Category Archives: Important Alerts & Scams

How to Prevent Person-to-Person Payment Scams

Posted on by
Reply

Person-to-person (P2P) payment options have certainly made paying back borrowed money to friends and family very convenient. From going out to eat and splitting the tab, to chipping in for a gift, or paying a trusted contact for a service – P2P payment services have made our lives quick and easy. However, if you are a user of a P2P payment service such as Zelle, Square Cash, PayPal, Venmo, Facebook Payments, Google Wallet, Apple Pay, Payzur, and the like – buyer beware.

Continue reading to ensure you know how to spot a P2P payment scam so that you don’t fall victim to this type of fraud. P2P scams are extremely serious, because the victim unfortunately usually is not protected from money lost and fraudulent access to their account(s).

Why are victims of P2P scams usually not protected?

Due to the fact that P2P transactions are consumer initiated, there is not much protection when a fraudulent transaction occurs – because technically the consumer authorized the transaction. Whether it’s the actual consumer or a fraudster who initiated the payment service transfer, there really is no way to prove it. In addition, user error is often not covered either. Most P2P apps have user agreements prior to first time use, where the user agrees when money is sent through the app – any losses are on the user, since they authorized a transaction.

Recently, Zelle’s P2P service added a measure to help prevent users from sending money to the wrong person. Zelle now includes a pop-up warning if a user is trying to send money to someone who is not in their contacts, which makes them think twice before allowing the funds to leave their account.

How does a P2P scam work?

A P2P scam is basically an account takeover scam. Fraudsters will send text messages to an unsuspecting consumer, appearing as if the message is coming from the individual’s financial institution.

  • The text will usually appear to come from the individual’s financial institution (aka: spoofing) and will warn them of suspicious debit card activity.
  • For those who respond to this fraudulent text, the fraudster will call that consumer also spoofing the financial institution’s phone number – and claim they are from the bank’s fraud department and would like to verify a suspicious transaction.
  • The fraudster will then try to get the unsuspecting consumer to verify their identity, and let them know a passcode will be sent via text message – and that the consumer must provide the passcode over the phone.
  • Once the fraudster has that passcode, they’ll attempt a transaction that triggers another two-step authentication passcode (such as forgot password so they can reset the consumer’s password, or they’ll try to initiate a P2P transaction).
  • The fraudster now has access to all of the consumer’s accounts within Online Banking, as well as access to their P2P payment service if one is provided through the bank (such as Zelle) – and will begin using P2P payments to transfer money to themselves.

And unfortunately, there is not much that can be done once this happens – because it appears that the consumer approved the P2P transfer. Since the fraudster spoofed the financial institution phone number, they more than likely won’t be caught either – once it’s recognized that a scam occurred.

How can I make sure I don’t become a P2P scam victim?

  • Only send money to people you actually know. P2P transactions are instantaneous (meaning they happen within seconds) and are often irreversible.
  • Get all of your recipient’s details prior to initiating a P2P payment. Before you press “send” or “pay,” be sure you have the correct user name, phone number, photo, or other identifier. If you incorrectly enter a recipient’s email or phone number, the money could go to the wrong person and you may not get it back. Some P2P services offer the option of receiving a special code to confirm that the person you’re sending money to is your intended recipient. If this feature is available – use it.
  • Confirm you know how to get help if something goes wrong. Before using a P2P service, search the app for procedures and customer service contacts. Know who to reach out to if you have a problem.
  • Keep your app updated. Hackers usually look to exploit vulnerabilities. If your software is not up to date, you’re missing out on protections. Be sure automatic updates are turned on so you know you’re covered.

While P2P services are a useful and convenient way to pay those you know without having to go to the ATM or get change – it’s important to also be aware of the risks and ways to avoid fraud while using them.

Always remember that your legitimate financial institution will never ask you for your login credentials, passcodes, or user name. If you have additional questions or concerns about P2P payment services or have been a victim of a P2P scam in relation to a First Financial account, please give us a call at 732.312.1500 or email us at info@firstffcu.com.

Article Sources:

CUNA Mutual Group 2019 Peer-to-Peer Payments Risk Overview

CUNA Mutual Group Risk Alert – Sophisticated Scams Lead to P2P Fraud (May 12, 2020)

How to Avoid Phishing Scams Especially During These Times

Posted on by
Reply

In the current environment amidst a worldwide pandemic, fraudsters know most people are frequently using technology to do anything and everything right now. These cybercriminals are counting on society being distracted and letting guards down. One of their favorite tactics to do this is through phishing. Criminals are using email, phone call, text message, website and social media to deploy phishing scams these days.

