Tag: security

Don’t Get Caught in a Non-Delivery Scam

by Advantage One, posted in Lifestyle, security, Tips & Best Practices

With the holidays approaching, and online shopping reaching its annual peak, scammers are out in full force to get at your money and your purchases. There are many scams to watch for this time of year, from online “retailers” phishing for information as you shop to brazen porch thieves who swipe delivered packages from doorsteps and so many more. The non-delivery scam can be particularly difficult to spot, and recovery is nearly impossible. Here’s what you need to know about this scam and how to protect yourself.

How the scam plays out

In a non-delivery scam, a shopper makes an online purchase, often at a discounted price. They may have chanced upon this “sale” through a social media ad, an unsolicited email or a banner ad on their favorite website. Unfortunately, though, the promised package is never delivered. After weeks of waiting, the shopper may try reaching out to the seller, only to find that the seller’s gone AWOL, along with the victim’s chances of recovering their money and/or their purchase.

Protect yourself

The best way to protect yourself against non-delivery scams is to practice online safety measures and to shop smartly. Here’s how.

  • Never click on links or attachments in unsolicited emails or on social media, regardless of how amazing the offer may be. If an ad looks promising, look up the alleged associated retailer directly and on your own. 
  • Keep your device’s security at its strongest settings and mark all suspicious emails as spam. 
  • Opt out of websites that are full of typos and/or grammatical errors.
  • Check each website’s URL for authentic spelling and signs of security, like the “https” and padlock icon. Recheck each landing page as you shop. 
  • When shopping a new seller, do some research before sharing any information with the seller. Look for a phone number and street address associated with the seller or company, dig up some online reviews and ratings and Google the retailer’s name along with the word “scam” to see if anything comes up. 
  • When shopping a private seller on an online marketplace, like Jiji or Etsy, check the seller’s profile carefully. Be extra wary if the profile is new.
  • Avoid shopping at retailers who insist on payment via prepaid gift cards or wire transfer. When shopping online, it’s best to use a credit card.
  • Stay away from sellers who advertise as if they are residents of the U.S. and then respond to questions by claiming that they are actually out of the country.
  • Always ask for and save the tracking numbers of online purchases. Monitor the shipping process so you can dispute the charge if the process seems suspect.
  • Be wary of items with prices that are too good to be true; in all likelihood they are.

If you’re targeted

If you believe you’ve fallen victim to a non-delivery scam, there are steps you can take to mitigate the damage. 

First, if you’ve paid via credit card, call the issuing company to dispute the charge as soon as you recognize the scam. If you believe the account has been compromised, you may want to close it and place a credit alert and/or credit freeze on your name as well. Next, be sure to alert the FTC about the scam so they can do their part in catching the crooks. If the alleged retailer is on the BBB website, you can let them know, too. Finally, let your friends know about the scam so they know to be aware.

Online commerce makes holiday shopping so much easier–but scams are everywhere. Shop smartly this season and follow the tips outlined here to avoid getting scammed. Stay safe!

Your Turn: Have you been targeted by a non-delivery scam? Tell us about it in the comments. 

All You Need to Know About SIM Swaps

by Advantage One, posted in Lifestyle, security, Tips & Best Practices, Uncategorized

SIM swapping, also known as SIM swap scams, or SIM hijacking, can be a nightmare for an unwary victim. According to a recent announcement by the FBI, this ruse is on the rise. In 2021, the FBI received 1,611 reports of SIM swapping, with losses totaling over $68 million, a more than five-fold increase from the 320 SIM swap complaints occuring in 2018 and 2019 combined. Here’s what you need to know about this prevalent scam and how to protect yourself. 

How the scam plays out

In a SIM swap scam, a criminal steals a target’s mobile phone number by tricking the victim’s cellphone provider into transferring the number to a SIM card in the criminal’s possession. 

Before the actual scam is pulled off, the scammer will generally employ a phishing scam to obtain some basic information about the target’s mobile number and phone service provider. They may reach out to the target via email, text message or phone call. They’ll pretend to represent the service provider, and ask the target to share or confirm their phone number and/or account number. They may claim there is an issue with the target’s account, and say they need this information to fix the problem. Unfortunately, the target often believes they are engaging with an authentic representative of their phone company, and willingly shares this information.

