How to Prevent Person-to-Person Payment Scams

Person-to-person (P2P) payment options have certainly made paying back borrowed money to friends and family very convenient. From going out to eat and splitting the tab, to chipping in for a gift, or paying a trusted contact for a service – P2P payment services have made our lives quick and easy. However, if you are a user of a P2P payment service such as Zelle, Square Cash, PayPal, Venmo, Facebook Payments, Google Wallet, Apple Pay, Payzur, and the like – buyer beware.

Continue reading to ensure you know how to spot a P2P payment scam so that you don’t fall victim to this type of fraud. P2P scams are extremely serious, because the victim unfortunately usually is not protected from money lost and fraudulent access to their account(s).

Why are victims of P2P scams usually not protected?

Due to the fact that P2P transactions are consumer initiated, there is not much protection when a fraudulent transaction occurs – because technically the consumer authorized the transaction. Whether it’s the actual consumer or a fraudster who initiated the payment service transfer, there really is no way to prove it. In addition, user error is often not covered either. Most P2P apps have user agreements prior to first time use, where the user agrees when money is sent through the app – any losses are on the user, since they authorized a transaction.

Recently, Zelle’s P2P service added a measure to help prevent users from sending money to the wrong person. Zelle now includes a pop-up warning if a user is trying to send money to someone who is not in their contacts, which makes them think twice before allowing the funds to leave their account.

How does a P2P scam work?

A P2P scam is basically an account takeover scam. Fraudsters will send text messages to an unsuspecting consumer, appearing as if the message is coming from the individual’s financial institution.

  • The text will usually appear to come from the individual’s financial institution (aka: spoofing) and will warn them of suspicious debit card activity.
  • For those who respond to this fraudulent text, the fraudster will call that consumer also spoofing the financial institution’s phone number – and claim they are from the bank’s fraud department and would like to verify a suspicious transaction.
  • The fraudster will then try to get the unsuspecting consumer to verify their identity, and let them know a passcode will be sent via text message – and that the consumer must provide the passcode over the phone.
  • Once the fraudster has that passcode, they’ll attempt a transaction that triggers another two-step authentication passcode (such as forgot password so they can reset the consumer’s password, or they’ll try to initiate a P2P transaction).
  • The fraudster now has access to all of the consumer’s accounts within Online Banking, as well as access to their P2P payment service if one is provided through the bank (such as Zelle) – and will begin using P2P payments to transfer money to themselves.

And unfortunately, there is not much that can be done once this happens – because it appears that the consumer approved the P2P transfer. Since the fraudster spoofed the financial institution phone number, they more than likely won’t be caught either – once it’s recognized that a scam occurred.

How can I make sure I don’t become a P2P scam victim?

  • Only send money to people you actually know. P2P transactions are instantaneous (meaning they happen within seconds) and are often irreversible.
  • Get all of your recipient’s details prior to initiating a P2P payment. Before you press “send” or “pay,” be sure you have the correct user name, phone number, photo, or other identifier. If you incorrectly enter a recipient’s email or phone number, the money could go to the wrong person and you may not get it back. Some P2P services offer the option of receiving a special code to confirm that the person you’re sending money to is your intended recipient. If this feature is available – use it.
  • Confirm you know how to get help if something goes wrong. Before using a P2P service, search the app for procedures and customer service contacts. Know who to reach out to if you have a problem.
  • Keep your app updated. Hackers usually look to exploit vulnerabilities. If your software is not up to date, you’re missing out on protections. Be sure automatic updates are turned on so you know you’re covered.

While P2P services are a useful and convenient way to pay those you know without having to go to the ATM or get change – it’s important to also be aware of the risks and ways to avoid fraud while using them.

Always remember that your legitimate financial institution will never ask you for your login credentials, passcodes, or user name. If you have additional questions or concerns about P2P payment services or have been a victim of a P2P scam in relation to a First Financial account, please give us a call at 732.312.1500 or email us at info@firstffcu.com.

Article Sources:

CUNA Mutual Group 2019 Peer-to-Peer Payments Risk Overview

CUNA Mutual Group Risk Alert – Sophisticated Scams Lead to P2P Fraud (May 12, 2020)

5 Ways to Protect Your Financial Info from Hackers

Information breaches that would have been difficult to fathom years ago are now common. And people are rightfully worried. After all, if the federal government can get hacked and its employees’ data stolen, how vulnerable is a personal account held at a bank or brokerage?

