The Agency Insider with Linda McGlasson

Mystery Shoppers: The Latest Fraud Scheme

Mystery Shoppers: The Latest Fraud Scheme

This all means one thing to me: If it's so popular with criminals, then it means they're making money from it. Last week, I caught up with a friend of mine who is a fraud expert and asked her about the mystery shopper scam. She confirmed my fear that it was not only popular, but spreading across the country. My friend, who is also the guardian for a person with special needs, spotted an official-looking envelope addressed to her ward. Sure enough, it was a "mystery shopper" offer, with all the bells, whistles, official logos, and a cashier's check that looked real.

She checked it out. The phone numbers, addresses, and contact information in the letter were all bogus, including the check. Why this scam is gaining such ground is because many retail and service corporations hire evaluators to perform secret or random checks on themselves or their competitors.

The IC3 says victims are contacted via e-mail or U.S. mail to apply to be a mystery shopper. 

How it works: The IC3 says victims are contacted via e-mail or U.S. mail to apply to be a mystery shopper. Applicants are asked to send a resume and are purportedly subject to an extensive background check before being accepted. The employees are sent a check with instructions to shop at a specified retailer for a specific length of time and spend a specific amount on merchandise from the store. In the case of the fraud expert's check, it was drawn on a non-existent Sun Trust Bank account.

The employees receive instructions to take note of the store's environment, color, payment procedures, gift items and shopping/carrier bags, then report back to the employer. The second evaluation is the ease and accuracy of wiring money from the retail location. The money to be wired is also included in the check sent to the employee.

The remaining balance is the employee's payment for the completion of the assignment. After merchandise is purchased and money is wired, the employees are advised by the bank the check cashed was counterfeit, and they are responsible for the money lost in addition to bank fees incurred. Sadly, many people are falling for this scam. In the case of my friend the fraud expert, she averted a crime against her ward. Others who may be looking for extra money will fall for the scam.

The IC3 says in other versions of the scheme, applicants are requested to provide bank account information to have money directly deposited into their accounts. The fraudster then has acquired access to these victims' accounts and can withdraw money, which makes the applicant a victim of identity theft.

As information security pros at responsible organizations, all of us need to educate our customers about these kinds of scams. They're designed to take a trusting person's naïve belief in that they're doing something honest by working and use it against them for criminal gain.

Here are some tips you can use to avoid becoming a victim of employment schemes associated with mystery/secret shopping:

  • Do not respond to unsolicited (spam) e-mail.
  • Do not click on links contained within an unsolicited e-mail.
  • Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders. Virus scan all attachments, if possible.
  • Avoid filling out forms contained in e-mail messages that ask for personal information.
  • Always compare the link in the e-mail to the link you are actually directed to and determine if they match and will lead you to a legitimate site.
  • There are legitimate mystery/secret shopper programs available. Research the legitimacy on companies hiring mystery shoppers. Legitimate companies will not charge an application fee and will accept applications online.
  • No legitimate mystery/secret shopper program will send payment in advance and ask the employee to send a portion of it back.
  • People who believe they have information pertaining to mystery/secret shopper schemes are encouraged to file a complaint at www.IC3.gov.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.