What is Authorized Push Payment(APP) Fraud?
Authorized Push Payment Fraud is a type of fraud that occurs when the victim is persuaded – usually through social engineering scams – into transferring money to fraudsters. Typically, the fraudsters will impersonate a legitimate person/institute in order to add credibility to their scam. Most APP attempts use what are known as real-time payment systems, which are account-to-account transfers that are initiated, cleared, and settled in close to real time. This means that whoever receives the money has access to it almost immediately, leaving the victim and their financial institution unable to reverse the payment. And because these transactions are generally authorized by the victim, it makes it even harder for funds to be recovered.
How does Authorized Push Payment(APP) Fraud work?
Typically, the fraudster tricks their victim into authorizing a payment to what appears to be a legitimate entity for what appears to be a legitimate reason. While there are numerous ways this can happen, the general flow of the scheme is as follows:
- The fraudster investigates the victim to gather personal details/information that can be used for the scam.
- The victim is contacted by the fraudster to request payment – misrepresenting who they are and what the purpose of the money request is.
- Payment is authorized by the victim, without the fraudster needing to make the transfer themselves.
- The fraudster receives payment, which is now irreversible.
- The fraudster moves the money out of the receiving account so that the victim or the fraud investigation team cannot recover it after it is investigated.
The gathering of information to use against victims can be done with either brief attacks, such as phishing, long-term attacks, such as romance scams, or anywhere in between. One thing is common when perpetrating APP fraud, fraudsters tend to convey a sense of urgency in their requests as they do not want to give their victims the time to think about whether the request is valid or reasonable. They do not want victims to validate any information prior to sending, they are just trying to get the money by any means and as quickly as possible.
Types of APP Scams
- Invoice Scam
- The fraudster tricks the victim into paying a fraudulent invoice. Generally, these include normal monthly bills such as electricity, gas, internet, water, etc. It is recommended to always verify that all invoices received are valid to ensure payments are not going to a fraudster instead.
- Romance Scam
- The fraudster will engage in a fake romantic relationship with the sole purpose of gaining the victim’s trust to request funds/valuables later down the road.
- Personal Relationship Scam
- The fraudster will impersonate either a family member or a friend of the victim to request funds. The fraudster will gather information about the friend/family member by phishing, hacking, or monitoring social media to learn more about them. In these situations, it is important to verify that you are actually talking to who you believe you are talking to prior to sending funds.
- Property Funds Scam
- Victims are tricked into paying the fraudster the costs associated with property purchases. This is typically done by intercepting communications between the buyer/seller, real estate agent, or financial institution. Once they have this information, they create false documentation imitating costs that would be incurred and route the money to themselves instead of the correct party. As the costs of property purchases tend to be quite high, it is very important to ensure that the payments are going to the correct place prior to sending them off.
- Account Takeover Fraud
- Fraudsters gain direct access to the victim’s accounts and make transfers out of them. They can do this by either phishing for the victim’s account information, hacking, or receiving the account information directly from the victim themselves. It is important to never click on links that seem suspicious, be mindful of any websites visited and what is done on public networks, and never give your account details/online logins to anyone.
- Contractor Scam
- Similar to invoice scams, but more complex with higher costs associated with the scam. As always, it is important to verify all payments as valid and go to the correct place prior to submitting payment.
In summary, fraudsters are constantly evolving and coming up with new complex schemes in order to steal your hard earned money. It is important to stay vigilant and not let anyone have access to your information that can make it easier for fraudsters to perpetrate fraud against you. In the case of APP fraud, it is even more important due to these types of fraud generally being authorized by oneself due to the misrepresentation made by the fraudster, which makes it much harder to recover the funds.
If you feel you have been a victim of fraud you can report suspicious activities to the Federal Trade Commission at ReportFraud.ftc.gov, as well as Arvest Bank.