Protecting Yourself and Loved Ones from Scams

Maily's Musings
Written By Maily Wirks

Fraud can happen to anyone. With times getting tougher, criminals are more motivated than ever to deceive, manipulate, and abuse.

To help you and your family protect your finances, here’s how to identify some of the most common scams. Additionally, we will go over specific actions to take if you suspect you’ve become a victim of one.

Phishing Scams

Phishing scammers often impersonate legitimate businesses or agencies via phone or email to obtain your personal information, such as a credit card number, Social Security number, login credentials, and bank routing numbers. Often, scammers will contact you, posing as a company you may do business with, to inform you that something has happened with your account, such as being flagged for fraudulent charges. In the example of the phishing email I received below, I was being prompted to click potentially harmful links.

Identifying a phishing scam

If you receive a phone call from someone claiming to represent a company, such as your bank or credit card, asking for personal information, hang up before sharing your data. Look up and call the customer service number on their website or on your statements to ensure you're speaking with a representative from the company. Then, confirm whether the company needs your personal information and can explain why it is required.

If the suspected scammer is contacting you via email, then one of the tell-tale signs of an email phishing scam is the sender's email address. A phishing email often has misspellings or added characters in the sender's name. These additional characters are often not visible when an email arrives but can be seen by clicking the small arrow beside the address. For example, if an actual email from a company is "hello@bigboxstore.com," a phishing email may show something like "19ab48+h3l70@bigboxsotre.com" when additional information is revealed. Similarly, misspelled words or general errors may be present throughout the body of the email. Again, before clicking or replying, look up the company’s customer service number and directly call them. They will be able to confirm if the email is legitimate or not.

Investment Scams

These scams involve fraudsters sharing “get rich quick” schemes or “no fail” investment opportunities. They try to convince you to invest in a fake business venture while promising guaranteed high returns and little or no risk.

Identifying investment scams

Investment scams may present fake reviews or testimonials from previous "investors." But the most effective way to identify these scams is to use a, "Is it too good to be true?" gut check. Anyone who tries to guarantee returns or promises no-risk investments should raise red flags and be avoided.

Lottery or Sweepstakes Scams

The scammer may reach out to a target claiming they won the lottery or a contest (such as a free cruise or cash for life). Then, they will request personal or sensitive information, such as a bank account and routing number, to deposit the winnings. They are collecting the information to access your accounts. Another variation of this scam is when the scammer requests upfront money to cover the fees and taxes associated with the winnings. In other words, “If you send us $200 to cover processing fees, we'll get your $10,000 winnings over to you right away." Of course, the “winner” never sees a dime.

Although this is already a nefarious way to steal money, these fraudsters can be remarkably persistent. Even after someone has sent them money to cover the “processing fees,” they continue to harass the victim and demand more money to “expedite” the process. If the target keeps sending money, they continue asking for more.

Identifying lottery or sweepstakes scams

A legitimate organization will never ask for money upfront to receive a prize. If they do, there is a high chance it is a scam. Another sign something is amiss is if you are notified that you won a prize for a contest you never entered.

Tech Support Scams

Tech support scammers try to convince their target that they can fix a non-existent issue with their computer. They may impersonate brands such as Best Buy, Apple, and Microsoft. These scams could appear as an email or a pop-up box on a website and often have urgent wording or a flashing message claiming that the computer is infected with a virus. Such messages will then tell you to call a number or click a link to rid your computer of the “virus.”

Clicking such a link may give the scammer remote access to your computer, tablet, or smartphone. From there, they can dig around for personal information and passwords. Tech support scammers may also prompt the user to call a “tech support” number. The person on the line will ask the user to either provide credit card information to pay for their services, ask for personal information such as login credentials, or request that you download unknown software so they can provide “support.”

Identifying tech-support scams

Adding virus protection software to your computer is a simple and effective way to help keep scammers at bay. When visiting websites, look for the lock icon in the search bar and "https" at the beginning of a web address, as these indicate that the site is secure. If a pop-up appears, do not click any links or call the number on the screen.

Government Impersonators

These scammers may identify themselves as members of the IRS, Social Security Administration, Treasury, FBI, or other central government agencies. They often claim they have an arrest warrant and frequently demand payment to "clear up the issue." The main tactic for these impersonators is fear and the threat of immediate action. They are very good at using phone numbers that appear to be from legitimate organizations or collecting enough information on their target to seem “legitimate.”

Identifying government impersonators

Although these impersonators can be scary, there are a few key red flags to notice. First, the person will eventually demand payment — and often in the form of gift cards. No government agency will ever require you to pay your supposed "debts" via gift card. Second, real government agencies follow in-depth and official processes when collecting debts or following up on issues and complaints. If there is an actual issue, say with your taxes, you'll receive letters, emails, or phone calls from agency representatives to inform you, not an unprofessional and intimidating call to pressure you into paying.

Family/Grandparent Scams

These scammers try to pull at your heartstrings by impersonating family members such as grandchildren or nieces and nephews.

