Cybersecurity
While computers and the Internet offer great benefits, they also provide cyber criminals with opportunities to steal personal information. Cyber crooks have shown they can keep up with the fast-paced growth of technology. They constantly develop new tools and methods to trick and exploit people through computer and Internet use. The more aware you are of cyber threats, the more prepared you will be to avoid them.
- Malware: a broad term for the many forms of malicious software designed to disrupt, harm, or hijack a computer system or data. It includes viruses and spyware. Secretly installed without your knowledge or consent, malware programs can damage your privacy and the security of your computer or mobile device. They can capture your personal information in a variety of ways and secretly send it to identity thieves. Computers and mobile devices are commonly infected with malware through email attachments, downloads, and the links within emails, instant messages, or pop-up windows.
- Phishing: When cyber thieves send you emails that try to lure you into providing or confirming personal information. The emails look like they’re from legitimate organizations, often ones you know. They ordinarily use threats, warnings, or enticements to create a sense of urgency. You’re usually asked to click on a link. If you do, it can lead to a spoof website. The site looks real enough to trick you into entering personal information.
- Catfishing: When a person creates a fake identity on social media, usually targeting a specific victim for abuse, deception, or fraud. Catfishing is often used for romance scams on dating websites.
- Smishing & Vishing: Very similar to phishing, this is when criminals use automated dialing systems to call or text you with messages intended to trick you into sharing personal information. The message will direct you to a phone number or website that asks you for the information.
- Pretexting: Pretexting is a social engineering technique that involves creating a fake scenario to trick people into sharing sensitive information or giving access to systems or services. Always verify the requester’s identity through trusted communication channels before sharing sensitive information or complying with any unusual requests.
- Business Email Compromise: Business email compromise (BEC) is a cybercrime where criminals trick people into giving away sensitive information or money by spoofing the email of a trusted source such as your boss or HR manager or even actually hacking into and sending emails from their legitimate email account. Ensure all business communication is verified through known contacts and secure communication channels.
- AI Chatbots: AI Chatbots are susceptible to cyberattacks and other security threats because they interact with personal information and connect to organizational systems and the internet. Follow your organization’s policy regarding the use of AI chatbots. Never share any personal organizational information with them.
- Anti-Virus: Install and update anti-virus software on all devices connected to the Internet.
- Back it up: Data loss doesn’t come with a warning. Automatically back up your critical data at least once a week.
- Delete when done: Uninstall mobile apps you no longer use.
- Stay aware: Cybersecurity is every-changing. Stay ahead of cyber issues with ongoing education.
- S=Secure: Look for https as part of the URL of a site you visit. It shows the authenticity of the security certificate on that webpage.
- Keep it clean: Keep a clean machine with current security software, web browser, and operating system.
- Look before you leave: Lock your computer before stepping away from your desk. Press the Windows key + L to quickly lock your screen.
- Go beyond the username and password: For an added layer of security, enable multi-factor authentication when available.
- Lock up your password list: Replace your written list of passwords with a password management software.
- Passwords: Make your password a sentence that is easy to remember and incorporate a special character and number. Examples – 1Love$ecurity!, MyF@milyHas3Kid$
- Beware of phishy emails:
- Comes from a suspicious sender
- Offers a prize or enticing deal
- Contains typos and bad grammar
- Requests you to verify or update account information, stop payments, or complete other important processes
- Secure your devices: Use strong passwords, codes or touch ID features to lock your devices.
- See something, say something: If you see something suspicious, report it to the proper authorities as soon as possible.
- Think before you app: Be thoughtful about which apps you download and allow to collect your personal information.
- Think before you click: Don’t click on any link unless you know you can trust the source and are certain of where the link will send you.
- Don’t trust an unknown USB drive: If you find a USB drive, do not plug it in to your computer to identify the owner.
- When in doubt, throw it out: If an email, link or post looks suspicious, delete and/or mark it as junk.
- Be WiFi savvy: Public wireless networks and hotspots are not secure. Avoid logging in to important accounts such as email and financial services while on a public network.
The Importance of Software Updates & Patches
You’re probably no stranger to those little pop-up windows. They tell you software updates are available for your computer, laptop, tablet, or mobile device. You might be tempted to click on that “Remind me later” button. If the pop up for a software update is from a known and trusted site, don’t put off updating your software for long.
Software updates often include software patches. They cover the security holes to keep hackers out and they can also add new features and improve existing ones.
Cybersecurity is mostly about protecting you, but you’ve got other people to think about, too. If your device gets a virus, you could pass it on to your friends, family, and co-workers. That’s why you want to keep your software and systems updated.
If you’re still not keen on clicking “Update now,” you may be able to configure your devices to update automatically. If so, your problem is solved.
Cybercrime can be particularly difficult to investigate and prosecute because it often crosses legal jurisdictions and even international boundaries.
Who to Contact
- Contact TCB at 1-800-422-5675 and report your situation. TCB will take measures to put controls on your accounts and online banking to possibly keep you from any further loss. TCB can offer you a free referral to our ID Theft Protection company who can give you instructions on other measures you may need to take to protect your identity.
- Local law enforcement. Even if you have been the target of a multijurisdictional cybercrime, your local law enforcement agency has an obligation to assist you, take a formal report, and make referrals to other agencies.
- IC3. The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center. Complaints may be filed online at https://www.ic3.gov/.
- Federal Trade Commission. The FTC does not resolve individual consumer complaints, but does operate the Consumer Sentinel, a database that is used by civil and criminal law enforcement authorities worldwide. File your complaint at https://reportfraud.ftc.gov/
Platforms like Facebook, Twitter, Instagram, and LinkedIn and many others can help us connect on a personal and professional level with friends, family, business associates, and causes that allow us to make new connections with others with shared interests. And participation is free to everyone, which has led to an unprecedented use of social media.
As of October 2024, 5.17 billion people identified as users of social media, representing over half of the 8 billion of the world's population. Globally, the average person spends more than 2 hours per day on social media. It is not surprising that criminals have focused their attention on these internet platforms as a way to gather personal information, gain trust, and socially engineer their way to fraud that results in billions of dollars of losses annually.
