Common Types of Scams
Office of Information Security

Post

According to a recent report by the Federal Trade Commission, victims lost $2.3 billion to all types of imposter scams in 2021. Unfortunately, the numbers continue to rise each year. The following list is by no means exhaustive, but it does represent several of the more common scams found in today’s threat landscape.

Gift Card Scams

Recently, there has been a rise in gift card scams, which is a specific type of spear phishing. In general, spear-phishing scams appear to come from a trusted source (spoofing) and target an individual or organization. With gift card scams, the goal is to engage people in dialogue, gain a victim’s trust, claim a time-sensitive emergency, and then dupe people into buying cards and emailing or texting them the redemption codes.

Unfortunately, there is very little that can be done to stop people from employing these tactics. Free accounts for spoofing are available from a wide variety of sources, social media is a great tool for mining data about individuals, and websites provide enough information about an organization to target specific departments.

The best available defense is to arm oneself with knowledge. For starters, you might take this time to review methods for recognizing common phishing attempts and apply those concepts to future communication at work and home.

Resources

Fake Check Scams

A fake check scam, sometimes referred to as a mobile deposit scam, involves fraudsters sending counterfeit physical or electronic checks or money orders to potential victims, tempting people into depositing them, and then asking for some form of payment back to cover expenses, taxes, overpayment, etc.

The technique is highly effective because the checks are often created using identity theft or designed well enough to trick bank employees. To make matters worse, although banks often clear checks within a few days, it may take weeks for banks to determine they are fake.

How to Recognize a Fake Check Scam

  1. If you win a prize and receive a check but are asked to send money back, it’s a scam.
  2. If you get paid to be a “secret shopper” but are asked to send money back, it’s a scam.
  3. If you sold something online and the buyer overpays, it’s a scam.

Overall, it boils down to one general rule: If someone sends you a check but asks you to send some of the money back, it’s a scam.

How to Avoid Fake Check Scams

  • Always be skeptical of offers that sound too good to be true.
  • Never send money back to someone who sent you a check if you don’t know them.
  • Never take a check for more than your selling price.
  • If you sell online, consider using an online payment service.

What Can You Do When You Receive a Fake Check Scam?

Report it to the Federal Trade Commission @ https://reportfraud.ftc.gov

Resources

Phone Scams

A phone scam, sometimes referred to as phone phishing or vishing, employs similar concepts to email phishing to gain personal information, access to accounts, and collect money.

Always be cautious of high-pressure tactics. The worst of scams typically demand some form of monetary compensation within a 24-hour period, which is followed by a threat of police arrest, or another frightening outcome. Do not fall for this tactic. Whenever you are concerned or unsure about an unsolicited phone call, it is always best to end the call and call the agency or business directly.

Learn more about recognizing, mitigating, and reporting phone scams from the following resources.

If you believe you have been the subject of a phone scam, you can file an FTC Complaint with the Federal Trade Commission.

Sextortion

Sextortion is a form of blackmail where someone threatens to distribute information or images of you that are sexual in nature if you do not pay or provide sexual material back to them.

Often, the scam includes a password you recognize along with a claim that they have hacked your computer and installed malware. This is a bluff based on exposed passwords from past data breaches.

  • The FBI suggests a few things you can do to avoid becoming a victim:
  • Never send compromising images of yourself to anyone, no matter who they are—or who they say they are.
  • Do not open attachments from people you do not know.
  • Turn off or cover your web cameras when you are not using them.

If you, or anyone else you know, receives an email claiming to have a video of you watching pornography:

  • Do not respond to the email.
  • Do not pay the demand in any form.

If you believe you are a victim of sextortion, the FBI suggests that you call your local FBI office, their toll-free number at 1-800-CALL-FBI, or report it to the FBI’s Internet Crime Complaint Center at http://www.ic3.gov.

For more information, you can watch What is Sextortion?, a short video courtesy of the FBI

Tax Scams

Tens of millions of dollars have been lost to tax scams. IRS impersonators phish individuals, businesses, and tax professionals to steal personal information or demand payment of taxes by way of prepaid debit cards, gift cards, or wire transfers.

IRS Scams

To help protect yourself from identity theft, learn how to spot whether or not it’s really the IRS.

  • The IRS does not contact taxpayers in person, by email, phone, text message, or social media.
  • The IRS does not threaten people or negotiable amounts due.
  • The IRS does initiate most contacts through regular mail delivered by the United States Postal Service.

W-2 Scams

Because W-2 data is a high-value target, identity thieves continue to phish organizations to take advantage of mass fraud.

Typically, a bad actor probes an organization’s infrastructure by sending phishing attacks to those who appear to be top managers. Once someone takes the bait and provides relevant data, a fraudulent IRS tax return is submitted in the victim’s name and the money is stolen.

Resources

Tech Support Scams

Tech support scams have been around for years. They are usually initiated by an email, browser popup, or phone call that states your computer has been compromised by malware, has been used in some illegal activity, or has been involved in a data breach. The perpetrators most often pose as Microsoft (or affiliate) and the victim is provided a phone number or website to contact.

These scams run the gamut from tricking users into signing into nefarious websites (to steal passwords, confidential information, etc.) to luring victims into granting remote access (to steal confidential information, or even render the computer unusable and ask for a fee to fix it, or worse yet, not fix it).

Resources

Other Scams

Fallen Victim to Internet Fraud?

If you have fallen victim to internet fraud in California, you should contact one of the following agencies:

Furthermore, the FBI encourages all victims of internet fraud to contact The Internet Crime Complaint Center (IC3).

Additional Resources