Scam alert: Who's REALLY contacting you?
by Ryan Dutton originally published by SHAZAM, Inc.
There’s been an uptick in scammers posing as financial institutions and other service companies in hopes of stealing sensitive information – including account information and Social Security numbers. These ploys often occur by phone, email, and text. Help us keep accountholders, family, and friends safe by sharing this information with them. Fighting crime is a joint effort.
How it works
- Phone – A phony call from someone claiming to be from your bank or other service provider warning you of suspicious account activity. The caller may have some personal information, like the last four digits of your Social Security number.
- Email – You receive a message that looks legitimate – complete with the bank’s logo, directing you to click a link to clear up an urgent matter.
- Text – A message seemingly from your bank urges you to click a link to address an issue.
What you should know
- Between social media and data breaches, there’s enough information floating around to help a scammer craft a personalized, legitimate sounding message.
- Scammers often use scare tactics to get people to react emotionally, like claiming they’ve detected fraud on your account. Fear sometimes makes it difficult to access our logical thinking processes. Step back and take a deep breath before reacting.
What you should do
- Greet any message from your bank with caution and ask yourself, is this the type of communication my financial institution would really send?
- If you do get an email, a text or a phone call claiming to be from your bank, be cautious of the information the caller asks about. It’s fine to refuse if you feel uneasy. A trusted financial partner will not ask for any sensitive information on an outbound contact to you. If unsure, call the phone number on an account statement, or the back of your debit card to determine if the bank is actually trying to reach you. Do NOT call back using a phone number given by the caller.
- If you bank online, protect your accounts by using unique passwords or a passphrase. If your online banking offers it, enable two-factor authentication.
What to do if you are scammed
If you feel you have been scammed, contact your financial institution and the police. Then, report it to the Federal Trade Commission at https://reportfraud.ftc.gov. When you report a scam, the FTC can use the information to build cases against scammers. Remember, fighting crime is a joint effort.
Coronavirus & COVID-19 Fraud
Cyber criminals have been sending emails with malicious attachments or links to fraudulent websites attempting to trick recipients into revealing sensitive information or donating to fraudulent charities or causes.
Be extremely careful when handling any email with a Coronavirus or COVID-19 related subject line, attachment, hyperlink or message, and be especially wary of social media pleas, text messages and phone calls related to the Coronavirus or COVID-19.
Protect yourself and your loved ones from the virus AND from the criminals who are taking advantage of the situation to victimize you!
Don't be conned into becoming a MONEY MULE for criminals
With the U.S. unemployment rate soaring and large numbers of people being secluded at home, fraudsters are increasingly targeting individuals through “work from home” opportunities, dating websites or online personal sales to use as money mules. Criminals who obtain money illegally need to find a way to move and hide the illicit funds. They frequently scam other people, known as money mules, into moving this illicit money for them. These money mules are asked to receive funds in their personal bank account and then “process” or “transfer” funds via wire transfer, ACH, mail, or money service businesses, such as Western Union or MoneyGram.
Acting as a money mule—allowing others to use one’s bank account or conducting financial transactions on behalf of others—not only jeopardizes the mule’s financial security and compromises their personally identifiable information, but is also a crime. Over the last several years, the FBI has dedicated significant resources to educating the public on common red flags that they may be acting as a money mule and has continued to reinforce this messaging to address the rise of COVID-19-related money mule schemes. The FBI encourages individuals to protect themselves by refusing to send or receive money on behalf of individuals and businesses for which they are not personally or professionally responsible, and to watch out for online job postings and emails from individuals promising easy money for little to no effort.
Phishing for Debit Card Victims
Phishing attacks aim to dupe a victim into releasing sensitive information that can be used for identity theft. These attacks are on the rise with increased holiday shopping.
In the most recent attack we’re hearing about, a fraudster sends a text message to a cardholder, requesting they call an 800 telephone number because their “account is locked.” When the cardholder calls the number, they’re asked to enter their card number or other personal information, such as their PIN, Social Security Number or mobile device codes.
