229 posts categorized "Fraud" Feed

Facts About Debt Collection Scams And Other Consumer Complaints

Logo for Consumer Financial Protection Bureau The Consumer Financial Protection Bureau (CFPB) recently released a report about debt collection scams. The report is based upon more than 834,00 complaints filed by consumers nationally with the CFPB about financial products and services: checking and savings accounts, mortgages, credit cards, prepaid cards, consumer loans, student loans, money transfers, payday loans, debt settlement, credit repair, and credit reports. Complaints about debt collection scams accounted for 26 percent of all complaints.

The most frequent scam are attempts to collect money from consumers for debts they don't owe. This accounted for 38 percent of all debt-collection-scam complaints submitted. This included harassment:

"Consumers complained about receiving multiple calls weekly and sometimes daily from debt collectors. Consumers often complained that the collector continued to call even after being repeatedly told that the alleged debtor could not be contacted at the dialed number. Consumers also complained about debt collectors calling their places of employment... Consumers complained that they were not given enough information to verify whether or not they owed the debt that someone was attempting to collect. "

The two companies with the most complaints:

"... were Encore Capital Group and Portfolio Recovery Associates, Inc. Both companies, which are among the largest debt buyers in the country, averaged over 100 complaints submitted to the Bureau each month between October and December 2015. In 2015, the CFPB took enforcement actions against these two large debt buyers for using deceptive tactics to collect bad debts."

Compared to a year ago, debt collection complaints increased the most in Indiana (38 percent), Arizona (27 percent), and New Hampshire (26 percent) during December 2015 through February 2016. Debt collection complaints decreased the most in Maine (-34 percent), Wyoming (-26 percent), and North Dakota (-23 percent). And:

"Of the five most populated states, California (10 percent) experienced the greatest percentage increase and Illinois (-4 percent) experienced the greatest percentage decrease in debt collection complaints..."

The report lists 20 companies with the most debt-collection complaints during October through December 2015. The top five companies with with average monthly complaints about debt collection are Encore Capital Group (139.3), Portfolio Recovery Associates, Inc. (112.3), Enhanced recovery Company, LLC (65.7), Transworld Systems Inc. (63.7), and Citibank (54.7). This top-20 list also includes several banks: Synchrony Bank, Capital One, JPMorgan Chase, Bank of America, and Wells Fargo.

While the March Monthly Complaint Report by the CFPB focused upon debt collection complaints, it also provides plenty of detailed information about all categories of complaints. From December 2015 through February 2016, the CFPB received on average every month about 6,856 debt collection complaints, 4,211 mortgage complaints, 3,556 credit reporting complaints, 2,021 complaints about bank accounts or services, and 1,995 complaints about credit cards. Most categories showed increased complaint volumes compared to the same period a year ago. Only two categories showed a decline in average monthly complaints: credit reporting and payday loans. Debt collection complaints were up 6 percent.

Compared to a year ago, average monthly complaint volume (all categories) increased in 40 states and decreased in 11 states. The top five states with the largest increases (all categories) included Connecticut (31 percent), Kansas (30 percent), Georgia (25 percent), Louisiana (25 percent), and Indiana (24 percent). The top five states with the largest decreases (all categories) included Hawaii (-25 percent), Maine (-19 percent), South Dakota (-14 percent), District of Columbia (-8 percent), and Idaho (-6 percent). Also:

"Of the five most populated states, New York (12 percent) experienced the greatest complaint volume percentage increase, and Texas (-8 percent) experienced the greatest complaint volume percentage decrease from December 2014 to February 2015 to December 2015 to February 2016."

The chart below lists the 10 companies with the most complaints (all categories) during October through December, 2015:

Companies with the most complaints. CFPB March 2016 Monthly Complaints Report. Click to view larger image

The "Other" category includes consumer loans, student loans, prepaid cards, payday loans, prepaid cards, money transfers, and more. During this three-month period, complaints about these companies totaled 46 percent of all complaints. Consumers submit complaints about the national big banks covering several categories. According to the CFPB March complaints report (links added):

"By average monthly complaint volume, Equifax (988), Experian (841), and TransUnion (810) were the most-complained-about companies for October - December 2015. Equifax experienced the greatest percentage increase in average monthly complaint volume (32 percent)... Ocwen experienced the greatest percentage decrease in average monthly complaint volume (-18 percent)... Empowerment Ventures (parent company of RushCard) debuted as the 10th most-complained-about company..."

To learn more about the CFPB, there are plenty of posts in this blog. Simply enter "CFPB" in the search box in the right column.


Learn How To Spot These 5 Energy Scams So You Don't Get Duped

Eversource logo Maybe it was a visit by door-to-door sales person. Maybe it was a phone call; or a text or e-mail message. There are six energy scams you should be aware of, so you don't get duped and lose your hard-earned money. Eversource, the largest energy delivery service in New England, alerted its customers about common scams:

  1. Shut-off Threats: callers claim to represent the Billing or Disconnect Department, and state that your power will be shut off if you don't make a payment immediately.
  2. Pay immediately: callers instruct you to make a payment immediately to a third-party location, such as a grocery store, or to a "Green Dot" VISA card. Then, the scammer directs victims to call another phone number to report the card payment information, so the scammers can drain the card account online.
  3. Faulty meters: callers claim your electric (or gas) meter is broken and it overcharging you. Then, the scammer directs victims to buy a $200.00 prepaid card. The scammers calls again claiming the first payment hasn't posted, and the consumer should buy a $300.00 prepaid card. Of course, the scammer lies about the meter being fixed soon.
  4. Unsolicited technician: a door-to-door person, with a hard-to-read badge, claims he is there to check your usage since your neighbors reported have claimed about high monthly bills.
  5. Unsolicited salesperson: a door-to-door person claims there is a problem with your utilities, and you failed to respond to urgent notices. The scammers insisted that you could get a rebate, or savings, but needs to see a copy of your energy bill.

