For full functionality of this site it is necessary to enable JavaScript. Here are the instructions how to enable JavaScript in your web browser.

CPE for Government Auditors

The Internet Fraud Tree


  • Recognize elements of the internet fraud tree

These are six things the Lord hates, seven that are detestable to him; haughty eyes, a lying tongue, hands that shed innocent blood, a heart that devises wicked schemes, feet that are quick to rush into evil, a false witness who pours out lies and a man who stirs up dissension among the brothers.
Proverbs 6

The Association of Certified Fraud Examiners’ fraud tree is a little dated.  Some of the scariest, highest impact frauds today occur in the cyber world.  Most of the stories in this chapter do not relate directly to government, but you should know about them anyway, as you will want to protect yourself and your organization against these creative fraudsters.

Hacking, Cyberterrorism, and Sabotage

This arm of the internet fraud tree includes:

  • Viruses, malware, keylogging & other malicious products
  • Online advertising fraud
  • Web-site hijacking
  • Online corporate espionage
  • Website defacement

Let’s talk about some of these.

Viruses, Malware, Keylogging, and Other Malicious Products

Powerful hacker activists can really mess with your day! Government leaders in San Francisco found out that their citizens can do more than complain and wait for the next election to take action; skilled citizens can shut down your transit system.

Hackers protest BART decision to block cellphones[1]
San Francisco’s mass transit system prepared for renewed protests Monday, a day after hackers angry over blocked cell phone service at some transit stations broke into a website and posted company contact information for more than 2,000 customers.
The action by a hacker group known as Anonymous was the latest showdown between anarchists angry at perceived attempts to limit free speech and officials trying to control protests that grow out of social networking and have the potential to become violent.

Anonymous posted people’s names, phone numbers, and street and email addresses on its own website, while also calling for a disruption of the Bay Area Rapid Transit’s evening commute Monday.



In 2010, the Zeus Trojan infected tens of thousands of computers worldwide, collecting millions of lines of data from infected computers. The virus appeared in several guises, including a false Facebook page that encouraged users to download a software update.[2]


Malware, which is short for “malicious software,” includes worms, Trojans, or botnets. Earlier forms of malware were used to damage or crash a computer system. But, today, hackers use malware to infiltrate a computer system without the user’s knowledge to gather information for financial gain.

I have been closely watching the tense situation in the Middle East, as most of us do. Iran is building a nuclear weapon, and the international community is doing what it can to stop them, short of going to war.  An article in Vanity Fair[3] in 2011 gave me some hope that our government was on top of the situation.  But what happens when cyberterrorism instead is directed at us? Here is an excerpt from the article about the Stuxnet Worm:

A Declaration of Cyber-War
Last summer, the world’s top software-security experts were panicked by the discovery of a drone-like computer virus, radically different from and far more sophisticated than any they’d seen. The race was on to figure out its payload, its purpose, and who was behind it. As the world now knows, the Stuxnet worm appears to have attacked Iran’s nuclear program. And, as Michael Joseph Gross reports, while its source remains something of a mystery, Stuxnet is the new face of 21st-century warfare: invisible, anonymous, and devastating.
Regardless of how well it worked, there is no question that Stuxnet is something new under the sun. At the very least, it is a blueprint for a new way of attacking industrial-control systems. In the end, the most important thing now publicly known about Stuxnet is that Stuxnet is now publicly known. That knowledge is, on the simplest level, a warning: America’s own critical infrastructure is a sitting target for attacks like this. That aside, if Stuxnet really did attack Iran’s nuclear program, it could be called the first unattributable act of war. The implications of that concept are confounding. Because cyber-weapons pose an almost unsolvable problem of sourcing—who pulled the trigger?—war could evolve into something more and more like terror. Cyber-conflict makes military action more like a never-ending game of uncle, where the fingers of weaker nations are perpetually bent back. The wars would often be secret, waged by members of anonymous, elite brain trusts, none of whom would ever have to look an enemy in the eye. For people whose lives are connected to the targets, the results could be as catastrophic as a bombing raid, but would be even more disorienting. People would suffer, but would never be certain whom to blame. Stuxnet is the Hiroshima of cyber-war. That is its true significance, and all the speculation about its target and its source should not blind us to that larger reality. We have crossed a threshold, and there is no turning back.

And in Canada, IT professionals report an increase in security breaches – from the folks who work inside government, no less!

Government insiders stealing more data than ever: study[4]
Hackers attacking Canadian both private and public sector institutions are increasingly seeking financial gain, while government insiders are stealing more data than ever, a security study released on Tuesday said.
The study, by TELUS and the University of Toronto’s Rotman School of Management, says one in three hacking attacks is a targeted ploy to steal money.

The attacks have grown in sophistication since the 2008 recession and are much harder to detect, the study’s authors say.

“After four years of study, we are noticing an alarming trend toward attacks that are becoming more targeted, focusing on specific individuals and their data for financial gain,” Yogen Appalraju, vice-president of TELUS Security Solutions, said in a news release.

The average public company suffered 18 security breaches in 2011, up from less than 12 the year before. But governments were able to reduce breaches; posting an average of just over 17 this year, after being above 22 last year.

But the study said insider breaches, where an employee accesses confidential information, are on the upswing in the government sector.

Forty-two percent of breaches in the government sector were done so by insiders. That’s an increase of 28 per cent over 2010 and 68 percent since 2008.

The top three breaches by type reported in 2011:
*    Viruses and malware (46 per cent)
*    Laptop or mobile hardware device theft (22 per cent)
*    Phishing/pharming (20 per cent)
The study surveyed more than 600 Canadian IT professionals from across the government, private and public sectors.



