The FBI’s Internet Crime Complaint Center (IC3) today issued a warning about an uptick it is seeing where fraudsters are hosting fraudulent government services websites in order to grab Personally Identifiable Information (PII) and to collect fraudulent fees from consumers.
+More on Network World: Graphene is hot, hot, hot+
“Although the volume and loss amounts associated with these websites are minimal to date, the victims are having their PII data compromised which may be used by criminals for any number of other illicit activities, ranging from the creation of fraudulent IDs and passports to fraudulent loans and tax refunds. The PII can include the victim’s name, address, phone number, e-mail address, social security number, date of birth, and mother’s maiden name,” the FBI stated.
The FBI described the scam procedure:
- Victims use a search engine to search for government services such as obtaining an Employer Identification Number (EIN) or replacement social security card.
- The fraudulent criminal websites are the first to appear in search results, prompting the victims to click on the fraudulent government services website.
- The victim completes the required fraudulently posted forms for the government service they need.
- The victim submits the form online, believing they are providing their PII to government agencies such as the Internal Revenue Service, Social Security Administration, or similar agency based on the service they need.
- Once the forms are completed and submitted, the fraudulent website usually requires a fee to complete the service requested. The fees typically range from $29 to $199 based on the government service requested.
- Once the fees are paid the victim is notified they need to send their birth certificate, driver’s license, employee badge, or other personal items to a specified address.
- The victim is then told to wait a few days to several weeks for processing. By the time the victim realizes it is a scam, they may have had extra charges billed to their credit/debit card, had a third-party designee added to their EIN card, and never received the service(s) or documents requested.
- Additionally, all of their PII data has been compromised by the criminals running the websites and can be used for any number of illicit purposes. The potential harm gets worse for those who send their birth certificate or other government-issued identification to the perpetrator.
- Follow-up calls or e-mails to the perpetrator(s) are normally ignored and many victims report the customer service telephone numbers provided are out of service.
The warning is the second in recent days around stolen personal information scams. Last week the IC3 noted IRS Tax Return scams complaints are up as criminals have become increasingly more proficient in stealing the personally identifiable information.
A variety of fraud techniques to obtain the information needed to file a tax return. The most popular methods include: computer intrusion, the online purchase of stolen personal information, the recruitment of insiders who have legitimate access to sensitive information, the physical theft of computers that contain personal information, the impersonation of Internal Revenue Service personnel, and the aggregation of information that is obtained through multiple publicly available Web sites, the IC3 states.
Once the fraudsters obtain victim’s information, they electronically file tax returns and set up pre-paid debit cards or bank accounts to route fraudulent returns. The balances on the pre-paid cards and bank accounts are depleted shortly after the tax refund is issued, the IC3 said.
Check out these other hot stories: