Protect Yourself

According to the US Federal Trade Commission, online fraud is on the rise, with consumers losing more than $5.8 billion to scammers in 2021 alone. Protect yourself by staying up-to-date on how scammers prey on their victims. Check back here weekly for new tips on how to keep yourself safe.

  • Hurricane Related Phishing Scams – Even though Western New Yorkers don’t usually have to worry about hurricanes, cybercriminals tend to use hurricane relief as a method to exploit consumers. The Department of Homeland Security advises people to exercise caution in handling any email with a subject line, attachments, or hyperlinks related to a hurricane, even if they appear to originate from a trusted source. Fraudulent emails will often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from charitable organizations commonly appear after natural disasters.
  • Top 10 Mass-Marketing and Identity Theft Scams – The Department of Homeland Security’s arm for investigating transnational crimes and threats, Homeland Security Investigations, recently released its list of the top 10 mass-marketing and identity theft scams:
    1. Arrest Scam – Callers claiming to be from a government agency state that the consumer will be arrested for failing  to pay taxes or a fine; but they can avoid arrest by paying over the phone with a prepaid card or wire transfer. Recommended action: Hang up and contact the agency directly using a phone number from an independent source, such as a past bill or online search.
    2. Business-to-Business Emails Scam – An email is received from a high-level executive in a company purporting to authorize payment for a seemingly legitimate purpose. Actually, this scammer’s email address is very similar to the legitimate executive’s email. Recommended action: Before initiating any payments, follow up directly with the executive using a known email address or phone number.
    3. Reverse Mortgage Scam – Callers offer home refinance assistance that sounds too good to be true. Recommended action: Always seek out your own mortgage counselor and refuse to sign anything that you do not fully understand without an attorney present.
    4. Tech Support Scam – A pop-up window appears that looks like an error message from your operating system or antivirus software. The pop-up warns of a security issue on your computer and directs you to click on a link for assistance. Recommended action: Never click on pop-up links. Contact the operating system or antivirus company directly for tech support using the number on their website.
    5. Money Mule Scam – Emails direct you to move money from your personal bank account for purposes that seem legitimate. Recommended action: Always be wary of emails requesting access to your bank accounts. Look for warning signs and conduct your own research before agreeing to participate. Notify the appropriate authorities if you have any concerns.
    6. Door-to-Door Scam – Door-to-door salespeople visit, sometimes wearing realistic uniforms/badges. Recommended action: Make it a policy to never buy products or services from door-to-door salespeople. If you do decide to make a purchase, contact the company directly to verify the salesperson’s credentials.
    7. Medicare/Healthcare Scam – Alleged Medicare representatives call asking for your Medicare or Social Security number. The scammer then bills Medicare for products and services that you never received. Recommended action: Never provide personal information on the phone unless you verify the caller’s credentials. Review your Medicare Summary Notices for errors and report suspicious behavior to the Medicare Fraud Tip Line at 1-800-HHS-TIPS.
    8. Telephone Scam – Callers pitch an “unbelievable” opportunity. All they need from you is your personal information. Recommended action: Never provide personal information over the phone. Hang up and do not press any buttons on your phone when you receive a robocall. Do not pick up or return a call that appears on the caller ID to be coming from your own phone number.
    9. Romance Scam – Romance scammers contact their victims through online dating websites/apps or social media. The scammer’s intent is to establish a relationship with the victim and use that relationship to dupe them out of money, usually for an “emergency.” Recommended action: Always be wary about the personal information that you post or share. Assume that con artists are trolling even the most reputable sites. If you develop a romantic relationship with someone you meet online, research their identity and be suspicious of any requests for money or personal information.
    10. Sweepstakes Scam – You are notified that you have won a contest or the lottery; but to claim your prize you must first pay fees or taxes. Recommended action: No real lottery or sweepstakes will ever request money in advance. Do a quick internet search to verify a sweepstakes if you are concerned about it’s legitimacy.
  • Online Dating Scams – Online dating scams begin when someone registers on a dating website or app. Often, the website or app is perfectly legitimate, but that doesn’t stop scammers from creating fake names and profiles and reaching out to potential victims. Usually, the scammer claims to live outside of the United States. While the correspondence starts on the dating website or app, it often moves into personal email, texts, or even phone calls with the victim. As the trust of the victim is gained by the scammer, he/she professes romance and often marriage intentions to the victim. Ultimately, the scammer will will begin to ask for money from the victim for various fictitious scenarios, including travel expenses, visas, help getting out of a difficult situation, medical emergencies, or help for a needy relative.
