Identifying and Reporting Common Scams
On July 6, 2017 the Federal Trade Commission (FTC) issued an alert on scammers posing as FTC officials who contact individuals and claim they have won prizes from a charity contest. The scammers ask for money to cover taxes or insurance costs associated with the prize. While this is a new malicious campaign, scammers use these basic tactics time and time again with slightly different wording to take advantage of unsuspecting individuals. It may seem like a day doesn’t go by without scammers contacting you online or by phone seeking money and/or personal information. Since this is so commonplace, it is worth exploring how to identify these schemes, and how to go about reporting them in the event that scammers target you.
Identifying the scam
Two common financial schemes involve coercing individuals into paying money to prevent a negative outcome, such as a tax audit or police investigation, or asking the individual to pay a fee up front to claim a prize. A third type of scam seeks individuals’ personally identifiable information (PII), such as Social Security numbers and birthdates, to commit identity theft. Individuals providing information to scammers may suffer large financial losses, as well as negative impacts to their credit. It is important that you know how to spot these scams so you can easily ignore them.
It's most likely a scam if you...
- have to pay money to claim a “prize” or “winnings”
- are asked for money to stop or prevent a police, FBI, or other federal investigation
- have to provide your bank account number and information
- are specifically asked to purchase any form of prepaid gift card to be used as payment
- are approached with no prior contact to give out your date of birth, social security number, password, username or other personal sensitive information online or over the phone
- are approached online or by phone in an unprovoked manner and asked for payment or personal information by someone claiming to be a government employee on official business
One final thing to be aware of is that scammers create convincing emails that may look like official communication from your bank, credit card issuer, or a retailer. These emails often include a link to a very convincing, yet fraudulent website that will ask you to log in with your username and password. If you provide your credentials, the criminal can then use them to gain access to your legitimate account. From there, they can steal your personal information or generate fraudulent transactions. If you ever receive an email asking you to click a link to log in and update your account or change your information, be safe and use your browser to directly type in the legitimate website address for that account in order to complete this request. By doing this, you will always be sure you are on the right website.
Scammers constantly target individuals by email, false advertisements, and phone calls to bring these types of scams to fruition. Being wary of any communication that meets any of the above criteria will go a long way in keeping your information and money safe!
Finally, it is very important that targets of online or phone scams report this to the proper authorities. Although it can be a bit embarrassing to have been hit by such a crime, reporting is the only way to direct investigators and regulators to pursue the criminals behind the scam or identity theft. Aside from reporting the scam to law enforcement, it is important to work with your bank, credit card issuer, or the business where your account was compromised to take the necessary steps in preventing further financial loss.
If you are the target of a financial scam, report it to the FTC at www.ftc.gov/complaint. If this scam was via email or over the Internet, also file a complaint with the FBI’s Internet Crime Complaint Center at www.ic3.gov/complaint.
Targets of identity theft can also file a report at www.identitytheft.gov and receive a recovery plan detailing how to move forward based on the type of scam committed.
Sun, Sand, and Cybersecurity
School’s out and the beach and mountains are calling. It is that time of the year when so many of us pack our bags and hit the open road or head to the airport for a well-earned vacation. We may be ready to take a break from our normal lives, but we still need to be cyber secure while we are enjoying our time off! In this month’s edition, we will explore some ways to be safe and smart with our devices, Internet usage, and social media while out travelling on vacation.
Always be careful about how much you post on social media about your vacations before and during your travels. Criminals can and do watch online posts to find people that are on vacation because that means you have left your home unattended.
Before “checking in” to a location on a social network, consider what else you are sharing – like the information that you aren’t home. Consider skipping the “check in” and making your vacation posts after you have gotten back. This is another way people can see you aren’t home. Perhaps this will have the double benefit of letting you take the time to choose only the best photos to post after your trip is over! At the very least, consider using privacy settings that only let friends see your posts. Additionally, consider turning off GPS and auto-tagging/auto-check in features, if you have them enabled.
Disable WiFi auto-connect services
Some devices have an auto-connect feature that will search for and automatically connect to available and accessible WiFi networks without your interaction. This can allow your device to automatically connect to an unencrypted, public WiFi network, or even one that was set up by a malicious actor to eavesdrop on your browsing and connection activity.
If you want to connect to a store or hotel’s network, check with an employee to see what the correct network is called, and see if they can provide a network password for a more secure, encrypted network. Always use a secure, encrypted network that requires login credentials if you have the option. In the event that isn’t an option, and you can use your phone as a WiFi hotspot, use that instead to get a more secure connection for another device that can’t make direct use of the cellular network’s connection.
Additionally, make sure you do not choose to “remember this network” or “join this network automatically” once you have settled on a more trusted network for use during your vacation. If you have these settings switched on for a very generically named network, your device may connect you to a less secure one that happens to have the same name. Even if you have this turned off, there’s another setting that will automatically connect you to a network you have joined before, which can be a problem since your device doesn’t know the difference between your coffee shop’s “Guest” network and a malicious “Guest” network. Turn these settings off so you don’t automatically connect, and choose to connect only to more trusted, safer WiFi networks.
Keep your devices close, and keep them locked when not in use!
