Outsmarting the Scammers

It’s been a while since I’ve done a post about fraud. Unfortunately, that doesn’t mean fraud cases have suddenly stopped. Fraudsters are using sophisticated means of getting what they want – access to your account and your personal information. I’ve mentioned that financial aggregating services were a popular tool for scammers, but the same is true for third-party Person-to-Person (P2P) service providers, like Zelle. 

AdobeStock_36898032.jpg

Fraudsters will send a text message posing as a security alert from the member's financial institution. When the user responds to the text, the scammers spoof the financial institution's phone number to call the member to verify suspicious debit card transactions. They send a passcode to the member’s cell phone by initiating a transaction that prompts a two-step authentication passcode. This passcode is sent to the member who confirms it to the scammer. Once they have the passcode, the fraudster logs into the member’s account to transfer funds using P2P services.

If you receive a communication that appears to be from your credit union or bank, take the time to review it carefully. If it is an email, be sure to look at the sender’s email address. Hover over it to make sure that email domain is legit. Email domains from a company usually aren't complex; instead, they might only consist of the name of the company. You won’t see extra letters or numbers included in a legitimate domain name.

Example:

Our credit union domains look like this: @infirstfcu.org. Notice there is only the name of our institution and the .org classification.

A spoofed email will have a domain that looks off. Check these out:

1.       @infirst2.com

2.       @in1st.biz

3.       @infirst-email-234235678-connect.co.uk.

Each shows a domain name that is different than the website domain, and each is formatted with additional characters that wouldn't make sense for a business to include.

Another indication that an email may be spoofed is if it contains off-brand characteristics. Using our example above @in1st.biz, you can see that the use of our name is not in keeping with our brand. We never refer to our brand as in1st, so it would be a dead giveaway that this is not a valid domain. 

When in doubt, check it out

  • Visit a known website, but DON’T click on ANY links in the body of the suspicious email.

  • See if the domain name matches the sender’s domain.

  • A legitimate business will have a consistent look and feel to their site. If the email doesn’t carry over the general feel of the brand’s website, it’s probably not legit.

  • A financial institution will NEVER ask for personally identifiable financial information via text message. Moreover, they will NEVER ask you for a password or your debit/credit card's three-digit security code. 

*Many businesses and financial institutions ask you to set up a secret code when you open your account. This is NOT the same thing as a password; rather, it is a verification method used to identify an individual as the account owner when they call in.

 A secret code might be:

  • What is your mother's maiden name?

  • What’s your dog’s name? 

  • What street did you grow up on?

AdobeStock_298810361.jpg

If you receive a suspicious text or email, call your credit union and let them know. Make sure you use a published phone number and not a number found in the email. Your credit union will be able to tell you if communication was real and help you avoid fraudulent activity on your account.

I encourage you to sign up for fraud alerts. You would not believe how many people are not signed up for fraud alerts. Be smart and sign up today. These tools are made available as a way to prevent unauthorized access to your hard-earned money. It is also a good idea to check your account several times a day. If you are not logging into your Online Banking or Mobile Banking each day, you should start that now. The best way to spot a discrepancy is to know what your recent transactions have been and what your balance is. 

What did you think about this post? Let me know in the comments below or email me!


smaller head shot.jpg

Krista Kyte is a personal finance blogger and personal banker with over 17 years of experience in the financial industry. Krista is passionate about helping our members understand their financial situations. She writes tips that will help consumers reach and maintain financial security, and start living the life they’ve always wanted.

Guest UserComment