How to Prevent Person-to-Person Payment Scams

Person-to-person (P2P) payment options have certainly made paying back borrowed money to friends and family very convenient. From going out to eat and splitting the tab, to chipping in for a gift, or paying a trusted contact for a service – P2P payment services have made our lives quick and easy. However, if you are a user of a P2P payment service such as Zelle, Square Cash, PayPal, Venmo, Facebook Payments, Google Wallet, Apple Pay, Payzur, and the like – buyer beware.

Continue reading to ensure you know how to spot a P2P payment scam so that you don’t fall victim to this type of fraud. P2P scams are extremely serious, because the victim unfortunately usually is not protected from money lost and fraudulent access to their account(s).

Why are victims of P2P scams usually not protected?

Due to the fact that P2P transactions are consumer initiated, there is not much protection when a fraudulent transaction occurs – because technically the consumer authorized the transaction. Whether it’s the actual consumer or a fraudster who initiated the payment service transfer, there really is no way to prove it. In addition, user error is often not covered either. Most P2P apps have user agreements prior to first time use, where the user agrees when money is sent through the app – any losses are on the user, since they authorized a transaction.

Recently, Zelle’s P2P service added a measure to help prevent users from sending money to the wrong person. Zelle now includes a pop-up warning if a user is trying to send money to someone who is not in their contacts, which makes them think twice before allowing the funds to leave their account.

How does a P2P scam work?

A P2P scam is basically an account takeover scam. Fraudsters will send text messages to an unsuspecting consumer, appearing as if the message is coming from the individual’s financial institution.

  • The text will usually appear to come from the individual’s financial institution (aka: spoofing) and will warn them of suspicious debit card activity.
  • For those who respond to this fraudulent text, the fraudster will call that consumer also spoofing the financial institution’s phone number – and claim they are from the bank’s fraud department and would like to verify a suspicious transaction.
  • The fraudster will then try to get the unsuspecting consumer to verify their identity, and let them know a passcode will be sent via text message – and that the consumer must provide the passcode over the phone.
  • Once the fraudster has that passcode, they’ll attempt a transaction that triggers another two-step authentication passcode (such as forgot password so they can reset the consumer’s password, or they’ll try to initiate a P2P transaction).
  • The fraudster now has access to all of the consumer’s accounts within Online Banking, as well as access to their P2P payment service if one is provided through the bank (such as Zelle) – and will begin using P2P payments to transfer money to themselves.

And unfortunately, there is not much that can be done once this happens – because it appears that the consumer approved the P2P transfer. Since the fraudster spoofed the financial institution phone number, they more than likely won’t be caught either – once it’s recognized that a scam occurred.

How can I make sure I don’t become a P2P scam victim?

  • Only send money to people you actually know. P2P transactions are instantaneous (meaning they happen within seconds) and are often irreversible.
  • Get all of your recipient’s details prior to initiating a P2P payment. Before you press “send” or “pay,” be sure you have the correct user name, phone number, photo, or other identifier. If you incorrectly enter a recipient’s email or phone number, the money could go to the wrong person and you may not get it back. Some P2P services offer the option of receiving a special code to confirm that the person you’re sending money to is your intended recipient. If this feature is available – use it.
  • Confirm you know how to get help if something goes wrong. Before using a P2P service, search the app for procedures and customer service contacts. Know who to reach out to if you have a problem.
  • Keep your app updated. Hackers usually look to exploit vulnerabilities. If your software is not up to date, you’re missing out on protections. Be sure automatic updates are turned on so you know you’re covered.

While P2P services are a useful and convenient way to pay those you know without having to go to the ATM or get change – it’s important to also be aware of the risks and ways to avoid fraud while using them.

Always remember that your legitimate financial institution will never ask you for your login credentials, passcodes, or user name. If you have additional questions or concerns about P2P payment services or have been a victim of a P2P scam in relation to a First Financial account, please give us a call at 732.312.1500 or email us at info@firstffcu.com.

Article Sources:

CUNA Mutual Group 2019 Peer-to-Peer Payments Risk Overview

CUNA Mutual Group Risk Alert – Sophisticated Scams Lead to P2P Fraud (May 12, 2020)

Beware of Coronavirus Unemployment Scams

Millions of Americans have found themselves out of work as the economy still reels from the impact of COVID-19. A record number of Americans have filed for unemployment insurance in recent weeks. Unfortunately, when there’s bad news – scammers aren’t far behind. According to the Federal Trade Commission (FTC), Americans have lost a collective $13.4 million to coronavirus-related fraud, and unemployment scams have contributed their fair share to the loss.

