RETAIL GIFT CARD FRAUD- Draining the Spirit of Christmas

With the holidays rapidly approaching, giving gift cards to family or friends has become a handy way of giving gifts for the Christmas holidays or any other time of year. Over the years however, retail thieves have found ways to steal the funds that you put onto the gift cards. The thieves in essence have found ways quickly “drain” the funds that you have placed on the gift card then use the money for their own purposes.

Draining is different from other criminal uses of gifts cards that you may have heard about. That is when scammers force a victim to pay the scammer for supposed fees, fines, bail, or simple extortion, sometimes draining the victim’s bank accounts to nothing. Cybersecurity educators have over the last few years been teaching that gift cards are for gift giving, and not for paying government, utilities, or anyone else for supposed late fees or fines. If someone, out of the blue, wants to be paid in gift cards, that is a signal to hang up.

Retail gift card fraud has turned into an International Organized Retail crime enterprise conducted by large, well-organized gangs who collect the cards and the account information on them. In some cases, teams of gang members steal blank gift cards from retailers, hand them over to other gang members who extract the account information and PINs then carefully return the card into its original packaging. They may send the account information to a central gang authority. Then the original “runners” who stole the cards, return the cards to the original retail store’s racks. In the meantime, other gang teams monitor the account balances of the stolen gift cards using sophisticated software. As soon as the software detects a balance over $0, the team drains the gift card of any funds placed on it. They may put the funds in a virtual wallet. In some cases, gangs purchase popular retail items, then sell those items to further launder the originally stolen funds.

Major retailers have built security into some gift cards and gift card packaging in an attempt to get ahead of the fraudsters. However, as with many security measures, gift card secure packaging will not be perfect. It still is up to us to take steps as best that we can to protect ourselves from gift card draining. As one Homeland Security Investigations agent put it in a recent webinar, consumers should treat gift cards like they treat produce or meat. You can,

·         When purchasing gift cards in a store, inspect the card packaging closely for tampering. Does the masking for the card number look like it has been scratched off? Does the packaging look like it has been tampered with? Don’t be afraid to be picky. Being picky might save you from an embarrassing call from the recipient of your gift card.

·         Keep the receipt. This can be your proof you made the purchase if there are problems with the card.

·         Purchase the gift card directly from the desired vendor. Cards from the vendor are less likely to have been tampered with by an unauthorized person. When ordering online from the vendor, be sure that you make your order from the vendor’s legitimate website. If you want an Apple gift card, order it from Apple.

·         DO NOT order gift cards from 3^rd party vendors or from gift card “auctions” when ordering online. Some websites claim to sell other people’s gift cards. There is no marketplace for secondhand gift cards!

·         On giving the gift card, encourage the recipient to use it as soon as possible or redeem the funds by putting them in a virtual wallet. That way the card is blank, and your friend or family member has the funds.

If you do receive a blank card, call the customer support number on the back of the card. This is the financial institution who is backing the card for the retailer or the brand name on the card and should be able to help you.

 

 

 

 

National Cybersecurity Alliance:

Season of Light, Season of Scams: Avoiding Gift Card Fraud- a webinar with an interview of a Homeland Security Investigations agent

https://staysafeonline.org/programs/events/season-of-light-season-of-scams-avoiding-gift-card-fraud/?utm_content=314808656&utm_medium=social&utm_source=twitter&hss_channel=tw-71354375&s=09

 

ProPublica:

https://www.propublica.org/article/chinese-organized-crime-gift-cards-american-retail

 

Federal Trade Commission:

https://consumer.ftc.gov/consumer-alerts/2019/12/tips-holiday-gift-card-shopping

 

TSA PRECHECK SCAM- Impersonating TSA to Take Your Money

Scammers will impersonate just about anyone to steal your money or take your personal ID. Some scammers have found the Transportation Security Agency (TSA) and its PreCheck program. TSA PreCheck is intended to let ticketed airline passengers pass through TSA checkpoints faster and easier while maintaining the security of airline flights.

