Veriff
Libraryblog12 common identity verification & fraud scams to avoid

12 common identity verification & fraud scams to avoid

Today's fraudsters employ many different strategies to target businesses and consumers, ranging from skimming bank cards to fake shopping websites. This guide delves into some of the most common practices and offers actionable insights to ensure safety.

Header image
March 6, 2023
Publicación de Blog
Análisis
Share:

Sadly, identity verification and fraud scams are now prevalent. To help you spot these criminal actions, we’ve outlined exactly what 12 of the most popular identity verification scams and fraud scams involve. 

1. Gift card scams

Gift card scams are on the rise. This form of fraud occurs when a fraudster asks an individual to pay off a debt using a gift card.

In these instances, the fraudster asks an individual to put some money on a gift card to pay off a tax issue or a fine. Once the gift card has been loaded with the correct amount, they then ask the victim to provide them with the number on the back of the card and the PIN.

Gift cards are popular with scammers because they’re easy for victims to acquire. Plus, gift cards are like cash: once the money on a gift card is used, it is gone and cannot be returned.

Thankfully, these scams are easy to spot. After all, gift cards are for gifts and should never be used for payment. No real business or government agency will ever insist that they are paid with a gift card. 

2. Fake email scams

Fake email scams are also known as phishing attacks. Although scammers use this technique when sending emails, they also use the tactic for phone calls and text messages.

With a fake email scam, a fraudster will send a fraudulent message to an individual that has been designed to trick the person into revealing sensitive information. They may also try to make the victim visit a website that will either download a virus onto their computer or steal their personal information.

Although fake email scams are becoming increasingly sophisticated, they are still relatively straightforward to spot. If an email doesn’t seem legitimate, you should ask your customers to check:

  • The sender’s address
  • Whether the greeting is generic
  • Whether it contains links to unfamiliar webpages
  • Spelling mistakes and grammatical errors
  • Whether the sender is requesting personal information

Businesses should inform their customers about the tactics used by fraudsters and explain how a customer can check whether an email claiming to be from their company is legitimate. 

3. Card/account verification scams

Card and account verification scams usually take place over the phone. The person making the call is a fraudster who claims that they need to verify a victim’s credit card information or account information on behalf of an online merchant or pay service. The fraudster will say that the victim must verify this information or their account will be canceled.

In verifying the information, the victim unwittingly gives the fraudster all of their card details and the information they need to access their account. The fraudster can then use this information to make fraudulent purchases.

At times, card verification scams will also take place via email. In these instances, the scammer provides the victim with a URL where they can enter the information they need to ‘verify’ their card and account.

Recurring fraud on the rise

Over half (51%) of fraudulent activity worldwide is still identity fraud. However, in 2022 Veriff saw the biggest increase (46.62%) in recurring and pattern fraud.

Disparities between targeted sectors

Across industries, 7.81% of verifications have been fraudulent in 2022; for crypto businesses the fraud rate has been 9.61% and for financial services providers 5.84%.

Fraud innovations: Identity farming

9% of all fraud is made up of identity farming, which is a type of online fraud in which an individual or group of individuals creates numerous accounts on a large scale to engage in various forms of fraud.

4. Fake shopping websites

Fake shopping websites look like the real thing. However, rather than supplying goods and services, these websites steal any personal and banking details that are submitted to the site.

Thankfully, these sites can be simple to spot. This is because they usually include:

  • Unusual payment options, such as bitcoins, wire transfer or gift cards
  • Poor design features, such as pixelated images and broken links
  • Suspicious domain names
  • Missing security features, such as ‘https’ at the beginning of the web address and the padlock symbol
  • Suspicious or non-existent contact information
  • Negative reviews

Businesses should inform their customers that they should not enter their details into any website that features any of these issues.

5. Fake tech support scams

With a tech support scam, a fraudster will pretend to be from a well-known tech company, such as Apple or Microsoft. They will then tell the victim to open some files or run a scan on their computer.

At this stage, the scammer will ask to be given remote access so they can solve the problem. However, this also gives them access to all information stored on the device and any network that’s connected to it.

The scammer may also ask the victim to enroll in a worthless computer maintenance or warranty program, or install malware that can give them access to the computer and sensitive data, like usernames and passwords.