With a high number of individuals filling out claims, along with the overloaded unemployment websites and phone lines – it provides the perfect cover for con artists. In light of the pandemic, the federal government has also waived some regulations of unemployment insurance, including the requirement to actively be seeking work in order to be eligible for benefits. This looser criteria has only made it easier for scammers to pull off their schemes without getting caught.

Here’s what you need to know about circulating unemployment scams:

How the scams play out

An unemployment scam can involve a con artist filing in someone else’s name and then collecting their benefits or claiming to have been employed by a place of business where they have never held a job. The victim will thus be denied their own benefits.

According to the Inspector General of the U.S. Department of Labor, these fraudsters can also take the form of a scammer impersonating a government employee and offering to help the victim fill out their application form for unemployment insurance. The victim, seeking assistance with their claim – will willingly comply with the scammer who is only out to get information so they can nab the victim’s benefits. Or worse, the scammer may use this information to steal the victim’s identity.

Other times, while allegedly helping the victim fill out their forms, the scammer will ask the victim to make a payment via credit card to enable them to receive their benefits. Of course, this money will go straight into the scammer’s pocket and the victim’s unemployment claim will never be filed.

In yet another variation of the unemployment scam, fraudsters create bogus websites that look like the federal websites used for claiming benefits. Scammers use sophisticated software to create these sites and lure unsuspecting victims via social media posts or emails. Once the victim is on the site, they willingly share information and assume they are actually filling out their unemployment forms.

Unemployment scams can make a challenging situation all the more difficult by leading to theft, delaying an unemployment claim, or completely disqualifying a victim from receiving unemployment insurance altogether.

How to spot an unemployment scam

As always, arming yourself with knowledge is the best way to protect against an unemployment scam.

  • First, it’s important to note that there is no fee involved in filing or qualifying for unemployment insurance.
  • Second, government officials will never ask you to share personal information over the phone unless a phone appointment was pre-planned and scheduled for a specific date and time. This includes a full Social Security Number, date of birth, employment history and financial information.
  • Finally, sensitive information should never be shared on a site without first verifying its security. Each state will have its own website dedicated to filing and checking unemployment claims, but you should also look for the lock icon next to the site’s URL and for the “s” after the “http” in the web address. It’s also best to visit your state’s unemployment site on your own instead of clicking on an ad or a link that’s embedded in an email.

The coronavirus pandemic has changed the world as we know it. Society is now looking toward the future while determining the next step in their new reality. Part of the recovery process involves picking up the pieces and putting personal finances in order. Scammers are out to thwart this process, but you can outsmart them. Always stay alert for potential scams, and practice vigilance when sharing sensitive information online or over the phone. Stay safe!

Article Source: CUContent.com

How to Avoid Phishing Scams Especially During These Times

In the current environment amidst a worldwide pandemic, fraudsters know most people are frequently using technology to do anything and everything right now. These cybercriminals are counting on society being distracted and letting guards down. One of their favorite tactics to do this is through phishing. Criminals are using email, phone call, text message, website and social media to deploy phishing scams these days.

Here are some common forms of phishing that you might encounter and the warning signs to look out for, so that you don’t become a victim:

1. Phone Call Phishing. Cybercriminals know how to mask phone numbers and change them to make it look like your bank or credit card company is calling you. Usually on this type of call the fraudster tells you they are from the Security and Fraud Department. They will often tell you that your card has been flagged for suspicious activity and you need to prove the card is in your possession. You’ll be asked to give them the 3-digit security code on the back of the card, your PIN, or a one-time passcode they email to you.

2. Email Phishing. There are several warning signs you’ll often see on a phishing email. The most common are spelling and grammar errors, including in the email subject. Also always take note of the sender’s email address. You’ll often see that it doesn’t match up, for example IRS.net (instead of IRS.gov) or using zero’s and other numbers in place of letters in the middle of a sender’s email address (j0hnsm1th@gmail and so forth). Email phishing attempts also often include deadlines, threatening language, doesn’t address you by name, often doesn’t include contact information like a legitimate company email would, and includes suspicious hyperlinks that you should NEVER click on. You should also know that a financial institution will never ask you for any financial information via email.

