Impostor scams have been circulating for years, and criminals are constantly “tweaking” their methods to add greater credibility to the scams.
Recent federal and state agency reports note an increase in text messaging and email. Most frequent in this new bombardment is the attempt to take advantage of fears related to the COVID-19 pandemic.
With the increase in attempts comes this new twist involving the use of forged or spoofed credentials to convey authenticity.
The basic scam goes something like this. You receive an “official” notice by text message or email from a government official (take your pick: FBI agent, IRS auditor, Medicare or Social Security Administration manager).
The message notes that irregularities were discovered in your account or that an investigation is underway due to your activities. The actual issue is often vague, and the text threatens immediate legal actions, loss of benefits, or suspension from receipt of entitlements.
Up to now, this sounds quite run of the mill when it comes to impostor scams, but here is where the new twist appears: The criminal includes a photograph and signature on what appears to be legitimate ID or, in some cases, an identity badge with name and number.
Welcome to the marvelous world of computer-generated graphics. Using text and graphics software, virtual replication of identity documents is possible on intermediate-level computers and even with some introductory hardware.
After conducting some research on this topic, I decided to attempt creation of such a document. My tools: a basic MacBook Air, free word processing software, Adobe PDF reader, free online graphic-editing software and a smartphone.
My goal was to create an “official” ID for use on the internet. My task would have been a bit more complicated if I needed a physical document or item, and quite a bit more costly (laser printer, 3D printer, scanner, Photoshop).
Even using somewhat generic tools, I was able to accomplish the task in less than 20 minutes.
In this exercise, I began with a browser search for “FBI badge” and was immediately on a search page that allowed me to see images of ID documents for the FBI. I found one ID card graphic and copied it to my computer desktop.
The signature was easy. I signed a piece of paper and used my cellphone to take a picture. The photograph was, likewise, an easy part of the puzzle. Once I had all of these pieces, it took no more than five minutes to create the ID card.
I understand that some readers may be asking, “Why are you telling criminals about this?” Simple answer: They have known about this process for decades.
I wanted you to know how this happens!
So, why is this new approach effective? It builds on some key psychological elements — fear, greed, respect for authority, social consensus. While a simple text message or email may produce the desired response, including that evidence of authenticity reinforces the strength of the communication, this impact may be so effective that it can deter the intended victim from conducting independent authentication.
As with many of my recommendations for avoiding the scam, only a few steps need be taken.
The first step is to apply logic or reason to the situation. Government agencies, or, for that matter, large corporations, do not make demands for immediate payment of funds. Neither do they threaten termination of benefits without due process.
Telephone, text message, or email contacts initiated by someone other than you will not demand personal information, such as a Social Security number or Medicare ID number. They will never suggest payment by gift card or money gram.
Regardless of what evidence or authentication comes with the request for payment or personal information, conduct a totally independent confirmation of the contact. Inquire with the regional or state office of the agency, using an independently verifiable contact. If this turns out to be fraudulent, you’ll be in a good place to file a report.
Questions, comments, concerns? Contact me at firstname.lastname@example.org.