Over the last few weeks, more Americans are being hit with mysterious wrong-number scam text messages from a strange blonde woman, since dubbed the Wrong-Number Phisher by some media outlets. She goes by several names—sometimes Amanda, or just Mandy—and slides into your inbox with a text that appears to be to the wrong number. When the target points out the mistake, the mysterious Mandy acts embarrassed, and attempts to strike up a conversation with the target. The purpose is to convince the target to sign up for adult websites in order to view nude photos of Mandy, after which point the phishers will have all the information necessary to scam the target out of hundreds, if not thousands.
The wrong-number scam is so organically scripted that its level of verisimilitude is almost staggering—so much so that it managed to fool one of our seasoned blog writers. Despite writing regularly on phishing scams and other black hat techniques, even the most experienced professional would initially consider this to be a genuine misunderstanding. The message starts out, “Hey is this____?” often using a variety of names, “its Amanda,,, we chatted on tnder before when I cam up to visit my aunt but we never met in person..i’m back in town rn if you wanted to actually go out this time, r you free?” From the use of commas as an ellipsis to the texting shorthand many users are familiar with, it has the earmarks of a genuine wrong-number texter The message is often accompanied by or followed shortly by a selfie of the woman, adding to the believability of the Wrong-Number Scam.
How the Wrong-Number Phisher Works
Embarrassed for Mandy, the target of the scam feels accommodating and willing to encourage a conversation with this beautiful, young woman, which subsequently leads to Mandy feigning attraction for the target and sending them a link to an adult website where they can allegedly view nude pictures of Mandy, which of course requires credit card information. As the first rule of internet safety goes, the user should never click on any suspicious or unsolicited emails/links, as they could be sophisticated tools used by phishers to steal their information. What makes the scheme easy to debunk is the phisher’s sometimes obvious inattention to detail. For instance, if the target has sent Mandy a picture, Mandy might incorrectly identify eye or hair color, or incorrectly assign male or female characteristics to the target. This is because a typical phishing or financial scam involves a team of phishers, a bank of computers, and a list of phone numbers. The scammer will have multiple windows up at once, speaking to multiple targets at once through anonymous, encrypted platforms such as WhatsApp. This prevents the source from being easily traced. With so many windows open at once, the phisher may lose track of whom they are speaking and will make mistakes. Vigilance of these warning signs, and additionally poor grammar and spelling, is crucial to protecting your information from scammers.
Is this sex-trafficking?
Since the first appearance of the Wrong-Number Phisher about a month ago, rumors have arisen that Mandy’s wrong-number scam may be a way to target and kidnap individuals for purposes of sex-trafficking. These rumors began when users on Tiktok began posting screenshots of Mandy’s communication, claiming they had been targeted for sex trafficking. An anti-conspiracy educator and survivor of sex-trafficking, Jessica Dean, took to TikTok to explain why this particular kind of scam would not be ideal for sex-traffickers, “Sex traffickers aren’t really targeting complete strangers—and this would be a really stupid way to target somebody if they wanted to kidnap a complete stranger, because there would be evidence on your phone…Sex traffickers overwhelmingly target people they already know. Sometimes those are people they met online, but it’s usually a very slow grooming process—they get to know you, they get you to like them, and then they start asking you ‘certain favors.”
Should you receive a text message from a strange blonde woman who claims she’s trying to reach a missed connection, the simple answer is to ignore the text and block the number. The more you converse with the Wrong-Number Scam and the more information you provide, the more the scammer will be convinced that you are a valuable target—particularly if you are ignoring basic mistakes in grammar and spelling, or ignoring misidentification errors. Phishers and scammers know that if a target is willing to overlook mistakes like those, the more likely that target will be to part with money.
Many will be familiar with the recent news of Amazon CEO Jeff Bezos’ high-profile divorce following allegations of infidelity, in which his ex-wife became the richest individual in history by virtue of divorce proceedings. The fallout from executive misconduct can leave a trail of legal fees, government sanctions, violations, and public relations-related crises that can devastate a company from the top down.