Here are some common forms of phishing that you might encounter and the warning signs to look out for, so that you don’t become a victim:

1. Phone Call Phishing. Cybercriminals know how to mask phone numbers and change them to make it look like your bank or credit card company is calling you. Usually on this type of call the fraudster tells you they are from the Security and Fraud Department. They will often tell you that your card has been flagged for suspicious activity and you need to prove the card is in your possession. You’ll be asked to give them the 3-digit security code on the back of the card, your PIN, or a one-time passcode they email to you.

2. Email Phishing. There are several warning signs you’ll often see on a phishing email. The most common are spelling and grammar errors, including in the email subject. Also always take note of the sender’s email address. You’ll often see that it doesn’t match up, for example IRS.net (instead of IRS.gov) or using zero’s and other numbers in place of letters in the middle of a sender’s email address (j0hnsm1th@gmail and so forth). Email phishing attempts also often include deadlines, threatening language, doesn’t address you by name, often doesn’t include contact information like a legitimate company email would, and includes suspicious hyperlinks that you should NEVER click on. You should also know that a financial institution will never ask you for any financial information via email.

3. Text Message Phishing. Similar to the phone phishing scam, you would receive a text phishing attempt where the message tells you it’s your bank and they send you a link to click on instead of including a phone number for you to contact them. The message will state that the link in the text is to verify your banking information, a recent transaction, provide your PIN or your 3-digit credit card CVV code. A financial institution will never ask you to click on a link to verify any sensitive information.

4. Website Phishing. A spoofed website will often look strange. Either the web address is off (amaz0n1.com), words will be misspelled, and logos will look blurry or distorted. Sometimes on a site like this you’ll also see a pop up that asks you to enter your personal information. This is another item you should NEVER do. Another thing to note on a phony website, is when you hover over a link – a different address will show. Do not click on these links either.

5. Social Media Phishing. Often you’ll receive a friend request from someone you don’t know or a post asking you to click on a link that requests personal information. If you ever receive any requests like this, ignore them.

For more information on phishing and other computer-based scams, visit the National Cyber Security Alliance at https://staysafeonline.org/

Stay safe and Think First because There’s Harm INot Knowing!

Article Source: usa.Visa.com

‘Tis the Season (for Holiday Fraud)

Posted on by
Reply

The best time of the year is here, but it’s also a time of year when fraud increases too. If you are doing any sort of holiday shopping, be aware of the following scam tactics designed to steal your personal and financial information:

E-Skimming – This is what happens when a scammer gets control of an unsecure link within a website that you may be shopping on. Without even realizing it, you could be redirected to a malicious domain where a skimming code can capture your personal and financial information as you are making your purchase online. Such a skimming code would be sent to a remote server in real time where fraudsters would be collecting all your personal data. This data is often sold and then used to make fraudulent purchases in your name afterward. Before you click on any links in emails or on the web – make sure it’s a secure website (you’ll see an https at the top) and only open emails from trusted sources.

Social Media Scams – Sometimes social media platforms are used to set up a fake online store. The site will feature advertising messages and take payments, but unfortunately you will never receive what you ordered and your financial information may also be compromised in the process. When following a brand on social media, look to see if it’s a verified business (blue check mark in the profile) and look to see their website and contact details, number of followers, and the like. If something seems off or too good to be true, it probably is.

Porch Pirates – This is a big time of year when delivered packages often disappear from the doorstep of unsuspecting homes and businesses. Be sure to track anything ordered as it ships to you, look for a delivery confirmation from the retailer, and try to not leave packages out on your porch for hours on end. If you are going to be away from home when a package is delivered, ask a trusted neighbor or family member to pick it up and hold it for you.

Shipment Update Scam Emails – You may find that a fraudster sends you a fake email that tells you your item failed to deliver and then asks you for updated shipping and contact information. This is a scam! The email may look legit (though you will usually find a fake or unusually long email address with a slightly different domain name), but it often contains a link with malware that will steal your personal information if you click on it. The original retailer has all of this contact information and will not ask you for it again.

Donations to Fake Charities – Scammers know that people love to give back this time of year. A donation scam will often duplicate a charity website and get you to click on a link (which is malware) to donate money. Instead of going to the actual charity, your donation goes right into the pocket of a criminal. Do your research before you donate, ensure the site is legitimate and verified.

