Identify
When it comes to your financial information and accounts, your first step in fighting fraud is to identify high value accounts, online services used to access those accounts, and systems that connect to these accounts. The second step is to record who has authorized access to these accounts and what permissions they have been granted. The third step is to identify the threats and vulnerabilities to these accounts and services.
To help you identify the threats to your accounts, we have listed various types of fraud and scams as well as preventative tips to defend against them. We have also included resources for Identity Theft, Business Email Compromise (BEC), and Corporate Account Takeover (CATO).
For more information or to stay abreast of new scams, visit the Federal Trade Commision's Scams Resource Center.
Resource: Fight Fraud Identify Template
Types of Fraud and Scams:
Check Fraud
Check fraud occurs when someone illegally alters a check, creates counterfeit checks, or forges signatures to deceive individuals or financial institutions and obtain unauthorized funds.
Prevention Tips
- Secure Checkbooks: Keep your checkbooks in a safe and secure place to prevent unauthorized access. Only carry a limited number of checks when necessary.
- Protect Personal Information: Be cautious about sharing personal information such as your bank account number or routing number with individuals or organizations you don't trust. Be mindful of phishing attempts seeking your banking details.
- Monitor Bank Statements: Regularly review your bank statements to identify any unauthorized transactions or suspicious activity. If you spot any discrepancies, notify Jonah Bank immediately.
- Use Security Features: Choose checks with security features like watermarks, security patterns, or holograms. These features make it more difficult for fraudsters to alter or replicate your checks.
- Write Checks Carefully: Fill out checks accurately and legibly using indelible ink. Avoid leaving blank spaces that could be manipulated or altered. Draw a line after the recipient's name and amount to prevent unauthorized additions.
- Store Voided Checks Securely: Destroy or shred canceled or voided checks to prevent them from being used fraudulently. Dispose of them properly so sensitive information cannot be retrieved.
- Sign Up for Positive Pay: This service matches the details of each check presented for payment with a list of authorized checks provided by you. This helps detect any discrepancies and prevents fraudulent checks from being cashed.
- Be Cautious of Incoming Checks: If you receive a check from an unknown or suspicious source, exercise caution. Verify the legitimacy of the check and the person or organization issuing it before depositing it.
- Educate Yourself: Stay informed about the latest check fraud techniques and scams at the Federal Trade Commission Scams Site.
Credit Card Fraud
Credit card fraud involves the unauthorized use of another person's credit card information to make fraudulent purchases or withdrawals. Credit card fraud can be done via card present transactions (the fraudster steals or clones the physical card) or via card not present transactions (transactions commonly completed online).
Prevention Tips
- Regularly monitor credit card statements for any unfamiliar charges and report them immediately.
- Keep credit cards secure and avoid sharing card details over insecure channels.
- Be cautious while using credit cards online ensuring the websites are reputable and secure.
- Enable transaction alerts and notifications to receive real-time updates on credit card activity.
- Register your cards with Card Valet® to enable features such as spend and location features and also have the control to enable or disable the card for payments.
Insurance Fraud
Insurance fraud involves deceiving insurance companies to obtain illegitimate benefits by filing false claims, exaggerating losses, or staging accidents.
Prevention Tips
- Provide accurate and honest information when applying for insurance coverage.
- Maintain detailed records and documentation of assets and losses to support legitimate claims.
- Be cautious of individuals or companies offering services to inflate claims or stage accidents.
- Report any suspected fraudulent activity to the insurance company or relevant authorities.
Investment Fraud
Investment fraud encompasses schemes where individuals are deceived into investing in fraudulent ventures, ponzi schemes, or nonexistent opportunities.
Prevention Tips
- Conduct thorough research on investment opportunities and verify the legitimacy of the individuals or companies involved.
- Be skeptical of promises of high returns with low risk.
- Consult a trusted financial advisor before making any significant investment decisions.
- Avoid investments that have complex or unclear terms and conditions.
Online Auction Fraud
Online auction fraud occurs when individuals are misled or scammed during online purchases or auctions where the seller does not deliver the promised goods or misrepresents the product or its value.
Prevention Tips
- Research the seller's reputation and read feedback or reviews from other buyers before making a purchase.
- Use secure payment methods that offer buyer protection such as credit cards.
- Be cautious of deals that seem too good to be true or sellers who push for off-site transactions.
- Familiarize yourself with the platform's policies and procedures for dispute resolution.
Tax Fraud
Tax fraud refers to the illegal act of intentionally falsifying information or evading taxes to reduce tax liability or receive undeserved tax benefits. Tax fraud also includes the illegitimate filing of taxes to defraud the government and citizen victims.
