So Many Scams- Dealers Beware!

So Many Scams- Dealers Beware

A dealer recently called OADA with a strange and worrisome story.  The dealer’s Fed Ex account number was being used to perpetrate a scam on unsuspecting victims.  People around the country began calling the dealership stating they had received a check or voucher in the mail in a Fed Ex envelope with the dealer’s name and address as the shipper.  The dealer notified Fed Ex; in the ensuing investigation, an additional twenty packages were intercepted, all of which were charged to the dealer’s Fed Ex account. 

Fed Ex believes that the dealership unwittingly provided the scammer with its Fed Ex information via a phishing or smishing scheme.  As described by the FBI on its website www.fbi.gov:

In phishing schemes, a fraudster poses as a legitimate entity and uses e-mail and scam websites to obtain victims’ personal information, such as account numbers, user names, passwords, etc. Smishing is the act of sending fraudulent text messages to bait a victim into revealing personal information.
 
Be leery of e-mails or text messages that indicate a problem or question regarding your financial accounts. In this scam, fraudsters direct victims to follow a link or call a number to update an account or correct a purported problem. The link directs the victim to a fraudulent website or message that appears legitimate. Instead, the site allows the fraudster to steal any personal information the victim provides.
 
Current smishing schemes involve fraudsters calling victims’ cell phones offering to lower the interest rates for credit cards the victims do not even possess. If a victim asserts that they do not own the credit card, the caller hangs up. These fraudsters call from TRAC cell phones that do not have voicemail, or the phone provides a constant busy signal when called, rendering these calls virtually untraceable.
 
Another scam involves fraudsters directing victims, via e-mail, to a spoofed website. A spoofed website is a fake site that misleads the victim into providing personal information, which is routed to the scammer’s computer.
 
Phishing schemes related to deliveries are also rampant. Legitimate delivery service providers neither e-mail shippers regarding scheduled deliveries nor state when a package is intercepted or being temporarily held. Consequently, e-mails informing of such delivery issues are phishing scams that can lead to personal information breaches and financial losses. 

Fed Ex believes that the scam artist sent an e-mail to at least one dealership employee who was tricked into giving the dealership’s Fed Ex account information.

Earlier this week, WBIR, an NBC affiliate in Tennessee reported on a similar scam.  FBI warns about new scam that could be targeting Craigslist users | wbir.com

Dealers should review their policies and remind employees of the following cyber-security tips (reprinted from www.fbi.gov):

• Do not respond to unsolicited (spam) e-mail.
• Do not click on links contained within an unsolicited e-mail.
• Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders. Scan the attachments for viruses if possible.
• Avoid filling out forms contained in e-mail messages that ask for personal information.
• Always compare the link in the e-mail with the link to which you are directed and determine if they match and will lead you to a legitimate site.
• Log directly onto the official website for the business identified in the e-mail, instead of “linking” to it from an unsolicited e-mail. If the e-mail appears to be from your bank, credit card issuer, or other company you deal with frequently, your statements or official correspondence from the business will provide the proper contact information.
• Contact the actual business that supposedly sent the e-mail to verify if the e-mail is genuine.
• If you are asked to act quickly, or there is an emergency, it may be a scam. Fraudsters create a sense of urgency to get you to act quickly.
• Verify any requests for personal information from any business or financial institution by contacting them using the main contact information.
• Remember if it looks too good to be true, it probably is.

Finally, contact Fed Ex or your shipper of choice to determine if there are additional steps you could take to secure your account information.  The dealership who called us now requires Fed Ex to contact an authorized employee if anyone other than an authorized user tries to use the dealership’s account number.