To enroll in TSA PreCheck all you have to do is to Apply Online for the program, then visit a local enrollment location to give your fingerprints, documentation, have your picture taken, and pay for enrollment. When get your TSA PreCheck/Known Traveller Number, then add it to your airline reservations. With that you can go through security using the TSA Precheck Line. For more information about TSA PreCheck go to https://www.tsa.gov/precheck.

Scammers have tried to insert themselves by sending an email impersonating the TSA to PreCheck travellers reminding them to renew their subscription. TSA PreCheck is only good for a few years and needs to be renewed from time to time. And from here you probably can guess the drill. The email has you click a link that it provides. The link takes you to a bogus website that looks like the real TSA PreCheck web site. You are given the “opportunity” to pay online, and the scammer has your money, your personal information, and your credit card account number. You will not find that your membership renewal is no good until you arrive at the airport for your next flight.

Please note, if you are applying for PreCheck for the first time, you cannot pay online, you pay in person at an Enrollment Center. If you are renewing PreCheck you can renew and pay in person at an Enrollment Center or renew and pay online.

Remember, to avoid this scam,

·         DO NOT click on links in unexpected emails or text messages, no matter how real they look!

·         Don’t be rushed. If someone insists that you pay right away, it’s probably a scam.

·         To enroll, or to renew TSA PreCheck only go to https://www.tsa.gov/precheck. Any other URL is a fake website for TSA PreCheck.

If you spot this scam, or have been victimized by this scam, tell the Federal Trade Commission (FTC) at https://reportfraud.ftc.gov/.

 

 

 

Federal Trade Commission:

https://consumer.ftc.gov/consumer-alerts/2024/10/how-avoid-tsa-precheck-scams  

 

WWBT, Richmond, VA:

https://www.msn.com/en-us/travel/news/tsa-bbb-warn-about-precheck-scam-ahead-of-holiday-travel/ar-AA1tHRt7

 

WMUR, Manchester, NH:

https://www.wmur.com/article/tsa-precheck-scam-warning-holiday-travelers/62831136

 

Transportation Security Agency:

https://www.tsa.gov/precheck

https://www.tsa.gov/travel/frequently-asked-questions/i-think-i-may-have-fraudulently-renewed-tsa-precheckr-what-do-i

https://www.tsa.gov/travel/frequently-asked-questions/i-think-i-may-have-fraudulently-enrolled-tsa-precheckr-what-do-i

PACKAGE THEFT- Porch Pirates Steal Billions from Front Porches

Package thefts are a problem throughout the year with the holidays having a higher level of deliveries to homes. According to some estimates, 22 billion packages are delivered to homes each year. In the past year, $12 billion in merchandise has been stolen from front porches. In one survey, 59% of Americans are at least slightly to moderately concerned about package theft with 28% very or extremely concerned.

Securing delivered packages on your front porch can be a challenge especially since the packages often can be easily seen from the street. But you can take steps to reduce the chance of theft.

·         Reduce the time the package is on your front porch. This can be a challenge, especially if you have to be away from your home when the package is delivered. The less time a package is on your front porch, the less chance a package thief will have to steal it.

o   Take advantage of package tracking. Each delivery service, including the US Postal Service, offers package tracking so that you know where the package is in their delivery system. Many will send a message when your package is delivered. If you are at home, you can quickly bring it into your house. If you are not at home, ask a trusted neighbor to watch your porch, and secure any packages on it.

·         Have your packages delivered to a pickup location. Delivery companies have places where you can pick up your packages, such as the UPS Store, FEDEX Store, or Amazon Lockers. This way your package is secure until you pick it up. It does require an extra step, but you could pick it up on the way from work or when you are running errands.

