Wednesday, June 16, 2021

Beware the Mailman, the Phone Call and the Email

You know on the Internet you can be anyone you want to be, right?

Anyone who has spent time playing online games, visiting dating Websites

or online poker rooms knows this. I routinely invent identities that

allow me to accomplish whatever it is I need to do online without

compromising my personal privacy. I use one persona to subscribe to

various news services, another to play online games and another one to

chat with young hackers about their activities and motivations.

It really wouldn’t make sense to go into an IRC chat room and announce

that I’m a network security analyst for one of the choicest hacking

targets in the world, and expect to get any really good scoop out of the

experience. On the other hand, I play ‘Joe stupid hacker wannabe’ pretty

well, when necessary.

The reason I tell you this is to share another, more interesting, event

with you. Recently, I received a certified letter in the U.S. mail

addressed to one of my online aliases. This dispatch contained two

letters and a check. We’ll get to the check in a moment, but the two

letters were very interesting to read.

The first regarded a lottery award claim final notification from an

address in London, Ontario, Canada. According to this letter, I was

awarded a portion of a second-tier lottery prize, based on a ticket

number (with a serial number for validation) and the winning numbers.

Most importantly, my share of this award would be a lump sum payment of

$139,221.76 U.S.

Now, I think this is very cool. The only problem is that I don’t play the

lottery. Ever. And certainly not by alias. I’m pretty sure I didn’t win

anything. But let’s move on to the next letter to shed more light on

things.

The second letter explained that because there were fees and taxes

involved in processing the winnings for this lottery, the award

notification company had arranged for financial sponsors to provide the

necessary funds to release my lottery winnings immediately upon the

completion of the claim process. All I need to do, they tell me, is

provide them with my bank routing numbers for them to arrange a wire

transfer of my winnings to my account. Right. Like that’s going to

happen. Or, maybe they’ll just wait until I deposit the check in my

account, and then they’ll have the routing numbers from the cancelled

check.

Of course, the check itself is probably high-grade rubber, or stolen, or

something else that would cause law enforcement to be interested in me

for bank fraud. At the very least, I would end up getting whacked for

the bounced check charges from my financial institution.

Interestingly enough, it very clearly states in the letter that I should

be careful not to make this award public until after the funds have been

deposited. I wonder why they wouldn’t want me to go to the press about

this major windfall I was planning on turning into a philanthropic

foundation. Maybe I’m supposed to wait until after they’ve emptied my

bank account and ruined my credit.

What’s wrong with this picture?

The phishing people are expanding into new markets to conduct their

scams. They’ve moved steadily into phone scams. We hear about more people

getting phone calls regarding problems with their credit card accounts.

They are informed of fraudulent activity associated with their card, and

the ”account manager” needs account data for verification. Believing

the caller is trying to help them, they provide card numbers and

expiration dates over the phone to perfect strangers. They never consider

verifying the caller’s identity or whether they have a legitimate need

for that data.

Now, scam artists have begun to move into other arenas. Surely, people

will think that if they received this letter, signed by a real person

even, it must be true. Look, the letter is even signed in ink. Except,

the person named in the letter doesn’t exist. (Here’s a thought: If the

recipient of an award doesn’t exist, is there any reason why the

originator should?)

I’ve also seen cases where individuals receive faxes addressed to them and

marked ”URGENT & CONFIDENTIAL”. It offers great wealth to the person

who will just send their banking data to an individual representing

himself as the Director of Project Implementation for the Ministry of

Energy and Mineral Resources, South Africa. Doesn’t that sound

impressive? A quick Web search on the area code listed in the fax reveals

it was transmitted via a Maritime Satellite phone. Somewhere in

international waters, the South African Director of Project

Implementation wants you to volunteer your financial accounting data.

Another Web search on the name and address of the lottery company in

London, Ontario gave similar results. Not only does the company not

exist, the street in the address does not exist. The phone number is

obviously valid or how else would they arrange the ”payout”?

Fortunately, these people have not escaped the attention of law

enforcement.

The Royal Canadian Mounted Police and U.S. postal regulators continue to

develop leads and investigate individuals involved in these scams. It’s

difficult because the perpetrators running these operations use cellular

telephones and stay one step ahead of investigators.

Now about that check.

It appears to be a legitimate cashiers check drawn on a well-known U.S.

bank for a significant amount of money. We know the bad guys don’t play

with their own cash, and the check is certainly good enough to pass

muster at most legitimate check cashing institutions. A bank, however,

would probably spot it as a fake. If I were to deposit it into my

checking account, they would still have my bank routing information.

In any event, cashing the check itself is bank fraud and punishable by

federal jail time.

Similar articles

Latest Articles

Top Data Visualization Tools...

The amount of data generated and consumed by organizations is growing at an astounding rate. The total volume of data and information worldwide has...

The Data Capture Market

Data capture is the process of collecting, ingesting, or otherwise acquiring structured and unstructured data and either converting it into a data format usable...

NVIDIA and the Move...

NVIDIA recently held a Q&A with its visionary CEO Jensen Huang.   While the Q&A this week focused on NVIDIA’s announcements at Computex, his opening and...

Acquia Updates Open Digital...

BOSTON – Acquia’s Drupal-based customer experience (CX) platform is looking different to enterprise users. Acquia made updates last quarter across its three-part Open Digital Experience...