Buy now, pay later fraud up 66% in a year: Internet Scambusters #1,039
Use of buy now, pay later (BNPL) credit services jumped tenfold during the pandemic, creating a lucrative target for scammers.
They hijack users' accounts and create false identities, while BNPL providers themselves may not be treating their customers properly.
In this week's issue, we'll explain how the schemes work, how you can protect yourself, and what to do if you fall victim.
Let's get started…
Protect Yourself from Buy Now, Pay Later Scams
The growing popularity of "buy now, pay later" (BNPL) credit plans, where consumers make interest-free, staged repayments for their purchases, has been hijacked by fraudsters on an alarming scale.
They're using stolen or invented identity credentials to trick online retailers into handing over products and services for just a 25 percent deposit. And, although it's the retailers who carry the can for the rest of the debt, consumers are becoming increasingly caught up in the scam.
Furthermore, some BNPL providers have come under fire for failing to tell genuine purchasers exactly what they're agreeing to and the penalties they face for falling behind.
And because this financial sector is so young, many providers don't investigate buyers' creditworthiness, allowing some people to run up multiple debts that they're unable to repay. Transaction details are not even passed to the big credit reporting agencies, which means consumers can't tell if someone has opened a BNPL account in their name.
How BNPL Works
Many online retailers now offer the opportunity for customers to pay for their purchases in four stages. They pay the first 25 percent when they buy, and the remainder in three further equal payments.
The process involves setting up an account with the actual credit provider, not the retailer. Sometimes all the buyer has to do is provide their driver's license. It's quick and easy.
How Buy Now, Pay Later Fraud Works
Scammers use two main tricks to fool retailers.
They hijack existing BNPL customers' accounts, either by phishing or buying a person's confidential information, like Social Security numbers, on the black market.
Or they open accounts by creating fictitious or synthetic identities by combining details of different people into a single persona - "Frankenstein identities" as they're sometimes called in the financial security world.
(We reported on synthetic identity theft in issue #903 - Fake Identities Threat to Business + Coronavirus Scams Update.)
Mostly, the crooks use these accounts to make big purchases, sometimes delivered to "drop" addresses. These are usually either vacant properties or belong to people who innocently agree, for payment, to forward received items abroad. Fake addresses and porch piracy at genuine addresses are also used.
Oftentimes, consumer victims don't know they've been caught up in this web until they get a demand for the second staged payment - or they find an item on their doorstep that they didn't order.
Sometimes, the scammers make a couple of BNPL purchases and pay fully for them. Then they log onto their account and change the payment method to a stolen credit card using details bought on the Dark Web.
In another twist, drug dealers and other gangs are said to be using BNPL to launder cash proceeds of crime.
How Shoppers Can Be Caught Out
In addition to having their accounts hijacked, shoppers can be directly affected by the practices of some BNPL providers.
As mentioned earlier, there's the risk of taking on too much debt because the providers have no way of knowing how many other deals you signed up for. That's not a scam, of course, but the result can be the same - a debt collector at your door.
In a September report, the US Consumer Finance Protection Bureau (CFPB) highlighted worries about this and other risks shoppers face when signing up for a buy now, pay later deal.
It said the amount of information on issues like late fees, customer rights, cost of credit, and autopayments varied across the sector. And it found evidence that some shoppers were assessed multiple late fees for the same overdue payment.
There's also a looming major issue over data privacy. BNPL lenders are able to build up detailed profiles of shopper preferences and behaviors, which could be sold or used in targeted advertising.
"The practice of harvesting and monetizing consumer data across the payments and lending ecosystems may threaten consumers' privacy, security, and autonomy," the CFPB said.
What You Can Do
As we said earlier, you likely won't find out that someone has used your name to sign up for a BNPL deal till you get a demand for the second payment.
Protecting your personal information from hackers, using security software and frequently changing passwords are the best ways of preventing your details from falling into the wrong hands.
In addition, monitor all your financial accounts - banks and credit cards - for suspicious activity.
And if you're taking out a BNPL loan - yes, it's still called a loan - make sure you check out the terms and conditions of the deal before signing up.
If you do fall victim to an account hack, contact the BNPL provider and your bank and card companies. You can also lodge a complaint with the CFPB online or by phone at 855-411-CFPB (2372).
It's likely that buy now, pay later plans and scams will come under increasing scrutiny in the near future. Use of BNPL increased tenfold during the pandemic, with fraud cases jumping 66 percent from 2020 to 2021.
It'll be a three-trillion-dollar industry by the end of this decade. What an opportunity for scammers.
As fraud management specialists SEON said in a recent review: "There are some highly intelligent people conducting scams and fraud out there, and they are always looking for new avenues to make money. A sector as young as BNPL, with less of a clear legal landscape than others, is very attractive to such individuals."
This Week's Scam Alerts
Fake LinkedIn job offers: Scammers posing as recruiters are creating fake identities on the professionals social media site LinkedIn. They target victims with information about a bogus job and may even have online discussions with them. When they have their victim's confidence, they send more details of the supposed job in an Excel spreadsheet. Anyone who downloads it will install malware, probably ransomware, on their computer.
Not the Geek Squad: Crooks are imitating Best Buy's tech support and repair team, known as Geek Squad. They're sending out fake service renewal bills for hundreds of dollars via text messages. The text may say the amount will be automatically deducted from the victims' bank accounts and includes a phone number where you can dispute the charge or cancel membership. But it's a clever attempt at phishing for your bank account or payment card details.
Alternatively, they may ask you to pay with gift cards or allow them to remotely access your PC. If you don't have a Geek Squad account, you can safely ignore the message. If you do have an account and are concerned, check it with Best Buy.
That's it for today -- we hope you enjoy your week!