In 2008 a group of Eastern European hackers stole $70 million from the payroll accounts of some 400 American companies and organizations.  A computer bug named “Zeus” kicked in when victims logged into their bank account.  When a user visits a bank website, Zeus knows; and since it is a keylogger program, it records the user’s keystrokes as he or she enters usernames and passwords. It then sends that information by instant text message to waiting hackers, who then have access to the compromised accounts.[5]

Web Site Hijacking

What about someone trying to take thousands of people’s accounts at once? This is possible due to the consolidation of technology. Fiserve,[6]formerly CheckFree, claims to process over two-thirds of the U.S.’s 14 billion automated clearing house (ACH) payments. CheckFree, an online bill-payment service, claims that more than 24 million people use its services and that it controls between 70 to 80 percent of the U.S. online bill-pay market. Among the 330 kinds of bills consumers can pay through CheckFree/Fiserve are military credit accounts, utility bills, insurance payments, and mortgage and loan payments.  Hackers hijacked CheckFree’s site in 2008, redirecting users to a server in the Ukraine that installed malware and intended to extract personal and account information.[7]

Online Corporate Espionage

This report from the Government Accountability Office from June 28, 2012 is more than a little worrisome…
Cyber Threats Facilitate Ability to Commit Economic Espionage[8]

Why GAO Did This Study
The threat of economic espionage— the theft of U.S. proprietary information, intellectual property (IP), or technology by foreign companies, governments, or other actors—has grown. Moreover, dependence on networked information technology (IT) systems has increased the reach and potential impact of this threat by making it possible for hostile actors to quickly steal massive amounts of information while remaining anonymous and difficult to detect. To address this threat, federal agencies have a key role to play in law enforcement, deterrence, and information sharing. Consistent with this threat, GAO has designated federal information security as a government wide high-risk area since 1997 and in 2003 expanded it to include protecting systems and assets vital to the nation (referred to as critical infrastructures). GAO was asked to testify on the cyber aspects of economic espionage. Accordingly, this statement discusses (1) cyber threats facing the nation’s systems, (2) reported cyber incidents and their impacts, (3) security controls and other techniques available for reducing risk, and (4) the responsibilities of key federal entities in support of protecting IP. To do this, GAO relied on previously published work in this area, as well as reviews of reports from other federal agencies, media reports, and other publicly available sources.

What GAO Recommends
In prior reports, GAO has made hundreds of recommendations to better protect federal systems, critical infrastructures, and intellectual property.

The nation faces an evolving array of cyber-based threats arising from a variety of sources. These sources include criminal groups, hackers, terrorists, organization insiders, and foreign nations engaged in crime, political activism, or espionage and information warfare. These threat sources vary in terms of the capabilities of the actors, their willingness to act, and their motives, which can include monetary gain or political advantage, among others. Moreover, potential threat actors have a variety of attack techniques at their disposal, which can adversely affect an organization’s computers or networks and be used to intercept or steal valuable information. The magnitude of the threat is compounded by the ever-increasing sophistication of cyber attack techniques, such as attacks that may combine multiple techniques. Using these techniques, threat actors may target individuals and businesses, resulting in, among other things, loss of sensitive personal or proprietary information.

These concerns are highlighted by reports of cyber incidents that have had serious effects on consumers and businesses. These include the compromise of individuals’ sensitive personal data such as credit- and debit-card information and the theft of businesses’ IP and other proprietary information. While difficult to quantify monetarily, the loss of such information can result in identity theft; lower-quality counterfeit goods; lost sales or brand value to businesses; and lower overall economic growth and declining international trade.

To protect against these threats, a variety of security controls and other techniques are available. These include technical controls such as those that manage access to systems, ensure system integrity, and encrypt sensitive data. But they also include risk management and strategic planning that organizations undertake to improve their overall security posture and reduce their exposure to risk. Further, effective public-private partnerships are a key element for, among other things, sharing information about threats.

Multiple federal agencies undertake a wide range of activities in support of IP rights. Some of these agencies include the Departments of Commerce, Justice, and Homeland Security, among others. For example, components within the Justice Department and the Federal Bureau of Investigation are dedicated to fighting computer-based threats to IP. In addition, both Congress and the Administration have established interagency mechanisms for better coordinating the protection of IP. Ensuring effective coordination will be critical for better protecting the economic security of America’s businesses.


Online Extortion

Some unfortunate business owners receive threatening emails from hackers demanding that they pay up, or the hacker will use a botnet (an automated email program) to overwhelm their system with emails or orders and shut their computer system down.[9]  Sometimes this email program is called ‘ransomware’ because the hackers essentially hold the business at ransom.

Investment and Securities Fraud

Under this arm, we find:

  • Ponzi or pyramid schemes
  • Non-existent investments
  • Misrepresentation of offering
  • Market manipulation

Let’s talk about Ponzi schemes and misrepresentation of investment offerings.

Ponzi or Pyramid Schemes

We are all aware of the crimes of Bernie Maddolf.  But he is not the only enjoying fraudulent income.

SEC Shuts Down $600 Million Online Pyramid and Ponzi Scheme[10]
The Securities and Exchange Commission today announced fraud charges and an emergency asset freeze to halt a $600 million Ponzi scheme on the verge of collapse. The emergency action assures that victims can recoup more of their money and potentially avoid devastating losses.
The SEC alleges that online marketer Paul Burks of Lexington, N.C. and his company Rex Venture Group have raised money from more than one million Internet customers nationwide and overseas through the website, which they began in January 2011.

According to the SEC’s complaint filed in federal court in Charlotte, N.C., customers were offered several ways to earn money through the ZeekRewards program, two of which involved purchasing securities in the form of investment contracts. These securities offerings were not registered with the SEC as required under the federal securities laws.