Thought to be coined in 1932, the phrase “white collar crime” now refers to a spectrum of frauds and other crimes committed by high-ranking executives and officials. The most common characteristics of white collar crime contain aspects of deceit, concealment, or violation of company policies and/or state and federal law. The motive is financial, with executives skimming off the top of a company’s profits for their own use. These crimes are sometimes thought of as “victimless crimes,” with no regard to how the fallout from a fraud or scheme can impact the company, and therefore the families of its employees. The types of fraud include, but are not limited to:
Cellular phone fraud
Credit card fraud
Health Care Fraud
Weights and measures
Corporate fraud and white collar crime of this nature remain one of the Federal Bureau of Investigation’s top priorities when it comes to identifying and indicating perpetrators. While involvement by government agencies may seem like the end of the line, there are ways companies can get out in front of executive misconduct by hiring a private investigator to investigate these matters.
Private investigators have a unique reputation as slick operators who fly under the radar, but they are invaluable professionals to companies in the throes of a corporate crisis because they are independent and objective. Objectivity is the priority when dealing with executive misconduct and white collar crime, as any allegations or evidence presented against the executive must be presented by an individual with no stake in the outcome of the investigation. Private investigators are independently contacted by a business or corporation to investigate the alleged executive misconduct, and can gather evidence and collect witness statements without the air of bias. Because private investigators are independent contractors, there is no fear of reprisal on behalf of coworkers and other employees at the company. This leaves no lead discounted or ignored. They can investigate employees at all levels, and determine how (if at all) the executive is receiving assistance in their fraud from subordinates. One of the most attractive qualities in a private investigator is that their objectivity makes them crucial witnesses in any legal proceedings that may result from the investigation.
Businesses and corporations should never be beholden to CEOs, presidents, and other high-ranking executives who behave badly. Executive misconduct and corruption are like aggressive weeds that must be pulled from the root in order for businesses to flourish. When it comes to rooting out bad leadership, consider hiring a private investigator to navigate a tricky investigative path that can end in quality operations and peace of mind for businesses large and small.
If you have a corporate crisis like executive misconduct, we can help. Call Lauth Investigations International, a family-owned-and-operated investigative firm with over 30 years of providing successful solutions to clients in Indianapolis and throughout the nation. Call 317-951-1100 for a free consultation, or to learn more about our services, please visit our website.
The invention of direct-deposit payments in electronic banking have likely saved companies millions of dollars over the years in labor hours, materials, and fees that previously caused problems for companies. However, in an age where your paycheck is sent automatically to your checking account, phishers are seeking to exploit this automation for personal gain.
The Internal Revenue Service has reported an upswing in various types of fraud that directly target a company’s payroll. While the ruses come in many forms, one of the most popular is phishing emails disguised as legitimate correspondence from an employee or upper management. It’s always an instruction to alter payroll information so that funds would be rerouted to the scammer’s bank account. Once the deed is done, the money is withdrawn and the company is responsible to replace the missing funds. While the FTC and the IRS are constantly reevaluating their strategies for containing these types of fraud, this particular scheme is hard to detect and often goes unreported. The email can outsmart security measures set down by the company or within a company’s email server, and scammers take amounts that can just be written off as unfortunate missteps on behalf of personnel.
Frauds such as these have gone through an evolution as security technology becomes more sophisticated and what we know about internet culture continues to grow. Internet frauds used to be about volume and inattention to detail—thus the birth of phishers, who sent emails rife with spelling and grammar mistakes out to mile-long email lists, casting a wide net throughout the web. Education about fraud has forced scammers to be more cautious. Today, companies who have seen this scam in its newest form remark that these phishing emails look so authentic that there may not be a question in their mind before obliging their request. Security measures that have risen from the nucleus of electronic banking combat wire fraud every day in the United States. Large sums in wire transfers now throw up giant red flags. Phishers and scammers are getting more bang for their buck by taking smaller amounts with more frequency, lurking below the radar. This does not require sophisticated hacking skills. Just the ability to open a Gmail account. Phishers make the account look cosmetically convincing, then throw out the lure. One of the most targeted entities is non-profit organizations, because of the benevolent nature of their business. The idea of someone ripping off a charity or relief organization is horrifying, but the simplicity of scams like this make the opportunity too lucrative to pass up.
