Watch Out for Scammers!

Watch Out for Scammers!

April 02, 2024

It seems like every day we hear about new and more sophisticated scams in the news, and from family and friends who may have fallen victim. 

We recently heard from a client who was a victim of spoofing, and she gave us permission to relay her experience in the hope that others wouldn’t also fall into the same trap.  She first received a text message that looked to be from her credit card company’s “fraud prevention team” asking if she used her card to make a recent purchase.  She replied “No,” which signaled to the sender that she believed the text to be legitimate, at which point the sender called her from a phone number that also appeared to be from the credit card company.  This is where the fraudsters hope to obtain information by asking seemingly harmless questions with the intention of gaining access to your bank or investment accounts to steal from you.

There are many types of online fraud these days, with a whole lexicon of different types of attacks, but two of the most common—and dangerous—are spoofing and phishing.  With a spoofing attack, a bad actor is attempting to disguise themselves so they can gain the victim’s trust with the intention of installing malware on a device to perpetrate other crimes.  Essentially, the goal of spoofing is to impersonate someone’s identity.  Email spoofing is the most common form of attack, where the bad actor creates or modifies an email address that resembles a trusted sender, but they can also alter domains and web addresses, IP addresses and caller IDs.

With a phishing attack, a bad actor sends mass messages, usually via email or text (SMS) message, to get a victim to click on a malicious link to steal sensitive information such as login credentials or Social Security numbers.  A form of attack known as “spear phishing” is one of the most dangerous because the bad actors carefully research their targets and go to great lengths to personalize the messages to make them appear to be from legitimate senders.

Following are some tips to protect yourself from falling victim to spoofing and phishing attacks:

  • Never click on unsolicited links in emails or text messages.
  • Don’t download unexpected attachments.
  • Never share personal information such as login credentials, account numbers or Social Security numbers.
  • Don’t access URLs that don’t begin with HTTPS.
  • Never log into accounts through links in emails or text messages.
  • Use an antispam filter in your email and antivirus software on your devices to detect and remove malware.
  • Update browsers and software to get the most up to date protection against known viruses and malware.
  • Use multifactor authentication (MFA) wherever possible.
  • Ignore spam emails and delete them without opening. Responding to phishing emails and text messages encourages bad actors to re-target you.
  • Hover your mouse over links and email addresses, before clicking or responding, to validate the sender.

 A few other things to keep in mind:

  • Your bank or financial institution will never ask you for a one-time security code, your login credentials (username or password) or to confirm any personal details via email or text.
  • If you receive an unsolicited phone call or text from your bank or financial institution, hang up and/or don’t respond and call them back using a verified phone number from their website, official app or the 800 number on the back of your credit card.
  • Many banks and financial institutions these days will send legitimate communications via text, and they’ll come from a shortened number (usually five or six digits long) known as a “short code.” Contact your bank or financial institution to obtain the official short codes they may use to contact you.  If you receive a text purportedly from your bank or financial institution via a different short code, you’ll know it’s fraudulent.

 

What should you do if you’re a victim of a scam?  Firstly, immediately report the fraud to your financial institutions and change your login credentials.  Then, go to the following site, which is an official website of the Federal Trade Commission (FTC), to determine what other steps you can take depending on how your information was exposed: https://www.identitytheft.gov/#/Info-Lost-or-Stolen

Whether you became a victim or not, if you receive any type of phishing communication, consider reporting it to the FTC to help them fight scammers and protect more people.  If you get a phishing email, forward it to the FTC’s Anti-Phishing Working Group at reportphishing@apwg.org.  If you get a phishing text message, forward it to SPAM (7726).  You can report any type of phishing attempt on their website as well: https://reportfraud.ftc.gov/  





The views expressed are opinions only and should not be relied upon as advice regarding investments, sectors or markets in general. 

The above statistics and/or commentary has been obtained from sources we believe are reliable, but we cannot guarantee their accuracy or completeness.  Past performance is no guarantee of future results. 

This is not a complete analysis of every material fact regarding any company, industry, or economic condition.  Due to shifting market conditions, all expressions of opinion are subject to change without notice.

Talk to your financial advisor before acting on information in this document.