These are all scams because:

"Eversource would never ask you to purchase prepaid cards or make an immediate payment at a third-party location, like a grocery store. We have a very secure, protected billing system, and you have multiple, convenient options to pay your bills, including direct debit, check, credit card and cash. Customers who are scheduled for disconnection due to nonpayment receive written notice that includes the actions they can take to maintain service... All [Eversource] employees carry company-issued identification, and any electrical contractors working with us carry documentation explaining the nature and location of their work. Customers can always call us to verify this information. Eversource would never solicit door-to-door or over the phone on behalf of a specific competitive/alternate energy supplier."

The information on your monthly energy bill is sensitive information. Protect it. Eversource advises:

"Never provide personal financial or utility account information to any unsolicited individual, in person, on the phone, or online, even if the individual seems legitimate."

And Eversource advises its consumers to:

"Always verify whether these contacts are legitimate by asking for some basic information about your account. Our representatives will always be able to provide the name on the account, the account address, and the exact past due balance. If the caller cannot provide that information, the call is not from us."

If you use a different energy provider, check it's website for scams. For example, earlier this month PG&E warned its customers in California about similar scams.

I've received some of these robocalls from scammers. Long ago, I registered both my landline and mobile phone numbers in the National Do Not Call Registry. When I receive unwanted and un-requested robocalls, I hang up the call immediately and submit a complaint to the U.S. Federal Trade Commission (FTC). You should, too.


FCC Seeks $29.6 Million Fine Against Phone Carriers For Alleged Cramming And Slamming

Federal communications Commission logo The U.S. Federal Communications Commission (FCC) seeks $29.6 million in fines against three phone providers for allegedly switching (a/k/a "slamming") consumers' long distance service without their consent, applying (a/k/a "cramming") unauthorized charges on their monthly bills, and obstructing the FCC investigation. The FCC press release stated:

"... the Commission asserts that OneLink Communications, Inc., TeleDias Communications, Inc., TeleUno, Inc., and Cytel, Inc., “slammed” consumers by switching their long distance carriers without authorization and “crammed” unauthorized charges onto consumers’ bills. In addition, it is alleged the companies, which operate as a single enterprise, fabricated audio recordings that they then submitted to the FCC as “proof” the consumers authorized these changes and charges... The FCC found that the companies’ apparent unauthorized charges and deceptive marketing calls constituted “unjust and unreasonable” practices under the Communications Act. The FCC also determined that the companies apparently violated federal law by submitting fake consumer authorizations and providing false and misleading information to the FCC during its investigation..."

OneLink Communications logo The FCC action included a Notice of Apparent Liability for Forfeiture. More than 140 consumers filed complaints with the FCC. There was an FCC order in August 2009 against TeleDias Communications for slamming. The OnelInk website lists an office in Tamarac, Florida. The Cytel, Inc. website lists an office in Pompano Beach. Florida. A check of both the Cytel or OneLink sites couldn't find lists of their executives or corporate officers.

How the companies allegedly performed deceptive marketing:

"Some consumers alleged that the companies’ telemarketers pretended to be from the post office calling about a nonexistent package delivery to obtain information to create fake consumer authorization recordings. In other cases, it appears the companies impersonated individuals in the authorization recordings. The companies then allegedly provided the fake authorizations to the FCC in response to its investigation into the consumer complaints. Even after consumers repeatedly contacted the companies about the alleged unauthorized charges and carrier switches, the companies purportedly refused to provide refunds until consumers filed complaints with the FCC, Better Business Bureau, or state regulators."

Kudos to the FCC for investigating the complaints. Kudos to consumers for filing complaints with the FCC, BBB, and state regulators when a company fails to do the right thing.


Safe Shopping Tips For the Holidays

The holiday shopping season is here. Experts estimate that consumers will spend about $83 billion. Everyone wants to shop safely and avoid both identity theft and fraud. The California Attorney General's office issued several safe-shopping tips for consumers that are applicable everywhere and not only in California. Some of the items were already covered in this blog, so I added links.

Online

  • Shop at secure websites. Look for https in the website address, or for the yellow lock icon
  • Don't shop online at public WiFi hotspots, such as coffee shops. This can put at risk your payment information (e.g., bank account, credit/debit card numbers, etc.). If you must use a public WiFi hotspot, use encryption software on your mobile device.
  • Do not send personal and payment information in e-mail messages. Legitimate companies won't ask you to do this, since it is an insecure way of transmitting information. Learn to spot package delivery scams.
  • Use reputable websites when booking travel or lodging for trips. However, scammers also insert listings on vacation websites. If the price is too good to be true, it usually is. Learn to spot vacation payment scams.
  • Identity thieves and fraudsters use mobile apps. Before purchasing an app, find and read independent reviews. Also, read the terms of use and privacy policy for the app desired. Download and buy apps only at reputable websites. Use these tips to protect your phone from online crime.
  • If you receive text messages on your phone claiming you have won a prize or gift card, do not click on the link in the message. It probably is a scam and may install a virus on your phone. E-mail scams are common. Learn to spot phishing e-mails. Be wary of e-mails from persons claiming to be a shipping company. These e-mail message often contain attached files that contain computer viruses. Do not open attached files from strangers.
  • Consider using a two-step process to protect your email account and sensitive personal information. For example, after inputting your password, you will then receive a text on your phone, that provides a one-time-use code to sign into your e-mail account. Your e-mail provider has instructions about how to set this up.