At the conclusion of this article we will focus on tips to stay safe while using social media. But first, we want to alert you to social media scams that you may not be thinking about. Being alert to potential scams is the best way to protect yourself against fraud and identity theft.
1. CONGRATULATIONS, YOU WON!
Lotteries, gift cards, and other prize scams can make you believe that just by using social media you have somehow qualified for a prize of cash, gifts or discounts. These scams are designed to lure you to click on a link, which can go on to request personal information in order to "verify your eligibility". And by clicking on links to view or redeem your prize you may also be unwittingly downloading malware that can continue to collect more personal information and track your logins and other internet activity.
Why this scam works: Everyone loves a discount, and the attraction of winning a prize is strong.
Remember: You can't win a lottery that you never entered; however, a scammer can throw up advertising to everyone that appears that it is a personal approach just to you. Be wary of anyone that you don't know asking for your personal information, especially your banking details.
2. PLAY THIS GAME!
We have all seen friends on social media participate in fun and interesting games such as "Are you color-blind?", "Check your IQ", and "What is your Pirate Name?". These games may ask for your age, your date of birth, marital status, zip code and other personal information such as your name of the street that you grew up on, your favorite pet's name, etc. which could be useful for a criminal to create a profile on you to commit identity theft. These scams can ask for your phone number to move further and receive results, which can quietly enroll you in services that obligate you to monthly charges.
Why this Scam Works: Most of us look for ways to interact with others and receive personalized feedback. Once a friend participates in this activity there is peer pressure for other friends to play along.
Remember: Never enter any personal information on social media, even your phone number. While many games may be harmless there are many others that are looking for ways to gather information for nefarious purposes.
3. IS THIS REALLY YOU IN THIS PICTURE?!
This is a variation of a phishing scam that you may receive as a message in your social media app, or it may appear in your feed as an advertisement that looks like a message directed just to you. Variations of this message might be "I can't believe what he said about you!!!" or "Did you really mean to say this out loud?" Our protection instinct kicks in and you click on a link which downloads malware, and/or presents a login page that looks just like the social media site. Thinking it is legitimate you enter your username and password. Now the criminals have your social media login which provides access to your profile and everything you have posted on the site.
Why this Scam Works: Anyone who has interacted on social media has a fear that they, or someone they know, will accidentally post something unintended. Even more compelling is the thought that someone who may want to do harm will post something embarrassing or confidential.
Remember: Don't click on links in social media. If you receive a message and you can't verify the source, don't click. If it looks like the message is from someone you know, contact that person to verify its not a scam before clicking the link. And make sure you have your social media profile settings set correctly so only your connections can message you.
4. SEE WHO IS LOOKING AT YOUR PROFILE!
In this scam, an offer may be presented to download an "Add-On" that will allow you to see who is searching for, and viewing your social media profile. The scam may redirect you to a survey or an online registration for a purchase, which allows the criminal to gain access to your personal enrollment information and your credit card data.
Why this Scam Works: We all have curiosity and a desire to be liked.
Remember: If you are redirected to a page, make sure that the URL is legitimate. Check out the product offer outside of your social media session to see if it is legitimate and their and no scam complaints.
5. YOUR ACCOUNT IS BEING CANCELLED!
Tell an avid social media user that a request to cancel their account has been received, or that their account is being frozen or removed, and watch the panic set in. Criminals count on this reaction. A normally careful person forgets all of the lessons of internet safety in their haste to prove that this action is NOT warranted. If this happens, it may result in you unwittingly providing information to criminals posing as social media administrators. In reality you may be giving up all types of personal information, which may include your name, address, SSN, credit card information, login information and more.
Why this Scam Works: Social media platforms are an important link to our family, friends and business associates. The thought of losing data and control of this lifeline is scary to many.
Remember: Don't trust any message that claims to be from the social media administrator. Contact the administrator outside of the social media session to make sure that the message is legitimate. And be very wary of any message on any platform that seems to rush you to action. In your haste you may make what appears to be a bad situation and even worse situation.
STAY SAFE!
While it is easy to set up a social media account profile and it’s fun to connect with others, it’s important to maintain awareness. Use this checklist to make sure that you are protecting yourself and your family on social media, on the internet, and in person.
-
Check your profile settings. Consider limiting the information that you share with the world. Some of your social media profile information might already be publicly available, but there are other details that a criminal could glean for your profile to help them patch together a clearer picture of your identity.
-
Be thoughtful about sharing personal details online. For safety’s sake, wait a few hours or even a few days before sharing content that reveals your location. A few vacation photos could be just the invitation a criminal needs to enter your home while you aren’t around. On social media, accept contact or friend requests with care. Decline friend requests from people you don’t know in real life; you never know who might actually be on the other side of your internet connection.
-
Think before you click. Hover over the hyperlink to confirm its real destination before you click on a URL. We recommend that you visit only secure websites, beginning with “https” instead of “http”.
-
Avoid phishing scams. Exercise caution when you receive a message in social media (or text, email, postal mail or by telephone) from someone you don’t know. Many criminals imitate celebrities, major corporations, financial institutions, or government agencies in an attempt to lure you into providing confidential or payment information.
-
Use public WiFi with caution. When you’re using a shared wireless network, other people on the same network may be able to see your internet traffic, which could open up your account information to unsavory characters. Avoid logging into confidential financial accounts and social media when you’re on shared WiFi. Even if you’re using your own device, try to remember to log out when you’re done.
Even when you take all the right precautions, bad things can still happen. If you or a family member suspects that your identity has been compromised, help is only a phone call away. With The Tri-County Bank ID Safe Choice you and up to three generations of your family have access to Fully Managed Identity Theft Recovery. We have professional Identity Theft Recovery Advocates standing by, ready to work on your behalf to help recover your identity and reverse any damage caused by identity theft.
While anyone can become a victim of tax fraud, it's generally at-risk populations that are the most affected, such as older adults or non-English-speaking taxpayers. While these populations are most at risk, the criminals behind these bogus schemes view everyone as potentially easy prey.
