The telephone is one of the preferred tools used by scammers to make contact with their victims. The best antivirus may be installed but these scammers prey on inexperienced computer users and manipulate them into giving them access of their personal computer. Once they access their computer, the scammers can extract important details including bank information and other personal login names and passwords.
A relatively common scam relates to phone calls from non-English sounding persons claiming to be from the security department of a global software provider. These scammers would insist that your computer is infected with a virus and a particular anti-virus software needs to be installed.
Following a number of steps, during which software is installed on the computer thus compromising its security, they would finally ask for the card details of their victim. Their justification is that the product is not free and an annual subscription is required to always keep your computer safe.
Of course this is their way of defrauding their victims of an amount of money and obtaining valuable card details which may be used to transfer more money from their victim’s account in the future (without receiving any service).
These scam callers are very persistent and may even try and call back if told that the computer is working fine or that the victim does not even have a computer! In addition, when calling, they would actually ask for a particular person in your household with their first name, thus making the caller all the more believable. The fraudsters would also insist local IT technicians would not be able to solve the problem.
Simply hang up if you receive such calls. You should never give information to anyone which may compromise your computer’s security. If you have unfortunately fallen victim of this scam contact your bank immediately to stop any card transactions and reorder a new card. In addition start deleting any passwords you may have for online accounts (from a different computer).
Before reusing the same computer on which the software was installed as directed by the callers, make sure you take it to your trusted technician to make sure it is secure to use.
Always remember: the rule of thumb to follow in such situation is that IF YOU HAVEN’T REQUESTED A CALL FROM A COMPANY (ESPECIALLY A FOREIGN COMPANY), THEN THIS CALL IS A SCAM!
If you have been contacted by someone from Nigeria asking for your help in transferring money out of the country, then you are one of thousands of people all over the world who have been targeted by what is sometimes called the “Nigerian letter scam” or “Nigerian advance fee fraud”. Although “Nigerian” is the name given to it, this scam is now international. The letter or email you get may also pretend to come from another country, such as Sierra Leone, the Democratic Republic of the Congo or South Africa. In fact, the scam operator may be in the US, or Europe, or anywhere.
Despite the fact that the MFSA has in the past issued warnings against these letters, the Authority is aware that there are still a number of people who are misguided, not adequately informed or who have fallen victim of these scams.
How the scam works
The scam varies, but usually a person receives a letter, or more often, a fax or email offering a business “proposal” or transaction. One will often wonder how his postal or e-mail number ended up being targeted by these fraudsters. Indeed, fraudsters have become even more sophisticated by personalising their scam e-mails. One should not be deceived by this, however. Computer software now makes it easier to personalise e-mails and specialised software enables “trawling” of e-mail addresses from websites without prior contact. Victims’ addresses are also obtained from telephone and e-mail directories.
The person writing may claim they are a government official, the widow of a government official, or from a charity or business group. The fraud is perpetrated by enticing the victim with a bogus “business” proposal which promises millions of US dollars as a reward.
The scam letter usually promises to transfer huge amounts of money, usually in US dollars, purported to be part proceeds of certain contracts, to the addressee’s bank account, to be shared in some proportion between the parties. This is only the beginning.
If the addressee replies, a favourable response to the letter is followed by excuses why the funds cannot be remitted readily and subsequently by demands for proportionate sharing of payments for various “advance fees” (e.g. customs, taxes, bribes) supposedly to facilitate the processing and remittance of the alleged funds. The use of “fake” official documents is a common practice. These fees are the real purpose of the scam, and may add up to tens of thousands of dollars. That is why such scam letters are also known as “advance fee letters”.
Various forms of the same scam
The frauds that have been discovered to date have taken a variety of forms. They generally describe the need to move funds from countries as Nigeria or Sierra Leone and seek assistance of the victim in providing bank account details in an overseas country and administration fees needed to facilitate the transaction. The victim is offered a commission which could be around 40 per cent of the capital involved. Capital sums of USD 20 million or more are often mentioned, thus creating a potential reward for the victim of up to USD 16 million. An advance payment that could add up to USD 50,000 is usually required – which represents the amount stolen.
