Micro-Deposit Scams

It probably doesn’t surprise you to know that scammers are always coming up with creative ways to con people out of their money. Recently, there’s been an uptick in an old scam in which crooks reach out to targets and try to gain access to their accounts through micro-deposits. Unfortunately, too many people have already fallen for this scam, and we don’t want our members getting caught in the trap. To that end, we’ve compiled this guide on micro-deposit scams, how they play out and what you can do if you’re targeted.

What is a micro-deposit?

Before we can explore the actual scam, it’s important to understand how a micro-deposit works.

Micro-deposits are small sums of money transferred online from one financial account to another. The purpose of the deposits is to verify if the account on the receiving end is actually the account the sender intended to reach. Micro-deposits are generally less than $1 and can be as small as $0.02. They are also typically deposited in pairs; within one to three business days of linking accounts, two micro-deposits should appear in your account.

As mentioned, micro-deposits are primarily used to verify account ownership. For example, if you’d like to link your checking account at Advantage One Credit Union with an investment account, the investment brokerage firm will want to verify that it’s sending your dividends to the correct account. Before sending any of your investment earnings, it’ll do a test run by sending a pair of micro-deposits to your checking account. You’ll be notified that the firm has sent these deposits, and asked to verify the amount of the deposit by logging into your newly linked account. Once you’ve completed this step, the brokerage account will withdraw the small amount of money sent through the micro-deposits and proceed with regular deposits of investment dividends, as planned.

How the scams play out

Micro-deposit scams can take one of two forms.

In one type of micro-deposit scam, a crook will open as many investment accounts as they can, linking each one to one of a handful of bank accounts. When the micro-deposits begin to come in, the scammer will quickly transfer the money to another account before the brokerage company withdraws the deposits. Though each micro-deposit is small, when multiplied by thousands, the scammer can pull in quite a lot of money  — until they get caught, that is.

But it’s the other type of micro-deposit scam that concerns us more — and should concern you as well. In this scam, crooks will link brokerage accounts with strings of random numbers, hoping to hit a valid account. When a deposit is verified from an account, they will use additional information about the account holder to withdraw funds from this account as they please. Unfortunately, many people are uninformed about this scam and innocently verify the micro-deposits, giving the scammers free access to their accounts.

[Here at Advantage One Credit Union, we’ve had an alarming number of micro-deposits made to some of our members’ accounts. To protect our members and their money, we’ve started sending automatic text message alerts to members when they’ve received a micro-deposit. This way, the member knows about the deposit and, if they don’t recognize the sender, they can let us know they’ve been targeted by a scammer. We can then refuse to let the deposit clear and consider placing a fraud alert on the member’s account. Most importantly, the member will know they’ve been targeted and they can refuse to verify the deposit.]

What to do if you’re targeted

Micro-deposits are small enough to fly under the radar and you may unknowingly verify one of these deposits with an uninformed click. [However, now that we’ve initiated our micro-deposit alert system, you will know when to be on the lookout for a micro-deposit and the verification request that follows it.] Here’s what to do if you’ve received a micro-deposit from an unknown source:

  • Do not verify the deposit. Without verification, the scammer won’t know they’ve hit an authentic account.
  • Do not click on any links embedded in the verification request message or download any attachments.
  • Let us know you’ve been targeted.
  • Report the scam to the Federal Trade Commission at FTC.gov so they can do their part in catching the scammers.
  • Let your friends and family know about the scam so they can be on the alert as well.

Scammers are using micro-deposits to gain access to our members’ accounts, but Advantage One Credit Union is doing everything possible to stop them before they can do any real damage. Together, we can beat the scammers at their game and protect your accounts and your money. Stay safe!

Your Turn: Have you been targeted by a micro-deposit scam? Share your experience in the comments.

Lean More:
schneier.com
learn.stash.com
finextra.com
support.wealthfront.com

Beware of the USPS Smishing Text Scam

Your phone pings with an incoming text. You swipe it open to find a message from the USPS. They’re texting to let you know that the scheduled delivery time for your package has been changed. Unfortunately, though, the message is not from the USPS and you’ve just been targeted by a scam.

Here’s what you need to know about the USPS smishing text scam.

How the scam plays out

In the USPS smishing text ruse, a target will receive a text like the one described above. The message prompts the victim to click on a link to reschedule the delivery. However, if the victim follows the instructions, they’ll be falling victim to a smishing text scam.

