Account Security, Common Frauds and Scams
Identity theft occurs when someone uses your Social Security number or other confidential information to open new accounts or make purchases This can occur by way of a phone call or an email from an allegedly legitimate business or individual. It might even happen when someone searches your trash for mail containing personal information and credit card receipts. In many cases, a pre-approved credit card application gives the criminal enough information to set up a credit card in your name.
Examples of ways people can steal your identity:
- Lost information: You lose a credit card, passport, driver’s license or other form of ID that has your personal information.
- Burglary: In addition to having items stolen, burglars may also steal checks, credit cards, social security information, and other sensitive information.
- Child identity theft: -Someone gets a hold of your child’s social security number.
Tips to protect yourself from identity theft:
- Carefully guard your personal information.
- Monitor your login, account creation or password reset placements.
- Look for unusual signs such as an account trying to be accessed several times in the last weeks
Account take over
The definition of account takeover is obtaining a user’s details to take over their online accounts. When bad actors take over a user account, they can roam free in the environment and make all sorts of fraudulent activities. These activities can go from updating a shipping address or changing a password to making fraudulent purchases.
How criminals get usernames and passwords:
- Purchase of data on the dark web.
Tips to protect yourself from an account take over:
- Be proactive instead of reactive.
- Monitor your login, account creation or password reset placements.
- Look for unusual signs such as an account trying to be accessed several times in the last weeks.
Authorized credit card transactions
Credit card number theft involves a phone call or email from someone acting as a representative from a legitimate company. The caller will try to convince you that they need your credit card number to check your account. However, he or she will use this information to illegally run up charges on your card.
Tips to protect yourself from credit card theft:
- Treat your credit card like it is cash.
- Be suspicious and ask lots of questions; just hang up or don’t respond to the email.
- The only time you should provide your credit card number is when you are actually buying something from a trusted company.
- Check your credit annually through a major credit bureau.
Computer worms, viruses and other malicious programs can destroy or steal data and personal information. Without your knowledge, hackers can use these viruses to harvest your personal information, steal your money, credit and identity. While most legitimate websites do not cause these viruses or infections, there are many websites that have been compromised without the website owner’s knowledge.
Tips to protect yourself against worms, viruses and other malicious programs:
- Reduce the chance that your computers will be infected by these harmful programs by keeping anti-virus software up-to-date.
- Install security patches and updates as recommended by the companies that created your Operating System (e.g. Windows or macOS) and other software vendors (e.g. Adobe and Microsoft).
As one of the most popular social engineering attack types, phishing scams are email and text message campaigns aimed at creating a sense of urgency, curiosity or fear in victims. It then prods them into revealing sensitive information, clicking on links to malicious websites, or opening attachments that contains malware.
Example of phishing:
An example is an email sent to users of an online service that alerts them of a policy violation requiring immediate action on their part, such as a required password change. It includes a link to an illegitimate website—nearly identical in appearance to its legitimate version—prompting the unsuspecting user to enter their current credentials and new password. Upon form submittal the information is sent to the attacker.
Tips to protect yourself from phishing:
- Slow down. Criminals want you to act first and think later. Legitimate organizations will never ask for personal details via email.
- Be suspicious of any unsolicited messages. Don’t ever click on links an email to a website unless you are absolutely sure it is authentic. If you have any doubt, you should open a new browser window and type the URL into the address bar.
- You should always, where possible, use a secure website (indicated by https:// and a security “lock” icon in the browser’s address bar) to browse, and especially when submitting sensitive information online, such as credit card details.
Financial pretexting is a type of social engineering when someone under false pretenses tries to get your personal information to gain access to your cash and credit.
Examples of pretexting:
- Phone call: Hi [your name], this is your bank. I see some unusual activity on your account. I need to confirm this is you so can you please provide your card number so I can confirm it.
- Recorded message: This message is an important reminder for [your name]. Recently, somebody attempted to change the password of your [company] account. A temporary PIN was provided. If you did not request this temporary PIN, please call us immediately at [number].
- Email: After your last tax filing, we have determined that you are eligible to receive a tax refund of $180.00. To access your tax refund, use the following personalized link [fake link].