3. Text Message Phishing. Similar to the phone phishing scam, you would receive a text phishing attempt where the message tells you it’s your bank and they send you a link to click on instead of including a phone number for you to contact them. The message will state that the link in the text is to verify your banking information, a recent transaction, provide your PIN or your 3-digit credit card CVV code. A financial institution will never ask you to click on a link to verify any sensitive information.

4. Website Phishing. A spoofed website will often look strange. Either the web address is off (amaz0n1.com), words will be misspelled, and logos will look blurry or distorted. Sometimes on a site like this you’ll also see a pop up that asks you to enter your personal information. This is another item you should NEVER do. Another thing to note on a phony website, is when you hover over a link – a different address will show. Do not click on these links either.

5. Social Media Phishing. Often you’ll receive a friend request from someone you don’t know or a post asking you to click on a link that requests personal information. If you ever receive any requests like this, ignore them.

For more information on phishing and other computer-based scams, visit the National Cyber Security Alliance at https://staysafeonline.org/

Stay safe and Think First because There’s Harm INot Knowing!

Article Source: usa.Visa.com

Beware of COVID-19 Cure Scams

As the coronavirus pandemic continues to spread, the race to find a cure has taken on frantic urgency. Pharmaceutical companies and researchers around the world are scrambling to find a way to stop the virus and to immunize people against becoming infected.

Unfortunately, scammers have recognized an opportunity to rob innocent victims of their money while giving them false hope for defeating the virus. The FBI is warning the public of a surge in COVID-19 cure scams, in which criminals are peddling an alleged vaccine or treatment for coronavirus. Scammers are also claiming they can disinfect a home and all surfaces against the lingering virus after a family member was infected.

Here’s all you need to know about these scams.

How the Scams Play Out

There are several variations of coronavirus cure scams, most of which profit off the distress of those who are already infected by COVID-19 and people who are fearful of contracting the virus.

One such scam involved a bogus website (coronavirusmedicalkit.com) allegedly selling a vaccine against the novel coronavirus. The phony site offered visitors a vaccine kit to protect against the coronavirus for just a nominal shipping fee of $4.95. “In fact, there are currently no legitimate COVID-19 vaccines and the WHO (World Health Organization) is not distributing any such vaccine,” the Justice Department said about the website.

In another scam, victims received a phone call in which a recorded voice offered to send them a free testing kit for the coronavirus. The victim was to only pay the shipping charges for the testing kit — which, of course was worthless. The Federal Communications Commission (FCC) released several samples of these calls to raise awareness and alert the public about their circulation.

In yet another scam, fake cleaning agencies advertised about their disinfecting and sanitizing services, claiming they could eradicate the virus from patients’ homes. “For only $79, our highly trained technicians will do a full air duct cleaning and sanitation to make sure that the air you breathe is free of bacteria,” a voice on one of the calls said. Unfortunately, after making a pre-payment for the service – the victim will never hear from the agency again.

How to Spot the Scams

Coronavirus cure scams are fairly easy to spot. With just a bit of awareness and the knowledge of some basic information about COVID-19, you can recognize a scam and keep from being victimized.

First, know that there is currently no approved vaccine or cure for the novel coronavirus. When a vaccine and cure do become available, it will make national headlines and you won’t first hear of it through a robocall. If a company reaches out to you trying to sell you a vaccine or cure, you’re looking at a scam. Hang up and don’t engage further.

Similarly, there are no FDA approved at-home tests for the coronavirus available to the public. If someone tries to sell you one, it is likely a bogus test that won’t tell you if you’re actually infected by the virus or not.

Finally, if you or a member of your family has tested positive for COVID-19 and you’d like to sanitize your home from all traces of the virus, there’s no need to call a cleaning agency. You can do it yourself by following the CDC’s guidelines for disinfecting your home and all surfaces from the virus.

Don’t let fear and uncertainty of the coronavirus pandemic get your guard down. Arm yourself with the information you need to recognize potential scams, and be aware. Stay safe and Think First because There’s Harm In Not Knowing!

Article Source: CUContent.com

Tips to Avoid COVID-19 Stimulus Check Scams

As you know, the government will be sending out stimulus checks to aid with the Coronavirus pandemic’s effect on the nation.  As with most things involving money, you’ll often find scammers not too far behind who are looking for a way to take yours. Don’t become a victim!

Here are a few ways to protect your stimulus check from a fraudster:

You don’t need to do anything. As long as you filed taxes for 2018 and/or 2019, the federal government has the information it needs to send your money. If you haven’t filed taxes recently, you’ll need to submit a simple tax return to get your check. Who is eligible to receive a stimulus check? Get more information here.

