Your mobile devices – including smartphones, laptops and tablets – are always within reach everywhere you go – the classroom, residence hall, or off campus. Mobile devices are often used for sensitive activities, including banking, online shopping and social networking. Some of these activities require users to provide personal information such as their names, account numbers, addresses, email addresses and passwords. While continued access provides us with more flexibility and convenience to stay connected no matter where we are, it can also make us more susceptible to exposure. The more we access the Internet on the go, the more risks we face on our mobile devices. No one is exempt from the threat of cyber crime but you can follow these simple tips to reduce your risk of being a victim:
Think Before You Connect. Before you connect to any public Wi-Fi hotspot, be sure to confirm the name of the network and exact login procedures to ensure that the network is legitimate. Using your mobile network connection is generally more secure than using a public Wi-Fi network.
Guard Your Mobile Device. In order to prevent theft, unauthorized access and loss of sensitive information, never leave your mobile devices–including any USB or external storage devices–unattended in a public place.
Keep It Locked. Lock your device when you are not using it. Even if you only step away for a few minutes, that is enough time for someone to steal or destroy your information. Use strong PINs and passwords to prevent others from accessing your device.
Update Your Mobile Software. Treat your mobile device like your home computer. Keep your operating system software and apps updated, which will improve your device’s ability to defend against malware.
Only Connect to the Internet if Needed. Disconnect your device from the Internet when you aren’t using it and make sure your device is not programmed to automatically connect to Wi-Fi. The likelihood that attackers will target you becomes much higher if your device is always connected.
Know Your Apps. Be sure to thoroughly review the details and specifications of an app before you download it. Be aware that the app may request that you share your personal information and permissions. Delete any apps that you are not using to increase your security.
Below is a list of common fraud schemes reported to the Federal Bureau of Investigations. If you believe you have been a victim of a cyber crime, please file a complaint to the Internet Crime Complaint Center.
Common Fraud Schemes
Identity theft occurs when someone appropriates another's personal information without their knowledge to commit theft or fraud. Identity theft is a vehicle for perpetrating other types of fraud schemes. Typically, the victim is led to believe they are divulging sensitive personal information to a legitimate business, sometimes as a response to an email solicitation to update billing or membership information, or as an application to a fraudulent Internet job posting.
Phishing and spoofing are somewhat synonymous in that they refer to forged or faked electronic documents. Spoofing generally refers to the dissemination of email which is forged to appear as though it was sent by someone other than the actual source. Phishing, often utilized in conjunction with a spoofed email, is the act of sending an email falsely claiming to be an established legitimate business in an attempt to dupe the unsuspecting recipient into divulging personal, sensitive information such as passwords, credit card numbers, and bank account information after directing the user to visit a specified website. The website, however, is not genuine and was set up only as an attempt to steal the user's information.
Research Study schemes involve the victims being solicited usually on Facebook, often times through a Facebook Group, that the victim has an affiliation to or is a member of. The posts offer the victim gift cards in exchange to participate in what is advertised as a research project related to either breast or cervical cancer. The following is an example post: "My cousin/aunt works in a lab at ____ (some random university or healthcare system) and is looking at factors that increase the chance of breast cancer in women" or "cervical cancer as related to sexual activity."
Since the poster appears to be a real person and in some cases are posing as an actual student of the university, the victims complete the survey. The survey asks very personal information, many related to breast size, shape, weight, sexual habits, etc and once completed the victims are promised a gift card to Sephora, Amazon or other retailers. Once the victim completes the initial survey they are often contacted and offered additional gift cards if they take part in a follow up "heat scan study. The "heat scan" study involves the females recording themselves either topless or while performing "self-exams", usually sexual in nature under the guise that the "heat scan" will aid in research of breast/cervical cancer. The females are never given the gift cards and usually the original post is deleted or disabled by the scammer.
The Internet Crime Complaint Center has received multiple reports alleging foreign subjects are using fraudulent credit cards. The unauthorized use of a credit/debit card, or card number, to fraudulently obtain money or property is considered credit card fraud. Credit/debit card numbers can be stolen from unsecured websites, or can be obtained in an identity theft scheme.
Employment/business opportunity schemes have surfaced wherein bogus foreign-based companies are recruiting citizens in the United States on several employment-search websites for work-at-home employment opportunities. These positions often involve reselling or reshipping merchandise to destinations outside the United States.