The United States Postal Inspection Service (USPIS) is warning of an uptick in smishing scams that use the USPS as a cover, conning unsuspecting victims into downloading malware onto their phones or sharing personal information with scammers they assume is the USPS. The scammer will then go on to empty the victim’s accounts or steal their identity.

Individuals who’ve recently made online purchases and are expecting a package delivery within the next few days are especially vulnerable to this scam. To the uninformed, the text looks legitimate, and with just one careless click, the scammer has access to the victim’s device and personal information.

However, with one crucial bit of information, you can protect yourself from falling victim to the USPS smishing scam: The USPS never sends out unsolicited text messages about a package. The company will only send a message when a consumer has signed up for alerts about a package’s delivery. If you have not signed up for messages from the USPS, and you receive a text like the one described above, you know you’re being targeted by a scam.

What to do if you’re targeted

If you’re targeted by a smishing text scam, the USPIS recommends taking the following steps:

  • Verify the sender. Confirm the identity of the message sender by checking with the USPS if you actually have a delivery schedule change. Don’t call the number on the text. Instead, reach out to your local USPS office directly.
  • Don’t reply or click on links. Replying to the message or downloading an embedded link can install malware onto your phone.
  • Delete. Save a screenshot of the text to share with law enforcement agencies and then delete the message.
    Block the number and update the security on your device. Prevent a recurrence of the scam by putting the number on your “Do Not Call” list and beefing up the security settings on your phone.
  • Keep personal information personal. Never share sensitive information, like your Social Security number or financial account details, with an unverified contact.

Report the scam

Do your part to stop the scammers by reporting it to the proper authorities.

First, you can report smishing scams that impersonate the USPS to the Inspection Service Cybercrime Team at the USPIS by email. Take a screenshot of the text and send it to spam@uspis.gov. Make sure your screenshot shows the number of the sender as well as the date it was sent. You’ll also need to include your name in the email so the team can reach you, along with any other relevant details about the scam, such as money you may have lost, links you may have downloaded, and personal information you may have shared. The USPIS will contact you if it needs any additional information to help nab the scammers.

You can also report the scam to the Federal Trade Commission at FTC.gov and let your friends and family know about the circulating scam.

Stay alert and stay safe!

Your Turn: Have you been targeted by a USPS smishing text scam? Tell us about it in the comments.

Learn More:
wmbfnews.com
keloland.com
wkbw.com
link.usps.com

Beware Romance Scams

With COVID-19 forcing more singles to meet and date online, America’s most expensive scam is on the rise. Romance scams are all over the internet and can be difficult to spot  While the data for 2020 is not yet available, according to the FTC, Americans lost a collective $201 million to romance scams in 2019.

Don’t be the next victim of a romance scam! Here’s all you need to know:

How the scam plays out

In a romance ruse, a scammer will create a bogus online profile and attempt to connect to singles on dating apps and websites, as well as through social media platforms. After a connection is formed, the scammer will work to build up the relationship with the victim, calling and texting often. Once the scammer has gained the victim’s trust, the scammer will spin a sorry story and ask the victim for money.

The scammer may explain that they cannot meet in person because they are currently living or traveling outside the United States. They’ll claim to be a doctor working for an international organization, a blue-collar worker in the middle of a construction project or to be part of the military and currently serving overseas. They may ask for money to help cover travel expenses, pay for medical treatment, cover customs fees at the airport or to pay for a visa or other official travel documents.

The scammer will ask for payment via wire transfer or prepaid debit card. Once they’ve received the funds, they will disappear. Alternatively, the scammer will ask their “date” to share personal financial information and then go on to empty the victim’s accounts.

How to spot a romance scam

If you’re in the market for a new date and you’re hoping to meet someone online, look out for these red flags:

Profile is too good to be true. If a single’s profile has unrealistic credentials, including a magazine-worthy photo, you’re likely looking at a scam.
Single rushes into the relationship. If the contact comes on too strong, too fast, it may be a scam.

Single asks you for money. Don’t believe a money-starved story of someone you just met online, especially if they start asking you to help them out.

How to play it safe online

Avoid falling victim to romance scams and similar ruses by following basic online safety rules.

First, never share personal details online with anyone whose identity you cannot verify. This includes all financial information, credit card details and personal information that can be used to unlock a password on any of your accounts.

Second, only visit secure sites and keep all the settings on your social media pages private. Never engage in conversation with a stranger who reaches out to you on a platform you’ve just begun using, or who sends you personal texts or emails you without any prior communication.

It’s equally important never to send money to anyone online.

