Tuesday, November 27, 2012

FBI list of online scams: an epic list

Français : Logo de l'association
Français : Logo de l'association (Photo credit: Wikipedia)
FBI, in May 2012, released an epic list of online scams, and some of them are rather interesting as they aren't covered much in the news. You usually heard of mortgage fraud, scareware, ransomware, grandpa scam, and so on. But have you heard of funeral fraud, smishing / vishing, and telephone Denial-of-Service? 

Funeral Fraud

A variant of the insurance fraud, employee in the mortuary bought insurance in the name of a person, reported that person's death, then arranged a fake burial for this fake person, and claimed the payout. They went as far as hiring actors to play the alleged deceased's family at the funeral and a burial plot (no headstone!)  

They were discovered by insurance investigator and FBI Fraud Unit, when they tried to cover up their crime by exhuming the buried casket and had it cremated instead. 

Smishing / Vishing

Both are variants of "Phishing" (SMS + Phishing and Voice + Phishing, respectively). Basically you receive a message (SMS or Voice) that directs you to a method of contact where you are gently prompted for personal information that may result in compromise of your account information. Phishing usually involves a link to a website, while Smishing and Vishing appear to be more secure as it's used less often. 

The phone number will be worthless, even if it has an area code in the US. The proliferation of VOIP services has made phone numbers available anywhere for pennies. People in India can be calling you with a US number that's nearly impossible to trace. 

Telephone Denial of Service

Denial of Service attack (i.e. DOS) was usually performed on Internet web servers as harassment, that the server was flooded with bogus requests that real clients cannot get through. 

When done to telephone, this is something far more sinister. When a bank or credit card company sees something suspicious, they will often call the account holder for verification. A telephone DOS attack can be used to block access to such a person. This is usually done AFTER a successful phishing attempt. The scammer can call the bank during the attack, claiming not to have received the verification call, and claim the phone system is down and ask the bank to use the new phone number (probably a burner phone). 

There are two dozen more scams you should know. 

Enhanced by Zemanta

No comments:

Post a Comment