Frauds and scams have been around for ages now, but the internet has made it easier than ever for bad actors to fleece good people. AARP reports Americans were scammed out of $8.8 billion dollars in 2022, and that figure increases year after year. In 2022, the median personal loss from fraud was $650, up from $500 in 2021. As technology grows increasingly complex, the opportunity for fraudsters grows with it.
We want to alert you to four common, increasingly sophisticated scams that are being used to steal money, identities, and distribute malicious software to unsuspecting victims through websites, text messages, and phone calls. Don’t be a victim – read about these scams below and protect yourself by following our tips.
Above everything else, remember that your financial institution is never, ever going to call you and ask for your personal data: if you did not originate the call or communication, do not give anyone your personal data or information. Below are four widely used scams, and details on how they work.
In this scam, a person is contacted by someone pretending to represent their financial institution. They reach out by phone, text or email to say that there is a problem with their account, and that you need to click on a link (email or text) and enter your credentials to resolve the issue.
In another scenario, the fraudster asks if they can send you a link or if you can share your computer screen by remote access to “help” them fix the problem. Once your credentials have been entered, you arrive at a dead page. On the other end, the scammer is using the “Forgot Password” function of your online banking platform with your captured login information to access your account(s). With multi-factor authentication, a code gets sent to the victim’s email or via text and they tell the member that they have sent them a code as a test and to read it back to them. This allows the scammer to log into online banking, change the password or contact information, and drain your account of its funds.
Our members need to know that we will NEVER ask for their login credentials, access codes or PIN’s and that they should never give out this information if asked for it. No reputable financial institution will ever ask for this information.
Crypto investment scams are on the rise. Scammers will contact the intended victim via email, text or social media messaging (Instagram™, Facebook Messenger™, What’s App™) offering to “teach” the victim about crypto investing. . Legitimate Crypto Exchanges and investment companies do not operate this way.
The scammer will offer the member (victim) an opportunity to take advantage of an amazing (too good to be true) investment in crypto currency with incredible returns. They spoof the name of a legitimate Crypto Exchange or investment platform to make their scheme appear authentic – these spoofs can be very convincing and are designed to be hard to discern without looking very closely at the website or email address of the sender.
Initially, they request a small amount and provide a fake return to the victim to show that it is a real investment. They will then ask for higher and higher amounts to be invested. They advise the victim that their financial institution may try to stop them from sending the investment money and that it is a ploy on the financial institution’s part to harm the victim. This of course isn’t true, but they will go so far as to advise the victim to withdraw their money from the financial institution that is trying to protect them and use a different one that won’t “interfere” in their business. Once the scammer obtains a large amount, they will stop communicating with the victim and their funds cannot easily be recovered.
- If you are interested in investing, you should always use a well-known, reputable company.
- Never click on any links sent in an email or text from the person that has contacted you.
- Research any company that you want to use for investing.
- Treat anyone contacting you out of the blue as suspicious.
- Consult someone you trust to discuss the great opportunity someone sent you.
- Never give out your personally identifying information to someone you do not know such as:
- Date of Birth
- Social Security Number
- Bank Account Information
A victim receives an email from a familiar Tech company name such as, Microsoft™, Apple™, McAfee™, etc. The email will state, “There is a problem with your device, please click here to fix”, or something similar. They may call and state that they are calling from one of the tech companies and need to speak with you right away about your compromised device. The big Tech Companies do not contact random people that have bought their products in this manner. They have no idea what is happening with your device. If you have a service like McAfee™, or Apple Care™, utilize your contact method that is provided with the Service Agreement to verify if they have reached out to you.
Once they contact the victim, they inform them that they need to access their computer to “diagnose” the problem. This is a ploy to gain access to their computer to snoop into files, emails and capture online banking information that will be used to take over the accounts of the victim.
A twist on this scam is to tell the victim that a “fee” is required to fix the device. They tell the victim the “fee” must be paid in advance and collect their account information for the transfer. They then use this information to debit funds from the victim’s account, or to access their online banking and fake a deposit error by making a transfer from the savings account of the victim to their checking and label it as a “deposit from XX Bank.” Then they state they have received an overpayment, and request the victim send them the overage via a wire transfer. The money comes from the victim and may keep coming from the victim until their account has been cleaned out.
QR (Quick Response) codes, those square two-dimensional barcodes that look like an Atari-designed Rorschach test, became especially popular with merchants during the pandemic. Scanning the image with your phone’s camera takes you to a link where you can view a website or conduct a transaction. They are being increasingly used by scammers who place decoys on parking meters, shop windows, and fake marketing materials to commit identity theft or distribute malware in a practice known as Quishing.
This scam isn’t new, but has grown with the increasing use of QR codes that began during the pandemic. Sometimes a fake QR code is pasted over a real one, redirecting the user into a scam through a fake website or portal, inevitably featuring a button that will lead to a request for personal information and/or passwords. Unless you absolutely know and trust the source, do not click on any links or provide any personal information to websites and portals accessed with a QR code.
- A sense of urgency in the contact. Be suspicious of anyone who instructs you to keep their contact secret or not to share the information with others. This is a tactic to avoid getting caught for their illegal activity and to prevent someone from discouraging a victim from falling for their scheme.
- Discouraging the victim from calling back later to resolve the issue.
- Asking for account information: your financial institution will NEVER ask for your banking credentials.
- Tech companies do not contact you directly to tell you about your devices. You are one of millions who buy their product. You may subscribe to a service, but no one is going to call or text or email you that there is an emergency with your device. Do not reply to such outreach!
- If you don’t have an established relationship with a financial institution, no one should suddenly reach out to you about your account.
- Do not respond to requests for money. Ever.
- If you receive an email or text out of the blue, do not click on any links. If it is a company that you do business with, go to their website directly (not through the email or text) and call their main published number to discuss your account.
- Let your financial institution or credit card company know immediately if someone contacts you out of the blue asking for your account information.
- Let your calls go to voicemail so that you can screen them at your leisure and remove the sense of urgency. If they make contact, they try everything they can to convince you to participate. Screening calls from unfamiliar numbers prevents these dangerous interactions and reduces the risk of getting convinced or bullied into participating.
- Beware of anyone who is aggressive, secretive or tries to threaten you. A legitimate company will not do this to a customer or potential customer.
- Most important! If you have given your account or personal information to someone, please contact your financial institution immediately to give them an opportunity to protect your account from being accessed by the scammer.
At Lafayette Federal Credit Union, we are committed to protecting your security by helping to safeguard your money and your identity. Contact us to learn how we can work with you to boost your financial well-being.