Prospective employees are required to provide personal information, as well as copies of their identification, such as a driver's license, birth certificate, or social security card. Those employees that are "hired" by these companies are then told that their salary will be paid by check from a United States company reported to be a creditor of the employer. This is done under the pretense that the employer does not have any banking set up in the United States.
The amount of the check is significantly more than the employee is owed for salary and expenses, and the employee is instructed to deposit the check into their own account, and then wire the overpayment back to the employer's bank, usually located in Eastern Europe. The checks are later found to be fraudulent, often after the wire transfer has taken place.
In a similar scam, some web-based international companies are advertising for affiliate opportunities, offering individuals the chance to sell high-end electronic items, such as plasma television sets and home theater systems, at significantly reduced prices.
The affiliates are instructed to offer the merchandise on well-known Internet auction sites. The affiliates will accept the payments, and pay the company, typically by means of wire transfer. The company is then supposed to drop-ship the merchandise directly to the buyer, thus eliminating the need for the affiliate to stock or warehouse merchandise. The merchandise never ships, which often prompts the buyers to take legal action against the affiliates, who in essence are victims themselves.
College students across the United States have been targeted to participate in work-from-home scams. Students have been receiving e-mails to their school accounts recruiting them for payroll and/or human resource positions with fictitious companies. The “position” simply requires the student to provide his/her bank account number to receive a deposit and then transfer a portion of the funds to another bank account. Unbeknownst to the student, the other account is involved in the scam that the student has now helped perpetrate. The funds the student receives and is directed elsewhere have been stolen by cyber criminals. Participating in the scam is a crime and could lead to the student’s bank account being closed due to fraudulent activity or federal charges. Here’s how the scam works:
- The student is asked to provide his/her bank account credentials under the guise of setting up direct deposit for his/her pay.
- The scammers will add the student’s bank account to a victim employee’s direct deposit information to redirect the victim’s payroll deposit to the student’s account.
- The student will receive the payroll deposit from the victim’s employer in the victim’s name.
- The student will be directed to withdraw funds from the account and send a portion of the deposit, via wire transfer, to other individuals involved in the scam.
Consequences of Participating in the Scam:
- The student’s bank account will be identified by law enforcement as being involved in the fraud.
- The victim employee has his/her pay stolen by the scammers utilizing the student’s bank account.
- Without the student’s participation, the scam could not be perpetrated, so he/she facilitated the theft of the paycheck.
- The student could be arrested and prosecuted in federal court. A criminal record will stay with the student for the rest of his/her life and will have to be divulged on future job applications, which could prevent the student from becoming hired.
- The student’s bank account may be closed due to fraudulent activity and a report could be filed by the bank.
- This could adversely affect the student’s credit record.
Tips on How to Protect Yourself from this Scam:
- If a job offer sounds too good to be true, it probably is.
- Never accept a job that requires the depositing of funds into your account and wiring them to different accounts.
- Look for poor use of the English language in e-mails such as incorrect grammar, capitalization, and tenses. Many of the scammers who send these messages are not native English speakers.
- Never provide credentials of any kind such as bank account information, login names, passwords, or any other identifying information in response to a recruitment e-mail.
- Forward these e-mails to the University of Kentucky's IT personnel and tell your friends to be on the lookout for the scam.
- Notify University of Kentucky Police Department.
With improved technology and world-wide Internet access, spam, or unsolicited bulk email, is now a widely used medium for committing traditional white collar crimes including financial institution fraud, credit card fraud, and identity theft, among others. It is usually considered unsolicited because the recipients have not opted to receive the email. Generally, this bulk email refers to multiple identical messages sent simultaneously. Those sending this spam are violating the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act, Title 18, U.S. Code, Section 1037.
Spam can also act as the vehicle for accessing computers and servers without authorization and transmitting viruses and botnets. The subjects masterminding this Spam often provide hosting services and sell open proxy information, credit card information, and email lists illegally.
The lottery scheme deals with persons randomly contacting email addresses advising them they have been selected as the winner of an International lottery. The Internet Crime Complaint Center has identified numerous lottery names being used in this scheme.
The email message usually reads similar to the following:
“This is to inform you of the release of money winnings to you. Your email was randomly selected as the winner and therefore you have been approved for a lump sum payout of $500,000.00. To begin your lottery claim, please contact the processing company selected to process your winnings.”
An agency name follows this body of text with a point of contact, phone number, fax number, and an email address. An initial fee ranging from $1,000 to $5,000 is often requested to initiate the process and additional fee requests follow after the process has begun. These emails may also list a United States point of contact and address while also indicating the point of contact at a foreign address.