The SEC alleges that investors were collectively promised up to 50 percent of the company’s daily net profits through a profit sharing system in which they accumulate rewards points that they can use for cash payouts. However, the website fraudulently conveyed the false impression that the company was extremely profitable when, in fact, the payouts to investors bore no relation to the company’s net profits. Most of ZeekRewards’ total revenues and the “net profits” paid to investors have been comprised of funds received from new investors in classic Ponzi scheme fashion.

“The obligations to investors drastically exceed the company’s cash on hand, which is why we need to step in quickly, salvage whatever funds remain and ensure an orderly and fair payout to investors,” said Stephen Cohen, an Associate Director in the SEC’s Division of Enforcement. “ZeekRewards misused the power of the Internet and lured investors by making them believe they were getting an opportunity to cash in on the next big thing. In reality, their cash was just going to the earlier investor.”

The SEC’s complaint alleges that the scheme is teetering on collapse with investor funds at risk of dissipation without its emergency enforcement action. Last month, ZeekRewards brought in approximately $162 million while total investor cash payouts were approximately $160 million. If customers continue to increasingly elect to receive cash payouts rather than reinvesting their money to reach higher levels of rewards points, ZeekRewards’ cash outflows would eventually exceed its total revenue.

Burks has agreed to settle the SEC’s charges against him without admitting or denying the allegations, and agreed to cooperate with a court-appointed receiver.

According to the SEC’s complaint, ZeekRewards has paid out nearly $375 million to investors to date and holds approximately $225 million in investor funds in 15 foreign and domestic financial institutions. Those funds will be frozen under the emergency asset freeze granted by the court at the SEC’s request. Meanwhile, Burks has personally siphoned several million dollars of investors’ funds while operating Rex Venture and ZeekRewards, and he distributed at least $1 million to family members. Burks has agreed to relinquish his interest in the company and its assets plus pay a $4 million penalty. Additionally, the court has appointed a receiver to collect, marshal, manage and distribute remaining assets for return to harmed investors.

Misrepresentation of Offering

But investor fraud doesn’t have to be that big.  The Texas State Securities Board reports four or five significant investor frauds that impact Texas investors every year.  Here is a fraud reported by the Board in 2012.

Morgan Keegan To Pay $678,390 To Texas For Deceiving Investors In Bond Funds[11]
Morgan Keegan & Co. and an affiliate company will pay a fine of $678,390 to the State of Texas for failing to tell investors about the high-risk assets in seven of its bond funds.
Consent Order entered by the Texas Securities Commissioner on Feb. 29 also found that Morgan Keegan failed to properly supervise the creator and manager of the funds, James C. Kelsoe Jr., who later agreed to a lifetime ban from the securities industry.

The fine, which will go into the state’s General Fund, is Texas’ share of a $10 million penalty Morgan Keegan agreed to pay to state regulators in a national settlement. The Memphis, Tenn.-based broker-dealer previously agreed to pay $210 million to investors in a settlement with the SEC and state regulators.

The order found that Morgan Keegan consistently misled investors about the riskiness of the assets in the bond mutual funds and close-end funds, which included securities tied to subprime mortgages. Contrary to the company’s promotional material and regulatory filings, six of the seven funds were largely invested in tranches of subordinated, lower-quality debt that carried more risk than senior tranches. Tranches describe a security that can be divided into smaller pieces and sold to investors.

Morgan Asset Management (MAM), a Morgan Keegan affiliate, “did not adequately describe the risks” of owning the lower-quality debt or the amount of it the bond funds, the order states. In SEC and state regulatory filings in 2007, $400 million of what MAM as “corporate bonds and preferred stocks” were in fact tranches of lower-quality debt. (sic)

Some Morgan Keegan employees knew about the risk of the bond funds, most of which were intended to be stable, core holdings for investors. In May 2007, the then-president of Morgan Keegan’s wealth management division said in an e-mail he was worried about “all the potential risks associated with all that asset-backed exposure.”

The e-mail read in part: “Mr. and Mrs. Jones don’t expect that kind of risk from their bond funds. The bond exposure is not supposed to be where you take risks. I’d bet that most of the people who hold that fund have no idea what it’s actually invested in.” The e-mail also expressed the executive’s concern that most of Morgan Keegan’s financial advisers had no idea about the funds’ assets and how much risk investors were taking.

The order found that Morgan Keegan failed to supervise Kelsoe, the former Morgan Asset Management portfolio manager who created and oversaw the funds. The former president of MAM testified under oath that he didn’t conduct the same supervisory review of Kelsoe and the bond funds because he was told to “leave Kelsoe alone.”

Among other things, this lack of supervision also allowed Kelsoe to improperly influence the net asset value, or per-share price, of the funds.

In 2007, shortly before the collapse of the subprime lending market, MAM consistently lowered the net asset value of the funds. Even as prices of the funds declined, however, Morgan Keegan salespeople advised investors to “hold the course” and not sell the funds.

Identity Theft

Under this arm of the internet fraud tree we find:

  • Online theft of personal information
  • Online theft of financial information
  • Phishing and pharming

Online Theft of Personal Information

Governments collect a lot of personal data from taxpayers and employees.  And not all governments have the capacity to keep it safe.

