Banks Will Never:
- Ask you to click a link in an email or text message
- Ask for your account number in an email or text message
- Ask you to call them via text message
- Call to verify your account number
- Call you to verify your password
How You Can Protect Your Security
Security Dos and Don’ts
- If you think you may have provided personal or account information in response to a fraudulent email or website, report the fraud immediately, change your password(s), and monitor your account activity frequently.
- Choose passwords that are difficult for others to guess and use a different password for each of your online accounts.
- Use both upper- and lower-case letters and numbers and special characters, if allowed.
- Enable multi-factor authentication, when available.
- Change your password(s) often.
- Always sign off websites or secure areas of websites (for example, Online Banking) for which you use an ID and password to enter.
- When your computer is not in use, shut it down or disconnect it from the Internet.
- Be careful and selective before providing your email address to a questionable website. Sharing your email address makes you more likely to receive fraudulent emails.
- Confirm the validity of all requests for sensitive personal, financial or account information, particularly if they are made with an urgent or threatening tone.
- Call the company directly to confirm requests for updating or verifying personal or account information.
- Confirm requests for personal or account information by going to the company website directly. Open a new browser window, type the website address, and check to see if you must actually perform any activity that an email may be asking you to do, such as change a password.
- Review your monthly credit card and bank account statements thoroughly. Investigate suspicious items immediately to head off any possible fraud before it occurs.
- Be suspicious if you are told to wire a portion of funds from a check you received back to a company.
- Be wary of lotteries or free trials that ask for your bank account number.
- Verify the authenticity of a cashier’s check with the bank that it is drawn on before depositing it.
- When verifying a check or the issuer, use contact information on the bank’s website.
- Don’t share your IDs or passwords with anyone.
- Don’t give your bank account number to someone who calls you, even for verification purposes.
- Don't take anything for granted. Always keep in mind that forging emails and creating fraudulent websites is not difficult.
- Don’t click on links in an email to verify your bank account.
- Don’t trust the appearance of checks or money orders. Scammers can make them look legitimate and official.
- Don’t deposit checks or money orders from strangers or companies with which you don’t have a relationship.
- Don’t wire money to people or companies you don’t know.
- Don’t accept a check that includes an overpayment.
Top 10 Scams:
- Phishing - Phishing is a type of online scam that targets consumers by sending them an e-mail that appears to be from a well-known source – an internet service provider, a bank, or a mortgage company, for example. It asks the consumer to provide personal identifying information.
- Online purchase - Online shopping scams involve scammers pretending to be legitimate online sellers, either with a fake website or a fake ad on a genuine retailer site. While many online sellers are legitimate, unfortunately scammers can use the anonymous nature of the internet to rip off unsuspecting shoppers.
- Sweepstakes, lottery, and prizes - Most sweepstakes scams have a few things in common. They claim that the recipient has won, or is about to win, a large cash prize. And they try to get the recipient to pay money, often supposedly to claim the bogus prize. ... Once your money is sent, it is usually lost for good.
- Government agency imposter - A government impersonator scam often starts with a call, email, or text message from someone who says they're with a government agency. They might give you their “employee ID number” to sound official. ... Because government agencies won't call, email, or text you and ask for money or personal information.
- Tech support - Tech support scammers want you to believe you have a serious problem with your computer, like a virus. They want you to pay for tech support services you don't need, to fix a problem that doesn’t exist. They often ask you to pay by wiring money, putting money on a gift card, prepaid card or cash reload card, or using a money transfer app because they know those types of payments can be hard to reverse.
- Government grant - Offers of free money from government grants are scams. Someone might offer you a grant to pay for education, home repairs, home business expenses, or unpaid bills. But they’re all scams.
- Debt collection - While there are many legitimate debt collectors in the financial marketplace, there are also scammers who may try to get you to pay on debts that you don’t owe or on debts that don’t even exist.
- Employment - The scammer contacts job seekers with the purpose of offering a listing of vacancies that includes fake references and photocopies of classified job ads taken from newspapers and boards from across the world.
- Identity theft - Identity theft schemes take numerous forms. Identity theft may be conducted by e-mail (phishing), standard mail, telephone, or fax. Thieves may also go through trash looking for discarded tax returns, bank records, credit card receipts or other records that contain personal and financial information. The identity thief may use your information to apply for credit, file taxes, or get medical services. These acts can damage your credit status and cost you time and money to restore your good name.
- Fake check / money order - In a fake check scam, a person you don’t know asks you to deposit a check — sometimes for several thousand dollars, and usually for more than you are owed — and send some of the money back, to them or another person.
What is email fraud?
Phony email messages sent to you for the purpose of stealing personal and financial information are among the most common types of email fraud.
Disguised as legitimate email and claiming to be from sources you trust, these messages attempt to entice you to provide various types of personal and confidential information, including online IDs and passwords, Social Security numbers and account numbers.
Also known as phishing or spoofing, the practice of email fraud is commonly used by criminals to gain access to your existing accounts or to use your personal and financial information to open new accounts.
Recognizing email fraud
Spotting phony email messages is not always easy, as the criminals who use them are becoming more sophisticated about creating them.
Phony email messages may ask you to reply directly or click on a link that takes you to a fraudulent website that appears legitimate. In either case, they will generally ask you to provide sensitive personal, financial or account information.
Here are some tips for spotting phony emails:
- Urgent appeals. Frequently, these emails claim that your account may be closed if you fail to confirm, verify, or authenticate your personal information immediately.
- Requests for security information. Fraudulent emails often claim that the bank has lost important security information that needs to be updated. They also may request that the user visit and update this information online.
- Typos and other errors. Fraudulent emails or websites may contain typographical or grammatical errors. The writing may also be awkward, stilted, or inappropriate. The visual or design quality may be poor.
Protecting yourself against email or online fraud
- Make sure the security features of your computer software, including your website browser, are up-to-date. Software companies continuously provide security updates to their products.
- Beware that email exchanges can be intercepted. Man-in-the-Middle (MitM) attack. You are not communicating with the person you think you are.
- A man-in-the-middle attack is a type of eavesdropping attack, where attackers interrupt an existing conversation or data transfer. After inserting themselves in the "middle" of the transfer, the attackers pretend to be a legitimate participant.
- The hacker becomes the “man in the middle” by digitally eavesdropping on conversations or transactions between two parties. During this attack, hackers can easily obtain personal data, login credentials, access to financial accounts, or even trick someone into sending a transaction to their own account via wire transfer, ACH or some other means.