Letters have been sent to victims indicating that millions of dollars have been left to them in deceased estates and inviting them to claim the money. Such letters are often accompanied by fraudulent wills of deceased foreigners and are sent to their relatives from bogus firms of lawyers.
Victims are required to pay certain fees in advance of receiving their reward which, of course, does not exist.
Another scheme involves victims being given apparently legitimate documents emanating from sources such as the Nigerian Government, the Nigerian National Petroleum Company, the Central Bank of Nigeria or Nigerian solicitors indicating that sums of money need to be moved out of Nigeria in order to prevent confiscation. Victims are asked to provide bank account details as cover to support the legitimacy of the transaction. Over time, the victims are then asked to provide sums of money in order to facilitate the transaction, such as for government taxes, processing fees, audit fees, insurance or bribes for officials.
Some schemes entail victims receiving correspondence that purports to represent some contractual arrangement with Nigerian government officials or businessmen, usually offering substantial gains for little investment. The transactions may involve the recovery of contractual funds, crude oil shipments or over-invoiced payments, all of which are non-existent. In order to facilitate arrangements, victims are asked to supply bank account details and later money to pay legal fees, taxes, bank transfer fees or bribes.
Has action been taken?
These scams are not confined to one particular country or region. Indeed, these scams are another form of transnational organised crime. Advance fee fraud is difficult both to detect and to prosecute. Offenders have employed various tactics to foil investigations. Various countries have adopted specialised legislation to facilitate prosecution of offenders – when these are identified. However, not all legal obstacles have been addressed. Besides tackling the problem from a legal point of view, various countries – including Nigeria through its Central Bank in Abuja (https://www.cbn.gov.ng/419/Index.asp) – have taken a preventive approach by addressing local and international communities as to the risks involved in replying to these advance fee letters.
The use of e-mail to disseminate advance fee letters represents a particular problem because it not only enables offenders to disguise their identity and to target hundreds of potential victims more easily, but also makes it difficult to identify the place of origin of the message and where victims are being identified.
Although these scams could be considered as amounting to a criminal offence, the nature of this scam is such that it crosses many national boundaries. Even the responsible government agencies may be limited in what they can do. The best way to stop this fraud is to reduce the pool of potential victims by increasing education and awareness about these crimes.
What can you do?
You are again warned in your own interest not be become another victim to these fraudulent solicitations or schemes. Make sure you are smarter than the scammers. Read and understand the following golden rules to avoid becoming a victim of these scams.
Rule 1. If it sounds too good to be true, it probably is not true! Your alarm bells should ring loud and clear when you hear phrases like “high returns with low risk” and “get rich quick”. “No risk” often means the biggest risk of all. It is virtually impossible to become rich overnight. If you want to get rich quickly, you have to work hard for it. These scams will not make your dream of becoming a millionaire overnight come true
Rule 2. These financial scams appear ruthless and simple. They appeal to our greed and our desire to avoid the work involved in solid long-term investing. Do not pay attention to what they are promising you.
Rule 3. Never give your bank account number, credit card number or other personal details to unauthorised people.
Rule 4. If in doubt, check it out! Seek professional advice from a licensed financial services provider. They are better placed to guide you and inform you of these scams.
What to do next?
If you receive a scam letter in your mailbox, take no notice of it and trash it immediately. Do not waste your time reading it, either. These letters are poking fun at your intelligence and your pockets..
Do you use the internet to promote and sell products and services online?
Beware of cheque overpayment scams. Traders and consumers should exercise due caution when receiving payment by foreign cheques and bank drafts for on-line transactions or from unfamiliar sources.
These scams operate in this manner, although there may be variations to the situation described below:
- A “buyer” or his agent (who may be residing abroad) respond by e-mail to an advert or link on a website, and offers to use a bank draft (a cheque drawn on a foreign bank) or a personal cheque (also drawn on a foreign bank) to pay for the product or service a trader is selling.
- The cheque would usually be in foreign currency. For the untrained eye, the cheque would look authentic – complete with watermarks or stamps. But the amount on the cheque would be for more money than the trader would be expecting. The “buyer” may come up with rather convincing reasons why the amount on the cheque is more than the purchase price. The “buyer” would ask the trader to deposit the cheque and send the difference using a person-to-person money transfer service (rather than through the banking system).
