus warnings you receive unless you, personally, can vouch for the validity of the email warning. Remain vigilant, and by not forwarding hoax warnings, help others do the same.
Here are some links for more information on virus HOAXES:
- The Snopes.com Urban Legends Reference Pages
- Internet/web hoaxes at urbanlegends.about.com
- Hoax-Slayer
- Rob Rosenberger's myths/hoaxes site,
myths.com —Truth About Computer Virus Myths & Hoaxes
s - The F-Secure Info. Cntr. (datafellows.com) Hoaxes Page
- The McAfee Hoaxes Page
- The Sophos Hoaxes Page
- The Symantec "Threat Explorer" Hoaxes Page
Be wary of promotional scams.Identity thieves may use phony offers to get you to give them your personal information. Be wary of web advertisements and websites that offer a reward/prize in exchange for your contact information or other personal details.
There's a very high probability that they are specifically gathering this information for direct marketing purposes. It's likely that your name and address are worth much more to them (because they can sell it to other marketers, who can also sell it to even more marketers) than the reward/prize you're supposedly getting will be worth to you.
Be particularly suspicious of sweepstakes/contests. It's highly unlikely you'll win but, thanks to the personal/contact information you provide, the direct marketers certainly will!
SPAM is fairly well-known computer-jargon for unsolicited "junk" email, both real commercial (Unsolicited Commercial Email, also known as UCE), scam, (fake-commercial; various scams, often using phishing/spoofing tactics) and non-commercial (such as "chain letters", which may also be "malicious" in some hidden manner).
Experts predict that in 2004 well over half of all U.S. email will be spam/UCE.There are so many email scams run on the Internet, via unsolicited email, that it's virtually impossible for the average consumer to know which email "offerings" are the few legitimate mailings from real merchants.
The "offering" or other "apparent" purpose of many spam emails is just a sophisticated ruse to gather personal data from you in some manner —for identity theft uses, or another scheme.
The old Latin phrase, caveat emptor (let the buyer beware) was never more true than today as applied to UCE offerings. Our only advice can be, if you would even consider reading or responding to UCE, that you read all you can about the illegal activities going on —so you have a frame of reference when considering any offer which "seems" to be legal. Remember, always: If something sounds too good to be true, it usually is.
If you get spam email that you think is deceptive, forward it to spam@uce.gov. The FTC uses the spam stored in this database to pursue law enforcement actions against people who send deceptive email
If you believe you have been defrauded, file a
Even using the "preview pane" of some email clients is "opening" a mail message, with regard to various spammer tools/tricks that allow a spammer to confirm you're a live/working email address (any time you even "open" an email message from them). Never respond to spam. They all say they’ll take your name off the list. Most of them are lying. Responding to them just confirms —they’ll sell your address to every other spammer in the world. More spam for you! Have at least TWO email addresses. (If your ISP doesn't offer you multiple "free" email accounts, consider using a site like www.yahoo.com or hotmail.com for your second, free, email address.) Keep your "primary" email address secret from all but those you know and trust, and use your "secondary" email address for ALL other purposes (that attract spam and put you on spammers' lists) such as online commerce, registering for "free" access to websites or online services, email mailing lists, IRC, USENET newsgroups, etc. Also, consider only using an ISP or other email-account provider that provides good spam-blocking features to help prevent spam/UCE from even reaching your mailbox! Don't Give your email address without knowing how it will be used. When signing up for any paid or free online services, be sure to look for check-boxes allowing you to choose NOT to receive mail/offers from their "partners" (or share your personal/address information with their "partners"). They may have MANY "partners" that want to send email to you!!! Also, be aware that signing up for some "free" email services may actually increase your spam/UCE load! Read their privacy policy before signing up! Don't post your email address on your website. Avoid posting your email address anywhere on the Internet, either on your own website, in discussion groups/areas/lists, or through use of website feedback forms and "guestbooks". Even posting comments on discussion boards and other online "talk" lists/forums/groups that require and/or display your email address can make it "collectable" to spammers. Spammers usually use "web crawlers"* to mine (search) the web for email addresses, rather than personally searching millions of webpages with the human eye, so consider making your email address on your own personal or business website only "human-readable". For example, if you put your email address into a image file, like this... 
