Common Fraud Schemes

Latest Scam News

The Secret Shopper/Phony Check/Gift Card Scam

Recently, people have been receiving letters which look to be from major companies like Walmart and Apple, asking them to do a "secret shopper" program. The letter contains a phony Queenstown Bank bank check in the amount of $3,770.23. The scammer tells the recipient of the letter to deposit the check into their bank account, then use $3,000 of it to buy gift cards and send them with the deposit slip to the scammer. The recipient is told that they can keep the remainder of the money for themselves, as a form of payment for their service.

The facts are:

(A) These companies will not reach out to have you secret shop for them.

(B) The check they ask you to deposit is phony. After you deposit it, it will be discovered to be fake at your bank.

(C) Your account may end up overdrawn, as you spent $3,000 you didn't have on gift cards.

(D) The scammers, in essence, laundered a phony check and collected real gift cards.

(E) You are left with a likely overdraft and a bad check you have to get sorted out with law enforcement and your bank.

Should you receive a letter like this, DO NOT PARTICIPATE. Instead, save the letter and call us at (410) 827-8881. We may ask you for a copy of the letter, so we can add this scam to our files.

If you received the letter, deposited the phony check and are experiencing account issues, please call your local law enforcement agency first, then reach out to your bank.

Phishing Schemes

This type of fraud is the sending of a false e-mail that claims to be from a legitimate business or government agency. Often times the e-mail claims to be from a financial institution, the Social Security Administration, or the FBI. Often the e-mail claims that billing or account information needs to be updated, or that the victim's help is needed to catch a dishonest employee. Sometimes there is a claim that the individual's account will be frozen or liquidated, if information is not provided. This fraud attempts to get the recipient to reveal personal information, passwords, credit card numbers, or account information. Once this information is obtained, identity theft occurs and the thief uses the information to perpetrate other crimes without the knowledge of the victim.

Here are Some Examples of Phishing Messages

You open an email or text, and see a message like this:

"We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm you identity."

"During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information."

"Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund."

The senders are phishing for your information so they can use it to commit fraud.

How to Deal with Phishing Scams

Delete email and text messages asking you to confirm or provide personal information (credit card and bank account numbers, Social Security Numbers, passwords, etc.). Legitimate companies do not ask for this information via email or text.

The messages may appear to be from organizations you do business with - banks, for example. They might threaten to close your account or take other action if you don't respond.

Don't reply, and don't click on links or call number provided in the message either. These messages direct you to spoof sites - sites that look real but whose purpose is to steal your information so a scammer can run up bills or commit crimes in your name.

Area codes can mislead too. Some scammers ask you to call a phone number to update your account or access a "refund". But a local area code doesn't guarantee that caller is local.

If you're concerned about your account or need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card.

Action Steps

You can take steps to avoid a phishing attack:

• Use trusted security software and set it to update automatically. In addition, use these computer security practices.
• Don't email personal or financial information. Email is not a secure method of transmitting personal information.
• Only provide personal or financial information through an organizations website if you typed in the web address yourself and you see signals that the site is secure, like a URL that begins "https:" (the "s" stands for secure). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
• Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call to confirm your billing address and account balances.
• Be cautious about opening attachments and downloading files from emails, regardless of who sent them. These files can contain viruses or other malware that can weaken your computer's security.

Other Internet Fraud

With the growth of the Internet, scams that had previously been limited to telephone or mail are now being perpetrated via the computer. There are now variants of the fake contest, debt consolidation, business opportunity, miracle cures, and charity scams that are committed with false or misleading websites, applications or through e-mail solicitations. In addition to the Internet variations of telephone and mail scams, there are new scams that have recently appeared that are unique to the world of computers. While it is impossible to document all of these scams, these are some of the most common:

Remote Access Trojans (RATs)

Remote Access Trojans (RATs) are malware that is disguised within links, software or applications that, when inadvertently activated by the user, can infiltrate personal and financial information.  Recently, a RAT was disguised as a QR Code reader application in one of the mobile device stores.  The application worked as a QR Code scanner, but also side-loaded malware into the device, extracting personal and financial data, unbeknownst to the user.  A good way to severely limit these types of breaches is to download well-known and trusted software and applications with 10M or more downloads and with a high "star" rating.  Take the time to do some research, if you are unsure of an e-mail link, software program or application, by using reviews and trusted resources.

