FTC: $1.1B Lost to Impersonation Scams

Scams

April 4, 2024

The Federal Trade Commission (FTC) released a report stating that over $1.1 billion in losses from impersonation scams were reported in 2023. The FTC’s report shows that 330,000 incidents were business impersonation scams, and nearly 160,000 were government impersonation scams, accounting for almost half of the frauds reported to the agency. Reports also show an increase in multi-stage impersonation scams where threat actors pose as more than one organization in a single scam. Threat actors may initially begin the scam by posing as an employee of a trusted organization and then transfer the target to someone claiming to be from a bank or government agency to add legitimacy to their scam.

Phone calls are still the top reported initial stage of impersonation scams but have seen a sharp decline compared to 2020. Emails are a close second, followed by text messages, and both have steadily increased in usage over the past few years. The below list of scams accounted for nearly half of the reported 2023 scams.

  • Copycat Account Security Alerts: Threat actors initiate fraudulent messages of suspicious account activity or unauthorized charges, claiming to be from a trusted organization or bank. They try to persuade their target to transfer funds or move money to a Bitcoin ATM, claiming it will help “protect” their funds.
  • Phony Subscription Renewals: Users receive a notice claiming that a subscription or account will auto-renew, often claiming the charge will be for a few hundred dollars. Threat actors sometimes try to convince their target to allow them to connect to their computer, making it appear that they “accidentally” refunded too much money to the target. The threat actors demand that the refund be returned, often through the purchase of gift cards.
  • Fake Giveaways, Discounts, or Money to Claim: Threat actors send a message about a giveaway, discount, or unclaimed money. These messages appear to be sent from organizations, such as internet service providers, retailers, or the Publishers Clearing House. These scams require purchasing gift cards or transferring funds to receive a gift or discount.
  • Bogus Problems with the Law: Threat actors impersonating government agents contact the target, claiming their identity has been used to commit a serious crime. They offer to help fix the problem, often by having their targets purchase gift cards or transfer funds to Bitcoin ATMs (or “safety lockers”) to protect their funds during the supposed investigation.
  • Made-up Package Delivery Problems: Threat actors send messages claiming to be from carrier services, stating they are having problems making the delivery. These messages will include a link to the spoofed website of the carrier’s website, which may prompt for credit card or bank account information for a small redelivery fee.

On April 1, the FTC announced a new rule regarding the impersonation of government agencies and businesses. This rule gives the agency more robust tools to fight and deter potential scammers. Due to the new rule, the FTC can file federal court cases seeking money back for victimized consumers and pursue civil penalties against those who violate the rules.

NJCCIC recommends users and organizations educate themselves and others on these continuing threats and tactics to reduce victimization. Users are advised to refrain from responding to unsolicited communications, clicking links, or opening attachments from unknown senders, and exercise caution with communications from known senders. Users are also urged to avoid calling numbers displayed in unverified emails or sharing personal information with unsolicited communications.

We remind users to refrain from complying with requests to purchase gift cards and sending the numbers to someone without first verifying the request via a separate means of communication. The US government and other legitimate businesses will not advise the purchase of gift cards, Bitcoin, or request money transfers. These are unusual requests or demands, typically portraying a sense of urgency, and should be handled with increased suspicion. If victimized, users are encouraged to report scams to the FTC, FBI’s IC3, and the NJCCIC.

For any further questions, contact us here at Cyber Command.