  • Overpayment Fraud – Overpayment fraud can occur over the internet when a victim advertises for something like an apartment rental or the sale of a vehicle. In this scam, a “customer” makes a fraudulent or counterfeit payment to the victim that is significantly larger than the original sum agreed upon for the product or service for sale. The victim is then asked to deposit the whole payment into his or her bank account and pay the “overpayment” back to the scammer.
  • The Stranded Victim Scam – This scam happens when a criminal hacks into an individual’s email address book and uses the contact list to send out emails claiming to be stranded in a foreign country and in desperate need of help. The email appears to be from a friend because it comes from their email account. The criminal will ask for money to be wired to them to help them out of “a bad situation” when it’s really a fictitious story. Be wary of ANYONE who asks you for money through email and always verify the identity of the person asking by communicating with them through a different channel.
  • “Pig Butchering” Scams – Did you know that cybercrime can involve elements of human trafficking? Shāz Hū Pán, otherwise known as “pig butchering,” is an increasingly prolific financial fraud scheme, which combines elements of traditional romance and investment fraud while targeting people trafficking and modern slavery victims. Pig Butchering works by criminal networks placing fake job advertisements to attract young people from China and other countries. These individuals are then held, against their will, in secure compounds where they are forced (under threat of violence) to commit cyber enabled fraud against victims largely located in Western countries including the U.S. and Europe.
  • Phone Scams – The New York State Police offer the following tips to protect against various phone call scams:
    • Take a pause. Scammers create a sense of urgency to prey on victims’ emotions and their love for family members.
    • Verify any supposed emergency by calling friends and family before sending money. This is especially important if a potential victim has been warned not to do so by the caller.
    • If the caller purports to be a bail bondsperson, ask where the relative is being held and contact the facility directly.
    • If a caller purports to be a law enforcement officer, get the exact agency name and then hang up and call that department directly.
    • Be suspicious of anyone who calls unexpectedly asking to be sent money.
    • Never send cash through the mail.
    • Never purchase pre-paid debit cards or gift cards for the purpose of transferring money.
    • Develop a secret code or “password” with family members that can be used to verify the identity of family members over the phone.
    • Ask a question that only the real family member would know the answer to, such as, “what was the name of your first pet?”
    • Set Facebook and other Social Media settings to “private” to limit information available to scammers, such as the names or relatives.
  • Microsoft “Security Office” Scam – The New York State Police have recently alerted the public to a computer scam that is happening in Western New York. When logging on to a computer, a message is displayed on the screen that instructs the user to contact Microsoft due to a virus. When the victim calls the provided phone number, they are connected to a person who identifies themselves as a representative of Microsoft’s “Security Office.” the victim is then told that their bank account information is compromised.
  • Remote Access Trojans – Remote Access Trojans (RATs) are malware that is disguised within links, software, or applications that, when inadvertently activated by the user, can infiltrate personal and financial information. There have been cases of QR code reader applications (available in mobile device stores) that were actually RATs and worked as a QR code scanner, but also side-loaded malware into the device it was downloaded to. A good way to severely limit these types of breaches is to download well-known and trusted software and applications with 10 million or more downloads and with a high “star” rating. Take time to do some research if you are unsure of any application available in the mobile device store you use. Look for reviews and to trusted resources whenever you download an application.
  • “Juice-Hacking” Scam – Juice-hacking happens when someone manipulates a public USB port or charging cable to steal information. The FBI recently issued an alert encouraging people to avoid using free electric charging plugs at airports, bus stops, shopping centers, hotels, and other public places. The safest way to avoid juice-hacking is to use a charger in an AC power outlet and by carrying your own personal charger during travel. Additionally, you can use a charging-only cable with a USB data blocker, which prohibits data transfer while charging.
  • Protect Your Credit – It’s important to review your credit rating scores regularly to see if you have unsuspectingly been the victim of fraud. Here are some tips to follow that can help you maintain good credit:
    • Review your monthly bank and credit card statements to make sure there are no unauthorized charges.
    • If your account activity looks suspicious or important mail is delayed, check with the merchant or biller immediately.
