New year, new phishes. We’ve all heard of the classic scams by now—the Nigerian prince, the grandson in jail, the IRS tax collection call… Fraudsters are nothing new, but their tactics are constantly evolving. Be on the lookout for these common scams this year.
More Like This
Home Delivery Scams
What is it?
This scam has grown in popularity as more and more Americans are shopping online. According to the Better Business Bureau, this tactic can start as a fake delivery text, email, phone call, or even a fake delivery tag on your door. The notice claims that a delivery company—UPS, FedEx, USPS, DHL, or another delivery service—was unable to deliver your package. You need to click a link, complete a form, or call a phone number to reschedule your delivery.
What’s the catch?
Clicking the link may download malware to your device. Filling out the form may require giving out your personal or banking information. Calling the number connects you to a person or bot who needs your private information to update delivery times. Whatever the strategy, the result is the same: a scammer gets access to your private info and/or your money.
How to avoid it
Watch out for texts, calls, emails, or missed delivery door tags. Remember the core rules of suspicious messages: Don’t open it, don’t click, don’t download, and don’t call the phone number they gave you.
If you were expecting a delivery, don’t use the message to check on your package! Instead, go to the shipper’s website directly. You can use their tracking tools to find out about your package or use their helpline to get more info. Don’t use any phone numbers or websites provided in the message—that could put you right in the scammer’s pocket.
Job Recruitment Scam
What is it?
Companies all over are hurting for employees, so it’s not uncommon to be contacted by recruiters looking for qualified applicants. Scammers are hopping on the recruitment train. Here’s how recruitment fraud works: The scammer sends you a fake job offer through Facebook, LinkedIn, or email. These offers look good— Competitive pay, flexible hours, full benefits… What’s not to like?
What’s the catch?
The catch is that you ALWAYS have to give the recruiter something. Some recruitment messages simply link to a malware-infested webpage. Some scammers ask for your social security number to sign up for the company insurance program. They might ask you to complete a “credit check” to qualify for the position. Or there’s the “Enroll in Direct Deposit” line, intended to get ahold of your bank account information. Just like that, you go from looking forward to a new job to looking back at identity and financial theft.
Some job scams ask you to pay for training or materials to start the position. They’ll ask you to send money through an online money transfer to purchase the required software. You send the money, and you never hear from the “employer” again.
Variations on the job scam
Other job scams don’t ask for your information. They just want you to do something for them. They’ll send you a cashier’s check for $5,000. You are supposed to deposit the check in your account, keep $200 for yourself (as payment, of course), and wire the rest to someone else. A few days after making the transfer, you get a call from the credit union. That check was a fake, and the money you sent from your account is long gone. Instead of making $200, you lost $4,800.
The FTC has compiled a list of fraudulent jobs that have tricked many Americans in the past few years. Repacking deliveries, purchasing and re-selling products, these are common “job opportunities” that promise big payouts, but leave you with big losses. See if your potential “job” is on their list before accepting. https://www.consumer.ftc.gov/articles/job-scams
How to avoid it
Remember these core guidelines to avoid being a victim of recruitment fraud:
- If it’s too good to be true, it probably is.
- Research first!
- Don’t wire cash for someone else, and don’t cash checks for someone else.
- Don’t provide private information unless you’ve confirmed the legitimacy, security, and necessity.
Look for these Red Flags in recruitment offers, interviews, and onboarding:
- They contacted you, you didn’t contact them
- The pay is too good, sometimes WAY too good, to be true
- The job description is vague, or universal. There are no educational or experience requirements, or no specific skills listed.
- Unprofessional messages: Punctuation and capitalization errors are red flags. Remember, just because your “offer” has proper grammar, doesn’t mean it isn’t a scam.
- No contact information: An email offer without the company’s website, address, and official phone number is a red flag.
- Personal or suspicious email addresses: A LOT of phishing scams come from email addresses that look like a company name… almost. Misspelled addresses are a red flag. Personal email addresses are another one. Some scammers will try to excuse personal email addresses by saying the company server is down. Don’t buy it.
