An overpayment scam, also known as a refund scam, is a type of confidence trick designed to prey upon victims' good faith. In the most basic form, an overpayment scam consists of a scammer claiming, falsely, to have sent a victim an excess amount of money. The scammer then attempts to convince the victim to return the difference between the sent amount and the intended amount. This scam can take a number of forms, including check overpayment scams and online refund scams.
The scam has many variants, but all of them include some combination of a fraudulent payment from the scammer to the victim and a legitimate payment from the victim to the scammer.
In a check overpayment scam, the scammer will pay the victim for goods or services (often in response to an online or classified advertisement, though there are a number of other premises for check overpayment scams) with a fraudulent check of an amount in excess of the intended amount. In some cases, the scammer will claim that the difference between the intended amount and the amount on the check is due to customs or other import fees, or shipping fees. [1] The fake check can present either as a personal or cashier's check. The scammer then requests that the victim pay them the excess between the intended amount and the amount on the check. [2] After the victim does so, they discover that the scammer's check was fraudulent, losing their money. In addition, if the check was sent in response to an online or classified advertisement and the victim has already sent or delivered the item being sold to the scammer, the victim loses their item as well.
The check variant of the overpayment scams, as well as other confidence tricks where scammers send the victim an illegitimate check, work in part because of the delay—sometimes days or weeks—between a customer depositing a check at a bank and the check clearing and being verified as legitimate. [3]
In an online refund scam, a scammer usually finds potential victims by cold calling phone numbers until there is a responsive victim. The scammer pretends to represent either a well-known large company or a smaller company offering a service of some kind. The scammer tells the victim that the company owes the victim a refund either for a product that the victim supposedly ordered or a service that the company can no longer provide. In a similar version, a scammer impersonating an e-commerce website such as Amazon or eBay tells the victim someone fraudulently ordered an expensive item using the victim's account and offers the victim a refund for the supposed fraudulent transaction. The scammer will request to access the victim's computer using remote desktop software, and then ask the victim to log in to their online banking website. In some cases, the scammer has the victim fill out an online form with the amount that they are supposedly owed, which they later claim the victim filled out incorrectly. The scammer blanks the victim's screen using the remote access software, and uses the web development tools of the victim's browser to temporarily edit the online banking webpage to show a transfer into the victim's account. While no transfer has actually taken place, when the scammer restores the victim's ability to see the screen, the edited version of the webpage may convince them that the scammer did indeed transfer money into their account. [4]
After the victim believes that a transfer has gone through, they then discover that the amount supposedly transferred into their account is larger than expected. Using the good faith of the victim against themselves, the scammer often claims that their job is at stake if the victim doesn't return the difference between the intended amount and the supposedly paid out amount. In cases where the scammer told the victim to fill out a form, the scammer will claim the victim is responsible for the error, in order to induce guilt. The scammer may also resort to aggressive tactics such as threatening and intimidation to force their victim into complying with their demands. The return is done by wire transfer, money order, or sometimes by store gift card, which the scammer then redeems, making it near impossible for the victim to retrieve their money after being scammed in this way. Some amount of time later, the victim then finds out (possibly by reloading their online banking website, as reloading the page removes the scammer's changes) that the scammer never transferred any money into their account at all, and that any money sent to the scammer has been lost. [4]
Online refund scams can also be considered a form of technical support scam, as they largely follow the same format of connecting to the user's computer with remote access software. In addition, some online refund scams have been targeted at users who had previously fallen victim to technical support scams, claiming that the company which originally conned the victim had gone out of business and could no longer provide the "security services" the victim paid for in the original scam. [5]
A scammer offers to buy an item on an online marketplace such as Facebook Marketplace using Venmo or Zelle. The scammer tells the seller (victim) that to complete the transaction, the seller needs to upgrade their account to a business account. The scammer sends the victim a bogus payment notice for the item's price plus what they claim is a business account upgrade fee, then asks the victim to buy the upgrade from someone impersonating the payment processor so that the victim can receive their payment. The victim does not actually receive any payment, but the scammer receives a fraudulent "upgrade" payment from the victim. [6] [7]
A rental scam is a form of overpayment scam that exploit renters through fake listings and false roommate offers. Scammers may overpay by check, asking victims to refund the difference, only for the check to later bounce, leaving victims liable. Other scams involve fake listings where scammers posing as landlords request deposits before viewings, or charge high fees for background checks, mirroring tactics in check overpayment scams. Rental scams often preys on financial urgency and renters' trust. [8]
An advance-fee scam is a form of fraud and is a common confidence trick. The scam typically involves promising the victim a significant share of a large sum of money, in return for a small up-front payment, which the fraudster claims will be used to obtain the large sum. If a victim makes the payment, the fraudster either invents a series of further fees for the victim to pay or simply disappears.
Scam baiting is a form of internet vigilantism primarily used towards advance-fee fraud, IRS impersonation scams, technical support scams, pension scams, and consumer financial fraud.
Internet fraud is a type of cybercrime fraud or deception which makes use of the Internet and could involve hiding of information or providing incorrect information for the purpose of tricking victims out of money, property, and inheritance. Internet fraud is not considered a single, distinctive crime but covers a range of illegal and illicit actions that are committed in cyberspace. It is differentiated from theft since, in this case, the victim voluntarily and knowingly provides the information, money or property to the perpetrator. It is also distinguished by the way it involves temporally and spatially separated offenders.
419eater.com is a scam baiting website which focuses on advance-fee fraud. The name 419 comes from "419 fraud", another name for advance fee fraud, and itself derived from the relevant section of the Nigerian criminal code. The website founder, Michael Berry, goes by the alias Shiver Metimbers. As of 2013, the 419 Eater forum had over 55,000 registered accounts. According to one member, "Every minute the scammer I'm communicating with is spending on me is a minute he is not scamming a real potential victim."
