As a consumer reporter who writes regularly about scams, I consider myself pretty well versed in con games. But lately, fraudsters have become ever more devious by posing as companies, government officials, friends and relatives to gain access to your financial data — sometimes installing malicious viruses on your computer along the way.
Impostor scams conducted by email, phone calls and even knocks at your door have become one of the fastest growing frauds in America, ranking sixth on the Federal Trade Commission’s Top 10 consumer complaints survey for 2012. Nearly 83,000 complaints about impostor scams were filed with federal and state authorities, up about 39 percent from 60,000 complaints just two years earlier.
Why We Fall for Impostor Scams
Impostor scams are particularly pernicious, says David Torok, director of the FTC’s division of planning and information, because the con artists dupe consumers by claiming to be almost anyone. "They are pretending to be your local power company, a local court official or even the Department of Motor Vehicles.”
(MORE: Lowdown on Scams, Schemes and Swindles Targeting You)
Impostor scams aren’t new; the grandparent scam, for instance, has been around for a few years. (In that one, an impostor calls an older person, pretending to be a grandchild who needs money wired urgently.)
But consumer officials say these scams are not only rising, they’re also getting more sophisticated, which makes it remarkably easy to become a victim.
Gone is the relatively easy-to-spot Nigerian scam email, riddled with poor grammar and misspellings, asking to stash millions of dollars in your bank account. Instead, unsuspecting victims are receiving official-looking emails and letters that look like they’ve been sent from a legitimate company or entity, complete with the appropriate letterhead.
Phone Call From the Government?
Crooked telemarketers are becoming ever more clever, too.
One of my editors said that her mother's mate received an email from the sheriff's office in Manatee County, Fla., with a warning about a jury duty scam. Apparently, a crook posing as a local court official had been calling residents saying that they missed jury duty. When they respond that they never received a notice, the caller asks for personal information such as a Social Security number to purportedly verify that claim.
Southeast Missouri residents recently reported being targeted by fraudulent operators pretending to be calling about Medicare, Social Security or supplemental insurance, according to DailyJournal Online. In this scheme, the con artists either say that new health insurance cards or Social Security cards are being issued or the beneficiary's file needs updating. Ann Denman of Desloge, Mo., said the scammer asked for her Social Security number, but she refused and hung up. "I think I nipped it in the bud," Denman said.
‘Tech Support’ Wants Into Your Computer
And how about this scary alert from the Internet Crime Complaint Center, or IC3, a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center? A person claiming to be tech support from a well-known software company (often Microsoft) calls to say a virus has been detected in your computer and that he can remove it if you allow access to your machine.
If you say “yes,” the caller runs a scan of your files and says the virus can be removed if you’ll pay a fee and provide your credit-card number. After the call, IC3 says, the user can’t access certain programs.
(MORE: Telemarketing Calls Like This One Are Cause for Alarm)
Knock Knock: It’s (Not) the Utility Company
Door-to-door imposter pitches are also a growing problem, says Susan Grant, director of consumer protection for the Consumer Federation of America.
One example: A person purporting to be from a local utility makes home visits, allegedly providing advice on ways to trim electricity bills. But the visit is really to sell “some sort of bogus energy-saving device,” Grant says.
How I Was Almost Taken Twice
In the past three months, I’ve almost been snookered by two impostor emails, one that looked like it came from PayPal and the other from a faux USAirways.
The PayPal email confirmed an order I had allegedly made, but included a link to dispute the charge if it was wrong. Fortunately, my suspicious nature kicked in just before I clicked on the link. I forwarded the email to PayPal, which told me it was a phishing scam, aimed at getting me to reveal my password or other financial information.
The USAirways email initially seemed legitimate, too. It asked me to confirm my seat assignment for a flight leaving Miami the next day; I had actually flown into Miami a week earlier and was scheduled to leave in two days.
I don’t know if that was coincidence or if someone had tapped into my emails while I used a public Wi-Fi when I was in Miami. Even though the email had the wrong date for my return flight, it seemed real enough for me to think there was a mix-up in my reservation. Just as I was about to click on the link, though, I realized my return flight was on American. I deleted the email.
Even the Fraud Regulator Gets Defrauded
Torok says scammers have even pretended to be from his own agency, the FTC, calling to say they’re from its National Do Not Call Registry.
According to the Better Business Bureau, the impostor says he wants to verify you’re on the registry or give you a chance to register if you’re not. All you need to do is supply your name, address and Social Security number.
Small businesses have also received bogus emails with the FTC letterhead, saying the agency is filing a complaint against them. The emails contain a link, allegedly to the FTC, encouraging the company to read the complaint and respond. But by clicking the link, Torok says, a virus may be installed on the firm’s computer.
5 Ways to Protect Yourself Against Impostor Scams
Given the proliferation of these imposter scams, here are five ways to remain vigilant:
If you get an unsolicited email from a business, even one where you’re a customer: Don’t immediately respond or click on any attachments or links. Instead, check to see whether the email is legitimate.
Do this by opening a new window, typing in the URL for that business and either going to your account or customer service.
If you’re asked to share personal information with someone claiming to be with a company where you’re a customer: Don’t do it. Hang up and call the business (look up the number; don’t use one provided by the unsolicited caller) to see if the request is legitimate.
If you get an email from someone you know, telling you to click on a suspicious link or an attachment: Before clicking on any links, call the person back or send an email of your own (not a reply) to confirm whether the email is really from them.
Impostors can easily send phony emails that look exactly as though they came from your friends or relatives.
If you get an email from a friend or neighbor urging you to wire money immediately: Delete it. Should you believe the person is truly in trouble, call him or her (or a friend who might know).
Similarly, if you get an email from a friend that just contains a link and no other message, don’t open the link until you verify that it’s valid.
(MORE: Beware of Appeals for Cash From Someone Claiming to Be a Friend)
If you’re asked to turn over control of your computer to someone from “tech support”: Don’t do it unless you can confirm the person is a legitimate representative of a computer company whose hardware or software you use.
Call the firm (find the number on its website), ask for tech service and see whether the request was an honest one.
Odds are, you're being played — and this is one dangerous game. Be vigilant.