Next, the scammer will call the target’s service provider and use this info to convince them that they are actually the target. The scammer will claim that their SIM card has been lost or destroyed and they’ve purchased a new one to replace it. If the mobile service provider falls for the ploy, they’ll transfer the phone number to the scammer’s SIM card.

Finally, the criminal inserts the now-active SIM card into their own device and uses it to access the victim’s accounts by bypassing the SIM-based two-step authentication. The scammer then proceeds to change all passwords for online accounts linked to the phone. Unfortunately, this leaves the victim with an inactive SIM card and worse, locked out of their own accounts.

Protect yourself

Despite its prevalence, there are ways to protect yourself from SIM swap scams. The FBI advises consumers to take the following precautions:

  • Never share information about your financial assets while online.
  • Never share information about your mobile phone number or cellphone provider with an unverified contact over the phone or online.
  • Don’t assume every communication from an alleged service provider is legit. If you receive an unexpected call, message or email from your mobile phone’s provider asking you to share or confirm information, do not engage. Contact the provider directly to determine if the communication was authentic. 
  • Keep your social-media platform settings private.
  • Use strong, updated security for all your devices. 
  • Never share personally identifiable information online. 
  • Use strong, unique passwords across all your online accounts.
  • When possible, use strong, multi-factor authentication, standalone authentication, apps and physical security tokens to access accounts that contain sensitive information.
  • Don’t allow your mobile devices to “remember” your passwords, usernames and other personal information.

If you’ve been targeted

If you believe you’ve been targeted by a SIM swapping scam, take these steps to mitigate the damage:

  • Reach out to your cellphone provider for assistance in regaining control of your phone number.
  • Change the passwords and logins on all your online accounts.
  • Let your financial institution and credit card companies know about the scam so they can look out for suspicious activity on your accounts. 
  • Consider placing a credit alert and/or credit freeze on your accounts. 
  • Report the scam to your local FBI field office, your local law enforcement agency and the FBI’s Internet Crime Complaint Center.

Stay alert and stay safe!

Your Turn: Have you been targeted by a SIM swap scam? Tell us about it in the comments. 

4 Scams to Watch Out for this Black Friday

by Advantage One, posted in Announcements, Credit, Lifestyle, News & Events, online security, Promo, security, Tips & Best Practices, Uncategorized

Black Friday has traditionally been the day that kicks off the holiday shopping season, sending hordes of crowds surging through malls and big-box stores all over the nation. Unfortunately, it’s also been a day that kicks off the season of shopping scams. 

Here are four scams to watch out for this Black Friday and throughout the holiday shopping season:

  1. The Amazon Prime service fraud scam

In this ruse, a scammer posing as an Amazon representative will call a target to notify them about an alleged problem with their Prime account. The victim will be prompted to download a tool on their computer or mobile device. That “tool” will give the scammer remote access to “help them resolve the problem” that is at hand. If they comply, the victim will then be instructed to log onto their banking account, supposedly so the caller can be compensated for their time. Unfortunately, doing this will give the scammer direct access to the victim’s accounts. 

  1. Phishing emails

Phishing emails are nothing new, but they can be difficult to spot among the barrage of promotional emails flooding inboxes during this time of year. 

Here are two common variations of phishing scams: 

  • Account verification. The victim receives an email appearing to be from a retailer they frequently shop. It informs them that someone has tried to hack into their account. They’re asked to verify their account, or update their account details, through an embedded link. Doing so, however, will give a scammer access to their account. The scammer can now rack up a huge bill and leave the victim to pick up the tab. 
  • Order confirmation. The victim receives an email asking them to confirm an order made through Amazon or another large e-tailer. They’ll be asked to verify the order details through an embedded link. Unfortunately, doing so will give their personal information directly to the scammers. 
  1. Delivery issues

The coronavirus pandemic has forever changed the way Americans shop. It’s resulted in the volume of U.S. online purchases increasing steadily, according to the Census Bureau’s quarterly e-commerce reports. Scammers are well aware of this, and they’ve been quick to capitalize on the opportunities to pull off delivery scams, especially this time of year. 

Delivery scams generally take the form of a message appearing to be from UPS, FedEx or another delivery service, informing the victim of a “delivery issue” with an order. They’ll be asked to confirm or update their information with the provided link. Doing so will give the scammer access to their financial information and open the door to identity theft and more. 

