Ex-FTC director Steve Baker on how consumer fraud works
Fraud affects individuals and businesses worldwide causing significant losses and psychological distress. To dive into this persistent problem and get practical advice, Mark Kapczynski, Senior VP at Onerep, has talked to Steve Baker, founder of Baker Fraud Report, former director of the Federal Trade Commission (FTC), and member of the Better Business Bureau (BBB) Board of Directors. Read on to learn how scammers dig up and piece together personal information to commit fraud, which techniques they use, how you can prevent fraud from happening to you, and what you should do if you are a victim. This interview was originally recorded as a podcast that you can listen here, and has been edited for clarity and brevity.
Mark Kapczynski: Steve, could you tell us about your background and career?
Steve Baker: I was a senior manager at the FTC and I was always particularly interested in consumer fraud. After I retired, I joined the Better Business Bureau to write a series of in-depth studies of different kinds of fraud we see all the time. I also put out a free weekly newsletter called Baker Fraud Report that actually goes out all over the world. It’s dedicated to common fraud, news prosecutions, and research on fraud. This is actually a huge area. I mean, many people have it in their heads that fraud is pretty rare or easy to spot, or it’s just a couple of knuckleheads sitting in a cyber cafe, and it’s not. It’s totally worldwide. There’s the serious organized crime involved in this. There’s massive amounts of money and a lot of these frauds are not easy to spot. So education is really important. It’s why I’m so glad to be with you today to try to get the word out.
Many people have it in their heads that fraud is pretty rare or easy to spot, or it’s just a couple of knuckleheads sitting in a cyber cafe, and it’s not. It’s totally worldwide.”
Mark Kapczynski: Thanks Steve. I think what’s amazing is the sheer volume, differences in all scams and the variety of techniques that fraudsters use…
Steve Baker: Absolutely. Fraudsters are always ahead of the technology curve. They figure out the technology, particularly how it’s moving money faster than anybody. Even simple frauds, like “you’ve inherited a lot of money” scams that are full of grammar mistakes, are actually very successful, even if only a tiny fraction of people respond.
Scams like these give people the wrong idea that all fraud is crude and obvious. In fact, it’s not. I talked to a guy this morning who had his internet and cable TV with Comcast. He got a call purportedly from Comcast. He called the number back, and they offered to reduce his bill in half if he paid eight months in advance. They had his name, email address, and how much he owed Comcast. It sounded very legitimate at the outset. He eventually figured out it was a scam and contacted Comcast, who said they received hundreds of thousands of calls just like his.
The idea that callers come onto these things with your name, address, and often at least part of your social security number really lends them some credibility, and you really think you’re dealing with somebody reputable and somebody you know when you’re not. It’s just a fraud.
The idea that callers come onto these things with your name, address, and often at least part of your social security number really lends them some credibility, and you really think you’re dealing with somebody reputable and somebody you know when you’re not. It’s just a fraud.”
Mark Kapczynski: Let’s talk a little bit about how fraudsters get personal information to commit fraud? How do they piece it together and how does the data flow work?
Steve Baker: Well, there’s a huge amount of information on all of us floating around on the internet, particularly on the dark web. And a whole lot of it is just publicly available on databases. There are data brokers that pull together lists of people who are potential prospects for this or that sort of fraud. We’ve actually seen one of the major data brokers in the US prosecuted not long ago because they were pulling together lists of older people with money for fraudsters who claimed they had won the Publishers Clearing House Lottery.
Fraudsters also collect data from online forms. The FTC just warned about people looking for a lower mortgage rate. For example, you might see a form online that’s supposedly going to shop your information and find you the best deal. Sometimes those people are really just after your data.
Also, people give a lot of personal information out for free when they post their resumes online. I can’t believe there are people that actually put Social Security numbers on their resumes. Scammers siphon all this stuff up to get what they need.