The British lose it:      
In November 2011, BBC reported over 1000 losses of data by local governments since 2008.  “At least 244 laptops and portable computers, 98 memory sticks, and 93 mobile devices went missing.  … In Birmingham, one lost USB stick included the names, addresses, contact details, tenancy type and ethnic origin of 64,000 tenants.”[12]

The Feds lose it:
Info Security reported that in May 2012, the Thrift Savings Plan, the US federal government’s retirement savings plan, “disclosed that a hacker in July 2011 gained access to social security numbers and other personal information of 123,201 Thrift Savings Plan participants and payees located on a computer belonging to Serco, a third party service provider used to support the plan.”[13]

In February 2016, hackers threatened to, and ultimately did, dump the records of nearly 30,000 FBI and Department of Homeland Security workers. The records included personal information on nearly 9,000 DHS employees and nearly 20,000 FBI employees, including names, titles and contact information.[14]

States lose it:
The state of Utah lost 780,000 citizens health care data in March of 2012.  The state only has 2.8 million citizens!  On March 30, hackers in Romania stole the social security numbers and other data stored on health department servers.  The breach was related to a failure to change passwords on stored data.[15]

Universities lose it:
On The Lantern website, Ally Marotti describes the aftermath of the 2010 theft by hackers of social security numbers, dates of birth, addresses, and names for 760,000 faculty and students of Ohio State University.[16]

The university is offering 12 months of free credit protection to everyone whose information was on the server through Experian, Equifax and TransUnion.
The breach will cost the university $4 million in expenses related to investigative consulting, notification of the breach, credit security and a calling center for anyone with questions or concerns.

And hospitals lose it:
Kerry Burke and John Marzulli reported in the New York Daily News that, in June 2012, a King County Hospital (Brooklyn) nurse and her accomplice were arrested for stealing social security numbers of almost 60 coworkers.  She sold the information to her accomplice for $200 per name, and this accomplice opened credit card accounts using the data and purchased more than $100,000 in merchandise and gift cards.[17]

Online Theft of Financial Information

First someone has to hack into our vulnerable databases and extract the information.  Then they sell it to criminals who use the data to either make cash withdrawals or purchase goods that are later sold for cash.

Open data agenda costing British councils £7m in payment scams[18]
Councils have been stung for £7m by payment fraudsters taking advantage of the wealth of financial data being published by public authorities in line with the government’s transparency agenda.
report by the Audit Commission explained that many councils are being defrauded by criminals who use published data to pose as employees of suppliers and change payment details.

“Criminals, including some based outside the UK, have targeted council and other public organisations in an attempt to redirect payments intended for legitimate creditors such as large construction companies,” the report said.

“The fraudsters have sent letters to council finance teams that appear legitimate and often follow them up with a phone call to chase payments. The fraudsters gather the details about key creditors from the information that councils now publish on their web sites.”

However, the report also noted that public authorities are putting measures in place to combat this threat, and have already saved millions in potential losses.

“Local public bodies have become increasingly successful at preventing these frauds by applying sound internal controls. They have prevented about £20m in such attempted fraud,” the report said.

“Fraud warnings, such as those issued by the National Anti-Fraud Network, have helped raise awareness of the risks.”

One unnamed council revealed that it had stopped a payment of £5m being sent to a false bank account when a criminal tried to get the organisation to change details on a key supplier.

V3 contacted the Cabinet Office, which is responsible for the open data agenda, for comment on the issue, but had received no response at the time of publication.

The government launched a consultation in August to gather feedback on the Transparency and Open Data strategy to ensure that the UK reaps the maximum benefit from opening data to the public.

We can trust our governments with our personal information about as much as we can trust merchants with our financial information. Data breaches are on a rise![19]

The number of merchants reporting a data breach in the previous 24 months rose 7.6% from 79% in 2009 to 85% this year, according to a new report, “2011 PCI DSS Compliance Trends Study,” which was produced by the market research firm Ponemon Institute and commissioned by data security firm Imperva.Moreover, the report, which was based on a survey of 670 U.S. and multinational information technology professionals, found a significantly lower fraud rate for businesses that are compliant with payment card security requirements, known as PCI. 64% of PCI-compliant said they did not suffer a data breach involving credit card data over the past two years, compared to 38% of non-compliant businesses.

Despite those data points, many I.T. professionals remain skeptical about the benefits of PCI compliance, which can require considerable effort to achieve, especially for larger retailers. Only 12% of respondents said they believed compliance resulted in a decline in the number of data breaches a business experienced. Even so, the number of non-compliant businesses declined 36% from 25% in 2009 to 16%.

“At the end of the day, we believe that PCI-DSS is one of the most effective data security regulations today and can significantly help companies improve their data security posture,” says Amichai Shulman, co-founder and chief technology officer of Imperva. “Most companies who make an effort to comply with the standards are likely to suffer fewer breaches than those who don’t—period.”

Until 2008 TJ Maxx, Barnes and Noble, and Sports Authority hadn’t taken enough security measures with their computer systems. Albert Gonzalez was able to use a network of experts and contractors to steal 45 million credit and debit card numbers by hacking into the companies’ computer systems. Gonzales “was charged with orchestrating one of the most publicized cyberattacks of the time….“[20]

Prior to their arrests, Gonzalez and company initiated more than $10 million in card transactions. By the time of his arrest, Gonzalez alone had amassed $1.65M in cash, a BMW, and a luxury condo in Miami. In order to hide the money he received from selling the card information, Gonzalez established bank accounts in Latvia.

Gonzalez, obviously not remorseful, was indicted in Miami a year later for an even bigger attack that left the computer networks of Heartland Payment Systems, Citibank-branded 7-Eleven ATMs and Hannaford Brothers compromised. Under this cyberattack, Gonzalez was able to steal another 140 million card numbers. I wonder whether they’ll be able to rehabilitate that guy in prison!