If you suspect a romance scam

If you believe you’ve been targeted by a romance scam, take these steps to avoid further damage:

Research the name on the profile to see if the details check out. You can also use an online background checking tool, such as BeenVerified or TruthFinder, to verify the credibility of the profile.

Do a reverse-image search of the profile picture to see if it’s a stock photo or an image that was plucked off the internet. You can also ask the contact to share a current photo of themselves.

If your research confirms your suspicions, stop all communication with the scammer immediately. Block the scammer’s number and flag their emails as spam. If you’ve already paid a romance scammer with a prepaid gift card, call the company that issued the card to ask them to refund your money.

Report the scam to the FTC. It’s also a good idea to alert the website or app that the scammer is using. You may also consider warning your friends about the scam.

Follow the tips outlined above to keep your love life scam-free.

Your Turn: Have you been targeted by a romance scam? Tell us about it in the comments.

Learn More:
consumer.ftc.gov
romancescams.org
fbi.gov

All You Need to Know About Data Breaches

hands on a computer keyboard with security lock icons superimposedIf you follow the news, you’ll note that there seems to be another major data breach monopolizing headlines every week. The details vary, but in each breach, thousands, millions or even billions of victims’ sensitive information is compromised, and they’re now vulnerable to identity theft unless they take immediate action.

Here at Advantage One Credit Union, your financial success and safety is our primary goal. To help keep your information and your finances secure, we’ve compiled a comprehensive guide on data breaches.

What is a data breach?
Data breaches occur when sensitive information is accessed or used without authorization. Factors like a wealth of online data and sophisticated hacking tools have spurred a steep increase in data breaches in recent years, causing tremendous damage to individual consumers and businesses across every industry.

Data breaches occur by exploiting vulnerabilities in a company’s security system. Alternatively, an employee can be tricked into giving a cyber-criminal access to the company’s network.

The goal of most data breaches is to obtain personal information, like names, email addresses and passwords, as well as financial information, like credit card numbers and account details. This information is used by criminals to steal identities and empty accounts, or sold to other criminals who will then do so.

While major data breaches make headlines, according to the Identity Theft Resource Center, there is an average of three data breaches each day, most of which will never even make the news.

After a data breach
Whenever you hear about a major data breach that can possibly affect you, it’s best to monitor your accounts for suspicious activity. In most cases, you will be notified by the victimized company if your data has been compromised; however, it helps to keep an eye on your accounts even if you haven’t been contacted so you can minimize your loss by acting quickly if your are among the unfortunate victims.

If you’ve been victimized by a breach
If you’ve been informed your information is compromised by a data breach, take the following steps immediately:

  1. Freeze your credit
    Placing a freeze on your credit is the most crucial step you can take to stop scammers from getting at your information. A credit freeze will not bring down your credit score, but it will serve as a red flag for lenders and credit companies by alerting them to the fact that you may have been a victim of fraud. This added layer of protection will make it difficult, or impossible, for hackers to open a new credit line or loan in your name.

    You can freeze your credit at no cost at all three of the major credit bureaus, Equifax, Transunion and Experian. You’ll need to provide some basic information and you’ll receive a PIN for the freeze. Use this number to lift the freeze when you believe it is safe to do so.

  2. Change your passwords
    Most people are on the alert following a major data breach, but they tend to let their guard down once the heat is off and things calm down. Hackers know this, and they’ll often hold onto victims’ information immediately following a data breach and then sell it months down the line to other identity thieves. To protect your accounts from a delayed-reaction hack, change all of your passwords after a breach that possibly has affected you.
  3. File an identity theft report
    Unfortunately, these protective measures can sometimes be too little, too late. If your accounts have been compromised, and you believe your identity has been stolen, file an identity theft report with the Federal Trade Commission (FTC) as soon as possible. This will assist the feds in tracking down your hacker(s) and returning your finances to their usual state as quickly as possible.

Protecting your information
There’s no fool-proof way to protect yourself from a data breach, but following these simple steps can help keep your information as safe as possible:

Monitor your credit.
Check your credit accounts for suspicious activity on a regular basis. You can request a free credit report from each of the three major credit bureaus once a year at AnnualCreditReport.com. You may also want to consider signing up for credit monitoring, a service that will cost you $10-30 a month for the promise of notifying you immediately about any suspicious activity on your accounts.

