Scams & Frauds
Guarding against “phishing,” “spoofing,”
and other cyber fraud.
On-Line Fraud is Growing
Internet fraud can be any type of scheme that uses the Internet – chat rooms, email, message boards or websites – to deceive prospective victims. These schemes, scams and frauds take advantage of the Internet’s unique capabilities – sending email messages worldwide in seconds or posting website information that is readily accessible from anywhere in the world – to carry out fraud quicker than ever possible in the past.
As a bank customer, you need to be especially vigilant to some of the newer frauds at work in cyberspace.
Fraudulent emails, appearing to be from a trusted source such as your bank, or a government agency, direct you to websites. Once there, you are asked to verify personal information such as name, account and credit card numbers and passwords. These sites are often designed to look exactly like the site they are imitating.
If you receive an email that warns you, with little or no notice, that your account will be shut down unless you reconfirm certain information, do not click on the email link. Instead, use a phone number or enter the web address yourself. Clicking on a link that looks legitimate may in fact direct you to a fraudulent website where your personal information may be compromised.
Before submitting any financial information to a legitimate website, look for the “lock” icon on the browser status bar, or look for “https” in the web address. Both are indications that the information is secure and encrypted during transmission.
Report suspicious activity to the Federal Trade Commission (FTC).
Web spoofing allows an attacker to create a “shadow copy” of any legitimate website. Access to the shadow web is funneled through the attacker’s machine, allowing the attacker to monitor all the victim’s activities, including any passwords or account numbers the victim enters. The attacker can also cause false or misleading data to be sent to web servers in the victim’s name, or to the victim in the name of any web server. In spoofing, an attacker gains unauthorized access to a computer or a network by making it appear that a malicious message had come from a trusted machine by “spoofing” the address of that machine. Phishing and spoofing often go hand-in-hand Internet fraud.
Be wary of unsolicited or unexpected emails from all resources.
If an unsolicited email arrives, treat it as you would a phishing source.
Identity Theft Frauds
Internet fraudsters often use identity theft as a starting point for larger crimes. In one case, criminals obtained the names and social security numbers of military personnel then used them to apply to a bank over the Internet for credit cards. In another case, stolen personal data was used to submit car loan applications online.
Keep a close eye on your account activity at your bank, either through statements or using their online services. Report anything that looks suspicious.
Your personal information can be obtained by “phishing,” “spoofing,” or the old fashioned way – dumpster diving. Make sure your unused checks, bills, and statements are shredded before discarding.
General Tips Against Cyber-Fraud
Don’t Judge By Initial Appearances. Just because something appears on the Internet – no matter how impressive or professional the website looks – doesn’t mean it’s real. The ready availability of software that allows anyone, at minimal cost, to set up a professional-looking website means that criminals can make their websites look as impressive as those of legitimate businesses, banks or government agencies.
Be Careful About Giving Out Personal Data Online. If you receive emails from someone you don’t know asking for personal data – don’t send the data without knowing more about who’s asking. While secure transactions with known e-commerce sites should be safe, especially if you use a credit card, non secure messages to both known and unknown recipients are not safe.
Be Especially Wary of Emails Concealing Their True Identity.
If someone sends you an email using a mail header that does not have useful identifying data
(e.g., W6t7S8@provider.com), it may be an indication that the person is hiding something and is not legitimate.
Review Credit Card and Account Statements as soon as you receive them to determine whether there are any unauthorized charges or suspicious charges/transactions. If your statement is late by more than a few days, call your credit card company or bank to confirm your billing address/account balances, and determine whether they have mailed your statement.
Watch Out For “Advance-Fee” Demands. Look carefully at any online seller of goods or services that wants you to send checks or money orders immediately to a post office before you receive the goods or services you’ve been promised.
Use Common Sense.