Do you have what it takes to catch a scam? October is Cybersecurity Awareness Month, and Con-Million the Chameleon is back with another installment of the Rascal Report. The scams and amounts lost in the stories below are real, but the names used are not.

The Remote GigThe Remote Gig

Ben had been out of work for some time and was thrilled when he found a job posting on Facebook for a work from home opportunity with a very generous salary. David, Ben’s new boss, instructed him to open an account at a local financial institution that would be used solely for his work. Ben opened a new checking account in his own name as instructed. Ben’s job was to receive payments from David and then payout payroll to David’s other employees via Cash App. Ben received a $10,000 wire and as instructed began sending payments to his fellow co-workers.

The problem? David was a fraudster and didn’t have a company. The funds he wired to Ben were stolen from another scam victim. All $10,000 was transferred out via Cash App to other fraudsters, using Ben as a money mule.

Takeaway: It is important to research the business that wants to hire you, especially when considering remote work. If you are unable to find any reputable information about the business online and correspondence does not come from a verified business email address, you are likely dealing with a scammer. In addition, a legitimate business will never ask you to open a bank or credit union account under your name to use for business purposes.

Phishing ChameleonPhishing for Support

Rhonda was looking over her account history and noticed a pending Zelle® transaction on her account that she did not recognize. She conducted a quick search on the internet for a phone number to contact Zelle about the suspicious transaction. Rhonda spoke with a customer service agent who they told her that they would dispute the transaction, but since her Zelle was “hacked,” they needed to check her Venmo and Cash App accounts as well. Rhonda was instructed to send “test payments” to the customer service agent. Rhonda obliged as she wanted to ensure her accounts were safe.

The phone number Rhonda called did not belong to Zelle. It was a phone number to a fraudster who she unwittingly gave access to her Zelle, Venmo, and Cash App accounts. In total, Rhonda was scammed out of $1,136.

Takeaway: Fraudsters have mastered the art of spoofing websites and phone numbers. It is always best to contact your financial institution directly and research a new company before you reach out to them.

  • If you notice suspicious transactions on your account, contact the credit union directly.
  • Before entering personal information on a website or dialing a phone number found on the web, ensure that you are on the company’s website by verifying the domain in the address bar of your browser. Phishing sites will often use lookalike domain names (for example, using a “0” instead of “o”) or append the legitimate domain name later on in the URL.
  • Be wary of paid search ads when searching for account help. Paid search ads usually contain the word “ad” or “Sponsored” next to them and the links may not lead to the site they appear to represent.

Investment Scam ChameleonInscrutable Investments

Doug had been on the hunt for a good investment opportunity for some time. Worried about the state of the economy and stock market volatility, he was very interested in exploring Bitcoin and gold.

Doug found an investment company online and sent them $12,000 over the course of a year. The investment company later mailed Doug a $120,000 check with documentation stating that the proceeds were from a joint IRA that was set up for him, and this was his portion of the investment. Doug was thrilled that his initial investments had finally paid off and opened an IRA using the check. Doug had plans to take $50,000 of the $120,000 and invest it back into Bitcoin and gold as soon as the funds were available and use the remaining $70,000 to invest elsewhere.

Unfortunately, the investment company was bogus, and the $120,000 check was counterfeit. Doug had been scammed out of $12,000 and could have lost more.

Takeaway: If someone is trying to sell you an investment, do your research before handing over your hard-earned money. The SEC and FINRA both offer tools to look up individuals and investment professionals to see if they’re registered or have had judgements or orders issued against them. When using an established brokerage or investment platform, make sure you are on their legitimate website and not a spoofed version created by scammers.

Con-Million the Chameleon Says: Fraudsters are clever and can operate in different ways. Some scams rely on creating a false sense of urgency by sending fake alerts and order notifications, or by impersonating financial institution staff or government employees to trick victims into providing their personal information. Other scams involve slowly gaining the victim’s trust through companionship or “investment opportunities” before asking for money or access to their accounts.

  • Credit union employees will NEVER call you to ask for sensitive information such as your password, verification code, full debit/credit card number, or PIN.
  • If you experience issues with unauthorized or missing transactions, contact the credit union directly.
  • You will NEVER be asked to send “test payments” or transfer funds to troubleshoot or “unlock” Cash App, PayPal, Venmo, or Zelle accounts or payments.
  • Legitimate employers won’t ask you to open accounts under your name to move company funds or process orders or payroll.
  • If an investment opportunity seems too good to be true, it probably is. Research the advisor or company that is trying to sell you investments before you transfer funds.