Types of Scams

Phishing, Smishing, and Vishing

Most of us are aware of (and on the lookout for) phishing attempts. Phishing is the practice of sending fraudulent emails that appear to be legitimate to gain sensitive information such as usernames, passwords and account numbers. You will be asked to click a link or enter information which is then directed straight to the criminal. SMiShing (SMS phishing) is a type of attack where the fraudulent link is sent via text rather than email. You receive a text message containing a hyperlink, and when clicked – downloads a Trojan horse on the mobile phone. Vishing (Voice phishing) is the practice of making phone calls or leaving voice messages claiming to be for a legitimate purpose, when in actuality the person making the call is doing so to commit fraud. Attackers use a technique called “Caller ID Spoofing” to make the call seem even more legitimate.

Tips for avoiding Phishing, Smishing, and Vishing:

• Learn to identify phishing, smishing, and vishing attempts.
• Be cautious of links or phone numbers embedded in emails or text messages.
• Only enter sensitive information in secure websites.
• Never give your credit card number or other sensitive information over the telephone unless you make the call.
• Be cautious of unknown callers.
• If you’re unsure – never give out information until you are sure.

Identity Theft

Identity theft occurs when someone assumes your identity to commit fraud. Information can be obtained in a variety of ways including rummaging through your trash, stealing your wallet, or compromising your bank information.

Tips for avoiding Identity Theft

• Never throw away ATM receipts, credit statements, credit cards, or bank statements without first shredding them.
• Never give your credit card number or other sensitive information over the telephone unless you make the call.
• Reconcile your bank account monthly, and notify your bank of discrepancies immediately.
• Keep a list of telephone numbers to call to report the loss or theft of your wallet, credit cards, etc.
• Review a copy of your credit report at least once each year. Notify the credit bureau in writing of any questionable entries and follow through until they are explained or removed.
• If your identity has been assumed, ask the credit bureau to include a statement to that effect in your credit report.

What to do if you’re a victim of identity theft

Corporate Account Takeover

Corporate account takeover is a type of fraud where thieves gain access to a business’ online banking accounts to initiate unauthorized transactions. This includes transferring funds from the company via wire or ACH origination, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable.

Cyber thieves target employees through phishing, phone calls, and even social networks. It is common for thieves to send emails posing as a bank, a delivery company, court or the Better Business Bureau. Once the email is opened, key logging malware is loaded on the computer which then records login credentials and passcodes and reports them back to the criminals.

Tips for avoiding Corporate Account Takeover:

• Have a strong partnership with your financial institution.
• Utilize all relevant security features available to protect your bank information and accounts.
• Educate and train all employees.
• Never open emails or click attachments from unknown sources.
• Be cautious of pop-up messages.
• Use a separate workstation for banking tasks (one that is not used for social media or internet browsing).
• Monitor your accounts closely on a daily basis.
• Use account alerts for immediate notifications.

Email Compromise

Email compromising is the unauthorized access to, or manipulation of an email account or correspondence. In some cases, hackers will target friends and family claiming an emergency and an urgent need to wire funds. In other cases, hackers will target bank correspondence and request a transfer of funds based solely on their email authorization.

Tips for avoiding fraud related to Email Compromise:

• Have a strong partnership with your financial institution.
• Utilize all relevant security features available to protect your bank information and accounts.
• Use unique passwords for bank sites. If your email credentials are stolen and you utilize the same password for all of your accounts, hackers will suddenly have access to all of them.
• Safeguard your usernames and passwords. Never share them and be cautious of where you enter your information.
• Utilize a password safe or password manager (if available) that can generate random passwords for your different accounts.
• Change all of your passwords frequently regardless of if it is required.
• Use two-factor authentication (if available). This will require you to use your username, password, and one other piece of information like a code sent to your phone.
• Never open emails or click attachments from unknown sources.
• Be cautious of pop-up messages.
• Don’t utilize public computers for personal use. If you do, ensure that none of the websites save your login credentials, and if possible clear the browsing history once you’re complete.