It’s frightening how simple the fraud is to pull off, but there is recourse for businesses who are vulnerable to such a scam. One of the non-profits who fell prey to this scam was KVC Health Systems, an agency for child welfare in Kansas City. Their IT director, Erik Nyberg, says it starts with comprehensive education on company procedures, “The CEO is never going to email you out of the blue and ask you for any deposit changes. And if you have any sliver of a doubt, call the person who is making the request.” He goes on to discourage executives and upper management employees from using their personal email accounts to send staff correspondence, and to set email filters that will catch suspicious incoming messages. Social media managers are also cautioned against posting any company information to their pages that could serve to bolster a phisher’s credibility.
If your business has been the target of this wire fraud scam, you are encouraged to report them to the Federal Bureau of Investigation’s IC3 tip line.
Being a responsible consumer in the year 2019 means educating yourself—not just on the products and services—but of the ways scammers and thieves exploit consumer behavior for their own financial gain. As technology advances with the convenience of SMS text messaging as a security feature, financial applications that put your finances at your fingertips, and the tangled world wide web, consumer fraud scams will only continue to mutate and evolve. Here are five of the most common types of consumer fraud scams to avoid in 2019.
According to the Federal Bureau of Investigation’s Financial Fraud Unit, mortgage fraud exploits a consumer’s fear of losing their home to make a quick buck. Mortgage fraud schemes come in many forms, including but not limited to equity skimming, loan modifications, and foreclosure rescue schemes. The perpetrators behind these schemes are often former real estate professionals who use their intimate knowledge of mortgages to swindle homeowners in distress. Real estate agents who are currently employed can exploit their authority to bolster the validity of their scheme. The FBI and FTC advise that consumers should be wary of any unsolicited phone calls, emails, regarding their home finances, and never sign any paperwork or documentation that they do not fully comprehend.
Debit Card Fraud
Debit card fraud occurs when an individual’s debit card information is obtained to make fraudulent purchases. Debit card fraud is one of the most difficult schemes to avoid in day-to-day life, because so many Americans have gradually transitioned from carrying cash to carrying only their debit card as means of legal tender. Anyone with access to the debit card’s information—including the businesses and vendors we trust every day—can pull this information to commit a fraud. Unfortunately, the only recourse consumers have in protecting themselves is to avoid letting their card ever leave their sight, and to keep a watchful eye on their accounts and report any suspicious activity.
Perhaps one of the most despicable types of consumer fraud is charity fraud. Scammers set up shell organizations to receive donations that do not go to those in need, but rather line the scammer’s pockets. Frauds of these type spike significantly during the holidays and in the wake of natural disasters in order to exploit humankind’s benevolence. The name of the game with charities is research. Any charity worth its salt is going to stand up to a great deal of due-diligence and fact-finding. Part of being a responsible consumer is knowing where your money is going.
Winning the lottery is a dream of many Americans, with fantasies of kicking back and never having to put in another hard day’s work for the rest of their lives. Despite the wide range of demographics with these dreams, lottery fraud scams usually effect senior citizens in the United States. The scam usually begins with a letter or email letting the individual know they have won. The correspondence usually includes details about fees that are involved with receiving their winnings. The FTC warns that individuals who have won a legitimate lottery prize of any kind should never have to pay a fee to collect their winnings, and consumers should be suspect of any unsolicited correspondence stating as such. Consumers should also be advised that United States law does not support the sale and transference of international lottery tickets, so any correspondence from international lotteries is most certainly a scam.