In another variation of the delivery scam, a victim will be asked to pay a fee for covering a customs charge or tax. Of course, these fees are invented by the scammer, who will gladly pocket the money. 

  1. Non-delivery scam

Another scam whose prevalence has spiked with the increase in online shopping is the non-delivery scam, which involves a purchased gift that never arrives. The victim, likely lured in by an ad promising a super-low price on a desired item, rushed to complete the purchase without researching the seller. Unfortunately, the seller then disappears and the victim has no way of notifying them about the no-show or requesting a refund. 

How to avoid Black Friday scams

Follow these tips to keep your shopping free of scams:

  • Don’t open links in emails sent from unverified contacts. 
  • Never allow a stranger access to your device and/or accounts. 
  • Don’t share sensitive information on the phone or online with an unknown contact.
  • If contacted by an alleged representative of Amazon or another large company about an issue with your account, hang up and check your account to see if an issue is actually present.  
  • Always keep the privacy and spam settings on your computer and mobile devices at their strongest settings. 
  • If you have an issue with an ordered item, contact the retailer directly through their site and not through a pop-up ad appearing to represent them. Likewise, it’s a good idea to not click through to “support links” that are posted on troubleshooting forums, as they may not be to legitimate service sites. 
  • Only purchase items from reputable sellers. When shopping on a new site, look for a physical address, a customer service number and copy that’s free of spelling errors and typos. 

Stay safe!

Your Turn: Have you been targeted by a Black Friday scam? Tell us about it in the comments.

5 Steps to Take After a Data Breach

by Advantage One, posted in Announcements, Credit, Lifestyle, online security, security, Tips & Best Practices, Uncategorized

Data breaches show up in the news almost as often as celebrity couple breakups. According to Risk Based Security’s Mid-Year Data BreachReport, there were 1,767 publicly reported breaches in the first half of 2021, exposing 18.8 billion records. One of the most far-reaching of these breaches was the T-Mobile data breach in August, which has impacted more than 50 million people. 

A data breach exposes confidential information of its victims, which can include Social Security numbers, account information, credit card numbers, passwords and more. If your personal information has been compromised by the T-Mobile data breach or another exposure, take these five steps to mitigate the damage. 

Step 1: Read all alerts and notifications from the compromised company

The business whose data has been compromised in the breach will generally reach out to all potential victims to notify them about the exposure. They may instruct all recipients of this missive to check for signs that their information has been exposed and/or direct them toward their next step. If you believe your information may have been compromised in a breach, it’s important to read every message you receive from the exposed company. 

Step 2: Alert your financial institution 

Next, let Advantage One Credit Union know your account may have been compromised. This way, we’ll know to keep an eye out for signs of fraud and place an alert on your account. We’ll be watchful of requests to approve any large transaction or withdrawal, and we’ll contact you if we notice any suspicious activity. 

Step 3: Change any exposed passwords

A data breach generally means passwords of all kinds have been compromised. It’s best to change as many as possible after a breach to keep information and money safe. The quickest way to do this is by using a password manager, which allows you to store unique, complex passwords for each account. Although it’s important to have a different password for each account, it’s best to start by changing passwords you know were a part of the data breach.

Step 4: Consider a credit freeze

A credit freeze alerts lenders and credit companies to the fact that you may have been a victim of fraud. This added layer of protection will make it difficult, or impossible, for hackers to open a new credit line or loan in your name.

You can freeze your credit at no cost with all three of the major credit bureaus, Equifax, Transunion and Experian. You’ll need to provide some basic information and you’ll receive a PIN for the freeze. Use this number to lift the freeze when you believe it is safe to do so. 

Step 5: File an identity theft report

If your accounts have been compromised and you believe your identity has been stolen, file an identity theft report with the Federal Trade Commission (FTC) immediately. This will assist the feds in tracking down the scammers responsible for the data breach. It will also help you return your finances to their usual state as quickly as possible.

Take these precautionary measures to protect your information from future data breaches of any kind:

  • Monitor your credit. It’s a good idea to check your credit accounts for suspicious activity on a regular basis. You may also want to sign up for credit monitoring, a service that will cost you $10-40 a month for the promise of notifying you immediately about any suspicious activity on your accounts.
  • Use strong, unique passwords. Use a different password for each account, and choose codes that are at least eight characters long. Use a variety of numbers, letters and symbols–and vary your capitalization use as well. Choose two-factor authentication when possible, and non-password authentication, such as face recognition or fingerprint sign-in, for stronger protection.
  • Browse safely. Never share sensitive information online and always keep your security and spam settings at their strongest levels.