Prevention Tips
- File tax returns accurately and on time.
- Register with the IRS and set up a Protection PIN.
- Keep detailed records of income, expenses, and deductions.
- Be cautious of fraudulent tax preparers and ensure they are reputable and licensed.
- Consult with a tax professional.
Charity Scams
Charity scams exploit individuals' goodwill by soliciting donations for fake charitable organizations or misusing funds intended for legitimate causes.
Prevention Tips
- Research and verify the legitimacy of charitable organizations before donating.
- Donate directly to the organization's official website or known trusted platforms.
- Be cautious of high-pressure tactics or requests for immediate donations.
- Following natural disasters be extra cautious of fake charitable organizations.
Employment Scams
Employment scams involve fraudulent job offers where scammers deceive individuals into paying fees for non-existent jobs or gathering personal information for identity theft.
Prevention Tips
- Be cautious of job offers with unrealistic pay or benefits.
- Research the company and contact them directly through their official website or phone number to verify the job offer.
- Never provide personal information or pay fees upfront to secure a job.
- Trust your instincts and be wary of opportunities that seem suspicious or require immediate action.
Investment Scams
Investment scams lure individuals into fraudulent investment opportunities promising high returns or guaranteed profits but end up causing financial losses.
Prevention Tips
- Research and verify investment opportunities before committing funds.
- Be skeptical of investments promising unusually high returns or guarantee no risk.
- Seek advice from a licensed financial advisor or professional before making any investment decisions.
Lottery or Sweepstakes Scams
Scammers inform individuals they have won a lottery or sweepstakes prize and request payment of fees or personal information to claim the winnings.
Prevention Tips
- Be skeptical of unsolicited notifications claiming you've won a prize.
- Legitimate lotteries and sweepstakes do not require upfront fees to claim winnings.
- Never provide personal information or send money to claim a prize.
Mortgage Scams
Mortgage scams are fraudulent schemes targeting individuals seeking mortgage loans for purchasing or refinancing properties.
Mortgage scams can take various forms including:
- Loan Modification Scams: Scammers offer to modify existing mortgages, promising lower interest rates, or reduced monthly payments. They often request upfront fees and personal information but fail to deliver on their promises.
- Foreclosure Rescue Scams: Fraudsters target homeowners facing foreclosure and claim they can save their homes by offering assistance in exchange for upfront fees or the transfer of property ownership.
- Equity Skimming: Scammers target homeowners with substantial equity in their properties, often elderly or vulnerable individuals, by convincing them to transfer ownership or take out additional mortgages, leaving them with little or no equity and potentially facing foreclosure.
Prevention Tips
- Research the Mortgage Lender: Thoroughly research any mortgage lender or broker before doing business with them. Verify their license, reputation, and credentials. Check for any complaints or disciplinary actions against them.
- Be Cautious of Unsolicited Offers: Be wary of unsolicited offers received via phone calls, emails, or mail. Legitimate lenders typically don't solicit customers in such a manner. Instead, seek out reputable lenders independently.
- Understand Loan Terms and Agreements: Read and understand all loan documents and agreements before signing. If something seems unclear or suspicious, seek legal advice or consult with a trusted financial advisor.
- Avoid Upfront Fees: Exercise caution when asked for upfront fees or payments before receiving any services or loan modifications. Legitimate lenders generally charge fees at closing, not before.
- Use Reputable Mortgage Professionals: Work with licensed mortgage professionals such as loan officers and brokers who have a solid reputation and are recommended by trusted sources. Seek referrals from friends, family, or real estate professionals.
- Never Sign Blank or Incomplete Forms: Ensure all forms and documents are complete and accurate before signing them. Avoid signing blank forms or those containing blank spaces that could be filled in later with fraudulent information.
- Stay Informed about Mortgage Scams: Stay updated on the latest scams and fraudulent practices in the mortgage industry. Be aware of warning signs, red flags, and common tactics used by scammers.
- Seek Independent Legal Advice: If you are uncertain about any aspect of the mortgage process or suspect something may be fraudulent, seek advice from an independent attorney or housing counselor who specializes in mortgages and can provide unbiased guidance.
- Report Suspected Fraud: If you suspect you have encountered a mortgage scam or have been a victim of one, report it to your local law enforcement, state attorney general's office, and relevant regulatory agencies such as the Consumer Financial Protection Bureau (CFPB).
Online Shopping Scams
Online shopping scams involve fraudsters setting up fake websites or online marketplaces to deceive consumers into making purchases for products that don't exist or are counterfeit.
Prevention Tips
- Purchase from reputable and established online retailers.
- Research the website or seller before making a purchase.