The IRS urges everyone to be on guard all the time and to look out for others in their lives. While paying special attention is important during tax season, taxpayers are encouraged to review the list in a special section on IRS.gov and be on the lookout for these scams throughout the year. This year, tax crimes have become more complex and sinister than ever before, including scams like identity theft, phishing, fake charities, false claims, and more. This article will cover new fraud schemes and reoccurring ones in hopes of helping you understand what to watch for and how to protect yourself and your loved ones.
Wage and Tax Statement
The IRS recently issued an alert to a new scheme making its way through social channels. This scheme prompts individuals to use tax software to manually complete Form W-2, also known as the Wage and Tax Statement, and to include fabricated income details. The scammers behind this scheme advise people to falsify significant income and withholding figures and identify the employer from which it supposedly originated.
They then instruct taxpayers to electronically submit the fraudulent tax return in the hopes of receiving a substantial refund, which can sometimes amount to as much as five figures, due to the falsified withholding.
"We are seeing signs this scam is increasing, and we worry that innocent taxpayers could be at risk of being tempted into falling into a trap that puts them at risk of financial and criminal penalties," said Acting IRS Commissioner Doug O'Donnell. "The IRS and Security Summit partners remind people there is no secret way to get free money or a big refund. People should not make up income and try to submit a fraudulent tax return in hopes of getting a huge refund."
Social Security Scam
This is just a new twist on an existing impersonator scam where scammers claim to be able to cancel or suspend a victim's Social Security Number (SSN) in an attempt to gain sensitive information. In this scam, a taxpayer receives a threatening call accusing them of having unpaid or overdue taxes.
The result of this call is that the taxpayer divulges personal information before realizing that it is fraud. If you receive a threatening call, hang up and do not call the number back. Instead, report the call to the Treasury Inspector General for Tax Information using the red button at the top of their website.
Phishing
According to the IRS, more than 90% of identity thieves start with phishing emails. These emails appear to be from a trusted company, often masquerading as your tax preparer or the IRS during tax season. These emails typically have some urgency to their request, such as "there is a problem with your account," and ask for personal information such as passwords or account information.
The IRS will never initiate contact with taxpayers via email about a tax bill, refund, or Economic Impact Payment. Don't click on website links in emails claiming to be from the IRS; they may be nothing more than scams to steal personal information. Phishing schemes also occur through a variety of channels, including letters, texts, and website links.
Fake Charities
Criminals frequently take advantage of current events, such as natural disasters, by setting up fake charities to steal from well-intentioned people. Fraudulent schemes typically start with unsolicited contact by telephone, text, social media, email, or in-person using a variety of tactics. Bogus websites use names similar to legitimate charities to trick people into sending money or providing personal financial information.
They may even claim to be working for or on behalf of the IRS to help victims file casualty loss claims and get tax refunds. Legitimate charities will provide their Employer Identification Number (EIN) if requested, which can be used to verify their legitimacy. In addition, you can find legitimate and qualified charities with thIs Tax Exempt Organizations Search Tool on IRS.gov.
Threatening Impersonator Phone Calls
IRS impersonation scams come in many forms. A common one remains bogus threatening phone calls from a criminal claiming to be with the IRS. The scammer attempts to instill fear and urgency in the potential victim.
In fact, the IRS will never threaten a taxpayer or surprise them with a demand for immediate payment. Scam phone calls, including those that threaten arrest, deportation, or license revocation if the victim doesn't pay a bogus tax bill, are reported year-round.
These calls often take the form of a "robocall" (a text-to-speech recorded message with instructions for returning the call). Again, the IRS will never demand immediate payment, threaten, ask for financial information over the phone, or call about an unexpected refund or Economic Impact Payment.
EIP or Refund Theft
The IRS has made great strides against refund fraud and theft in recent years, but they remain an ongoing threat. Tax-related identity theft occurs when someone uses your stolen SSN to file a tax return claiming a fraudulent refund, and directing it to their P.O. Box or a fake bank account.
You may be unaware that this has happened until you e-file your return and discover that a return has already been filed using your SSN. Or the IRS may send you a letter saying it has identified a suspicious return using your SSN.
Senior Fraud
Seniors are more likely to be targeted and victimized by scammers than other segments of society. As time goes by more people who enter the senior population are using social media, online accounts, and use of the internet, which unfortunately gives scammers another means of taking advantage. Phishing scams targeting seniors continue to be a threat each tax filing season. Seniors need to be alert for a continuing surge of fake emails, text messages, websites, and social media attempts to steal personal information.
Scams Targeting non-English Speakers
IRS impersonators and other scammers also target groups with limited English proficiency. Some scams also target those potentially receiving an Economic Impact Payment from previous years and request personal or financial information from the taxpayer. Phone scams pose a major threat to people with limited access to information, including individuals not entirely comfortable with the English language. These calls frequently take the form of an automated "robocall" but sometimes may be made by a real person. A common one is the IRS impersonation scam, where a taxpayer receives a telephone call threatening jail time, deportation, or revocation of a driver's license from someone claiming to be with the IRS. Taxpayers who are recent immigrants are often the most vulnerable and should ignore these threats and not engage with scammers.
Unscrupulous Return Preparers
Most tax professionals provide honest, high-quality service; however, dishonest preparers pop up every tax filing season. Using an unscrupulous preparer can lead to fraud using the taxpayer's personal information or worse, the taxpayer might be talked into committing fraud themselves. Taxpayers should avoid so-called "ghost" preparers who expose their clients to potentially serious filing mistakes as well as possible tax fraud and the risk of losing their refunds.
Ghost preparers don't sign the tax returns they prepare. Instead, they may print the tax return and tell the taxpayer to sign and mail it to the IRS. For e-filed returns, the ghost preparer will prepare but not digitally sign as the paid preparer. By law, anyone who is paid to prepare or assists in preparing federal tax returns must have a Preparer Tax Identification Number (PTIN). Paid preparers must sign and include their PTIN on returns. Taxpayers are ultimately responsible for the accuracy of their tax returns, regardless of who prepares them. You can go to a special page on IRS.gov for tips on choosing a preparer.
Offer in Compromise Mills
Taxpayers need to be wary of misleading tax debt resolution companies that can exaggerate the chance of settling tax debts for "pennies on the dollar" through an Offer in Compromise (OIC). These offers are available for taxpayers who meet very specific legal criteria to qualify for reducing their tax bill. But unscrupulous companies oversell the program to unqualified candidates so they can collect a hefty fee from taxpayers already struggling with debt.