...human readable, but not visible/readable to web crawlers. (Note: Don't make it a clickable "mailto" link, or the crawler will pick up your email address from the source code of the webpage!) You can also use regular text on a webpage to make your email address "human" readable, but not "crawler-readable", by placing spaces between all the letters, like this: J _ S a m p l e @ M y I S P . n e t Again, the trick is to not to also make it a clickable "mailto" link that's machine readable. While not as handy as a "clickable link", your website visitors can still read and use your email address, if they wish to do so, and you can help yourself avoid a great deal of crawler-related spam over time! Use a spam filter. Anti-spam software can help keep spam at manageable level. There are dozens of spam filter choices on the market. Some work better than others, and some are easier to set up and use than others. Shop around for one that suits your needs. Never buy anything advertised in spam. If no one buys the products or services advertised in spam, companies will stop paying spammers to advertise their products and services. Spam is all about money. Deny them.  *—web crawlers: AKA web bots, robots, spiders, worms, wanderers, gatherers, aggregators, etc. Automated software that searches the web for whatever "data" it's programmed to find, such as email addresses. |
| SPAM IS 10... March 5th, 2004, marked the tenth anniversary of what is considered the first spam message (a 1994 message posted on several Usenet newsgroups by a California law firm, advertising services relating to the U.S. Green Card lottery). Ten years later, spam accounts for 50-60 percent of all U.S. email. |
Spam Zombies
—Who's Spamming Who? It could be you!
A January 28, 2004 FTC Consumer Alert, "Who’s Spamming Who? Could it be You?" warned consumers of spammers who may be compromising other people’s computers to send unsolicited — and possibly offensive — email offers for products and services. Computer security experts estimate that as much as 30 percent of all spam is sent by compromised computers located in home offices and living rooms, but controlled from afar.
According to the FTC, spammers can compromise computers in several ways, depending upon the type of Internet connection. Broadband connections are the most vulnerable and attractive to spammers because they are "always on". Spammers install a hidden software that allows remote access to your data and programs, which then allows the spammer to send messages from your computer.
For more information, visit the FTC's article, Your Computer: Part of the "Zombie Army"? to learn how to reduce your chances of becoming part of a robot network, called a "botnet".
Also, there's more more information about spyware that can compromise your computer in the next section of this presentation, "Preventing Identity Theft, Part 3: Even MORE SCAMS".
|
First SPAM, now SPIM... "SPIM" —coined by combining "SPAM" and "IM" (instant messaging). As ISPs and lawmakers try to control the worldwide growth of spam, black-hearted marketers are broadening their arsenal with SPIM —spam sent by instant messaging. And, like spam, not only sent to computers but increasingly also to PDAs and cell phones. While spim only accounted for about 10 percent of all IM traffic early this year, experts estimate the amount of spim may grow to 30 percent of all instant messages by the end of 2004. Like spam, some spim also carries malware (malicious software such as trojans, worms and viruses). Use of a "buddy list" can be effective in blocking spim by preventing strangers from sending messages to your IM handle/name, but beware: if your buddy list is turned off, some spim messages you subsequently receive can carry malicious code which, once activated on your computer, would spim all of your "buddies. Fighting SPIM... Most IM programs let you limit/block spim, by blocking messages from outside your contact/buddy list, but it does take some extra effort  on your part. If you use instant messaging, here are some methods (valid at the time this article was written) for limiting spim on various major IM systems:AOL Instant Messenger— 1) Click on "My AIM", 2) Select "Edit Options", 3) Select "Edit Preferences" 4) Select "Privacy" (left pane of the Preferences window) then 5) Select "Allow only users on my buddy list" option in "Who Can Contact Me" section. Fire— (a multi-protocol IM client for OS X) To block messages from anyone who is not on your buddy list... 1) Go to "Fire Preferences" (Fire Menu —> Preferences) 2) Open the "New Messages" pane 3) Check the checkbox, "Block messages from people not in my buddy list" ICQ— 1) Click the "Main" button 2) Select "Security & Privacy Permissions". 3) Select "Communication Events" in the left pane 4) Select the radio buttons under either the a) yellow-checkmark icon, limiting the actions to your contact list, or b) the red-X icon, preventing anyone from sending you things 5) Select "Spam Control" in the left pane, then 6) Check all the check boxes in the right pane, and 7) Select "All users" adjacent to the "Do not accept Multi Recipient Messages from" entry. MSN Messenger— 1) Once logged in, 2) Click "Tools", 3) Select "Options", 4) Select the "Privacy" tab. 5) Check "Only people on my Allow List can see my status & send me messages" checkbox. Additionally, the "Privacy" tab has controls to add/remove members of your "Allow List", and a button showing you who has added you to their contact list. Yahoo Messenger— 1) Click the "Login menu" 2) Select "Preferences". 3) Select "Privacy" in the left pane of the preferences window, and 4) Select "Ignore anyone who is not on my Friend list". Note: To avoid spim via Yahoo's "web interface", 5) Select "Do not allow users to see me online and contact me in the...". |
Our recommended online reading list
for a great SPAM education:
- The FTC's SPAM EMAIL website...