Studies by Javelin Strategy & Research conducted over the last seven years indicate that in 2017, there were as many as 16.7 million Americans impacted by identity fraud, with $16.8 million in stolen funds and assets. Identity theft can be committed for a number of reasons. Perpetrators can steal an individual’s information with the purpose of starting over again under a different name, or to escape their creditors. Most commonly, however, identity fraud is simply committed with the explicit purpose of stealing money from American consumers. Once a scammer has an individual’s identifying information, like dates of birth, Social Security numbers, and their mother’s maiden name, they can use that data to make fraudulent purchases in the victim’s name, withdraw funds from their bank accounts, and destroy their credit, leaving them financially arrested. The aftermath of identity fraud is devastating and can cause shockwaves across decades with exponential consequences.
If you have been the victim of a consumer fraud scam, contact a private investigator today to learn how their unique set of skills and professional autonomy can help you locate the scammer in your midst. Call Lauth Investigations International today for a free consultation (317-951-1100) and a simple solution to your consumer crisis.
Carie McMichael is the Media and Communications Specialist for Lauth Investigations International. She regularly writes on investigation, fraud, and missing persons topics. For more information, please visit our website.
When growing a business, executives and owners have to go the extra mile when it comes to protecting trade secrets. In the pursuit of their company’s business, a common practice for corporations of all sizes is implementing non-compete clauses in their employees’ contracts. This ensures, should an employee leave the company for any reason, they cannot utilize trade secrets for the purpose of building a similar business of their own. It’s in a business owner’s best interest to be preemptive in protecting themselves from client poaching, theft of company secrets, and possibly even slander when it comes to current and former employees who violate their non-compete agreements.
Though they go by several names and the laws concerning them vary state to state, non-compete agreements are generally a legally-binding contract between an employer and an employee, whereupon acceptance of a job offer by a company, an individual agrees during their employment and following their termination they will not enter into any competing business for a predetermined period of time. Whether it’s working for a company’s top competitor, or striking out in their own business, non-compete agreements protect trade secrets, sensitive company information, and prevent competing businesses from poaching successful employees with promises of a handsome pay-raise in exchange for the expertise they might have gleaned from their time at their previous position. This kind of information can range from client bases to business operations to future products and services. The duration of the non-compete agreement following an employee’s termination have to be well within reason, as no employer can permanently preclude a former employee from any line of work.
Not every company experiences difficulties by virtue of a former employee violating their non-compete agreement, and some companies do not see the need for non-compete agreements at all, but the consequences of trade secrets being used to steal a company’s business can have devastating effects, ending in the worst possible circumstances with a business closing and an owner in debt. Even if a company is able to quash a non-compete violation in court, the cost to the company in legal fees can be astronomical, especially for smaller businesses. That’s why it’s important for owners and executives to be preemptive and proactive when it comes to potential violators. Luckily, a private investigator can help at all stages of a non-compete violation investigation.
Human resource employees are the salt of the earth, and can have a great influence on how a company develops based on the individuals they select for their workforce. However, human resource employees are not lie detectors, and do not always have access to legitimate, comprehensive background screening tools. Background screenings and checks are among the most common service associated with private investigators. If there is something suspect in a candidate’s past, licensed private investigators have the tools and experience to find it out. Private investigators can pull a candidate’s criminal history, financial history, and interview persons in their lives who can speak to character and work ethic. They can also spot patterns in a person’s work history or lifestyle that could be high-risk factors in a hypothetical non-compete violation—things like transience, long periods between positions, or financial destitution.
Some malingering employees can’t wait to be terminated before violating their non-compete agreements. It’s not uncommon for these individuals to exploit trade secrets for their businesses own gain while on company time and dime. While on a business trip, an individual might use company per diem to buy drinks for a person who could be a potential investor in their new business. Employees might use company supplies to supplement their project, such as printers, fax machines, computers, and other equipment. Private investigators can conduct diligent investigations within a company’s workforce to root out the source of the theft. Private investigators can interview witnesses, including upper management and other staff, review vital documents like bank records, and conduct surveillance of the company’s operations as needed to expose the perpetrator. Their objectivity makes them an ideal candidate to conduct such an investigation because they do not have a stake in the outcome.