They'll call and claim to be a relative, who needs immediate financial assistance. They'll often sound rushed and distressed, saying they need money immediately to pay for bail, hospital bills, lawyer retainers, or other fake fees. Or, the scammer may call claiming to be a police officer or hospital doctor on behalf of the grandchild. Some go as far as to show up at your home posing as these professionals or as a courier to pick up the funds.

Identifying family/grandparent scams

This scam can be particularly difficult to identify, as the scammer often imposes a sense of urgency and appeals to your emotions.

If a phone call like this is received, try contacting other family members for verification—even if the person on the other end of the line begs you not to tell anyone (this is a common tactic to keep others from catching on to the scam). If they claim to be a direct relative but are calling from an unknown number, try contacting that claimed person through any contact information you already have on hand, such as their cell number or email address. Like in many other types of scams, these fraudsters will often ask for money via gift cards, as these cannot be tracked or traced. If the person on the phone is asking for Visa gift cards, for example, to pay their bail, that should be an immediate red flag.

Romance/Sweetheart Scams

Online matchmaking services and dating apps aren't just for those in their 20s and 30s. People of all ages, including seniors, are finding love online.

But where there's potential for meeting a new love interest in retirement, there's also a risk of matching with a scammer.

Many sweetheart scams start out innocently enough. You find a match online, start chatting, and maybe you talk over the phone. This connection can go on for weeks, even months, before the scammer makes their move. But eventually, after they've spent time gaining your trust, they'll ask for money. Or, in some cases, they may not even ask but tactfully guilt you into giving.

A few examples include the following:

  • Saying they can't make rent this month.

  • Professing their desire to visit you in person but not having enough to pay for travel.

  • Complaining about hospital bills for their sick child or relative.

In other cases, the fraudster may claim to live overseas and request financial assistance in obtaining visas or paperwork, plane tickets, etc.

Identifying romance/sweetheart scams

Romance scams can be a challenge to identify, and once you're pulled in, it can be especially difficult to notice the warning signs. But anytime you're unable to physically meet with someone or video chat, keep your wits about you. Scammers often come up with excuses or reasons why they can't show their faces or meet in person. Again, asking for gift cards or money through hard-to-track methods is always a red flag.

Prevention is always preferable to a cure, but if a client calls us and tells us that they fear - or know - the worst has happened, quick and decisive action is crucial. There is no shame and we certainly don’t blame victims. Instead, we act as first responder, advising on a variety of situations - beginning with the correct authorities to contact for more detailed guidance. Here are some common situations and how to best mitigate them.

If you suspect identity theft:

  • Place a fraud alert or credit freeze on your accounts.

  • After, contact any vendor, bank or institution directly affected. Then contact the FTC and file an Identity Theft Affidavit and create an Identity Theft Report. Reports can be filed by calling (877) 438-4338 or by going to IdentityTheft.gov.

  • Armed with these documents, contact local law enforcement and file a police report.

  • If your Social Security number is compromised, contact the Social Security Administration at (800) 269-0271 and the IRS at (800) 829-0433.

  • If some or all the theft or fraud has been committed via mail, or if any fraudulent change of address forms are discovered, contact the Postal Inspection Service, the law enforcement and security branch of the postal service.

If your computer has been compromised:

  • Do not shut down or restart the device, since doing so risks the further complication of not being able to turn it back on. Instead, immediately disconnect the device from the internet, whether via Wi-Fi or a physical plug. These steps are important in stopping possible data loss and/or a potential attack from migrating from the affected computer to another device in the environment.

  • Unplug any external drives connected to the device, especially if the external drive contains backup data. Take note of any sites they were logged into when the event occurred, as a cyberattacker is likely seeing exactly what you are able to see on the screen. Then, log into those sites from a separate computer and, at a minimum, monitor them for any suspicious activity.

  • To further protect accounts, you can reset passwords and enable multifactor authentication, if not already enabled. We would additionally advise you to run a malware removal tool if you have one.

If your passwords have been compromised:

  • If you are receiving multifactor authentication requests that you did not request, or if you notice abnormal logins to an account, you should assume that your credentials have been compromised.

  • Make sure to deny any MFA requests you receive, then log in to the site and immediately change the password. When doing so choose the option - if it appears - to force all current sessions to sign out immediately in order to thwart a bad actor who might already be logged into the account.

  • Going forward, be on the alert for further signs of abnormal activity or sign-ins. Given that email addresses are the most common usernames for websites and applications, we discourage using the same password for multiple accounts. Utilizing a password manager can help efficiently maintain a larger volume of unique and complex passwords. This tool can also help identify if account credentials have been affected by a previous compromise.

If you're concerned your finances are at risk, contact your financial professional and banking institution immediately. They can help you take measures to prevent further fraud, add additional security measures to your accounts, and notify the proper authorities, if appropriate.

Best regards,

Maily Wirks

 
Maily Wirks https://www.mirusplanning.com/team
Previous

Important Tax Information for the Upcoming Filing Season
Next

Divided Government