IT fraud: how to identify scammers?

Web development is not only about codes, languages and frameworks, it is also about the financial part of the agreements, people and fraud! In this article we will describe popular schemes of Internet scammers that we encountered in our work. We’ll also share life hacks on how to recognize a scammer online and resist his tricks.

Working on a direct contract is always a risk. There is no guarantee that you will not run into an unscrupulous client who will refuse to pay at the end of the transaction even if there is a contract in hand. There is nothing pleasant about this, but there is always a chance to achieve justice through legal means. The situation is different when you have not yet reached the point of signing the contract, but have already suffered material damage. This is exactly how online scammers work.

Online scams are especially popular among Indians and Africans. There is even a separate concept called “Nigerian letters”. As can be understood from the name, scammers operating according to this scheme extort funds through mailings from both individuals and legal entities.

“Nigerian letters” are spam aimed at making profit through illegal means. As a rule, it contains a story based on which the recipient of the mailing expects a multimillion-dollar profit from cooperation with the sender. Scammers lure money under the guise of a desire to conclude a lucrative contract; they tell stories about the inheritance that awaits the “victim”; or under other tempting pretexts. Fraudsters gain confidence and ask the recipient to provide financial assistance (to pay fees, paperwork, etc.), promising decent interest at the end of the cooperation.

This phenomenon originated even before the large-scale spread of the Internet, in the mid-80s in Nigeria. Global digitalization did not yet exist, and criminals operated through regular mail. With the advent of the Internet in our lives, working methods have become “modernized” - scammers switched to email newsletters, but the schemes remained the same.

We receive similar suspicious letters regularly, several times a month for sure. Recently, they more often come not to the official Fusion Tech email address, but through the Behance platform.

HOW TO DETECT FRAUD?

Year after year, Internet scammers are becoming more creative. But you can figure out the most common cases based on our life hacks:

1. The proposed conditions contradict generally accepted conditions or are completely illegal.

2. Payment schemes or services are questionable.

3. The number of contacts with whom the client interacts on the project is too large (on the Upwork exchange, for example, you can see the number of freelancers involved in creating the product).

4. The proposal has more benefits for the contractor than for the client (either the client does not understand anything about business, or is trying to “warm you up”).

5. The domain or sender name looks suspicious (for example, a random set of letters and numbers).

EXAMPLES FROM OUR PRACTICE

Example No. 1. Most often we see a fraudulent scheme related to payment for work by check. How does it work? The client says he is going to transfer funds to you, but part of the fee should be transferred to another contractor. We are talking about attractive amounts that are difficult to refuse, as well as full or partial prepayment to make the offer more tempting. You receive a check, and part of the agreed funds is sent to a mythical contractor who does not exist in reality. Just like a real check - the piece of paper sent turns out to be just a fiction. We already have a trained eye for such clients. The best thing to do is to stop communicating as soon as the conversation turns to such a payment method.

Example No. 2. Another case: clients pretended to be employees of a well-known large company. To support their words, they put their company logo as avatars to instill more confidence in the potential victim. With some sixth sense, we realized that what awaited us was not profitable cooperation, but simple deception. After a while, several more different “customers” contacted us with absolutely identical text of the letter, which only confirmed our guesses.

Example No. 3. The most interesting and complex case. We received a response from a client on Upwork and began to find out the details of future work. The customer needed to release an application, the code base of which was partially already ready. Our task was to download it, run it and see how it functions.

The company's technical lead got involved. He opened the code repository and found a rather suspicious file there, the fate of which the client was persistently interested in. The customer kept asking questions: did we download this file or not, did we run the code or were we just going to do it, and so on. Why was he so interested in this? Downloading or opening a file caused the built-in script to run, which collected data about email, logins and all passwords on the device on which it was launched. In other words, it was stealing personal information.

We immediately wrote to Upwork support. By that time, the scammer had already interacted with more than a hundred freelancers on this site. How many of them ultimately became his victims remains a mystery.

HOW TO NOT GET HOOKED BY A SCAM?

Let's say, perhaps, a trivial phrase, but you always need to remain vigilant, always! Remember, as a rule.

Do not do business with dubious customers who offer atypical methods of transferring money, full prepayment in a tidy sum and other suspicious things, especially those that go beyond the law.

Trust your intuition and read all sentences carefully, paying attention to the word markers.

Here are some excerpts from the scam emails we received:

• “The bank sternly warned me that I would get into trouble with the IRS if I tried to do otherwise.”
• “The account manager can only send you a check on my behalf.”
• “The consultant has the necessary content, logo, etc. for a new website. He will contact you as soon as the payment/contract agreement has been concluded.”
• “My budget is $2000-$7500 for web design. A private consultant for the project has already prepared text content and logos. Please show me an example of a website.”
• “I can issue the deposit payment in the form of a check payable to your name sent by mail, this is my only available method of payment right now:

1. Full name on the check.
2. Mailing address with Apt/Rm # if necessary (no PO Box).
3. Your direct mobile phone number.
4. 70% of the deposit amount payable.”

What verbal markers and phrases immediately catch your eye:

• an abundance of words “my personal manager/consultant”;
• all fraudulent projects have a “big budget”;
• scammers are trying to find out whether you are a business owner or not.

WHAT TO ACT IF YOU ARE ATTACKED BY A SCAMMER?

The best defense is attack. But not in this case. If your money has not been stolen, doing nothing is the best option. It will be difficult to find the ends if the scammer is located in another country or even on another continent.

The algorithm of actions when receiving such “tempting offers” is simple:

• do not respond to scammers under any circumstances;
• delete all suspicious emails/texts;
• contact platform support to block the offender’s account;
• warn your colleagues and, if possible, specialists in the field about such fraud.

CONCLUSIONS

We always build relationships with clients on trust and understanding that they, just like us, are interested in their own safety. Unfortunately, there are scammers on both sides. And in most cases it’s not worth labeling right away. Carefully read the proposals of potential partners and study their ways of doing business. The details build up the overall picture and the real portrait of the client or performer.

We wish you only reliable clients!