- As the cheque is drawn on a foreign bank, the local bank would not normally make the amount on the cheque available before it is cleared (which may take up to 28 days). Unsuspecting traders, who may be under pressure from the “buyer”, would not wait for the cheque to be cleared and remit the difference to the “buyers”.
- Little would the trader suspect that the cheque sent for clearing is counterfeit – hence “worthless” ― with the consequence that the trader is left on the hook for any amounts sent to the “buyer”. To add insult to injury, there might also be charges levied by the local and/or foreign bank for clearing the cheque. Of course, this would not happen if the trader waits until the cheque is cleared, although one may have to pay such clearing charges.
- At times, it may not be easy to detect a counterfeit from a genuine cheque – some cheques are good enough to fool any unsuspecting bank clerk.
Traders, and consumers alike, can avoid falling victims of a cheque overpayment scam by reading and understanding the following “golden rules”:
- Never accept a cheque for more than your selling price, no matter how tempting. Ask the buyer to write the cheque for the correct amount. If the buyer refuses to send the correct amount, return the cheque. Don’t send the merchandise and withdraw the promise to provide a service.
- Know who you’re dealing with. In any transaction, independently confirm the buyer’s name, street address, and landline telephone number. If that person resides abroad, be extremely vigilant. An e-mail address is not sufficient proof of a person’s residency or whereabouts. If you cannot confirm these details, consider alternative methods of payment.
- If the buyer insists that you remit funds by a money transfer service (without supplying his bank account details) before the cheque is cleared, end the transaction immediately. Resist any pressure to “act now.” If the buyer’s offer is genuine now, it should remain genuine after the cheque is cleared.
Therefore wait until the cheque is cleared, if you feel that receiving payment by a foreign cheque from someone you only know through e-mail is fine by you. In essence, a trader should say no to a cheque for more than the selling price, no matter how tempting or convincing the story.
Be extremely cautious and to resist any pressure for a quick deal!
Shopping on the internet can be economical, convenient, and no less safe than shopping in a store or by mail. To help keep your online shopping experience a safe one, we have prepared some tips which you should keep in mind.
- Know who you’re dealing with. Confirm the online seller’s physical address and phone number in case you have questions or problems.
- Know exactly what you’re buying.Read the seller’s description of the product closely, especially the fine print.
- Know what it will cost.Factor shipping and handling — along with your needs and budget — into the total cost of the order.
- Pay by credit or debit card, for maximum consumer protection.
- Check out the terms of the deal, like refund policies and delivery dates.
- Print and save records of your online transactions.
- Don’t email your financial information. Email is not a secure method of transmitting financial information
Finding fraudsters can often be difficult because their mimic sites often are up and gone in just a few hours, but still long enough to rip-off unsuspecting users. If you have come across a site by co-incidence, think twice before doing business with that site. Check if your friends have purchased items from that site. Use a reliable search engine to check if there are blogs reporting any “fishy” activity linked with the site.
If you are asked to send payment by bank-to-bank transfer or a point-to-point payment service (rather than payment by card), be extremely careful. When sending payment via your bank (what many people refer to as a SWIFT payment), it would be extremely difficult (if not impossible) for your bank to reverse the transaction if the on-line merchant turns out to be fraudulent.
The same goes for a point-to-point service. Such services are a reliable means of payment, but once money is withdrawn, it is virtually impossible to recover them. In other words, if you send payment by bank transfer or point-to-point service, make sure that you know the beneficiary or you have established the veracity of the beneficiary’s identity you are sending money to.
If you have received an e-mail asking for your personal information to be updated:
BEWARE. Do not click any of the links in that e-mail. If you do, you might end up providing information to a fraudster!
These emails urge customers to submit personal information about themselves or to “verify” information that was previously provided when their account was established. Those tricked into providing their details run the risk of losing money from their account or even misuse of their personal details.
This is called “phishing” as fraudsters are trying to hook potential victims from a sea of internet users. When fraudsters go on “phishing” expeditions, they lure their targets into a false sense of security by hijacking the familiar, trusted logos of established, legitimate banks and companies.
