Presentation on theme: "ING Fraud Collection GPCE Credit Union has arranged a collection of scams, outlining the most prevalent financial scams. We want our members to be aware,"— Presentation transcript:
ING Fraud Collection GPCE Credit Union has arranged a collection of scams, outlining the most prevalent financial scams. We want our members to be aware, not to become victims. The scams included in this presentation include: Phishing, Spear Phishing, Vishing, Smishing, Fake Check Scams, and Skimming. (Sources: Federal Trade Commission, About.com, Wikipedia, and Scamwatch.)
PHISHING - What is phishing? It is the most preventable financial scam and still the most dangerous. Phishing is a scam where internet fraudsters send spam or pop-up messages to lure personal and financial information from unsuspecting victims.
Avoid Getting Hooked: Don't reply to email or pop-up messages that ask for personal or financial information, and don't click on links in the message. Don't cut and paste a link from the message into your Web browser phishers can make links look like they go one place, but that actually send you to a different site.
Some scammers send an email that appears to be from a legitimate business and ask you to call a phone number to update your account or access a "refund." Because they use Voice over Internet Protocol technology, the area code you call does not reflect where the scammers really are. If you need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card.
Use anti-virus and anti-spyware software, as well as a firewall. Update them all regularly. Don't email personal or financial information. Review credit card and bank account statements as soon as you receive them to check for unauthorized charges.
Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them. Forward phishing emails to firstname.lastname@example.org – and to the company, bank, or organization impersonated in the phishing email@example.com You also may report phishing email to firstname.lastname@example.org. The Anti-Phishing Working Group, a consortium of ISPs, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing. email@example.com
If you believe you've been scammed, file a complaint with the Federal Trade Commission at www.ftc.gov/complaint, and then visit the FTC's identity theft website at ftc.gov/idtheft.www.ftc.gov/complaint ftc.gov/idtheft Victims of phishing can become victims of identity theft. While you can't entirely control whether you will become a victim of identity theft, you can take some steps to minimize your risk. (Source: FTC)
SPEAR PHISHING - What is spear phishing? In this case, it is not a sport-fishing method. It is an insidious variation of phishing that targets specific people and groups. Spear phishing attacks are customized and can be sent to a single person at a time. Waiting to see who bites…Waiting to make you the next victim of fraud!
How Does It Work? A spear phishing email usually includes a link that leads to a spoofed or fake web site that requests your personal information. It all looks very legitimate, and sometimes even the experts are fooled by spear phishing emails. Other spear phishing emails may contain a downloadable file. Theyre just as convincing, often appearing to come from an employer or someone else thats equally legitimate. But the file contains malware of some kind that, once downloaded to your computer, collects your personal information and transmits it to the criminal when youre online. Spear phishing is a difficult scam to catch because the criminals that use this method of stealing identities put extra time and effort into the process. It takes time to put together the web sites and messages that are used as bait. However, the pay-off is usually much greater than the rewards of a simple phishing attack. (Source: From Jerri Ledford, former About.com Guide)Jerri Ledford
VISHING - What is Vishing? It is another form of phishing AKA voice phishing, in which criminals use phone technology to ensnare their victims in an effort to obtain personal financial information.
Never Heard of Vishing? The term is a combination of "voice" and phishing. Vishing exploits the public's trust in landline telephone services. Landlines were once only associated with a physical location known to the telephone company and associated with a bill-payer. Times have changed, making it easier to hide the originating landline number. Vishing is the criminal practice of manipulating people into performing actions or divulging confidential information such as passwords, access codes, or access to their personal computer by lying, conning, or tricking them. Its the high- tech version of the old "confidence game." Vishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals.
Example of Vishing: 1. The criminal uses either a war dialer which automatically scans a list of telephone numbers to call phone numbers in a given region or accesses a legitimate voice messaging company with a list of phone numbers stolen from a financial institution. 2. When the victim answers the call, an automated recording, often generated with a text to speech synthesizer, is played to alert the consumer that their credit card has had fraudulent activity or that their bank account has had unusual activity. The message instructs the consumer to call the following phone number immediately. The same phone number is often shown in the spoofed caller ID and given the same name as the financial company they are pretending to represent. 3. When the victim calls the number, it is answered by automated instructions to enter their credit card number or bank account number on the key pad. 4. Once the consumer enters their credit card number or credit union account number, the visher has the information necessary to make fraudulent use of the card and/or to access the credit union account. 5. The call is often used to harvest additional details such as security PIN, expiration date, date of birth, etc. REMINDER: GPCE Credit Union will never call to verify your personal information. If in doubt, members should hang-up immediately and call the credit union directly. Our toll free number is 1-800-472-4723.
How Can I Protect Myself? Vishing is very hard for legal authorities to monitor or trace. Consumers are advised to be highly suspicious when receiving messages directing them to call and provide credit card or credit union numbers (account, routing, passwords, etc.). Rather than provide any information, if speaking to a human ask them for an incident number and then hang up. Then place a call to the number printed directly on your credit card or billing statement from a telephone number the credit union has on file, usually your home land line. While consumer caller id is trivial, to fake the credit union or credit cards call center gets much more reliable billing information provided by trunked 1-800 service. By calling the number directly, you have a higher level of confidence the other party youve dialed is who they claim to be.. (Source: Wikipedia)
SMISHING - What is smishing? It is a crime that capitalizes on the current popularity of cell phone text messaging. Smishing is a security attack in which the user is tricked into downloading a Trojan horse, virus, or other malware onto his cellular phone or other mobile device.