·         Consider installing a package lockbox. A lockbox located on your front porch, secures your packages so that they are inaccessible to porch pirates. Be sure to bolt the box to the flooring of your porch so that thieves cannot make off with the box then open it at their leisure. Also, be sure that its design is easy for the delivery driver to use so that he/she will use it. When you place an order for delivery, be sure to give instructions to use the box and how to open it (including any codes that might have to be used). Lock boxes can range in cost from $100 to $400.

·         If you do not want to invest in a lockbox, instruct the driver to place the package in a more secure location around your house. This can be on the side of the house, where the package will not be visible, or even on your back porch.

·         Require a signature on delivery. The benefit is that when the driver collects your signature, he/she hands the package directly to you. This is best if you are going to be at home most of the day.

·         Install a video doorbell or other security camera at your front door. An essential element to prevent theft is to ensure the camera is visible to everyone, and, if you have a security system, a sign is prominently posted so that people arriving at your property know you have a security system. Most thieves on seeing cameras or seeing there is a security system on the property will go on to another target (87% according to one study). Notice I said “most” thieves. Obviously, there are plenty of security videos floating around social media showing porch pirates ignoring the fact that there are cameras in place. With a camera that records events, there is an opportunity to give an investigating deputy a recording of the theft.  

 

 

 

 

Security.org:

https://www.security.org/package-theft/annual-report/

 

CNET:

https://www.cnet.com/home/security/the-7-best-ways-to-keep-porch-pirate-hands-off-your-package/

https://www.cnet.com/home/security/this-ancient-home-hack-could-be-your-best-answer-for-porch-pirates/

 

Microsoft:

https://www.microsoft.com/en-us/microsoft-365-life-hacks/organization/package-theft-how-to-prevent-porch-pirates?msockid=1ccaa3490741631714d9b3fb03416160

 

Amazon:

https://www.aboutamazon.com/news/operations/amazon-porch-pirate-prevention-tips

 

FedEx:

https://www.fedex.com/en-us/customer-support/faqs/receiving/delivery/prevent-stolen-packages.html

https://www.fedex.com/en-us/delivery-manager/how-to-prevent-stolen-missing-packages.html

 

US Postal Inspection Service:

https://www.uspis.gov/tips-prevention/mail-theft

 

 

JOB SCAMS – Stealing Your Future

At some point in our lives, we all have to look for a job. Scammers try to take advantage of that fact. In fact, job scammers are taking advantage of job searchers more frequently according to the Identity Theft Resource Center (ITRC) which observed an 118% increase in the scam in 2023.  

Job scammers can be difficult to detect. They advertise their scam jobs in the same places as honest employers in online ads, job sites, social media, in newspapers, and sometimes on TV and radio. Scammers may also reach out directly through a text message.

Of course, like most scammers, all they are after is your money and identity instead of a good worker.

Some fake jobs that scammers offer often include:

·         Work-from-home scams- While many of us like to work at home, scammers use the lure of working at home to take advantage of the victim. Reshipping scams and reselling merchandise scams are popular with scammers. Some of these scams could be tied to other crimes such as credit card fraud or even shoplifting. Also, at home jobs that asks the “employee” to move money around could make the “employee” into a money mule, an accomplice to a money laundering scheme. A key red flag is if the “employer” sends you a check to reimburse you for equipment. Instead of making the check out for an agreed amount, they overpay you and ask you to send back the difference. If this happens, stop communicating with this scammer. The check will bounce, and you will be on the hook with your bank for the whole amount.

·         Nanny, caregiver virtual assistant scams- To gain credibility, the scammer may claim to be a member of your community or from an organization that you know. A variation of the work at home check scheme is to send you a check. You are told to keep some of the money for your services then send the rest to someone else. This check will also bounce, putting you on the hook with your bank. If you hear any talk of a check being sent to you, and you sending part of it back or to someone else, walk away.

·         Job placement service scams- Honest job search services charge the hiring company for their services. They do not charge job candidates. If a job placement service approaches you and wants to charge you for helping you find employment, walk away.