Additional steps you can take to help prevent fraud this holiday season:

  • Sign up for transaction alerts to receive emails and/or texts for all your credit and debit cards.
  • Pay careful attention to links in emails and on websites.
  • Try to avoid entering card information into website forms. Instead use PayPal or a digital wallet like Apple or Google Pay when you can.
  • Make sure your home computer and mobile devices have anti-virus protection and a firewall.
  • Only shop on well-known and verified websites when buying online.
  • Go directly to a retailer’s website yourself instead of through a social media ad.
  • Look for skimming devices at the ATM or a gas station pump.
  • Monitor your bank accounts on a daily basis and if you see a purchase that was not made by you, report it to your financial institution right away.

Follow the above tips for an enjoyable, safe, and risk free holiday season. Think First!

 

6 Summer Fraud Scams to Avoid All Year

Posted on by
Reply

Here are summer’s most prevalent financial scams that are catching consumers by surprise. However, many of these scams are ongoing all year long and you should be on the lookout for them constantly.

1. Gift cards, secret shoppers, and fake offers.

How the scam works: Consumers are drawn in by a phony email or social media post to become a “secret shopper” in exchange for some form of financial gain. When a consumer agrees to participate, the fraudster seals the deal by delivering a very large counterfeit check. The criminal then asks the consumer to deposit the check and purchase gift cards with the funds – keeping a small portion of the proceeds as compensation for being the “secret shopper.” The victim is asked to email photographs of the gift cards, front and back, so the criminal can use them immediately – before the counterfeit check has a chance to bounce.

The takeaway: The bounced check and all associated damages are the responsibility of the consumer because the criminal and his or her email address are long gone by the time the check bounces.

2. “You can never be too rich or too thin” and other email scams.

Some consumers are attracted to “get rich” and “get thin” offers, and unfortunately an age old diet scam has surfaced again, targeting consumers with spam emails. When an unsuspecting consumer signs up for the “self improvement” deal, that individual agrees to recurring billing for the proposed service.

The takeaway: This ongoing billing arrangement is difficult to stop. And, in some cases, the stolen card information used for payment is also used for other fraudulent purposes.

3. Counterfeit money orders.

Fake money orders are frequently used for online purchases from websites like Craigslist. The problem is that high quality counterfeit money orders are hard to distinguish from the real thing.

The takeaway: If you think you could potentially have a counterfeit money order, call the U.S. Postal Service verification line at 1-866-459-7822. The U.S. Postal Service can verify the authenticity of money orders 48 hours after they are issued – and they can also offer tips on how to recognize fake money orders in the future.

4. “MSN” help desk fraud.

This form of fraud is usually directed at the elderly. A criminal calls an unsuspecting consumer and warns that his or her PC – however seldom used, is riddled with viruses. The fake technician offers to assist, and then dispatches the victim to a local big box store to buy prepaid gift cards which are given as payment for the tech support services.

The takeaway: Losses to victims of this scam can soar well into the thousands – and the criminals are willing to take every nickel without remorse. Some big box stores have started to try and identify consumers who may be embroiled in these scams, but they can run into roadblocks when victims are either mentally incapacitated – or reluctant to admit they have fallen for a scam.

5. Card cracking.

This rip-off scheme typically victimizes the younger crowd. A fraudster reaches out to a young person via social media and convinces the potential victim that they can both benefit by helping each other out – with the young account holder receiving a small sum of $100 or so, as compensation for cooperating with the fraudster. The victim then gives the criminal access to his or her online banking credentials, so the criminal can deposit counterfeit checks into the account. The fraudster also typically requires the usage of the account holder’s debit card and, in some cases, accompanies the co-conspirator to an ATM to perform withdrawals against the counterfeit checks that have been deposited. This is especially troubling if the account holder is a minor in the company of an adult criminal.

The takeaway: All financial damages, including non-sufficient funds checks, fall back onto the young consumer. And that easy $100 profit? It was fake as well.

6. Direct mail scams.

Bogus but official looking letters are delivered every day to random consumers with stern requests for Social Security Numbers and other personally identifiable information. Some of these letters are printed on what looks like big bank letterhead and in all cases, there is at least one “official looking” hard copy form that the consumer is asked to fill out and return.

The takeaway: The addresses on these letters and the return envelopes provided are criminal addresses. They are not P.O. boxes belonging to actual businesses or financial institutions. The main objective in this instance is identity theft, and this scam has been known to be very convincing to consumers.

