Fraud Alert: These Scams Can Cost You Money!

Common Sense Can Keep You Safe

Over the last ten years, a frightening number of scams have developed using increasingly sophisticated technologies, all designed to take your money by stealing your personal financial information. It seems as soon as one devious technique is created, fraudsters devise another, each more sophisticated than the last, and each conceived to steal consumers' identities or hijack their finances.

Understanding today's most prevalent frauds is the first step in preventing them!

Phishing

Phishing is an attempt by criminals to obtain sensitive information such as online user names, passwords, and credit card details by masquerading as a reliable company—often a financial institution—via e-mail. The phishing e-mail typically directs users to a fake website designed to look like the legitimate website for the company named in the e-mail, where the consumer is asked to enter personal financial details. Even when using server authentication, it may require a great deal of knowledge and skill to determine the website is fake.

PROTECT YOURSELF by knowing your financial institution will never send an e-mail asking for personal information, or send you to any special site to update your personal information. If you receive such an e-mail, delete it and contact the purported sender yourself to verify and/or report the scam.

Spear Phishing

Spear phishing is an offshoot of phishing. In a phishing attempt, fraudsters may send a single, mass e-mail to thousands of people, hoping a few will respond. Spear phishing attacks, though, are sent to a single person at a time and customized to fit that individual. The spear phishing e-mail usually contains personal information, such as your name or some detail about your employment.

A spear phishing e-mail, like a phishing e-mail, also generally includes a link leading to a fake website requesting personal information, or may contain a downloadable file. This type of e-mail often appears to come from an employer or another seemingly trustworthy source. However, the website or file may contain malware, which, once downloaded to your computer, collects your personal information and transmits it to the criminal without your knowledge or consent.

PROTECT YOURSELF by understanding that these attacks are usually limited to corporate targets. As of now, nearly all investigated spear phishing complaints have come from corporate employees. If you receive a possible spear phishing e-mail, go directly to your employer's Human Resources representative or IT department to learn whether the e-mail is legitimate.

Vishing

Vishing is similar to phishing, but involves the telephone instead of e-mail. This method of fraud is generally used to steal credit card numbers, bank account information, and passwords. A criminal perpetrating a vishing scheme might call you on the phone, advising you that your credit card has been used illegally, and give you a telephone number to call and ostensibly "verify" your account number.

PROTECT YOURSELF by being suspicious of any caller asking for bank information or credit card numbers for any reason. Do not provide this information to the caller. Instead, contact your bank or credit card company directly, using a known, published telephone number for the company, to determine the authenticity of the message.

Smishing

Smishing is another variation of phishing, the name a combination of SMS (Short Message Service, the technology used for text messaging) and phishing. In a smishing attack, the criminal uses text messages through your cellular phone to coerce you to visit a fraudulent website or call a telephone number that connects you to an automated voice response system. In either case, the goal is clear: to steal your personal information.

The smishing text message often "requires" your immediate attention. For example, it might say it is confirming an order for a large purchase you did not authorize, and you need to follow the scammer's directions in order not to be charged for the item. Once you follow the link to the fraudulent website or call the telephone number provided, you are asked to provide credit card or bank account numbers, PIN numbers or passwords, or other pieces of sensitive data.

PROTECT YOURSELF by presuming that no legitimate company would contact you via text message with such a request. If the message seems believable, contact the company using a published telephone number and speak to a customer service representative about the message you received.

Debit & Credit Card Skimming

This type of skimming is an attempt to steal your personal information and your identity by tampering with ATM machines. Fraudsters create a device that captures the debit card magnetic stripe and keypad information from the ATM, then, once collected, sell this data to criminals who use it to create new cards with your account numbers.

PROTECT YOURSELF by reducing your ATM risk—use machines from institutions you know and trust. These machines often receive more traffic and are protected by surveillance cameras, both of which can make attaching or retrieving a skimming device tricky for a thief. Keep an eye out for changes at ATMs you frequent, such as difference in the color of the card reader or a gap where something appears to be glued onto the slot where you insert your card—these are warning signs to find another machine and report your observations to the institution.

Fake Check Scams

Fake check scams use technology to create realistic cashier's checks, which are used by criminals to pay for online purchases or, in a common variation on the theme, to send you the proceeds of some form of foreign lottery you are told you won. In these scams, the consumer accepts the faked cashier's check, which is made out for more than the purchase price or lottery payout, and is asked to send the difference in a separate check to the scammer. The consumer keeps the worthless fake check, and the scammer keeps the real check (and the consumer's real money).

PROTECT YOURSELF with basic common sense. If you are selling something, insist the buyer pay by trusted means. If you didn't enter a lottery, you couldn't win it. And of course, never accept a check for more than the amount due!

For additional resources, visit www.ftc.gov/idtheft or www.onguardonline.gov.