How does this scam work?
Asked by
downtide (
23815)
May 19th, 2011
I work for a company that sells breakdown assistance for cars. I have noticed a trend of fake accounts that are clearly being set up as a scam, but I can’t imagine how anyone can actually benefit from it. Here are the details:
All the accounts are set up on our website, so there is no salesperson collecting commission.
All the accounts are set up for disabled drivers.
All the accounts are using fake or stolen bank details, so payment never gets collected and the accounts lapse shortly afterwards.
They are set up on a variety of addresses, some of which don’t exist at all. Most of the outgoing mail is being returned to us undelivered by the Post Office.
There can be up to 40 accounts to each chosen address
Most of the names look like someone just mashed the keyboard. Stuff like “Mr Adshgdjsh Adsfdfjhdf”
Where there is a telephone number provided, it is usually an unrelated business number, presumably they’ve just taken random phone numbers out of the yellow pages.
These accounts couldn’t ever be used or refunded because they were never paid for, and they’re clearly not ID theft with those randomly-mashed names. What on earth is going on?
Observing members:
0
Composing members:
0
18 Answers
Other than wasting your time ferreting them out and deleting them, you mean?
Can you clock access to your site from that IP address?
Could it be a disgruntled former employee?
It doesn’t sound like a scam, but like someone trying to mess with you, as @marinelife suggested.
@marinelife well we don’t need to delete these accounts, they delete themselves in 6 weeks. It’s no extra work for us. There is an additional cost in the mailings that are going out, but I can’t imagine this is the work of just one disgruntled person. There are literally thousands, if not tens of thousands of these accounts, and hundreds every day.
Is someone trying to set-up a “denial of service” by overloading your website?
@Tropical_Willie I don’t think so. If they are, they’re failing pathetically. This has been going on-and-off for months, they’re not trying to do it all at once.
It might be a spam bot creating automatic accounts. A lot of the less sophisticated ones cannot tell the difference between types of sites, so they just sign up everywhere and provide whatever information is requested. Does your site require CAPTCHA authentication?
If there’s really no money coming the only think I can think is maybe… is it a branch of a larger company? Is there any reason why someone might be trying to make it look like you are doing more business, pulling in more new accounts than you actually are? Are these accounts created by a person or perhaps, as @SavoirFaire are they possibly being created by a spam bot?
Total speculation: it could be someone with a boatload of credit card info trying to see which are usable. Any that pass your checks could be viable elsewhere.
Is the CEO’s bonus dependent upon increasing the number of new customers?
If yes, there’s your answer.
Some things to keep in mind that may help you resolve this:
1. It’s being done by a human or human-controlled script or machine. That is, they aren’t random events and they most likely aren’t being done by God himself (or Satan) or gods / devils by other names for purposes beyond human understanding.
2. Since it’s a human-controlled activity, and it’s happening over and over, someone is benefiting in some way.
3. The fact that “stolen” bank account numbers may be used is telling. Stolen accounts indicate a greater degree of culpability than simply “bogus” or “made-up” account numbers.
4. The addresses provided as mailing addresses may be interesting to plot on a map. Why aren’t the mailing addresses as apparently bogus as the names, one wonders? (Does your software check that the addresses are real, and prevent many thousands more attempts that are as unrealistic as the names?)
5. The fact that all of the ‘new users’ sign up as “disabled drivers” may also be a key. Is the signing-up process different in some way for these users?
6. How many accounts lapse or are cancelled just after the first payment is received? How many of those first payments are refunded (for whatever reason) at the time of cancellation? What are the names on those accounts? Have you done any statistical analysis on the entire database of users / addresses / longevity of accounts? It would be interesting to see what account holders live near the bogus addresses.
7. Does the software check for legitimacy of telephone numbers during the signup process? Why would the bogus user enter Qwerty Asdfg as a name (for example) and then go to the trouble of looking up a real telephone number to complete the application?
I’m wondering if some of this might be an attempt by your own website security people to test their own procedures and methods of screening for bogus account holders.
So who sets up these accounts? The customer? Or the business? If the customer sets them up, what are they for? To purchase the insurance? Do you have to supply a credit card number to open an account? If you do, why isn’t the fake number rejected immediately so the account cannot be opened?
What bank details are used to set up the account? A checking account number? Is permission for automatic transfers required? Are the bank account numbers checked? Or does the fact that payment never comes in terminate the account?
Do you think the company is trying to scam someone? Say, a bank? Or is an outsider trying to scam the company?
It sounds kind of idiotic. Could it be a teenager exercising his hacking chops?
Yeah, it sounds like someone’s trying to give your company a black eye… A disgruntled customer or former employee…
It sounds like someone is trying to get a quote or see what the steps are to getting roadside assistance without actually putting any of their information in.
@WasCy
1. – I can’t tell if it’s being done by a human or a bot, and I’m not high enough up the chain of command to convince the people who know, to check.
3 – This makes a lot of sense.
4 – The software doesn’t check whether an address is real before sending out mail. I have no idea how such a system could be developed.
5 – The process for a disabled driver is no difference – Again I;m not high enough up the chain to do this kind of research or convince anyone else to do it. . It’s just one checkbox on the site. Makes me think that it’s a bot, with the instruction to “fill in every field” The trouble with finding other account holders who live near the bogus addresses, it’s always “lots”. Pick any street in the UK and you will typically find 25% of the households are customers in one form or another. The bogus unpaid accounts always lapse six weeks after the failed payment. I have no way to search the database to find out how many (if any) have been paid successfully – I guess we’ll know next year when they come up for renewal?
7. There’s no way to check the phone numbers are legit. We could dial them but that would be a huge expense, and a lot of them ARE real phone numbers, they’re just not numbers that belong to “Mr Random Name”.
@wundayatta – they are all set up by the customer to purchase the insur\ance (or the scammer) and they all use a bank checking account as payment. It takes about 3 days for us to get an answer back from the bank as to whether the bank account is legit or not and then the account goes on hold. The account is automatically terminated after 6 weeks if payment is not received. An unpaid account cannot be used, no claim can be made.
@BBSDTfamily – it’s very easy to get a quote off our website without filling in any information. No personal info is required to get a quote, only for purchase.
I like the theory that it’s somehow testing stolen bank accounts to see which ones slip through (customers not checking their bank statements and not noticing an unauthorised payment). But why then, also use seemingly made-up bank details as well? Unless they’re not stolen at all, they’re just systematically going through every single possible number to see which ones are hits… that might explain why there are so many.
Thanks for the suggestions everyone.
Sounds like a lot of the very strange spam we get here at Fluther. I’ve yet to see any way that ‘profile spammers’, as we call them, get anything out of the endeavor, but they persist, day in and day out. Create a profile, post a link on the profile, and disappear. It’s as if they think thousands of people will see the profile without them ever posting a question or answer on the site. Weird.
It does sound like someone testing account numbers. If it weren’t for that, it would seem like it could be a competitor testing your site out bank account security for different banks. If the only thing that’s real is all bank accounts are stolen accounts, then that is the purpose. They log the account when stolen, to see if its been reported. If not, then they run up a lot of charges elsewhere.
I agree with @BarnacleBill . It can be a quick way to check if the account is good. If you accept the charges the scammer can immediately use the card elsewhere.
This should be reported to the bank. You would help take a lowlife or two off the street.
I would speak with someone from your IT department at break time. They must be aware of it and must have some theories as to what is going on. I take it you have already raised it with your boss as it is potentially an attempt at fraud.
Answer this question
This question is in the General Section. Responses must be helpful and on-topic.