Your Turn: Has your personal information ever been exposed in a data breach? Tell us about it in the comments. 

Beware Cryptocurrency Scams

by Advantage One, posted in Budgeting, Convenience, Lifestyle, News & Events, online security, security, Tips & Best Practices, Uncategorized

As one of the hottest investments on the market, cryptocurrency has been enjoying the spotlight for quite a while, and scammers are eager to cash in on the excitement. Cryptocurrency scams are particularly nefarious since the digital currency is not regulated by any government, and once it has transferred hands it usually cannot be reclaimed. Here’s what you need to know about cryptocurrency scams and how to avoid them. 

How the scams play out 

There are several ways scammers are using cryptocurrency to con people out of their money. 

  • Blackmail. In this ruse, scammers send emails to their targets claiming they have compromising photos, videos, or embarrassing information about them. They threaten to go public with these unless the victim pays up in cryptocurrency. Of course, the scammer is lying about the materials they possess and this is illegal blackmail and extortion.
  • Social media. Here, a target receives a social media message appearing to be from a friend and asking them to send cryptocurrency immediately to help them out of an alleged emergency. If the target complies and sends cryptocurrency to their “friend,” they’ll never see that money again. 
  • Mining. In this scam, bogus websites lure targets into what appear to be opportunities for mining or investing in cryptocurrency. The site may even offer several investment tiers, promising bigger returns for a more significant investment. Unfortunately, any money invested through these sites can never be withdrawn. 
  • Giveaways. These “giveaways” appear to be sponsored by celebrities or big-name cryptocurrency investors, like Elon Musk. Victims are promised exponential returns for small investments in cryptocurrency, or for simply sharing some personal information. Of course, none of it is real, except the loss you’ll experience if you fall victim.
  • Romance. Through online dating sites, scammers convince victims they have met a legitimate love interest. As the “relationship” deepens, the victim’s long-distance date starts talking about fabulous cryptocurrency opportunities with incredible returns. The victim acts upon this advice, and sadly, loses their money to the person they believed was a new romantic partner. 

In each of these scams, the victim has no way of recovering the cryptocurrency they shared if an “investment” has been made. Scammers also use common spoofing technology to make it appear as if they represent a legitimate business or website. As always, when in doubt, opt-out. 

How to spot a cryptocurrency scam

Look out for these red flags to help you avoid cryptocurrency scams: 

  • You’re promised big payouts with guaranteed returns for a small investment in a specific cryptocurrency. 
  • A celebrity or famed cryptocurrency investor is sponsoring a cryptocurrency giveaway.
  • A friend contacts you on social media, claiming they are caught up in an emergency and need immediate rescue, but only through cryptocurrency. 
  • You’re promised free money in cryptocurrency in exchange for sharing some personal information.
  • A caller, new love interest, organization, or alleged government agency insists on payment via cryptocurrency.

Be sure to follow common safety measures when online and never share personal information or money with an unverified contact. If you are unsure whether you’ve actually been contacted by a friend or an authentic business, reach out to them to learn the real deal. Finally, if you’re looking to invest in cryptocurrency, never click on an ad or email; look up secure investment sites like Robinhood and Coinbase on your own.

If you’ve been targeted

If you believe you’ve been targeted by any of the above cryptocurrency scams or a similar scheme, immediately report the scam to the FTC. If the scam was pulled off on social media, let the platform owners know so they can take appropriate measures. Finally, let your friends and family know about the circulating scam.

Cryptocurrency offers unique opportunities for beginner and experienced investors alike, but scammers are exploiting digital currency for their own schemes. Proceed with caution to keep your money and your information safe. 

Your Turn: Have you been targeted by a cryptocurrency scam? Tell us about it in the comments. 

Don’t Get Spooked by One of these Scams this Halloween!

by Advantage One, posted in Lifestyle, News & Events, online security, security, Tips & Best Practices, Uncategorized

That cackling, long-haired witch might send your heart fluttering with fear, but these Halloween scams are even spookier! Here’s what to know about these common Halloween scams. 

