While computers and the Internet offer great benefits, they also provide cyber criminals with opportunities to steal personal information. Cyber crooks have shown they can keep up with the fast-paced growth of technology. They constantly develop new tools and methods to trick and exploit people through computer and Internet use. The more aware you are of cyber threats, the more prepared you will be to avoid them.
- Malware: a broad term for the many forms of malicious software designed to disrupt, harm, or hijack a computer system or data. It includes viruses and spyware. Secretly installed without your knowledge or consent, malware programs can damage your privacy and the security of your computer or mobile device. They can capture your personal information in a variety of ways and secretly send it to identity thieves. Computers and mobile devices are commonly infected with malware through email attachments, downloads, and the links within emails, instant messages, or pop-up windows.
- Phishing: When cyber thieves send you emails that try to lure you into providing or confirming personal information. The emails look like they’re from legitimate organizations, often ones you know. They ordinarily use threats, warnings, or enticements to create a sense of urgency. You’re usually asked to click on a link. If you do, it can lead to a spoof website. The site looks real enough to trick you into entering personal information.
- Catfishing: When a person creates a fake identity on social media, usually targeting a specific victim for abuse, deception, or fraud. Catfishing is often used for romance scams on dating websites.
- Smishing & Vishing: Very similar to phishing, this is when criminals use automated dialing systems to call or text you with messages intended to trick you into sharing personal information. The message will direct you to a phone number or website that asks you for the information.
- Anti-Virus: Install and update anti-virus software on all devices connected to the Internet. DETAILS 4 Details NameDetails ContentParagraphTo open the popup, press Shift+EnterTo open the popup, press Shift+Enter Delete
- Back it up: Data loss doesn’t come with a warning. Automatically back up your critical data at least once a week.
- Delete when done: Uninstall mobile apps you no longer use.
- Stay aware: Cybersecurity is every-changing. Stay ahead of cyber issues with ongoing education.
- S=Secure: Look for https as part of the URL of a site you visit. It shows the authenticity of the security certificate on that webpage.
- Keep it clean: Keep a clean machine with current security software, web browser, and operating system.
- Look before you leave: Lock your computer before stepping away from your desk. Press the Windows key + L to quickly lock your screen.
- Go beyond the username and password: For an added layer of security, enable multi-factor authentication when available.
- Lock up your password list: Replace your written list of passwords with a password management software.
- Passwords: Make your password a sentence that is easy to remember and incorporate a special character and number. Examples – 1Love$ecurity!, [email protected]$
- Beware of phishy emails:
- Comes from a suspicious sender
- Offers a prize or enticing deal
- Contains typos and bad grammar
- Requests you to verify or update account information, stop payments, or complete other important processes
- Secure your devices: Use strong passwords, codes or touch ID features to lock your devices.
- See something, say something: If you see something suspicious, report it to the proper authorities as soon as possible.
- Think before you app: Be thoughtful about which apps you download and allow to collect your personal information.
- Think before you click: Don’t click on any link unless you know you can trust the source and are certain of where the link will send you.
- Don’t trust an unknow USB drive: If you find a USB drive, do not plug it in to your computer to identify the owner.
- When in doubt, throw it out: If an email, link or post looks suspicious, delete and/or mark it as junk.
- Be WiFi savvy: Public wireless networks and hotspots are not secure. Avoid logging in to important accounts such as email and financial services while on a public network.
The Importance of Software Updates & Patches
You’re probably no stranger to those little pop-up windows. They tell you software updates are available for your computer, laptop, tablet, or mobile device. You might be tempted to click on that “Remind me later” button. If the pop up for a software update is from a known and trusted site, don’t put off updating your software for long.
Software updates often include software patches. They cover the security holes to keep hackers out and they can also add new features and improve existing ones.
Cybersecurity is mostly about protecting you, but you’ve got other people to think about, too. If your device gets a virus, you could pass it on to your friends, family, and co-workers. That’s why you want to keep your software and systems updated.
If you’re still not keen on clicking “Update now,” you may be able to configure your devices to update automatically. If so, your problem is solved.
Cybercrime can be particularly difficult to investigate and prosecute because it often crosses legal jurisdictions and even international boundaries.
