Scams To Look Out For And How To Report

 Cryptocurrencies are digital tokens. The "crypto" in cryptocurrencies refers to the cryptographic techniques that allow for creating and processing digital currencies. Cryptocurrencies are intended for payments, transmitting value (akin to digital money) across a decentralized network of users. Cryptocurrencies have no legislated or intrinsic value; they are simply worth what people are willing to pay for them in the market. Some examples, although not exhaustive, of cryptocurrencies include the following:

• Bitcoin (BTC)
• Binance Coin (BNB)
• Ethereum (ETH)
• USD Coin (USDC)
• Tether (USDT)
• Cardano (ADA)
• Dogecoin (DOGE)
• Solana (SOL)
• Ripple (XRP)
• Tron (TRX)

• Decentralized Nature
  Cryptocurrency is decentralized and distributed, which can offer a secure method to transfer value. Today's market includes thousands of cryptocurrencies users can transfer around the globe in exchange for goods, services, and other cryptocurrencies. Since cryptocurrencies eliminate the need for financial intermediaries to validate and facilitate transactions, criminals can exploit these characteristics to support illicit activity such as thefts, fraud, and money laundering.
• Irrevocable Transactions that Move Quickly
  A cryptocurrency transfer can occur anywhere. The only requirements for transmitting funds from a particular address is the associated private key (which functions like a password or a PIN) and an Internet connection. Third parties do not sit between, or authorize, transactions and transactions are irrevocable — meaning they cannot be reversed. Criminal actors connected to the Internet from anywhere in the world can also exploit these characteristics to facilitate large-scale, nearly instantaneous cross-border transactions without traditional financial intermediaries that employ anti-money laundering programs.
• Challenges to Following Funds
  Cryptocurrency transactions are permanently recorded on publicly available distributed ledgers called blockchains. As a result, law enforcement can trace cryptocurrency transactions to follow money in ways not possible with other financial systems. Nevertheless, since cryptocurrency also allows transfers of funds to exchanges overseas, US law enforcement may encounter significant challenges when following cryptocurrency that enters other jurisdictions, especially those with lax anti-money laundering laws or regulations.

The FBI encourages the public to submit a complaint through this website, even if a financial loss did not occur. Some of the most important information you can provide are details related to transactions. For cryptocurrency transactions, these details include cryptocurrency addresses; the amounts and types of cryptocurrencies; transaction hashes; and the dates and times of the transactions. If possible, please provide any other information you may have about the scam. These details may include how you met the scammer, what platforms you used to communicate, any web domain involved in the scheme, and any phone numbers or other identifiers. Be wary of cryptocurrency recovery services, especially those charging an up-front fee.

In cryptocurrency, the length of a transaction hash and a wallet address typically depends on the specific blockchain and its addressing scheme.

Transaction HashThis is usually a fixed-length string of characters, derived from the hash of the transaction data. For instance, in Bitcoin, a transaction hash (or transaction ID) is a 64-character hexadecimal string (which is 256 bits). Similarly, Ethereum transaction hashes are also 64 characters long.Wallet AddressWallet addresses vary in length depending on the cryptocurrency:

• Bitcoin addresses are usually 26-63 characters long and can start with different prefixes, depending on the type of address (e.g., P2PKH, P2SH, or Bech32).
• Ethereum addresses are always 42 characters long (including the '0x' prefix), which represents a 160-bit hash.

Elder Fraud is considered fraudulent activity targeting individuals aged 60 or older. As part of the FBI's mission, the FBI pursues ways to combat criminals targeting seniors in alignment with internal and external partnerships through the Department of Justice's Elder Fraud Initiative.

Through IC3, the FBI has created a public avenue for seniors to report fraud. IC3 receives and tracks thousand of complaints daily. IC3 reporting is key to identifying, investigating, and holding these criminal actors accountable for their actions.

Do not be afraid to report a suspected crime. IC3 promises you are not alone. Millions of elderly Americans fall victim to financial fraud through a fraud scheme committed on the internet.

If you, or someone you know, is a victim of a fraud or scam, file a complaint with the IC3.

FBI Public Service Announcement 1

FBI Public Service Announcement 2

Public Service Announcement 3

 Business Email Compromise (BEC) is a sophisticated scam targeting both businesses and individuals performing a transfer of funds. The scam is frequently carried out when a subject compromises legitimate business e-mail accounts through social engineering or computer intrusion techniques resulting in an unauthorized transfer of funds.