 1. The Joker

Desperate for money before the holiday shopping season hits? Looking to pad your pockets with a bit of extra cash? Scammers know this all too well, and target consumers with messages promising loads of money for very little work. All you need to do is send a small amount of money to a designated digital address via CashApp, Venmo, or another money transfer app, and your money will be doubled, tripled, or more. 

Don’t fall for the tricks! Much like another variation of the money-flipping scam, they’ll ask you to share your account information so they can withdraw the money and then “treat” you with the cash you’ve earned. It’s like getting free money – which, of course, doesn’t exist. 

Spot a money-flipping scam through the amateur writing and too-good-to-be-true promises. Any request for you to share your banking information is another dead giveaway. 

2. Night of the Living Dead

This scam can be pulled off at any time of year, but it takes on an extra level of spookiness when yards are decorated with ghosts and cobwebby graveyards. In the deceased identity theft scam, scammers actually steal the identity of someone who is no longer living. They may empty the decedent’s accounts, pass off their credit history as their own and use their Social Security number to collect benefits, apply for a job, and more.

Protect a loved one’s identity from being stolen after they pass on by taking steps to lock down their social media accounts, credit report, and Social Security number. Keep an eye on their accounts until their assets have been lawfully divided. 

3. Trick or Treat

You found the perfect costume online, and for a bargain price! You happily pay up, complete your order and wait for the package to arrive. And wait. And wait. Unfortunately, you’ve been tricked. 

In a variation of the online order scam, the package arrives on your doorstep as promised, but has little resemblance to the way it looked online. The quality may be lacking, the size and color completely off, or important components missing. You may try to find a customer service line, but there’s no working number listed. You may also try returning the purchase, but a street address for returns will be more elusive than the invisible man. 

Don’t get tricked! Only order from reputable sites that display complete contact information for the company. Ignore all offers that scream “Hot Deal! Act Now!” and feature prices that are way below the average sale price. Shop with caution and you’ll only walk away with treats.

4. Hitman

There’s a hitman at your door – and no, this is no disguise! 

In the hitman scam, scammers pretend to be assassins who were hired to take out a target. They’ll send the target extortion emails and messages, promising to spare their life for just a few thousand dollars. Often, they’ll even drop the name of the friend or family member who allegedly put a hit on the target’s life. 

Don’t get scammed! If you receive an extortion message of any kind, contact local law enforcement. Never share money with an unverified contact. And finally, if the scammer shared the name of the person who allegedly hired them, reach out to this person to verify that no, they didn’t put a hit on your life. 

It’s a frightening world out there, but being aware of these scams and following smart precautions, you can protect your money and your information. 

Have a happy and safe Halloween!

Your Turn: Have you been targeted by a Halloween scam? Tell us about it in the comments. 

Beware of Gift Card Scams

by Advantage One, posted in Announcements, Lifestyle, News & Events, online security, security, Tips & Best Practices, Uncategorized

Everyone loves a gift card for their favorite retailer or restaurant. It’s like getting money to spend in any way you please! Unfortunately, scammers also love gift cards, but for all the wrong reasons: They often use gift cards to pull off scams. Here’s what you need to know about gift card scams and how to avoid them.

How the scams play out

There are several ways scammers utilize gift cards to con victims out of their money:

  • The IRS gift card scam. In this scam, a target receives a threatening message that’s allegedly from the IRS and claiming they are at risk of arrest for tax evasion if they do not pay up immediately. However, they insist that payment can only be made in the form of a gift card. Often, the scammer will ask specifically for an iTunes gift card, because, as you know, the IRS always asks for tax payments in the form of digital music. 
  • The tech support gift card scam. In this variation, a caller pretends to represent tech support at a recognized company, like Apple or Microsoft. They’ll insist there is something wrong with the victim’s computer and offer to “assist” in fixing the problem. Payment can be made with a gift card, of course. Lucky for you, there is nothing wrong with your computer, but you’ve just been targeted by a scam and are at risk of getting tricked. 
  • The romance gift card scam. A new dating partner found through a dating website asks for money in the form of a gift card to help them out of a sticky situation. Believe them and you’ll lose both your date and your money. 
  • The sweepstakes gift card scam. Congratulations — you’ve won a trip to the Cayman Islands! But first, you have to pay the small processing fee via gift card. Follow directions and you’ll never see that vacation or the money you spent on the gift card again. 
  • The utility gift card scam. You don’t want your gas or electricity cut off, do you? If you don’t pay up with a gift card, the lights might just go out. They won’t, but if you fall for the call, you’ll be out the money you spent on the gift card.
  • The balance-check gift card scam. You spot a discounted gift card up for sale online and happily purchase the card. The seller will send you the card, but then ask you to read the numbers over the phone to confirm the balance. If you comply, the seller now has all the information they need to use up all the funds on the gift card. 