Customers should be told that they should never give remote access to their computer to someone who contacts them unexpectedly. If they experience an issue with their laptop, they should contact the company or a tech expert directly instead. 

6. Identity fraud

Identity fraud (also known as ID theft) involves the use of a person’s stolen details to commit crime. Common examples of identity fraud include:

  • Opening a new bank account
  • Taking out a new mobile phone contract
  • Starting a new credit agreement
  • Obtaining genuine documents like a passport or a driving license in someone else’s name
  • Taking out credit, a loan or benefits

To help stop identity fraud, most businesses now have some form of identity fraud management solution in place. These are designed to help beat identity fraud and keep customer accounts secure.  

7. Home title thefts

Home title theft is a relatively new form of identity theft. It occurs when the title or legal ownership of a property is fraudulently transferred without the owner’s knowledge or consent.

Using stolen information to forge documents, a fraudster can claim ownership to pose as a legal property owner and take out a mortgage or another type of loan against a home.

When carrying out home title theft, scammers usually target particularly vulnerable homes, such as when the owner is elderly or recently deceased. Vacation properties or second-home residences are also common targets, because suspicious activity may not be noticed until it’s too late.

To commit home title theft, a scammer will:

  • Use phishing techniques
  • Install malware on a victim’s computer
  • Steal data that’s transmitted over vulnerable Wi-Fi networks
  • Create forged documents and deeds based on stolen data

Companies should make their customers aware of how the scams operate and how they can protect their personal data and their home.

The U.S. remains a fraud hotspot, despite a decrease in fraud YoY. Veriff found that on average, in 2022, the U.S. saw more fraudulent activity than European countries even after a 12.84% decrease in fraud since the year before. 

Veriff 2023 Identity Fraud Report

8. Telemarketing scams

Telemarketing scams take place over the phone. A fraudster will call a victim and then deceitfully obtain the victim’s money or property. The fraudster usually achieves this by either:

  • Promising goods or services that they will charge for but never deliver
  • Vastly overstating the goods or services that are provided

Popular forms of telemarketing scams include:

  • Prize offers and sweepstakes
  • Magazine sales
  • Credit card sales
  • Programs to earn money from home
  • Loan offers
  • Vacation offers
  • Vitamins and health products
  • Charity donations
  • Debt recovery

To protect your customers, your business should advise them to hang up the phone if they’re contacted about a service they did not enquire about. 

9. Tax fraud

Tax fraud is any deliberate omission, concealment, or misinterpretation of information to gain a tax advantage. Tax fraud itself is a catch-all term that includes a wide range of illegal activities, including:

  • Deliberately submitting false tax returns
  • Falsely claiming repayments or reliefs
  • Hiding income, gains, or wealth offshore
  • Smuggling taxable goods

Some forms of tax fraud are committed by individuals who are acting dishonestly. However, tax fraud is also carried out by criminal organizations who target the tax system for financial gain.

10. Email account hacks

With email account hacking, a criminal actor gains unauthorized access to a victim’s email address. Once the hacker has access to the email account, they also have access to a huge amount of personal information, including a contact list and the contents of the emails.

When hacking email accounts, hackers will use:

  • Phishing attacks
  • Information found in data breaches
  • Information that is stolen from an unsecured Wi-Fi network

A victim will be able to tell that their email account has been hacked if:

  • Their password no longer works
  • There are emails in their account that they do not recognize or didn’t send
  • Their friends tell them that they’re receiving odd or spam messages
  • Different IP addresses display in their log

If a customer’s email has been hacked, you should inform them that they must reset their password immediately. Following this, they should also change the passwords on their other online accounts. 

Veriff's 2023 Identity Fraud Report recently revealed that there was a 18% increase in fraudulent activity year-on-year from 2021 to 2022.

Veriff 2023 Identity Fraud Report

11. Medical scams

A medical scam (also known as a health fraud scam) refers to any product that claims to prevent, treat, or cure diseases or other health conditions but is not proven to be safe and effective for this use.

Health fraud scams waste money and can lead to delays in getting proper diagnosis and treatment. They can also cause serious or even fatal injuries.

When targeting victims, fraudsters usually send emails to advertise the effects of ‘miracle tablets’ or ‘medical cures’. In other instances, the fraudsters will pretend to be an online pharmacy that offers drugs and medicines very cheaply or without prescription.