Debt elimination schemes generally involve websites advertising a legal way to dispose of mortgage loans and credit card debts. Most often, all that is required of the participant is to send $1,500 to $2,000 to the subject, along with all the particulars of the participant's loan information and a special power of attorney authorizing the subject to enter into transactions regarding the title of the participant's homes on their behalf. The subject then issues bonds and promissory notes to the lenders that purport to legally satisfy the debts of the participant. In exchange, the participant is then required to pay a certain percentage of the value of the satisfied debts to the subject. The potential risk of identity theft related crimes associated with the debt elimination scheme is extremely high because the participants provide all of their personal information to the subject.
Named for the violation of Section 419 of the Nigerian Criminal Code, the 419 scam combines the threat of impersonation fraud with a variation of an advance fee scheme in which a letter, email, or fax is received by the potential victim. The communication from individuals representing themselves as Nigerian or foreign government officials offers the recipient the "opportunity" to share in a percentage of millions of dollars, soliciting for help in placing large sums of money in overseas bank accounts. Payment of taxes, bribes to government officials, and legal fees are often described in great detail with the promise that all expenses will be reimbursed as soon as the funds are out of the country. The recipient is encouraged to send information to the author, such as blank letterhead stationary, bank name and account numbers, and other identifying information using a facsimile number provided in the letter. The scheme relies on convincing a willing victim to send money to the author of the letter in several installments of increasing amounts for a variety of reasons.
"Reshippers" are being recruited in various ways but the most prevalent are through employment offers and conversing, and later befriending, unsuspecting victims through Internet Relay Chat Rooms.
Unknown subjects post help-wanted advertisements at popular Internet job search sites and respondents quickly reply to the online advertisement. As part of the application process, the prospective employee is required to complete an employment application, wherein he/she divulges sensitive personal information, such as their date of birth and social security number which, unbeknownst to the victim employee, will be used to obtain credit in his/her name.
The applicant is informed he/she has been hired and will be responsible for forwarding, or "reshipping", merchandise purchased in the United States to the company's overseas home office. The packages quickly begin to arrive and, as instructed, the employee dutifully forwards the packages to their overseas destination. Unbeknownst to the "reshipper," the recently received merchandise was purchased with fraudulent credit cards.
The second means of recruitment involves the victim conversing with the unknown individual in various Internet Relay Chat Rooms. After establishing this new online "friendship" or "love" relationship, the unknown subject explains for various legal reasons his/her country will not allow direct business shipments into his/her country from the United States. He/she then asks for permission to send recently purchased items to the victim's United States address for subsequent shipment abroad for which the unknown subject explains he/she will cover all shipping expenses.
After the United States citizen agrees, the packages start to arrive at great speed. This fraudulent scheme lasts several weeks until the "reshipper" is contacted. The victimized merchants explain to the "reshipper" the recent shipments were purchased with fraudulent credit cards. Shortly thereafter, the strings of attachment are untangled and the boyfriend/girlfriend realizes their Cyber relationship was nothing more than an Internet scam to help facilitate the transfer of goods purchased online by fraudulent means.
Internet extortion involves hacking into and controlling various industry databases, promising to release control back to the company if funds are received, or the subjects are given web administrator jobs. Similarly, the subject will threaten to compromise information about consumers in the industry database unless funds are received.
Phone scam that primarily targets college students using the either the FBI’s, IRS’ or local sheriff/police department’s phone number on caller ID. The caller claims to be representing one of the U.S. government entities, and threatens to arrest them if they fail to pay the fine. In each case, the threats are associated with false claims ranging from money owed for student loans, to delinquent taxes, and overdue parking tickets, etc. During each call the caller attempts to gain personally identifiable information from the student. The caller may claim to have specific student information and will give erroneous information to elicit the correct information from the student. The originating number used by the fraudsters, which appears on students’ caller ID is masked as the number for the government entity their misrepresenting.
The public is reminded; No government entity will call private citizens requesting money. If citizens receive a call that seems suspicious, they should disconnect immediately and notify law enforcement.
If you receive these calls, do not follow the caller’s instructions. Rather, you should:
- Notify your banking institutions.
- Contact the three major credit bureaus and request an alert be put on your file.
- Contact your local law enforcement agencies if you feel you are in immediate danger.
- File a complaint through the Internet Crime Complaint Center www.IC3.gov.
Auction fraud involves fraud attributable to the misrepresentation of a product advertised for sale through an Internet auction site or the non-delivery of products purchased through an Internet auction site.
