Fraudsters are relentless in their development of scams to outsmart the existing authentication controls put in place to protect account information. Here some of the recent scams:
Money Mules Fuel Fraud
Social Security issues scam alert
The Social Security Administration is raising awareness of phone scammers who are telling people that there is a problem with their Social Security number or account or that they are losing benefits. The agency offers articles, blogs and other materials on its website that institutions can use to notify customers.
Tech Support Scam
The subject claims to be an employee (or an affiliate) of a major computer software or security company offering technical support to the victim. Some subjects are claiming to be support for cable and Internet companies to offer assistance with digital cable boxes and connections, modems, and routers. The subject claims the company has received notifications of errors, viruses, or security issues from the victim's internet connection. Subjects are also claiming to work on behalf of government agencies to resolve computer viruses and threats from possible foreign countries or terrorist organizations.
Initial contact with the victims occurs by different methods. Any electronic device with Internet capabilities can be affected.
- Telephone: This is the traditional contact method. Victims receive a “cold” call from a person who claims the victim's computer is sending error messages and numerous viruses were detected. Some victims report the subjects have strong foreign accents.
- Pop-up message: The victim receives an on-screen pop-up message claiming viruses are attacking the device. The message includes a phone number to call to receive assistance.
- Locked screen on a device (Blue Screen of Death - BSOD): Victims report receiving a frozen, locked screen with a phone number and instructions to contact a (phony) tech support company. Some victims report being redirected to alternate websites before the BSOD occurs. This has been particularly noticed when the victim was accessing social media and financial websites.
- Pop-up messages and locked screens are sometimes accompanied by a recorded, verbal message to contact a phone number for assistance.
Once the phony tech support company/representative makes verbal contact with the victim, the subject tries to convince the victim to provide remote access to their device.
If the device is mobile (a tablet, smart phone, etc.), the subject often instructs the victim to connect the device to a computer to be fixed. Once the subject is remotely connected to the device, they claim to have found multiple viruses, malware, and/or scareware that can be removed for a fee. Fees are collected via a personal debit or credit card, electronic check, wire transfer, or prepaid card. A few instances have occurred in which the victim paid by personal check.
Variations and Trends
An increasingly reported variation of the scam occurs when the subject contacts the victim offering a refund for tech support services previously rendered because the company has closed.
The victim is convinced to allow the subject access to their device and to log onto their online bank account to process the refund. The subject then has control of the victim's device and bank account. With this access, the subject appears to have “mistakenly” refunded too much money to the victim's account, and requests the victim wire the difference back to the subject company. In reality, the subject transferred funds among the victim's own accounts (checking, savings, retirement, etc.) to make it appear as though funds were deposited. The victim wires their own money back to the company, not finding out until later that the funds came from one of their own accounts. The refunding and wiring process can occur multiple times, which results in the victim losing thousands of dollars.
Victims are increasingly reporting subjects are becoming hostile, abusive, and utilizing foul language and threats when being challenged by victims.
The tech support scam is an attempt by subjects to gain access to victim devices. However, more can happen once a subject is given access to the device. For example:
- The subject takes control of the victim's device and/or bank account, and will not release control until the victim pays a ransom.
- The subject can access computer files that may contain financial accounts, passwords, and personal data (health records, social security numbers, etc.).
- The subject may intentionally install viruses on the device.
- The subject threatens to destroy the victim's computer or continues to call in a harassing manner.
Defense and Mitigation
- Recognize the attempt and cease all communication with the subject.
- Resist the pressure to act quickly. The subjects will urge the victim to fast action in order to protect their device. The subjects create a sense of urgency to produce fear and lure the victim into immediate action.
- Do not give unknown, unverified persons remote access to devices or accounts. A legitimate software or security company will not directly contact individuals unless the contact is initiated by the customer.
- Ensure all computer anti-virus, security, and malware protection is up to date. Some victims report their anti-virus software provided warnings prior to the attempt.
- If a victim receives a pop-up or locked screen, shut down the device immediately. Victims report that shutting down the device and waiting a short time to restart usually removes the pop-up or screen lock.
- Should a subject gain access to a device or an account, victims should take precautions to protect their identity, immediately contact their financial institutions to place protection on their accounts, and monitor their accounts and personal information for suspicious activity.
Filing a Complaint
Individuals who believe they may be a victim of an online scam (regardless of dollar amount) can file a complaint with the IC3 at www.ic3.gov.
