Fraud Prevention

Security Alert. A picture of a thief who is lerking to steal you identity.

Knowledge is Power When it Comes to Fraud Prevention 

Fake Shipping Notification Emails and Text Messages

When you order something online, you might get several emails or text messages about your order: Confirming your order. Telling you it shipped. Saying it's out for delivery and notifying you about delivery. Did you know that scammers send fake package shipment and delivery notifications to try to steal people's personal information — not just during the holidays, but all year long?  

Here's what you need to know to protect yourself from these scams.

The scammers send bogus messages by email or text. The message might say that you missed a delivery attempt and ask you to click on a link to re-schedule the delivery. Or it could say that your item is ready to ship but you need to update your shipping preferences. Some create a sense of urgency by saying that if you don’t respond immediately, they'll return your package to the sender.

They want you to click on the link without thinking about it and enter your personal or financial information. But the site is fake. A look-alike of a real website. And it’ll capture all the information you enter. Things like your usernames and passwords to your online banking, email, or social media accounts that scammers could use to steal your identity and open new accounts in your name.

What to do

  • If you get a message about an unexpected package delivery that tells you to click on a link for some reason, don’t click.
  • If you think the message might be legitimate, contact the shipping company using a phone number or website you know is real. Don’t use the information in the message.
  • No matter the time of year, it always pays to protect your personal information.

___________________________________________________________________________________________

Spoofing 

Spoofing is when someone disguises an email address, sender name, phone number, or website URL—often just by changing one letter, symbol, or number—to convince you that you are interacting with a trusted source.

One of the most common ways cybercriminals commit a telephone scam is by falsifying the caller ID on their phone. While the call may appear to be from TopMark FCU to increase your chances of answering it, it could be a scammer. This very process is termed phone number spoofing or caller ID spoofing.  

In a phishing scam, you might receive an email that appears to be from a legitimate business and is asking you to update or verify your personal information by replying to the email or visiting a website. The web address might look like one you’ve used before. The email may be convincing enough to get you to take the action requested.

But once you click on that link, you’re sent to a spoofed website that might look nearly identical to the real thing—like your bank or credit card site—and asked to enter sensitive information like passwords, credit card numbers, banking PINs, etc. These fake websites are used solely to steal your information.

_____________________________________________________________________________________________

What Do These Scammers Want?  

  • Click on a link to a phishing site. Scammers want you to go to websites they’ve built that will steal your personal information. These sites could look like legitimate login pages for service providers such as your bank or Netflix.
  • Accidentally download malware onto your device. Some links are specifically intended to download malware onto your phone. This gives hackers access to all your files and can even allow them to spy on you remotely. 
  • Many spam texts include phone numbers to call. Scammers know that once they get you on the phone, they can pressure you to give them personal information or send money. 
  • Divulge sensitive information. Some spam texts will claim your accounts are at risk or you’re going to be charged money if you don’t “verify” your identity by providing your passwords, Social Security number (SSN), and more. 
  • Scammers can even hack your phone or take over your phone number — and then spam everyone on your contact list with unwanted texts.

____________________________________________________________________________________________

Smishing

  1. Scammers use SMS text messages to attempt to obtain information.
  2. Attackers usually impersonate reputable brands, like Microsoft or Amazon, to gain their victims’ trust.
  3. Smishing messages are short and usually include a malicious link.
  4. Since smishing messages are concise, they can be harder to recognize.

It can happen like this:

“John” received a text message that appeared to be from his local credit union. The message stated that his debit card had been deactivated. The message instructed him to call a toll-free telephone number, which he did. When John received a recording that asked him to enter his debit card and PIN, he hung up. He then called his credit union and spoke to a representative who stated his debit card was working properly and that the text message was a scam.

Avoid Smishing Scams

  • Government agencies, banks, and other legitimate companies never ask for personal or financial information, like usernames, passwords, PINs, or credit or debit card numbers via text message.
  • Don’t be rushed. Smishing scams attempt to create a false sense of urgency by implying that an immediate response is required or that there is a limited time to respond.
  • Don’t “click” open links in unsolicited text messages. Clicking the link may infect your mobile device with a virus or malware designed to steal the personal or financial information stored on the device.
  • Don’t call a telephone number listed in an unsolicited text message. Scam artists often use email-to-text technology, shortcodes, or spoofed local numbers to hide their identities. You should contact any bank, government, agency, or company identified in the text message using the information listed in your records.
  • Never provide your personal or financial information in response to text messages from unknown senders. Verify the identity of the sender and take the time to ask yourself why the sender is asking for your information.
  • Use the same safety and security practices on your cell phone as you do on your computer and be cautious of text messages from unknown senders, as well as unusual text messages from senders you do know, and keep your security software and applications up to date.