    • If fraud is detected, contact credit bureaus and take advantage of all recourse and protection periods.
    • Should you need to contact any of the three credit reporting agencies, here are the numbers and websites:
      • Equifax: (800) 525-6285 or www.equifax.com
      • Experian: (888) 397-3742 or experian.com
      • TransUnion: (800) 680-7289 or transunion.com
    • Check your credit report at least once a year to look for suspicious activity.
  • Online Shopping Tips – Online shopping is easy, convenient, and quick. Here are a few tips that will help keep you safe while you’re adding things to your “cart”:
    • Check out sellers – Do research on a seller that you have never done business with before. Some scammers try to trick you by creating malicious websites that appear legitimate. Always verify the site before supplying any personal information. A quick search for merchant reviews should help you make an informed decision whether or not to place an order.
    • Make sure the website you’re on is secure – Before entering your personal and financial information to make an online transaction, look for signs that the site is secure. This includes a closed padlock icon on your web browser’s address bar or a URL (web address) that begins with “shttp://” or “https://” These are signs that the purchase is encrypted or secured.
    • Be cautious of public Wi-Fi or other unsecured networks – When shopping online, it’s best not to use public Wi-Fi or any unsecured networks that are available. Unfortunately, these are usually not secure.
    • Protect your personal information – When making a purchase online, be alert to the kinds of information that is being collected in order to complete a transaction. Make sure the information requested by the vendor is necessary before you provide it. Remember, you only need to fill out required fields in an online form.
    • Keep a paper trail – Print or save records of your online transactions, including the product description, price, online receipt, terms of sale, and copies of any email exchange with the seller.
    • Be wary of emails requesting information – Scammers may attempt to gather information by sending emails requesting that you confirm purchase or account information. Legitimate businesses will not solicit this type of information through email. Contact the merchant directly if you are alerted to a problem. Do not use the contact information found in the email.
  • Safeguard Your Personal Information – Here are some tips on keeping your personal information safe and out of the hands of scammers:
    • Do not give your Social Security Number or other personal credit information about yourself to anyone who calls you.
    • Tear up or shred receipts, bank statements, and unused credit card offers before throwing them away.
    • Do not mail bills from your mailbox with the flag up. Take them to a US Postal drop box or your local Post Office.
    • Retrieve mail promptly from your mailbox.
    • Sign up for direct deposit whenever possible.
    • Notice when monthly bills come in the mail. If they are delayed, contact the merchant or credit care company for the reason for the delay or the date of the mailing.
  • Using Automated Teller Machines (ATMs) – Make sure to look over any ATM before inserting your card. If you see something that looks unfamiliar on the machine, it could be part of an ATM scam. Card skimmers (external readers) and hidden cameras can be used to compromise a bank account. Card skimmers are usually small devices that go over a normal card reading slot in an ATM (or even a gas pump). They can be very difficult to notice. Use secure ATMs or ones that are equipped with video surveillance (like inside a bank lobby), because these ATMs are less likely to be tampered with. Thieves have to take much more of a risk installing skimmers where there are security cameras. Here are some more tips that will keep you safe while using an ATM:
    • Have someone accompany you to the ATM if possible.
    • Fill out any banking forms you have ahead of time.
    • Spend a minimum amount of time at the ATM.
    • As you approach the ATM, be aware of your surroundings. If you notice something or someone suspicious, go to another ATM or come back later.
    • Do not use an ATM that appears unusual looking or offers options with which you are unfamiliar or uncomfortable.
    • Make sure the lighting around the ATM is adequate. If it’s not, go to another ATM and notify the financial institution.
    • Make sure your car’s passenger windows are up and all the doors are locked when using a drive-up ATM.
    • Be wary of people trying to “help” you with your ATM transaction.
    • Do not allow people to look over your shoulder as you enter your PIN. Cover the ATM keypad as you’re entering your PIN (just in case there’s a hidden camera around). Be cautious of people around you with cell phones (since most cell phones have cameras).
    • Do not re-enter your PIN if the ATM “eats” your card. Contact a bank official immediately.
    • Do not write your PIN on your card.
    • Do not display cash — pocket it and count it after you’ve left the area.
  • Using Your Mobile Phone – Remember that it is easy to say things via phone or text that you would never say to someone face-to-face. Use the same level of courtesy on the phone as you would in the real world. It’s important to know how to block callers or phone numbers by using caller ID. Remember that, even though texting may be a natural next step after online chatting, it is not safer. Use extreme caution when meeting someone face-to-face who you only “know” through texting or online chatting. Only give your mobile number out to people you know and trust and never give anyone else’s number out without their permission.