And watch out using that ATM machine!  ATM skimming is a highly popular fraud today. Here the fraudster places a small electronic device, called a skimmer, over the ATM card slot to swipe and store victims’ credit and debit card numbers. Hidden cameras are used to collect PINs.[21]

Phishing and Pharming

Phishers target email users by pretending to be a legitimate, trusted entity, such as a bank or credit card company and asking users to reply with usernames, passwords, credit card information, etc. Some fraudsters, called whalers, use social networking sites such as LinkedIn or Facebook to target sizeable bank or credit card accounts or wealthy individuals. Often, phishers use a technique called pharming where they lead victims to a rogue website or use text messaging (SMSishing) or voice mail (vishing) that prompt victims to submit sensitive information.[22]  I have received legitimate looking emails asking me to ‘click here’ from fraudsters pretending to be American Express, Visa, Bank of America, Wells Fargo, Dropbox, Costco & Amazon.

Online Payment Fraud

This arm of the tree lists:

  • Fraudulent check scams
  • PayPal or escrow scams
  • Invalid credit or debit card numbers

Fraudulent Check Scams

Direct deposit is lauded as the solution to a number of frauds, but fraudsters have motivation to work around barriers. And they might be given the means to defraud.

My bookkeeper has access to my online banking information so that she can reconcile my bank account, look up checks, etc.  But she could also, very easily, send a few checks for herself with a click of the button.  No signature necessary.  Now that is dangerous.  As much as I love my bookkeeper, I comb over every bank statement each month for funny business.

My American Express Card has a feature where I can ask it to extract a payment out of my account.  All I have to do is send them a voided check.  See any problems here?  I sure do.  I do not want any major corporation – which has its own security issues to contend with – to have access to my bank account.

And when an IT firm, like Cynxsure, is hit and ripped off, I really worry about the security of everyone’s bank accounts. A fraudster transferred a total of $96,419.30 from Cynxsure, LLC’s bank account that was held at Swift Financial. A batch of ACH payments effectively added 10 new individuals to the company’s payroll, sending each slightly less than $10,000. None of the individuals had any prior business or association with Cynxsure.[23]

The Equifax breach in the fall of 2017 made me so mad I wanted to move to another planet and take all of my personal effects and savings with me!  I didn’t give Equifax permission to collect information about my income, my debt, my bank accounts, and my savings accounts.  But they took it all and put it in one convenient spot for hackers to access.  We are all sitting ducks!

Confidence and Consumer Fraud

Although these are not occupational frauds, or frauds that would necessary impact your business or government, it is still a good to know about them.  Under this arm, the internet fraud tree lists:

  • Advance fee schemes
  • Debt elimination schemes
  • Charity solicitations
  • Vacation or timeshare solicitations
  • Charges for undelivered services
  • Work at home business opportunities
  • Online auction fraud

Let’s look at just a few of these – vacation or timeshare solicitations and work at home “opportunities.”

Vacation or Timeshare Solicitations

Trying to Sell That Timeshare?  Beware of Fraudsters.[24]
Last October, after a joint FBI-Ft. Lauderdale Police Department investigation, 13 individuals from a Florida timeshare resale company were charged in federal court in Miami in a massive telemarketing scheme to defraud timeshare owners who were trying to sell. The Federal Trade Commission then filed a complaintagainst the defendants’ company—Timeshare Mega Media—to shut down its operations, which had allegedly bilked millions from owners across the country.

Fraudulent timeshare schemes are becoming a very real problem…especially in these economically challenging times as more timeshare owners decide they can no longer afford them. A timeshare involves joint ownership of a property—usually located within resorts in vacation hotspots (i.e., Florida, Colorado, Mexico). A property can have up to 52 owners—one for each week of the year—although some timeshare owners purchase larger blocks of time. The property is usually managed by the resort in which it is located.

Earlier this year, the FBI’s Internet Crime Complaint Center (IC3) issued an alert on timeshare telemarketing scams after seeing a significant increase in the number of complaints about these scams. The victims—mostly owners trying to sell—were scammed by criminals posing as representatives of timeshare resale companies or by actual employees of companies that were committing fraud.

In the IC3 complaints, perpetrators telephoned or e-mailed timeshare owners who, in many instances, had advertised their desire to sell in industry newsletters and websites. These company representatives promised a quick sale, often within 60-90 days. Some victims reported that sales reps pressured them into a quick decision by claiming there was a buyer waiting in the wings, either on the other line or in the office. Timeshare owners who agreed to sell had to pay an upfront fee—anywhere from a few hundred to a few thousand dollars—to cover various costs such as advertising or closing fees. Many victims provided credit card numbers to cover the fees.

And then, as time went on and no sales were made, victims tried reaching back out to the companies, but their phone calls and e-mails went unanswered.

And to add insult to injury, some of the complainants reported being contacted by a timeshare fraud recovery company that promised assistance in recovering money lost in the sales scam…for a fee. IC3 has identified some instances where people involved with the recovery company have a connection to the resale company, raising the possibility that victims were being scammed twice by the same people.

Work-at-Home or Business Opportunities

Have you ever been tempted to respond to those “work at home” ads?  You may end up helping commit a crime.  Do you recall reading above about the fraudster who transferred over $96,000 from Cynxsure, LLC’s bank account? A U.S. citizen who responded to an ad for home-based work made those transfers.  He was hired and told to wait for instructions. The only set of instructions he ever received asked him to transfer funds to the Ukraine. That is the last he heard from his employer.[25]  I always wondered what those ads in the paper for home-based work entailed!

Here is a 2009 alert to the Chief Executive Officer from the FDIC regarding “money mules.”[26]

Subject:  Fraudulent Work-at-Home Funds Transfer Agent Schemes
Summary: Individuals are using deposit accounts to receive unauthorized electronic funds transfers and forward funds overseas to criminals.

