Finance 101 Scams Happen. Here's What You Should Know.

by Ellen Sheng | April 24, 2023

You may have already received scam emails about your car warranty expiring or ways to lower your credit card interest rate. But just as you've spotted those deceptive scams, cyber criminals are changing tactics.

Not only that, but the sheer number of scams is growing. In the first three quarters of 2022, more than 130,000 consumers reported to the Federal Trade Commission that they'd been scammed with cons on social media alone. The losses to victims — that means you, consumers — of these scams amount to more than $930 million.

Because cyber criminals are constantly scheming to develop new scams every year, it's essential to stay on top of these trends. Additionally, as technology has opened up opportunities to live and work remotely, it’s even more important to be aware of fraud pitfalls.

Here are some of the latest developments and new tactics of five prevalent scams that cyber criminals rely on.

1. Charity scams

How they work: This type of fraud can be prevalent in times of high-profile crisis, such as political unrest or natural disasters. One example is fraudulent charitable organizations reaching out asking for donations to help refugees. If it’s an email or text, it might include a link asking for your financial details or an attachment with instructions on how to donate cryptocurrency or dollars. If it’s a call, they’ll ask for your banking or credit card details.

Any kind of upheaval is an opportunity for scammers to find new victims. “It’s definitely an angle that that fraudsters love to exploit,” says Juan Benavente, head of Cyber Fraud Fusion Center and intelligence strategy at Citi. Geopolitical conflicts often cause a surge in charity-related scams, as well as scams about individuals trying to flee.

“The scammer gives you a goal and says, ‘Hey, I need help to leave the country.’ They usually target the elderly for these types of attacks,” he says.

Based on current events, Benavente expects to see an uptick in these types of scams and other cyber-enabled fraud.

What you can do: Research the organization before donating. There are resources to help check if an organization is legitimate and registered with the IRS as a tax-exempt organization. You can also check to see how much of your donation will go to the charity’s mission or causes on sites such as Charity Navigator or BBB Wise Giving Alliance.

Aid in times of crisis does seem urgent, but these scammers are preying on people’s good will. “There's no rush to do any sort of donations. Do the due diligence for it; that will definitely help,” Benavente advises.

A pensive woman looks away from her phone

2. Bank impersonation scams

How they work: You receive what sounds like a legitimate call or appears to be an email from your bank, a reputable vendor or your insurance company about suspicious activity or a problem with your account.

If it's a call, you'll be asked to provide some additional information, like the security code on the back of your card. If it's an email or text, you may be provided with a link to a fake website that requires you to log in and verify information.

Cyber criminals often target consumers of well-known companies because there's already a level of trust that’s been established. "We've seen increased incidences where our customers are getting calls or other reach outs from bad actors who might say they're from a fraud department or have seen suspicious activity and need to confirm information with them," says Adam Wood, director of cards fraud prevention and policy at Citi.

"They can sound very legitimate in those conversations and may know some things about the cardholder, such as their address and other information that they can use to establish a comfort level and some level of trust," he adds.

What you can do: These calls and emails may seem credible — however, be on high alert when asked to provide personal details via an unsolicited call, text or email link. You can also check the real email address of the sender by hovering over or clicking on the sender’s name. Hang up or ignore the link provided in the text or email, and instead go to the website directly or call the number on the back of your credit card. If there's really a problem with your account, it will be recorded there. 

3. Remote-access software scams

How they work: You receive a call, email or text from what you think is a reputable company that you use, and you are asked to download a remote access app so they can fix a billing issue or send you a gift reward.

In the recent past, cyber criminals might have used malware, or malicious software, to steal private, personal details and gain access to your accounts. But as more people wise up to the scheme, cyber criminals are moving on to remote access apps.  

Remote access apps are legitimate services that can be found in app stores, but in cases of fraud, the scammer uses the app to gain access to your personal information and accounts.

"Malware detection is pretty good and improves all the time. People are smarter about it: I got this file, should I really open that? And should I install this on my machine?" says Brian Kennedy, director of online/mobile fraud prevention and strategy at Citi. Under this scheme, "customers are tricked into downloading these [apps], and what they're doing is giving the bad actors access to their device," says Kennedy.