12. Bank card skimming

Bank card skimming occurs when a criminal actor steals credit and debit card data and PINs when a customer is at an automated teller machine (ATM) or point of sale (POS) device. The act of card skimming allows a criminal to steal money from accounts, make purchases, and sell card information to third parties.

To carry out the process of card skimming, a criminal will install a card reader on an ATM or POS device. This is used to collect and pass on payment card information for retrieval by the thief. PIN numbers may be retrieved with a keypad overlay or a hidden camera.

To protect themselves against bank card skimming, your customers need to remain vigilant. They should check for signs of suspicious activity or anything that looks unusual. If an ATM or POS seems suspicious, they should refrain from making a transaction and report anything suspicious to the owner.

Expert advice on how to keep yourself safe online

We wanted to get more information about the best ways to protect ourselves online, so we spoke to James Walker, CEO of Rightly, an independent consumer data action service committed to championing consumer rights and helping people police, control and manage the personal data held by organizations and he offered some tips on the best ways to protect yourself from identity theft online:

Use multiple email addresses

  • Create a second email account that you use when shopping online, registering for online services, and all those other unnecessary boxes. That way, only an essential few companies have your primary email address, and you minimise your chances of being hacked, involved in a data breach or being the victim of identity theft. Plus, all those scam emails you receive will go straight into your second inbox.

Avoid the ‘third parties’ box

  • When you sign up to a website there is often a tick box about sharing your data. Make sure you avoid ticking this. Sharing with third parties is vague and most often simply allows companies to share your data with unidentified others and make a profit from your personal information.

Use different passwords

  • Never use the same password for different sites. Consider a password vault where you remember one password and then have all your passwords in that vault. All the passwords you then use can be highly secure and unique so if a website is breached only that password will be compromised. 

Use + after your name 

  • On emails, if you add + before the @ sign you can “tag” the website to find out who has shared your data so johndoe@gmail.com becomes johndoe+websitename@gmail.com, now if your data is shared and added to another email list or to a spam list or even a fraud attempt you will know who shared it.

Use an Alias email 

  • Apple will now allow you to use an alias email so the firm does have your real email address. 

Misspell your name

  • Misspell your name or use capitals when sharing data with sites you are concerned about. This way, if your data is shared with scammers, it’s significantly harder for them to steal your identity. Plus, future scam emails that you receive could be highlighted by the wrong spelling.

Minimize cookies

  • When you visit a website for the first time you will be asked to accept cookies. In essence, cookies act as trackers, storing and sharing snippets of information about you. While some of these are necessary, like ‘functional’ cookies that store your login details and help websites improve, many share personal information about you. This includes the websites you visit, what you buy, and what characteristics you likely have. Always choose the minimum cookies option to reduce the data being captured on you.

Consider your browser 

  • There is a whole range of internet browsers to choose from, many of which are built for privacy. DuckDuckGo for example has best-in-class privacy essentials for free. There is also a whole range of new technologies coming out that are designed to help you know if a website can be trusted. One of these is Browser, a community-led app that uses several databases of fraudulent websites to advise you.

Regularly check if you’ve been hacked

  • Make a habit of checking if any of your information has been breached. You can do this for free at haveibeenpwned.com, which checks your email against databases on the dark web. You can then change key information and passwords to prevent being hacked or scammed. 

Online data protection services 

  • Use online data protection services: Use services that help take back control of your data, such as Rightly Protect, which can make multiple data deletion requests to companies (visit right.ly for more information).

Veriff's 2023 Identity Fraud Report reveals continued rise in global fraud

Sadly, the number of identity verification scams and fraud scams is on the rise. Our 2023 Identity Fraud Report recently revealed that there was a 18% increase in fraudulent activity year-on-year from 2021 to 2022.

As a result, it’s clear that identity fraud is a serious cause for concern. If you’re interested in taking a more in-depth look at fraud trends from 2022, as well as have a better understanding of the global state of fraud, download Veriff’s 2023 Identity Fraud Report here

Veriff's 2023 Identity Fraud Report reveals continued rise in global fraud

Our 2023 report shares the insights our expert team has discovered on the front line of fighting fraud — giving you the tools to protect both your business and your customers. Download it today to find out more!