To remain on guard against BEC, follow the tips below:

• Use secondary channels or two-factor authentication to verify requests for changes in account information with the intended recipient.
• Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender's address appears to match who it is coming from.
• Ensure the settings in yours or your employees' computers are enabled to allow full email extensions to be viewed.
• Monitor your personal financial accounts on a regular basis for irregularities, such as missing deposits.

In Account Takeover Fraud (ATO), cyber criminals deliberately gain unauthorized access to a victim's online bank, payroll, health savings or social media account, with the goal of stealing money or information for personal gain. Cyber criminals may gain access to a victim’s online account through a variety of methods:

Brute Forcing username/password

A cybercriminal exploits weak password and lack of multi-factor authentication.Phishing emailsA cybercriminal sends a deceptive email to trick the victim into giving away their login credentials.Phishing domains/websitesA cybercriminal uses a phishing website that appears as a legitimate online banking or payroll website to trick the victim into giving away their login credentials.Social engineeringA cybercriminal manipulates the victim into giving away their login credentials by impersonating a bank employee, customer support or technical support personnel.Data breachesA cybercriminal obtains victim's login credentials from past data breach or criminal forums that sell data breach data on the dark web marketplaces.MalwareA cybercriminal obtains victim's login credentials via malware on the victim’s device.  

The goal of the cybercriminals is to steal funds, redirect paychecks, or otherwise affect funds of the targeted victim.

In one specific type of scam, cyber criminals buy ads that masquerade as legitimate companies to misdirect victims searching for a specific website through popular search engine such as Google, Yahoo, or Bing. The search engine may return a fraudulent website URL that is very similar to the legitimate website, or slightly misspelled, or re-directed to another website with the URL that appears legitimate.

When victims click on the fraudulent search engine ad, they are directed to a sophisticated fraudulent phishing site that mimics the real website, tricking victims into providing their login information. Cyber criminals then capture victims' credentials as they access the fraudulent site.

If the account requires multi-factor authentication, cyber criminals may utilize social engineering to obtain the One-Time Passcode (OTP). For example, cybercriminal pretends to be a bank employee or technical support personnel and requests the victim to provide their phone number via fraudulent website's chat box. The cybercriminal then contacts the victim while pretending to be the bank employee/technical support and ask for the OTP.

If the account is a corporate account which requires two individuals to authorize a transaction (dual control) then, cyber criminals may utilize social engineering in a similar manner as above, and insist that the second individual go to the same website, and/or go to the open browser of the first individual to complete the transaction.

Cyber criminals then use the captured credentials to gain full access to the victim’s financial account. If a bank account is compromised, cyber criminals can transfer money from the accounts. If an employer payroll account, health savings account, or retirement account is accessed, the cybercriminal can change the direct deposit information in the real site and redirect funds. If cyber criminals gain access to full personally identifiable information (PII) for victims, they can also create new account relationships, including loans or accounts that defraud victims.

To remain on guard against ATO, follow the tips below:

• Be careful about the information you share online or on social media. By openly sharing things like a pet's name, schools you've attended, your date of birth, or information about your family members, you can give scammers all the information they need to guess your password or answer your security questions.
• Monitor your personal financial accounts on a regular basis for irregularities, such as missing deposits.
• Always use unique complex passwords, enable two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
• Use Bookmarks (Chrome) or Favorites (Edge) for navigating to login websites rather than clicking on Internet search results or advertisements. Multi-factor authentication will not protect you if you land on a fraudulent login page. Carefully examine the email address, URL, and spelling in any correspondence.
• Stay vigilant against phishing attempts. Be suspicious of unknown "banking" or "company" employees who call you; don't trust caller ID. Offer to call them back after you look-up the phone number yourself. Remember that companies generally do not contact you to ask for your username, password, or OTP.

 Investment Fraud lures someone with promises of low- or no-risk investments that turn out to be non-existent. Typically, bad actors will entice potential investors by describing returns in amounts that are clearly too good to be true. There is no such thing as a guaranteed return on investment. Fraudulent investments include, but are not limited to, real estate, penny stocks, Ponzi and pyramid schemes, digital assets, and cryptocurrency. 

Scammers use a variety of methods to initially lure and contact victims. Here are some of the most common methods:

Social Media  Scammers use social media to reach out to victims directly — by messaging them — or indirectly through deceitful job advertisements or investment opportunities that can be found on all main social media platforms.

Texting  Scammers text victims pretending they misdialed a number, sending a photo of themselves, or saying they work for a company that is hiring for job opportunities.