- Online Interviews via instant messaging services: Research a company thoroughly before accepting any online interviews, and especially before clicking any links or submitting personal information.
- They ask you to pay for something. Pay for a credit report, for a background check, for new computer software, for a training course… the list goes on. The minute you hand over credit card or bank account information, the scammer has access to your money.
- They ask you to transfer money. If you’re asked to send a wire transfer or cash a check for the “company”, that’s a red flag.
- They ask for your social security number, banking information, or other private info. Yes, legitimate employers may ask for these things in the onboarding process. BUT, giving out this info to the wrong person is a wonderful way to have your identity, or your money, stolen.
Remember, ALWAYS research a company before accepting an interview, and definitely before providing any private information. It only takes a few minutes to discover if most companies are legitimate, and a few more to find their online job postings. Do this before responding or clicking any links in a job offer message.
Charity Donation Scam
What is it?
Also known as Disaster Scams, look out for this common trick around the holidays or after a disaster strikes. Fraudsters play on your desire to help disaster relief, support veterans, or contribute to another charitable cause to collect cash for themselves.
These scams can look, sound, and feel very realistic. Scammers may contact you via a phone call or email, or even through door-to-door solicitation. Some are even registered nonprofits but donate only a tiny portion of their earnings to the causes they promote. Others steal true stories, and even photos, from crowdfunding causes online to create fake Go Fund Me pages. Whatever the approach, the goal is the same—getting you to “donate” to the scammer.
How to Avoid Charity Scams
Look out for these warning signs before donating:
- Time pressure: if you are being pushed to donate RIGHT NOW, or before a time limit runs out, be very skeptical.
- Being thanked for a donation you never made. Some scammers try to establish legitimacy by indicating you’ve donated with them before.
- A request for payment by cash, gift card, money transfer tools like CashApp, or wire transfer. These forms of payment are hard to trace, making them popular with scammers.
- A request for your social security number, birth date, or banking information.
- Unexpected emails or texts with links or attached documents. Do not click on the messages, do not open the attachments, and do not click the links.
If you have doubts about a charity or cause, do your research.
- Research the charity on a watchdog site like CharityWatch or the Better Business Bureau. Use the IRS’s online database to see if the organization is a registered charity. If it’s the cause that interests you, these sites can help you find a verified and reliable organization to donate with instead.
- Search online for the organization’s name with words like “scam” and “complaints” to see if anyone else has been scammed this way.
- Look closely at the charity’s web address or email domain. It’s common to slightly misspell a well-known charity, and use their reputation to fool potential donors.
- Ask how much of your donation goes to overhead and fundraising. High overhead funding is a sign that the non-profit isn’t doing much for the cause itself.
Remember, even legitimate crowdfunding sites like GoFundMe may include fraudulent causes. Many fraudsters pull on real stories from disaster victims to create believable crowdfunding pages. Follow these guidelines to avoid donating to fake crowdfunding causes.
It’s a good idea to keep a record of your donations. Regularly check your transactions and monthly statements for anything you didn’t authorize.
Card Locked Scam
What is it?
With years of merchant and payment processer data breaches behind us, there’s a good chance that some of your information–including partial credit card numbers–are sitting on lists of data that scammers can purchase. A partial card number is enough to tell a scammer which institution you use, but not enough to let them use your card for purchases. So, how can the scammer convince you to give up your card number, PIN, or security code? Easy. Pretend to be your bank or credit union and ask you to verify the card’s information.
The scam looks like this: You get a message—a call, an email, maybe a text—from your bank or credit union saying that your card has been “blocked” due to fraudulent activity. The scammer might sound very convincing. They use the institution’s name, they know who you are, they refer to a specific transaction that you know you never made, they promise to credit your account for the amount stolen. They might even promise to re-issue your card. The call is professional and reassuring. You’re upset, but not too nervous–it’s good to know that your “credit union” is looking out for you by catching this fraud attempt!
