Protect Yourself from Fraud and Scams

You receive an email from what appears to be a company you do business with, alerting you that your account has been compromised. To regain access, the email states, you’ll need to click on the link provided. Don't do it. This is a phishing scam. If you click the link, you grant access to your device by downloading a hidden malicious code that can then be used to access personal information on your device.

How to protect yourself from a phishing scam:
Always be cautious about opening attachments or links, whether they seem to be from a company you know or even a friend. Look for grammatical errors within the email, slight alterations to the email address format or domain, requests for login credentials or urgent action demands. To check for disguised links, hover your cursor over the link and check the url that pops up to make sure it matches, before clicking. 

This type of scam is similar to phishing, but the message comes through text. In a typical example, you receive a text from someone saying they represent a company you do business with and they're notifying you that your account has been restricted. To regain access, the text states, you need to verify your Social Security number.

How to protect yourself from a smishing scam:
Be wary if you receive a text from a strange phone number, especially if it includes a suspicious link. Again, look for spelling or grammatical errors, a sense of urgency and requests for money or personal information.

Fraudsters spoof IDs to impersonate a companies and financial institutions. The name of your financial institution or the phone number may appear on your caller ID as legitimate. The caller tells you they have flagged a fraudulent transaction on your account. They ask for your account number for verification and start to push you for more personal identifying information, using fear as a tactic. 

How to protect yourself from a caller ID spoofing scam:
Watch for an unfamiliar phone number. Maybe you recognize the caller ID display name but not the phone number associated with it. In some cases, the call may be a pre-recorded message. In other cases, a person will give you a sense of urgency or request payment or personal information. If you are unsure, hang up and call the company back using the phone number published on their website. Do not redial the number from your phone.

You may receive a phishing email or smishing text that includes a link to a website. You click on the link leading to a website that appears nearly identical to the trusted company. The domain (or web address) even looks the same. However, once you’re on the spoofed website, any personal identifying information you provide will be accessed by the fraudsters. 

How to protect yourself from a website spoofing scam:
First, take a close look at the url. The most common tactic is to create a url that is nearly identical to a legitimate website’s url but may be off by a letter or use a number in place of a letter. Also, check for SSL certification, which is an added level of security for every visitor on a website. To do this, click the icon that looks like a lock to the left of the url in the address bar at the top of your web browser. You should see “Connection is secure” in the dropdown.

Similar to phishing scams, whaling involves a fraudster sending an email that appears to come from a trusted source, which has enough personal details or references to seem legitimate. Likely, that personal information was found through internet research by the fraudster and will direct you to click on a link that leads to a spoofed website that looks identical to the legitimate site. This spoofed site will start collecting your information or will download malware onto your device. 

How to protect yourself from a whaling scam:
A whaling attack is harder to recognize than a standard phishing attack because fraudsters will usually invest more time to make the communications look legitimate. However, some common signs an email are that the sender’s email address is not an exact match of the domain of the company the email claims to be from, there’s a request to share personal information or wire money and, as common with other scams, there’s a sense of urgency that encourages the recipient to act quickly.

Another common tactic used by fraudsters is asking you to put money on a gift card like Google Play or Target, then telling you to give them the gift card number and PIN. This tactic is common because gift cards are easy for people to find and buy. They also have fewer protections, similar to cash. Once you use the gift card, the money is gone.For example, you may receive a phone call from someone who says they work for the IRS and that you owe back taxes. If you don’t pay right away, something bad will happen. However, you can rectify what you owe with a gift card. 

How to protect yourself from a gift card scam:
First, no real business or government agency (law enforcement, the IRS, the court system, etc.) will ever insist you pay them with a gift card. If you receive a call or message from an unknown source who insists gift cards are the only way to rectify a payment, pay for a service, receive a prize or send money to someone you met online, it’s a scam. Once they have the gift card number and PIN, they have your money.

While P2P services are typically a safe way to transfer money, there is always the risk of fraudsters trying to access your funds. Unlike bank accounts and debit or credit cards, balances held in P2P services may not be protected by FDIC insurance or federal law, which can leave you vulnerable to claims of unauthorized use or fraud and could make resolving claims of fraud more difficult. 

How to protect yourself from a P2P scam:
To lower the risk of being victimized by fraudsters, we recommend you only conduct P2P transactions with people you know. It’s also recommended to never hold a balance on your P2P service since they likely aren’t insured and if a fraudster gains access to your account, your money will be gone. Most transactions are immediate and irreversible, a fact scammers are known to exploit.