Whether it’s your laptop, tablet, or smartphone, be sure to keep your device on you or with someone you trust. Never leave a device unattended in an airport, train station, restaurant, hotel lobby or anywhere else in public while travelling. There is a common scam that targets people who leave devices sitting next to them. In this scam, another traveler will approach you and ask for help and then lay a newspaper or map down over your device. While you’re distracted answering their question, they are picking up and pocketing your device under the cover of the newspaper or map!
Are You Really Being Secure Online?
Browsing the web and interacting with websites in a secure fashion is immensely important in today’s connected world. Everyday things like online banking, shopping, and submitting your taxes involve sharing financial and sensitive information online. This makes browsing securely something that everyone should consider more closely. Below we will explore some ways to connect to the Internet and browse websites securely, as well as how you can double check that you are being secure.
Use a Secured Wi-Fi Network
Wi-Fi access is widely available, but many of the free connections are to unsecured public Wi-Fi that will leave your information travelling openly! On an unsecured public Wi-Fi network, cyber criminals can easily access the data you are transmitting due to the fact that your information is not encrypted.
A more secure public Wi-Fi network requires a password or credentials to gain access that are provided by someone acting in an official capacity for the local business and the use of encryption. When looking for an available and more secure wireless network, you will see ones using encryption marked with a small lock symbol next to the name of the network. Some hotels and shops that provide free Wi-Fi to customers provide access to their secure networks by providing you with credentials or an access code when checking in, making a purchase, or on request.
If you opt to use a public Wi-Fi connection, make sure you understand the risk – others may be able to see what you do. Keep this in mind and do not conduct sensitive transactions or log in using your credentials on any sites. Not all apps and sites support encryption and other good security practices, which leaves you much more open to many types of cyber-attacks when on a public Wi-Fi connection.
Secure Your Information in Transit
Keep an eye out for that little lock icon on your browser, or the “https” in the URL! Sites that are taking security seriously will encrypt the sensitive information you are exchanging with the site. This is a strong way to ensure that your online activities like shopping or submitting personal information are protected.
The small lock icon or “https” at the beginning of the URL are indicators that encryption is currently in use. The lock icon is commonly found in the address bar on the most popular browsers, including Chrome, Firefox, Safari, Edge, and Internet Explorer.
Verify the Website
When you are looking for information or products online, make sure you are on the website you intended to visit, or are going to the correct site.
One particular sneaky technique used by cyber criminals is called typosquatting. Typosquatting is when someone purposely owns a website that is similar to a trusted website but with a typo in the address. For instance, the website “thisissafe” might be trusted, but the website “thisisafe” could be a malicious website using typosquatting. People are often linked to these incorrect, but very closely named websites through phishing emails sent out by malicious actors. Many websites look the same, and sometimes criminals or other unscrupulous folks use the names and logos of trustworthy companies to mislead you. In some forms of attack, a user being led to a false, but convincing copy of a known website will be prompted to enter their legitimate credentials, which are stolen by the malicious actor who set up this ruse.
A good practice is to not click a link that is provided in your emails, and to instead go type the intended website’s address directly into your browser to ensure you get to the right place.
May 8, 2017 - Skimmer identified on two First State Bank & Trust ATMs
Fremont, Neb. – First State Bank and Trust Company of Fremont learned this weekend that an ATM skimming device had been placed on the outdoor ATM at our 1005 East 23rd Street location. This device was found by a user of the machine, was removed and turned into local law enforcement. In investigating this matter, it came to the bank’s attention that a device had been used at our 1965 East Military location.
First State feels confident that users of the 23rd Street machine will not be impacted since the device on this location was captured. We have identified bank customers whose cards may have been skimmed at the Military location and have flagged their cards in our system. We are reaching out to those affected customers. It appears only those who used the ATM at the Military branch in Fremont on Friday, May 5th -Saturday, May 6th are potentially impacted. All consumers are fully protected by the bank against fraudulent transactions. As always, we strongly encourage our customers to monitor their transaction history in online banking or through our mobile app.
If you are a non-customer who used our Military branch location and see unusual activity, please contact your bank directly for assistance. You are also fully protected against fraudulent charges, but the process does need to begin with your own financial institution.
“We take a situation like this very seriously. We are working with local and federal law enforcement on this matter and are reaching out to all identified customers. We are doing everything we can to resolve this situation quickly for those affected,” states Chuck Johannsen, President of First State Bank & Trust Company.
Here are some tips from the Office of the Comptroller of Currency/U.S. Department of the Treasury to protect your financial information:
- Walk away from an ATM if you notice someone watching you or if you sense something wrong with the machine; immediately report your suspicions to the company operating the machine or a nearby law enforcement officer.
- Before using an ATM, examine nearby objects that might conceal a camera; check the card slot for a plastic sheath before inserting your card.
- Never keep a written copy of your PIN in your wallet or purse as it could be stolen; instead memorize your PIN and keep a paper record hidden at home.
- When entering your PIN, stand close to the machine and hold your hand over the keypad or screen to make it more difficult for a person or camera to watch you.
- Beware of strangers offering to help you with an ATM that appears disabled and notify someone responsible for the security of the machine.
- Regularly review your account statements, either online or on paper, and check for unauthorized withdrawals and purchases. If you find one, immediately contact your bank or credit card provider, as this will limit your financial liability for fraudulent charges.