A typical phishing scam starts with a fraudster sending out millions of e-mails that appear to come from a respected financial firm (such as a bank).
Image A: This is a typical email which you may receive.
From the phishing cases reported to MFSA, it is evident that these fraudsters are capable of designing e-mails and websites that look like those of the financial firm being copied. As a result, it is hard to tell whether the e-mail received is from a genuine organisation or from a fraudster.
Rather than creating from scratch a hoax company, the fraudster might use a legitimate company’s name and incorporate the “look and feel” of its website (including the colour scheme and graphics) into the “phishy” e-mail.
Image B : When you click on the link above (see Image A), you will be directed to a page which looks identical to the actual page of your bank.
But look closely at the address at the top of your browser. The address is generic, does not belong to the financial entity and does not feature a padlock, an indication that the connection is secure.
Image C : Page showing a generic address rather than the actual address of the financial entity.
The actual website will contain two important security features: the padlock and the address starts with “https:”. Some browsers display the address against a green background or feature the “https:” in green, an indication that the connection with the bank is secure and that the security certificate of the bank has been authenticated.
Image D: Security features prominent on the actual website.
Users should not be fooled if there is suspicion that the e-mail is not authentic, the organisation concerned should be contacted for the purposes of verifying the authenticity of its communication.
Be extremely cautious and do not to rush into responding to any type of e-mail with urgent requests for personal information.
- Typically phishy emails are not personalised. However, this may not exclude e-mails which might either include the name of the organisation being copied or contain the names of officials who actually work with the organisation (or both) in the “from:” line.
- In common phishing scams, e-mails might include information that seeks to upset or stimulate the user to respond without delay (such as a warning that failure to respond will result in the user’s account being deactivated).
- Fraudsters may also use web addresses that look identical to the names of well-known companies but have slight amendments in the address.
- The best way one can protect himself from phishers is to understand what legitimate financial service providers will and will not do. Legitimate entities will not ask you to provide or verify sensitive information through a non-secure means, such as an e-mail. Therefore, users should not rush into responding to any type of e-mails with urgent requests for personal information. Credit card numbers and other financial identification details should never be sent in an e-mail message. Moreover, before sending any personal information, a user should always ensure that he is using a secure website.
- Users should never use links within an e-mail to get to a bank’s website. It is always safer to type the internet address of the site of the user would like to visit in the address bar at the top of the browser. It is important that you have the latest browser installed on your computer, smartphone or tablet. Never access your internet banking or other website holding financial information from public computers or over unprotected Wi-Fi networks.
- As many of these scams are spam, e-mail users should have reliable anti-virus and anti-spam software installed and up to date with the latest virus/spam filters.
Always check the e-mail address from where suspicious emails are coming. Sometimes, an email address may look very similar to a legitimate one but may have a small difference which may go unnoticed.
- It is also advisable for users to regularly reconcile their bank and credit account statements as this will help in detecting fraudulent transactions quickly.
- Lastly, never provide details of your bank account in order to have funds transferred into your account to persons who you don’t know or have never met face-to-face (and therefore have never identified themselves).
- If the bank or companies are making any changes to their online website or system, you would usually be informed prior to the change either through the information uploaded on their website or by conventional mail. Some organisations may also follow up with an advertising campaign showing the benefits of the changes and increasing awareness.
Hurrah! You’ve won the lottery!
Here are some reproductions of the typical wording used in these scam letters, the first one relates to a ‘lottery scam’ and the second example is an ‘inheritance scam’.
We are pleased to inform you of the result of the Lottery Winners International programs held on the 12th March, 2004. Your e-mail address attached to ticket number 370982217413-7240 with serial number 4708-325 drew lucky numbers 2-34-28-13-41 which consequently won in the 7th category, you have therefore been approved for a lump sum pay of US$5,500,000 (five million five hundred thousand united state dollars). CONGRATULATIONS!!!
All participants were selected through a computer ballot system drawn from over 20,000 company and 30,000,000 individual email addresses and names from all over the world. This promotional program takes place every three years.