Tips to protect yourself from pre-texting:
- Use 2-factor authentication to access email. For example, use a password + a unique code texted to your phone for your email.
- Don’t immediately click links or open attachments in emails. Hackers can pretend to be from companies you know and use, so be sure before you click. Or better yet, go directly to the site in a web browser first. If you’re not expecting an email attachment or link, call or text the person who sent it to ensure it was really them.
- Avoid uploading personal information online (like your bank account). Even if you know the company or website, be sure the device you are using is secure when you need to upload personal information.
- Start new sessions in your browser frequently. Completely log out and close your browser when finishing a session. Clearing your browser history regularly is a good idea, too.
Types of spoofing:
- Caller ID spoofing: This is when a caller deliberately falsifies the information transmitted to your caller ID display to disguise their identity. Spoofing is often used as part of an attempt to trick someone into giving away valuable personal information so it can be used in fraudulent activity or sold illegally, but also can be used legitimately, for example, to display the toll-free number for a business.
- Neighborhood spoofing: Robocallers use neighbor spoofing, which displays a phone number similar to your own on your caller ID, to increase the likelihood that you will answer the call.
- Email spoofing: This is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate source
- URL spoofing: A phishing website (sometimes called a “spoofed” site) tries to steal your account password or other confidential information by tricking you into believing you’re on a legitimate website. You could even land on a phishing site by mistyping a URL (web address).
- GPS spoofing: A GPS spoofing attack attempts to deceive a GPS receiver by broadcasting incorrect GPS signals, structured to resemble a set of normal GPS signals, or by rebroadcasting genuine signals captured elsewhere or at a different time.
Tips to protect yourself from spoofing:
- Don’t answer calls from unknown numbers. If you answer such a call, hang up immediately.
- If you answer the phone and the caller – or a recording – asks you to hit a button to stop getting the calls, you should just hang up. Scammers often use this trick to identify potential targets.
- Do not respond to any questions, especially those that can be answered with “Yes” or “No.”
- Never give out personal information such as account numbers, Social Security numbers, mother’s maiden names, passwords or other identifying information in response to unexpected calls or if you are at all suspicious.
- If you get an inquiry from someone who says they represent a company or a government agency, hang up and call the phone number on your account statement, in the phone book, or on the company’s or government agency’s website to verify the authenticity of the request. You will usually get a written statement in the mail before you get a phone call from a legitimate source, particularly if the caller is asking for a payment.
- Use caution if you are being pressured for information immediately.
- If you have a voice mail account with your phone service, be sure to set a password for it. Some voicemail services are preset to allow access if you call in from your own phone number. A hacker could spoof your home phone number and gain access to your voice mail if you do not set a password.
If you answer the phone and hear a recorded message instead of a live person, it’s a robocall.
You’ve probably gotten robocalls about candidates running for office, or charities asking for donations. These robocalls are allowed. But if the recording is a sales message and you haven’t given your written permission to get calls from the company on the other end, the call is illegal. In addition to the phone calls being illegal, their pitch most likely is a scam.
Tips to protect yourself from scams resulting from robocalls:
- Hang up the phone. Don’t press 1 to speak to a live operator and don’t press any other number to get your number off the list. If you respond by pressing any number, it will probably just lead to more robocalls.
- File a complaint with the FTC
- Register your phone numbers on the Do Not Call Registry
Slamming occurs when a telephone company changes your service provider without your consent or knowledge. Slamming methods can include: “free trials,” signing up for marketing promotions without reading the fine print and offers for credit cards or giveaways.
Cramming is a form of fraud in which a company places unauthorized and miscellaneous charges on your bill. This could involve a charge for a voicemail service, Internet access services or other service charges.
Tips to protect yourself against slamming and cramming:
- Don’t sign up for marketing promotions without reading the terms and conditions before signing up for anything that will be charged to your landline or wireless telephone service.
- Review all your bills carefully and make sure you understand all charges. Be on the look out for unfamiliar company names, calls you did not make and services you did not order.
- Understand your phone bill terminology. Verizon customers can use this handy glossary to understand the taxes, fees, surcharges and other charges they may see on their bills.