Individual taxpayers can use the free online Offer in Compromise Pre-Qualifier tool to see if they qualify. The simple tool allows taxpayers to confirm eligibility and provides an estimated offer amount. Taxpayers can apply for an OIC without third-party representation, but the IRS reminds taxpayers that if they need help, they should be cautious about whom they hire.
Fake Payments with Repayment Demands
Criminals are constantly finding new ways to trick taxpayers into believing their scam, including putting a bogus refund into the taxpayer's actual bank account. Here's how the scam works:
A thief steals or obtains a taxpayer's personal data, including SSN or Individual Taxpayer Identification Number (ITIN) and bank account information. The scammer files a bogus tax return and deposits the refund into the taxpayer's checking or savings account. The fraudster then calls the taxpayer, posing as an IRS employee claiming that the payment was in error and needs to be returned. The taxpayer, knowing that the refund is not consistent with what they have filed with the IRS, or that they have not yet filed for a refund, believes that this is an honest mistake.
The fake IRS caller tells the taxpayer that the money returned immediately. The taxpayer is told to either use a payment service, such as Zelle, or the taxpayer is told to buy specific gift cards for the amount of the refund and send them by mail. Either way, these methods are the same as cash and it is not recoverable. Anytime you receive an unexpected refund or a call from anyone out of the blue demanding a refund repayment, you should reach out to The Tri-County Bank and the IRS.
We are here for you!
Following the IRS's advice in each instance is important, but know that we are here for you! While it's important to stay aware of the above tax-related risks and practice good habits to protect your identity, we want you to remember that The Tri-County Bank has you covered in the event of tax fraud related or any type of identity theft. If you are an account holder with ID SafeChoice or Kasasa Protect you have Fully Managed Identity Theft Recovery. Should you feel your identity has been compromised, we have professional Identity Theft Recovery Advocates standing by. These Advocates work on your behalf to help recover and to help you reverse any damage caused by identity theft. Contact us or find out more about your benefits of ID SafeChoice or Kasasa Protect by exploring our website.
Threats to Turn off Water and Power could be the Work of Scammers: What you need to know about utility scams
Many basic necessities rely on utilities we take for granted. And that makes them perfect for a scammer to exploit.
Like many other scams, utility scams occur when a scammer pretends to be someone they’re not. In this case, the scammer poses as a representative from your power or water company and threatens to turn off your services unless you send payment right away or provide some important personal information.
Different Approaches, Same Intent
These scams can happen through email, over the phone, via text message, and in person. In some cases, the scammer may report you’ve overpaid for services and ask for a bank account, credit card, or utility account information to allegedly issue a refund. Your actual utility company would already have this information. What’s more likely is that the scammer is trying to get personal information to commit fraud.
Utility scams typically include an urgent notice threatening to cancel your service due to a missed payment, leaving you without heat, air conditioning, or water. Scammers use urgency to create panic and scare you into acting fast without thinking or confirming the authenticity of the situation.
People posing as utility workers may show up at your home for a fake inspection or equipment repair, investigate a supposed gas leak, or conduct a “free” audit for energy efficiency. They will try to charge you for the fake service, sell you unnecessary products, or collect personal information to use in identity theft activities.
Fast Payments Work in Scammers' Favor
Since electronic payments are a fast way to send money and often can’t be reversed, the scammer may say that they need immediate payment via bank wire, gift card or digital payment apps, like Venmo or Zelle®, to keep your utilities running. These scams are often timed for maximum urgency, such as peak heating or air conditioning seasons, or right before a big holiday celebration like Thanksgiving.
How to Protect Yourself
Watch for these warning signs to detect a utility scam in progress:
- An unscheduled or unsolicited call or visit from someone claiming to represent your power or water company. No matter how great the offer or frightening the situation sounds, decline any action until you can verify its authenticity.
- Threats to cut off service unless an overdue bill or maintenance cost is paid immediately. Most utility companies send multiple notifications before canceling service.
- Requests for personal account information or payment via bank wire, gift card or digital payment apps, like Venmo or Zelle®.
If you experience any of these situations, follow these steps:
- Slow down and ask questions, like what their employee identification number is or confirm the date and amount of your most recent payment.
- Do not respond to text or email messages threatening to turn off your utilities.
- Call the utility company using the number on your bill or the company’s website before taking any action. Do not use a number provided by the representative.
Online Marketplace Scams Target Both Buyers and Sellers
Whether you’re looking for a houseplant, a coffee table, or a new gaming console, online marketplaces can be great places to start. But be careful. Anonymous listings and virtual transactions are ripe for online marketplace scams, which can take a variety of forms.
You May Not Get What You Paid For
If you pay in advance for something you have not seen in person, the item may not arrive as advertised. In fact, it may not arrive at all. A picture of a cute puppy or designer jewelry is easy to post in a marketplace, but if you pay without knowing the seller personally or seeing the product, the seller can take your money and disappear.
Payment Type Matters
Pay attention to listings that insist on an unusual payment method, such as gift cards. Gift card numbers are hard to trace, so if you don’t get what you paid for and the seller’s profile has disappeared from the marketplace, it will be very difficult to track them down or get your money back. Also keep in mind that with many digital payment methods, once you send a payment it often can’t be reversed, making it even more important that you know who you are dealing with and what you are buying.
Scams Targeting Sellers
While many people are aware of scams targeting buyers on marketplace sites, sellers can get scammed too. One tactic is for scammers to fake payment receipts or confirmations with an amount that’s higher than the asking price. The supposed buyer may claim to have purchased a product above your listed price and request a refund without actually having placed an order.
Another marketplace scam growing in popularity involves a fake email appearing to be from Zelle®, claiming that a transaction cannot be completed until your Zelle® account is upgraded.
In reality, the scammer is tricking you into paying them for an upgrade that doesn't exist. Zelle® does not offer account upgrades.