To avoid unnecessary delays and complications, please quote your reference/batch numbers in any correspondence with us or our designated agent.
Congratulations once more from all members and staffs of this program. Thank you for being part of our promotional lottery program.”
The fraudster would normally ask you to contact your fiduciary agent at the lottery company via e-mail in order to file a claim for the money.
This letter is not intended to cause any embarrassment in whatever form, rather it is intended to contact your esteemed self, following the knowledge of your high repute and trustworthiness.
Firstly, I must solicit your confidentiality. I know that a proposal of this magnitude will make anyone apprehensive and worried, but I am assuring you that it is made in good faith and will be of mutual benefit. I am Barrister Rotimi Adams, the personal attorney to Mr James Maxwell, herein after referred to as my client, a national of your country, who until his death was a major crude oil contractor with the federal government of Nigeria.
My client and his entire family were involved in a fatal motor accident, which unfortunately claimed their lives, along the Sagamu express road, sparing none of the occupants of the vehicle. I have since then made several enquiries to your Embassy, in a bid to locate any relation of my client, and these efforts of mine have not been productive. I then decided to trace his last name over the Internet, and came across your name that is why I have contacted you to assist me in securing the money and property left behind by my client before they are declared as unclaimed and unserviceable by the bank where they have been lodged for safekeeping. I am particularly interested in securing the funds lodged with Global Trust Bank plc, totalling fifteen million, United States Dollar (USD15M). This is because the said Bank has issued a notice to me, unequivocally instructing me to produce the next of kin/beneficiary to the said account within the next ten official working days, or have the account confiscated.
Considering my lack of success in my bid to locate his relatives for over two years, I solicit your consent to enable me produce you as! The next of kin to my deceased client, since you both bear the same last name. The funds will then be transferred to you as the beneficiary and shared according to a proposed sharing pattern/ratio of 70:30 i.e. 70% for me and 30% for you. I will provide all the necessary legally obtained documents to back up any claim we make regarding this process, and will just require your understanding and cooperation to enable us achieve success within a legitimate arrangement, eliminating any liability resulting from any breach of the prevalent laws.”
Of course, all these approaches are completely bogus – even if they have been translated into horrible Maltese!
There is no pot of gold. Anyone who replies will slowly be drained for as much money as they can be persuaded to hand over. It will start with a small sum for courier’s charges or to pay some bill the deceased overlooked; then there will be legal fees; then taxes; and then a bribe to ensure someone does not block the whole deal.
A more recent type of scam is ‘phishing’. In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.
Make sure to protect yourself against scams. It is best to ignore any letters which seem quite odd, don’t give out personal information and do not reply to the sender as you will be confirming your identity. Check that your anti-spam software is up to date and think carefully before you depart with your cash!
Consumers who have been approached by foreign contacts with an offer to work from home, should be forewarned. They might be victims of scams which have been doing the rounds in many other countries before hitting Malta. These scams are disguised behind numerous pretences, mainly as offers for modelling work, photo session or advertising campaigns.
The MFSA has been informed that a number of consumers have approached their bank to encash travellers cheques (with an American Express logo) in euro, US dollar or sterling which they received in part payment for any of the above mentioned reasons. These travellers’ cheques are mostly in denomination of EUR 500 and, for the untrained eye, look rather authentic – complete with apparent watermarks, holograms and security threads. However, these cheques are fraudulent and therefore useless – but by the time consumers find out, they might have already sent money to the fraudsters, which is where the scam lies.
Lately, consumers who have been targeted by these foreign fraudsters claim they have been contacted to appear in a photo session. These “would-be” models are sent a number of travellers’ cheques (often 5000 Euros or Sterling Pounds), asked to deposit them into their own bank account and then transfer the money to a third party via a money transfer facility (which is usually not through a bank). The explanation is that the money is to cover expenses for the photo session, studio hire, etc.
The “model” is also told that she can keep a percentage (around 10 to 20 per cent) as her modelling fee. The travellers’ cheques would be worthless but the fraudsters hope that the transfer from the “model” has already been made by the time she finds out (which is usually a few days after the bank receives notification from abroad during the clearing process). It is near to impossible to retrieve any funds sent by such money transfer facilities once they are withdrawn.