·         Government and postal jobs scams- Some scammers will post ads offering to help in finding a government job for a fee. Finding job listings for the federal government or the postal service is free. All you have to do is to go to https://www.usajobs.gov/ or https://about.usps.com/careers/welcome.htm to find jobs that are being advertised. Do not pay someone to find a job for you!

Tips to avoid a job scam,

·         Research online- Do a search online of the company that wants to hire you with the words “scam,” “review,” or “complaint.”

·         Talk to someone you trust- Talk to a family member or friend to get their opinion of  the offer.

·         Do not pay for a promise of a job- Employers do not charge prospective employees. Scammers charge prospective employees!

·         Stay away from fake check scams- If a “potential employer” sends you a check and asks for part of it back, or sent to someone else, or put into gift cards, walk away from the job. The check will bounce, and the bank will want you to pay the full amount of the check. Honest employers will not send a check and ask for part of it back.

If you do pay a job scammer, contact the company that you used to send the money- debit/credit card, mobile payment app, wire transfer, gift card, reload card, or cryptocurrency- report the fraud, ask to have the transaction reversed if possible.

Also, report the fraud to the Federal Trade Commission (FTC) at https://reportfraud.ftc.gov/ and to the Washington State Attorney General at https://www.atg.wa.gov/.

 

 

 

 

 

Identity Theft Resource Center:

https://www.idtheftcenter.org/wp-content/uploads/2024/06/ITRC-2023-Trends-in-Identity-Report.pdf

 

CNET:

https://www.cnet.com/tech/scammers-are-creating-tons-of-fake-job-listings-thanks-to-ai/?s=09

 

NPR Marketplace:

https://www.marketplace.org/2024/07/11/have-you-been-texted-a-suspiciously-good-job-offer/

 

News 5 Cleveland:

https://www.fcc.gov/consumers/guides/cell-phone-fraud

 

Federal Trade Commission:

https://consumer.ftc.gov/articles/job-scams#examples

https://consumer.ftc.gov/consumer-alerts/2024/07/looking-job-spot-scams

 

AARP:

https://www.aarp.org/money/scams-fraud/info-2019/work-at-home.html?intcmp=AE-FWN-LIB4-POS20

 

Washington State Attorney General’s Office:

https://www.atg.wa.gov/job-scams

 

SNOHOMISH COUNTY SHERIFF’S OFFICE– Domestic Violence Coordinators

October is Domestic Violence Awareness Month. The Snohomish County Sheriff’s Office has Domestic Violence Coordinators who reach out to domestic violence victims to offer their help.  Learn how Sheriff's Office Domestic Violence Coordinators help DV victims find safety.

 

 

Snohomish County Sheriff’s Office: https://www.snohomishcountywa.gov/Archive.aspx?AMID=43

SCAM ALERT– Sheriff’s Office Reports Warrant and Jury Duty Scams

The Snohomish County Sheriff’s Office has issued an alert on its Facebook page about warrant and jury duty scams against Snohomish County citizens. The alert notes that the Sheriff’s Office receives reports of these scams on a weekly basis.

The scammers try to intimidate potential victim into paying money to have a warrant lifted or from being arrested due to missing jury duty, often through a phone call. An apparent trend is to demand that you pay by Bitcoin cryptocurrency.

As with many scams the scammers pretend to be someone they are not. In this case, they may pretend to be from the Sheriff’s Office or from the county court. Last year both the Sheriff’s Office and the Snohomish County Superior Court issued separate scam alerts for scammers pretending to be from their organizations.

The scammers immediately present you with a problem, you have a fine levied against you or at worst the cops are coming to arrest you.

The scammers pressure you to act quickly, without thinking or consulting with friends or family. They want you emotional so that you will not think logically or analytically. They also want to isolate you so that they have control.

And to get out of your “problem” you pay. The scammers want you to pay in a way that cannot be traced or reversed. Using a crypto currency has been popular lately with scammers. Like with gift cards, wire or money transfers, crypto currencies are extremely difficult to reverse.   