Don’t give anyone your personal information to get your relief check. There is absolutely nothing to sign up for. Anyone calling to ask for your personal information such as your Social Security Number, PayPal account, or bank information is a scammer. Also be on the lookout for email phishing scams, where the fraudsters pretend to be from the government and ask for your information – stating that it’s part of the enrollment process for the checks.

To set up direct deposit of your check, communicate only with the IRS at irs.gov/coronavirus. You will only need to do this if you didn’t give the IRS your bank information on your 2018 or 2019 tax return. Otherwise, you will receive a check in the mail from the U.S. Treasury. The IRS also has an online form available through irs.gov/coronavirus. This is the only place to legitimately update your information – the IRS will never email, text, contact you through social media, or call you.

There is no early access to this money, and anyone who claims to get it to you earlier is a scammer. It looks like funds will start going out very soon. Scammers are using the lack of detail to try to trick people into giving out their personal information and stealing their money.

You will not be contacted through Facebook and there is no special grant to pay medical bills. Some older individuals reported they were contacted through Facebook about a special grant to pay medical bills called U.S. Emergency Grants Federation, and were asked to provide their SSNs. Some were also told they could receive up to $150,000 when a processing fee is paid. This is a bogus website and grant. The only official list of all U.S. federal grant-making agencies can be found at www.grants.gov

To get official updates and more information, visit the IRS’s page on economic impact payments. And if you come across a scammer trying to take your check, report it at ftc.gov/complaint.

Article Sources: https://www.consumer.ftc.gov/blog/2020/04/want-get-your-coronavirus-relief-check-scammers-do-too?utm_source=govdelivery and CUNA Mutual Risk Alert from 3.31.2020

 

More COVID-19 Scams Including Check Fraud and Medicare Theft

The Federal Trade Commission is taking extra measures to warn people of scammers that will use tactics to try and take your personal information, especially in light of the recent Coronavirus outbreak in this country. It’s important to remain aware of these current scams and schemes in order to protect yourself from fraudsters who are looking to take advantage of your vulnerability, and your money.

In the most current COVID-19 scam – fraudsters are trying to capitalize on the checks the U.S. government might be sending to American taxpayers. These scammers are looking to trap people into giving their information in order to take their money and capture sensitive information such as social security numbers and account information.

To help combat this, we’ve put together a few tips to help you identify fraud in relation to this check scam:

  1. Any money from the government will be in the form of a check and will not be immediate. Anyone who claims this money will be made immediately available is a scammer.
  2. If you have to pay anything upfront before you receive your payment, it is also not legitimate. There are no fees and no hidden charges. Anyone who says otherwise is a scammer.
  3. The government won’t call and ask for your social security number, bank account or credit card information. Anyone who asks for this information is a scammer.

If you receive any communication from someone with the above claims, The Federal Trade Commission urges you to report it through the FTC complaint center. The FTC is also an invaluable resource to stay informed and knowledgeable of current scams and schemes.

Additional scams surrounding Coronavirus to be on the lookout for:

  • Scammers going door to door claiming to be from health agencies such as the CDC or WHO, and offering at home COVID-19 testing. The victim may then be charged for the fictitious test or may become the victim of a robbery. Do not answer the door, pay for the “test,” or let this type of fraudster into your home.
  • Online sellers who contact you and claim they have in-demand products like cleaning, household, and health and medical supplies. You then place an order, but you never get your shipment. Anyone can set up shop online under almost any name — including scammers. Be careful and check for legitimacy.
  • Scammers are targeting the elderly by posing as Medicare workers and in some cases, they might tell you they’ll send you a Coronavirus test, masks, or other items in exchange for your Medicare number, social security number or other personal information. Be wary of unsolicited requests for your Medicare number or other personal information. Only give your Medicare number to participating Medicare pharmacists, primary and specialty care doctors, or people you trust to work with Medicare on your behalf.

Your privacy and protection are important to us. Feel free to reach out to us if you suspect any of your First Financial accounts have been compromised due to one of the above scams.

THINK First because There’s Harm In Not Knowing!

Article Sources:

https://www.consumer.ftc.gov/features/coronavirus-scams-what-ftc-doing

https://www.consumer.ftc.gov/blog/2020/03/checks-government

March 2020 CUNA Risk Alert