Warning Signs – What to Watch For
- Unreasonably Low Prices: Sometimes an incredibly low price is literally too good to be true. In most instances, it’s best to pass on this type of offer unless you can inspect the product in person and ensure its authenticity.
- Sales Pressure: If the seller creates a sense of urgency by warning that the item won’t last long or many others are interested, take your time and think it through. Creating urgency is a technique to get you to act on impulse instead of logic, and it could lead you to overlook something suspicious.
- Fake Profiles: Keep an eye out for telltale signs of a false profile, like a generic profile picture, only one friend or connection, or a profile name that does not match the name or email address on the invoice.
Slow Down, Ask Questions
When it comes to making safe marketplace purchases, remember to slow down and ask questions. If you detect suspicious activity, report the user to your marketplace platform.
How Scammers Use Social Engineering to Steal Money
And how you can spot them
As scams become more prevalent, they are also more sophisticated, making them harder to detect. Scammers employ what is known as “social engineering” to manipulate people into revealing sensitive information. It’s all about the psychology of persuasion. These scammers take advantage of human nature, aiming to lower your defenses so you’ll act on impulse rather than reason. Let’s look at some examples of how social engineering uses the powers of persuasion to steal personal information and money:
Pretexting
Building a solid pretext or a fabricated scenario is an important aspect of social engineering. Hackers often research their victims in advance to get a sense of the victim's personal and professional life to help establish the right pretext with which to approach a victim. This information can easily be found by a simple internet search or reviewing social media activities. Pretexting is typically the first step in a broader scheme to steal from you. The scammer then pretends to be someone you trust, possibly a representative from your financial institution or a government worker offering loan forgiveness. It often starts with a friendly “hello” and a convincing story that leads the victim to hand over sensitive information that can be used to steal money or commit identify theft.
Baiting
Baiting uses the false promise of an enticing item, such as a monetary reward or free movie download, to trick the unsuspecting consumer into opening a file or providing sensitive information, like their login credentials. Instead of the attached file being the movie or other © 2023 Early Warning Services, LLC. All rights reserved. Zelle and the Zelle marks are property of Early Warning Services, LLC. reward, it is actually infected with malware that will encrypt or take control of the individual’s data, allowing the attacker access to personal information.
Phishing
Phishing is one of the most common types of social engineering attacks, typically in the form of emails or text messages that look like they are from a reputable source, like your financial institution, informing you of an urgent matter that needs your immediate attention. The message may include a link to a fake website that looks legitimate and suggests that you must provide personal information in order to remedy the urgent issue. This can result in the scammers gaining access to your accounts or learning important details about your identity. How to Combat this Psychological Manipulation Knowledge is key. Now that you know what to look for, follow these tips to help protect yourself. 1. Delete requests for personal information or passwords. No one should contact you for your personal information. Not even your financial institution. 2. Disregard offers for help or requests of help from those you don’t know. Especially if unsolicited. 3. Avoid tempting offers. Though it may be difficult to pass on what appears to be a great offer, don’t just dive in. If it seems too good to be true, it probably is. If you’re really interested, take a step back and do some research. Confirm that the company is legitimate by researching reviews. If they are reputable, call the company allegedly offering the deal to ensure the offer came from them and not a scammer pretending to be them. 4. Verify contacts. Scammers usually imitate legitimate companies by mimicking their names in emails or using caller ID spoofing. You can check their authenticity by looking at the domain name of an email address or hanging up on an unsolicited caller, verifying the legitimate phone number, and calling back. If you detect suspicious activity, contact the alleged company directly. If you have received something from your financial institution that seems suspicious, contact us at (800) 422-5675.
Many people use some form of social media, such as Facebook, Instagram, or LinkedIn. When using social media platforms, it’s important to be careful about what you post. Cybercriminals can use this information in cyberattacks to try and trick you into clicking malicious links.
Be Careful What You Post
Any information that you post on social media could be used to catch your attention in a spear phishing attack. Spear phishing is when cybercriminals target you specifically. For example, if you post online about your rescue dogs, cybercriminals may send you phishing emails spoofing an animal shelter that’s asking for donations. The email could appear legitimate, but cybercriminals are actually trying to trick you into giving them your payment information.
Keep it Private
Cybercriminals may also try to phish you through a direct message. Some cybercriminals will even use online bot accounts to reply to your posts or message you automatically. Luckily, many social media platforms allow you to have a private account and restrict who can contact you. Be sure to use privacy features to protect your personal information from strangers and cybercriminals.
What Can I Do to Stay Safe?
Follow the tips below to stay safe when using social media:
- Think before you post. Cybercriminals can use your personal information in spear phishing attacks to make the attacks appear legitimate.
- Make your social media accounts private. This helps prevent cybercriminals from using your personal information against you.
- Be cautious before replying to someone you don’t know online. They could be a cybercriminal in disguise.
Many people use email in their personal life and their workplace. You can get an email from your aunt with her stew recipe or an email from your boss with a guest list for the office party. But what if the email isn’t actually from your aunt or boss? Cybercriminals often pretend to be someone you know to get you to click unsafe attachments, such as fake DOC files or PDF files. Some of the most common attachments used for attacks are DOC files and PDF files. It’s important to learn how to identify unsafe email attachments and protect yourself.
Fake DOC Attachments
Older Microsoft Word DOC files are commonly used in cyberattacks because they can include macros. A macro, short for macroinstruction, is a set of commands that can control a DOC file and other programs. Cybercriminals may send you an email with a DOC file that contains a macro. The email usually looks legitimate and gives an urgent reason for you to open the file. If you open the file, a pop-up window will display asking you to enable macros. If you accept, the macros will be able to install malware on your device.
Fake PDF Attachments
PDF files are sent over email every day, making them perfect tools for cyberattacks. One popular type of attack is when cybercriminals put an image in a PDF file to trick you into clicking it. For example, it could be an image that looks like a video with a play button. The image will be something that catches your attention, like a cooking video from social media or a cute cat video. Unfortunately, clicking the image could send you to a website designed to steal your sensitive information.
What Can I Do to Stay Safe?
Follow the tips below to stay safe from dangerous email attachments:
- If a suspicious email appears to be from someone you know, contact them over the phone or in person. Check to see if the email is legitimate before putting yourself at risk.