Who to Contact
- Contact TCB at 1-800-422-5675 and report your situation. TCB will take measures to put controls on your accounts and online banking to possibly keep you from any further loss. TCB can offer you a free referral to our ID Theft Protection company who can give you instructions on other measures you may need to take to protect your identity.
- Local law enforcement. Even if you have been the target of a multijurisdictional cybercrime, your local law enforcement agency has an obligation to assist you, take a formal report, and make referrals to other agencies.
- IC3. The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center. Complaints may be filed online at www.ic3.gov/default.aspx.
- Federal Trade Commission. The FTC does not resolve individual consumer complaints, but does operate the Consumer Sentinel, a database that is used by civil and criminal law enforcement authorities worldwide. File your complaint at www.ftccomplaintassistant.gov/FTC_Wizard.aspx?Lang=en.
Platforms like Facebook, Twitter, Instagram, and LinkedIn and many others can help us connect on a personal and professional level with friends, family, business associates, and causes that allow us to make new connections with others with shared interests. And participation is free to everyone, which has led to an unprecedented use of social media.
As of April 2021, 3.96 billion people identified as users of social media, representing half of the 7.7 billion of the world's population, including more than 70% of the population of the United States. Globally, the average person spends more than 2 hours per day on social media. It is not surprising that criminals have focused their attention on these internet platforms as a way to gather personal information, gain trust, and socially engineer their way to fraud that results in billions of dollars of losses annually.
At the conclusion of this article we will focus on tips to stay safe while using social media. But first, we want to alert you to social media scams that you may not be thinking about. Being alert to potential scams is the best way to protect yourself against fraud and identity theft.
1. CONGRATULATIONS, YOU WON!
Lotteries, gift cards, and other prize scams can make you believe that just by using social media you have somehow qualified for a prize of cash, gifts or discounts. These scams are designed to lure you to click on a link, which can go on to request personal information in order to "verify your eligibility". And by clicking on links to view or redeem your prize you may also be unwittingly downloading malware that can continue to collect more personal information and track your logins and other internet activity.
Why this scam works: Everyone loves a discount, and the attraction of winning a prize is strong.
Remember: You can't win a lottery that you never entered; however, a scammer can throw up advertising to everyone that appears that it is a personal approach just to you. Be wary of anyone that you don't know asking for your personal information, especially your banking details.
2. PLAY THIS GAME!
We have all seen friends on social media participate in fun and interesting games such as "Are you color-blind?", "Check your IQ", and "What is your Pirate Name?". These games may ask for your age, your date of birth, marital status, zip code and other personal information such as your name of the street that you grew up on, your favorite pet's name, etc. which could be useful for a criminal to create a profile on you to commit identity theft. These scams can ask for your phone number to move further and receive results, which can quietly enroll you in services that obligate you to monthly charges.
Why this Scam Works: Most of us look for ways to interact with others and receive personalized feedback. Once a friend participates in this activity there is peer pressure for other friends to play along.
Remember: Never enter any personal information on social media, even your phone number. While many games may be harmless there are many others that are looking for ways to gather information for nefarious purposes.
3. IS THIS REALLY YOU IN THIS PICTURE?!
This is a variation of a phishing scam that you may receive as a message in your social media app, or it may appear in your feed as an advertisement that looks like a message directed just to you. Variations of this message might be "I can't believe what he said about you!!!" or "Did you really mean to say this out loud?" Our protection instinct kicks in and you click on a link which downloads malware, and/or presents a login page that looks just like the social media site. Thinking it is legitimate you enter your user name and password. Now the criminals have your social media login which provides access to your profile and everything you have posted on the site.
Why this Scam Works: Anyone who has interacted on social media has a fear that they, or someone they know, will accidentally post something unintended. Even more compelling is the thought that someone who may want to do harm will post something embarrassing or confidential.
Remember: Don't click on links in social media. If you receive a message and you can't verify the source, don't click. If it looks like the message is from someone you know, contact that person to verify its not a scam before clicking the link. And make sure you have your social media profile settings set correctly so only your connections can message you.
4. SEE WHO IS LOOKING AT YOUR PROFILE!
In this scam, an offer may be presented to download an "Add-On" that will allow you to see who is searching for, and viewing your social media profile. The scam may redirect you to a survey or an online registration for a purchase, which allows the criminal to gain access to your personal enrollment information and your credit card data.
