Tag Archives: Phishing Scams

Social Media Quizzes Can Lead to Phishing Attacks

Posted on by
Reply

We’ve all seen the quizzes, games, and survey questions asked on social media such as what was your first car, your pet’s name, your high school mascot, which character are you most like, and so on.

Personality tests, surveys, and online quizzes ask seemingly innocent questions, but the more information you share online over a public forum like Facebook – the more you risk it being misused. Scammers could do a lot of damage with just a few answers that give away your personal information, especially details that are often used as answers for online security questions.

This type of scam is called phishing, which is the fraudulent practice of sending emails or other messages that appear to be from reputable companies in order to get individuals to reveal their personal information.

What can scammers do with the answers to your online quiz questions?

  • Use your quiz or survey answers to try and reset your online accounts and passwords.
  • Potentially gain access to your bank account once they have the answers to your security questions that you have posted online.
  • Hack into your social media accounts by being able to answer security questions from online quiz responses, and then send malware links to your followers with another shared “quiz.”

Here are some ways you can protect your personal information on social media:

  • Maintain strong passwords and use multi-factor authentication when logging into your social media and online accounts.
  • Keep your social media profiles private – anyone can see what you are posting if you have a public page, and you won’t know who’s looking. Also refrain from listing your personal contact information and where you live on your social media accounts.
  • Steer clear of online quizzes and questions, or don’t answer them truthfully using the same answers you would use in online banking or other related account security questions.
  • When online accounts do require security questions, treat these answers like you would with other secure account passwords. Do not share this information with anyone.

If you suspect an online quiz might be a phishing scam, report it to the FTC at https://reportfraud.ftc.gov/#/

At First Financial, our goal is to help protect our members from scams and identity theft. If you have any concerns or questions about any of your First Financial accounts, please call member services at 732.312.1500 or visit one of our branches.

Article Source: FTC.gov

How to Outsmart Sophisticated Phishing Scams

Posted on by
Reply

You’ve probably heard of phishing. But do you really know what it is – and more importantly, how to protect yourself from falling victim to it? Phishing scams have become very sophisticated, but there are some simple things you can do to protect yourself and keep your personal information safe.

What is Phishing?

Let’s start with a basic description: Phishing is a type of scam where an attacker sends a fraudulent message to trick you into revealing sensitive information – often to access your accounts or commit identity theft.

Phishing attempts usually occur through email, over the phone, or via text message. They can be very well-designed to look or sound like legitimate messages from those you know and trust, such as your financial institution, and may contain a link that directs you to a fake website that looks legitimate.

Check out this YouTube video on phishing scams.

Tip #1: Do not expect phishing emails to be filtered into your Junk mail. Because they are often individually crafted based on information gathered on your social media sites, they can avoid detection from advanced email filters.

How to Detect Phishing Scams

There are ways to avoid phishing scams if you know what to look and listen for. Be on the lookout for these identifying factors:

  • Inconsistencies in email addresses. Phishing emails will typically come from an unfamiliar, unusual email address. The easiest way to detect this is to hover your cursor over the email address to reveal the true “from” address. This will usually reveal the email as a fraud and can be done without actually clicking into the email itself. For example, if an email allegedly originates from your financial institution, but the domain name reads something else, it’s likely a phishing email. Delete it immediately.
  • Unfamiliar greeting or salutation. Sometimes the informality or other irregularity of a salutation can and should provoke suspicion. Be on the lookout for this type of irregularity in emails and text messages, and perhaps even phone calls. For example, if your financial institution greets you with a nickname you don’t use with your accounts, it’s an indication of phishing.
  • Bad grammar, spelling mistakes or unusual language. Legitimate emails and text messages will not have these mistakes. However, they are often found in phishing scams.
  • Demand for urgent action. This is key! Emails, text messages and phone calls threatening some type of negative consequence, loss of money, or missed opportunity are key factors in phishing scams. The urgency prompts you to act without thinking and is what ultimately gets intelligent consumers to fall for these well-designed phishing scams. The scams have flaws, but the panic they create can cause consumers to take swift action before errors can be spotted.
  • Requests for passwords. Do not respond to a text alert, email, or phone call asking for a password, PIN, or any other security information. Never give this information to anyone, even if you think it’s your bank or credit union. They will never ask you for this information. Ever.

Tip #2: Be wary of long text numbers. If you receive a text message from an unidentified number longer than 10 digits, the odds are high it’s a scam.

More Do’s and Don’ts to Protect Yourself

  • Don’t click on links in an unsolicited email or text message.
  • Don’t use the phone number a potential scammer provided in an email or text message. Look up the company’s phone number on your own and call to verify the authenticity of the message or request.
  • Don’t give out personal information such as passwords, credit card numbers, bank account numbers, dates of birth, or Social Security Numbers.
  • Don’t respond to suspected phishing emails, text messages or phone calls, even if you think it would be fun to tease or trick them. It’s best to avoid responding in any way.
  • Do be suspicious of anyone pressing you to act immediately.

