Fraud schemes are hardly limited to the holidays, but they tend to spike during this high-spending and stressful time of the year. We would like to help arm you with information on the fraud practices you may encounter and how to avoid becoming a victim.
Technology has created more options for you to access accounts and make purchases, fraud too has opened up more sophisticated avenues. It is always good to continue to be skeptical about calls, texts, and emails.
Listed below are several important fraud methods you may encounter:
Brute Force Schemes are attempts to crack a password or username, find a hidden web page, or find the key used to encrypt a message using a trial-and-error approach to guess correctly. This is an old attack method, but it’s still effective and popular with hackers as they work, whether to crack a single card number or complete BIN.
Skimming is perpetrated by using electronic devices to surreptitiously scan and store credit and debit card numbers and PINs. ATMs and some unattended terminals, such as gas stations, are targets for this practice. This information can then be sold to fraudsters or used to commit theft directly. Fraudsters can use the numbers to make online purchases or to create fake cards for in-store transactions.
Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
SMiShing (SMS phishing) is the act of attempting to acquire personal information such as passwords and details by masquerading as a trustworthy entity through SMS text messages on cell phones. SMiShing messages may come from telephone numbers that are in a strange or unexpected format with links directing to fake websites. A typical SMiShing occurrence can begin with a cardholder receiving a text message inquiring about a suspicious transaction on an account. In reality, the fraudster is looking to obtain other information from cardholders such as debit/credit card numbers, CV2 codes, expiration dates, PINs and other web login credentials.
Legitimate SMS text messages will NEVER include:
- Requests for cardholder’s data, such as card numbers, PINs, CV2 Codes, or Expiration Dates
- Vague reference of a “merchant” transaction; details should be included
- Hyperlinks to unknown websites
- Phone numbers as hyperlinks
Criminals in possession of card details and other forms of personally identifiable information (PII) may be able to spoof a cardholder’s financial institution’s phone number to fool cardholders into thinking text messages are from the fraud department.
Vishing is the telephone equivalent of phishing. It is described as the act of using the telephone to scam the user into surrendering private information that will be used for fraudulent purchases or identity theft.
Some holiday scams your cardholders may see:
Seasonal Travel Scams
- Beware of deals that are too good to be true
- Cardholders should always know who they are booking their travel through
Holiday Charity Scams
- A legitimate charity will welcome donations whenever the cardholder chooses to make it. Fraudsters will pressure cardholders to make it immediately.
- Don’t make any donation with a gift card or wire transfer.
- All user information is targeted in data breaches, not just payment card information.
- As fraud controls get smarter, fraudsters are shifting their strategies and patterns to bypass controls.
Avoiding Scams: Sticking to the Basics Can Go a Long Way
There is plenty of information available to consumers to help avoid being a fraud or theft victim.
Never provide passwords, credit or debit card information, Social Security Numbers and similar personal information in response to an unsolicited text message, e-mail, call or letter. An identity thief can use this information to apply for credit cards or loans, access your bank accounts online or otherwise commit fraud using your name.
Think twice before opening attachments or clicking on links in unsolicited e-mails and text messages. These messages may install “malware” (malicious software” on your computer or cellphone, which could allow crooks to spy on you and gain access to your online banking sites.
To confirm a message’s validity, contact the supposed sender. Don’t automatically assume the contact information listed in the email is accurate. Find the telephone number, web site, or e-mail address from an independent, reliable source.
Deal only with reputable merchants, service providers and charities. Friends and family may be able to provide recommendations. You can search for complaints against a business by contacting your state or local consumer affairs office and your local Better Business Bureau. There are also popular sites on the internet for consumer ratings and reviews of businesses.
Fraud artists also claim to be from legitimate charitable organizations – especially after a major disaster – and ask for “donations.” The Better Business Bureau’s Wise Giving Alliance (www.give.org) and other organizations can help you find legitimate charities with good reputations.
Be on guard against counterfeit checks, cashier’s checks or money orders. These often are associated with scams that say you have won a lottery or other prize, are bogus work-from-home offers, or are attempts to steal something you are selling on the internet. They can also be associated with offers to purchase items you are selling online or through classified ads. Be especially leery if you get a check for more than the amount due and you’re instructed to return the difference by depositing the checking and wiring the excess amount to the other party’s account or to an associate. If the check turns out to be counterfeit, you will be out the money regardless of whether you sent a check, wire or cash.
Be wary of unsolicited investment offers that sounds too good to pass up or that require you to act fast. Statements about low-risk investments with “guaranteed returns” that are unusually high, are red flags. Walk away from any offer that involves pressure to pay cash or provide personal information right away.
Protect your mail and other documents at home. Thieves know that credit card or bank statements and other documents contain valuable, confidential information. Try to use a secure mailbox for your incoming mail. Keep bank and credit card statements, tax returns, credit and debit cards and blank checks secure, even at home. Also shred sensitive documents before discarding them. Similarly, use an updated security program to protect your computer.
Look at your bank statements and credit card bills as soon as they arrive. Immediately report any discrepancy or anything suspicious, such as an unauthorized withdrawal or charge, to your financial institution.
Periodically review your credit reports and dispute any inaccurate information, which would indicate identity theft. You are entitled to a free copy from each of the nation’s three major credit bureaus every 12 months.