Skip to main content
Protect Yourself from Scams
Protect Yourself from Scams
Protect Yourself from Scams
  1. Home
  2. Online Security
  3. Protect Yourself from Scams

Protect Yourself from Scams

As a consumer or a business, it is important to stay informed and knowledgeable about how to protect yourself and your business from cyber scams, including social engineering, identify theft and phishing.

These are some of the most common cyber scams to gather sensitive or financial data to steal or extort money from an individual or business. This information is to help educate our customers, to stay diligent in protecting their personal, financial or other sensitive data.

What is Social Engineering?

Social engineering is the psychological manipulation of people into performing actions or divulging confidential information. Using various Social Engineering methods the criminal can circumvent security measures in order to get access to sensitive information like passwords or bank account details or may even gain unauthorized access to systems.

Some of the more prevalent social engineering forms are phishing, vishing, ransomware or pretexting.

  • Malware – This is short from malicious software, is an umbrella term to refer to a variety of forms of hostile intrusion software.
  • Virus – A computer virus is a malicious program designed to damage a computer system that can replicate itself and spread to other computers.
  • Spyware – This is any software that covertly gathers user information through the user’s Internet connection.
  • Phishing – When an email masquerading as a trustworthy email is sent to the user is attempting to acquire sensitive information such as usernames, passwords, or other sensitive data.
  • Spear-phishing – Spear-phishing is an email spoofing that targets a specific organization seeking unauthorized access to confidential data.
  • Pharming/Minnowing – This is where malicious code is installed on a personal computer or server misdirecting users (family or children) to fraudulent websites without their knowledge or consent.
  • Text Smishing – This is the attempt to acquire personal information such as passwords or account details by masquerading as a trustworthy sender in a text message.
  • Vishing – This is where a fraudster attempts to use social engineering over a telephone system to gain access to private personal and financial information from the public for the purpose of financial gain.
  • Key logger – This is a type of software that captures all of your key strokes, mouse clicks, and screen pics, then transmits all recorded information to the fraudster allowing them access to your accounts within minutes.
  • Pretexting/Spoofing – This is a social engineering technique in which a fictional situation is created for the purpose of obtaining personal and sensitive information from an unsuspecting individual. It usually involves researching a target and making use of his/her data for impersonation or manipulation.

Two examples of how scammers utilize social engineering include digital wallet scams and a cryptocurrency scam known as "pig butchering". It is important to note how the scammers operate and to educate yourself on how these scams unfold. 

Digital Wallet Scams

Digital wallet scams most often involve spoofing. Customers will receive phone calls from individuals spoofing the bank's Customer Care Center number. The caller will claim to be from the fraud team and state that they are reporting suspicious debit card transactions. By acting as a trusted source, the customers are more willing to provide any information necessary to the caller to address the issue.

While being on the phone with the customer, the scammer will also be on another call with the bank's card processor. They attempt to authenticate with the card processor to get assistance with attaching the card to a digital wallet. Part of the authentification process includes sending a one-time-passcode to a number on file. The scammer will let the customer know they are sending a code and gather that code to provide to the card processor, unknowingly to the customer. 

Scammers have asked for card numbers, CVV codes, online banking details, social security numbers and various other private information for the customer. They have also been reported to have asked customers to place their debit card in their mailbox for the bank employees to pick up. It is important to know that the bank representatives will never ask for certain information from customers such as their CVV code and online banking details. The bank will also never instruct how to clear fraud alert messages. Customers receive letters in the mail anytime their card is attached to a new digital wallet and should report any activity they did not initiate as soon as possible. 

In addition to posing as a bank representative, scammers are also known to utilize spoofing to trick customers into paying their "utility company" through digital wallets. Scammers will claim that the customer's bill is past due and in order to rectify the situation the scammer demands a payment through a digital wallet. Often times the scammers will even threaten to shut off services if the customer does not comply. If you suspect something is wrong, please hang up and call your utility company directly to report this activity. 

Pig Butchering

Pig butchering is a crypto scam that involves scammers employing artificial images and information in an effort to establish contact and ultimately foster a seemingly authentic relationship with potential victims (“pigs”). These fake personas typically contact victims by text messages, social media, or dating apps. Through frequent and friendly exchanges, scammers begin “fattening the pigs”. This fake relationship provides an open door for scammers to incorporate cryptocurrency into their conversations while avoiding asking for money directly. Alternatively, the scammers offer investment coaching and instruct their victims to send money to various platforms that the scammer has secretly developed and controls. This is when the “butchering” begins.

Once the victims have responded by sending small amounts to a cryptocurrency exchange, the scammers will present false account information purportedly showing a growth in their investments. Victims may even be allowed to cash out a portion of their investment in order for the scammer to maintain a semblance of authenticity. Pressure is continuously added to victims to send money until they are “bled dry”.

Trying to cash out their investments will only reveal that the victims' money is gone and that their cryptocurrency investments have been a scam all along. Often times the scammer will tell the victims that they must pay exorbitant fees or taxes in order to cash out. By this point, the scam has run its course and the scammers have moved on to their next victim.

Learn more about scams

The following sites regularly update information in regards to scams impacting consumers. 

How you can protect yourself from becoming a victim

There are several ways to protect yourself to avoid becoming a victim to social engineering.

  • Do not share sensitive information over a phone call with anybody, even if he/she claims to be from the bank. If you have any suspicion, contact the bank/person directly.
  • Do not  call a number sent in a voicemail or text message. Validate the phone number through the official bank website or on the back of your bank card or from other trusted sources.
  • Be suspicious if a business, government agency, or organization asks you to click on a link that then asks for your username or password or other personal data. Instead, type in the web address for the organization or call them. The link in the email may look right, but if you click it you may go to a copycat website run by a scammer.
  • Be cautious about opening attachments.  A scammer could even pretend to be a friend or family member, sending messages with malware from a spoofed account.
  • Check your credit reports regularly. Remain aware of your credit score and credit activity by obtaining a free copy of your credit report from each of the credit reporting bureaus per year: Equifax, Experian, and the Trans Union using a central website:  www.annualcreditreport.com or call 1-877-322-8228.
  • Monitor your account statements to ensure that you recognize all activity.
  • Limit what you share on social media sites. Avoid posting when you are out of town, as it can alert thieves to an empty house. Also, don't publicly share personal information like your phone number or address; scam artists can take advantage of this information.
  • Avoid doing any business or banking on unsecured Wi-Fi networks that don't require a password.
  • Shred all important documents. This includes tax information, credit card statements or any other financial documents.
  • Keep your computer safe. Update your virus protection software, change passwords often, and shop on trustworthy websites that are secure. To ensure that a website is safe, look for a lock symbol in the URL menu bar or the "https" in front of the website address in the search bar.
  • Set your security software to update automatically, and back up your files to an external hard drive or cloud storage.  Back up your files regularly and use security software you trust to protect your data.
  • Cut up and destroy all credit cards before throwing them away. Consider opting out of any pre-approved credit card offers, which can easily be stolen from mailboxes by identity thieves.
  • Lastly, report phishing emails and texts by forwarding them to spam@uce.gov and filing a report with the FTC.