  • Watch For Secure Websites – When engaging in any transactions that involve money, like online banking or shopping, check to make sure the website you’re on is security enabled. Look for web addresses that start with “https://” or “shttp://” which mean that the website you’re on takes extra measures to help secure your information. Note that website addresses that start with “http://” are NOT secure.
  • Be Careful When Using Public WiFi – Use common sense when you connect to a public WiFi network. If you go online using an unsecured or unprotected network, be cautious about the sites you visit and the information you release. Limit the types of business you conduct and make sure to check the security settings on your device to limit who can access your phone.
  • Think Before You App – Review an app’s privacy policy and understand what data (location, access to your camera and microphone, access to your social media accounts, etc.) on your device the app can access before you download it. Only give your mobile number out to people you know and trust and never give out anyone else’s number without their permission.
  • Protect Your Personal Information – Phones can contain a tremendous amount of personal information. Lost or stolen devices can be used to gather information about you and potentially others. Protect your phone like you would a computer or tablet. Be sure to use a strong passcode to lock all of your mobile devices.
  • Keep Your Mobile Device Up-to-Date – Mobile devices are actually computers with software that needs to be kept up-to-date (just like your PC, laptop, or tablet). Security protections are built in to your mobile device and need to be updated periodically. Take time to make sure all of the mobile devices in your household are updated with the latest protections by installing the latest software updates as soon as they are available. This may require synching your mobile device to a computer. You should make sure that all of the web-enabled devices in your home are also updated. This includes computers, smart phones, gaming systems, smart televisions, and other devices that connect to the internet, like smart thermostats or refrigerators.
  • On Guard Online – The Federal Trade Commission has a website with more information on how to keep yourself safe and secure online. Log on to ftc.gov/onguardonlinetoday.
  • Online Account Takeover Fraud – Online Account Takeover occurs when someone other than an authorized account holder gains access accounts online. Fraudsters typically use phishing scams as a way to install virus or malware (malicious software) on a computer. When a user clicks on the link in a phishing email, the virus or malware is downloaded and an alert is sent to the fraudster every time the user logs into a secure site (such as online banking). User information from the secure site is then logged by the virus or malware and sent to cyber thieves, which may allow them access to the user’s accounts without the user’s knowledge.
  • The Business E-mail Compromise – The Business E-mail Compromise (BEC) is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. Formerly known as the “Man-in-the-E-mail “Scam, the BEC was renamed to focus on the “business angle” of this scam and to avoid confusion with another unrelated scam. The fraudulent wire transfer payments sent to foreign banks may be transferred several times but are quickly dispersed. Asian banks, located in China and Hong Kong, are the most commonly reported ending destination for these fraudulent transfers. There are many versions of the scam, but here are three examples:
    • Version 1 – A business, which often has a long standing relationship with a supplier, is asked to wire funds for invoice payment to an alternate, fraudulent account. The request may be made via telephone, facsimile or e-mail. If an e-mail is received, the subject will spoof the e-mail request so it appears very similar to a legitimate account and would take very close scrutiny to determine it was fraudulent. Likewise, if a facsimile or telephone call is received, it will closely mimic a legitimate request. This particular version has also been referred to as “The Bogus Invoice Scheme,” “The Supplier Swindle,” and “Invoice Modification Scheme.”
    • Version 2  – The e-mail accounts of high-level business executives (CFO, CTO, etc) are compromised. The account may be spoofed or hacked. A request for a wire transfer from the compromised account is made to a second employee within the company who is normally responsible for processing these requests. In some instances a request for a wire transfer from the compromised account is sent directly to the financial institution with instructions to urgently send funds to bank “X” for reason “Y.” This particular version has also been referred to as “CEO Fraud,” “Business Executive Scam,” “Masquerading,” and “Financial Industry Wire Frauds.”
    • Version 3 – An employee of a business has his/her personal e-mail hacked. Requests for invoice payments to fraudster-controlled bank accounts are sent from this employee’s personal e-mail to multiple vendors identified from this employee’s contact list. The business may not become aware of the fraudulent requests until they are contacted by their vendors to follow up on the status of their invoice payment.