So what actions can you take to protect yourself in what feels like an endless battle to keep your data secure? Here are five steps to consider:

 1. Diversify your passwords – and change them.

For the user’s convenience they often use the same password across multiple websites, which is a big mistake. It’s like giving an intruder a key that opens every lock. You want to make it extremely difficult for a hacker to access your sensitive information. Create unique password combinations (including letters, numbers and symbols) for each of the financial websites you log into, and establish a bi-annual schedule to change them.

2. Use an online password manager.

All of those hard to crack passwords can be a nightmare to remember and store, so utilize a reputable password manager. The best managers include password generators that create strong and unique choices. Most password managers allow you to sync your passwords across all electronic devices, making it easy to maintain multiple passwords.

3. Make life hard for crooks.

Shredding confidential documents, avoiding simple passwords, and keeping sensitive information off of unsecured channels are all effective actions. Thoroughly checking credit card statements for suspicious activity, and being aware of your surroundings when using ATMs, are security measures that remain effective. Don’t let your guard down. Learn more about preventing fraud at the ATM here.

4. Check your credit reports at least annually.

Periodically checking your credit report is a smart way to stay ahead of the bad guys, but many people don’t because of common misconceptions like the belief that you have to pay a fee to see your report, or that you must subscribe to a service.

The goal is to check for discrepancies, inconsistences and inaccuracies that might suggest identity theft. Annualcreditreport.com is a great (free) place to start.

5. Keep your guard up when it comes to emails.

Be wary of any email that requires you to click on a hyperlink to update a password or confirm confidential material. These emails are often “phishing” attempts seeking to scam you. They appear to come from familiar places such as your bank, an online retailer, or even the IRS. But – they are not legitimate, so be very careful before you open them!

It’s understandable to feel helpless in an age of smart criminals who conduct endless assaults on privacy. But simply putting the threat out of mind is not a solution, or thinking it can’t happen to you. Think first because there’s harm in not knowing!

Don’t wait until it’s too late! Be sure to enroll in First Financial’s Identity Theft Protection Program from Sherpa today. The best part? You can enroll right online, 24/7. You can trust in First Financial and Sherpa to help keep your personal information protected. Packages begin at just $5.99 per month – so click here to enroll today!

Article Source: Richard Rosso for nerdwallet.com

Are You Smart About Smartphone Financial Security?

All of us are creatures of convenience, and that extends to our finances. It’s not enough to access online banking, budgeting tools, and retailer websites from home — we want them on our mobile devices, too. But, just as browsing the web from home can expose our finances to ever-evolving cyber threats, using mobile apps can too. Though personal devices may seem more secure than a public computer, hackers can still find ways to get into our phones and steal sensitive financial information.

Are you smart about smartphone financial security? If not, following these tips is a good place to start.

1. Use Those Optional Security Measures Like Touch ID

Are you someone who’s been stubborn about setting up a passcode or Touch ID to open your phone? It’s a little less convenient, but the extra step is also the first line of defense for your personal information.

2. Add Extra Security Measures to Financial Apps

Besides your smartphone’s overall security, it’s important to protect access to financial information on your phone housed in banking account apps, account linked financial management apps, and digital wallets. Setting up additional features like passcodes (or Touch ID) for each financial app provides another line of defense if your phone is lost or hacked. As with all personal accounts, choose unique passwords, update them regularly, and keep them in a secure location (a.k.a., not in your phone!).

Some smartphones also allow you to at least partially block Internet access and ad tracking mechanisms on a per-app basis to protect your information from outside threats.

3. Know Your Smartphone’s Vulnerabilities

Whenever there’s a major data breach, tech companies inform the public of who could have been affected where, when, and how. There’s similar information available on which smartphone operating systems, browsers, and other tools have been (or could be) vulnerable to various types of cyber threats and attacks. You don’t have to be super tech-savvy to search for your phone’s systems and look at the risk scale and number of vulnerabilities. You can also check out consumer-focused technology blogs and news sites.

4. If You’re in the Market for a New Smartphone, Consider Security Features

The older your phone is, the less security features it’s likely to have and the more vulnerable it is to hackers. If you’re already due for a new smartphone, make security a priority. Some features will be standard, but smartphone security differs widely based on model and operating system (OS). Check for reviews and explanation of security features, and choose the level of security that best fits the way you use your smartphone.

A simple (and free) thing you can do in between upgrades is to promptly install any system updates. Some of them are just for new features or speed, but others could be correcting security vulnerabilities.