Dating Sites  Scammers create thousands of fake dating profiles on all common dating sites and match with victims to establish a romantic relationship based on trust. 

Once the victim agrees to continue communicating, it's common for the scammer to ask to move their messaging to another platform. They may use a different phone number from the one the victim may have been contacted from initially.

For variants involving a professional relationship only, scammers may invite victims to join chat groups, where there are often many others in the same chatroom — most of whom are scammers impersonating "happy" clients.

Once initial communication has been established, scammers seek to deceive victims about who they are (their "persona") and what they want (their "desires") to forge trust with the victim. Tactics vary, but below are common characteristics of an investment fraud scammer personas

• Excessive flattery
• Empathizing with, and often suffering from, similar life events as the victim (e.g., if a victim is going through a divorce, then the scammer may be going through a divorce, too).
• Suffering from a hardship that requires help from the victim.
• Sharing pictures, often selfies, of themselves.
• Offering to meet in person but making those meetings contingent upon the victim accomplishing a task (e.g., we can meet once you raise enough money).
• Offering to meet in person, but always finding an excuse at the last minute for why they can’t.
• Expressing a strong romantic interest in the victim.
• Agreeing to some video conference calls but preferring instead to speak over text.

Once trust is established with victims, criminals introduce the topic of investing. It's common for scammers to say they themselves — or people in their family or close network — are experts in such investments. They may promise they can bring the victim in on "the ground floor". Types of investments can vary, however common ones include binary trading, liquidity mining, and gold futures.

Once the scammer convinces the victim to participate in their scheme, the scammer will instruct the victim how to invest the money, as follows:

• Open an account at a reputable trading platform or cryptocurrency exchange.
• Transfer money from a traditional bank account to the new account.
• If trading cryptocurrency, convert the money — now hosted on the cryptocurrency exchange — to the cryptocurrency type the scammer specifies, e.g., Bitcoin, Ether, Tether.
• Open an account on the "investment platform" provided by the scammer or an individual or group that the scammer directed the victim to.
• Deposit the funds or cryptocurrency to the investment platform either directly or through a private wallet.

Note that these "platforms" exist in the form of what appear to be traditional websites, either accessible via the web, or when dealing with cryptocurrency investments, through a specific browser only accessible via cryptocurrency applications. Common factors include:

• Registration using an email address or phone number.
• Two-factor authentication (e.g., a phone number + an email address) to log in.
• A website name that closely mimics — or "spoofs" — a legitimate site.
• A professional-looking site design that shows the portfolio in an appealing manner.
• A customer support portal used to communicate about investments and withdrawals.

Once the victim starts to "invest," returns shown on the investment platform will appear to be extremely lucrative, encouraging the victim to invest more and more. It is common in the early stages for the scammers to allow victims to withdraw not only the original deposit but the earnings as well.

This is meant to trick victims — a means to reassure them that the platform is legitimate. Scammers use various means to “sweeten the pot,” or encourage further investing. Examples include:

"Matching"Providing their own funds to the victim's portfolio to help the victim reach an (arbitrary) investment goal."Scarcity"Stating that returns or investment opportunities are only available in a short time. 

 Once the victim is ready to withdrawal all their earnings, they will find their account frozen and an arbitrary requirement will arise, usually in the form of paying "taxes" or "fees" to unlock their funds. 

Red Flag: You are required to pay taxes or fees to receive or unlock your investment.

The scammer may have already allowed you to "withdraw" a small amount to give the appearance that the investment is legitimate.

 It can be a particularly devastating point in the scheme, as victims will often pay more money to unlock their funds than any amount, they previously deposited. At this point, there is usually nothing the victim can do: the scammers will never unlock the funds and it's likely they have already withdrawn those funds into criminally controlled cryptocurrency wallets inaccessible to the victim. In the end, the victim loses all the money they deposited into the scheme. 

 Ransomware is a type of malicious software, or malware, that prevents you from accessing your computer files, systems, or networks and demands you pay a ransom for their return. Ransomware attacks can cause costly disruptions to operations and the loss of critical information and data.

You can unknowingly download ransomware onto a computer by opening an email attachment, clicking an ad, following a link, or even visiting a website that's embedded with malware.

Once the code is loaded on a computer, it will lock access to the computer itself or data and files stored there. More menacing versions can encrypt files and folders on local drives, attached drives, and even networked computers.

Most of the time, you don’t know your computer has been infected. You usually discover it when you can no longer access your data or you see computer messages letting you know about the attack and demanding ransom payments.