How to spot a gift card scam

A little bit of knowledge goes a long way in recognizing gift card scams:

  • The IRS will never initiate correspondence by phone call, text message, or email. Instead, they will send a letter to taxpayers through the U.S. postal system. 
  • No authentic business or government agency will insist on payment by gift card. 
  • If you don’t recall entering a sweepstakes, chances are you didn’t win it either.
  • A caller or message claiming a matter is urgent and demands immediate action is nearly always a scam. 

In general, gift cards should be used for purchases or to send as gifts, and not as payments. Also, as with all sensitive information, the numbers on your gift card should never be shared over the phone or online. Finally, it’s best to only purchase gift cards through reputable sellers or those that have excellent customer reviews and/or offer a cash-back guarantee.

If you’ve fallen victim to a gift card scam

If you’ve paid a scammer with a gift card or shared your gift card information after being taken by any of the above ruses or similar schemes, take immediate steps to mitigate the damage. 

First, contact the company that issued the card as soon as possible. You can find the customer service number for most companies on the card itself or through a simple Google search. Tell the representative what happened. If you still have them, hold on to the receipt and the actual card for proof should it be required. 

Next, if the scammer continues to contact you by phone, text message or email, do not engage further. Block the scammer’s number from your mobile device and mark their emails as spam. 

Finally, report the incident to the FTC and alert your family and friends about the scam. 

Stay safe! 

Your Turn: Have you been targeted by a gift card scam? Tell us about it in the comments. 

Scam Free Summer

by Advantage One, posted in Budgeting, Lifestyle, online security, security, Tips & Best Practices, Uncategorized

Hello, summer! It’s the season of flip-flops and ice pops, of sun-drenched afternoons and lazy days at the beach. And, unfortunately, summertime is also prime time for scammers. People are more relaxed, schedules are looser and vacationers are traveling in unfamiliar locations. All of this can lead people to let their guard down during the summer, and the scammers know it. 

Don’t get scammed this summer! Follow these tips to stay safe. 

1. Never pay for a “prize” vacation

So you won an all-expense-paid trip to Aruba? Or a vacay in a remote French chalet? Sounds like a dream come true, but if you follow through, you’ll be caught up in a nightmare.  If you’re asked to pay even a small fee to claim a free vacation prize, you’re looking at a scam. A legitimate company will never ask winners to pay a fee for a prize.

2. Use a credit card when traveling

A credit card will offer you the most protection in case something goes wrong. You’ll be able to dispute unauthorized charges, and in most cases, reclaim your lost funds.

3. Ignore celebrity messages

Celebrities might have a direct line with the public through their social media platforms, but don’t believe a private message appearing to be from your favorite movie star, singer or athlete. A direct message from a celeb asking for money for a charity, or claiming you’ve won a prize, but need to pay a processing fee, is a scam.

4. Check for skimmers at the pump

If you’ll be spending a lot of time on the road this summer, and pumping gas in unfamiliar places, it’s a good idea to check the card reader for skimmers before going ahead with your transaction. A card skimmer will read your credit or debit card information, enabling a scammer to empty your accounts. Here’s how to check for a skimmer on a card reader:

  • Try to wiggle the card reader; this should dislodge a skimmer if there is one. 
  • Check the keypad to see if it looks newer than the rest of the card reader.
  • Touch the surface of the keypad to see if it’s raised.

5. Research vacation rentals carefully before booking

With so many vacationers now booking stays at private homes instead of hotels, scamming travelers is easy. All it takes is a few fake photos, a bogus address, and you’ve got yourself a fake vacation rental. In other vacation rental scams, scammers will falsely advertise a rental as a beachfront property when it’s not, claim that it’s larger or more up-to-date than it is or promise amenities that are missing when you arrive. 