Finally, there are companies out there that sell data for marketing leads. Just like salesmen who want to know who to contact at ABC business ventures buy lists of those people, scammers can buy that stuff or scavenge it up too. Then they can use it and know who to reach out to. So if you don’t know how it works, you’re likely to be tricked by the so called business email imposter scam where you get an email from a fraudster disguised as your CEO asking you to send money or share sensitive information. And these things have got some indicia that really makes them look legitimate. A lot of the business email compromise scams – if you look hard at the email address, you can see it’s not from whoever it claims to be from. But sometimes they actually do hack into email systems and so they’re really sending the email from the real account. There’s a lot of money at stake and these people are very professional. They even hire people to edit for grammar.
One of the business email compromise things that has been really troublesome last year, which has not been reported very much, is the redirecting people’s paychecks. So I, for example, had a friend in Chicago who was an executive, and she hadn’t gotten her paycheck direct deposited for a couple weeks. She called her boss and the HR to ask where her paycheck was. And they said, “Oh, well, you called us, you sent us an email and said you’ve changed to a new checking account. So we’ve been paying your money to that checking account.”
There are companies out there that sell data for marketing leads. So for salesmen to know who to contact at ABC business ventures, they can buy lists of those people and the scammers buy that stuff or scavenge it up, and then they can use it and know who to reach out to.”
Mark Kapczynski: At Onerep we remove people’s personal information from people-search websites that are publishing it. We are glad that more consumers are getting aware and starting to remove themselves. But how is it even possible that in the United States, people can buy and sell our personal information so freely?
Steve Baker: Like I said, the amount of data out there is scary. Even legitimate, big companies collect data, so they can sell it or target you with advertising to make you buy stuff, and sometimes they get breached, which makes all that information accessible to fraudsters.
I don’t think that we can really get rid of all this data but at least we make data collectors work a little harder, spend more money for it. Take me – I don’t want my home address out there. And I had to think about that with my fraud report email. I know that there are crooks looking for me sometimes so I don’t put my street address on it, even though I think I’m technically supposed to, under the Federal Trade Commission rules on this stuff. I just don’t want them to find me. I think we need to all take efforts to keep our data out of scammers’ hands if we can.
Mark Kapczynski: How about scammers? What happens to them? Do they just try to make a bunch of money and disappear at some point, or will they eventually be caught?
Steve Baker: Well, unfortunately, crooks feel very safe.
The chance of them being prosecuted if they’re outside the United States and preying on US consumers is pretty small.
I think we’ve had some success with some real law enforcement on it. For example, I have not gotten a robocall myself since January 1st of this year. The government has been cracking down on these robocall operations and suing the companies in the United States that let them into the US phone system.
Stopping fraud is tough also because crooks don’t tend to stop. They simply move from scam to scam, often running a whole stable of them, and they keep going for as long as the money rolls in.
Mark Kapczynski: What’s your advice for the average consumer? What should they be doing to protect themselves? And what’s the first step they should take if they become a victim?
Steve Baker: Common sense things will go a long, long way.
You need to guard your personal information. For example, use caution when completing online forms and enable two-factor authentication for your online bank account, or any other sort of underlying accounts with financial information. Also, look at email addresses very carefully before you respond to them.
If you have been ripped off, complain immediately, particularly if it involves credit or debit cards. In that case you can charge back and get your money back. Less than 5 percent of fraud victims complain to the Better Business Bureau or a local law enforcement agency. And they need those complaints to look for patterns, find other witnesses in cases they have been doing, and go ahead. Don’t get embarrassed, get mad, and do reach out to let law enforcement know about them.
Don’t get embarrassed, get mad, and do reach out to let law enforcement know about them.”
Like this interview? Listen to the full episode on Spotify, YouTube, Stitcher, or Pandora and visit bakerfraudreport.com to subscribe to Steve’s Baker Fraud Report.
Iryna is a marketer and content writer. She's been been focused on privacy for 5+ years and is on a mission to spread cybersecurity knowledge to as many people as possible.