Since the dawn of the modern internet, scammers have found increasingly sophisticated ways to defraud the public. “Email Phishing” is a common form internet fraud where a scammer attempts to persuade someone to provide their personal information over the internet. Most probably know that giving a short term loan to a Nigerian Prince is not a good investment, or that a reputable institution would never ask for you password via email. Unfortunately, as the sophistication of users increases, the scammers are not far behind.
Wire transfer fraud has increased dramatically, particularly in the latter part of 2016. According to the FBI, victims in the U.S. grew from 14,032 in May of 2016, to 22,292 in December of 2016. Scammers attempted to steal a whopping 5.3 billion dollars with this method.
The basic architecture of the fraud has not changed: a scammer is trying to trick you into sending him money; however instead of disguising himself as a Nigerian Prince, he is now able to disguise himself as a person you know and do business with, such as subcontractor, office supply vendor, or a bank managing your trust account. The construction industry is not immune and is also a prime target for such schemes.
For example, in a real estate transaction, an attorney may be holding a large amount of funds in escrow pending the close of the deal. Unbeknownst to the attorney, the buyer or the seller, a scammer has breached their emails and is monitoring the parties’ communications about the deal. When the deal closes, the seller sends an email to the attorney with instructions on where to wire the money. The scammer intercepts the email from [email protected], changes only the wire transfer information, then re-sends the email from a similar looking account such as [email protected]. To the attorney, the email appears legitimate because it is expected and is clearly written by the seller. However, if the attorney wires the money according to the instructions of the email, he will be wiring the money to the scammer. To prevent this type of breach, money should never be wired based upon an email alone. The wiring information should be verified with the other party over the phone, or the wiring information in the email should be encrypted.
Another common scenario may be that you check your email, and find an urgent message from a vendor or financial institution that is familiar to you. Often, they appear to come from someone you already do business with such as PayPal, United Parcel Service, etc. It almost looks believable. The message will contain your name, maybe your account number, or address; just enough specific information to make it seem valid. The message will usually have an urgency to it, such as “confirm your account information or it will be cancelled today.” It may ask for you to pay your bill immediately because it is late, or something of that nature. If you look very closely however, you will find something amiss. Often this can be found in the email address that the message was sent from. It will not match the entity sending it. This is a major red flag that it is an internet scam, and thousands of people are falling for it.
The popularity of Facebook, LinkedIn and other social media sites have only helped this problem. If privacy settings are not managed properly, someone can go in and access your personal information and use it against you in these phishing scams.
The good news is individuals and businesses are becoming more aware of these types of scams and are taking action. People are pausing and taking a second glance before they click on a link and aren’t as quick to transfer funds or to provide anyone with their personal information. Businesses are now putting internal controls in place and are increasing call backs and validations.
What Can I Do to Protect Myself?
There are a few relatively easy ways to protect yourself from this and other internet fraud scams:
- Never wire money based on an unverified email, even from someone you know. Pick-up the phone to verify the information, or encrypt the information with a key that only you and the other party know;
- Delete any email that asks you to provide or confirm personal information;
- If you receive a phishing email, don’t hit reply or click on any links (it could be spreading a virus);
- Don’t be swayed by the urgency of an email, even if the vendor is familiar to you;
- Don’t call a phone number on the email (it could look like a local number). If you aren’t sure about the email, call the vendor using a phone number from the back of your card or statement; and
- Use security software on your computer.
If you do receive one of these emails, you can report it to the Federal Trade Commission (FTC) at [email protected] or file a report with the Anti-Phishing Working Group, an international coalition committed to providing a unified response to cyber crime, at [email protected]. These groups work with financial institutions, security vendors and law enforcement to combat online fraud schemes and cyber crime.
Being a victim of an internet fraud scam can be confusing and stressful. If you have been involved in an internet fraud incident, contact us for guidance.