In Stores

  • Thieves use handheld scanners and counterfeit credit cards to use gift cards that they do not actually have. Only buy gift cards that are kept behind the store’s customer service counter or activated upon checkout. Before buying the card ask for it to be scanned to show that it is fully valued.
  • Learn to spot and avoid prepaid gift card app fraud.
  • Package theft is happening more frequently. If you do not have a secure area for delivery companies to leave packages, consider requiring a signature for packages, or have your packages held for pickup at a nearby shipping center.

General

  • Review your bank and credit card statements frequently for fraudulent transactions. Contact your bank or card issuers immediately if you see unusual or suspicious transactions.
  • If you receive a phone call from somebody claiming to be your bank or credit card company, who asks you to verify your account information, don't. Instead, ask them for their phone number so you can call them back. Then, call the phone number listed on the back of your credit card.
  • Learn to spot and avoid prepaid card phone scams.
  • Parents and grandparents should be wary of phone calls, e-mails, and social networking posts by scam artists pretending to be a child, friend, or relative stuck in an emergency abroad and needing cash immediately. Scammers try to get the victim to wire cash or disclose sensitive personal and financial information. Don't do this. Before taking any action, verify the health or status of the child, friend, or relative abroad.
  • Use these ten tips for safe vacation travel.

Happy holidays!


Federal Prosecutors Pursue Criminal Charges Against Banking Executives

Department of Justice logo Reuters news service reported yesterday that federal prosecutors are pursuing criminal charges against executives at two banks for allegedly marketing mortgage-backed securities loaded with faulty loans after warnings by coworkers. If so, this would be the first cases of criminal charges against bankers.

Citing an article in the Wall Street Journal, Reuters reported possible criminal investigations at both JPMorgan Chase & Company (JPMorgan), and at the Royal Bank of Scotland (RBS):

"Prosecutors are scrutinizing a $2.2 billion deal that repackaged home mortgages into bonds in 2007 at RBS and two people who worked on a different residential-mortgage deal at JPMorgan, the Journal said. JPMorgan, RBS and Department of Justice declined to comment. JPMorgan said in a filing in November that it was responding to an investigation by the DoJ's criminal division.

It would seem that the news reports in May 2015 covered in this blog were largely accurate. At that time, news reports mentioned possible charges against five banks. Also in May, a federal court ruled that the Japanese bank Nomura Holdings and the Royal Bank of Scotland had misled Fannie Mae and Freddie Mac while selling them mortgage bonds that contained errors and misrepresentations.

J.P.Morgan logo JPMorgan has a colorful history, part of which is worth reviewing. In January 2015, it was one of four banks that settled illegal foreclosure charges with the Massachusetts Attorney General with a $2.7 million payment. In November 2014, both RBS and JPMorgan were part of a group of banks that paid $4.2 billion in fines to U.S., U.K., and Swiss regulators for rigging the foreign exchange, or FX, market. In December 2013, JPMorgan paid $515.4 million to the Federal Deposit Insurance Company (FDIC), $300 million to the California Attorney General, and $13 billion with the U.S. Justice Department to settle charges about the misrepresentation of offering documents for residential mortgage-backed securities (RMBS).

December 2013 was a big month. JPMorgan Chase announced a data breach that affected half a million prepaid card customers. U.S. taxpayers also learned that month that much of the huge fines JPMorgan paid were tax-deductible and reduced the bank's tax payments. in September 2013, the Consumer Financial Protection Bureau (CFPB) ordered both Chase Bank USA, N.A. and JPMorgan Chase Bank, N.A. to refund about $309 million to more than 2.1 million customers for illegal credit card practices, where customers were enrolled in credit monitoring services without their authorization and charged for services not delivered.


How The Teenager Hacked The CIA Director's Email Account

Central Intelligence Agency logo You've probably heard about it, or read some of the initial news reports. The New York Post broke the story about a teenager hacking into the e-mail account of John Brennan, Director of the Central Intelligence Agency (CIA). The methods the hacker used are a good example of pretexting: when a criminal pretends to be somebody they aren't in order to acquire sensitive information about the target(s).

Wired provided a detailed report about the incident, which I've distilled into seven steps:

  1. The hacker did a reverse number lookup of Brennan's mobile phone number. Several websites provide this feature. From that, the hacker learned that Verizon was Brennan's provider of phone services.
  2. Pretending to be a Verizon technician, the teenage hacker and his accomplices, called Verizon asking for details about Brennan's account. The Verizon phone rep asked for their Vcode, a unique number assigned to each Verizon technician. The hacker provided a fake Vcode which somehow passed Verizon's security. From that, the hacker learned Brennan’s account number, four-digit PIN, the backup mobile number on Brennan's account, Brennan’s AOL email address, and the last four digits on Brennan's bank card.
  3. The hacker accessed Brennan's AOL e-mail account on October 12, and read several e-mail messages including messages forwarded from his work e-mail account. From that, the hacker learned Brennan's secure White House e-mail address, his security clearance application, topics discussed by Brennan and other intelligence officials, and work-related documents attached to several e-mail messages. One attachment included a spreadsheet with names and Social Security numbers of several persons, including intelligence officials.
  4. The hackers posted photos of several documents online via a Twitter account they had set up. The hackers accessed Brennan's account for at least three days.
  5. On October 16, the hacker posted via Twitter that Brennan had deleted his AOL e-mail account supposedly because the hackers had accessed it.
  6. Brennan reset the password on his AOL account, which the hackers accessed again. This suggests that they called AOL customer service pretending to be Brennan and reset the password on his account so they could access it. Reportedly, the dueling password resets happened three times.
  7. The hackers called Brennan's mobile phone number and told him his account had been hacked. After asking them what they wanted, the hackers reportedly answered, "We just want Palestine to be free and for you to stop killing innocent people."

What should consumers make of this incident? First, the incident provides a window into the hassles and inconveniences when your e-mail account is hacked and taken over by a criminal. The hackers could have sent out spam messages from Brennan's account to his friends, family, and coworkers. Second, the incident highlights the necessity of not using the same password on multiple accounts. When consumers do this, it makes it easy for criminals to access several of your online and financial accounts. Hackers will try the same stolen password at other online accounts to see where else they access.

Third, the incident is a reminder for consumers never to disclose sensitive personal and financial information over the phone. Why? Simply, the caller's identity is unknown and unverified. We consumers frequently receive calls from identity thieves from fake computer support vendors or bogus cardholder services.

Verizon logo Fourth, Verizon should improve its security processes. A fake Vcode should not allow access to customers' sensitive information. There should be consequences for Verizon for this breach. Fifth, the hackers' techniques provide a tiny view of the activities spies and counter-intelligence agencies perform, and why these entities want to hack into government agencies' websites, such as the Office of Personnel Management breach earlier this year.

Sixth, adding your mobile phone number to your social networking and e-mail accounts is not a data security cure-all. Smart hackers will target your mobile phone number so that they receive any notifications  you've set up about changes to your account.

Seventh and perhaps most troubling, the Brennan and Clinton e-mail incidents suggest that many government officials highly value convenience (just as consumers do), by forwarding work-related e-mails and documents from secure work systems to less secure commercial systems. You could argue that this desire for convenience is a security weakness. Fifth, you can bet that spies will try to take advantage of this weakness by replicating pretexting attacks on other high-value executive targets, in both the public and private sectors. If a teenager can do it, then so can an experienced spy.

What are your opinions of the hacking incident? Of Verizon's role?


Today is The Date Banks Set To Transition To New Chip Cards. Are We There Yet?

Today, October 1, 2015 is the date banks and card issuers set to transition to the new EMV chip cards. The transition was to reduce card fraud. EMV is the name of the technology jointly developed by Europay, MasterCard, and Visa. Was the transition completed? The American Banker reported:

"Most credit cards (about 70%) will have chips on them. But most of these cards will be chip-and-signature cards, not chip-and-PIN... Many small merchants won't be ready. Depending on which study you believe, somewhere between 20% and 30% of merchants have purchased and deployed the EMV-capable point-of-sale terminals and software they will need to handle EMV chip cards. Big-box stores like Target that have suffered data breaches have done this work. But most small stores and restaurants have not. New EMV equipment is expensive and sometimes difficult to implement, and many seem unaware of the dangers of not adapting."

So, the transition is incomplete. In Europe, the United Kingdom transitioned to chip-and-PIN in 2006, and saw store-related card fraud drop 70 percent. The PIN is a short number the cardholder enters at the terminal to authorize their purchase. Chip-and-signature refers to new chip cards when the cardholder signs at the terminal to authorize their purchase.

It' is troubling that many retailers in the USA haven't upgraded to the new terminals. The result: consumers will encounter a frustrating mix of stores with and without the new chip card terminals. Cardholders will have to insert their chip cards at stores with the new terminals, and swipe the swipe the magnetic stripe on the back of their chip cards at stores without the new terminals.

The new chip cards contain both a chip that encrypts and stores your sensitive payment information, plus the obsolete magnetic stripe on the back of the card, which fraudsters have used to clone cards. Some experts have criticized this approach, arguing that the less-secure magnetic stripes should have been eliminated. The counter argument:

"Duplicating the chip on a chip card is difficult if not impossible [for ciminals]. Most new cards are being issued with both a magnetic stripe and a chip and the new EMV terminals accept both the chip and the stripe. So theoretically [criminals] could duplicate just the magnetic stripe on the chip card, create a new magnetic stripe card and try to use that. However, if an EMV card is swiped on an EMV-compliant merchant terminal, the system will reject the transaction and force the consumer to insert the chip."

Time will tell which experts are correct. Some cite two statistics. First, 37 percent of total card fraud is from criminals using cloned cards in stores. Second, the bulk of card fraud is online:

"Online card fraud is expected to rise. So-called "card not present" fraud — where someone uses a card but does not physically present the card (this could be over the phone, over a fax machine, on a mobile device or a computer, but most people equate "card not present" with using a card on a website) — represents the bulk of card fraud in the U.S.: 45%, according to Aite Group. The analyst group expects online card fraud to more than double from $3.1 billion in 2015 to $6.4 billion in 2018."