Don’t get scammed! Before booking a vacation rental, read the reviews left by previous guests. If there aren’t any, or they don’t sound authentic, you’re likely looking at a scam. You can also look up the address of the rental to see if it in fact exists and if the location matches the description in the listing. As another precaution, you can ask the owner for more details about the property just to see their reaction; if they sound vague or uneasy, it’s likely a scam. Finally, as mentioned above, use a credit card to pay for the stay so you can dispute the charges if it ends up being a scam.

6. Vet potential contractors well

Contractors who go from door-to-door looking for work are a fairly common summertime sight. Unfortunately, though, some of these “contractors” are actually scammers who are only looking to con innocent homeowners out of their money. They’ll deliver shoddy work at an inflated price, go AWOL once a down payment on the job’s been made or do more harm than good with their “home improvement” work.

It’s best to only hire contractors whom you’ve personally reached out to instead of waiting for one to come knocking on your door. Also, before hiring, thoroughly research a potential contractor, asking for contact info of previous clients, checking out their online presence and looking up the business on the BBB website. Finally, it’s best not to agree to pay more than a third of the total cost of a job before the work commences. Even then, only pay when you see the materials arrive. 

Don’t let summertime turn into scam-time. Stay alert, follow the tips outlined above, and stay safe!

Your Turn: What are your tips for a scam-free summer? Share them with us in the comments. 

Is Plaid Safe?

by Advantage One, posted in App Reviews, Checking, Convenience, Lifestyle, online security, security, Tips & Best Practices, Uncategorized

Q: When using peer-to-peer payment apps, banking apps and free-trading apps, I’m often redirected to the Plaid network, where I’m asked to input personal information. Can I feel safe using Plaid?

A: The instinct to be wary of any service that’s asking you to share sensitive information is appropriate and commendable. Most financial apps will ask you to share your banking information, and some will even ask you to share your Social Security number. But it begs the important question; Should you be sharing this information?

While the safety and security of each financial app is individual, apps that are powered by Plaid are safe to use. Plaid is a reputable company that uses encryption and industry-standard security measures to protect your sensitive information.

Here’s what you need to know about Plaid.

What is Plaid? 

Plaid is a financial technology company that serves as an intermediary between financial services and their users. Apps like Venmo, You Need a Budget and Robinhood use Plaid to securely link their users’ financial accounts to their own platforms. This way, the financial apps do not have access to their users’ information; they instead rely on Plaid to supply it for them.

Plaid works by using a universal Application Programming Interface (API) to share users’ data with other applications. APIs are software intermediaries that allow two different applications to communicate. Plaid has developed an API that can be used by any financial institution or application, making it simpler and safer for users to share their financial information digitally.

How does Plaid work?

When you sign up for any of the 3,000+ financial applications currently powered by Plaid, you’ll be asked to choose your financial institution from a list that’s provided by Plaid. Next, you’ll enter your banking login info and password. Some apps will have you create a new password at this point. Once you’ve logged in, Plaid securely shares the information you’ve chosen to link, such as your checking account number, with the app you’re using.

It’s important to note that Plaid itself does not move money around. The technology merely enables other financial apps and their users to send funds from one account to another. Plaid holds onto your encrypted password information without touching your money, while the linked financial app can move your money, but cannot access or know your login credentials.

Is Plaid safe?

Sharing personal information with an app can be unsettling — and it should be. However, you can rest easy, knowing that Plaid uses the highest levels of security possible. When you link your checking account with a financial application by using Plaid, the company instantly encrypts the sensitive data and then shares it with the application using a secure connection.

According to the Plaid website, the company uses these measures to keep your information secure:

  • End-to-end data encryption. Plaid uses a combination of the Advanced Encryption Standard (AES-256) and Transport Layer Security (TLS) to keep your personal information completely safe.
  • Multi-factor authentication.  An extra login step adds another layer of security.
  • Cloud infrastructure. Plaid uses secure cloud infrastructure technologies to enable quick and safe connection.
  • Robust monitoring. The Plaid API and all related components are continuously monitored by a security team.
  • Third-party security reviews. Security researchers and financial institutions regularly audit Plaid’s API and security controls.

When using an application that is powered through Plaid, practice standard online safety measures. Check the URL to ensure you have the correct site, look for the lock icon and the “s” following the “http” in the address. Also, make sure the security settings on your device are updated and set to their strongest levels. Finally, if you need to choose a new password for the app, be sure to choose a strong, unique code and not to share it with anyone.

