Protect Yourself

According to the US Federal Trade Commission, online fraud is on the rise, with consumers losing more than $5.8 billion to scammers in 2021 alone. Protect yourself by staying up-to-date on how scammers prey on their victims. Check back here weekly for new tips on how to keep yourself safe.

  • Protect Your Personal Information – Phones can contain a tremendous amount of personal information. Lost or stolen devices can be used to gather information about you and potentially others. Protect your phone like you would a computer or tablet. Be sure to use a strong passcode to lock all of your mobile devices.
  • Keep Your Mobile Device Up-to-Date – Mobile devices are actually computers with software that needs to be kept up-to-date (just like your PC, laptop, or tablet). Security protections are built in to your mobile device and need to be updated periodically. Take time to make sure all of the mobile devices in your household are updated with the latest protections by installing the latest software updates as soon as they are available. This may require synching your mobile device to a computer. You should make sure that all of the web-enabled devices in your home are also updated. This includes computers, smart phones, gaming systems, smart televisions, and other devices that connect to the internet, like smart thermostats or refrigerators.
  • On Guard Online – The Federal Trade Commission has a website with more information on how to keep yourself safe and secure online. Log on to ftc.gov/onguardonline today.
  • Online Account Takeover Fraud – Online Account Takeover occurs when someone other than an authorized account holder gains access accounts online. Fraudsters typically use phishing scams as a way to install virus or malware (malicious software) on a computer. When a user clicks on the link in a phishing email, the virus or malware is downloaded and an alert is sent to the fraudster every time the user logs into a secure site (such as online banking). User information from the secure site is then logged by the virus or malware and sent to cyber thieves, which may allow them access to the user’s accounts without the user’s knowledge.
  • The Business E-mail Compromise – The Business E-mail Compromise (BEC) is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. Formerly known as the “Man-in-the-E-mail “Scam, the BEC was renamed to focus on the “business angle” of this scam and to avoid confusion with another unrelated scam. The fraudulent wire transfer payments sent to foreign banks may be transferred several times but are quickly dispersed. Asian banks, located in China and Hong Kong, are the most commonly reported ending destination for these fraudulent transfers. There are many versions of the scam, but here are three examples:
    • Version 1 – A business, which often has a long standing relationship with a supplier, is asked to wire funds for invoice payment to an alternate, fraudulent account. The request may be made via telephone, facsimile or e-mail. If an e-mail is received, the subject will spoof the e-mail request so it appears very similar to a legitimate account and would take very close scrutiny to determine it was fraudulent. Likewise, if a facsimile or telephone call is received, it will closely mimic a legitimate request. This particular version has also been referred to as “The Bogus Invoice Scheme,” “The Supplier Swindle,” and “Invoice Modification Scheme.”
    • Version 2  – The e-mail accounts of high-level business executives (CFO, CTO, etc) are compromised. The account may be spoofed or hacked. A request for a wire transfer from the compromised account is made to a second employee within the company who is normally responsible for processing these requests. In some instances a request for a wire transfer from the compromised account is sent directly to the financial institution with instructions to urgently send funds to bank “X” for reason “Y.” This particular version has also been referred to as “CEO Fraud,” “Business Executive Scam,” “Masquerading,” and “Financial Industry Wire Frauds.”
    • Version 3 – An employee of a business has his/her personal e-mail hacked. Requests for invoice payments to fraudster-controlled bank accounts are sent from this employee’s personal e-mail to multiple vendors identified from this employee’s contact list. The business may not become aware of the fraudulent requests until they are contacted by their vendors to follow up on the status of their invoice payment.

Learn more about the Business Email Compromise by clicking here or by visiting the US Federal Trade Commission website.

  • Puppy Scams – This holiday season, there has been a noticeable uptick in local puppy scams. A puppy scam is when scammers post fake litters online or pretend to be someone they’re not (usually an existing breeder) to take advantage of puppy sales (without the actual puppies.) If you are considering buying a puppy, be careful! If you’re not careful, you could find the perfect puppy, send the “breeder” your money, and never receive a puppy or any follow-up communication in return. The American Kennel Club has tips to avoid puppy scams on its website (click here for more).
  • Peer-to-Peer Payments – With the increased use of person-to-person payment apps like Zelle and Venmo, it’s more important than ever to ensure you know you’re sending money to the correct person before transferring any funds. If you’re sending money to a friend or family member using a mobile payment app, double-check you have the right person before hitting send. Consider having the person send you a request for payment or sending a small amount like one dollar prior to sending the full amount to ensure the funds are reaching who you intended. A common scam is for thieves to have you send payment for an item they’re selling and then never send the item you purchased. It is very important to only use these payment services with those you know and trust. 

How to Safely Use Mobile Payment Apps and Services

Online payment systems or apps like Zelle, Venmo, and CashApp let you quickly send and receive money. If you link the service to your bank account or debit card, it’s almost like handing someone cash. Be sure you know who you’re sending money to. Once you send money, it’s nearly impossible to get it back.

Avoid Sending Money To a Scammer

  • Don’t click on links in an unexpected email, text message, or direct message that asks you to send money. Don’t give any personal or sensitive information like your username, PIN, or password.
  • Confirm that you know the person you’re sending money to.
  • When sending to someone you know, double-check their information before you hit send.

Protect Your Accounts

  • Use multi-factor authentication. This means you need two or more credentials to get into your account: your password plus something else like an authentication code or fingerprint.
  • Never share your credentials, like a verification code you get via text or authentication app.
  • Set up alerts in the payment app to get transaction notifications outside of the app environment, such as via email or text.
  • Regularly check your payment app and bank accounts to make sure no unauthorized payments have been sent from or accepted by your account.

Paid a Scammer Through a Payment App?

  • Report it to the payment app or service and ask to reverse the transfer.
  • Tell your financial institution.
  • Report it to the Federal Trade Commission at ReportFraud.ftc.gov.

#BanksNeverAskThat

Lake Shore Savings Bank has teamed up with the American Bankers Association to teach people how to spot online bank scams by learning the things a bank will never ask you. Here are some tips to help you prevent being taken advantage of by scammers:

  • Watch for misspelled words. Fraudulent texts and emails often have typos. Real banks use spell check.
  • Call the number on your card. If you think an email, text, or call might be a scam, play it safe. Just hang up and call the number on the back of your card.
  • Never share your PIN or password. Got an email, text, or phone call that claims to be from your bank, but is asking for your PIN or password? #BanksNeverAskThat. Just hang up and call the number on the back of your card.
  • Beware of scare tactics. Scam emails, texts, and calls may pressure or even threaten you to respond. Just ignore them and call your bank directly.
  • Be wary of suspicious links. Banks will never send you a text or email that asks you to click a suspicious link.

For more tips like these, visit www.banksneveraskthat.com.