- Use secure payment methods such as credit cards or trusted payment platforms.
- Be cautious of deals that seem too good to be true.
Phishing Scams
Phishing scams typically involve fraudulent emails, messages, phone calls, or websites that mimic legitimate entities to trick individuals into revealing sensitive information such as passwords or financial details.
Prevention Tips
- Be wary of unsolicited emails especially those requesting personal information or urgent action.
- Verify the authenticity of a website before entering sensitive data by checking for secure connections (HTTPS) and official domain names.
- Avoid clicking on suspicious links and downloading attachments from unknown sources.
- Educate yourself about common phishing techniques and stay updated on the latest scams.
Phone Scams
Phone scams are fraudulent activities where scammers use phone calls to deceive people into giving them their personal or financial information or trick them into making payments. Scammers can act friendly, helpful, or even threaten or try to scare you. They often pretend to be someone you trust like a government agency, a family member, or a business you recognize. Phone scammers work diligently to earn your trust by spoofing the legitimate businesses phone number and pretend to be an employee at the impersonated business.
Common Types of Phone Scams
- Impersonator Scams: Scammers pretend to be someone you trust, such as a government entity, or from a well-recognized brand such as Microsoft, Apple, or your local bank.
- Debt Relief and Credit Repair Scams: Scammers offer to lower your credit card interest rates, fix your credit, or get your student loans forgiven if you pay their company a fee first.
- Threatening Calls from the IRS: Scammers impersonate federal agents and say you’ll be arrested, fined, or deported if you don’t pay taxes or some other debt right away.
Prevention Tips
- Be Aware of Spoofing Tactics: Even if the number shown on your phone is the listed number for a business, pay close attention to requests for information regarding payments, accounts, PINs, or passwords. If in doubt, hang up and call the business number back.
- Block Spam Callers: Take steps to block unwanted calls and filter unwanted text messages.
- Don’t give your personal or financial information in response to a request that you didn’t expect.
- Honest organizations won’t call, email, or text to ask for your personal information such as your Social Security, bank account, or credit card number.
- Report Phone Scams: If you’ve lost money to a phone scam or have information about the company or scammer who called you, report it to the FTC at ReportFraud.ftc.gov.
Romance Scams
Romance scams target individuals seeking romantic relationships online. Scammers create fake profiles and manipulate victims emotionally to extort money or personal information.
Prevention Tips
- Be cautious of individuals who quickly profess love or request financial assistance.
- Never send money or provide personal information to someone you haven't met in person.
- Be suspicious of requests to take the chat off of the main platform and onto a Messaging App.
- Research and verify the identity of the person you're interacting with online.
Tech Support Scams
Tech support scams involve fraudsters posing as tech support personnel to gain remote access to victims' computers, install malware, or sell unnecessary tech support services.
Prevention Tips
- Do not grant remote access to your computer to unsolicited individuals.
- Only seek tech support from reputable and verified sources.
- Be cautious of unsolicited calls claiming technical issues with your devices.
Business Email Compromise
Business Email Compromise (BEC) also known as CEO fraud or email account compromise is a type of cybercrime in which attackers use fraudulent or compromised email accounts to deceive employees or business partners into making unauthorized financial transactions, sharing sensitive information, or taking other malicious actions. BEC attacks often involve social engineering tactics and impersonation, making them a significant threat to organizations. To protect against BEC, organizations should implement a range of preventative controls.
Prevention Tips
- Conduct regular security awareness training for employees to help them recognize the signs of BEC such as unusual email requests, misspelled domains, or unauthorized financial requests.
- Enforce MFA for email accounts, financial systems, and other critical applications. This adds an extra layer of security to prevent unauthorized access.
- Deploy email banner warnings that appear prominently in incoming emails from external sources reminding users to verify the authenticity of the sender and be cautious about sharing sensitive information.
- Limit access to sensitive data and financial systems to authorized personnel only following the principle of least privilege.
- Establish strict procedures for financial transactions especially when requests come via email. Require multiple layers of approval for significant financial transfers.
- Encourage employees to verify the legitimacy of any unusual or high-value requests by directly contacting the requestor via phone or in person. Do not rely solely on email.
- Establish clear channels for employees to report suspected fraud or BEC attempts. Ensure reports are taken seriously and investigated promptly.
- Verify the authenticity of vendor requests particularly if they involve changes in payment details. Confirm any changes through trusted communication channels.
- Monitor your organization's domain for any unauthorized or suspicious domain registrations that could be used for phishing or impersonation.
- Use a separate, secure, and verified communication channel for verifying and authorizing significant financial transactions.
- Implement email authentication protocols like DMARC, DKIM, and SPF to verify the authenticity of email senders.