- Avoid DOC files in general. They use an outdated format and contain too many security risks. The newer DOCX format is the current standard and is much safer.
- Always think before you click. Cyberattacks are designed to catch you off guard and trick you into clicking impulsively.
Many of us receive a steady flow of emails every day, including bank statements, order confirmations, or sales promotions. To keep up, you may look through your inbox as quickly as possible—but don’t forget to stay vigilant. Cybercriminals take advantage of full inboxes to send dangerous, unexpected emails.
Unusual Scam Activity Detected
One of the most popular unexpected email scams includes fake banking emails. Cybercriminals will send you an email that appears to be from a local bank, claiming that they have suspended your account due to unusual activity. Before taking action, consider whether it makes sense that you’re getting this email. Ask yourself questions like:
- Do you have an account with this bank?
- Is this how your bank typically contacts you when unusual activity is detected?
- When was the last time you checked your bank account?
If you don’t stop and think, you may give cybercriminals exactly what they want.
Your New Scam Is on the Way
In another scam, cybercriminals imitate a popular retailer’s order confirmation email. The email states that your card was charged a large sum of money and your order is on the way. Even though a fraudulent charge is alarming, pause and determine if the email makes sense. Ask yourself questions like:
- Do you shop at this retailer?
- Have you ever entered your credit card information on their website?
- Does the email include any accurate identifying information, like your name, credit card number, or shipping address?
Without pausing to ask yourself questions like these, you may fall right into a cybercriminal’s trap.
What Can I Do to Stay Safe?
Follow the tips below to stay safe from unexpected email scams:
- When you receive an unexpected email, stop and consider the context. For example, if the email is about an order you didn’t place, it could be a scam.
- Never click a link in an email that you aren’t expecting. Instead, open your internet browser and navigate to the organization’s official website.
- Watch out for urgent messages, such as an email alerting you about an expensive credit card charge. Phishing attacks rely on impulsive actions. So, always think before you click.
With the internet and social media as a part of our everyday lives, it can be difficult to avoid sharing personal information online. Having an online presence can be valuable, but sometimes sharing personal information is risky. If you want to know what information about you is online, Google yourself.
Google Yourself
If you Google your name, you may find public information about yourself that you didn’t expect to see, such as your phone number, email address, or home address. Some information is available online through government agencies, while other information is posted by data brokers. Data brokers are organizations that collect and sell information.
Cybercriminals’ Scams
Cybercriminals can use your public information in phishing attacks to try and scam you. They often use specific details to make their phishing attacks appear more legitimate. For example, if your home address is publicly available online, cybercriminals can use it in delivery scams. For these scams, cybercriminals will send you a phishing email about a package delivery. This email will prompt you to click a link that appears legitimate but is actually malicious.
What Can I Do to Stay Safe?
Follow the tips below to stay safe online:
- Be careful about what you post online. Cybercriminals could use this information in a phishing attack.
- Analyze your online presence often and remove information that you don’t want cybercriminals to know.
- Many websites have security options that can easily be overlooked. Review and edit your privacy settings to protect your information.
Even though minor children do not have credit yet or make transactions on their own, they are still vulnerable to fraudsters, hackers and thieves who would steal their identities. An experienced hacker can use a child's Social Security number with a different name to create a fictitious or "synthetic" identity that can then be used to apply for credit, government benefits, and more.
We want to make sure that your account holders are aware of the risk to the identities of the children in their care and can take steps now to protect their children's identities into adulthood. If your account holder is concerned that a family member’s data may have already been compromised, our professional Identity Theft Recovery Advocates are here to help them identify and recover from the effects of identity theft.
Child identity theft isn’t something we often think about. However, it occurs more often than you might expect. According to Javelin’s Child Identity Fraud Report, child identity theft affects 1.25 million kids every year, which translates to about one in 50 children in America. When you see those numbers, it becomes apparent that we must act now to protect the children in our lives.
What Is Child Identity Theft?
According to the Federal Trade Commission, “Child identity theft happens when someone takes a child’s sensitive personal information and uses it to get services or benefits or to commit fraud. They might use your child’s Social Security number, name and address, or date of birth.”
Child identity theft happens for a multitude of reasons. The perpetrator could use this information to open a bank or credit card account, apply for government benefits, or even to sign up for a utility service or to rent a place to live. Much like other types of identity theft, it can be easy for this type of identity theft go undetected for months or even years.
How It Happens
As with adults, identity theft against children can be perpetrated through a variety of sources. Below we have listed some ways that children's personal identifying information (PII) could be exposed and then potentially used for fraudulent purposes.
- Data Breaches. Kids’ personal identifying information is in so many places, and nothing is completely secure. Schools, doctors’ offices, and your home can all experience security breaches. After a child's confidential information or PII is exposed, whether the data breach incident is accidental or with malicious intent, the security breach cannot be undone. Often, criminals will wait to utilize the confiscated information for their own purposes.
- Familial Fraud. Three out of four cases of child identity theft come from those close to the victim, in what is known as familial fraud, and often occurs in correlation with other forms of abuse, according to Javelin's Child Identity Fraud Report. Kids are often more trusting than adults, especially when they know the person who is asking for their information. Unscrupulous individuals at times utilize the PII of their own children, or children they know through family or friends, for their own benefit.
- Phishing. These scams don’t just target adults. Children that use the internet without parental supervision have a higher chance of giving their sensitive information to a scammer, not realizing that they are being tricked. Kids don’t always know not to share their birth date, place of birth, and passwords with strangers or online “friends.”
- Hacking. As more children have their own devices, and often multiple devices (computers, tablets, and phones), hacking becomes more common. Hackers can gain access to the information stored on these devices and can also log in to social media accounts, which they could use to attempt to defraud friends and family, acting as your child.
Warning Signs Of Child Identity Theft
Regardless of the way the information makes it into the hands of identity thieves, below are some warning signs that your child's identity may have been stolen:
- Unexpected Mail. Your child begins receiving credit card offers, collection notices, or bills under their name.
- Collection Calls. You or your family members begin to receive calls from collection agencies for unpaid bills in your child's name.
- Government Benefits Denials. Your child is denied government benefits because they already being claimed, when this is not the case.