For the latest information on ransomware variants and campaigns, please see our Industry Alerts.

• Keep operating systems, software, and applications current and up to date.
• Make sure anti-virus and anti-malware solutions are set to automatically update and run regular scans.
• Back up data regularly and double-check that those backups were completed.
• Secure your backups. Make sure they are not connected to the computers and networks they are backing up.
• Create a continuity plan in case your business or organization is the victim of a ransomware attack.

 Criminals pose as technical or customer support/service. The criminal may impersonate any type of personnel appearing to offer support or assistance, including (but not limited to) computer/virus support; virus software renewal; banking; online shopping websites; utility companies; security (including virus software renewal); GPS; printer; cable and internet companies; and cryptocurrency exchanges. 

 Criminals pose as a government official or law enforcement to extort money. Common examples include claims the individual missed jury duty or their identity was used in facilitation of a crime. The fake official offers to assist with protecting financial accounts or investigating and recuperating lost money, but request the individual pay up front or transfer all their funds to "secure" their accounts. 

 Based on years of investigations, these frauds are often perpetrated by the same criminals or groups of criminals. Additionally, they frequently conduct both types of scams at the same time or utilize tactics from both to be successful in their deception. A good example is the "Phantom Hacker" scam.

• Resist the pressure to act quickly. Criminals will urge the victim to act fast to protect their device. The criminals create a sense of urgency to produce fear and lure the victim into immediate action.
• Do not click on unsolicited pop-ups, links sent via text messages, or email links or attachments.
• Do not contact the telephone number provided in a pop-up, text, or email.
• Do not download software at the request of an unknown individual who contacted you.
• Do not allow an unknown individual who contacted you to have control of your devices or accounts.
• The US Government and Law Enforcement will never request you send money via wire transfer to foreign accounts, cryptocurrency, cryptocurrency ATMs, gift/prepaid cards, or by shipping/mailing cash or precious metals.
• Be cautious of customer support numbers obtained via open source searching. Phone numbers listed in a "sponsored" results section are often boosted because of Search Engine Advertising.
• Ensure all computer anti-virus, security, and malware protection is up to date. Some victims report their anti-virus software provided warnings prior to attempt.
• Install ad-blocking software that eliminates or reduces pop-ups and malvertising (online advertising to spread malware).

Identity theft often tops the list of consumer fraud reports that are filed with the FTC and other enforcement agencies. While the FTC does not have criminal jurisdiction, it supports the criminal investigation and prosecution of identity theft by serving as a clearinghouse for identity theft reports, part of the FTC’s Consumer Sentinel report database. In addition to housing ID theft complaints, Sentinel offers participating law enforcement agencies a variety of tools to facilitate the investigation and prosecution of identity theft. These include information to help agencies coordinate effective joint action; sample indictments; and tools to refresh investigative data through programmed data searches.

There are many steps consumers can take to minimize their risk of being an identity theft victim. For example, consumers should closely guard their social security number and shred charge receipts, copies of credit applications and other sensitive documents. Consumers also should review their bills and credit reports regularly and be aware of telltale signs to detect that their identity may have been stolen. In addition, if consumers find they have been victimized, there are a series of steps they can take to recover from identity theft as soon as they detect it, such as placing a credit freeze or fraud alert on their credit report and closing accounts that may have been tampered with.

First American Payment Systems 

Vivant Smart Home, Inc

 A company can't make you wait forever. If something didn't arrive or you didn't accept it, and the company won't refund your money, dispute the charges. And, if products show up that you never ordered? You don’t have to pay for them. Federal laws protect you. 

The federal Mail, Internet, or Telephone Order Merchandise Rule applies to most things you order by mail, online, or by phone. It says:

• Sellers have to ship your order within the time they (or their ads) say. That goes whether they say “2-Day Shipping” or “In Stock & Ships Today.” If they don’t give a time, they must ship within 30 days of when you placed your order.
• If there’s a delay shipping your order, the seller has to tell you and give you the choice of either agreeing to the delay or canceling your order for a full refund.
• If the seller doesn’t ship your order, it has to give you a full refund — not just a gift card or store credit.

If the company won't reverse the charge, dispute it. But know that different consumer protections apply to credit and debit card charges.

The Fair Credit Billing Act treats certain credit card charges that you dispute as billing errors. Billing errors include charges for items that you didn't accept or that weren't delivered as agreed, involved the wrong amount, were unauthorized, and certain others. Disputes about the quality of the item are not billing errors. The law spells out how to challenge billing errors.