http://www.ftc.gov/spam/
- The FTC's Facts for Consumers publication,
You’ve Got Spam: How to "Can" Unwanted Email
- The FTC's Facts For Consumerspublication,
Don't want Your Email Address Harvested?
- The U.S. Government's online-safety microsite,
OnGuard Online, providing tips from many agencies to help you be on guard against Internet fraud, secure your computer, and protect your personal information.
- The FTC's Consumer Alert,
After a Disaster: Spam May Scam. Have you received unsolicited email asking for a donation to help victims of an emergency or with news about it? If so, you may have been the target of a scam.
The FTC's Consumer Alert publication, The Lowdown on Chain Letters
- The FTC's Facts for Consumers publication,
All Email Users: What You Need to Know About Chain Emails & Letters
- The FTC Consumer Alert,
Unsolicited Mail, Telemarketing and Email: Where to Go To "Just Say No".
Perhaps the most common example of this type of fraud occurs when a victim is expecting a large payoff for helping to move millions of dollars out of a foreign country. The victim may also believe he has won a large award in a nonexistent foreign lottery.
A good example of this type of scam is known as the "Nigerian 419 Scam". The perpetrators of this Advance Fee Fraud (AFF), known internationally as "4-1-9" fraud after the section of the Nigerian penal code which addresses fraud schemes, are often very creative and innovative.There's a general perception that no one is likely to enter into such an obviously suspicious relationship, but the truth is quite the opposite. Annually, a large number of victims are enticed/persuaded into believing they have been singled out, from all the masses, to share in multi-million dollar windfall profits, for doing absolutely nothing.
A U.S. Secret Service publication reports that
| "Indications are that Advance Fee Fraud grosses hundreds of millions of dollars annually and the losses are continuing to escalate. In all likelihood, there are victims who do not report their losses to authorities due to either fear or embarrassment. In response to this growing epidemic, the United States Secret Service established "Operation 4-1-9" designed to target Nigerian Advance Fee Fraud on an international basis. "The Financial Crimes Division of the Secret Service receives approximately 100 telephone calls from victims/potential victims and 300-500 pieces of related correspondence per day." |
For some excellent web pages explaining how this type of fraud scheme works (and to learn how to avoid similar scam entrapment offers), visit—
- The U.S. Department of State — Bureau of International Narcotics and Law Enforcement Affairs publication, "Nigerian Advance Fee Fraud"
- The U.S. Department of Energy's CIAC "Hoaxbusters" webpage section on the Nigerian 419 Scam.
- The FTC's Consumer Alert,
The "Nigerian" Scam: Costly Compassion.
Steps to take if you receive a Nigerian Scam Letter
- If you are a United States citizen or resident and have suffered No Financial Loss, write "No Financial Loss – For Your Database" on the documents you received and fax them to the U.S. Secret Service Task Force handling scam matters at 202-406-6930 or 202-406-5031. Actual hardcopy of the scam document(s) is required to add your scam information to the Task Force Database.
If you receive email solicitations and have suffered No Financial Loss, you can forward the email, complete with full header, by email to Secret Service 419 Nigerian Mail Fraud, (419.fcd@usss.treas.gov). Be sure to put the words " NO LOSS" as the "Subject:" of the email.
- If you are a United States citizen or resident and HAVE suffered a financial loss, write "Financial Loss - Contact Me ASAP" on the documents you have received, FAX them to the Task Force at 202-406-6930 or 202-406-5031, and give your telephone number. A U.S. Secret Service Agent will call you back to discuss the matter.
- Fax hardcopy of the scam correspondence you received, especially any banking data, to the US Task Force at
202-406-6930 or 202-406-5031, so that it can be included in the Task Force Database. State what country you
are sending from and state whether there has been a loss or there is no loss.
- Notify your own nation's national law enforcement agency and your own nation's foreign office.