Understand that local police, courts, or other governmental entities will not call you to demand an immediate payment for a fine or to get out of an arrest warrant. Police are not in the habit of notifying people who have warrants against them.

The Sheriff’s Office says that people report giving money to these scams. While it seems that the warrant and jury duty scams are well publicized, people are still victimized by scammers.

If you receive a scam call like this, hang up!

Also, report the scam to the Sheriff’s Office and to the FBI at www.ic3.gov.

And please, pass this information to your friends, family, and coworkers. The more people who know about scams, the better we all can defend against scams.

 

Snohomish County Sheriff’s Office:

https://www.facebook.com/photo/?fbid=959726349514130&set=a.226070289546410

 

Federal Trade Commission:

https://consumer.ftc.gov/consumer-alerts/2024/09/did-you-get-call-or-email-saying-you-missed-jury-duty-and-need-pay-its-scam?utm_campaign=did_you_get_a_call_or_ema&utm_content=1726496692&ut

https://consumer.ftc.gov/consumer-alerts/2024/03/did-someone-send-you-bitcoin-atm-its-scam?utm_campaign=did_someone_send_you_to_a&utm_content=1715093861&utm_medium=social&utm_source=facebook,twitter

 

South Snohomish County Crime Watch:

https://ssnoccrimewatch.blogspot.com/2023/04/scam-update-scammers-pretend-to-be.html

https://ssnoccrimewatch.blogspot.com/2023/08/scam-update-jury-duty-scam-and-watch.html

 

 

SIM SWAPPING – Stealing Your Life

Criminals look for any way that they can gain access to your financial accounts to take your money. One method that they use is SIM Swapping.

A SIM card (Subscriber Identity Module) is a small circuit card that resides in your cell phone that identifies that phone as belonging to you. SIM cards can be removeable with the ability to be transferred between cell phones, or your phone can have an ESIM that is code embedded in your cell phone that identifies your phone as belonging to you.

If a criminal can swap SIMs to their phone, then they can impersonate you and break into your accounts.

A criminal who conducts a SIM swap also conducts two scams.

1.      They take personal information that they have gathered about you from purchased data from data breaches, gathered from a phishing campaign, or collecting sensitive information that you posted on social media to convince the phone carrier to give them a new SIM with your phone number.

2.      On successfully acquiring a SIM in your name, the criminal will try to break into one of your accounts. If the account has text based multifactor authentication (MFA) they can receive the code that your account sends out to help break into your account.

Indications that you have been a victim of SIM swapping include,

·         You cannot make or receives calls or texts.

·         An online account is locked because of suspected unauthorized access.

·         You receive alerts that someone is attempting to access an account, and you do not recognize the activity.

If you are victimized with a SIM swap, take action:

·         Contact your mobile carrier immediately.

·         Contact you bank and other financial services.

·         Disable MFA, change account(s) password(s), then enable MFA again.

·         Monitor financial accounts

·         Report to

o   The FBI IC3- https://www.ic3.gov/

o   FTC- https://www.identitytheft.gov/

You can take action to discourage SIM Swapping by

·         Set a Pin for your smartphone.

·         Use strong and unique passwords for all of your accounts.

·         DON’T POST EVERYTHING ON SOCIAL MEDIA.

·         Use non-SMS MFA. Instead use MFA with an authenticator app such as Microsoft Authenticator or Google Authenticator.

 

 

Associated Press:

https://apnews.com/article/sim-swapping-protections-tech-tip-e05ac6b894312041a5c1e4333a28df2a

 

FBI:

https://www.fbi.gov/contact-us/field-offices/lasvegas/news/press-releases/fbi-las-vegas-federal-fact-friday-sim-card-swapping

 

National Cybersecurity Alliance:

https://staysafeonline.org/resources/sim-card-swap-scams/

 

Federal Communications Commission:

https://www.fcc.gov/consumers/guides/cell-phone-fraud

 

 

SCAM UPDATE – Scammers Including Pictures of Your Home

Threatening emails with a picture of your home. Several news sources have recently been reporting that scammers are sending threatening emails that include personal information and a picture of the recipient’s home. The Bellevue Police Department issued an alert earlier in September stating that the emails often contain home addresses, full names and a picture. Other sources have noted that the emails contain a picture of a house.