- Use advanced email filtering solutions to identify and quarantine suspicious emails particularly those with known phishing indicators.
Corporate Account Takeover
Corporate Account Takeover (CATO) is a type of cybercrime in which unauthorized individuals or entities gain access to a business's financial accounts and use them for fraudulent purposes. This can have devastating consequences for a company as it often leads to financial losses, damage to the organization's reputation, and potential legal and regulatory issues. CATO typically involves cybercriminals using various tactics to compromise a business's online banking or financial management systems.
Prevention Tips
Strong Authentication
- Implement multi-factor authentication (MFA) for accessing financial accounts. This adds an extra layer of security by requiring users to provide multiple forms of verification such as a password and a one-time code sent to their mobile device.
- Never share or disclose your online banking username, password, or secure access code to anyone.
Account Controls
- Take advantage of the security controls offered by Jonah Bank including transaction-based controls for each user (dollar amount, volume, and type), dual approval, and restriction of administrative functions such as recipient management and user management.
Employee Training
- Train employees and educate them about the risks of CATO and other cyber threats. Everyone should be aware of common phishing techniques and social engineering tactics used by attackers.
Secure Access Management
- Restrict access to financial systems and data to only authorized personnel which includes implementing the principle of least privilege where users have the minimum level of access necessary to perform their job responsibilities.
Regular Software Updates
- Keep all software and systems up to date with security patches to address vulnerabilities that could be exploited by cybercriminals.
Email Filtering and Anti-Phishing Solutions
- Use email filtering tools to detect and block phishing emails which are a common entry point for CATO attackers.
- Practice the Stop-Think-Connect Approach when reviewing email communications to avoid the pitfalls of falling for a phishing scam.
Account Monitoring
- Continuously monitor financial accounts for unusual or unauthorized activities and set up alerts for suspicious transactions.
- For more information on Corporate Account Take Over, see Jonah Bank's Guide on Defending Against Corporate Account Take Over.
Identity Theft
Identity theft involves the unauthorized use of someone else's personal information to commit fraud. This includes stealing Social Security numbers, credit card details, or other personally identifiable information.
Prevention Tips
- Regularly monitor credit reports and bank statements for any suspicious activity. Order a free copy of your credit report every four months from one of the three credit reporting agencies at www.annualcreditreport.com.
- Use strong and unique passwords for online accounts and enable multi-factor authentication when available.
Consider the use of Identity Theft Protection Services
- Don’t Share Your Secrets: Don’t provide your Social Security number or account information to anyone who contacts you online or over the phone. Protect your PINs and passwords and do not share them with anyone. Do not reveal sensitive or personal information on social networking sites.
- Shred It: Shred sensitive papers including receipts, banks statements, and unused credit card offers before throwing them away. In this regard consider ditching paper statements and elect to receive them electronically.
- Keep An Eye Out for Missing Mail: Fraudsters look for monthly bank or credit card statements or other mail containing your financial information. Consider enrolling in online banking to reduce the likelihood of paper statements being stolen.
- Setup a Credit Freeze with the Credit Bureaus: A credit freeze restricts access to your credit report. If you suspect your personal information or identity was stolen, placing a credit freeze can help protect you from fraud.
- Equifax - 800-685-1111
- Experian - 888-EXPERIAN (888-397-3742)
- TransUnion - 888-909-8872
FTC Child Identity Theft
If Your Identity Has Been Stolen:
- Contact Jonah Bank immediately to report any fraudulent activity you’ve seen on your account or to close any impacted accounts.
- Use the Jonah Bank template to respond to a fraud incident.
- Contact the three major credit bureaus listed below and place a fraud alert on your credit file. You should only need to contact one bureau to request the alert, and they will contact the other two for you.
-
- Equifax: To report fraud, call 1-800-525-6285 and write: P.O. Box 740241 - Atlanta, GA 30374-0241. For the hearing impaired, call 1-800-255-0056 and ask the operator to dial. For the Auto Disclosure Line, call 1-800-685-1111 to request a copy of your report.
- Experian: To report fraud, call 1-888-EXPERIAN (397-3742) and write: P.O. Box 9530 - Allen, TX 75013 or TDD: 1-800-972-0322.
- TransUnion: To report fraud, call 1-800-680-7289 and write: Fraud Victim Assistance Division, P.O. Box 6790 - Fullerton, CA 92634 or TDD: 1-877-553-7803.
Obtain your free annual credit report and review it closely.
Visit the Federal Trade Commission’s website https://www.identitytheft.gov/. This site will walk you through the step-by-step repair process and also includes checklists and forms that will assist you with the Recovery Process.