There are many circumstances under which a business owner might come to suspect a former employee has violated their non-compete agreement. Word might have traveled through business circles that a similar business is starting up. Employees might start disappearing in clusters. Clients may suddenly decide to sever business ties in favor of a new contender in the competition. Whatever transpires, one thing is certain—documenting and exposing this exploitation is imperative, because the consequences can be costly. Retaining a qualified private investigator who specializes in corporate crises is crucial to resolving non-compete violations quickly, before the exponential costs begin to erode profits. Private investigators can perform surveillance on suspected former employees to document their movements, record with whom they met, and collect evidence such as pictures of a brick and mortar establishment, marketing materials, vital documents, and filings with the Secretary of State. Private investigators can send undercover operatives to infiltrate a workforce to get information the business privy only to employees. They can also enlist the aid of a confidential informant—an individual already within the company to provide information. This requires quality interviewing skills and developing a natural rapport with potential witnesses, both important qualities in a qualified investigator.
When non-compete violations are at their ugliest, not only do violators seek to siphon off their former employer’s business by exploiting trade secrets and knowledge of their operations, but they can also play dirty by exposing this information publicly. Another method involves deliberately spreading lies about the competition in order to drive business towards the former employee’s company. That’s known as slander and it’s legally actionable. Documenting the perpetuation of these lies and proving they are in fact false are crucial in these cases. Diligent fact-finding is the cornerstone of any private investigator’s expertise. Private investigators can conduct cyber investigations to track down the users behind profiles that post false negative reviews, follow rumors back to their roots, and forensically track how information left the competition and made its way into the former employee’s business nucleus. They can implement many of the strategies aforementioned: surveillance, interviewing witnesses, documenting evidence. Slander cases tend to have a divisive they-said, they-said narrative, which is where a private investigator’s objectivity becomes invaluable once more. Private investigators have no stake in the solution of an investigation. Their independence coupled with their expertise and resume make them spectacular witnesses in any subsequent litigation.
When a company has a non-compete agreement in place, it’s important that executives and owners are proactive when performing a risk assessment on a potential employee. It’s important that a healthy company culture fosters good comradery, honesty, and a policy of “if you see something, say something.” Building a case against a former employee who violated their agreement can be time consuming at the expense of company resources. Dealing with the fallout from litigation can bring a reliable business to its knees. Private investigators can assist in all phases of any non-compete agreement violation, and retaining their services will go a long way towards a body of objective evidence and testimony that can resolve a company’s crisis.
If you have suspicions that a current or former employee has violated their non-compete agreement, contact Lauth Investigations International today for a free consultation on how we can help you! Call 317-955-1100 or find us online at www.lauthinvestigations.com.
Carie McMichael is the Media and Communication Specialist for Lauth Investigations International. She regularly writes on investigations, missing person, and other topics in the criminal justice system.
Smartphones have become such an integral part of our everyday lives that many users joke their devices have become grafted to their hands. We use them to maintain contact in our work and personal lives, correspond through email and social media, and a bulk of Americans have made the transition to conducting their banking through the use of mobile applications. As developers continue their bottomless pursuit to create an app for everything, more and more of our real, flesh-and-blood lives are being stored on our phones: personal details, account numbers, passwords, and other sensitive information that could be misused if it fell into the wrong hands. That’s why smartphone users have to educate themselves on the specifics of a scam called “SIM card swapping.”
What is SMS?
For many telephone, internet, and smart device developers, SMS (short message service) text messaging is the cornerstone of their services. As of 2010, it was the most utilized service provided by communication companies with 3.5 billion users. It became a vital tool in direct marketing campaigns and remains one of the most popular forms of communication in younger users. Because of the ubiquity of smartphones, many companies that require a two-step authentication process for their users’ security implement SMS as a secure means of accessing information. For example, you attempt to log in to your bank account, correctly entering your username and secure password. It’s not uncommon for banking apps to prompt a second form of verification, so the app tells you it will now be sending a four-digit verification code to your phone that you must enter on the app to confirm that you are who you say you are. The code is sent to your phone via SMS. Once this information is transmitted over SMS, users are often derelict in deleting that information from their devices. This is where users are vulnerable to the scam.