What you can do: Don't agree to download any remote access apps — if you receive a call, message or email, disregard it. You can check if the claim is legitimate by logging into your account on the official website. 

A man with a concerning look works on his laptop

4. Surprise account in your name scams 

How they work: You receive a call from a debt consolidation or debt settlement company with an offer to negotiate with creditors and put all of your debt into one account, to make it easier to pay off debt faster. Soon after, you discover that you have a new banking or credit card account opened in your name with an exorbitant service fee added on top.

"All of a sudden, the person ends up in an account that they didn't really understand they were opening that has some really high dollar charge on it. It wasn't clear what they were getting into," says Wood. Often, the first time the victim learns they've been scammed is when the bank or credit card company reaches out because there haven't been any payments made to the account.  

"It can be confusing," says Wood, because sometimes the fee on the account is charged by a company that's not the one that was represented to them as a consolidation.

What you can do: Don't give your information to a "debt consolidation company" or "debt settlement company." There are some legitimate services, but they could come with high fees. If you need to consolidate your debt, seek advice from a trusted financial advisor and work directly with a reputable financial institution.

5. Mobile phone takeover scams

How they work: Your mobile phone abruptly stops working. There are no bars for cellular coverage and phone calls aren't coming in.   

What's happened here is a SIM card swap scheme. A cyber criminal has switched your phone number from one wireless provider to another, so your phone is no longer receiving calls. If you were to log in to your bank or credit card account and use two-factor authentication, you would not receive the one-time password that's been texted to your phone. Instead, the cyber-criminal is now receiving that information and can access your bank account, assuming they’ve already guessed the password to your bank or credit card account.

"The frauds are basically compromising your account; swapping the SIM card that's in your device for a duplicate card on a new device that they've set up in your name," says Wood. "It is a growing concern for the industry and it's something that all the financial institutions are working to combat because we do rely very heavily on your mobile phone to authenticate you in multiple different ways," he says. The Federal Bureau of Investigation reported it received 1,611 SIM swapping complaints with losses of more than $68 million in 2021, up from 320 complaints from 2018 to 2020.

What you can do: If your phone suddenly stops receiving calls, you can't see any bars for cellular coverage, or you can't see information that you usually access, contact your mobile phone provider immediately. Cyber criminals can do a lot in a short amount of time, so be vigilant and don't wait.

You can also make it harder for cyber criminals to initiate a SIM swap by setting up two-factor verification with your mobile provider. This adds an extra step, so users have to go through an additional verification when signing in to manage their wireless account from a computer.

Cyber criminals are always evolving and shifting tactics, so it's important to stay aware. Whether it’s a bank spoofing scam or SIM swap or something else, “the best course of action is to be cautious,” says Wood.

Quote
You can also make it harder for cyber criminals to initiate a SIM swap by setting up two-factor verification with your mobile provider.
End Quote

3 ways to help protect yourself

Bad players are after your personal information because it’s the key to your accounts. Here are some steps you can take to help secure those details.

1. Be guarded with your private information

Cyber criminals are using more sophisticated, targeted techniques on victims; they may often already know some information about you, like which state you live in or that you're a customer of a particular bank or company. To make it more difficult for criminals to gain access to your accounts, avoid disclosing personal or financial information when posting on social media.

2. Vary your passwords

Don't use the same password on multiple accounts. That makes it easier for cyber criminals to break into all of your accounts since all they have to do is find out that one password.  

3. Be suspicious of any unsolicited contact

Given the growing number of scam calls from fraudsters pretending to be legitimate companies, it's a good idea to be wary of providing information over the phone or through a link. Scammers have gotten good at spoofing calls, so even if the number that shows up seems to be from your bank or a company you trust, it might not be. Go to the official company site instead, or call the official number.

Well-Being Financial Education Technology
Ellen Sheng

likes to learn about managing her finances by interviewing experts. Her stories have appeared in The Wall Street Journal, Forbes, Fast Company and Marie Claire.

The content reflects the view of the authors of the article and does not necessarily reflect the views of Citi or its employees, and we do not guarantee the accuracy or completeness of the information presented in the article.