The (fake) tax man cometh: Identity thieves last year targeted consumers with bogus emails, claiming a W-2 form was not submitted and providing a link to a site for you to input your information. Problem was, the link directed taxpayers to a malicious site that could harvest that information, such as Social Security numbers and addresses, which could later be useful in hacking into their bank accounts.
Hackers tweak an older thievery technique: A phishing attack with a twist made the rounds in March, targeting users of eBay's (EBAY) PayPal, Bank of America (BAC), Lloyds, and TSB customers. The U.S. Computer Emergency Readiness Team (US-Cert) sounded the alarm that the malicious Web page is stored on a user's computer, rather than directing them to a Web page loaded with the malicious software. As a result, the hackers are able to bypass common anti-phishing security software. (For tips on reducing the odds of becoming a victim of an online financial scam in 2012, see also: The Top 10 Looming Computer Security Threats of 2012.)
False advertising: The FBI announced in November the arrest of six Estonian nationals, who were charged with running a major Internet fraud ring that infected millions of computers worldwide with a virus. That virus provided the window that the alleged thieves needed to commandeer consumers' computers and direct them to Web pages where advertisements were posted. Unbeknownst to the advertisers, they were paying the alleged thieves for website traffic that did not come willingly to the sites. The FBI claimed the Estonian nationals manipulated the multibillion-dollar Internet advertising industry to earn at least $14 million in illicit fees.
Getting past the gatekeeper: Email marketer Epsilon, which hosts databases of seven of the top 10 companies in the Fortune 500 and hundreds of others, suffered an attack by hackers in late March. The attack left customers of such major brands like Citigroup (C), Disney (DIS), and Marriott (MAR) vulnerable to potential phishing scams, which attempt to steal valuable personal information such as bank account or social security numbers.
Being used to unknowingly aid in medical fraud: More than 80 medical-equipment companies received a less-than-merry notice right before the holidays when Allstate Insurance Company filed a $6.3 million lawsuit to recover money it paid out for durable medical equipment, supplies, and orthotic devices. According to the complaint, retailers (and their owners, in conspiracy with wholesalers) submitted misleading and fraudulent bills using customers' personal-injury-protection benefits.
And in February, 20 individuals -- including three doctors -- were charged for allegedly bilking the government out of $200 million in Medicare costs for mental-health services. The elaborate scheme involved officials at community health centers paying kickbacks for patient referrals and billing Medicare for care that was not necessary, and in many instances, never provided. And Medicare wasn't the only victim. The patients who unknowingly were used to bilk the government were from halfway houses and assisted-living facilities.