Why this Scam Works: We all have curiosity and a desire to be liked.
Remember: If you are redirected to a page, make sure that the URL is legitimate. Check out the product offer outside of your social media session to see if it is legitimate and their and no scam complaints.
5. YOUR ACCOUNT IS BEING CANCELLED!
Tell an avid social media user that a request to cancel their account has been received, or that their account is being frozen or removed, and watch the panic set in. Criminals count on this reaction. A normally careful person forgets all of the lessons of internet safety in their haste to prove that this action is NOT warranted. If this happens, it may result in you unwittingly providing information to criminals posing as social media administrators. In reality you may be giving up all types of personal information, which may include your name, address, SSN, credit card information, login information and more.
Why this Scam Works: Social media platforms are an important link to our family, friends and business associates. The thought of losing data and control of this lifeline is scary to many.
Remember: Don't trust any message that claims to be from the social media administrator. Contact the administrator outside of the social media session to make sure that the message is legitimate. And be very wary of any message on any platform that seems to rush you to action. In your haste you may make what appears to be a bad situation and even worse situation.
While it is easy to set up a social media account profile and it’s fun to connect with others, it’s important to maintain awareness. According to a report by the FTC, in 2019, total reported losses to social media frauds reached $134 million. But reported losses reached record highs, climbing to nearly $117 million in just the first six months of 2020, with no end in sight. Use this checklist to make sure that you are protecting yourself and your family on social media, on the internet, and in person.
Check your profile settings. Consider limiting the information that you share with the world. Some of your social media profile information might already be publicly available, but there are other details that a criminal could glean for your profile to help them patch together a clearer picture of your identity.
Be thoughtful about sharing personal details online. For safety’s sake, wait a few hours or even a few days before sharing content that reveals your location. A few vacation photos could be just the invitation a criminal needs to enter your home while you aren’t around. On social media, accept contact or friend requests with care. Decline friend requests from people you don’t know in real life; you never know who might actually be on the other side of your internet connection.
Think before you click. Hover over the hyperlink to confirm its real destination before you click on a URL. We recommend that you visit only secure websites, beginning with “https” instead of “http”.
Avoid phishing scams. Exercise caution when you receive a message in social media (or text, email, postal mail or by telephone) from someone you don’t know. Many criminals imitate celebrities, major corporations, financial institutions, or government agencies in an attempt to lure you into providing confidential or payment information.
Use public WiFi with caution. When you’re using a shared wireless network, other people on the same network may be able to see your internet traffic, which could open up your account information to unsavory characters. Avoid logging into confidential financial accounts and social media when you’re on shared WiFi. Even if you’re using your own device, try to remember to log out when you’re done.
Even when you take all the right precautions, bad things can still happen. If you or a family member suspects that your identity has been compromised, help is only a phone call away. With The Tri-County Bank ID Safe Choice you and up to three generations of your family have access to Fully Managed Identity Theft Recovery. We have professional Identity Theft Recovery Advocates standing by, ready to work on your behalf to help recover your identity and reverse any damage caused by identity theft.
Are You a Target This Tax Season? The Criminal Investigation (CI) unit is a special criminal division of the IRS. The CI is tasked with investigating and uncovering tax-related crimes and prosecuting these cases. Each year the CI provides the IRS with an annual report detailing the work of the CI and highlighting their successes and enforcements related to tax and financial crimes.
Why is this important to you? The work of the CI is critical in protecting taxpayers as well as maintaining the integrity of our financial system. Even more importantly, the information uncovered by the CI paints a very clear picture of what criminal activities are on the rise, and their annual report provides valuable information on what to watch out for and how you can protect yourself and your personal information in the future. You can review what CI identifies as the top "dirty dozen" schemes from 2022 and their full annual report.
In 2022, $5.7 billion was identified as tax fraud. This includes general tax fraud, abusive tax schemes, unemployment tax, identity theft, and refund fraud. While anyone can become a victim of tax fraud, it's generally at-risk populations that are the most affected, such as older adults or non-English-speaking taxpayers. While these populations are most at risk, the criminals behind these bogus schemes view everyone as potentially easy prey.