The Federal Deposit Insurance Corporation (FDIC) is warning financial institutions of an increase in schemes to recruit individuals to receive and transmit unauthorized electronic funds transfers (EFTs) from deposit accounts to individuals overseas. These funds transfer agents, often referred to as “money mules,” are typically solicited on the Internet by criminals who have gained unauthorized access to the online deposit account of a business or consumer. In a typical scenario, the criminal will originate unauthorized EFTs from a victim’s account to a money mule’s deposit account. The money mule is then instructed to quickly withdraw the funds and wire them overseas after deducting a “commission” (commonly eight to ten percent).

Criminals target online deposit accounts at institutions where business customers can originate EFTs, such as automated clearing house (ACH) and wire transfers, over the Internet. Money mules, however, can be customers at any depository institution where EFTs can be received and funds withdrawn. In some cases, the money mule may be an unknowing accomplice in a fraud scheme. Because EFTs are often made immediately available by the receiving institution, funds may be removed and wire transferred overseas before the fraud is detected. Refer to SA-147-2009 for more information on fraudulent EFT schemes.

Money mule schemes can take many different forms, but most involve receiving unauthorized EFTs into a deposit account and then withdrawing the funds or forwarding them on to another party via another EFT. The following are common scenarios:

  • Online job posting Web sites are used by criminals to locate individuals seeking employment with flexible work hours that can be performed from home. These work-at-home schemes often involve written employment contracts, job descriptions and procedures to legitimize the scam.
  • Advance fee scams promising large monetary rewards for acting as a financial intermediary can entice individuals to participate in this activity.
  • Mystery shopping jobs may be used that require the employee to assess the performance of money service businesses by completing EFTs and then evaluating the service using customer satisfaction forms.
  • Social networking sites may be used to recruit individuals to act as money mules. Criminals conjure up various imaginative stories to befriend and persuade individuals to receive and forward stolen funds.
  • Some hesitant or skeptical money mules have been intimidated, harassed and threatened by their criminal “employers” to process the funds transfers quickly and with secrecy.
  • The personal identifiable information provided by the money mule might later be used to commit identity theft or account takeover.

The following are examples of events that may indicate money mule account activity:

  • A deposit account opened with a minimal deposit soon followed by large EFT deposits.
  • Deposit customers who suddenly begin receiving and sending EFTs related to new employment, investments, business opportunities or acquaintances (especially opportunities found on the Internet).
  • A newly opened deposit account with an unusual amount of activity, such as account inquiries, or a large dollar amount or high number of incoming EFTs.
  • An account that receives incoming EFTs then shortly afterward originates outgoing wire transfers or cash withdrawals approximately eight to ten percent less than the incoming EFTs.
  • A foreign exchange student with a J-1 Visa and fraudulent passport opening a student account with a high volume of incoming/outgoing EFT activity.

Money mule activity is essentially electronic money laundering addressed by the Bank Secrecy Act and Anti-Money Laundering Regulations. Strong customer identification, customer due diligence, and high-risk account monitoring procedures are essential for detecting suspicious activity, including money mule accounts. Financial institutions can find additional guidance about customer identification, account monitoring, suspicious activity reporting, and identity theft red flags below:

-FDIC Risk Management Manual of Examination Policies – Bank Secrecy Act
-FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual
-FFIEC Identity Theft Red Flags – Interagency Final Regulations and Guidelines

Financial institutions should act promptly when they believe fraudulent or improper activities have occurred, such as those of a money mule. Appropriate actions may include, but are not limited to, filing a Suspicious Activity Report and/or closing the deposit account in accordance with existing, board-approved account closure policies and procedures.

I have to admire how fraudsters appeal to our needs to tempt us to do something stupid.  In this case, a promise of earning a living from your home office:

A.G. Schneiderman Shuts Down Websites For “Work At Home” Scam[27]
“Mystery Shopper” Scam Targeted Individuals Looking For Income In Tough Economic Times

A.G Offers Tips For Consumers On Protecting Themselves From Becoming Victims

Schneiderman: My Office Will Continue To Protect Consumers And Shut Down Scammers

Attorney General Eric T. Schneiderman today announced he has shutdown two websites as part of a “work at home” scam involving a mystery shopper program, which is used by legitimate retailers who hire marketing research companies to evaluate the quality of service in their stores. The websites, www.idealcorp.netand www.survsonl.comoperating asT. Crefideal Corp,lured (sic) consumers into becoming mystery shoppers to gather information anonymously about the customer service of a particular store, but instead of getting paid, they were duped into paying the scammers thousands of dollars. Attorney General Schneiderman also offered tips to protect consumers from work at home frauds.

“These scams are particularly insidious because they target individuals looking for ways to bolster their income in today’s challenging job climate,” Attorney General Schneiderman said. “While legitimate ‘work from home’ opportunities do exist, scammers who are simply stealing money under the guise of offering employment are on notice. Our office will continue to protect consumers and shut these bad actors down.”

In this version of the scam, consumers were asked to onto or with a “job number.”  Upon entering the job number, the victim was given a work assignment as a “secret shopper” for Western Union. The victim was sent a counterfeit check for $2,000 and told to keep $300 as payment. The victim was then instructed to wire the remaining $1,700 to someone overseas and evaluate Western Union employees during the process. After doing so, the victim’s bank identifies the now deposited check as counterfeit and takes $2,000 back out of the victim’s account. Instead of making $300, the victim loses $1,700.

Federal regulations require banks to make deposited funds available to a customer within a specific amount of time ― usually significantly shorter than the amount of time it takes for the bank to determine that a check is forged. This scheme exploits that delay. Wired funds typically cannot be recovered or traced. The only record kept by the money transfer company is of funds being transferred from one of their accounts to another. While each transfer request is logged electronically, once the funds are in a central account, the actual money can be picked up at any office covered by that account, by any individual presenting the specified identification, which itself may be forged, leaving the victim with little or no recourse for recovering the wired funds.

