cyrilkahnauthor

How Do I File a Fraud Report with the FBI?

How Do I File a Fraud Report with the FBI?

Businesses nowadays face more cybersecurity challenges than ever before. As technology progresses, so are hackers, who are taking advantage of organizations during this period of rising virtualization. Simple online operations like emailing, making purchases and clicking links present significant threats to Organizations and their personnel. Fortunately, the FBI has an online division—the Internet Crime Complaint Center (IC3)—that offers important online safety advice and increases awareness of cybercrime. Keep reading and discover how this division works and how it might protect your business, staff, and clients online.

Here is what your company should know regarding the Internet Crime Complaint Center (IC3):

Describe The Internet Crime Complaint Center

Its mission statement claims that the Internet Crime Complaint Center (IC3) “offers a reliable and convenient reporting mechanism for submitting information to the FBI – Federal Bureau of Investigation – related to suspected Internet-facilitated illicit activity and to develop effective alliances with law enforcement and industry partners. Information is assessed and shared for public awareness and investigative and intelligence purposes of law enforcement.

Initially founded in 2000 as the Internet Fraud Complaint Center, the program quickly went beyond its original scope of “fraud” to encompass all unlawful Internet activity and was renamed the IC3 in 2003. The IC3 specializes in ransomware, a type of malware intended for extortion.

To help consumers and businesses in defending themselves against online criminals, the FBI IC3 regularly releases public announcements and yearly reports on cybercrime. These updates could include other information, common cybercrime strategies, complaints of certain kinds of cybercrime, and advice for company owners.  

Below, we’ve collated crucial information for businesses regarding the surge in cybercrime that the IC3 released last year, including business email compromise, technical and customer service fraud, and impersonation of firms on job recruitment websites.

Working With IC3: How to Report A Wire Transfer Scam

In order to understand how firms might work with the IC3, consider the process of responding to an unauthorized wire transfer. The FBI deals with a range of wire transfer techniques, and their IC3 Recovery Asset Team (RAT) can assist in freezing funds before a cybercriminal receives payment.

Here’s how the process looks:

  1. An employee gets a request for a fraudulent wire transfer. Unlike routine bills, these transfer requests can originate from a business email hack, brand impersonation, or social engineering attack. Before verifying the legitimacy of the request, one of your workers approves it.
  2. After detecting fraud, notify your IT staff or Managed Services Provider (MSP) and collaborate with them to report the incident to the IC3.
  3. After submitting the form, the RAT team will recover the wire transfer by the end of the day. Depending on how quickly you submit the fraud report, your bank may notify you that they were successful in recouping the loss as a result of the FBI investigation.
  4. Your business and IT team will send the necessary documentation to the IC3 regarding the scam, including:
  5. Amount transferred.
  6. Forensic data includes IP addresses.
  7. Any communication related to the request, including the original email or documents.
  8. Bank account and routing numbers.

Business Email Compromise Scams

Business Email Compromise Scams

Business Email Compromise/Email Account Compromise (BEC/EAC) refers to frauds that target legitimate financial transfer requests from businesses and individuals. This is common when a subject compromises a legitimate email account through social engineering or a computer breach to perform unlawful transactions. Subjects may use this strategy to target employees’ Personally Identifiable Information (PII) or Wage and Tax Statement (W-2) forms. The FBI reported a 65% rise in losses from this type of scam between July 2019 and December 2021. Part of this rise was due to the virtualization of many corporate transactions following the start of the COVID-19 pandemic.

They provided critical takeaways for businesses to protect themselves against this type of crime:

  • Confirm the utilization of outside virtual meeting platforms.
  • Regularly monitor financial accounts for irregularities.
  • Check for misspelled domain names in hyperlinks.
  • Avoid sharing login credentials or personal information via email.
  • Ensure the sender’s email address matches who it is coming from.
  • Ensure the URL in emails is associated with the business/individual it claims to be from.
  • Use two-factor authentication or secondary channels to verify account change requests.
  • Ensure the employees’ computer settings are enabled to allow full email extensions to be viewed.

Customer Support Fraud Schemes

Technical and Customer Support Fraud means scams in which a criminal impersonates a technical or customer support/service in order to mislead someone into providing personal information. Victims have filed fraud reports, including incidents of banking support impersonators, cryptocurrency support impersonators, ride-sharing support impersonators, utility, cable, or internet support impersonators, and travel support impersonators. These scammers frequently request that victims make wire transfers to international accounts or utilize cryptocurrency to transfer payments. They will also cold-call owners about fictitious “problems” and offer “solutions” that require them to provide personal information, transfer dollars, download software (which turns out to be malware), or engage in other seemingly authentic activities.

The FBI suggests the following for firms who want to protect themselves from these types of scams:

  • Change passwords on a regular basis.
  • Use virus scan software to detect possibly dangerous software.
  • Remember that legitimate support personnel will not initiate unsolicited contact. 
  • Do not grant remote access to unknown or unverified individuals.
  • Resist the urge to act quickly to protect your device or account. 
  • Install ad-blocking software and keep your computer’s anti-virus, security, and malware protection up to date. 
  • Be cautious of customer support numbers found through web searches. Instead, find support contact information directly on the company’s website.

