Following the aftermath of the COVID-19 pandemic, our nation saw a surge in phone & e-mail scams—both in frequency and ferocity! In today's article, we will be going over a few of the most common scam types you are likely to encounter, as well as the red flags of potential fraudulent activity, what to do after being scammed, and some best security practices to follow:
Common Scam Types
FRAUDULENT PHONE CALLS
The average person receives 31 spam calls a month—approximately one per day. While some may just be annoying or bothersome advertising, many are actually companies or individuals tasked with the goal of draining your accounts or coercing you into fraudulent activity.
- Examples
- A warning from the "FBI" to return their call or an agent will be dispatched
- The IRS wanting you to pay back taxes over the phone with credit cards or gift cards
- Generally any phone call where someone wants you to pay them in gift cards
MALICIOUS E-MAILS
While not as prevalent as it once was due to advances in spam protection, malicious e-mail still remains a viable threat to internet users everywhere. These e-mails may ask a user to open up a questionable attachment, click on a link to fill out information on a website, or simply send cryptocurrency to a digital wallet as blackmail or ransom for your "stolen information".
- Examples
- A "refund" notice from your financial institution or favorite online shopping service
- Heart-felt pleas for cash by loved ones you may have never met or spoken to in ages, or from "wealthy" individuals living overseas who promise money later in exchange for money now
- Any e-mail where a person (especially a "celebrity") can take your money and double-it
SPOOFED CALLER-ID
A relatively new tactic, scammers are able to mask their actual phone number with a real one, reducing the chances of you ignoring the initial spam call entirely. The worst part is because the spoofed number is "borrowing" credentials from a legitimate source, blocking that particular number rarely prevents a fraudster from calling you again and again.
Big Red Flags
URGENCY
Knowing that many people will make rash decisions under pressure, scammers will often ask you to take certain actions you may not normally do without thinking about it beforehand. They may also inform you there will be consequences for not performing the tasks as quickly as possible such as losing data, having property taken, or even getting arrested.
AGGRESSIVE BEHAVIOR
Confrontation can upset people rather easily, which is why fraudsters may outright threaten you if you do not provide particular data, send them money, or perform some sort of required task. This may include aggressive actions, bad language, and threats of loss or physical harm.
ALTERED E-MAIL ADDRESS
Some e-mail scams do an incredible job of looking real—often taking on the guise of a legitimate business including logo, branded coloring, and catch-phrases. Because of this, it is important to check the sender's address and make sure the e-mail is 100% legitimate and hasn't been altered or is a variation of an actual address. For example, our e-mail domain is @fourpointsfcu.org, so you can trust that seeing messages from @4Points.org, @fourpointsfcu2.org, or @fourpointsfcu.com will be fraudulent.
POOR SPELLING
It's pretty safe to assume that a message from a stranger that is riddled with atrocious spelling and grammar is either a scam or spam message. These e-mails—often written by people who may not understand your primary language—are sent by the tens of thousands at a time, with the scammer hoping just one out of the many will click the embedded link and hand over their cash.
Damage Control
The tactics used by modern scammers evolve quickly, so it's not unlikely that eventually you may find yourself victim to one. If that is the case, these tips can help you minimize the damage as quickly as possible:
CHANGE YOUR PASSWORDS
CHANGE YOUR PASSWORDS
Sometimes the wrong person gets their hands on your passwords. It could be an accident, it could be due to a major online database leak. Regardless, as soon as you find yourself
PHONE IT IN
If you believe your credit union account specifically has been compromised, give us a call immediately at (800) 323-2786 and we'll discuss the next few courses of action including putting a freeze on your account to prevent future loss. The same can be said for other financial institutions, who will have their own methods for preventing loss and minimizing damage.
SET UP A CREDIT WATCH
Notify credit bureaus and request a credit freeze/lock be placed on your accounts. Doing so early enough will prevent a scammer from opening various accounts under your name and racking up thousands in fraudulent spending.
ENABLE ADDITIONAL SECURITY
After you've changed passwords and verified no other data has been altered on your account (names, phone numbers, recovery e-mails, etc), it is a great idea to enable additional security features such as an Alternative Recovery E-Mail or Two-Factor Authentication. Having multiple recovery e-mails can prevent full account takeovers, whereas Two-Factor Authentication provides another layer of security during login that requires codes sent to your e-mail or mobile phone.
SET UP A CREDIT WATCH
Notify credit bureaus and request a credit freeze/lock be placed on your accounts. Doing so early enough will prevent a scammer from opening various accounts under your name and racking up thousands in fraudulent spending.
ENABLE ADDITIONAL SECURITY
After you've changed passwords and verified no other data has been altered on your account (names, phone numbers, recovery e-mails, etc), it is a great idea to enable additional security features such as an Alternative Recovery E-Mail or Two-Factor Authentication. Having multiple recovery e-mails can prevent full account takeovers, whereas Two-Factor Authentication provides another layer of security during login that requires codes sent to your e-mail or mobile phone.
Best Security Practices
By remaining vigilant on the phone and on the web, we can help greatly minimize the chances for fraudulent activity. In fact, there are a few easy things you can do now to secure your private information:
CHANGE PASSWORDS OFTEN
It is good practice to change your passwords at least once every three months. It is also highly recommended to never use the same password across multiple accounts—in case a major leak or site compromise occurs. Remember to make each one a complex string of words/phrases that include capital letters, numbers, and symbols.
DON'T TALK TO STRANGERS
This phrase once told to us by our parents proves true even today for adults. If possible, refrain from responding to e-mails from unknown addresses or taking calls from unknown numbers. The more often you let them know that avenue of communication is open, the more often you'll receive correspondence from scammers.
ENABLE TWO-FACTOR
As mentioned before, Two-Factor Authorization is a great way to add another layer of security to your most important accounts. If you plan to have your two-factor codes sent to e-mail, rather than your mobile device, make sure your e-mail password is unique and not shared across other sites. If a scammer gets a hold of your account password and your e-mail password, there is a good chance they can bypass two-factor authorization and remove it entirely.
CHANGE PASSWORDS OFTEN
It is good practice to change your passwords at least once every three months. It is also highly recommended to never use the same password across multiple accounts—in case a major leak or site compromise occurs. Remember to make each one a complex string of words/phrases that include capital letters, numbers, and symbols.
DON'T TALK TO STRANGERS
This phrase once told to us by our parents proves true even today for adults. If possible, refrain from responding to e-mails from unknown addresses or taking calls from unknown numbers. The more often you let them know that avenue of communication is open, the more often you'll receive correspondence from scammers.
ENABLE TWO-FACTOR
As mentioned before, Two-Factor Authorization is a great way to add another layer of security to your most important accounts. If you plan to have your two-factor codes sent to e-mail, rather than your mobile device, make sure your e-mail password is unique and not shared across other sites. If a scammer gets a hold of your account password and your e-mail password, there is a good chance they can bypass two-factor authorization and remove it entirely.
Final Thoughts
As a friendly reminder, team members of Four Points FCU will never call you directly and request sensitive information such full account numbers, PINs, Online Banking login credentials, etc. If you receive a call or e-mail from a "Four Points employee" and their requests seem suspicious or dubious in nature, kindly hang up and give us a call at (800) 323-2786 to verify or confirm the previous call.
