The calls often follow a familiar pattern and a similar script. An individual purporting to be from a law enforcement agency calls from a spoofed number into a store and gets a manager or other keyholder on the line. Then, using extremely high-pressure tactics and a sense of urgency—and perhaps dropping the name of an asset protection or loss prevention executive to lend credibility—gets the store employee to activate a green dot Visa card.
“Their final goal is to have an employee move as much money as possible from a retail store: to purchase and activate a prepaid gift card from a third-party retailer, transmit activated gift card numbers via talk, text, or email, and immediately drain cards for financial gain and with little recourse for the victim,” explained Jeff Hunter, Under Armour senior manager for central and west regions, during a session at the NRF Converge conference in June titled, “Phoning It in: Phishing Scam Bites Retailers.”
There are variations of the scam. For example, the call may come from the cloned phone number of an LP or other company executive and the narrative hook evolves as fraudsters lean into scam lines that prove most successful, such as an internal loss prevention investigation, an FBI investigation, counterfeit cash claims, or outstanding charges from a utility or the IRS.
Pre-paid green dot credit cards are the most common theft vehicle—about 90 percent—but wire transfers and other transferrable fund tenders may be used. It can be obvious, in a follow-up investigation, that the scammer spent some time crawling around on LinkedIn.
Although success would seem unlikely, “The emotional hijack that takes place during the scam is significant and believable,” warned Ryan O’Hara, loss prevention director for the Americas at VF Corp, whose brands include Altra, Dickies, and Eagle Creek. “They’re adept at being able to tap into emotion of a leadership team at the store level.”
Developing Best Practices
As groups of retailers have started sharing information on the scam, they’ve identified 170 successful scam attempts totaling more than $460,000 in losses, but those probably represent just a fraction of the true total.
As they increase collaboration, retailers are still formulating best practices for fighting the scam, but they have identified several measures that retailers may find useful, explained Ian Hartman, director, area loss prevention for PSEB LLC. As the target of scammers, countermeasures need to be deployed at the store level, he suggested.
- Signage on store safes. “Something as simple as, ‘Stop! Are you being asked to remove funds?’ is just one more reminder that if someone is asking you to take money out than it is probably a scam,” said Hartman.
- Roleplaying with new managers. Scammers rely on store management churn to make their frauds work. “Before assigning keys it can be helpful to do some scenario role play to ensure they are equipped right out of the gate to handle these types of things and to raise their awareness of these types of scams,” Hartman said.
- Raising awareness among store staff. Fraudsters will call stores to gather intelligence they can use to make their scam more believable, such as the names of district managers or contact in asset protection. Employees should be reminded to report such contacts to the loss prevention department, advised Hartman.
- Sharing scam attempts across the retail organization. Scam attempts will cascade across a chain until they succeed, warned Hartman. “Some sort of established phone tree or process across the fleet so that the particulars of a phishing attempt on a store in Iowa just doesn’t end there,” said Hartman. “You need a process to spread the word when phone calls start to generate across the fleet.”
- Featured topic in conference calls. Scams like the green dot visa phone phishing can be a topic in monthly conference calls with field leadership, which can then cascade to store associates to drive greater awareness, according to Hartman. “They might hit hard in April and then not again until November,” he said, suggesting that awareness education needs periodic refreshers. “We need to keep people aware of what’s going on an ongoing basis.”
Reporting Scams to the FBI
As more stores share their experience with this type of fraud—which was the expressed hope of the NRF Converge panelists—the hope is to add to the list of best-practice mitigation measures. Better collaboration may also add to the list of red flags to make scams easier to identify and to assist the FBI in cracking down on the groups running them. “There is power in numbers, and we hope this is a model for fighting this and other frauds,” said Under Armour’s Jeff Hunter.
“For us to be effective, getting every individual piece of the puzzle helps,” said FBI Special Agent David Mitchell, who encouraged loss prevention leaders to reach out to him to report details from attempted scam attempts at a dedicated contact point: Retail_Fraud_Ring@fbi.gov. “Getting every individual piece of the puzzle helps us put something together in terms of who is doing it and where are they?”
While the ubiquity of phone scams may make them seem unnecessary to report, Mitchell said it is important so the agency can put appropriate resource into fighting it and because “we’re looking at a more coordinated and cohesive attempt at defrauding your organization and the FBI is interested in that,” he said. “The FBI is watching the evolving nature of frauds and scams and we need to be on top of new trends and changes in the ways that schemes are conducted.”
Helpful to the FBI, said Mitchell, are basic facts about the encounter: “the who, what, when, and where.” Information such as the phone numbers used, names and titles of individuals cited, and locations used to purchase prepaid cards. Physical evidence can also help, including the cards, even if destroyed; recordings of the conversations with fraudsters; and any statement that an LP team gathered from the victim at the store.
Mitchell said the FBI is sensitive to the obstacles that loss prevention executives face in the form of policies that restrict their ability to share specific case information, and they will work to provide materials—a letterhead memo requesting information or a subpoena—to help satisfy company policies.
The FBI also has resources in the form of Victim Witness Coordinators that can help support employee victims of these crimes, which is an issue that retailers should not underestimate, said SA Mitchell. “I have read some reports where there is an absolute trauma to that employee,” who faces threats as part of a scam.