Consumers are strongly cautioned against entering into Internet transactions with subjects exhibiting the following behavior:
- The seller posts the auction as if he resides in the United States, then responds to victims with a congratulatory email stating he is outside the United States for business reasons, family emergency, etc. Similarly, beware of sellers who post the auction under one name, and ask for the funds to be transferred to another individual.
- The subject requests funds to be wired directly to him/her via Western Union, MoneyGram, or bank-to-bank wire transfer. By using these services, the money is virtually unrecoverable with no recourse for the victim.
- Sellers acting as authorized dealers or factory representatives in countries where there would be no such dealers should be avoided.
- Buyers who ask for the purchase to be shipped using a certain method to avoid customs or taxes inside another country should be avoided.
- Be suspect of any credit card purchases where the address of the card holder does not match the shipping address. Always receive the card holder's authorization before shipping any products.
The Parcel Courier Email Scheme involves the supposed use of various National and International level parcel providers such as DHL, UPS, FedEx and the USPS Often, the victim is directly emailed by the subject(s) following online bidding on auction sites. Most of the scams follow a general pattern which includes the following elements:
- The subject instructs the buyer to provide shipping information such as name and address.
- The subject informs the buyer that the item will be available at the selected parcel provider in the buyer's name and address, thereby, identifying the intended receiver.
- The selected parcel provider checks the item and purchase documents to guarantee everything is in order.
- The selected parcel provider sends the buyer delivery notification verifying their receipt of the item.
- The buyer is instructed by the subject to go to an electronic funds transfer medium, such as Western Union, and make a funds transfer in the subject's name and in the amount of the purchase price.
- After the funds transfer, the buyer is instructed by the subject to forward the selected parcel provider the funds transfer identification number, as well as their name and address associated with the transaction.
- The subject informs the buyer the parcel provider will verify payment information and complete the delivery process.
- Upon completion of delivery and inspection of the item(s) by the receiver, the buyer provides the parcel provider funds transfer information, thus, allowing the seller to receive his funds.
Investment fraud is an offer using false or fraudulent claims to solicit investments or loans, or providing for the purchase, use, or trade of forged or counterfeit securities.
Ponzi or pyramid schemes are investment scams in which investors are promised abnormally high profits on their investments. No investment is actually made. Early investors are paid returns with the investment money received from the later investors. The system usually collapses. The later investors do not receive dividends and lose their initial investment.
A general trend has been noted by the Internet Crime Complaint Center regarding work-at-home schemes on websites. In several instances, the subjects, usually foreign, post work-at-home job offers on popular Internet employment sites, soliciting for assistance from United States citizens. The subjects allegedly are posting Internet auctions, but cannot receive the proceeds from these auctions directly because his/her location outside the United States makes receiving these funds difficult. The seller asks the United States citizen to act as a third party receiver of funds from victims who have purchased products from the subject via the Internet. The United States citizen, receiving the funds from the victims, then wires the money to the subject.
In an effort to persuade a wary Internet auction participant, the perpetrator will propose the use of a third-party escrow service to facilitate the exchange of money and merchandise. The victim is unaware the perpetrator has actually compromised a true escrow site and, in actuality, created one that closely resembles a legitimate escrow service. The victim sends payment to the phony escrow and receives nothing in return. Or, the victim sends merchandise to the subject and waits for his/her payment through the escrow site which is never received because it is not a legitimate service.
The counterfeit cashier's check scheme targets individuals that use Internet classified advertisements to sell merchandise. Typically, an interested party located outside the United States contacts a seller. The seller is told that the buyer has an associate in the United States that owes him money. As such, he will have the associate send the seller a cashier's check for the amount owed to the buyer.
The amount of the cashier's check will be thousands of dollars more than the price of the merchandise and the seller is told the excess amount will be used to pay the shipping costs associated with getting the merchandise to his location. The seller is instructed to deposit the check, and as soon as it clears, to wire the excess funds back to the buyer or to another associate identified as a shipping agent. In most instances, the money is sent to locations in West Africa (Nigeria).
Because a cashier's check is used, a bank will typically release the funds immediately, or after a one or two day hold. Falsely believing the check has cleared, the seller wires the money as instructed.
In some cases, the buyer is able to convince the seller that some circumstance has arisen that necessitates the cancellation of the sale, and is successful in conning the victim into sending the remainder of the money. Shortly thereafter, the victim's bank notifies him that the check was fraudulent, and the bank is holding the victim responsible for the full amount of the check.