Previous mystery shopping scams have typically involved using newspaper ads and emails to promote websites where consumers can “register” to become a mystery shopper. Once lured to the website, a victim is shown a list of reputable companies, asked to pay a fee for information about a certification program and then guaranteed a job.

The Attorney General urges you to protect yourself from this scam by learning to recognize the warning signs:

  • Be suspicious of any checks or work-at-home opportunities that come to you unsolicited via mail or email. Promises of easy money are almost certainly scams.
  • There is virtually no legitimate reason for anyone to give you a check or money order and in turn ask you to transfer funds via Western Union, MoneyGram or any other wire service. No legitimate company conducts business in this manner.
  • Mystery shoppers set up through legitimate companies are generally paid after completing their assignments and returning their evaluations to the companies that hired them. They do not receive checks up front.
  • Individuals hired as mystery shoppers are often provided gift cards to the specific retail locations they are being asked to review. Any out-of-pocket expenses are nominal, and reimbursed by the employer.
  • A familiar name does not guarantee legitimacy. Scammers often pose as representatives from well-known, reputable companies ― or the Mystery Shopping Providers Association (MSPA) itself ―to lull their victims into a false sense of security. Research the company independently and contact them directly if you wish to verify job listing information.

Internet Fraud: Other

This branch of the internet fraud tree includes items that don’t fit under any other branch, including intellectual property crime & money laundering.

Intellectual Property Crime

The FBI discusses a fraud that not too many government professionals think about: the theft of intellectual property. Intellectual property includes individuals’ or business’s ideas, inventions, and creative expressions and can be in the form of trade secrets, proprietary merchandise, and media.[28]

It’s a growing threat—especially with the rise of digital technologies and Internet file sharing networks. And much of the theft takes place overseas, where laws are often lax and enforcement more difficult. All told, intellectual property theft costs U.S. businesses billions of dollars a year and robs the nation of jobs and lost tax revenues.

Preventing intellectual property theft is a top priority of the FBI’s cyber program. We specifically focus on the theft of trade secrets and infringements on products that can impact consumers’ health and safety, such as counterfeit aircraft, car, and electronic parts. Key to our success is linking the considerable resources and efforts of the private sector with law enforcement partners on local, state, federal, and international levels.

Following is an incident of an employee stealing trade secrets from her employer and selling the products on her business’s web site.[29]

A former research chemist with global pharmaceutical company Sanofi-Aventis (Sanofi) was sentenced today to 18 months in prison for stealing Sanofi’s trade secrets and making them available for sale through Abby Pharmatech Inc. (Abby), the U.S. subsidiary of a Chinese chemicals company, U.S. Attorney Paul J. Fishman announced.

Yuan Li, 30, of Somerset, New Jersey, a Chinese national, previously pleaded guilty to an information (sic) charging her with one count of theft of trade secrets. Li entered her guilty plea before U.S. District Judge Joel A. Pisano, who also imposed the sentence today in Trenton federal court.

According to documents filed in this case and statements made in court:

Sanofi is a global health care company with U.S. headquarters in Bridgewater, New Jersey. Among other things, Sanofi is engaged in the development, manufacture, and marketing of health care products including the prescription drugs Allegra, Plavix, Copaxone, and Ambien.

Li worked as a research scientist at Sanofi’s Bridgewater headquarters from October 2006 through June 2011, where she directly assisted in the development of a number of compounds that Sanofi viewed as potential building blocks for future drugs. These compounds were Sanofi’s trade secrets and had not been disclosed outside
Sanofi in any manner, including by means of a patent application.

While employed at Sanofi, Li was also a 50 percent partner in Abby, which is engaged in the sale and distribution of pharmaceuticals.

Li admitted that between January 2010 and June 2011, she accessed an internal Sanofi database and downloaded information related to a number of Sanofi compounds, including their chemical structures, onto her Sanofi-issued laptop computer. She also admitted she then transferred the information to her personal home computer by sending it to her personal e-mail address or via a USB thumb drive.

In addition to the prison term, Judge Pisano sentenced Li to serve two years of supervised release and ordered her to pay $131,000 in restitution.

Li acknowledged that she made the stolen compounds available for sale on Abby’s website.

Some theft of intellectual products may be harmful to the health of its buyers, but in other circumstances the fraud hurts financially. Here’s a press release from the FBI about a Missouri woman who was selling counterfeit handbags.[30]

Jeannine Buford of St. Louis, Missouri, pleaded guilty earlier today to selling counterfeit Hermés handbags over the Internet.

Between January 2006 and October 2011, Buford operated an Internet-based business out of her home. Buford purchased the counterfeit purses from a manufacturer in China and sold the Hermés handbags over the Internet to buyers who believed that they were purchasing authentic Hermés handbags. The Internet sites she used to sell the handbags were: and

In September 2011, the FBI conducted an undercover operation in which Buford sold a counterfeit Hermés handbag to one of their agents.

“There were almost 100 victims worldwide who were defrauded. One person paid as much as $100,000 for the fake handbags,” said Special Agent in Charge Dean C. Bryant of the FBI St. Louis Division. “This scheme was brought to light when a victim alertly filed a complaint with the Internet Crime Complaint Center.” (Visit the Internet Crime Complaint Center at

“While I am not smart enough to understand why someone pays $15,000 for a handbag, I definitely understand that women’s purses, like shoes, are not something to be trifled with,” observed United States Attorney Richard Callahan.

Investigators have estimated that Buford netted over a half of million dollars in sales just from March 2010 through April 2011.