To report tech support scams, please be as descriptive as possible in the complaint including:
- Name of the subject and company.
- Phone numbers and email addresses used by the subject.
- Websites used by the subject company.
- Account names and numbers and financial institutions that received any funds (e.g., wire transfers, prepaid card payments).
- Description of interaction with the subject.
Complainants are also encouraged to keep all original documentation, emails, faxes, and logs of all communications.
Because scams and fraudulent websites appear very quickly, individuals are encouraged to report possible Internet scams and fraudulent websites by filing a complaint with the IC3 at www.ic3.gov.
To view previously released PSAs and Scam Alerts, visit the IC3 Press Room.
Tips to Protect Your Computer from Intrusion
- Keep Your Firewall Turned On: Whenever your computer is on be sure your firewall is on. A firewall helps protect your computer from hackers. Software firewalls are widely recommended for single computers. The software is prepackaged on some operating systems or can be purchased for individual computers. For multiple networked computers, hardware routers typically provide firewall protection.
- Install and Update Your Antivirus Software: Antivirus software is designed to prevent malicious software programs from embedding on your computer. If malicious code, a virus or a worm is detected, the software works to disarm or remove it. These infections can infect computers without your knowledge. If your software offers it, set it to update automatically.
- Install and Update Your Antispyware Technology: Spyware is just what it sounds like-software that is secretly installed on your computer to let others watch your activities on the computer. Some spyware collects information about you without your consent or produces unwanted pop-up ads on your web browser. Some operating systems offer free spyware protection, and inexpensive software is readily available for download on the Internet or at your local computer store. Be wary of ads on the Internet offering downloadable antispyware. In some cases these products may be fake and actually contain spyware or other malicious code.
- Keep Your Operating System Up to Date: Computer operating systems are periodically updated to stay in tune with technology requirements and to fix security holes. Be sure to install the updates to ensure your computer has the latest protection.
- Be Careful What You Download: Carelessly downloading e-mail attachments can circumvent even the most vigilant anti-virus software. Never open an e-mail attachment from someone you don't know, and be wary of attachments from people you do know. They may have unwittingly advanced malicious code. Also be wary of links embedded in emails. They may lead you to rogue websites that download malicious code to your computer.
- Turn Off Your Computer: With the growth of high-speed Internet connections it is easy to leave your computers on and ready to go. But it always on it is more susceptible to unwanted attacks. Turning the computer off stops an attacker's connection to send it spyware or use it as a botnet that employs your computer's resources to reach out to other unwitting users.
IRS Updates Phone Scams Warning
The IRS is again warning the public about phone scams that continue to claim victims all across the country. In these scams, thieves make unsolicited phone calls to their intended victims. Callers fraudulently claim to be from the IRS and demand immediate payment of taxes by a prepaid debit card or wire transfer. The callers are often hostile and abusive.
The Treasury Inspector General for Tax Administration (TIGTA) has received 90,000 complaints about these scams. TIGTA estimates that thieves have stolen an estimated $5 million from about 1,100 victims. To avoid becoming a victim of these scams, you should know:
- The IRS will first contact you by mail if you owe taxes, not by phone.
- The IRS never asks for credit, debit or prepaid card information over the phone.
- The IRS never insists that you use a specific payment method to pay your tax.
- The IRS never requests immediate payment over the telephone.
- The IRS will always treat you professionally and courteously.
Scammers may tell would-be victims that they owe money and that they must pay what they owe immediately. They may also tell them that they are entitled to a large refund. Other characteristics of these scams include:
- Scammers use fake names and IRS badge numbers to identify themselves.
- Scammers may know the last four digits of your Social Security number.
- Scammers spoof caller ID to make the phone number appear as if the IRS is calling.
- Scammers may send bogus IRS emails to victims to support their bogus calls.
- Victims hear background noise of other calls to mimic a call site.
- After threatening victims with jail time or driver's license revocation, scammers hang up. Others soon call back pretending to be from the local police or DMV, and caller ID again supports their claim.
If you get a phone call from someone claiming to be from the IRS, here's what you should do:
- If you know you owe taxes or you think you might owe taxes, call the IRS at (800) 829-1040. IRS employees can help you with a payment issue if you owe taxes.
- If you know you don't owe taxes or don't think that you owe any taxes, then call and report the incident to TIGTA at (800) 366-4484.