To help consumers, the Consumer Financial Protection Bureau (CFPB) provides easy answers about the new chip cards. The CFPB is a great resource for consumers to learn about their rights and to get help. The CFPB enforces rules that financial institutions must follow when marketing financial products to consumers. For unresolved problems with credit/debit/prepaid cards, student loans, debt collection agencies, or other financial products, you can submit online a complaint to the CFPB for assistance.

Discover notified its credit card customers in July about the transition. Its notice provided helpful images of the new terminals, the new chip card, and how cardholders insert chip cards into the new terminals. As I wrote then, before traveling in Europe, Discover cardholders should set up a PIN number, since Europe requires chip-and-pin authorizations.

What are your opinions of the new chip cards? Of the partial transition? If you have experienced problems with a new chip card, please share below.


Silent Phone Calls Indicate The Start Of Identity Theft And Fraud

At some point we all have received these "silent" phone calls. After answering the call, there's nobody on the line. The call is silent and then we hang up. The problem is over, right?

Security experts reported that these "silent" phone calls can be the start of identity theft and fraud. An NPR report explained the identity theft and fraud process.

Step one includes an Internet-based robocall (e.g., an automated phone call using computers) from anywhere in the world -- usually offshore -- by scammers to verify your 10-digit phone number. With the multitude of corporate data breaches, the criminals may have acquired your name and phone number from hackers. Step two is another robocall pretending to be your bank, computer company, collection agency, or tax agency to trick you into revealing sensitive personal information (e.g., e-mail, address, age, bank name, bank account numbers, card numbers, etc.) over the phone.

NPR reported:

"... these robocalls are on the rise because Internet-powered phones make it cheap and easy for scammers to make illegal calls from anywhere in the world... researchers estimate 1 in every 2,200 calls is a fraud attempt."

Experts advise consumers not to disclose any personal information over the phone. Verify the caller first. Demand their name, company name, e-mail, phone number, website address, and how they acquired your phone number. (Most phone scammers will refuse or make excuses.) If the do provide contact information, check to see if matches the contact information you can verify independently (e.g., the phone numbers on the back of your bank card). If it doesn't match, then the caller is probably a scammer.

I always tell callers two things: a) I don't give out personal information over the phone, and b) I need to verify the caller first. If the caller provides a website address, I will check it during the phone call. If the site doesn't exist or looks crappy, that's a huge clue the caller is probably a scammer.

When you disclose personal information over the phone, the criminals' proceed with step three of the identity theft and fraud process. They will contact your bank or credit card company pretending to be you to takeover your account by changing the address on your account. How? The scammers will use the personal information you provided.

What should consumers do when you receive these robocalls? Experts advise that you simply hang up. Don't ask to be taken off their phone lists. Don't access their voicemail system to be removed from their calls. All that does it help the scammers verify your existence.

Parents: now you know what to teach your children about phone calls, privacy, and safety.


Payment Scam Dupes Airbnb Customer. Was There A Data Breach?

Airbnb logo Readers of this blog are aware of the various versions of check scams criminal use to trick consumers. A new scam has emerged with social travel sites.

After paying for a valid stay, an Airbnb customer was tricked by criminals using an wire transfer scam. The Telegraph UK described how an Airbnb customer was tricked. After paying for for their valid rental with a valid credit card, the guest:

"... received an email from Airbnb saying that the card payment had been declined and I needed to arrange an international bank transfer within the next 24 hours to secure the apartment. Stupidly, I did as asked. I transferred the money straight away to someone I assumed was the host as they had all the details of my reservation."

Formed in 2008, Airbnb now operates in 34,000 cities in 190 countries.

After checking with their bank, the guest determined that the credit card payment had been processed correctly. So, the guest paid twice, with the second payment to the criminal. The guest believes that Airbnb experienced a data breach. According to one security expert:

"The fraud works by sending an email to a host that appears to come from Airbnb asking them to verify their account details. The host foolishly responds thus giving the fraudster access to their account and all the bookings correspondence. Even though the addresses are anonymised the fraudster can still send emails to the customers via Airbnb to try to extract a second payment by bank transfer."

What can consumers make of this? First, hosts should learn to recognize phishing e-mails. Don't respond to them. Second, guests need to remember that inattentive hosts can compromise their identity information. Third, guests should never make payments outside of Airbnb's system.

Criminals are creative, persistent, and knowledgeable. Consumers need to be, too. Read the Scams/Threats section of this blog.


Police Officer Charged with Insurance Fraud

[Editor's Note: I am happy to feature a post by guest author Arkady Bukh. He leads the law firm of Bukh & Associates, PLLC which specializes in criminal law, family law, and several areas of civil law. He is a frequent contributor on CNN, Wired, Forbes, Huffington Post, and several other sites. Today's post is about insurance fraud.]

By Arkady Bukh, Esq.

Occasionally, insurance claims are more fiction that reality.

Adjusters know that not every case is as it seems. Some are complex and others bizarre — if not downright creative. Sometimes it appears that the protected have no remorse when it comes to submitting claims that no sane and rational person would think about.

Insurance fraud claims probably require the greatest ingenuity. According to the Insurance Information Institute, fraud losses are over $30 billion a year. Add-on costs for health care fraud, $77 billion to $359 billion, and the damages add up quickly.

Insurance fraud falls into two types: hard and soft.

Hard fraud typically means someone deliberately creates a bogus claim application. Soft fraud is more of a crime of chance — padding a legitimate claim, changing a home location so that the insurance premiums are lower — that sort of thing.

