In a typical scenario, the victim receives an email which either contains an infected attachment or directions to an infected website. Once the recipient opens the attachment or visits the website, malware is installed on their computer which steals the recipient’s business or corporate bank account login information. Shortly thereafter, the perpetrator either creates another user account with the stolen login information or begins transferring funds as the legitimate user.
These transfers have occurred as wire transfers and as “Automated Check Handling” or “Automated Clearinghouse” (ACH) transactions to the bank accounts of individuals that have been recruited by the scammers through bogus work-at-home advertisements.
The scammers often target individuals that have placed resumes on well known job search sites. These persons are hired and told that they are to “process payments,” or “transfer funds” received into their bank accounts, and immediately forward most of the money overseas via wire transfer services such as Western Union and Moneygram.
Businesses are urged to never respond to email requests for personal or bank account information, and to never click on website links received in unsolicited email messages. Bogus sites are designed to look nearly identical to the real ones; however, there are usually slight variations, such as ending in “.net” when it should be “.com.”
Contact the real company, financial institution or government agency, using a phone number or email address from a reliable, public directory such as a phonebook, if you receive questionable correspondence. In addition, individuals that have been offered work-at- home opportunities should contact BBB to determine the legitimacy of the offer before responding to it.
While the Internet can be a safe and convenient place to do business, scammers are out there in "cyber world" targeting unsuspecting consumers.