Account Takeover Fraud: Phone, Check and Mortgage Fraud

In this series of posts, we are discussing Account Takeover Fraud; how it happens and how criminals are winning the war on cybercrime. As criminal hackers continue to seek out vulnerabilities in corporate networks and citizens are lax in their own home networks, account takeover fraud will continue to plague the public.

There are numerous types of account takeover, and many ways account takeover can occur.

Here are ten examples:

  1. Credit Card Fraud
  2. Hacking
  3. Scams
  4. Change of mailing address
  5. Skimming
  6. Phishing
  7. Telephone fraud
  8. Vishing
  9. Mortgage refinance fraud
  10. Check fraud

In a previous post we discussed; Hacking, Scams, Change of mailing address, Skimming, and Phishing.

In this post we cover:

  • Telephone fraud
  • Vishing
  • Mortgage refinance fraud
  • Check fraud

Telephone fraud

Scammers have been using the telephone to commit fraud since its invention. Common victims tend to be elderly or those that may be less informed of the ruses. By posing as an authority figure, the conman may be able to convince their target to provide all the necessary data to give the scammer full account access.

Whenever anyone ever receives a phone call from someone claiming to be any entity such as a bank, lottery, credit card company, bill collector or even a government official, they must verify the authenticity of the caller. This may require a call back to an already available phone number or one that can be obtained online or via directory assistance.

Requesting a phone number from the caller is not recommended. Otherwise, it is highly unlikely any legitimate entity in the present day and age of scamming will make a call like this and request this kind of information. More than likely any call received of this kind is a scam and hanging up is the best option, then making a report to the authorities.

Vishing: is a relatively new tactic that involves using the telephone voicemail system and sending emails. The scammer will pose as whatever entity and use a dual approach to contact the mark trying to convince them via email and voicemail/telephone that they are indeed the entity that is requesting data. This multi-pronged approach is a persistent and convincing method of attack. The best line of defense is to determine if the communications are legitimate by reaching out directly to the entity.

Smishing: mobile phones are being used to conduct the same electronic financial transactions as computers are. Common tactics scammers are using involve the sending of phishing texts or short message service (SMS) phishing (smishing) to prompt the user to respond to the text with sensitive login data. Simply just hit delete when receiving any communication of this nature.

Mortgage refinance fraud: unfortunately much of the information necessary to refinance a mortgage or obtain a home equity line of credit can be found online, in a person's trash, in a dumpster when it was tossed by a broker who went out of business, or in the file cabinets of functional entities and used by rogue employees.

This is a combination of account takeover and new account fraud that can often be stopped with a consumer security or credit freeze. Otherwise, having a strong relationship with your bankers may help to detect this kind of account takeover.

Check fraud: check fraud is a $1 billion problem. There are numerous forms of check fraud that lead to the siphoning of funds out of users' accounts. There are too many to mention in the space provided, but these will be discussed in future articles. One of the best defenses is to bank online. This eliminates paper checks that are often a big part of the problem. A $100 million problem is check-washing—e.g., when scammers use nail polish remover to change the “pay to” and the amount and write a larger check to themselves using the existing account holders signature.

One of the best defenses is a uni-ball brand 207 gel pen, which prevents the washing of the check.