How Does Smishing Work? Smishing uses cell phone text messages to deliver the "bait" to get you to divulge your personal information. The "hook" (the method used to actually "capture" your information) in the text message may be a web site URL, however it has become more common to see a phone number that connects to automated voice response system.
Example of Smishing: This is an example of a smishing message in current circulation: "Notice - this is an automated message from (a local credit union), your ATM card has been suspended. To reactivate call urgent at 866-###-####." In many cases, the smishing message will show that it came from "5000" instead of displaying an actual phone number. This usually indicates the SMS (short message service) message was sent via email to the cell phone, and not sent from another cell phone. This information is then used to create duplicate credit/debit/ATM cards. There are documented cases where information entered on a fraudulent web site (used in a phishing, smishing, or vishing attack) was used to create a credit or debit card that was used halfway around the world, within 30 minutes. (Source: Wikipedia)
FAKE CHECK SCAMS - What is a fake check scam? It is a continuous trap that costs members and credit unions millions annually. Congratulations, its your lucky day! Youve just won $5,000!
FAKE Check Scams: …So, youve won a large sum of money and they are sending a cashier's check to cover the taxes and fees. All you have to do to get your winnings is deposit the check and wire the money to the sender to pay the taxes and fees. You're guaranteed that when they get your payment, you'll get your prize. There's just one catch: this is a scam. The check is not good, even though it appears to be a legitimate cashier's check. The lottery angle is a trick to get you to wire money to someone you don't know. If you were to deposit the check and wire the money, your bank would soon learn that the check was a fake. You would be out the money: The money you wired cannot be recovered, and you are responsible for the checks you deposit - even though you don't know they're fake.
Twist on Fake Check Scams: Literally, a dime-a-dozen! Similar scams are conducted all the time. Beware of these other so called wind-falls of good fortune: Buying Club Memberships, Charity and Fund Raising Fraud, Credit and Loan Offers, Government Grant Scams, Identity Theft and Telemarketing, Medical Discount Plans, Reloading Scams, Robocalls, Sweepstakes and Lotteries, Travel Scams, Work-at- Home and Business Opportunities. Contact the Federal Trade Commission for more details regarding each type of scam mentioned. (Source: FTC)
FTC ADVICE: The FTC has these words of caution for consumers who are thinking about responding to any foreign lottery: 1. If you play a foreign lottery on the telephone or through the mail you're violating federal law. 2. There are no secret systems for winning foreign lotteries. Your chances of winning more than the cost of your tickets are slim to none. 3. If you purchase one foreign lottery ticket, expect many more bogus offers for lottery or investment opportunities. Your name will be placed on sucker lists that fraudulent telemarketers buy and sell.sucker lists 4. Keep your credit card and bank account numbers to yourself. Scam artists often ask for them during an unsolicited sales pitch. 5. The bottom line: Ignore all phone solicitations for foreign lottery promotions. If you receive what looks like lottery material from a foreign country, give it to your local postmaster.
SKIMMING - What is skimming? It is a scam in which criminals steal from ATM users and those who use their debit cards. Card skimming is the illegal copying of information from the magnetic strip of a credit or ATM card. It is a more direct version of a phishing scam.phishing The scammers try to steal your personal information so they can access your accounts. Once scammers have skimmed your card, they can create a fake or cloned card with your details on it. The scammer is then able to run up charges on your account. Card skimming is also a way for scammers to steal your identity and use it to commit identity fraud. By stealing your personal information and account numbers the scammer may be able to borrow money or take out loans in your name.
Warning Signs of Skimming: A shop assistant takes your card out of your sight in order to process your transaction. You are asked to swipe your card through more than one machine. You see a shop assistant swipe the card through a different machine to the one you used. You notice something suspicious about the card slot on an ATM (e.g. an attached device). You notice unusual or unauthorized transactions on your account or credit card statement.
How Can I Protect Myself? Keep your credit card and ATM cards safe. Do not share your personal identity number (PIN) with anyone. Do not keep any written copy of your PIN with the card. Check your credit union account and credit card statements when you get them. If you see a transaction you cannot explain, report it to your credit union as soon as possible. Choose passwords that would be difficult for anyone else to guess. If you are using an ATM, take the time to check that there is nothing suspicious about the machine. If you are in a shop and the assistant wants to swipe your card out of your sight, or in a second machine, you should ask for your card back straight away and either pay with a cheque or cash, or not make the purchase. (Source: Scamwatch)
Thank you, For taking the time to understand the different types of ING Fraud. We hope this information has been helpful to you. If you have any other questions or concerns regarding these or any other types of fraud, or if you suspect you have been defrauded call GPCE Credit Union and the proper authorities right away.