By law, credit card billing errors must be disputed in writing within 60 days of the date that the first statement with the billing error is sent to you. Otherwise, you may get stuck with the bill.

Send a dispute letter to your credit card issuer at the address listed for billing disputes, errors, or inquiries — not the address for sending your payments. Look on your statement, online, or your credit card agreement to get the right address. Use this sample letter for disputing credit and debit card charges.

One thing to know: Some issuers let you dispute billing errors over the phone or online. However, to be sure that you get the full protection of the law, follow up with a letter.

The credit card issuer must acknowledge your dispute in writing within 30 days of getting it, unless the problem has been resolved. The issuer must resolve the dispute within two billing cycles (but not more than 90 days) after getting your letter.

You don't need to pay the disputed amount and related finance or other charges during the investigation. But you have to pay any part of the bill that’s not in question. Learn more about disputing credit card charges.

What if you agreed to delivery on a date in the future that turns out to be more than 60 days after your statement showing the charge was sent to you — but the delivery didn’t arrive or you rejected it because it was not what you agreed to buy? Can you still dispute the charge?

You’re likely outside the protection of the Fair Credit Billing Act. Still, some credit card issuers may extend the 60-day dispute period when a shipment is delayed. Send a dispute letter to your credit card company. Include copies of any documents showing the expected and actual delivery dates, including any notice the seller sent you about the shipment delay.

The consumer protections for debit cards are different from the protections for credit cards. You may not be able to get a refund for non-delivery or delivery of the wrong item. Contact your debit card issuer — often your bank — as soon as you know there’s a problem. Some debit card issuers may voluntarily offer protections. Start by calling the customer service number. Follow up with a letter. This sample letter for disputing credit and debit card charges can help.

By law, companies can’t send unordered merchandise to you, then demand payment. That means you never have to pay for things you get but didn’t order. You also don’t need to return unordered merchandise. You’re legally entitled to keep it as a free gift.

Sellers can send you merchandise that is clearly marked as a gift, free sample, or the like. And, charitable organizations can send you merchandise and ask for a contribution. It's your right to keep such merchandise as a free gift.

Sometimes, you might sign up for a free trial, only to discover that the company starts sending you products every month, and billing you. That might be a scam. Learn about free-trials, auto-renewals, and negative option subscriptions and what to do if you're charged for products you don't want or didn't order.

To help avoid shopping hassles:

• Consider your experience with the company or its general reputation before you order. If you’ve never heard of the seller, search online for its name plus words like “complaint” or “scam” to find out other people’s experiences.
• Check out the company’s refund and return policies, the item’s availability, and the total cost before you place your order.
• Get a shipment date.
•  Keep records  Know what website, ad, or catalog you ordered from and make a note of the date of your order, any promises the company made about shipping, and when the promises were made. Keep any order confirmation, receipt, tracking number, or other documents you get, as well as all email, text messages, or other communications you have with the company. If you’re ordering by phone, keep a list of the items you ordered, their stock codes, and the order confirmation code.
• Track your purchases. If you spot an issue, like a mistake in your delivery address, you might be able to resolve it before it becomes a problem.

Here’s how the scam works: Criminals post ads on online auction and sales websites, like eBay Motors, for inexpensive used cars (that they don’t really own). They offer to chat online, share photos, and answer questions. They may even tell you the sale will go through a well-known retailer’s buyer protection program. Recently, sellers have been sending fake invoices that appear to come from eBay Motors and demanding payment in eBay gift cards. If you call the number on the invoice, the scammer pretends to work for eBay Motors. Trusting buyers have lost hundreds of thousands of dollars over the past year alone.

So how can you tell if an online car sale is fake?

• You find bad reviews online. Check out the seller by searching online for the person’s name, phone number and email address, plus words like “review,” “complaint” or “scam.”
• Sellers try to rush the sale. Resist the pressure. Scammers use high-pressure sales tactics to get you to buy without thinking things through.
• They can’t or won’t meet in person or let you inspect the car. Scammers might have an excuse, like a job transfer, military deployment, or divorce, for why you can’t see them or the car. But experts agree that you should have an independent mechanic inspect a used car before you buy it.
• They want you to pay with gift cards or by wire transfer. If anyone tells you to pay that way, it’s a scam. Every time.
• The sellers demand more money after the sale for “shipping” or “transportation” costs.
• The Vehicle Identification Number (VIN) doesn’t match the VIN for the car you’re interested in. A vehicle history report can help you spot such discrepancies.