If at any time you feel any of your First Financial accounts may have been compromised due to a smartphone or online vulnerability, contact our Member Relationship Center right away at 732.312.1500. If your First Financial credit or debit cards were compromised in a scam, call the 24/7 toll-free number on the back of your card to report the incident and replace your card. All important phone numbers for members can be found on our website: https://www.firstffcu.com/contact-us.htm

Article Source: Jessica Sommerfield for Moneyning.com

Lost Cell Phone? Here’s How to Keep Your Finances Safe

We depend on our cell phone for so many day-to-day tasks that go beyond communication. We keep track of our appointments, monitor our healthy lifestyle, and stay updated on breaking news. Additionally, our cell phones have become a hub for managing our finances.

The Federal Reserve reports that Americans use their smart phones or other mobile devices for a variety of monetary activities.

    • 51% of smartphone users had used mobile banking.
    • 24% of smartphone users had made a mobile payment.
    • 38% of mobile phone users had deposited a check using their phone.

Financial apps have made it faster and easier than ever to access your money on the go, and view all your financial information right from the palm of your hand.  But, what dangers could arise if you are one of the 5.2 million people who, in a year’s time, lose their smart phone or have their smart phones stolen? How can you protect your finances in the event that your cell phone ever goes missing?

Before your phone is ever compromised, take these precautions to prevent strangers from accessing your phone or the programs and apps it holds.

Passcode Protection: 62% of smartphone owners don’t have a passcode set to protect their phone. You should always set your phone or mobile device to lock when it’s not in use, and set a secure passcode or password for access to your phone. Some smartphones now let you take security even further and utilize your thumbprint or facial recognition to unlock your phone.

Activate Find My Phone: The Find My Phone feature on your smartphone allows you to quickly trace your phone’s location if it ends up missing. Your operating systems may also offer a lost mode. With this feature, you can send a message to your home screen asking anyone who finds your phone to call to you at a specified number.

If your smartphone is lost, quick action can be the difference between saving your financial information or months of headache if your accounts are accessed by a stranger. Take these actions as soon as you realize your phone is gone.

Contact Your Financial Institution: Let your financial institution, credit card companies, and lenders know your phone or device is missing and someone may have access to your account information. They can flag your account as “compromised,” freeze your accounts, or monitor suspicious activity.

Change Your Passwords: Use your desktop computer or another mobile device to reset the passwords for your online banking or payment tools. Also reset your email password. This way if someone uses the “Forgot My Password” feature on any financial app or website, they cannot access your email and reset your passwords themselves.

A Final Tip: Always log out of financial websites or apps before you close out of them. Keeping yourself logged in or enabling auto sign-in means that your information is easily accessible, even if you’re not the one holding your device.

If you feel that any of your First Financial accounts may have been compromised as a result of a lost or stolen cell phone, please contact Member Services at 732-312-1500 Monday through Friday 8am-6pm EST, or Saturday 8:30am-1pm.

Article Source: Kara Vincent for CUInsight.com

Top 10 Ways to Prevent Cyber Crime at Work and Home

Cyberattacks are unfortunately a common occurrence and on the increase. In fact, an average of 200,000 new malware samples are discovered daily, presenting an ominous threat to consumers at work and at home.  The following is a list of the top 10 cyber security tips.

1. Don’t click on emailed links. Instead, type the website URL directly into the web browser’s address bar, or search for the site using a search engine like Google.

2. Avoid opening any attachments you were not expecting. However, if you must – scan the attachment first for viruses.

3. Keep computers patched and up to date. This includes operating systems like Windows and iOS, and applications such as Adobe and Java. Keep antivirus software up to date on all devices, including phones.

4. Clean your desktop and your desk. Lock your screen whenever you leave your workstation or office. When you leave work for the day, lock all paperwork in your file cabinets. Everyone has a smartphone camera today, you always want to be cautious with sensitive documents and information.

5. Double check your work. Breaches can easily occur due to simple miscommunication. For example, someone within a company thinks another person has changed the password – and vice versa.

6. Shred it. This goes for any paperwork you are no longer using at work and at home.

7. Use different passwords for different sites. For personal use, consider using a password tool that allows you to set different passwords for each site you frequent, while only requiring you to remember one strong password.

8. Beware of phishing scams. Unlike common spam, a phishing email is after personal data and will likely have a sense of urgency, asking you to click here, act right away – the offer is time limited. Delete any emails that don’t sound right to you.

9. Avoid oversharing. The most common consumer threat today is social engineering in unexpected places like Facebook. Don’t answer questions on where you went to school, whether you have ever done something, or what your nickname is. This information can be used to break into your accounts.

