Archive 17


Online Vehicle Purchase Scam

Online vehicle shoppers are being victimized by fraudulent vehicle sales and false claims of vehicle protection (VPP) programs. In fraudulent vehicle sales, criminals attempt to sell vehicles they do not own. Criminals create an attractive deal by advertising vehicles for sale at prices below book value. Often the sellers claim they need to sell the vehicle because they are being moved for work or deployed for the military.

Because of the alleged pending move, criminals refuse to meet in person or allow inspection of the vehicle, and they often attempt to rush the sale. To make the deal appear legitimate, the criminal instructs the victim to send full or partial payment to a third-party agent via a wire transfer payment service and to fax their payment receipt to the seller as proof of payment. The criminal pockets the payment but does not deliver the vehicle. Criminals also attempt to make their scams appear valid by misusing the names of reputable companies and programs. These criminals have no association with these companies and their schemes give buyers instructions which fail to adhere to the rules and restrictions of any legitimate program.

For example, the eBay Motors Vehicle Protection Plan (VPP) is a reputable protection program whose name is commonly misused by these criminals. However, the VPP is not applicable to transactions that originate outside of eBay Motors, and it prohibits wire transfer payments.

Nevertheless, criminals often promise eBay Motors VPP protections for non-eBay Motors purchases, and instruct victims to pay via Western Union or MoneyGram. In a new twist, criminals use a live chat feature in email correspondence and electronic invoices. As live chat assistants, the criminals answer victims' questions and assure victims that the deals are safe, claiming that safeguards are in place to reimburse the buyer for any loss. The criminals falsely claim that their sales are protected by liability insurance coverage up to $50,000. Automotive shoppers should exercise due diligence before engaging in transactions to purchase vehicles advertised online. In particular, shoppers should be cautious of the following situations:

• Sellers who want to move the transaction from one platform to another (for example, Craigslist to eBay Motors)

• Sellers who claim that a buyer protection program offered by a major Internet company covers an auto transaction conducted outside that company's site

• Sellers who push for speedy completion of the transaction and request payments via quick wire transfer payment systems

• Sellers who refuse to meet in person, or refuse to allow the buyer to physically inspect the vehicle before the purchase

• Transactions where the seller and vehicle are in different locations. Criminals often claim to have been transferred for work reasons, deployed by the military, or moved because of a family circumstance, and could not take the vehicle with them

• Vehicles advertised at well below the market value

Remember, if it looks too good to be true, it probably is.


Increase In eCommerce Fraud

Since mid-March, merchants have experienced a serious increase in fraud attempts. The nature of the fraud attempts was that criminals had the complete identity information: name, address, email address, and IP address of the consumer.

After investigation, evidence suggests it is due to fake "eCommerce Donation Sites" It is believed the increase in fraud attacks is tied to fake donation sites that took advantage of the earthquakes and Tsunami in Japan.

This belief is supported because the fraudsters have the exact information on the data elements for making purchases, and the accuracy rate is very good. Therefore, it is most likely the data is being collected from fraudulent sites that took donations from the devastating earthquakes and Tsunami in Japan.

It is believed the fraudsters used social networks to promote the donation sites to expand their reach farther and faster than has been viewed in previous years. The timing is exactly right; other major tragedies have been viewed as the cause to increased fraud spikes – such as Hurricane Katrina. In fact, fake donation sites were such a problem for Katrina, the National Center for Disaster Fraud (NCDF) was originally established by the Department of Justice to investigate, prosecute, and deter fraud in the wake of Hurricane Katrina.

Its mission has expanded to include suspected fraud from any natural or man-made disaster. More than 20 federal agencies, including the FBI, participate in the NCDF, allowing it to act as a centralized clearinghouse for information related to relief fraud. After the Tsunami in Japan, immediately there were fraudulent donation sites and organizations appearing. According to a Websense threat report, "following the disasters in Japan, cybercriminals tried to utilize every possible underground technique to benefit from this occurrence. Apart from already known ways such as phishing and malicious spam emails, criminals used Viral Facebook applications."  


Scams Promising Large Winnings And Threats If Victims Do Not Comply

The IC3 has received numerous complaints advising of a spam email attachment circulating, which claimed to be from the FBI.

The email appeared to be the typical Nigerian 419 type scam; however, this most recent attempt contained the FBI seal and the Economic and Financial Crimes Commission (EFCC) logo at the top, making it appear official. The letter instructs the recipient to contact the EFCC in Lagos, Nigeria, at the email address provided to obtain "clearance documents" and asks that the recipient provide their full name, address, and telephone/cell number.

Several different names, email addresses, and mailing addresses are used in this email scam, but the content of the letter remains consistent throughout. The letter threatened that, if the recipient does not contact the EFCC immediately, Director Mueller "will have an agent come visit you at home for questioning." The letter emphasized the need to send $250 for issuing the clearance document, and then $1.5 million would be released to the individual.

The letter attempted to coerce recipients into cooperating by advising that "failure to provide the above requirement in the next 24 hours, legal action will be taken immediately by arresting and detaining you."

The letter was signed, "Faithfully Yours, Robert S. Mueller III, FBI Director." In addition, the letter contained cc’s at the bottom to various agencies including the Supreme Court of the United States, U.S. Courts of Appeals, and U.S. District and Circuit Courts. The social engineering technique of utilizing the FBI's name helps fraudsters intimidate, impress, and convince the recipient that the emails are legitimate.

Several Public Service Announcements have been posted on the,, and websites related to these types of schemes.


HTK4S anti-virus/anti-spam scam

You may receive an email message that claims to be from "WebEmail Support", advising that the security on your email account needs to be improved.

The message claims that the “new F-Secure HTK4S anti-virus/anti-spam 2011-version” needs to be added to your account and that you must therefore send your account email address and password. The message warns that, if you don't provide the requested information, your email address will be temporarily disabled.

The email is not from "WebEmail Support" and has no connection with the security company, F-Secure. The message is an amateurish attempt to trick you into divulging your email account login details.

The scammers have attempted to make their false claims a little more believable by including the name of F-Secure, a genuine and well respected organization. They also make the false claim that login information sent by you will be encrypted for further security, which is untrue.

If you fall for the scam and send your email address and password, you will be providing Internet criminals with the means to hijack your web based email accounts and use them for further scam attempts as well as to send spam in the hijacked user’s name.

Internet criminals have repeatedly used very similar schemes to trick users into handing over access to their email accounts.

No legitimate email service provider will ask their users to provide their account login details by replying to an email. Any message that makes such a request should be treated with suspicion.



Return to Scam Alerts