Use strong, unique passwords.
Use a different password for each account, and choose codes that are at least eight characters long. Also, use a variety of numbers, letters and symbols. Vary your capitalization use as well, and don’t utilize any portion of your name, phone number or a common phrase as your password. Using a password manager like Dashlane or iPassword can also help keep your information safe. It’s also a good idea to choose two-factor authentication when possible, and non-password authentication, such as face recognition or fingerprint sign-in, for stronger protection.

Browse safely.
Never share sensitive information online and always keep your security and spam settings at their strongest levels. Make sure your devices are fully updated at all times. It’s also a good idea to keep your social media accounts as private as possible.

Hackers never stop trying to get at your data, but with the right protective measures in place, you can keep them from seeing success.

Your Turn:
How do you protect yourself from data breaches? Share your tips with us in the comments.

Learn More:
forbes.com
malwarebytes.com
searchsecurity
experian.com

Tax Scams 2019

Each year, the IRS publishes the “Dirty Dozen,” a list of 12 scams that are rampant during that year’s tax season.

This year, the IRS is cautioning taxpayers to be extra vigilant because of a 60% increase in email phishing scams over the past year. This is particularly disheartening, since it comes on the heels of a steady decline in phishing scams over the previous three years.

Typically, an email phishing scam will appear to be from the IRS. Once the victim has opened the email, the scammer will use one of several methods to get at the victim’s personal information, including their financial data, tax details, usernames and passwords. They will then use this information to steal the victim’s identity, empty their accounts or file taxes in the victim’s name and then make off with their refund.

Scammers have several means for fooling victims into handing over their sensitive information. The most popular tax-related phishing scams include the following:

  • Tax transcript scams
    In these scams, victims are conned into opening emails appearing to be from the IRS with important information about their taxes. Unfortunately, these emails are bogus and contain malware.
  • Threatening emails
    Also appearing to be from the IRS, these phony emails will have subject lines like “IRS Important Notice” and will demand immediate payment for unpaid back taxes. When the victim clicks on the embedded link, their device will be infected with malware.
  • Refund rebound
    In this scam, a crook posing as an IRS agent will email a taxpayer and claim the taxpayer was erroneously awarded too large a tax refund. The scammer will demand the immediate return of some of the money via prepaid debit card or wire transfer. Of course, there was no mistake with the victim’s tax refund and any money the victim forwards will be used to line the scammer’s pockets.
  • Phony phone call
    In this highly prevalent scam, a caller spoofs the IRS’s toll-free number and calls a victim, claiming they owe thousands of dollars in back taxes. Those taxes, they are told, must be paid immediately under threat of arrest, deportation or driver’s-license suspension. Obviously, this too is a fraud and the victim is completely innocent.

If you’re targeted
When targeted by any scam, it’s crucial to not engage with the scammer. If your Caller ID announces that the IRS is on the phone, don’t pick up! Even answering the call to tell the scammer to get lost can be enough to mark you as an easy target for future scams. If you accidentally picked up the phone, hang up as quickly as possible.

Similarly, suspicious-looking emails about tax information should not be opened. Mark any bogus tax-related emails that land in your inbox as spam to keep the scammers from trying again.

If you’re targeted by a tax scam, report the incident to help the authorities crack down on these crooks. Forward suspicious tax-related emails to phishing@irs.gov. You can also alert the Federal Trade Commission at FTC.gov.

Protect yourself from tax scams
Stay one step ahead of scammers this tax season by being proactive. Protect yourself with these steps:

File early in the season so scammers have less time to steal your identity, file on your behalf and collect your refund.
Use the strongest security settings for your computer and update them whenever possible.
Use unique and strong passwords for your accounts and credit or debit cards.
Choose two-step authentication when conducting financial transactions online.

Remember, the IRS will never:
Call about taxes owed without having first sent you a bill via snail mail.
Call to demand immediate payment over the phone.
Threaten to have you arrested or deported for failing to pay your taxes.
Require you to use a specific payment method for your taxes.

Ask you to share sensitive information, like a debit card number or checking account number, over the phone.

Be alert and be careful this tax season and those scammers won’t stand a chance!

Your Turn:
Have you ever been targeted by a tax scam? Share your experience with us in the comments.

SOURCES:
https://clark.com/personal-finance-credit/taxes/beware-of-these-common-irs-scams/

https://www.google.com/amp/s/www.forbes.com/sites/kellyphillipserb/2018/12/04/irs-warns-on-surge-of-new-email-phishing-scams/amp/

https://www.businessinsider.com/irs-phone-scam-what-to-do-if-you-get-scam-call-2018-2