The fraudsters keep updating their repertoires!
Fraudsters are creative! It seems as soon as we learn and educate our staff members about new fraud schemes, the swindlers change their schemes to keep us on our toes. I wanted to pass along two new schemes that recently came to my attention.
The first was reported in our company publication, Fraud Insights, and it involved a residential sale in Las Vegas. An astute title insurance company employee, Larissa Conrad, was able to frustrate the fraudster’s plans. Here’s how the scheme unfolded. On March 7, Larissa sent an estimated closing statement to the listing agent. The closing involved the payoff of a Wells Fargo mortgage. The listing agent purportedly sent back to Larissa, by email, an “updated” payoff statement. Larissa compared the two payoff statements carefully. The wiring instructions were particularly troubling:
Larissa called the payoff lender and confirmed her suspicion that the second payoff was from a fraudster. She then called the listing agent, using a trusted telephone number, and reported that someone was posing as him in the transaction and sending emails from an account that looked like his. She wired the correct payoff amount using the correct wiring instructions, saving $153,300.37.
The second scam, involving texting, was reported by CyberheistNews. The victim receives a text asking whether a password reset for a Gmail account has been requested. If not, the text advises, please reply with the word “STOP”. If the victim replies with “STOP”, the next text urges the victim to send a six-digit numerical code in order to prevent the password from being changed. By sending the code back to the attacker, the victim is enables the bad guy to complete the password change and to have access to the account and all its email.
Remember that Google and other companies will not ask whether you don’t want to do something with your account. A reply to a text like this often notifies the fraudster that a valid telephone number has been reached.
A two-factor authentication process is highly recommended because it provides an additional layer of security and makes it harder for attackers to gain access. The victim’s password alone is not enough to pass a two-factor authentication process. Typically, the first authentication factor would be based on knowledge (a password) and the second factor would be based on possession (of an ID card, a token or a smartphone, for example). Ask your IT professionals for assistance is keeping your accounts safe by using this process.
And, as always, the best advice may be to keep schooling yourself about the various scams as they are reported. I’ll do my best to help!