The IRS urges everyone to be on guard all the time and to look out for others in their lives. While paying special attention is important during tax season, taxpayers are encouraged to review the list in a special section on IRS.gov and be on the lookout for these scams throughout the year. This year, tax crimes have become more complex and sinister than ever before, including scams like identity theft, phishing, fake charities, false claims, and more. This article will cover new fraud schemes and reoccurring ones in hopes of helping you understand what to watch for and how to protect yourself and your loved ones.
NEW SCAMS FOR 2023
Wage and Tax Statement
The IRS recently issued an alert to a new scheme making its way through social channels. This scheme prompts individuals to use tax software to manually complete Form W-2, also known as the Wage and Tax Statement, and to include fabricated income details. The scammers behind this scheme advise people to falsify significant income and withholding figures and identify the employer from which it supposedly originated.
They then instruct taxpayers to electronically submit the fraudulent tax return in the hopes of receiving a substantial refund, which can sometimes amount to as much as five figures, due to the falsified withholding.
"We are seeing signs this scam is increasing, and we worry that innocent taxpayers could be at risk of being tempted into falling into a trap that puts them at risk of financial and criminal penalties," said Acting IRS Commissioner Doug O'Donnell. "The IRS and Security Summit partners remind people there is no secret way to get free money or a big refund. People should not make up income and try to submit a fraudulent tax return in hopes of getting a huge refund."
Social Security Scam
This is just a new twist on an existing impersonator scam where scammers claim to be able to cancel or suspend a victim's Social Security Number (SSN) in an attempt to gain sensitive information. In this scam, a taxpayer receives a threatening call accusing them of having unpaid or overdue taxes.
The result of this call is that the taxpayer divulges personal information before realizing that it is fraud. If you receive a threatening call, hang up and do not call the number back. Instead, report the call to the Treasury Inspector General for Tax Information using the red button at the top of their website.
According to the IRS, more than 90% of identity thieves start with phishing emails. These emails appear to be from a trusted company, often masquerading as your tax preparer or the IRS during tax season. These emails typically have some urgency to their request, such as "there is a problem with your account," and ask for personal information such as passwords or account information.
The IRS will never initiate contact with taxpayers via email about a tax bill, refund, or Economic Impact Payment. Don't click on website links in emails claiming to be from the IRS; they may be nothing more than scams to steal personal information. Phishing schemes also occur through a variety of channels, including letters, texts, and website links.
Criminals frequently take advantage of current events, such as natural disasters, by setting up fake charities to steal from well-intentioned people. Fraudulent schemes typically start with unsolicited contact by telephone, text, social media, email, or in-person using a variety of tactics. Bogus websites use names similar to legitimate charities to trick people into sending money or providing personal financial information.
They may even claim to be working for or on behalf of the IRS to help victims file casualty loss claims and get tax refunds. Legitimate charities will provide their Employer Identification Number (EIN) if requested, which can be used to verify their legitimacy. In addition, you can find legitimate and qualified charities with thIs Tax Exempt Organizations Search Tool on IRS.gov.
Threatening Impersonator Phone Calls
IRS impersonation scams come in many forms. A common one remains bogus threatening phone calls from a criminal claiming to be with the IRS. The scammer attempts to instill fear and urgency in the potential victim.
In fact, the IRS will never threaten a taxpayer or surprise them with a demand for immediate payment. Scam phone calls, including those that threaten arrest, deportation, or license revocation if the victim doesn't pay a bogus tax bill, are reported year-round.
These calls often take the form of a "robocall" (a text-to-speech recorded message with instructions for returning the call). Again, the IRS will never demand immediate payment, threaten, ask for financial information over the phone, or call about an unexpected refund or Economic Impact Payment.
EIP or Refund Theft
The IRS has made great strides against refund fraud and theft in recent years, but they remain an ongoing threat. Tax-related identity theft occurs when someone uses your stolen SSN to file a tax return claiming a fraudulent refund, and directing it to their P.O. Box or a fake bank account.
You may be unaware that this has happened until you e-file your return and discover that a return has already been filed using your SSN. Or the IRS may send you a letter saying it has identified a suspicious return using your SSN.