- If scammers have tried this scam on you, you should also contact the Federal Trade Commission and use their "FTC Complaint Assistant" at FTC.gov. Please add "IRS Telephone Scam" to the comments of your complaint.
The IRS encourages you to be vigilant against phone and email scams that use the IRS as a lure. Visit the genuine IRS website, IRS.gov, to learn how to report tax fraud and for more information on what you can do to avoid becoming a victim.
Fraudsters are relentless in their pursuit of finding sophisticated, malicious techniques to outsmart the existing authentication controls put in place to protect account information. Key logging, virus attacks and phishing scams are some of the techniques used by fraudsters. While the risk of fraud exists on all account types, many of these schemes target small and medium sized business customers. Your first line of defense is knowledge about what you, the end-user, can do to protect yourself from becoming a victim of fraud.
Keystroke Logging / Virus Attacks
Keylogging is a method by which fraudsters record your actual keystrokes and mouse clicks. Keyloggers are "Trojan" software programs that target your computer's operating system (Windows, Mac OS, etc.) and are "installed" via a virus. These can be particularly dangerous because the fraudster has captured your user ID and password and anything else you have typed while online. If you are like most other users and have the same ID and PIN/Password for many different online accounts, you have essentially granted the fraudster access to any company with whom you conduct business. After all, they have your login credentials so they appear to be a valid user.
Phishing is a scam where fraudsters request personal information from users. While requests are most commonly in the form of an email from an organization you may or may not do business with, they could also be from a phone call, text message or letter. The request is made to look exactly like it came from the organization, complete with company logos and other convincing information. The request usually states that the company needs you to update your personal information or that your account is about to become inactive or frozen, all in an effort to get you to supply your information. Please remember no reputable business will ever contact you in these ways requesting that you update your personal information, including account numbers, system passwords or Social Security Numbers. While nothing is foolproof, following these guidelines as a well as having a general awareness of the potential threats will greatly reduce your risk of being a victim of fraud. Commercial account holders should perform a periodic assessment of their internet banking procedures and evaluate the controls they have in place to reduce the risks they identify.
While nothing is foolproof, following these guidelines as well as having a general awareness of the potential threats will greatly reduce your risk of being a victim of fraud. Commercial account holders should perform a periodic assessment of their internet banking procedures and evaluate the controls they have in place to reduce the risks they identify.
Use Anti-Virus Software
This is one of the most important things you can do to protect your computer from viruses. There are many on the market today. Be sure you only purchase or use Anti-Virus protections from a reputable company.
Keep Your Operating System Up-To-Date with the Latest Security Patches
Check the website of your operating system for updates and security patches. Some systems allow you to set automatic updates.
Never Click on a Link From a Business Requesting That You Provide Them with Personal Information
Keep in mind that no reputable business will ever email you requesting that you update your personal information, including account numbers, system passwords or Social Security Numbers via a link to their site.
Change Your Passwords Often
We recommend changing your password every 30 or 60 days.
Do Not Use the Same ID and PIN or Password for Other Online Accounts
Never store your ID and Password information where others could gain access to it, and do not disclose your login credentials to other people or companies.
A Dedicated Computer Used Specifically for Online Banking Activity Is Highly Recommended
The dedicated computer should never be used to "surf" the internet, access websites or read email. The only internet access allowed should be signing on your internet banking account.
Avoid Accessing Your Online Banking Accounts Via a Wireless Network, Unless You Are Certain It Is Secure
If you have a wireless router at home, ensure it is locked. You should avoid using public computers but if you do, do not store your user name or password for future visits. Be sure to log off and, if possible, shut down the computer before you leave it.
Businesses Should Take Advantage of Tokens
Isabella Bank offers hard tokens, which provide a unique one-time use password each time you access your cash management account online.
Isabella Bank's Contact Policy
Isabella Bank may contact you in order to provide general account or banking information but we will never contact you and ask for personal information.
Never respond to an email, telephone call, text message or letter that appears to be from us and requests non-public personal information. (Non-public information includes account number, social security number, and internet banking credentials.) Please contact us directly before you provide banking information to anyone who contacts you on an unsolicited basis. Call Customer Service at (989) 772-9471 or (800) 651-9111.
Never use links or phone numbers from a suspicious email. Use the contact information you have on file.
- Federal Trade Commission
- Federal Deposit Insurance Corporation
- Microsoft Security
- Apple Product Security
Create a brighter financial future with free, online financial literacy training. Visit Community Compass now.