Tip #3: Phone numbers and caller identities can be faked to look like the caller ID is from a business you know and trust, like your financial institution. Never trust that the caller ID is accurate. It is best to look up the company’s phone number on your own and call them.

If you detect suspicious activity, contact the alleged company directly. In the case of your financial institution, call at the number listed on the back of your bank-issued debit card, in your banking app, or the bank’s official website.

To learn about other scams and ways to protect yourself, visit zellepay.com/pay-it-safe.

At First Financial, our goal is to help protect our members from scams and identity theft. If you have any concerns or questions about any of your First Financial accounts, please call member services at 732.312.1500 or visit one of our branches.

 Zelle and the Zelle related marks are wholly owned by Early Warning Services, LLC and are used herein under license

How to Avoid Phishing Scams Especially During These Times

Posted on by
Reply

In the current environment amidst a worldwide pandemic, fraudsters know most people are frequently using technology to do anything and everything right now. These cybercriminals are counting on society being distracted and letting guards down. One of their favorite tactics to do this is through phishing. Criminals are using email, phone call, text message, website and social media to deploy phishing scams these days.

Here are some common forms of phishing that you might encounter and the warning signs to look out for, so that you don’t become a victim:

1. Phone Call Phishing. Cybercriminals know how to mask phone numbers and change them to make it look like your bank or credit card company is calling you. Usually on this type of call the fraudster tells you they are from the Security and Fraud Department. They will often tell you that your card has been flagged for suspicious activity and you need to prove the card is in your possession. You’ll be asked to give them the 3-digit security code on the back of the card, your PIN, or a one-time passcode they email to you.

2. Email Phishing. There are several warning signs you’ll often see on a phishing email. The most common are spelling and grammar errors, including in the email subject. Also always take note of the sender’s email address. You’ll often see that it doesn’t match up, for example IRS.net (instead of IRS.gov) or using zero’s and other numbers in place of letters in the middle of a sender’s email address (j0hnsm1th@gmail and so forth). Email phishing attempts also often include deadlines, threatening language, doesn’t address you by name, often doesn’t include contact information like a legitimate company email would, and includes suspicious hyperlinks that you should NEVER click on. You should also know that a financial institution will never ask you for any financial information via email.

3. Text Message Phishing. Similar to the phone phishing scam, you would receive a text phishing attempt where the message tells you it’s your bank and they send you a link to click on instead of including a phone number for you to contact them. The message will state that the link in the text is to verify your banking information, a recent transaction, provide your PIN or your 3-digit credit card CVV code. A financial institution will never ask you to click on a link to verify any sensitive information.

4. Website Phishing. A spoofed website will often look strange. Either the web address is off (amaz0n1.com), words will be misspelled, and logos will look blurry or distorted. Sometimes on a site like this you’ll also see a pop up that asks you to enter your personal information. This is another item you should NEVER do. Another thing to note on a phony website, is when you hover over a link – a different address will show. Do not click on these links either.

5. Social Media Phishing. Often you’ll receive a friend request from someone you don’t know or a post asking you to click on a link that requests personal information. If you ever receive any requests like this, ignore them.

For more information on phishing and other computer-based scams, visit the National Cyber Security Alliance at https://staysafeonline.org/

Stay safe and Think First because There’s Harm INot Knowing!

Article Source: usa.Visa.com

Don’t Fall Victim to These Phishing Scams

Posted on by
Reply

There are a number of unscrupulous types out there, waiting to take your hard earned money. One of the most common ways criminals try and scam you is to “phish” for your information. In these types of scams, you are asked to reveal personal financial information. This information can then be used to commit identity fraud — and can cost you in time and money.

Here are some phishing scams to be aware of:

You made a purchase. It usually involves an email message that claims to be sending you a receipt for a purchase at a major retailer. If you didn’t make that purchase, don’t open the PDF attachment! Even if you did, do not call the number in the document to make a dispute. Instead, look at your card statement independently to verify whether there was a purchase or not. For example, Apple is a common retailer used in this type of scam and if you look closely, the email message doesn’t come from Apple.com.

Lower your credit card interest rate. Who doesn’t want a lower interest rate on their credit cards? This phishing scam involves a phone call, and a recorded message telling you that you qualify for a lower rate. You then press a number, and you are prompted to enter your credit card number.  Hopefully you can see where this is going in terms of identity fraud …

Unlock your bank account. Some people have received phone calls claiming that their bank accounts are locked. If you receive a call like this, you might even be told that there has been some “suspicious activity on your account.” It sounds like your bank has locked down your account on your behalf. All you need to do to unlock your account is give them your account number.  And, unlike a credit card with its fraud protections, there isn’t much you can do if someone decides to drain your bank account. The moral of this story: your actual bank already knows your account number, you will never need to give it to them.