10. Consider turning Siri off, and Amazon Echo, Alexa, and all the new devices that are listening and recording. You need to have a healthy suspicion of where this data is going. It might not be going where you think it is.

Ultimately, we should all strive to be good net neighbors, protecting our own identity at work and at home. This means taking care of ourselves so we don’t get infected and harm others. The threat is real, but following the right security protocols can dramatically reduce our risks.

Article Source: Colette L’Heureux-Stevens for Co-Op Financial Services

Important Member Alert: Mobile Phone Port-Out Scams

Fraudsters are impersonating mobile phone users to have phones transferred to a different carrier – effectively stealing the user’s mobile phone number. This is being coined as a port-out scam. Once transferred to a different carrier, the fraudster receives all calls and texts that were intended for the user – including those that can be used to takeover a member’s account via online banking. Fraudsters have successfully intercepted one-time passcodes used to authenticate members logging into their account or to initiate transactions within online banking.

How can you prevent this scam from happening to you?  You can place a “port validation password” on your mobile phone account to help prevent having your phone fraudulently transferred to a different carrier.

Call your wireless carrier and ask for PIN authentication for your accounts. Sprint requires customers to create a PIN when they open a new account. Here’s what to do with the other major carriers.

  • AT&T: Log into your ATT.com account, go to your profile by clicking your name, and under the wireless passcode drop down menu, click on “manage extra security.”
  • T-Mobile: Call 611 from your cellphone or (800) 937-8997 to speak with customer service.
  • Verizon: Visit vzw.com/PIN or call (800) 922-0204.

Scam Levels and Details

Mobile phone users switch carriers for a variety of reasons, and can carry their phone number with them to the new carrier. Meanwhile, fraudsters are exploiting this capability by impersonating mobile phone users to have the mobile phones ported to a different carrier. The fraudsters harvest the user’s personally identifiable information and use this information to impersonate users in having the mobile phones transferred to a different carrier.

The port-out scam can take place at a wireless store or online, but in both cases, the imposters have enough information to convince the phone company that they are who they claim to be and have that person’s phone service transferred to their mobile device.

“And with a smartphone, if you’re on Wi-Fi, everything’s going to work except the actual calling and texting, so you may not even notice right away that something’s wrong with your phone — which can give the scammers a few hours of lead time,” said Katherine Hutt, director of communications for the Council of Better Business Bureaus. “If that ever happens, if you can’t make calls or receive calls, immediately contact the phone company and see if your number has been ported.”

Online Banking Fraud: A fraudster often ports a user’s mobile phone to a different carrier after the fraudster has stolen the user’s account login credentials. This could increase the risk of account takeovers through online banking, which involves sending a one-time-passcode via text message for login attempts as well as to validate transactions initiated within online banking. Members must enter the one-time-passcode to complete the login or transaction. By transferring a member’s mobile phone to a different carrier, the fraudster would receive the one-time-passcode intended for the member.

Card Fraud: This scam could also result in fraudulent transactions using credit and debit cards. A fraudster, who has ported a cardholder’s mobile phone to a new carrier, could use a counterfeit or stolen credit or debit card belonging to the cardholder to conduct fraudulent transactions. If a card processor’s fraud management system detects a suspicious transaction, a fraud analyst could attempt to contact the cardholder to confirm the legitimacy of the transaction by calling the cardholder’s mobile phone. However, the call is made to the fraudster who confirms the transaction as legitimate.

Card fraud could be worsened when, after confirming a suspicious transaction as legitimate, the card is suppressed for a period of time – usually seven days. It is common practice for card processors to suppress a card when the fraud management system identifies a suspicious transaction that a cardholder confirms is legitimate. When a card is suppressed, transactions on the card are not monitored by the fraud management system.

Email Fraud: Many public email service providers also offer out-of-band authentication using one-time passcodes that are sent via text message to user’s mobile phones. This could easily lead to a compromise of a member’s personal email account after a fraudster ports the member’s mobile phone to a different carrier.

Read more about mobile port-out scams from NBC News.

If at any time you feel any of your First Financial accounts may have been compromised in a similar scam, contact our Member Relationship Center right away at 732.312.1500. If your First Financial credit or debit cards were compromised in a scam, call the 24/7 toll-free number on the back of your card to report the incident and replace your card. All important phone numbers for members can be found on our website: https://www.firstffcu.com/contact-us.htm

Article Source: CUNA Mutual Risk Alert, and Herb Weisbaum for NBCNews.com