Bank Plus does employ a powerful anti-fraud debit card monitoring system called Falcon, offered by our debit card processor Shazam, and they do contact customers by call and text about suspected fraudulent transactions, but they will never ask for card numbers or other personal details. Legitimate text messages from Shazam will come from short code 72718
If you have questions about the legitimacy of an anti-fraud call or text, you can contact the Shazam fraud team directly at 866-508-2693.
WARNING: They Will Not Contact You
Microsoft, Apple or anybody else WILL NOT contact you directly by phone, email or popup on your screen, to tell you about a possible problem with your device. THIS IS A SCAM! Do not allow anybody to remotely access your device for a "free" scan or "discount" fix no matter how serious they make it sound. Just hang up, close the message or close the popup. When in doubt call us for more information, but please, don't fall for this scareware scam! For related details see Common Online Scams below.
'Tis The Season, For Tax Scams
Thousands of people have lost millions of dollars and their personal information to tax scams. Scammers use the regular mail, telephone, or email to set up individuals, businesses, payroll and tax professionals.
The IRS does not initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information.
Many taxpayers have encountered individuals impersonating IRS officials – in person, over the telephone and via email. Don’t get scammed.
The IRS initiates most contacts through regular mail delivered by the United States Postal Service.
However, there are special circumstances in which the IRS will call or come to a home or business, such as when a taxpayer has an overdue tax bill, to secure a delinquent tax return or a delinquent employment tax payment.
Even then, taxpayers will generally first receive several letters (called “notices”) from the IRS in the mail.
Note that the IRS does not:
- Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer. Generally, the IRS will first mail a bill to any taxpayer who owes taxes.
- Demand that you pay taxes without the opportunity to question or appeal the amount they say you owe.
- Threaten to bring in local police, immigration officers or other law-enforcement to have you arrested for not paying. The IRS also cannot revoke your driver’s license, business licenses, or immigration status. Threats like these are common tactics scam artists use to trick victims into buying into their schemes.
Identity theft happens when someone uses your Social Security number or other personal information to open new accounts, make purchases, or get a tax refund. A record high 15.4 million Americans were hit with some kind of ID Theft in 2016, according to the 2017 Identity Theft Study by Javelin Strategy & Research. That’s about 1 in every 16 U.S. Adults in 2016 (6.15%), up almost 16% from the previous year.
There are many ways that you might discover that someone is using your information. You might get a notice from the IRS or find unfamiliar accounts on your credit report. You might notice strange purchases on your monthly credit card statement, get bills that aren’t yours, or get calls about debts that you don’t owe.
What To Do Right Away
If you see one of these warning signs of identity theft, you must act quickly. If you don’t have Kasasa Protect™
, you’ll have to take these steps yourself to help limit the damage. The Federal Trade Commission website www.consumer.ftc.gov/topics/identity-theft
has great information that will help you react quickly.
- Call the companies where you know fraud occurred.
- Place a fraud alert on your credit reports and get copies of your report.
- Report identity theft to the FTC.
- File a report with your local police department.
Then, take a deep breath and begin to repair the damage. Without Kasasa Protect™ your next step might be closing accounts opened in your name, or reporting fraudulent charges to your credit card company.
The internet offers access to a world of products and services, entertainment and information. At the same time, it creates opportunities for scammers, hackers, and identity thieves. Learn how to protect your computer, your information, and your online files.
Scammers, hackers and identity thieves are looking to steal your personal information – and your money. But there are steps you can take to protect yourself, like keeping your computer software up-to-date and giving out your personal information only when you have good reason.
Update Your Software. Keep your software – including your operating system, the web browsers you use to connect to the Internet, and your apps – up to date to protect against the latest threats. Most software can update automatically, so make sure to set yours to do so.
Outdated software is easier for criminals to break into. If you think you have a virus or bad software on your computer, check out how to detect and get rid of malware at www.consumer.ftc.gov.
Protect Your Personal Information. Don’t hand it out to just anyone. Your Social Security number, credit card numbers, and bank and utility account numbers can be used to steal your money or open new accounts in your name. So every time you are asked for your personal information – whether in a web form, an email, a text, or a phone message – think about why someone needs it and whether you can really trust the request.
In an effort to steal your information, scammers will do everything they can to appear trustworthy. Learn more about scammers who phish for your personal information at www.consumer.ftc.gov.