Email fraud is intentional deception for either personal gain or to damage another individual using email as the vehicle. Almost as soon as email became widely used, it began to be used as a means to defraud people, just as telephony and paper mail were used by previous generations.
A lottery scam is a type of advance-fee fraud which begins with an unexpected email notification, phone call, or mailing explaining that "You have won!" a large sum of money in a lottery. The recipient of the message—the target of the scam—is usually told to keep the notice secret, "due to a mix-up in some of the names and numbers," and to contact a "claims agent." After contacting the agent, the target of the scam will be asked to pay "processing fees" or "transfer charges" so that the winnings can be distributed, but will never receive any lottery payment. Many email lottery scams use the names of legitimate lottery organizations or other legitimate corporations/companies, but this does not mean the legitimate organizations are in any way involved with the scams.
A cashier's check is a check guaranteed by a bank, drawn on the bank's own funds and signed by a bank employee. Cashier's checks are treated as guaranteed funds because the bank, rather than the purchaser, is both the drawee and drawer and is responsible for paying the amount. They are commonly required for real estate and brokerage transactions.
A romance scam is a confidence trick involving feigning romantic intentions towards a victim, gaining the victim's affection, and then using that goodwill to get the victim to send money to the scammer under false pretenses or to commit fraud against the victim. Fraudulent acts may involve access to the victim's money, bank accounts, credit cards, passports, Cash App, e-mail accounts, or national identification numbers; or forcing the victims to commit financial fraud on their behalf.
Voice phishing, or vishing, is the use of telephony to conduct phishing attacks.
Telemarketing fraud is fraudulent selling conducted over the telephone. The term is also used for telephone fraud not involving selling.
A work-at-home scheme is a get-rich-quick scam in which a victim is lured by an offer to be employed at home, very often doing some simple task in a minimal amount of time with a large amount of income that far exceeds the market rate for the type of work. The true purpose of such an offer is for the perpetrator to extort money from the victim, either by charging a fee to join the scheme, or requiring the victim to invest in products whose resale value is misrepresented.
A scam letter is a document, distributed electronically or otherwise, to a recipient misrepresenting the truth with the aim of gaining an advantage in a fraudulent manner.
The parcel mule scam, also known as the reshipping scam, involves scammers and unsuspecting victims handling goods to other countries. In some ways it is similar to the money mule scam. Scammers use fake advertising to hire mules. Items are bought with stolen cards, and since the goods are typically re-sold once shipped, this scam can be viewed as an indirect form of money laundering.
A card-not-present transaction is a payment card transaction made where the cardholder does not or cannot physically present the card for a merchant's visual examination at the time that an order is given and payment effected. It is most commonly used for payments made over the Internet, but can also be used with mail-order transactions by mail or fax, or over the telephone.
A technical support scam, or tech support scam, is a type of scam in which a scammer claims to offer a legitimate technical support service. Victims contact scammers in a variety of ways, often through fake pop-ups resembling error messages or via fake "help lines" advertised on websites owned by the scammers. Technical support scammers use social engineering and a variety of confidence tricks to persuade their victim of the presence of problems on their computer or mobile device, such as a malware infection, when there are no issues with the victim's device. The scammer will then persuade the victim to pay to fix the fictitious "problems" that they claim to have found. Payment is made to the scammer via gift cards, which are hard to trace and have few consumer protections in place. Technical support scams have occurred as early as 2008. A 2017 study of technical support scams found that of the IPs that could be geolocated, 85% could be traced to locations in India, 7% to locations in the United States and 3% to locations in Costa Rica. Research into tech support scams suggests that millennials and those in generation Z have the highest exposure to such scams; however, senior citizens are more likely to fall for these scams and lose money to them. Technical support scams were named by Norton as the top phishing threat to consumers in October 2021; Microsoft found that 60% of consumers who took part in a survey had been exposed to a technical support scam within the previous twelve months. Responses to technical support scams include lawsuits brought against companies responsible for running fraudulent call centres and scam baiting.
Kitboga is the Internet alias of an American Twitch streamer and YouTuber whose content primarily focuses on scam baiting against phone fraud. His channel has over one million followers on Twitch, and his YouTube channel has over three million subscribers.
Jim Browning is the Internet alias of a software engineer and YouTuber from Northern Ireland whose content focuses on scam baiting and investigating call centres engaging in fraudulent activities.
An SSA impersonation scam, or SSA scam, is a class of telecommunications scam targeting citizens of the United States by impersonating Social Security Administration employees. SSA scams are typically initiated through pre-recorded messages, or robocalls, that use social engineering to make victims panic and ensure they follow instructions given to them. In 2018, over 35,000 instances of SSA scam robocalls were reported to the Better Business Bureau with over $10 million lost by victims. Approximately 47% of Americans were subject to an SSA scam robocall during a three-month period between mid- to late 2020, and 21% of seniors were subject to at least three robocalls during the same time period.
A package redirection scam is a form of e-commerce fraud, where a malicious actor manipulates a shipping label, to trick the mail carrier into delivering the package to the wrong address. This is usually done through product returns to make the merchant believe that they mishandled the return package, and thus provide a refund without the item being returned. It can also be done by the seller, generally by creating fraudulent online stores or creating fake listings on sites such as eBay or Mercari. This makes it very hard to perform a chargeback, as the tracking shows the item has been delivered. This is also known as an FTID scam, standing for Fake Tracking ID. When this scam is successful, the tracking number will show that the package has been delivered to the correct address, when the package was instead delivered to a different address. This package is generally empty or filled with garbage. However, this scam has mostly been “patched” via new technology provided by the various couriers globally. It is estimated the scam cost retailers £18,000,000,000 in lost revenue.