Recruitment Spoofing Campaigns

The third common cybercrime we want businesses to be aware of is one in which criminals impersonate organizations on job recruitment websites. Companies fill job openings creatively and efficiently using websites such as LinkedIn, Indeed, and Glassdoor. To fool job hunters into revealing personal information or money, scammers have started advertising fictitious positions. They regularly perform an outstanding job of impersonating genuine companies, therefore damaging not only the job seeker who falls for a scam but also the reputation of the impersonated company.

When fraudsters maliciously utilize the company’s name or brand, victims could think that the company is behind the crime. If scammers use the same brand frequently enough, as they are sure to do if it is working for them, word spreads rapidly that the company is not trustworthy. This type of negative reputation can make it more challenging to hire skilled employees.

An example of this scam can be found in the report:

“In April 2021, a human resources (HR) manager was approached by a job seeker who applied for a position posted on a popular networking website. The job seeker applied for the job and was promptly contacted, interviewed, and offered employment opportunities by the scammers. However, the job seeker became suspicious that the job was fake and contacted the company directly. The HR manager acknowledged that the job hadn’t been posted by the organization and was fake. The scammers used a spoofed email account to impersonate the actual identity of the business employees.”

The IC3 recommends the following.

  • Develop a plan for staff to recognize and file a fraud report for dubious job listings.
  • Enable security features on job posting sites, such as blocking unauthorized posts and requiring secure verification.
  • Enforce rigorous user controls on your organization’s networking sites. Do not share your account’s email and password with other people.
  • List job postings on your official business website with instructions on how to apply, including the company’s legitimate contact information.
  • If your company has been used in fake job postings previously, warn applicants about previous fake job postings by including a warning on your job listing or careers page.
  • Monitor for fraudulent activity on your organization’s accounts and networking sites. Enable automatic change notifications and multi-factor authentication for all changes to account settings.
  • Check for fake job advertisements using your company name on popular networking platforms and locations where your business posts employment opportunities. File fraud reports of fake postings to the website’s administrator and the FBI Internet Crime Complaint Center (IC3) at IC3.gov.

How To File a Complaint with The IC3

How To File a Complaint with The IC3

Businesses Should Report Cybercrime to The IC3

The FBI defines internet crime as any unlawful conduct on the internet, including websites, chat rooms, and email. Internet crime is defined as the use of the Internet to make false or fraudulent statements to consumers. These offenses may include but are not limited to, advance-fee schemes, failure to deliver goods or services, computer hacking, and employment/business opportunity schemes.

Provide Contact Information and Precise Details

To file a complaint, provide your name, address, phone number, email, financial transaction information, the subject’s name, address, phone number, email, website, and IP address, complete details about the victimization, and any additional relevant information. Canceled checks, receipts, pamphlets or brochures, emails, hard drive photos, PCAP files containing illicit network traffic, network, host system, and/or security appliance logs, malware copies, chat transcripts, and/or telephony logs are all examples of relevant evidence.

Each complaint assists the IC3 in gathering data on cybercrime in order to continue creating cybersecurity best practices and disseminating that information to the public. It is vital to understand that the IC3 does not conduct investigations. When they get a complaint, they study and investigate it before forwarding the information to the appropriate local, state, and federal enforcement organizations.

Utilize FBI-Provided Resources

The FBI website provides valuable updates, data, and best practices for cybersecurity. Businesses should refer back to it frequently to stay up to date on the latest cybersecurity threats and dangers. The IC3 website has just as much information for individuals as it does for businesses, so everyone should visit it.

FAQ’s – Frequently Asked Questions

1. How can I let the FBI know about an incidence of fraud?

To file a fraud report, visit www.ic3.gov, the FBI’s Internet Crime Complaint Center (IC3). On this website, people can report different kinds of fraud, such as money fraud, identity theft, and internet scams. As you document your report, be as detailed as you can. The FBI will review the complaint and, if required, conduct further investigations, assisting local law police or another agency.

2. What details should I add to my fraud report?

You have to submit comprehensive information filing a fraud report to the FBI. Specify the kind of fraud, the individuals involved, the date and time of the incident, any messages sent, and any financial activity conducted. Attach any data or proof—such as receipts, emails, or screenshots—that bolsters your claim. This will enable authorities to better understand the problem and aid in their investigation.

3. Can I tell the FBI about fraud under cover of anonymity?

Every person can indeed anonymously submit a fraud report using the FBI’s Internet Crime Complaint Center (IC3). Although anonymity is allowed, it is encouraged to give your contact information.  If the FBI requires you to ask follow-up questions or call for more specifics, they might require you to get in touch with you. Sharing your contact information increases your chances of helping in the investigation while also preserving confidentiality and privacy all through the process.

4. Is there a specific type of fraud the FBI handles?

The FBI investigates financial crimes, identity theft, cybercrime, and scams threatening national security, among other fraud types. Reporting fraud helps your case reach the right FBI division. The agency regularly collaborates with local, national, or international law enforcement or regulatory agencies, depending on the extent of the incidence.

5. What happens after my FBI fraud report submission?

The FBI will examine the data after the submission of a fraud report to figure out whether it comes under their jurisdiction and whether sufficient proof exists for an investigation. If your case is actionable, you may be called for more information or additional explanation. To handle the investigation, the FBI might also cooperate with other organizations or local law enforcement. Remember that although not all reports result in quick responses, your submission raises awareness of continuous fraudulent behavior.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top