Bottom Line: An informed consumer is an empowered one. Recognizing the signs of fraud will reduce your risk of becoming an identity theft victim.

Article Source: John Buzzard for Co-Op Financial Services

Don’t Fall Victim to These Phishing Scams

Posted on by
Reply

There are a number of unscrupulous types out there, waiting to take your hard earned money. One of the most common ways criminals try and scam you is to “phish” for your information. In these types of scams, you are asked to reveal personal financial information. This information can then be used to commit identity fraud — and can cost you in time and money.

Here are some phishing scams to be aware of:

You made a purchase. It usually involves an email message that claims to be sending you a receipt for a purchase at a major retailer. If you didn’t make that purchase, don’t open the PDF attachment! Even if you did, do not call the number in the document to make a dispute. Instead, look at your card statement independently to verify whether there was a purchase or not. For example, Apple is a common retailer used in this type of scam and if you look closely, the email message doesn’t come from Apple.com.

Lower your credit card interest rate. Who doesn’t want a lower interest rate on their credit cards? This phishing scam involves a phone call, and a recorded message telling you that you qualify for a lower rate. You then press a number, and you are prompted to enter your credit card number.  Hopefully you can see where this is going in terms of identity fraud …

Unlock your bank account. Some people have received phone calls claiming that their bank accounts are locked. If you receive a call like this, you might even be told that there has been some “suspicious activity on your account.” It sounds like your bank has locked down your account on your behalf. All you need to do to unlock your account is give them your account number.  And, unlike a credit card with its fraud protections, there isn’t much you can do if someone decides to drain your bank account. The moral of this story: your actual bank already knows your account number, you will never need to give it to them.

Hotel computer crash. According to Consumer Reports, the Better Business Bureau is reporting on an interesting scam that has cropped up. You receive a call on your hotel phone. The person on the other end claims to be from the front desk. The computer system has crashed, and all the data is gone — including your credit card data. All you have to do is give the information over the phone, and everything will be straightened out. This is a complete scam, and now the scammer has your credit card information to start using.

It is important not to give out personal financial information out unless you can verify the source. Additionally, don’t give out information over the phone when some calls asking for it. Always realize that your bank and credit card issuers won’t ask for your full account number; they already have it! Anyone who asks for your full account number for “security” or “verification” is probably almost always a scammer.

Bottom Line: Be on guard for phishing scams, whether they are perpetrated via email or over the phone. Keep your personal financial information private, and remember to verify information coming from others independently.

Article Source: Miranda Marquit for Moneyning.com

Don’t Fall for a Work From Home Scam

Posted on by
Reply

The promises of making it big by working from home are definitely out there, and most of the time it’s a scam. Though you may already be on high alert, online job scammers have gotten more sophisticated – and some may still slip past your radar.

Besides heeding the old adage that if it sounds too good to be true, it probably is – job seekers should consider the following questions when reviewing potential work from home opportunities:

  • Does the job listing include the hiring company’s name and/or does the recruiter or job posting match the company’s information?
  • Are there any upfront costs required to get the job? (Supplies, a minimum investment or training fees).
  • Are there any typos on the site or in any correspondence?
  • Are you being asked to provide personal information like a social security number, credit card number, bank information, or driver’s license?
  • Did they offer you a job on the spot without conducting an interview?

If the answer is yes to any of the above, experts say that’s a red flag, and the “dream opportunity” might become a nightmare.

Here are the 5 most common work from home scams:

Career advancement grant: This scam claims to come from the government, promising you a grant to pursue education or a certification. Scammers ask for your bank account information with the promise that they will deposit the bogus grant money directly into your account.

Data entry scams: There are legitimate data entry jobs that allow you to work from home, but these scammers ask for money up front and/or promise wages that are much higher than normal.

Pyramid schemes: If the only way to make money is by others losing money or paying you as they recruit others, it’s probably a scam. Plus, pyramid schemes are also illegal – so you could be charged with a crime too.

Online reshipping: Don’t ever repack items and forward them to customers outside of the United States. What you’re doing is transporting stolen goods, and not only will you never get paid, you could also be charged with a crime.

Rebate processor: This scam promises you a salary based on the number of clicks your ad receives. It charges a training fee up front for which you will never be reimbursed, and you’ll never receive that salary, either.

Scammers can be very creative in convincing you that a position or company is legitimate, so do your research. Check with sites like BetterBusinessBureau.com, FTC.com, and Scam.com to learn of recent employment scams.

Article Source: Myriam DiGiovanni for FinancialFeed.com