Prior to joining PayLease, I worked for a large money transfer company and a credit card processor. In fact, I invested more than 20 years of my career with these companies, which means – unfortunately – that I had lots of experience with fraud and I learned how fraudsters work.
Much of what they do is build on the concept of social engineering, or manipulating people into believing what they’re saying. Social engineering is all about building trust, which a skilled fraudster can do with just one, innocuous piece of information. Once they’ve established trust, they get their victims to send them money, which the victims rarely get back. I’ve seen it happen too many times and it’s a constant reminder of why we all need to protect everypiece of resident information that we have in our possession. If we don’t, we could be putting them at risk for fraud.
Here’s a story of how someone was nearly defrauded on the basis of what would seem to be a harmless piece of information … their profession. The story is about a retired schoolteacher from Charlottesville, Virginia who sent $2,500 to a fraudster. I’ll call her Maria, which is not her real name.
Maria was a native Spanish-speaker who had emigrated to the U.S. from Peru when she was young. She supplemented her retirement income by working as a written translator and even joined the American Translators Association (ATA). On the basis of her ATA credentials, Maria was contacted via e-mail by a person who hired her to translate a study about human trafficking from Spanish into English. He sent the paper and Maria began the translation.
After all, the person found her on the ATA web site, he was polite and business-like, and human trafficking is a serious issue that needs more exposure. No problems, right? Wrong!
After she had completed a portion of the project, Maria requested an agreed upon partial payment of $1,500 and the customer gladly sent her a check, but for $4,000. When she asked him why he had sent a $4,000 check for a $1,500 invoice, he said it was a mistake and asked her to send him the $2,500 difference using a money transfer service. Eventually, the check turned out to be fake. But bad checks can take weeks to clear through the banking system and federal law requires banks to give customers access to funds after a certain number of days. Having had access to the funds, Maria sent the money to the fraudster. Fortunately, we were able to identify Maria’s transaction as a fraud and return her money before the fraudster picked up the funds.
While this is not a real estate story, it is a real story. The point is, a fraudster was able to get a simple piece of information – that Maria was a translator – and engineered an elaborate scheme (which included ripping a genuine human trafficking study from the Internet) to gain her trust. Further to the point is that every piece of information (even the most insignificant piece) can have value in a fraud scheme and we all have to do everything we can to protect our residents’ data.
Are you doing everything you can to protect your residents’ information? Maybe you are. Still, take a look at our Security Audit Checklist and see if there’s more that you can do. You can also view our recorded webinar, Best Practices to Safegaurd Your Business for more tips.