Jeannine Buford pleaded guilty to one felony count of trafficking in counterfeit goods before United States District Judge Audrey Fleissig. As part of her plea, she has agreed to the forfeiture of a Chevrolet Camaro, a Porsche Cayenne, $5,738 cash, and numerous designer handbags. Sentencing has been set for September 20, 2012.

This charge carries a maximum penalty of 10 years in prison and/or fines up to $2 million. In determining the actual sentences, a judge is required to consider the U.S. Sentencing Guidelines, which provide recommended sentencing ranges.


Money Laundering

Even your avatar can get ripped off!

Massively Multiplayer Online Games (MMOGs) allow users to create avatars to create a virtual online world. The most popular, Second Life, has a real economy where players can exchange virtual dollars (called Linden Dollars) for real dollars and visa versa.  Rates vary based on demand, and since this transaction is unregulated, it provides a prime opportunity for terrorists and criminals to transfer monies undetected.[31]

Please check out this recent video about identity theft.  You will have to wait through a short commercial:

Now, go to a secure website and change all of your passwords!


[1] John S. Marshall. Associated Press: Elias, Paul. “Hackers protest BART decision to block cellphones.” Yahoo! News. August 15, 2011.

[2] First Data. “Fraud Trends in 2010: Top Threats from a Growing Underground Economy.” April 2010.
[3] Michael Joseph Gross. “A Declaration of Cyber-War.” Vanity Fair. April 2011.
[4] Josh Visser. “Government insiders stealing more data than ever: study.” CTVNews. November 15, 2011.
[5] Brian Williams. “University professor helps FBI crack $79 million cybercrime ring.” Rock Center. NBC. March 21, 2012.
[6] Fiserv. 2012. April 16, 2012.
[7] Brian Krebs. “Hackers Hijacked Large E-Bill Payment Site.” The Washington Post. December 3, 2008.
[8] United States. Govt. Accountability Office. Cyber Threats Facilitate Ability to Commit Economic Espionage. June 28, 2012.
[9] Michael Gregg. “Online extortion: pay up, or else … what?” FOXBusiness. September 10, 2012.
[10] United States. Securities and Exchange Commission. SEC Shuts Down $600 Million Online Pyramid and Ponzi Scheme. Press release. Washington, D.C. August 17, 2012.
[11] Texas State. Securities Board. Morgan Keegan to Pay $678,390 to Texas for Deceiving Investors in Bond Funds. Press release. Austin. March 1, 2012.
[12] “Personal data ‘lost by 132 councils.’” BBC News Online. November 2, 2011.
[13] “Senator wants more info on data breach at federal government’s retirement plan.” Info Security. May 31, 2012.
[14]  Sarah Kuranda. “The 10 Biggest Data Breaches of 2016 (So Far).” CRN. Web. July 28, 2016.
[15]  Heather May. “Utah guv fires tech director over health data breach, creates security czar.” The Salt Lake Tribune. May 16, 2012.
[16] Ally Marotti. “Hacked: Data breach costly for Ohio State, victims of compromised info.” The Lantern [Ohio]. December 15, 2010.
[17] Kerry Burke and John Marzulli. “ID theft sickens hosp.” New York Daily News.June 20, 2012.
[18]  Dan Worth. “Open data agenda costing councils £7m in payment scams.” November 11, 2011.
[19] Zak Stambor. “36% of PCI-compliant businesses suffered a data breach in the past two years.” Internet Retailer. May 18, 2011.
[20]  First Data. 2.
[21] First Data. 7.
[22] First Data. 6.
[23] Brian Krebs. “IT Firm Loses $100,000 to Online Bank Fraud.” Krebs on Security blog. February 10, 2010.
[24] “Trying to sell that Timeshare> Beware of Fraudsters.” The FBI. February 17, 2012.
[25] Brian Krebs. “IT Firm.”
[26]  Sandra L. Thompson. “Special Alerts from the FDIC.” Federal Deposit Insurance Corporation. October 29, 2009. SA-185-2009.
[27] State of New York. Attorney General’s Office. A.G. Schneiderman shuts down websites for “work at home” scam. Press release. New York. September 21, 2012.
[28] “It’s an age-old crime: stealing.” The FBI. September 18, 2012.
[29]  District of New Jersey. Attorney General’s Office. Former Research Chemist at Global Pharmaceutical Company Sentenced to 18 Months in Prison for Theft of Trade Secrets. Press release. Trenton. May 7, 2012.
[30]  State of Missouri. Attorney General’s Office. Local Woman Pleads Guilty to Selling Counterfeit Handbags. Press release. St. Louis. June 12, 2012.
[31]  First Data. 10.
Registering for this Webinar - How it works
  1. When you’re ready to register, select the “Register Now” button (at the top-right or bottom-left of this page).
  2. You’ll be taken directly to the secure website of our webinar-distribution partner:  CPA Crossings
  3. Fill out the “Register Online” section of the CPA Crossings page (near the bottom) and then select “Add to Cart”
  4. (Note:  If you want to register multiple attendees on the same purchase, just re-select the webinar and do a separate “Add to Cart” for each, as required.)
  5. After checking out, look for your notification and registration info via email – and mark your calendar to attend the webinar!
Stay Up-To-Date

Sign up here to have the lastest from delivered right to your inbox.

Just provide your name and email information below, and as an introductory “Thank You”, you’ll be able to view and download a free copy of our Audit Objectives whitepaper.

* indicates required

Stay Up-To-Date

Sign up here to have the latest from delivered right to your inbox.

Just provide your name and email information below, and as an introductory “Thank You”, you’ll be able to view and download a free copy of our Audit Objectives whitepaper.

[newsletters_subscribe list="20"]



Lost your password?