Regardless if it’s hard or soft fraud, it’s all illegal and accounts for 5% to 20% of insurers’ claims costs.

The good news is that roughly 95% of insurers use antifraud technology that makes it easier to catch the crooks.

The best technology though doesn't stop some individuals from filing claims that shouldn’t have been filed.

Sometimes though the crooks’ stupidity trips them up. Here are two examples:

The Golfer

In a discussion on Quora.com, the online Q&A forum, one case of insurance fraud stands out.

An executive for a publicly traded corporation was big on golfing. As most serious amateurs, he was also big on the new clubs and all the gadgetry that golfers like to purchase.

The executive filed a multi-million dollar lawsuit for disability, claiming that he had fallen and hurt his back while on a business trip out of town.

Several private investigator firms, hired by our fraudster’s employer, were unable to gather information to disprove the disability claim.

Then, a creative Private Investigator came along and figured he could trap the alleged swindler using his love of golf against him.

Running a fake ad in the local newspaper, the PI announced that a new golf club manufacturer was opening up and would be giving away brand-new sets of clubs in exchange for a testimonial.

The VP saw the ad, made the call, and the PI came to the suspect’s house to measure him for his new clubs.

There was just one catch. The PI wanted to take some photographs of the VP using the clubs to go along with the testimonial.

The VP obliged, swung the clubs while the PI snapped away, and the rest of the story can be figured out quickly enough.

The Cop

Perpetrators of workers’ compensation fraud can be found in any job. Law enforcement officers aren’t immune.

Jaime Robinson, a veteran Pasadena police officer, found her undoing during the 2014 craze — ALS’s Ice Bucket Challenge.

Robinson was away from work on a disability claim when someone with a camera captured her on video showing her pouring a bucket of ice water on a fellow cop.

The five-gallon bucket, weighing in at 42 pounds, wasn’t too much for her to lift despite receiving over $116,000 for the past year in disability payments.

Charged with four counts of insurance fraud, Robinson faces a maximum of six years and four months in prison if she’s convicted.


Editor's Picks

Readers: I apologize for the recent lack of blog posts. No worries. Simply, I have been busy with my "day job," which pays the bills. I will resume new posts soon. Meanwhile, twelve must-read items from this year:

  1. Report: Researchers Compare High-Speed Internet Services Worldwide. Consumers In The USA Pay More And Get Slower Speeds
  2. Technology Firm's Consent Agreement With The FTC Highlights The Spying Of Consumers At Brick-And-Mortar Retail Stores
  3. You Own That New Car You Bought, Right? Not So Fast…
  4. What You Need To Know To Pay With Your Phone And Ditch The Plastic In Your Wallet
  5. Update: Bank Of America Price Increase For Its Checking Customers
  6. Hydraulic Fracturing, Safety, And America's Future
  7. Telemarketers Offer Energy Discounts. Have You Received These Calls?
  8. Looking For An Electric Company With Lower Prices? What Massachusetts Residents Need To Know
  9. Corinthian Colleges Students Loan Repayment Strike. Is This A Revolt?
  10. The Starbucks Prepaid Gift Card App Fraud. What You Need To Know
  11. Prepaid Card Phone Scam: How To Spot It And Not Get Duped
  12. 5 Banks Plead Guilty And Pay More Than $5.5 Billion In Penalties

5 Banks Plead Guilty And Pay More Than $5.5 Billion In Penalties

U.S. Department of Justice logo Earlier reports have proven true. Five banks have plead guilty and will pay more than $5.5 billion in total penalties to U.S. and European regulators to settle charges that traders rigged foreign exchange markets. USA Today reported:

"Five major banks Wednesday agreed to plead guilty to criminal charges and pay more than $5.5 billion in collective penalties... The Department of Justice, the Federal Reserve and other U.S. and European authorities and regulators said corporate units of Citicorp, JPMorgan Chase, London-based Barclays, and Royal Bank of Scotland acknowledged their traders rigged foreign exchange prices of U.S. dollars and euros from Dec. 2007 to Jan. 2013... UBS also acknowledged involvement in the rate-rigging. However, the Swiss banking giant received conditional immunity from criminal prosecution because it was the first to report foreign-exchange misconduct to DOJ investigators."

U.S. Attorney General Loretta Lynch described in the Justice Department announcement the wrongdoing:

"Starting as early as December 2007, currency traders at several multinational banks formed a group dubbed “The Cartel.” It is perhaps fitting that those traders chose that name, as it aptly describes the brazenly illegal behavior they were engaged in on a near-daily basis. For more than five years, traders in “The Cartel” used a private electronic chatroom to manipulate the spot market’s exchange rate between euros and dollars using coded language to conceal their collusion. They acted as partners – rather than competitors – in an effort to push the exchange rate in directions favorable to their banks but detrimental to many others. The prices the market sets for those currencies influence virtually every sector of every economy in the world, and their actions inflated the banks’ profits while harming countless consumers, investors and institutions around the globe – from pension funds to major corporations, and including the banks’ own customers..."

The fines by bank:

"... to pay criminal fines totaling more than $2.5 billion – the largest set of antitrust fines ever obtained in the history of the Department of Justice. And the fine that Citicorp alone will pay – $925 million – is the largest single fine ever imposed for a violation of the Sherman Act... Switzerland’s UBS AG, has agreed to plead guilty and pay a $203 million criminal penalty for breaching the non-prosecution agreement it entered in December 2012 regarding manipulation of the London Interbank Offered Rate, or LIBOR – a benchmark interest rate used worldwide. he breach of the NPA was based in part on UBS’s fraudulent and deceptive currency trading and sales practices related to foreign exchange markets, its collusion with other participants in the FX markets and its failure to take adequate action to prevent unlawful conduct after prior civil, criminal and regulatory resolutions.  In other words, UBS promised, in other resolutions, not to commit additional crimes – but it did."