- Be skeptical of individuals representing themselves as Nigerian or other foreign government officials asking for
your help in placing large sums of money in overseas bank accounts.
- Do not believe the promise of large sums of money for your cooperation.
- Do not give out any personal information regarding your savings, checking, credit, or other financial accounts.
- If you are solicited, do not respond and quickly notify the appropriate authorities.
Another Internet/email scam that may involve advance fees are...
Tens of millions of dollars are lost to scholarship scams every year."
There are some warning signs —Students should look for telltale lines:
- "The scholarship is guaranteed or your money back."
If you're guaranteed to be awarded money, watch out! Legitimate scholarship matching services do not guarantee scholarships. And don't believe the claim that everybody is eligible.
- "You can't get this information anywhere else."
Many services make you pay to get the same information you could have received free from a college financial aid office, state education agency, local library, the U.S. Department of Education, or the Internet.
- "I just need your credit card or bank account number to hold this scholarship."
Search services do not, in most cases, provide any awards directly to applicants, apply on behalf of applicants, or act as a disbursing agent for financial aid providers. You should never give out a credit card or bank account number unless you know the company or organization you are giving it to is legitimate.
- "We'll do all the work."
When applying for a scholarship, the student will have to submit the application and complete his/her own essay. An organization cannot do it for them, no matter what they claim in their promotion.
- "The scholarship will cost some money."
Beware of any scholarship that requests an application fee —even a low one. Most legitimate scholarship sponsors do not require up-front fees. Instead, they deduct fees, if any, from the disbursement check.
- "You've been selected by a 'national foundation' to receive a scholarship" or "You're a finalist" in a contest you never entered.
Most sources of financial aid have application deadlines and eligibility criteria; they do not, generally, operate like a sweepstakes.
- "Buy now or lose out..."
Scholarship seminars frequently end with one-on-one meetings in which a salesperson pressures the student to "buy now or lose out on this opportunity". Legitimate services do not use such pressure tactics.
- "Millions of dollars in student aid go unclaimed every year"
The large figures you may hear or read about usually represent an estimated national total of employee benefits or member benefits. Usually, such benefits are available only to the employees (and their families) of a specific company, or to the members of a specific union or other organization.
Additionally, investigate the organization yourself before making a commitment:
- Ask for names of three or four local families who have used its services recently.
- Ask how many students have used the service and how many of them received scholarships as a result.
- Find out about the service's refund policy.
- Get everything in writing.
- Read all the fine print before signing anything.
For more information on scholarship scams, jump to the FTC's publication on "Scholarship Scams", or visit the U.S. Department of Education, Office of the Inspector General's "Scholarship Scams" webpage.
College students can be an identity thief's dream...College students may even be more vulnerable to identity theft because of the availability of their personal data and the way many students handle this data.
While most students are well informed about the basic rules for protecting their physical well being and possessions (rules like walking in well-lit areas, traveling in groups and locking their doors and windows) —too many students don't know the basics of protecting their identity. Additionally, students often use the Internet to make purchases and manage their finances, exposing themselves to online fraud.
A recent national survey of college students found that:
- Almost half of all college students receive "pre-approved" credit card applications on a daily or weekly basis. Many of these students throw out card applications without destroying them.
Tip: Never toss credit applications aside and ignore them —shred them or tear them up, then throw them away. And, don't let mail pile up in your room/apartment or dorm mail slot.
- Nearly a third of students rarely, if ever, reconcile their credit card and checking account balances.
Tip: Make a habit of monitoring your credit card bills and bank statements carefully. Look at your statements as soon as you get them. Contact your bank or credit card company immediately if you find any charges for purchases you didn't make.
- Almost half of the students said they keep personal financial information in their dorm room, and almost a third said their room, or a room in their dorm, had been burglarized, —exposing both their personal information and belongings to theft.
Tip: Store your personal financial records in a locking file-cabinet or in a small, fireproof safe. Shred any private paperwork that you don't want to keep, such as insurance forms, medical records, bank statements, charge receipts, credit applications (including any pre-approved offers you receive in the mail!), and any documents that contain your social security number.
Consider purchasing a home/personal shredder, which can be found online or in local stores as low as $20. If you live in student housing, check with your student housing department/association, and/or student government regarding the availability (for student use) of shredders in dorm areas.
- Almost half of all students have had grades posted by social security number.
