What they’re up to – Spring 2024
We bring you up to date on the latest in fraud trends and online scams so that you know how and when to protect yourself.
Here are the most current consumer fraud trends.
The “your money isn’t safe” fraud
The victim receives a call or SMS (followed by a call) from someone pretending to be from their financial institution or a well-known merchant. They inform the victim that criminals are committing fraud against others using the victim’s name and that they are under investigation. They indicate that the victim’s money is not safe as a result, and suggest they exchange their money into cryptocurrency, deposit it into a new account, or perform some other type of unusual transfer.
The urgent tone and the feelings of danger have caused many people to fall for this scheme and lose all their savings.
How do you detect this fraud? Here are some clues:
- They urge you to buy gold or cryptocurrency.
- They ask you to go to an ATM to withdraw funds.
- You may have to visit your bank or credit union, and they insist on staying on the phone with you.
- The caller asks you to lie if someone asks you the purpose of your transaction(s).
The grandkids in trouble scheme
This swindle starts with a phone call where someone might say they are your grandkid; they have been arrested, they owe rent money, or they have had an accident and do not have money for the hospital’s copay. It is urgent, and they do not want their parents or other relatives to know.
They often know your full name and nicknames, and they pepper the call with information that shows they know you. They might use other relatives’ names, and mention things you have done in the past, and places where you have been. Another sign: they need money through a quick payment platform such as Zelle®, Venmo or an ACH transfer.
This is a fraud. The person calling has seen your online profile on social media and taken notes of the names of some relatives, and of special events with dates. They use this information to give a false sense of familiarity and trust. At other times they have used search services to find addresses and names of relatives.
However, if you still feel that a caller might be for real, please use the following safeguards to be sure:
- Ask them questions that only the real person would know the answer to.
- Even if they ask you to not call the family, call. Contact their parents or someone else that knows them and ask if there is a real emergency.
- Do not send any funds via ACH, wire transfer, or instant money-sending apps. These services would not give you the money back if it was a scam. The safest route is to offer to mail them a check, and nothing else.
Scams targeting university students and recent graduates
This fraud trend is based on an oldie. Criminals will contact a senior or recent graduate on social media, email or via SMS. They claim to be a recruiter for <<insert well-known large company name>>. The victim has been recommended by a dean or faculty member of their university, as they are a friend or acquaintance of the caller. The caller knows the university well, with specific facts and places on campus.
The call is part of a series of online interviews, after which the victim is offered a fantastic job. Once they have accepted, they are asked for personal information, including bank accounts, to process their payroll. Sometimes, they will send the victim money, a sign-up bonus check. If so, the victim is always asked to send some of it to the recruiter, to buy work equipment or something similar.
One scam is in the check, which comes back later, after the victim has already sent out funds. Or the victim paid out of pocket expenses to the recruiter directly. Other times, they send money directly to buy equipment, or pay an expense. They do not recover the money.
How can you protect yourself from this kind of fraud?
- First, bona fide recruiters that contact you will never ask for money. Beware of requests for personal information: anyone asking you for your personal or financial information is a large, red flag. It is the moment to stop and do some sleuthing:
- Investigate your recruiter by name. Contact the dean or faculty member that recommended you and confirm that they know this person and indeed, did recommend you.
- Confirm your recruiter’s email address. Is it from the company they mention? Is it a company email, or a personal one? Check for typos.
- And, since it is easy to hack company emails or spoof addresses, your safest route is calling the company. Find out whether this person works there or form them, and whether they are indeed hiring you.
Account takeovers
Lastly, we believe that it is important to speak of the growing risk of an account takeover. Criminals may obtain your credentials and try to steal your money. In more extreme cases, they have been known to apply for loans in people’s names to get even more money.
Account takeover has two points of origin:
- The use of repeated login credentials by consumers. This means that they use the same password on several different sites. Someone hacks into one of the sites and sells their credentials to thieves on the dark web. The thieves use credential stuffing, using those credentials on thousands of online sites to gain access, information, and with time, gain entry to accounts.
- Malware. The victim visits a compromised page, clicks on a link, or opens a contaminated file that received by email. This installs malware that tracks their keystrokes and provides the criminals with everything they need.
Do you want to know if any of your credentials have ever been exposed to be sold? The webpage Have I been Pwned will tell you, by entering your email address(es), whether they have ever been compromised (and how/when.) Do you want to know?
Preventing risk
We recommend that you use our guide on how to create secure passwords. But also, do the following:
- Use unique passwords for each site, app, and service.
- Enabling multifactor authentication (MFA) on all important accounts. With MFA you will receive a code via email or SMS that you will need to provide to continue.
- Do not use any credentials while using public, open Wi-Fi networks.
- Be careful about clicking on links or opening files from anyone, especially when you didn’t expect one. Call the sender to ask or email them separately.
- Obtain and use antivirus software on your devices and run regular checks.
- Edit your security preferences on important sites –like your OAS FCU Online or Mobile Banking- to receive email/SMS alerts whenever it registers a failed attempt to access your account, or when you change your password, among others. You can do this by visiting your account online and clicking My Profile-Alerts Setup-Security Alerts.
Help the community
If you become victim of any type of fraud, aside from reporting it to the authorities, please report it to the appropriate consumer protection agencies in your country. They will help them warn the public of any new fraud trand, and you will be helping others.
In the US, one reports these crimes with the Federal Trade Commission. This is their reporting page.