Then comes the trick…
After building your trust, the caller will ask you to give them something—your full card number, your PIN, or the 3-digit security code on the back of your card—to verify that you are the account holder. Worried about fraud, and reassured by the competent, professional message, you give it to them.
How to Avoid Locked Card Scams
If you are ever contacted by your financial institution about an issue with your account, don’t panic, don’t click on anything, and don’t give out any information. Take a breath and verify the story with your credit union.
If you received a phone call, tell the caller you will verify the transaction online and call back on their official line shortly. Then, hang up and go do your research.
Check your online banking
Start by checking the story. Log in to your institution’s online banking or mobile app (never click a link in the email or text, even if it looks official) and see if there have been any suspicious transactions on your account. If you don’t have online banking, call your branch using their official phone number and ask the teller to check for a fraud alert on your account, or to read your recent transactions for you.
Use Remote Card Control to stop the damage
If you do see something suspicious, use your institution’s Card Control tool to block any more transactions on the card, or ask your teller to do this for you. This means that even if the fraudster got access to your card data, they can’t use the card to make any more purchases in your name.
Contact your institution through official channels
Remember, never call back to the number you were contacted from, and don’t use a number they provided. Don’t respond to the email or text for the same reason. Call an officially listed number, or the number on the back of your card, or use the secure messaging feature in online banking to get help from your institution.
Tech Support Scam
What is it?
This scam isn’t new. It’s used against individuals—especially seniors—and can have disastrous consequences. Tech Support Scams rely on our fear of devices breaking or being hacked, and use that fear to steal money, data, and even identities.
The scam goes like this:
Out of nowhere, a pop-up message appears on your screen. It says something scary, like “Virus Detected, Please Contact Support”. Terrified that your computer is infected, you call the support number listed on the message. The helpful tech support person explains the problem and talks you into paying for expensive device repairs. Some scammers will ask you to verify your ID to access your account, and convince you to hand over private personal information.
The scam might also take the form of a phone call or email from Apple Support or an Anti-Virus company. In a fun new pandemic-era twist, the message may say your Zoom account has been suspended, or that you missed a virtual meeting. You need to click a link or call a number to fix the problem. The intent is the same—get you to call or click a link, sacrificing your money and your data security.
The IT Department Scam
One variation on the Tech Support Scam is targeted at business employees and can have massive consequences for the company. With many employees still working from home, companies are more vulnerable to this scam than usual.
The caller claims to be from the company’s IT department. They convince the employee to give them remote access to the computer to solve some glitch, or to install new company software. Once given access, the scammer can access and steal documents, logged data, and private company information to hold for ransom or sell. They may also install malware on the device, collecting more information from the device’s activity for days, weeks, or months into the future.
How to Avoid Tech Support Scams
First, make sure your computer, phone, and other devices have up-to-date anti-virus and malware software installed and active.
If you do have a problem with your computer, be sure to contact a legitimate and trustworthy repair company. If it’s a company computer, contact your IT department through an official phone number or email. Fixing these problems correctly makes life easier, and makes it harder for scammers to trick you.
If you get an unexpected call, email, or pop-up regarding tech support, remember the scam prevention basics: Don’t panic, don’t give out any info, don’t send any money.
If you get a call, say that you’ll need to verify the claim and that you’ll call back on the company’s official tech support line. Look up the company using our fraud research techniques.
If you get a suspicious tech support email, don’t open it! Research the company and the claim online, and use a legitimate tech support company to check on any repairs if you are concerned.
If you get an unexpected pop-up, don’t panic! These can look very real, and be very scary. Don’t click anything, and don’t call the number on the screen. Use another device to look up the actual support line for your anti-virus software, Apple support, etc. Remember, if they ask for payment, especially in cash, gift card, wire, or through money transfer apps, be suspicious.
Preventing Fraud Takes Awareness
The more you know, the less vulnerable you are to scammer’s techniques. Remember to be suspicious of unexpected calls, email, texts, and social media messages. Never pay for something out of fear or panic, and never be afraid to give us a call if something goes wrong.