PRIMER ON FRAUD PREVENTION – Lesson #4

Louis Pasteur is credited with saying, “Chance favors only the prepared mind”, or words to that effect. Whether he actually said it is for librarians and historians to confirm. Whether he intended it to mean what I take it to mean is highly questionable. After all, he was French, a chemist, and a microbiologist, all three of which would give him cause to look down his long nose at a lawyer’s loose application of what was undoubtedly a profound insight taken out of context.

But the statement applies to the prevention of fraud. The one least likely to succumb to the wiles of a crook is one who is most prepared to meet the crook. One of the most common, and most recent scams is a form of “phishing”.

Go Phish

The Phishing Scam relies on the ability of the clever charlatan to obtain sensitive information that opens the door to his financial future, all at the expense of an unsuspecting carp. It usually takes place quickly and easily in a telephone call. But richer scams can be incredibly elaborate, and are often baited with fear.

The scam is favored by crooks because it can be worked quickly, many times during the day, with little trail left behind, and little risk of being caught. And although the size of the purse is usually smaller, the frequency of its success is enough to keep crooks in the game. It works like this:

The Setup

The telephone rings. The caller is from the telephone company, or from the bank, or associated with a lending institution carrying your mortgage. It may even be someone claiming to be with the fraud department of your credit card issuer. There is a problem with your account that they need to discuss with you. The problem is usually serious enough to merit your concern.

But, of course, privacy laws require that they be able to confirm who they are talking to, to assure that sensitive information is not released to an unauthorized party. Therefore, they will need you to provide identifying information, such as your date of birth, your mother’s maiden name, or the three digit code on the back of your credit card.

Once the information is provided, the scam is virtually completed.

The Proof

Of course, what the caller did not count on was reaching a reader of this Blog. When the phone rings, the alarm bells automatically alert you that you may be the target of a scam.

To allay your fears, the caller may tell you to call the fraud department of your bank. (Who really knows how to reach the fraud department of a financial institution?) The caller will, of course offer the convenience of telling you the telephone number to save you the trouble of looking it up. Needless to say, the return call goes straight to the original caller’s desk, and you now have the comfort of knowing the call is genuine. Or do you?

The extra step provides some degree of elusive security. Once the scam artist offers the number, many targets will simply avoid the hassle by engaging in the desired conversation, when there has been no real security provided at all.

The Hook

Once the caller has your attention, they will advise you that someone in Marseilles has been making large charges to your account. They need to know if the charges are genuine. You will deny the charges, alleging them to be fraudulent (unless your wife is actually in Marseilles, in which event, good luck. Keep the dog; lose the wife. Your dog won’t place charges on your credit card).

Your concern that someone is making charges on your account may overshadow the fact that the call itself is fraudulent, inducing you to provide information you would not normally provide.

The Sting

Once the caller has the requested information, it will quickly be used to steal money from you before the caller disappears. You will be left to mitigate the damages by canceling the card, or the account, or by reporting the theft to the proper authorities. But by then, the damage is done.

How can I avoid the scam?

Again, the key to fraud avoidance is a healthy dose of skepticism, coupled with a dash of paranoia. Tell the caller that you do not give information over the telephone; then hang up.

Independently look up the telephone number for your bank, or lending institution, or credit card issuer. For the sake of convenience, your credit card issuer places the fraud prevention number on the back of the card. Get a magnifying glass. You’ll need it.

Call your financial institution using the telephone number you independently confirmed. Using the number the thief provides does nothing but route your call back to the thief. Give that number to the authorities. Otherwise, do not use it!

By independently calling your financial institution, you may learn that the call was fraudulent, and simultaneously save your marriage.

If you are truly lucky, you might be able to hang a stuffed phisherman on your wall. Good luck!

Copyright © Gregory D. Lucas 2014

Utility Bill Scam

Phishing is in the news again. Get used to the word. You will start seeing it a lot. Simply stated, phishing is any attempt to gain access to your confidential and/or financial information, including such things as account numbers, credit card numbers and security codes, passwords, and so forth, under the guise of being a legitimate business. Phishing is never legitimate, and almost always an attempt to steal money from you in one form or another.

Here is the latest version.

In a Consumer Alert issued on February 26, 2014, the Attorney General issued a warning about a company that has been scamming customers nationwide. Reports are now coming in that the scam hit Washington consumers. The company, posing as a public utility, is e-mailing invoices for utility services provided to you. The invoices include notices that the bill is “due upon receipt” or “past due.”

Consumers are invited to view their latest invoice by clicking a link. The link, of course, will not provide you access to your invoice. Instead, it downloads a malicious malware or spyware that can interrupt the normal function of your computer, or mine your financial or other sensitive information.

The e-mails include such things as account numbers, billing dates, and the amount of charges supposedly due, or past due.

While phishing scams appear in a large variety based on the creativity of the thieves behind them, they share certain characteristics:

(a) Someone will contact you, usually by telephone or e-mail, claiming to be a representative of some legitimate vendor or service provider.

(b) They may give you information to boost your confidence that you are dealing with a legitimate party.

(c) They will need a little information from you to: (i) confirm that they are talking to an authorized party, or (ii) to enable them to log into their database, or (iii) any other excuse they devise to persuade you to give them information.

(d) If this is being done electronically, they will ask you to click a link in their e-mail to open your file, or account, or statement, or other information. Once you click the link, you embed in your computer malware or spyware that harms your computer or enables them to gain information held on your computer.

(d) Once you have trusted them a little, they may ask for more sensitive information, such as your credit card number, security code, Social Security Number, password, or any other confidential information they happen to need to complete the scam.

(e) Once they have your information, the theft is virtually completed.

If you receive such calls, refuse to give information to the caller, and hang up. If the contact comes electronically, immediately delete the e-mail. DO NOT CLICK ANY LINKS IN THE E-MAIL.

If you have questions about your account with a vendor or service provider, contact the vendor or service provider directly.

For additional information, you may contact this firm, or visit the Attorney General’s website at: http://www.atg.wa.gov/InternetSafety.aspx.