The email from “Norton Protection” stated that I owed $999.99, which was “successfully charged and will appear on your bank statement in 24-48 hours”. Although I have an account with a leading cybersecurity company, I have never paid so much for their products. To “cancel” the charge, I was asked to call a number, conveniently highlighted in yellow.
All it took to track my fake debt email was a simple search engine query for the invoice phone number. He was based in Hawaii. Unfortunately, perhaps, for real Norton helpdesk employees, they’re probably not stationed in Aloha State.
In a nation awash in real debt – with the average American owing around $90,000 – it’s no surprise that “phantom debt” is one of the hottest scams.
Millions of people are being tricked into these tricks and unwittingly giving up credit and banking information – especially as the hardships of the pandemic continue – which opens the door to mass thefts. According to consumerfraudreporting.org, fake debt tops the list of the most common consumer scams. According to the Consumer Financial Protection Bureau, four out of ten consumer complaints are related to these scams.
Given the wide variety of debt Americans rack up, fake debt scammers can work from a variety of angles, according to the Federal Trade Commission, which tracks and tries to police the worst scams.
Some cyberthieves hunt down victims of delinquent student loans, even though federal college borrowers have been granted reprieve due to the pandemic. Others focus on unpaid mortgages, car payments, or credit card debt. Fake IDs are commonplace: some scammers claim to be from the IRS, law firms, and major retailers. Some heartless phantom debt dealers even call people who have recently lost a family member to “collect” a non-existent bill.
Although 2021 numbers are not yet available, in 2020 the FTC received more than 53,000 improper debt collection complaints, an 8% increase from the previous year. (This figure includes both scammers and particularly aggressive efforts to collect actual debts.) Things could get worse. As AARP notes, “A federal rule change that went into effect in November 2021 allows collectors to contact debtors by email, text, or direct message on social media as well as by phone (previously the only method sanctioned), opening up new avenues for fake debt fraudsters to achieve their goals.”
When they have potential victims on the phone, they play hardball threatening criminal charges and bogus charges, but the goal is always the same: to get money and personal financial information. Those who use credit cards to pay their phantom debts can rely on the fact that their numbers will be used for other transactions and their personal information will be used or sold to other scammers by the scammers. As a rule, they never provide specific debt details – after all, it’s fake – and they try to scam victims with one call. If you try to call them back, you will get a “dummy” callback number which is illegitimate.
People over 60 are prime targets because they are more likely to answer their phones and respond to emails that may not look like spam. The FBI’s Internet Crime Complaint Center (IC3) lists as common lines of attack against older Americans “extortion, identity theft, and related techniques such as phishing.” [email initiated fraud]vishing [telephone initiated fraud]crash [text initiated fraud] and pharmacy [redirecting people from a legitimate to an illegitimate website].”
In IC3’s 2020 Elder Fraud report, the agency said it “received a total of 791,790 complaints with reported losses exceeding $4.1 billion.” According to the information provided in the complaints, around 28% of the total losses due to fraud were suffered by victims over the age of 60 – who represent less than 20% of the population – resulting in losses of around 1 billion dollars for the elderly. This represents an increase of approximately $300 million in reported losses in 2020 compared to what was reported by victims over the age of 60 in 2019.”
Increasingly, young victims are also being targeted. “Scammers have gotten good at tailoring the audiences they’re trying to reach — on TikTok, Instagram and other social media,” observes John Breyault, vice president of public policy for the National Consumer League. He said their ways of getting “paid” have also shifted to gift cards and cryptocurrencies. “In the past, it was fraudulent wire transfers.”
The FTC also reports, “Credit repair scams also frequently target financially distressed consumers who have credit issues. These operations entice consumers to purchase their services by falsely claiming that they will remove negative information from consumers’ credit reports even if that information is accurate.
The agency, along with state attorneys general, have filed dozens of lawsuits in recent years to shut down these operations, though the scams continue to morph. Debt scams are becoming increasingly sophisticated as hackers around the world sub-specialize in stealing financial information and funneling ill-gotten gains into hard-to-trace cryptocurrencies.
James Lee, chief operating officer of the San Diego nonprofit Identity Theft Resource Center, says finding victims is often as simple as stealing passwords or monitoring social media, where people often post what they are buying and selling.
An indirect debt scam targets Google or Facebook Marketplace account holders, Lee notes. Cyberthieves will steal the identities of legitimate sellers through username/password theft and then start charging others for goods they will never receive. Often, teams of hackers divide up the tasks of this type of fraud.
“The level of sophistication in these frauds is much higher than in the past,” notes Lee. “Teams divide up the work by finding people to exploit, gaining access to their accounts, and then stealing and distributing the stolen funds. They even have their own help desk.
Although the number of cyberthieves involved in these scams is unknown, Lee says their ranks are increasing as they are rarely caught and their ability to steal ever greater sums of money is increasing. Fraud operations are also increasingly using alternative payment systems such as Venmo and Cash App, which are not regulated or monitored as tightly as the conventional banking system.
Regulators have known about phantom debt collection scams for several years and have taken numerous enforcement actions. In September 2020, the FTC, along with other state and federal agencies, took several steps to shut down large operations across the country. “Operation Corrupt Collector” performed 50 enforcement actions.
But like so many other cases in the realm of consumer fraud, today’s call bots often turn to text or email “phishing” or outright identity theft, this is how they steal usernames and passwords. There are now more channels to reach more potential victims, so these scams are unlikely to diminish.
“They [thieves] have an eighth of a thousandth chance of being arrested,” adds Lee. “Only 20 people have actually been convicted in the past 18 months. The bad guys have more access to information than they ever had before.
Major consumer protection agencies like the FTC are also hobbled by a Supreme Court ruling last year that limited their ability to shut down and collect money from scammers. “This decision removed a tool from the FTC’s toolbox,” Breyault added. “Fraud is an ongoing mole problem.”
Fortunately, fake debt collectors are relatively easy to identify. If they call on the phone, they are usually threatening and blatantly refuse to provide detailed information. Online, they have sketchy URLs, credentials, and links when they email you. The more aggressive they are, the more suspicious they are. The Federal Trade Commission has a set of rules it’s supposed to follow under the Fair Debt Collection Act, but the most heinous traders routinely use fear to get results. If they harass you, they are breaking the law.
Unfortunately, the scammers are also relentless. The same week I received the “Norton Protection” email, I also received an email from “Costco Wholesale” stating that I had received a “special reward”. All I had to do was click on a link, which I didn’t do as I hadn’t shopped at Costco in a while and noticed a sketchy UK based URL -United. Certainly not cricket.