The announcement did not state which, if any, bank executives would go to prison for the wrongdoing. The announcement did not state what portion, if any, of the fines would be tax-deductible. Previously, penalties and fines paid by some banks have been tax-deductible. Some experts and politicians have stated that better disclosures are needed for settlement agreements.


The Starbucks Prepaid Gift Card App Fraud. What You Need To Know

Starbucks logo Criminals have targeted Starbucks gift card and mobile app users. In this fraud, criminals have drained victims' accounts by using the auto-reload featured with Starbucks prepaid gift-card apps linked to consumers' checking, credit-card, or Paypal accounts. Consumer reporter Bob Sullivan first reported about the fraud:

"Maria Nistri, 48, was a victim this week. Criminals stole the Orlando women’s $34.77 in value she had loaded onto her Starbucks app, then another $25 after it was auto-loaded into her card because her balance hit 0. Then, the criminals upped the ante, changing her auto reload amount to $75, and stealing that amount, too. All within 7 minutes."

Other customers have reported fraud this month. The coffee retail chain has had problems before with its mobile app. Starbucks announced in January 2014 a security update to its mobile app after the data of 10 million customers was exposed. Sullivan explained how criminals perpetrate the latest mobile gift-card fraud:

"Because Starbucks isn’t answering specific questions about the fraud, I cannot confirm precisely how it works, but I have informed speculation, based on conversations with an anonymous source who is familiar with the crime. The source said Starbucks was known to be wrestling with the problem earlier this year. Essentially, any criminal who obtains username and password credentials to Starbucks.com can drain a consumer’s stored value, and attack their linked credit card."

So, the fraud suggests that criminals have already stolen large numbers of Starbuck customers' usernames passwords, perhaps by keylogging malware, phishing e-mails, phishing texts, vulnerabilities in the mobile app, brute-force password attacks (since many consumers use the same password at multiple sites), or a combination. Starbucks claims its mobile app has not been hacked and the problem is not widespread.

Some banks have flagged multiple reloads through checking accounts and temporarily closed victims' accounts to stop the theft. Security experts fault Starbucks for not using two-factor authentication for gift-card reloads and for not flagging multiple reloads of consumers' cards within minutes.

Security experts advise consumers:

  1. Use strong passwords and don't use these weak passwords.
  2. Don't use the same username and password at multiple websites and mobile apps
  3. Change your passwords every 90 days

Be very careful about enabling auto-reload features with prepaid cards. Or, disable it. Instructions to disable the auto-reload feature are available at the Starbucks site.

Criminals love prepaid cards because they are a source of cash. You now know the risks for ignoring this advice. The whole situation highlights is a reminder that Apple branded mobile devices can be hacked, too.


Fraudulent Insurance Claims Affect Mobile Device Users

The Best Techie blog published a very interesting post about how easy it is for criminals to file fraudulent insurance claims for mobile devices. The problem isn't just the ease that the fraud is committed, but also that consumers probably aren't aware of fraud claims submitted against their accounts until they file a valid insurance claim:

"If you use one of the major carriers in the U.S. such as AT&T, Verizon, T-Mobile, and/or Sprint the insurance you buy comes from a company called Asurion Insurance Services, Inc... : it appears Asurion’s claim system is very easy to defraud... The only real deterrent in the claim system is that you need to sign an affidavit and provide a photo ID but if high school students can get fake IDs, I’d imagine for a fraudster obtaining a fake ID to scan is laughably easy..."

The I've Been Mugged blog has reported about Asurion. When evaluating mobile insurance offers, it is wise for consumers to do the math first. You'll want to decide if you want malware protection, and if the one- or two-year total of monthly insurance premiums exceeds the cost of your mobile device.

According to the Best Techie report, the fraudster used a combination of the victim's name and valid phone number with a different residential address. You'd think that Asurion would have easily spotted that and contacted their customer at their current address to confirm the claim and the new address.

Consumers pay good money for mobile device insurance, and deserve better protection against insurance fraud. What are your opinions?


Rachel From Cardholder Services: Did You Receive This Robocall?

Earlier this month, I received two mobile phone calls from "Rachel from Cardholder Services." Perhaps, you received a call, too. I recognized it as a robocall and hung up immediately. The Better Business Bureau (BBB) reported in 2012 how the scheme works:

"Con artists use a friendly female voice and generic name to try to get you to pay to reduce your credit card rates, some making as many as 2.6 billion calls per year. According to the Federal Trade Commission, almost 13 million people who got these robocalls were fooled into speaking to an agent in 2010."

The Topeka Capital-Journal in Kansas reported that consumers received robocalls during 2014. Last week, the U.S. Federal Trade Commission (FTC) announced that it will send $700,000 in checks to 16,590 consumers who lost money in the robocall scheme. The refunds are based upon a November 2013 settlement with several companies that performed robocalls.