The whole set-up is a variation of other scams, normally referred to as advance payment scams. The e-mails which are being sent by the fraudsters can be relatively easily spotted as a scam. Some of the give-aways are:
- Poor style of writing, spelling and grammar;
- Offer is too good to be true;
- Pressure to conclude the matter immediately;
- Request for the targeted consumer not to discuss with other parties; and
- Strange financial arrangements.
Ask yourself the following questions if you receive such offers: . “why are the foreign contacts sending me money and then asking me to send them back?” and “why are they paying me with travellers’ cheques”?
Consumers are, once again asked to remain vigilant by:
- not responding to such e-mails;
- not giving out any personal details;
- not sending CVs, scans of photo ID, driving licences or similar documents;
- not paying any money, even if you have already received a cheque.
Be extremely cautious. In the meantime, local banks have made their branch staff aware of these scams who may provide guidance on request.
Have you been smished?
You may have heard of phishing – the practice of sending a hoax email to trick you into providing your bank account details.
But have you heard of smishing? Smishing is where identity thieves use SMS messages to obtain your personal details.
A recent example involves sending text messages that claim that a renowned international company (such as a mobile telephone company or a soft-drinks firm) has awarded you a very high sum of money by way of a lottery.
Top tips to avoid mobile phone scams
- Don’t give out your number to just anyone. Keep your mobile phone number confidential and share it only with friends and relatives. If you put it on your business card, be careful who you give this to.
- Be suspicious of unexpected text messages or calls.Check the number before replying to text messages or calls. Not only could these be a scam but some numbers which require you to call to collect “your prize” may be mobile numbers and could result in higher charges than normal rates.
- Install anti-virus software. Most of the big internet security companies have mobile versions of their software.
- Scrutinise your bill every month (if you are on contract).Watch out for your bill and be alert for any entries which do not look right.
- Don’t use it for competition entries or other apparently “free services”.If you do choose to do this, make sure you read all of the terms and conditions.
The Authority has come across several instances were legitimate websites of bank and financial firms had been cloned and some details manipulated. The difference between the original and the faked/cloned sites may be hard to identify, especially if you are unfamiliar to the legitimate website. Some faked/cloned sites reproduced logos, photos and information from the legitimate site but featured a different name for the financial firm.
In all the fake/cloned sites visited, there were references to the regulator and that the firm is licensed, a fake company registration number as well as a telephone number which would direct you through a call centre in a foreign country with operators impersonating employees of the fake financial entity. Contact with the fraudsters would also be encouraged by email or contact form which is an easy way for them to obtain your personal data!
The aim of such websites, as with any other scam involving identify fraud, is to get hold of your personal information such as card details, addresses and emails and, eventually, mis-use it fraudulently!
The MFSA has come across a very few number of fake/cloned websites however, there may still be hundreds if not thousands of such websites out there and you should be on the alert if you are about to provide any personal (and financial) details via an unsecure website.
Here are some tips you should keep in mind when dealing with a financial entity over the internet:
If the websites states that the company is registered by the MFSA always check the list of licence holders on the MFSA website http://www.mfsa.mt/pages/licenceholders.aspx. If a foreign jurisdiction is mentioned, check (and double check) the website of the regulator of that jurisdiction (even websites of regulators and central banks have been cloned) never do business before checking that the company is actually registered and authorised to provide such services.
- Always beware if the website is outside the European Union as it might be practically impossible to trace your funds should there be any problems.
Check on any search engine for further information on the company. Usually if you type the name of the company followed by the word scam or fake you would immediately be alerted if the website is not legitimate.
Do not be impressed with logos, history and photos of CEOs and top management with fancy qualifications and experiences; these can be easily copied as the rest of the website.
Never send your details by email or over the phone; always use a secure system using a login and password which are first verified by email.
Beware of PO boxes, free-to-use email addresses and foreign telephone numbers.
Participants in the Maltese Depositor Compensation Scheme can be checked online on http://www.compensationschemes.org.mt. Check the website of the foreign scheme if a non-Maltese jurisdiction is mentioned.