Tip: Be as stingy as possible with your social security number. Ask your professors to use a random number for you, for grade postings, rather than your SSN. Before giving out your SSN, always ask why it's needed. When a picture ID is required, use your driver's license instead of a student ID that uses your SSN (presuming your state has migrated away from using SSNs for driver licenses!).
For years many colleges have used social security numbers as the primary identifiers for students (and for faculty and staff, for that matter), requiring student ID numbers (their SSN) at enrollment, bookstores, cafeterias, on term papers, etc. Recently, because of the growing problem of identity theft, and changing legal and security environments, many institutions have migrated from, or are planning for the migration away from, SSN use as a primary identifier.
This scheme begins when the thief posts a help-wanted ad on popular Internet job search sites.
(NOTE: Remember, online recruiting business giants like Monster.com, CareerBuilder.com and HotJobs.com caution users about false online job listings, sometimes posted by identity thieves, to steal personal data for scams from unsuspecting job seekers.)
Online job seekers are required to fill out an application wherein they divulge sensitive personal information, such as their date of birth, social security number, etc. The scammer then uses that personal information to purchase merchandise on credit. The merchandise is sent to another job seeker, who has been hired as a "freight forwarder" by the scammer.The forwarder re-ships the merchandise out of the country. The scammer, who has represented himself as a foreign company, then pays the "freight forwarder" with a counterfeit check reflecting an amount significantly over that due. The scammer gets the freight forwarder to wire back the overage amount to the scammer, usually in a foreign country, before the fraud is discovered. The scammer profits at every turn of this elaborate scam.
Fraudulent Bonus Checks For Non-Existent Jobs: In another employment-related scam variation, some Americans are being victimized by an "online job application" fraud scheme. The individuals have applied for and accepted jobs through an online job search service advertising "signing bonuses" of approximately $2,500 to new hires. Each prospective employee has received a check ranging from $19,000 to $50,000 by mail from the prospective employer with instructions to deposit the check, preferably at an ATM. The recipient is further instructed to keep $2,000 to $4,000, depending upon the amount of the signing bonus, and return the balance of the money by wire to a location in Europe. The checks are fraudulent; therefore, the depositor is ultimately responsible for any amounts charged back to his or her account by the bank resulting from the dishonor of the checks. For more information on this employment scheme variation, click HERE to jump to the Federal Deposit Insurance Corporation's (FDIC) Special Alert, Fraudulent Bonus Checks For Non-Existent Jobs.
FEDERAL JOB FRAUD: Another employment-related scam that victimizes many Americans involves scammers selling information about government job opportunities. These scam artists place classified ads in newspapers, magazines, and periodicals offering (for a fee) to help job seekers locate and apply for Federal jobs. Some scam companies go so far as to use names that imply affiliation with the Federal Government such as the "U.S. Agency for Career Advancement," or "Postal Employment Service". For more information on this specific type of employment scam, click for the FTC's Job Scams website.
This scam begins when a counterfeit or fraudulent cashier’s check or corporate check is utilized to pay
for merchandise. Often these checks are "accidentally" made out for a substantially larger amount than
the purchase price. The victims are instructed to deposit the check and return the overage
amount, usually by wire transfer, to a foreign country.Because banks may release funds from a cashier's check before the check actually clears, the victim believes the check has cleared, and wires the money as instructed. (Obviously, the fake check will never actually clear, and the victim loses the "overage" money he/she wired back to the scammer.)
One popular variation of this scam involves the purchase of automobiles listed for sale in various Internet classified ads. A "potential buyer" (the scammer) contacts the sellers about purchasing the autos and shipping them to a foreign country. The buyer (scammer), or person acting on behalf of a buyer, then sends the seller a cashier's check for an amount several thousand dollars over the price of the vehicle. Oops! Oh, darn!The seller is now directed to deposit the check, and wire the excess back to the buyer (scammer), so they can (supposedly) pay the shipping charges. Once the money is sent, the buyer typically comes up with an excuse for canceling the purchase, and attempts to have the rest of the money returned.
Although the seller does not lose the vehicle, the seller is typically held responsible by his/her bank for depositing a counterfeit check, not to mention any "overage" funds he/she wired back to the buyer, and any other money sent back, during the scam.
The Police Notebook, Copyright © 2004,
the Board of Regents of the University of Oklahoma.
All rights reserved.
Last updated by Richard Hamilton on .
Sponsor: OU Police Department — Developer: Richard M. Hamilton, OUPD
Disclaimer