The Stranded Victim

This occurs when the criminal hacks into an individual's e-mail address book. The criminal then sends an e-mail to contacts in the address book claiming to be stranded in a foreign country and in desperate need of help. The e-mail appears to be from a friend because it comes from his or her e-mail account. The criminal asks for money to be wired to help them out of their bad situation, but it is actually a fictitious story.

Non-delivery of Merchandise or Payment

This is when a purchaser does not receive the items purchased over the Internet or telephone, or when a seller does not receive payment for items sold. Sometimes, this crime occurs in the context of an online auction site.

The Stranded Victim

This occurs when the criminal hacks into an individual's e-mail address book. The criminal then sends an e-mail to contacts in the address book claiming to be stranded in a foreign country and in desperate need of help. The e-mail appears to be from a friend because it comes from his or her e-mail account. The criminal asks for money to be wired to help them out of their bad situation, but it is actually a fictitious story.

Overpayment Fraud

This can occur over the Internet or by mail or phone when the victim receives a payment which is significantly larger than the original sum agreed upon for a product or service. Often this is used when the victim is advertising an apartment rental or the purchase of a vehicle. The victim is then asked to deposit the payment into his or her account and pay back the difference. In actuality, the original payment is counterfeit and the individual is being scammed.

Internet Dating Scams

This begins with a man or a woman registering on a dating website. Often the website itself may be legitimate, but in due time a scammer, using an assumed name contacts the victim. The scammer generally claims to live outside the United States. While the correspondence begins on the dating website, it often moves into personal e-mail or even phone calls with the victim. As the trust of the victim is gained, the scammer professes romance and often marriage intentions toward the victim. Ultimately, however, the scammer will begin to ask for money from the victim for various fictitious scenarios. Some of these scenarios include: travel expenses, visas, help getting out of a difficult situation, medical emergencies, or help for a needy relative.

Mail Fraud

This includes phony contests or sweepstakes; selling nonexistent or misrepresented investments in annuities, stocks, securities, precious metals, or real estate; touting worthless or dangerous medical cures; soliciting money for phony charities; promoting participation in fraudulent work-at-home schemes; and selling "dream vacation" packages that turn into nightmares. This list is not all-inclusive, but it represents the variety of mail frauds that can victimize elders and younger people as well. In some instances of mail fraud the victim is asked to place a phone call to confirm their winnings. The victim may then be asked for financial information, for example, account or credit card numbers, to "check that we are talking to the right prizewinner." Charges can then be made to the victim's account without their knowledge.

Telemarketing Fraud

Telefraud operations employ callers who use rehearsed, high-pressure sales pitches over the telephone. They convince people to buy products that are never delivered, invest in fictitious enterprises, participate in contests to win worthless prizes, or contribute to phony charities. Telefraud operators can also use many of the same scams as the mail fraud operators, e.g., phony sweep stakes.

Advance Fee Schemes

These occur when the victim pays money to someone in anticipation of receiving something of greater value — such as a loan, contract, investment, lottery winnings, "found money" or gift — and then receives little or nothing in return. In some cases, thieves will offer to find financing arrangements for their clients who pay an advanced "finder's fee." They require their clients to sign contracts in which they agree to pay the fee when they are introduced to the financing source. Victims often learn that they are ineligible for financing only after they have paid the "finder" according to the contract.

Electronic Banking Fraud- Automated Clearing House (ACH) Debits, Remote Created Checks, Online Banking, etc.

An exploiter may be savvy enough to realize that current financial products and services offer non-face to face transactions via electronic banking. The person victimizing a vulnerable adult may realize that they will never need to show up in your branch in person (and be caught on camera). Financial products such as ACH debits, remotely created checks, bill payer services, telephone banking, remote deposit, and online banking can offer an exploiter an anonymous means to withdraw funds from the account of a vulnerable or elder adult. The exploiter may also utilize your institution's electronic services to monitor account activity and target only those accounts that the victim rarely uses (e.g., special savings, savings club account, or a line of credit). For the victim, this activity may go unnoticed for weeks or months. These electronic banking services may be exploited by either scam artists or exploiters with a personal relationship to the victim, e.g., family, friends, fiduciaries, etc.