Scams

Phishing, Smishing, and Vishing

Most of us are aware of (and on the lookout for) phishing attempts. Phishing is the practice of sending fraudulent emails that appear to be legitimate to gain sensitive information such as usernames, passwords and account numbers. You will be asked to click a link or enter information which is then directed straight to the criminal. SMiShing (SMS phishing) is a type of attack where the fraudulent link is sent via text rather than email. You receive a text message containing a hyperlink, and when clicked – downloads a Trojan horse on the mobile phone. Vishing (Voice phishing) is the practice of making phone calls or leaving voice messages claiming to be for a legitimate purpose, when in actuality the person making the call is doing so to commit fraud. Attackers use a technique called “Caller ID Spoofing” to make the call seem even more legitimate.

Tips for avoiding Phishing, Smishing, and Vishing:

  • Learn to identify phishing, smishing, and vishing attempts.
  • Be cautious of links or phone numbers embedded in emails or text messages.
  • Only enter sensitive information in secure websites.
  • Never give your credit card number or other sensitive information over the telephone unless you make the call.
  • Be cautious of unknown callers.
  • If you’re unsure – never give out information until you are sure.

 

Nigerian Letter or “419” Fraud

You’re given the “opportunity” to share in a percentage of millions of dollars that the sender is trying to transfer out of Nigeria illegally (with your help). You’re encouraged to send information to the requester which is later used to defraud you. They convince you to cover taxes, bribes, and legal fees with the promise that all your expenses will be reimbursed once the funds are out of the country. In actuality, it is all a hoax, the millions of dollars do not exist, and you are left with the loss of money and sensitive information. The scam is nicknamed “419 Fraud” as it violates section 419 of the Nigerian Criminal Code.

Tips for avoiding Nigerian Letter or “419” Fraud:

  • If you receive a letter or e-mail from Nigeria asking you to send personal or bank account information, do not reply in any manner. Send the letter or message to the U.S. Secret Service, your local FBI office, or the U.S. Postal Inspection Service. You can also register a complaint with the Federal Trade Commission.
  • Be skeptical of any individual asking for your help in placing large sums of money in overseas bank accounts.
  • Do not believe the promise of large sums of money for your cooperation.
  • Guard your account information carefully.

 

Identity Theft

Identity theft occurs when someone assumes your identity to commit fraud. Information can be obtained in a variety of ways including rummaging through your trash, stealing your wallet, or compromising your bank information.

Tips for avoiding Identity Theft

  • Never throw away ATM receipts, credit statements, credit cards, or bank statements without first shredding them.
  • Never give your credit card number or other sensitive information over the telephone unless you make the call.
  • Reconcile your bank account monthly, and notify your bank of discrepancies immediately.
  • Keep a list of telephone numbers to call to report the loss or theft of your wallet, credit cards, etc.
  • Review a copy of your credit report at least once each year. Notify the credit bureau in writing of any questionable entries and follow through until they are explained or removed.
  • If your identity has been assumed, ask the credit bureau to include a statement to that effect in your credit report.

 

Corporate Account Takeover

Corporate account takeover is a type of fraud where thieves gain access to a business’ online banking accounts to initiate unauthorized transactions. This includes transferring funds from the company via wire or ACH origination, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable.

Cyber thieves target employees through phishing, phone calls, and even social networks. It is common for thieves to send emails posing as a bank, a delivery company, court or the Better Business Bureau. Once the email is opened, key logging malware is loaded on the computer which then records login credentials and passcodes and reports them back to the criminals.

Tips for avoiding Corporate Account Takeover:

  • Have a strong partnership with your financial institution.
  • Utilize all relevant security features available to protect your bank information and accounts.
  • Educate and train all employees.
  • Never open emails or click attachments from unknown sources.
  • Be cautious of pop-up messages.
  • Use a separate workstation for banking tasks (one that is not used for social media or internet browsing).
  • Monitor your accounts closely on a daily basis.
  • Use account alerts for immediate notifications.

Email Hacking

Email Hacking is the unauthorized access to, or manipulation of an email account or correspondence. In some cases, hackers will target friends and family claiming an emergency and an urgent need to wire funds. In other cases, hackers will target bank correspondence and request a transfer of funds based solely on their email authorization.

Tips for avoiding fraud related to Email Hacking:

  • Have a strong partnership with your financial institution.
  • Utilize all relevant security features available to protect your bank information and accounts.
  • Use unique passwords for bank sites. If your email credentials are stolen and you utilize the same password for all of your accounts, hackers will suddenly have access to all of them.
  • Safeguard your usernames and passwords. Never share them and be cautious of where you enter your information.
  • Utilize a password safe or password manager (if available) that can generate random passwords for you different accounts.
  • Change all of your passwords frequently regardless of if it is required.
  • Use two-factor authentication (if available). This will require you to use your username, password, and one other piece of information like a code sent to your phone.
  • Never open emails or click attachments from unknown sources.
  • Be cautious of pop-up messages.
  • Don’t utilize public computers for personal use. If you do, ensure that none of the websites save your login credentials, and if possible clear the browsing history once you’re complete.