Trends in tech fraud schemes: Part One

Let's (not) do the twist

By Cynthia Harrington, CFE

 Read Part Two of Trends in Tech Fraud Schemes:
Electronic Crime Gone Mobile 

Here are the technological twists fraud examiners are now up against: crafty phishing e-mails, new online classified scams; and risk of intellectual property loss from MP3 players, music downloading programs, and (yes) lava lamps. 

The welcome e-mail announces "You've got cash! Michele Ramos sent you money with PayPal. Michele Ramos is a Verified buyer." The next few lines say that $760.13 was deposited to your PayPal account, that the transaction ID is LLM737547343253628355, and ends with the address of Ms. Ramos where the goods should be shipped. The e-mail recipient is further encouraged by a note to the right of the body of the message. In a separate box is the security warning straight from PayPal admonishing the reader never to provide their password to fraudulent Web sites including the reminder that PayPal employees would never ask for a password. But despite the e-mail's reassurances, both the URL listed in the security warning as well as the link provided to view the details of the transaction send the reader to bogus sites where personal and account information is misdirected to thieves.

Going phishing with a newer hook
CFEs on the front lines find constant challenges by both new frauds and new twists on the same old heists. This PayPal phishing e-mail with a link that directs to the fraudulent phisher's site is relatively new on the scene. But the new twist is the paragraph that seems to support Pay Pal's security information but also misdirects the e-mail recipient. As with this example, most of what is new in fraud involves the use or misuse of technology.

Darryl S. Neier, CFE, director of the litigation support group at Sobel & Company, LLC, in Livingston, N.J., likens the phishing e-mails that try to trick users into coughing up personal information to the social engineering phone calls of the recent past. "We see lots of old frauds with new twists," says Neier. "Phishers hit both corporate America as well as individuals."

With the new PayPal twist, employees should be trained not just to refrain from clicking any online ad buttons on their work computers but to keep from accessing any URLs provided in these types of fraudulent messages. One would have to have a sharp eye to notice the small "us" added to the otherwise perfect PayPal address. "People should be trained to go directly to the Web page of the requesting institution or make a telephone call to see if new information is needed," says Neier. Or just never visit any non-work-related Web sites on company computers.





For full access to story, members may sign in here.

Not a member? Click here to Join Now. Or Click here to sign up for a FREE TRIAL.