Seniors are more likely to be targeted and victimized by scammers than other segments of society. As time goes by more people who enter the senior population are using social media, online accounts, and use of the internet, which unfortunately gives scammers another means of taking advantage. Phishing scams targeting seniors continue to be a threat each tax filing season. Seniors need to be alert for a continuing surge of fake emails, text messages, websites, and social media attempts to steal personal information.
Scams Targeting non-English Speakers
IRS impersonators and other scammers also target groups with limited English proficiency. Some scams also target those potentially receiving an Economic Impact Payment from previous years and request personal or financial information from the taxpayer. Phone scams pose a major threat to people with limited access to information, including individuals not entirely comfortable with the English language. These calls frequently take the form of an automated "robocall" but sometimes may be made by a real person. A common one is the IRS impersonation scam, where a taxpayer receives a telephone call threatening jail time, deportation, or revocation of a driver's license from someone claiming to be with the IRS. Taxpayers who are recent immigrants are often the most vulnerable and should ignore these threats and not engage with scammers.
Unscrupulous Return Preparers
Most tax professionals provide honest, high-quality service; however, dishonest preparers pop up every tax filing season. Using an unscrupulous preparer can lead to fraud using the taxpayer's personal information or worse, the taxpayer might be talked into committing fraud themselves. Taxpayers should avoid so-called "ghost" preparers who expose their clients to potentially serious filing mistakes as well as possible tax fraud and the risk of losing their refunds.
Ghost preparers don't sign the tax returns they prepare. Instead, they may print the tax return and tell the taxpayer to sign and mail it to the IRS. For e-filed returns, the ghost preparer will prepare but not digitally sign as the paid preparer. By law, anyone who is paid to prepare or assists in preparing federal tax returns must have a Preparer Tax Identification Number (PTIN). Paid preparers must sign and include their PTIN on returns. Taxpayers are ultimately responsible for the accuracy of their tax returns, regardless of who prepares them. You can go to a special page on IRS.gov for tips on choosing a preparer.
Offer in Compromise Mills
Taxpayers need to be wary of misleading tax debt resolution companies that can exaggerate the chance of settling tax debts for "pennies on the dollar" through an Offer in Compromise (OIC). These offers are available for taxpayers who meet very specific legal criteria to qualify for reducing their tax bill. But unscrupulous companies oversell the program to unqualified candidates so they can collect a hefty fee from taxpayers already struggling with debt.
Individual taxpayers can use the free online Offer in Compromise Pre-Qualifier tool to see if they qualify. The simple tool allows taxpayers to confirm eligibility and provides an estimated offer amount. Taxpayers can apply for an OIC without third-party representation, but the IRS reminds taxpayers that if they need help, they should be cautious about whom they hire.
Fake Payments with Repayment Demands
Criminals are constantly finding new ways to trick taxpayers into believing their scam, including putting a bogus refund into the taxpayer's actual bank account. Here's how the scam works:
A thief steals or obtains a taxpayer's personal data, including SSN or Individual Taxpayer Identification Number (ITIN) and bank account information. The scammer files a bogus tax return and deposits the refund into the taxpayer's checking or savings account. The fraudster then calls the taxpayer, posing as an IRS employee claiming that the payment was in error and needs to be returned. The taxpayer, knowing that the refund is not consistent with what they have filed with the IRS, or that they have not yet filed for a refund, believes that this is an honest mistake.
The fake IRS caller tells the taxpayer that the money returned immediately. The taxpayer is told to either use a payment service, such as Zelle, or the taxpayer is told to buy specific gift cards for the amount of the refund and send them by mail. Either way, these methods are the same as cash and it is not recoverable. Anytime you receive an unexpected refund or a call from anyone out of the blue demanding a refund repayment, you should reach out to The Tri-County Bank and the IRS.
We are here for you!
Following the IRS's advice in each instance is important, but know that we are here for you! While it's important to stay aware of the above tax-related risks and practice good habits to protect your identity, we want you to remember that The Tri-County Bank has you covered in the event of tax fraud related or any type of identity theft. If you are an account holder with ID SafeChoice or Kasasa Protect you have Fully Managed Identity Theft Recovery. Should you feel your identity has been compromised, we have professional Identity Theft Recovery Advocates standing by. These Advocates work on your behalf to help recover and to help you reverse any damage caused by identity theft. Contact us or find out more about your benefits of ID SafeChoice or Kasasa Protect by exploring our website.