- IRS Notifications. The IRS contacts you or your child about your child owing taxes, or indicates that their SSN was used on another tax return.
How You Can Help Protect Your Children
The best way to help protect your family from identity theft is to be proactive in helping to prevent it. The most effective preventative measure is education. This type of education will not only help protect them now, but it is information that will benefit them as adults.
Keep Important Documents in a Secure Location. Keep your family’s personal identifying information in a secure place in your home, be selective about what services you sign up for, and don’t give your information out unless it is absolutely necessary. Make sure that any important documents in your home - such as Social Security cards, birth certificates, or other legal documents - are stored securely, to avoid compromise.
Share Personal Information with Caution. Assess the need before listing your child’s Social Security number (SSN) on forms. Schools and school break camps shouldn’t be using it as the only unique ID for each child. If SSN is required, don't be afraid to ask if it's ok to share only the last 4 digits of your child's SSN.
Educate Your Child. Talk to your child about the importance of privacy and the dangers of sharing personal information, online and offline. Ensure that your child isn't sharing personal information like their birthdate, address, or school on social media, other online platforms, or with other individuals without your permission.
Secure Your Mail. If you're sending or receiving mail with personal details, especially if those personal details pertain to your children, consider using a mailbox that locks or opt for electronic delivery. Retrieve your mail daily as soon after delivery as possible. Consider opting into the U.S. Postal Services “Informed Delivery” service. It’s free to sign up and it will provide a Daily Digest email that will preview your mail and packages scheduled to arrive soon, along with an image of each of your incoming letter-sized mail. This will help you stay vigilant to any missing mail that never arrives.
Discard Unnecessary Documents with Care. If you have postal mail or other important documents that you no longer need to keep on file, make sure that you use a cross-cut shredder to securely destroy the paperwork. Criminals can engage in "dumpster diving" to retrieve discarded paperwork with personal information, potentially compromising you and your family.
Child identity theft can have long-lasting consequences, potentially impacting your child's credit and future opportunities. By remaining vigilant, educating your child, and keeping a close eye on his or her personal information, you can help better protect your child from the impacts of identity theft.
Vishing and Smishing: What You Need to Know
It would be great if technology could solve all of our cybersecurity problems. We rely on security systems such as antivirus software, firewalls, and software updates to protect our devices and data. However, at the end of the day it all comes down to people. According to the Verizon 2022 Data Breach Investigations Report, 82% of breaches involved the Human Element, including Social Engineering Attacks, Errors, and Misuse.
Phishing e-mails continue to be one of the most popular methods of attack used by cybercriminals, but they are not the only method. Let’s review some additional types of social engineering attacks and what you can do to protect yourself.
Voice Phishing (Vishing) and SMS Phishing (Smishing)
Vishing: In vishing attacks, scammers use phone calls or voice messages to impersonate legitimate businesses and trick you into giving them money or revealing personal information. Sometimes these fraudulent calls are made by actual people; other times they are done via robocalls. Worse yet, the scammers may spoof phone numbers that belong to real companies or individuals to deceive you.
Smishing: In smishing attacks, scammers send phishing messages via text messages or messaging apps to your smart phone or tablet. Like phishing e-mails, you are prompted to open a link to access a website or app. The link may take you to a login page to enter your username and password, a form to provide your personal information, or a malicious app that infects your device.
Common Vishing and Smishing Scams
Below are examples of common Vishing and Smishing Scams to look out for.
- Demands for payment. The scammer pretends to work for a government agency such as the IRS and tells you that you owe money. They may threaten that you will be fined or even arrested if you do not pay.
- Account verification. The scammer poses as an employee of your bank or credit card company and states that they noticed unusual activity on your account. You are asked to provide personal information to verify your account.
- Program enrollment. The scammer represents themselves as a representative of a government program such as Medicaid and offers to help you with your benefits. You are asked for your personal or financial information to complete enrollment.
- Order/shipping confirmation. The scammer sends you a link to track a package or confirm your order, even though you did not order anything recently. The link may ask for your username and password or install malicious software on your device.
- Winning a prize. The scammer informs you that you won a contest. From there, they may ask for personal information or walk you through accessing your bank account so you can receive a deposit.
- Tech support. The scammer offers to fix a computer problem that you didn’t even know you had. They may ask you to visit their support website, install software to give them remote control, or provide them with your accounts and passwords.
How to Protect Yourself from Vishing and Smishing Scams
Here are some tips to help protect yourself from both vishing and smishing scams.
- Pause, think, and act. Scammers will stress a sense of urgency to trick you into doing what they want. Don’t take the bait. Take time to think about what you are being asked to do and why before you take any actions. Think twice before clicking on links in text messages. Instead, visit the organization’s website directly to ensure you are communicating with the real business.
- Do not answer the phone or respond to texts from unknown numbers. If the scammers can’t reach you, they can’t trick you. If you do answer the call, hang up immediately.
- Keep your personal information private. Never give out personal information such as account numbers, Social Security numbers, passwords, or Multi-Factor Authentication (MFA) codes to unknown people.
- Verify the source. If you receive a message from someone who says they represent a company or a government agency, hang up and contact them by using the contact information posted on the organization’s website.
- Enable strong security on your accounts. Creating strong and unique passwords is still a security best practice for protecting your personal and financial information. If you have difficulty creating unique passwords for each of your accounts, consider using password generators and managers to develop more complex passwords and store them securely as well. Enable MFA when available as an added layer of protection for your online accounts.
{openTab}
‘Tis The Season For Scams, Again
November is the month when consumers need to step up their vigilance around fraud and cyber-attacks (though you should remain wary throughout the year). In addition to the usual suspects, be on guard against new scams that can/will ruin your holiday plans
New Scams to Watch Out For
New threats include the following scams. Remember, think before you click!
Social Media Scams. Resist the temptation of clicking on ads on social media pages because they can direct you to a fraudulent website and give the gift that keeps on making you miserable by infecting your device with malware. Instead, visit the trusted retailer's website.
