Protect yourself from identity theft and fraud: Pro tips from our Security Officer
They say “knowledge is power,” and when it comes to fraud, knowledge is powerful protection. The more you know about scams, the more likely you’ll be to spot and resist them. So we’ve asked our vice president and corporate security officer, Dan Cardi, to help educate us.
Q: Dan, what are the most common types of fraud?
A: The schemes keep evolving, but we still see variations of traditional hoaxes like someone giving you a counterfeit check and asking you to forward the funds to them. Classic phone scams are ever present too. We’ve all heard stories of a “grandchild” stuck overseas and needing funds urgently. But that’s just the tip of the iceberg.
Imposter scams can happen by phone, text, email, social media, and chat. The common thread is a person pretending to be someone you trust pressuring you to send money or share personal information. These bad apples are good actors and can impersonate just about anyone, from an IRS auditor to a utility company representative, a tech support specialist to a person looking for a relationship on a dating app.
Now that texting has become second nature, text and chat scams are on the rise. You may have gotten one saying there’s an issue with a UPS delivery or Costco order, for example. We’ve had questions about texts from a “bank”—I’ve gotten them myself—with links that take you to a fake website that looks like the real thing. If you try to log in, the scammers collect your information for future identity theft.
Similarly, social media, WhatsApp, and gaming chats are flooded with fake accounts, friend requests, money-making and ticket-sale scams, and invitations with malicious intent.
Q. What about some of the newer cyberthreats?
A. Phishing, vishing, and smishing are relatively new terms, but they’re just different forms of imposter scams. These are emails (phishing), phone calls (vishing), and texts (smishing) that seem to be from an authentic source—your bank, boss, or Amazon, for example—with a made-up story about why you need to open a link or attachment or fork over money, gift cards, or identifying information. Vishing often includes spoofing, which is making a phone number appear legitimate on Caller ID.
In all these cases, scammers try to get the victim to comply with demands that ultimately allow them to redirect money, install malware, or lure them to a website where they collect credentials.
Q: What are the clues someone’s trying to scam you?
A: Scammers use fear and urgency to get victims to act quickly without verifying the situation. So if someone says there’ll be a bad consequence if you don’t respond immediately, that’s a red flag. If the voice on the phone sounds “off,” put up your guard.
Like all criminals, scammers don’t want to get caught. That’s why they ask for payments that can’t be traced or refunded, like wire transfers, digital payment services like Venmo, and gift cards. Or they ask for information they can use to steal your identity. Be suspicious if anyone demands any of these things.
Phishing emails require extra vigilance. I’m a security professional and even I’ve been impressed by how authentic they can appear, right down to the correct company logo. We’ve had business customers receive invoices that look remarkably legitimate, so they pay them and ultimately find out that the payment was directed to a criminal’s account. If they had looked more closely at the link before clicking, they would have seen it went to the wrong website. We’ve seen people fall for scams that link to www.gullible.com because they weren’t paying attention to the details.
So examine everything. That includes comparing the sender’s email address and phone number to the correct ones, checking website URLs, hovering your cursor over hyperlinks to see if the web address matches the legitimate one, noting spelling and grammar errors, and thinking about the tone of voice. Would the sender use that language, or be impersonal and forceful?
Remember, trustworthy institutions like Community Bank will never ask you to share your Social Security number, account numbers, or password over email, text, or the phone. If you’re not sure, call your local branch or the number on the back of your card.
Q. How can we make it less likely we’ll be targeted in the first place?
A. I used to be a police officer and I’d tell people to “be aware of your surroundings.” The same advice applies to the internet and social media. Verify who’s around you and:
- Change passwords often and don’t use the same ones for different applications
- Avoid public Wi-Fi and USB charging stations
- Don’t send payment, click links, open attachments, or install software without verifying authenticity
- Set your email spam filters and social media privacy settings to the highest levels
- Use spam detection to silence unknown callers; if it’s important, they’ll leave a message, if it’s spam, block the number
- Be careful about what you share on social media
Q: What should you do if you think you’re being spammed?
A: Don’t interact or respond. Just hang up the phone or delete the email or text. It might not feel nice, but it’s the way to stay safe. If you’re not sure, look up the person or business’s contact information and reach out to them directly. If it’s Community Bank, call or email your local branch or our Customer Care Center at 1-866-764-8638.