Learn more about the Business Email Compromise by clicking here or by visiting the US Federal Trade Commission website.

  • Puppy Scams – This holiday season, there has been a noticeable uptick in local puppy scams. A puppy scam is when scammers post fake litters online or pretend to be someone they’re not (usually an existing breeder) to take advantage of puppy sales (without the actual puppies.) If you are considering buying a puppy, be careful! If you’re not careful, you could find the perfect puppy, send the “breeder” your money, and never receive a puppy or any follow-up communication in return. The American Kennel Club has tips to avoid puppy scams on its website (click here for more).
  • Peer-to-Peer Payments – With the increased use of person-to-person payment apps like Zelle and Venmo, it’s more important than ever to ensure you know you’re sending money to the correct person before transferring any funds. If you’re sending money to a friend or family member using a mobile payment app, double-check you have the right person before hitting send. Consider having the person send you a request for payment or sending a small amount like one dollar prior to sending the full amount to ensure the funds are reaching who you intended. A common scam is for thieves to have you send payment for an item they’re selling and then never send the item you purchased. It is very important to only use these payment services with those you know and trust. 

How to Safely Use Mobile Payment Apps and Services

Online payment systems or apps like Zelle, Venmo, and CashApp let you quickly send and receive money. If you link the service to your bank account or debit card, it’s almost like handing someone cash. Be sure you know who you’re sending money to. Once you send money, it’s nearly impossible to get it back.

Avoid Sending Money To a Scammer

  • Don’t click on links in an unexpected email, text message, or direct message that asks you to send money. Don’t give any personal or sensitive information like your username, PIN, or password.
  • Confirm that you know the person you’re sending money to.
  • When sending to someone you know, double-check their information before you hit send.

Protect Your Accounts

  • Use multi-factor authentication. This means you need two or more credentials to get into your account: your password plus something else like an authentication code or fingerprint.
  • Never share your credentials, like a verification code you get via text or authentication app.
  • Set up alerts in the payment app to get transaction notifications outside of the app environment, such as via email or text.
  • Regularly check your payment app and bank accounts to make sure no unauthorized payments have been sent from or accepted by your account.

Paid a Scammer Through a Payment App?

  • Report it to the payment app or service and ask to reverse the transfer.
  • Tell your financial institution.
  • Report it to the Federal Trade Commission at ReportFraud.ftc.gov.

#BanksNeverAskThat

Lake Shore Savings Bank has teamed up with the American Bankers Association to teach people how to spot online bank scams by learning the things a bank will never ask you. Here are some tips to help you prevent being taken advantage of by scammers:

  • Watch for misspelled words. Fraudulent texts and emails often have typos. Real banks use spell check.
  • Call the number on your card. If you think an email, text, or call might be a scam, play it safe. Just hang up and call the number on the back of your card.
  • Never share your PIN or password. Got an email, text, or phone call that claims to be from your bank, but is asking for your PIN or password? #BanksNeverAskThat. Just hang up and call the number on the back of your card.
  • Beware of scare tactics. Scam emails, texts, and calls may pressure or even threaten you to respond. Just ignore them and call your bank directly.
  • Be wary of suspicious links. Banks will never send you a text or email that asks you to click a suspicious link.

For more tips like these, visit www.banksneveraskthat.com.