How to Report Smishing

Contact the bank, government agency, or company that the scam artist is impersonating so it can alert others and work with law enforcement to investigate the activity.

Forward smishing messages to short code 7726—which spells “SPAM” on your keypad. Doing so allows cell phone carriers to identify the senders of smishing messages and take steps to limit messages from them going forward.

_____________________________________________________________________________________________

Here are 10 common practices scammers to attempt to fool you and commit fraud. 

  1. Faking an emergency. Scammers pretend to represent an official organization (like the IRS) and call, text, or email members to demand immediate money for bogus issues. They use threatening phrases such as, “Your 401k plan will be frozen,” “Your passport will be seized,” or “The maximum sentence for this crime is five years in prison and a $10,000 fine,” to create a sense of urgency.
  2. Expressing that resistance is ineffective. Once the scammer has created the emergency and instilled panic, they reinforce there is nothing the member can do to remedy the situation. In the case of an IRS scam, they often tell the members they must cooperate or face arrest or fines.
  3. Rewarding cooperation with encouraging comments. Scammers sometimes try to play the part of a trusted friend, offering help and a way out of the emergency that would provide relief to the member. They often tell the member they seem like a good person and offer to help them with the situation at hand.
  4. Not allowing victims to hang up until they pay up. Phone scammers say it is a one-time opportunity for the member to take action to avoid further consequences, and if the member hangs up the phone, he or she will not be offered another chance to resolve the problem.
  5. Using official-sounding titles and names for ordinary things. Scammers try to sound impressive to gain members’ trust. They use official-sounding titles and names for merchants and everyday items. Examples include referring to a gift card as an “electronic federal tax payment system,” or instead of using the name of a store, they call it a “government-affiliated payment processor.”
  6. Stating they are not asking for personal information up front. Scammers know asking for personal information could raise alarm bells for the member. Instead, they may say they are not looking to obtain this information, or they are not looking for an exchange of funds over the phone, which may cause members to let down their guard. Therefore scammers often use gift cards to extract payment.
  7. Signaling to members they are being recorded. To sound legitimate, scammers say the call is being recorded and monitored by the IRS.
  8. Threatening to alert the media. Scammers go to great lengths to keep suspicious or wary members on the phone, and even go so far as to threaten to contact the media on behalf of the IRS if the member does not comply with what is being asked. This is used as a last resort to salvage a conversation that might not be going well.
  9. Exploiting member engagement. Once scammers have members hooked, they may transfer the call to another fake agent to further legitimize the call. Often, these scamming “call centers” employ multiple scammers who work together to make the initial call and then close the scam. Scammers are highly organized: some are responsible for getting members hooked, while others focus on closing the deal by extracting payment. They may say, “Please hold on the line, I am transferring the call to my senior treasury specialist,” or “Thanks for waiting, this is senior officer Matthews from the accounting department. My badge ID is…” |
  10. Insisting members keep quiet about special offers. If a scammer offers a special tax break, for instance, they will often demand the member not to discuss it with anyone, as it would prevent them from getting the settlement. 

_________________________________________________________________________________

Here are some tips to help you avoid becoming a victim of these threats:

  • Think before you click. Be cautious with any message you don’t expect or that doesn’t make sense. If you get a message from the New York police about a speeding ticket but you have not been driving in NY recently, it’s bogus. Delete immediately. Even if you had been driving in NY, ask yourself whether it makes sense that the NY police have your e-mail address. Probably not.
  • Be wary of offers of something for nothing. These are most likely scams. Won the lottery without entering? A gift card from a store you don’t patronize.
  • Scrutinize the destination of links in e-mails and text messages. Hover your mouse/finger over the link to see where it goes. Clever phishers sometimes include valid links among the malicious links in the e-mail in a further attempt to disguise their intent.
  • Do not respond to unsolicited requests for sensitive information, whether by e-mail, phone, or text message. If an unsolicited caller starts asking for personal information, it’s time to end the call.
  • Do not submit personal information via website pop-up screens. Legitimate organizations do not ask for personal information via pop-ups.

____________________________________________________________________________________

What to Do if Your Identity is Stolen

The Federal Trade Commission, spam@uce.gov

The company that the email reportedly came from, companies may have a “to report abuse” email address.

Just remember to include the entire original email with its original header information when you forward to the FTC or other entity when reporting phishing.

For more information on scams, visit the FBI’s website,

http://www.fbi.gov/scams-safety/fraud/fraud or the NCUA’s website, http://ncua.gov/Resources/FraudAlert/index.aspx.

________________________________________________________________