Protect Yourself from Cyber and Phone Scams
We’ve all heard horror stories of people having their personal information, money and even identities stolen by criminals who use email, texting and phone calls to defraud their victims.
Cyber and phone scams are so widespread and often unreported that it’s difficult to put an exact figure on how many Americans are victimized each year. Nearly everyone is at risk of becoming a target. One Harris Poll survey found that more than 68 million Americans lost $39.5 billion to phone scams alone from spring 2021 to spring 2022, with an average loss of $577.
Don’t be the next victim! Take a few moments to learn more about how to keep your finances safe from scammers.
How cybercriminals reach out — and how to respondCybercriminals are master manipulators. They want to steal something from you — often your account credentials or personal information that will enable them to gain access to your finances. They may try hacking a computer network behind the scenes, or they may reach out to you directly by email or phone, cleverly disguised as someone you know and trust. Here’s what to watch out for and how to respond if you become a target.
Email schemes. Email spoofing is a commonly used tactic in phishing, the practice of sending messages pretending to be from a reputable, known source to encourage you to reveal personal information. A scammer purchases a domain — a website name — so they can send emails that appear to come from your bank, credit card company or other trusted source (the domain is what follows “@” in an email address). For example, they might purchase the domain “dollorbank.com” to try to fool you into believing an email is from Dollar Bank, whose actual domain is “dollarbank.com.”
Then the scammer may instruct you to click a link in the email, which leads to a fraudulent website asking you to provide your credit card, bank account or Social Security number; login credentials; or other private information. Alternatively, clicking may result in the installation of malicious applications on your device, which provides another way for the scammer to steal your information.
Phishing messages can run the gamut from saying a hold has been placed on your account or there’s an issue with your payment information to claiming you’re entitled to a free gift. Unless you are 100% certain that an email is from a legitimate source, you should not click any links in the email.
Any of these red flags could indicate an email is illegitimate: misspellings (especially in the email address), grammatical errors, pressure/urgency for you to take action, too-good-to-be-true offers or the sender’s unwillingness to verify their identity.
If you receive a suspicious email:
- Do not reply, click any links or share any information.
- Do contact the person or organization who allegedly sent the message through a safe, known method such as a public phone number.
- If the email comes to your business email account, report the incident to your manager or security team, per corporate protocols.
- If the message comes to your personal account, delete it. You can also forward it to the Anti-Phishing Working Group (email@example.com), an international coalition of counter-cybercrime responders, and report it to the Federal Trade Commission at ReportFraud.ftc.gov.
Phone scams. When scammers use the telephone to connect with you, it’s called vishing (voice phishing) or smishing (text phishing).
- Vishing: On a voice call, your caller ID may appear to indicate the call is from a trusted contact or company, but don’t rely on that. If you answer the call and are asked for personal information, don’t provide it. Instead, hang up and attempt to independently verify their phone number and call them back. If you find that the call was legitimate, you can proceed with the conversation.
- Smishing: A fraudulent text is much like a phishing email, asking you to click a link. You may be clued in that the message is bogus when you don’t recognize the phone number, or the format of the number varies from the standard format. As with email phishing, if a message looks suspicious, attempt to verify it independently or simply delete it without responding.
Remember: A legitimate bank or credit card company will never call or email you asking for your personal information, account information, Online Banking password or PIN.
How to safeguard your information and accountsIn addition to knowing how to handle scam emails and calls, you can take measures to protect your information and accounts so that they are less accessible to bad actors.
Secure your computer and other devices. Make sure you have reputable anti-virus software installed and update your operating system, software, browsers and plugins whenever updates become available.
Secure your accounts. Whenever possible, protect your accounts with multifactor authentication, the process that requires you to verify your identity through at least two credentials — password, PIN, certification passcode, security key, facial recognition, fingerprint, etc. Also take full advantage of additional protections offered by your bank or credit card company.
For example, Dollar Bank sends fraud alert text messages to report any suspicious activity using your Dollar Bank personal or business debit, credit or ATM card, so you can confirm whether or not you initiated the transaction. Card holders can also use Dollar Bank’s free Card Control App to decide how, when and where their debit and credit cards are available for use. You can turn your Dollar Bank card on or off, restrict transactions, set real-time alerts and more.
Create strong passwords and update them often. Unique usernames and passwords can serve as barriers to protect your information. Here are some tips for creating strong passwords:
- Give each account its own unique password so that if someone does crack one of your passwords, they can’t use it to open any of your other accounts. For example, if they figure out your password at a retail store account, they may try using that password to open your bank account or other miscellaneous accounts, even if they are unsure where you actually hold accounts.
- Follow the strength guidelines provided as you register your account or change your password. Strong passwords are generally at least eight characters long and include at least one each of uppercase letters, lowercase letters, numbers and special characters.
- Avoid easy-to-guess passwords such as publicly available data about you (birthdate, anniversary, address, family members’ names, etc.), single words and sequences (abcde, qwerty, 12345).
This article is for general information purposes only and is not intended to provide legal, tax, accounting or financial advice. Any reliance on the information herein is solely and exclusively at your own risk and you are urged to do your own independent research. To the extent information herein references an outside resource or Internet site, Dollar Bank is not responsible for information, products or services obtained from outside sources and Dollar Bank will not be liable for any damages that may result from your access to outside resources. As always, please consult your own counsel, accountant, or other advisor regarding your specific situation.
Posted: February 16, 2023