Protect Your Passwords. Here are a few ideas for creating strong passwords and keeping them safe:
- Use at least 10 characters; 12 is ideal for most home users.
- Try to be unpredictable – don’t use names, dates, or common words. Mix numbers, symbols, and capital letters into the middle of your password, not at the beginning or end.
- Don’t use the same password for many accounts. If it’s stolen from you – or from one of the companies where you do business – thieves can use it to take over all your accounts.
- Don’t share passwords on the phone, in texts or by email. Legitimate companies will not ask you for your password.
- If you write down a password, keep it locked up, out of plain sight.
Common Online Scams
"Free" Security Scans
Messages telling you to install and update security software for your computer seem to be everywhere. So you might be tempted by an offer of a “free security scan,” especially when faced with a pop-up, an email, or an ad that claims “malicious software” has already been found on your machine. Unfortunately, it’s likely that the scary message is a come-on for a rip-off.
The free scan claims to find a host of problems, and within seconds, you’re getting urgent pop-ups to buy security software. After you agree to spend $40 or more on the software, the program tells you that your problems are fixed. The reality: there was nothing to fix. And what’s worse, the program now installed on your computer could be harmful.
Scammers have found ways to create realistic but phony “security alerts.” Though the “alerts” look like they’re being generated by your computer, they actually are created by a con artist and sent through your Internet browser.
These programs are called “scareware” because they exploit a person’s fear of online viruses and security threats. The scam has many variations, but there are some telltale signs. For example:
- You may get ads that promise to “delete viruses or spyware,” “protect privacy,” “improve computer function,” “remove harmful files,” or “clean your registry;”
- You may get “alerts” about “malicious software” or “illegal pornography on your computer;”
- You may be invited to download free software for a security scan or to improve your system;
- You could get pop-ups that claim your security software is out-of-date and your computer is in immediate danger;
- You may suddenly encounter an unfamiliar website that claims to have performed a security scan and prompts you to download new software.
Scareware purveyors also go to great lengths to make their product and service look legitimate. For example, if you buy the software, you may get an email receipt with a customer service phone number. If you call, you’re likely to be connected to someone, but that alone does not mean the company is legitimate. Regardless, remember that these are well-organized and profitable schemes designed to rip people off.
What to Do
If you’re faced with any of the warning signs of a scareware scam or suspect a problem, shut down your browser. Don’t click “No” or “Cancel,” or even the “x” at the top right corner of the screen. Some scareware is designed so that any of those buttons can activate the program. If you use Windows, press Ctrl + Alt + Delete to open your Task Manager, and click “End Task.” If you use a Mac, press Command + Option + Q + Esc to “Force Quit.”
If you get an offer, check out the program by entering the name in a search engine. The results can help you determine if the program is legitimate.
The Small Business Guide to Corporate Account Takeover
What is Corporate Account Takeover (CATO)?
Corporate account takeover is a type of fraud where thieves gain access to a business’ finances to make unauthorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable.
Corporate account takeover is a growing threat for small businesses. Since 2011, seventy two percent of data breach cases affected businesses with 100 employees or less1. It is important that businesses understand and prepare for this risk.
Cyber thieves target employees through phishing, phone calls, and even social networks. It is common for thieves to send emails posing as a bank, delivery company, court, the Better Business Bureau, or even the IRS. Once the email is opened, malware is loaded on the computer which then records login credentials and passcodes and reports them back to the criminals.
How do I protect myself and my small business?
The best way to protect against corporate account takeover is a strong partnership with your financial institution. Work with your bank to understand security measures needed within the business and to establish safeguards on the accounts that can help the bank identify and prevent unauthorized access to your funds.
A shared responsibility between the bank and the business is the most effective way to prevent corporate account takeover. Consider these tips to ensure your business is well prepared:
- Educate your employees. You and your employees are the first line of defense against corporate account takeover. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.
- Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them periodically.
- Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you from unauthorized transactions. Positive Pay and other services offer call backs, device authentication, multi-person approval processes and batch limits help protect you from fraud.
- Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. Keep records of what happened.
- Understand your responsibilities and liabilities. The account agreement with your bank will detail what commercially reasonable security measures are required in your business. It is critical that you understand and implement the security safeguards in the agreement.