How SIM swap scams work
Smartphone users who have lost their phone or who have been the victim of a theft often have the ability to call their mobile provider and provide their secure information in order to have the provider remotely wipe the SIM card and have that information transferred to another phone. Thieves in search of secure information will use tools like phishing mail campaigns, posing as legitimate companies like insurance and credit card companies to get the victim to willingly hand over identifying information such as date of birth, address, and phone number. Once they have enough identifying information, they will call the victim’s mobile provider and pose as a customer. They claim they’ve lost their phone or their phone was stolen from them. Then, using the victim’s identifying information, they will request that the mobile provider remotely wipe their old SIM card and rewrite it to the SIM card in their new device. Just like that, the thief has any and all information that has ever been transmitted via SMS text. This leaves accounts, email inboxes, and secure information vulnerable to fraud. “A high proportion of banking customers now have mobile phone numbers linked with their accounts,” fraud prevention consultant, Emma Mohan-Satta, told Digital Trends, “and so this attack is becoming common in some regions where this attack was not previously so common. Unlike mobile malware, SIM fraud attacks are usually aimed at profitable victims who have been specifically targeted through successful social engineering.”
Who is vulnerable?
Anyone who uses their smartphone as part of a two-step authentication is vulnerable to a SIM card swap scam. Once the thief has their hands on your personal information, they can devastate you in minutes by performing bank transfers, rerouting mail, and making purchases in your name. If the SIM card contained any compromising information, such as lewd photos or inappropriate communication with another person, the perpetrators can use that information to blackmail a victim into paying a tidy sum in exchange for the return of the compromising data. A victim named Tina told Motherboard, “This just happened to me over the weekend. I lost service late Saturday night and assumed it was an issue with my always buggy iPhone. Then on Sunday morning my husband got a text from T-Mobile saying that a line on our phone plan had been cancelled (mine) and i soon discovered that $1200 had wired out of my bank account to someone in [redacted] with my same last name.”
While the cost to a single individual can be devastating, a sophisticated thief can do even more to topple a business like a house of cards. It’s common practice for some types of employers to issue their employees a company cell phone to facilitate business, and in this day and age, that almost certainly means a smart phone. Correspondence between coworkers, appointments, account numbers, and sensitive company information can be exposed and exploited for gain. Companies that carry high financial sums in their accounts can be ruined before they even realize there’s a problem.
How to protect yourself
Dependence on smart phones to facilitate two-step authentication plagues many users throughout the country who enjoy the convenience of verifying their identity through SMS. Luckily, tech sites like Motherboard recommend a few ways you can protect your identity and your monies.
Beef up account security
Many major cell phone service providers are developing new methods of two-step authentication in light of the rise of SIM card swap scams. Many offer their customers the option to set up a secure PIN for their account, completely separate from the login information used to access their account. The PIN is used as a primary verification feature specifically for when customers call into the support center for SIM card-related issues. Previously, many providers opted for a security question for this type of authentication, but the answers to these security questions can often be found on a victim’s social media, such as, “Which high school did you attend?” This way, the PIN is never transmitted through SMS text messaging, and no personal information from a social media profile can be used against them.
Don’t link your number to your online accounts
Once a thief has access to your account, they can easily reset your password and other authentication methods, making it very difficult to quash the problem. Instead of linking your mobile cell phone to your accounts, you can choose a different sort of number, such as a Google Voice number.
Many individuals and companies bypass security measures for a number of reasons, such as lack of time, interest, or the mere belief that they could never be the victim of a SIM card swapping scam. The reality is that it can happen to anyone, and there’s no shortage of victims for scammers. Users who practice their due-diligence can build a security to block them out. When the scammer hits this wall, they simply move on to the next target. Educate yourself and ensure that target isn’t you.
Carie McMichael is the Communication and Media Specialist for Lauth Investigations International. For more information on investigation topics, missing persons, and corporate solutions, please visit our website.