Look-A-Like Websites. Speaking of social media scams, threat actors create counterfeit websites that look like the real thing but are designed to capture credentials and account information or are laced with malware, software designed to give scammers unauthorized access to your device. Instead, visit the trusted retailer's website. Always double-check the URL before making a purchase and be wary of sites where the brand name is included with long URLs. Scammers use URLs that look remarkably similar to those of legitimate sites.
Fake Travel Booking Sites. Nothing will ruin your holiday travel like booking a trip on an imaginary travel booking site. When searching for travel destinations and booking travel, pop-up ads with unbelievable deals will trap your personally identifiable information leaving you stuck at home.
Compromise Account Alerts. Sure, the notice that you’re overdrawn or under attack may look real but is not. Fraudulent alerts are designed to make you panic, click the link, and surrender your account information. The best bet is to contact your financial institution directly using trusted information.
The Usual Suspects
Remain vigilant during the 2024 holiday season by being aware of these common scams.
Gift Card Scams. Budgets can become tight during the holidays, so any financial relief is welcome. You may, however, come across emails or pop-up ads offering gift cards. Be wary of these tempting opportunities. They are often a ploy to collect your personal information that can be later used to steal your identity.
Charity Scams. Charity scams can take place online and even over the phone. According to the Federal Trade Commission (FTC), scammers will rush people into donating or trick them by thanking them for a donation they never made and then asking for payment. They will also use vague and sentimental claims while asking for a donation but won’t detail how they’ll donate your money. Always research any charity before you donate and never give cash by gift card, cryptocurrency, or wire transfer.
Package Delivery Scams. The Federal Communications Commission (FCC) warns of delivery notification scam calls and texts. These text messages and calls look like they’re from a legitimate mail or package courier, such as the US Postal Service, and include a fake tracking link. The link will lead you to a website requesting personal information, or it will install malware on your phone or computer. The malware will then start stealing your information.
Fake Gift Exchanges. You're invited via social media to join a gift exchange, which sounds harmless and fun. Why wouldn't it be? If you buy one $10 gift for a stranger, you will receive as many as 36 gifts back! It's a hoax with the same premise as a pyramid scheme because it relies on constantly recruiting new participants. In the US, pyramid schemes are illegal, so it's best to just respectfully decline any invitations to participate.
Emergency Scam. No one wants to hear a family member or friend is dealing with an emergency, like a serious accident or incarceration. We quickly want to help, which is admirable, but scammers take advantage of it. They target people by pretending to be a family member or friend whose circumstance requires money to be resolved. Before sending any money, verify their story with other family and friends, but call directly. You can also ask questions that would be hard for an impostor to answer correctly.
Malware Email. Don't be quick to click! Clicking on the wrong link in emails or pop-up advertisements or downloading a scammer's attachment can result in malware spreading to your computer. This computer virus can steal personal information or even hold your device hostage unless you pay a price.
Puppy Scams. Pets make great gifts, but there's a lot you should first consider. One is the dangers of buying or adopting a pet online. You could end up with a puppy mill pooch, or nothing at all. Fake pet sellers can lure you into thinking you're getting a four-legged friend, only to take your money and not deliver.
What to Do If You Are Scammed
- If you feel that someone is scamming you, don’t respond to the email, and block it. If it’s a phone call – hang up!
- If you provide your personal information (account, date of birth, online banking user ID, password, etc.) contact The Tri-County Bank immediately.
- Use multi-factor authentication wherever possible
Will credit monitoring alone safeguard you against identity theft? In a nutshell, the answer is a resounding "no." Credit monitoring and identity theft protection services both have their pros and cons. But if you are offered these services as a result of a data breach or other cyber incident, it’s important to know what they are and do…and what they are not and don’t and whether a credit freeze is really what you need.
Credit monitoring and identity theft services may send you alerts when there's activity related to your credit, such as accessing credit, applying for new accounts, or opening an account. And they can assist you in the process of correcting any identity theft issues that arise. While this is great, they cannot prevent such incidents from happening in the first place, nor can they stop them in progress.
On the other hand, there is a solution that puts a sturdy lock on your credit: a credit freeze. This feature blocks any attempts to access your credit, and the credit bureaus will notify you if someone tries to pry their way in. A credit freeze is particularly recommended for those whose social security numbers have been stolen and who don't plan on applying for credit in the near future. However, if you're gearing up to apply for a mortgage, credit card, car loan, or anything similar, a credit freeze might not be the most suitable option. In such cases, it's advised to apply for credit first and then initiate the freeze on your account.
Keep in mind that a credit freeze can be lifted temporarily if needed, and you should check the specific guidelines regarding lead time. The good news is that they do not charge to temporarily lift or restart a freeze.
Here's an important tidbit: if your credit is already frozen, credit monitoring services won't be able to do their job effectively. They require access to your credit information to monitor it, so if you opt for credit monitoring (which you should if it's offered and you want to keep your files accessible), sign up for the service before freezing your credit. Additionally, if you've already been a victim of identity theft, these services can assist you in recovering and restoring your credit. However, don't unfreeze your credit just to sign up for monitoring. If the third party can't access your file due to the freeze, then the credit freeze is doing its job properly.
Don't forget about the young ones either! It's crucial to monitor the credit of your children. Ideally, children under 18 shouldn't have a credit report. However, a sobering reality reveals that one in 50 families with children under 18 is affected by child identity fraud (according to a 2022 study by the Javelin Strategy & Research group). If you come across a credit report for your child from Equifax, Experian, or TransUnion, it could mean one of three things: either a parent or guardian applied for credit using the child's social security number and got approval, someone fraudulently used the child's information to obtain credit, or the child was listed as an authorized user or joint account holder on a credit account.
Now, let's talk about those credit monitoring services that eagerly ask you to enter your bank account numbers, credit card numbers, passport details, medical information, and other sensitive data into their forms. They claim they'll keep an eye on all of it, right? Well, here's the catch: even if they monitor all that information, it won't magically prevent identity theft. In fact, by sharing such critical information with yet another party, you're potentially exposing yourself to even greater risks of theft. After all, the more entities that have access to your data, the higher the chances of it falling into unauthorized hands.
So, be cautious and choose your identity theft protection strategies wisely. Remember, vigilance and protective measures are key to keeping your identity safe and secure.