In a world that is increasingly mobile, Plaid safely connects users to thousands of financial apps and 11,000 financial institutions across the country. Follow basic online safety protocol, keep your login info private, and you can use Plaid knowing your information is secure.

Your Turn: What steps do you take to keep your data safe? Tell us about it in the comments.

Learn More:
getdivvy.com
plaid.com

Micro-Deposit Scams

by Advantage One, posted in Lifestyle, online security, security, Tips & Best Practices, Uncategorized

It probably doesn’t surprise you to know that scammers are always coming up with creative ways to con people out of their money. Recently, there’s been an uptick in an old scam in which crooks reach out to targets and try to gain access to their accounts through micro-deposits. Unfortunately, too many people have already fallen for this scam, and we don’t want our members getting caught in the trap. To that end, we’ve compiled this guide on micro-deposit scams, how they play out and what you can do if you’re targeted.

What is a micro-deposit?

Before we can explore the actual scam, it’s important to understand how a micro-deposit works.

Micro-deposits are small sums of money transferred online from one financial account to another. The purpose of the deposits is to verify if the account on the receiving end is actually the account the sender intended to reach. Micro-deposits are generally less than $1 and can be as small as $0.02. They are also typically deposited in pairs; within one to three business days of linking accounts, two micro-deposits should appear in your account.

As mentioned, micro-deposits are primarily used to verify account ownership. For example, if you’d like to link your checking account at Advantage One Credit Union with an investment account, the investment brokerage firm will want to verify that it’s sending your dividends to the correct account. Before sending any of your investment earnings, it’ll do a test run by sending a pair of micro-deposits to your checking account. You’ll be notified that the firm has sent these deposits, and asked to verify the amount of the deposit by logging into your newly linked account. Once you’ve completed this step, the brokerage account will withdraw the small amount of money sent through the micro-deposits and proceed with regular deposits of investment dividends, as planned.

How the scams play out

Micro-deposit scams can take one of two forms.

In one type of micro-deposit scam, a crook will open as many investment accounts as they can, linking each one to one of a handful of bank accounts. When the micro-deposits begin to come in, the scammer will quickly transfer the money to another account before the brokerage company withdraws the deposits. Though each micro-deposit is small, when multiplied by thousands, the scammer can pull in quite a lot of money  — until they get caught, that is.

But it’s the other type of micro-deposit scam that concerns us more — and should concern you as well. In this scam, crooks will link brokerage accounts with strings of random numbers, hoping to hit a valid account. When a deposit is verified from an account, they will use additional information about the account holder to withdraw funds from this account as they please. Unfortunately, many people are uninformed about this scam and innocently verify the micro-deposits, giving the scammers free access to their accounts.

[Here at Advantage One Credit Union, we’ve had an alarming number of micro-deposits made to some of our members’ accounts. To protect our members and their money, we’ve started sending automatic text message alerts to members when they’ve received a micro-deposit. This way, the member knows about the deposit and, if they don’t recognize the sender, they can let us know they’ve been targeted by a scammer. We can then refuse to let the deposit clear and consider placing a fraud alert on the member’s account. Most importantly, the member will know they’ve been targeted and they can refuse to verify the deposit.]

What to do if you’re targeted

Micro-deposits are small enough to fly under the radar and you may unknowingly verify one of these deposits with an uninformed click. [However, now that we’ve initiated our micro-deposit alert system, you will know when to be on the lookout for a micro-deposit and the verification request that follows it.] Here’s what to do if you’ve received a micro-deposit from an unknown source:

  • Do not verify the deposit. Without verification, the scammer won’t know they’ve hit an authentic account.
  • Do not click on any links embedded in the verification request message or download any attachments.
  • Let us know you’ve been targeted.
  • Report the scam to the Federal Trade Commission at FTC.gov so they can do their part in catching the scammers.
  • Let your friends and family know about the scam so they can be on the alert as well.

Scammers are using micro-deposits to gain access to our members’ accounts, but Advantage One Credit Union is doing everything possible to stop them before they can do any real damage. Together, we can beat the scammers at their game and protect your accounts and your money. Stay safe!

Your Turn: Have you been targeted by a micro-deposit scam? Share your experience in the comments.

Lean More:
schneier.com
learn.stash.com
finextra.com
support.wealthfront.com