Hotel computer crash. According to Consumer Reports, the Better Business Bureau is reporting on an interesting scam that has cropped up. You receive a call on your hotel phone. The person on the other end claims to be from the front desk. The computer system has crashed, and all the data is gone — including your credit card data. All you have to do is give the information over the phone, and everything will be straightened out. This is a complete scam, and now the scammer has your credit card information to start using.

It is important not to give out personal financial information out unless you can verify the source. Additionally, don’t give out information over the phone when some calls asking for it. Always realize that your bank and credit card issuers won’t ask for your full account number; they already have it! Anyone who asks for your full account number for “security” or “verification” is probably almost always a scammer.

Bottom Line: Be on guard for phishing scams, whether they are perpetrated via email or over the phone. Keep your personal financial information private, and remember to verify information coming from others independently.

Article Source: Miranda Marquit for Moneyning.com

Important Member Alert: Tax Season Phishing Scams

Posted on by
Reply

It’s tax filing season, and the Internal Revenue Service (IRS) and state tax agencies have issued warnings related to a recent increase in sophisticated phishing emails. The emails appear to come from the IRS and demand a payment or threaten to seize tax refunds as a result of non-payment.

What is phishing? Phishing is a tactic cyber criminals use to collect an individual’s online banking, credit card, or other identifying account information. Once received, the cyber criminals can use your information and make transactions as you.

The tax refund season is the time of year in which the majority of tax related scams occur and there is increased vulnerability. This year, the IRS has reported a 60% increase in phishing emails attempting to steal taxpayer funds and tax-related information.

Phishing emails can be hard to detect. Often, intimidation tactics and urgent requests are commonly used by cyber criminals. The emails sent in a phishing attempt will appear to come from a trusted source, using a spoofed or compromised email address. Phishing emails usually contain stolen logos and often include hyperlinks to malicious websites, or contain attachments that are embedded with malware or viruses.

Targeted tax time victims have reported that their emails contained the following:

  • An email originating from IRS Online
  • Contained an attachment titled “Tax Account Transcript”
  • A subject line using the phrase “Tax Transcript”

In addition to email phishing scams, similar phone scams have also been reported. A common phishing phone attempt involved a caller claiming to be from the IRS and threatening victims with a lawsuit or arrest if a tax payment isn’t made immediately with a debit card.

To reduce your risk of falling victim to a phishing scam:

  • Remember that the IRS will never initiate contact with taxpayers via email, text, or social media network to request personal or financial information.
  • The IRS also will never call a taxpayer and threaten a lawsuit or arrest.
  • Do not click on links or open email attachments from an unknown or suspicious source. Even if the email appears to be from someone you know, subtle variations will be present in the sender’s email address (for example: JohnSmith1@abc.com instead of JohnSmithI@abc.com).
  • Another red flag for email recipients includes grammatical errors and spelling mistakes. Legitimate professional organizations and agencies typically do not contain such errors in their communications.
  • For more information on preventing and reporting tax scams to the IRS, click here.

Article Source: CUNA Risk Alert, December 2018

Phishing Scam Alert: Fake Invoices

Posted on by
Reply

Scammers have been relentless lately – here they are, back at it with a new twist on an old phishing scam.

Recently, scammers have been posing as well known tech companies and emailing phony invoices which show that you purchased music or apps from them. Check out our recent blog on these types of scams here. The scam emails tell you to click on a link if you did not authorize the purchase. If you get one of these emails, do NOT click on the link! This is a phishing attempt scheme.

What is phishing? When a scammer uses fraudulent emails, copycat websites, or texts to get you to share valuable information. The fraudsters then use this information to commit identity theft or other fraud in your name.

Scammers are also using phishing emails to get access to your computer or network – then they install programs like ransomware that can lock you out of important files on your computer.

Here are some tips to help keep your information secure:

  • Be suspicious if a business, government agency, or organization asks you to click on a link that then asks for your username or password or other personal data. Instead, type in the web address for the organization or call them. The link in the email may look right, but if you click on it you may go to a copycat website run by a scammer.
  • Be cautious about opening attachments. A scammer could even pretend to be a friend or family member, sending messages with malware from a spoofed account.
  • Set your security software to update automatically, and back up your files to an external hard drive or cloud storage. Back up your files regularly and use security software you trust to protect your data.

Lastly, report phishing emails and texts by forwarding them to spam@uce.gov and file a report with the FTC.

If you feel that any of your First Financial accounts may have been compromised as a result of a scam, please contact Member Services at 732-312-1500 Monday through Friday 8am-6pm EST, or Saturday 8:30am-1pm.

Article Source: Ari Lazarus for FTC.gov