If you receive one of these robocalls, the BBB advises consumers to:

  • Never provide personal or financial information over the phone. You really don't know who they are.
  • If you are curious, ask the caller to identify their self with an address and phone number you can contact them at. If it is your credit card company, they should already know your credit card number.
  • If it's a scam, file a complaint online with the National Do Not Call Registry, or with the Federal Trade Commission (FTC)

Have you received any of these robocalls? What did you do?


DaVita Healthcare To Pay $22 Million To Settle Medicaid Fraud Allegations

Last week, the Attorney General for the State of Florida announced a settlement agreement between DaVita Healthcare Partners, Inc., several states, and the Federal Government. The settlement resolves allegations:

"... that DaVita paid illegal kickbacks to induce the referral of patients to its dialysis clinics, causing false claims to be submitted to the Medicaid program."

The settlement resulted after a whistleblower lawsuit which alleged that:

"... between March 1, 2005 and Feb. 1, 2014 DaVita identified physicians that had significant patient populations suffering renal disease and offered them lucrative opportunities to partner with DaVita by acquiring and/or selling an interest in dialysis clinics to which their patients would be referred for dialysis treatment. DaVita further ensured referrals of these patients to the clinics through a series of secondary agreements with the physicians, including entering into agreements in which the physician agreed not to compete with the DaVita clinic and non-disparagement agreements that would have prevented the physicians from referring their patients to other dialysis providers."

This is not the first settlement involving DaVita. In October 2014:

"... DaVita agreed to pay the United States $350 million in a federal settlement to resolve claims that it violated the False Claims Act by paying kickbacks to induce the referral of patients to its dialysis centers. DaVita agreed to a Civil Forfeiture in the amount of $39 million. Additionally, DaVita entered into a Corporate Integrity Agreement with the Office of Counsel to the Inspector General of the Department of Health and Human Services, which requires it to unwind some of its business arrangements and restructure others, and includes the appointment of an Independent Monitor to prospectively review DaVita’s arrangements with nephrologists and other health care providers for compliance with the Anti-Kickback Statute.

DaVita Healthcare Partners, headquartered in Denver (Colorado), will pay $22 million total in the settlement. The State of Florida will receive $5.6 million. According to its website, total company annual revenue was $11,764 million. Other states participating in the settlement include California, Colorado, Kentucky, and Ohio.


FTC Sues Data Broker For Selling Consumers' Sensitive Information To Fraudsters

Federal Trade Commission logo Do you know how much your bank account information is worth to fraudsters? Read on.

Just before the Christmas holiday, the U.S. Federal Trade Commission (FTC) announced that it had charged a data broker with selling consumers' sensitive personal information to fraudsters to commit theft and fraud:

"... LeapLab bought payday loan applications of financially strapped consumers, and then sold that information to marketers whom it knew had no legitimate need for it. At least one of those marketers, Ideal Financial Solutions – a defendant in another FTC case – allegedly used the information to withdraw millions of dollars from consumers’ accounts without their authorization."

Defendants named in the lawsuit include Sitesearch Corporation (doing business as LeapLab), LeapLab, LLC (based in Arizona), Leads Company (based in Nevada), and John Ayers. LeapLab's Twitter account seems dormant, and its website is not operating. BusinessWeek lists John Ayers as Chairman of the Board of LeapLab.

In its complaint, the FTC alleged that LeapLab:

"... collected hundreds of thousands of payday loan applications from payday loan websites known as publishers. Publishers typically offer to help consumers obtain payday loans. To do so, they ask for consumers’ sensitive financial information to evaluate their loan applications and transfer funds to their bank accounts if the loan is approved... The defendants sold approximately five percent of these loan applications to online lenders, who paid them between $10 and $150 per lead... the defendants sold the remaining 95 percent for approximately $0.50 each to third parties who were not online lenders and had no legitimate need for this financial information."

So, your bank account information is worth 50 cents to fraudsters. The sensitive consumer information LeapLab allegedly sold to non-lender third parties included consumer’s names, addresses, phone numbers, employers, Social Security numbers, bank account numbers, and bank routing numbers. Who were these non-lender third parties? They included:

"... marketers that made unsolicited sales offers to consumers via email, text message, or telephone call; data brokers that aggregated and then resold consumer information; and phony internet merchants like Ideal Financial Solutions. According to the FTC’s complaint, the defendants had reason to believe these marketers had no legitimate need for the sensitive information they were selling..."

In a separate complaint, the FTC sued Ideal Financial Solutions (based in Las Vegas, Nevada), for allegedly buying information about 2.4 million consumers between 2009 and 2013 from data brokers and using that information:

"... to make millions of dollars in unauthorized debits and charges for purported financial products that the consumers never purchased. LeapLab provided account information for at least 16 percent these victims."

The New York Times reported:

"The complaints are part of a multiyear government crackdown on fraudulent debt collection and other scams that target people in financial distress. But the case against LeapLab indicates that federal regulators are now widening their investigation to include the middlemen who traffic in the kind of closely held consumer details that can make consumers vulnerable to financial scams... Frederick G. Gamble, a lawyer in Tempe, Ariz., who was listed as a statutory agent of LeapLab, did not respond a voice mail message seeking comment..."

Thanks to the FTC staff for enforcing credit laws. I look forward to the FTC pursuing more data brokers and non-lender third parties who engage in similar behaviors.

Thee has to be strong consequences for this type of wrongdoing. I hope that the defendants pay fines, pay the credit monitoring and resolution costs for affected consumers, and serve time in prison. That sounds about right for the amount of damages inflicted upon consumers.

What are your opinions?