The emails claim to be from a hacker who hacked into the recipient’s computer and collected the recipient visiting adult websites. Sometimes the emails claim that the recipient is being watched and tracked by Pegasus spyware, an app produced be an Israeli company that sells the app to governments, law enforcement, and militaries around the world. The scammer tries to give the impression that they have a lot of information about the recipient and if they do not pay a ransom, often with Cryptocurrency, they will release the information to the recipient’s friends and family.

The information about the recipient contained in the email is easily accessed in the open on the internet. A picture of the recipient’s house can be freely obtained on Google Maps’ Street View mode.

The emails represent a new “feature” by sextortion scammers to jolt you into paying them to “suppress” incriminating information.

Of course, if you receive a sextortion email like this, don’t click on any links or attachments. Report it to the FBI’s www.IC3.gov website. Also, to avoid sextortion emails, never send compromising images of yourself to anyone and turn off (and/or cover) any web cameras when you are not using them

 

MyNorthwest KIRO Newsradio:

https://mynorthwest.com/3986583/bellevue-under-attack-from-ongoing-bitcoin-scam/

 

Verify:

https://www.verifythis.com/article/news/verify/scams-verify/have-you-received-a-threatening-email-asking-for-bitcoin-payment-with-a-photo-of-your-home-its-a-scam/536-6f618b1e-7fa0-4da6-8442-bffb097cbee9?s=09

 

Krebs on Security:

https://krebsonsecurity.com/2024/09/sextortion-scams-now-include-photos-of-your-home/

 

Authorities prosecute cyber criminals. We usually hear about scams and how it can be impossible to prosecute the criminals behind the fraud much less return any funds stolen from the victim. Here are two recent examples of authorities investigating and prosecuting international cyber criminals.

Two Nigerian brothers were convicted of targeting a 17-year-old male in a sextortion scheme that resulted in the teenager’s suicide in April 2024. Samuel Ogoshi, 24, and Samson Ogoshi, 21, from Lagos, were sentenced to 17 years and six months in prison in the U.S. for luring Jordan DeMay of Marquette, Michigan, by pretending to be a pretty girl, flirting with DeMay to convince him to send explicit pictures of himself then blackmailing him. John DeMay committed suicide less than six hours after the brothers started talking to him on Instagram. 38 other US victims identified as targeted by the men with 13 of them being minors.

The second case occurred in the United Kingdom. On August 30, 2024, the National Crime Agency (NCA) announced that three men pleaded guilty to operating an online service that helped attackers intercept one-time passcodes (OTPs) used to authenticate entry into many online accounts. Callum Picari, 22, from Hornchurch, Essex; Vijayasidhurshan Vijayanathan, 21, from Aylesbury, Buckinghamshire; and Aza Siddeeque, 19, from Milton Keynes, Buckinghamshire hosted a website called OTP Agency that intercepted OTPs used in Multi-Factor Authentication schemes in a cybercrime as a service enterprise. Scammers would steal or purchase on the dark web someone’s bank account credentials, phone number, and name. The service would initiate an automated phone call to the target to alert them to supposed unauthorized activity on their account. The phone call would prompt the target to enter the OTP that they received via SMS text that the scammers initiated when they tried to log into the account. Any codes that were transmitted via the phone call were shared with the scammers to complete the log in process.

For more detail about both cases check out the links below.

 

BBC:

https://www.bbc.com/news/articles/cr7rxpdyz9yo

 

Krebs on Security:

https://krebsonsecurity.com/2024/09/owners-of-1-time-passcode-theft-service-plead-guilty/