Alert:Online, Mobile and Phone Banking Will be Unavailable overnight Saturday.Learn more
Fraud Education and Resources
Know the Scams
Scammers may pose as businesses or people you know like your credit union, utility company, popular retail stores, phone provider, or even a friend or relative. They may ask you to send funds to yourself or others using mobile or online banking. They may spoof legitimate phone numbers to call or text to make the request more convincing. Scammers use different tactics to fall for their schemes. In some cases, they can be friendly, sympathetic and seem willing to help. In others they use fear tactics to persuade a victim.
Seniors are often targeted because they tend to be trusting and polite. They also usually have financial savings, own a home, and have good credit—all of which make them attractive to scammers.
Criminals pose as a relative—usually a child or grand child—claiming to be in immediate financial need such as in jail or in trouble with law enforcement.
Money Mules
A money mule is someone who transfers or moves illegally acquired money on behalf of someone else.
Criminals recruit money mules to help launder proceeds derived from online scams and frauds or crimes like human trafficking and drug trafficking. Money mules add layers of distance between crime victims and criminals, which makes it harder for law enforcement to accurately trace money trails.
Money mules can move funds in various ways, including through bank accounts, cashier’s checks, virtual currency, prepaid debit cards, or money service businesses.
Some money mules know they are supporting criminal enterprises; others are unaware that they are helping criminals profit.
Money mules often receive a commission for their service, or they might provide assistance because they believe they have a trusting or romantic relationship with the individual who is asking for help.
If you are moving money at the direction of another person, you may be serving as a money mule.
Lottery and Sweepstakes Scams
Criminals claim to work for legitimate charitable organizations to gain victims’ trust. Or they claim their targets have won a foreign lottery or sweepstake, which they can collect for a “fee.”
Romance Scams
Romance scams occur when a criminal adopts a fake online identity to gain a victim’s affection and trust. The scammer then uses the illusion of a romantic or close relationship to manipulate and/or steal from the victim.
The criminals who carry out romance scams are experts at what they do and will seem genuine, caring, and believable. Con artists are present on most dating and social media sites.
The scammer’s intention is to establish a relationship as quickly as possible, endear himself to the victim, and gain trust. Scammers may propose marriage and make plans to meet in person, but that will never happen. Eventually, they will ask for money.
Scam artists often say they are in the building and construction industry and are engaged in projects outside the U.S. Some may say they are in the military and stuck overseas or a government employee. That makes it easier to avoid meeting in person—and more plausible when they ask for money for a medical emergency or unexpected legal, medical or travel fee.
If someone you meet online needs your bank account information to deposit money, they are most likely using your account to carry out other theft and fraud schemes.
ONLINE SHOPPING SCAMS
Online shoppers can be scammed in many ways: from not receiving products despite the payment to losing money and payment information to fake websites and apps.
Scammers develop fake websites mimicking popular retailers’ sites and take your money and payment information without delivering products. They also create counterfeit apps containing malware (malicious software) for the same reasons.
COMMON INFORMATION SECURITY SCAMS
Spoofing
Spoofing is when someone disguises an email address, sender name, phone number, or website URL—often just by changing one letter, symbol, or number—to convince you that you are interacting with a trusted source.
For example, you might receive an email that looks like it’s from your boss, a company you’ve done business with, or even from someone in your family—but it actually isn’t.
Criminals count on being able to manipulate you into believing that these spoofed communications are real, which can lead you to download malicious software, send money, or disclose personal, financial, or other sensitive information.
Phishing
Phishing schemes often use spoofing techniques to lure you in and get you to take the bait. These scams are designed to trick you into giving information to criminals that they shouldn’t have access to.
In a phishing scam, you might receive an email that appears to be from a legitimate business and is asking you to update or verify your personal information by replying to the email or visiting a website. The web address might look similar to one you’ve used before. The email may be convincing enough to get you to take the action requested.
But once you click on that link, you’re sent to a spoofed website that might look nearly identical to the real thing—like your bank or credit card site—and asked to enter sensitive information like passwords, credit card numbers, banking PINs, etc. These fake websites are used solely to steal your information.
Types of Phishing
Phishing has evolved and now has several variations that use similar techniques:
Vishing
Vishing scams happen over the phone, voice email, or VoIP (voice over Internet Protocol) calls.
Smishing
Smishing scams happen through SMS (text) messages.
QUishing
This is a new type of phishing attack the involves bad actors creating QR codes to be scanned that then redirects victim to downloading or visiting malicious content.
Pharming
Pharming scams happen when malicious code is installed on your computer to redirect you to fake websites.
BUSINESS EMAIL COMPROMISE (BEC)
In this scam, criminals target both businesses and individuals. It has evolved from a simple form of sending an email that appears to come from a business or individual you know and requesting a seemingly legitimate payment, often urgently, via a wire transfer, to compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
RANDSOMEWARE
Ransomware is a type of malicious software, or malware, that prevents you from accessing your computer files, systems, networks, or cell phone. Malware is installed in various ways, including through links and attachments in emails, downloads from malicious websites, or removable drives. Criminals hold your data hostage until the ransom is paid or pressure you for the ransom by threatening to destroy or release your data to the public.
How to Protect Yourself
Be wary of unfamiliar calls, computer messages, pop-up messages, texts or emails requesting personal information.
Be careful when posting personally identifiable information on social media. Enable security settings to limit what you share publicly.
Verify you are sending to a trusting recipient by calling a trusted or verified phone number from a recent bill or visit a local office.
Be cautious if pressured to respond on immediately; this is what scammers want you to do.
Scammers will ask you to pay in an unusual way such as gift card, pre-paid debit cards, bitcoin, and digital currency including CashApp, Venmo, Zelle, or Paypal.
Do not share login credentials nor account number; some scammers may convince you that you are owed money and may request your account information.
Never allow anyone to remotely access your computer nor mobile device. They may convince you that your device has a virus.
TURN ON MULTIFACTOR AUTHENTICATION
Multifactor authentication, also known as two-factor authentication, or MFA, is a highly effective security measure that requires an extra form of identification, on top of your password, when trying to access your digital assets and information. Most websites now offer this security feature such as a PIN, fingerprint, confirmation text, and authentication application.
UPDATE YOUR SOFTWARE
Criminals take advantage of well-known problems and vulnerabilities. Keeping your devices up to date with the latest security patches and utilizing automatic updates for operating systems, antivirus software, and applications will help protect your digital assets and information from cybercrime.
RECOGNIZE AND REPORT PHISHING
Phishing is the number one way information gets compromised, and we are more likely to fall for phishing than we think. Be cautious of unsolicited phishing emails, texts, and calls that ask for personal and sensitive information. Don’t click on links or attachments from unknown sources and avoid sharing sensitive information or credentials over the phone or email, unless necessary.
USE STRONG PASSWORDS
Strong passwords are critical to protecting your digital assets and information. Make sure your password is long, unique, random, and including all four-character types.
Warning Signs of Identity Theft
According to the Federal Trade Commission:
You see withdrawals from your bank account that you can’t explain.
You don’t get your bills or other mail.
Merchants refuse your checks.
Debt collectors call you about debts that aren’t yours.
You find unfamiliar accounts or charges on your credit report.
Medical providers bill you for services you didn’t use.
Your health plan rejects your legitimate medical claim because the records show you’ve reached your benefits limit.
A health plan won’t cover you because your medical records show a condition you don’t have.
The IRS notifies you that more than one tax return was filed in your name, or that you have income from an employer you don’t work for.
You get notice that your information was compromised by a data breach at a company where you do business or have an account.
