COMMON TYPES OF FRAUD & THEIR DEFINITIONS

Account Takeover Fraud
Account takeover fraud is when a fraudster gains access to an account that does not belong to them, changes information such as log in credentials or personal information, and then makes unauthorized transactions in that account.

Check Fraud
Check fraud is any effort to obtain money illegally using paper or digital checks. This can include writing bad checks, stealing and altering checks and forging checks.

Cryptocurrency Payment Scam
As a Requested Method of Payment
While the type of scam may vary, such as a Social Security scam, a tech support scam, a romance scam, etc., the fraudster requests an untraceable type of payment such as cryptocurrency or gift cards. Once the funds have been sent, they are nearly impossible to get back.

Investment Scams
This scam uses the price speculations of cryptocurrencies to create a false investment opportunity. You receive a text, email, or call about a cryptocurrency investment opportunity and receive a link to a fraudulent website which looks legitimate. The scammer convinces you to open cryptocurrency trading account to which they have secret access, and they make it look like your investment is growing. After a few of these “trades” the fraudster withdraws all your investments, the “account” is gone, and the funds untraceable.

Elder Financial Abuse
Elder financial abuse is when financial resources are misappropriated and/or control of financial resources is abused (in the context of a relationship where there is an expectation of trust), and that abuse causes harm to an older person.

Fake Check Fraud
Fake check fraud is when a person you don’t know will ask you to deposit a check and send money back to them. These checks will either be phony, meaning they were created on a computer and printed out, or real, meaning they were stolen and forged.

Gift Card Payment Scams
Only scammers will tell you to buy a gift card, like a Google Play or Apple Card, and give them the numbers off the back of the card. No matter what they say, that’s a scam. No real business or government agency will ever tell you to buy a gift card to pay them. Always keep a copy of your gift card and store receipt. Use them to report gift card scams to the gift card company and ask for your money back.  For examples on Gift Card Scams, please visit consumer.ftc.gov

Grandchildren Family Emergency Scam
This scam preys on grandparents love and concern for their grandchildren.  In this scam, criminals pretend to be a grandchild/family member in danger and try to persuade the grandparent to act urgently and pay bogus fees, fines, or ransoms.

Identity Theft
Identity theft is when a fraudster uses someone’s personal identifying information without their permission in order to commit fraud or other crimes.

Impersonation
Impersonation is when a scammer creates a fake social media account to impersonate someone you trust. Since it appears to be someone you know, you will be more likely to share information and click malicious links.

Malvertising
Malvertising, or malicious advertising, is when a scammer injects malware into a legitimate online advertising network through code. The ads are created to look real and the malicious code will then install the malware on your computer, ultimately allowing the criminal to capture your credentials.

New Account Fraud
New account fraud is when fraud takes place within the first 90 days after an account is opened. The accounts are often opened solely to commit fraud.

Phishing/Email Scams
Phishing is when scammers use email to trick you into clicking a malicious link or giving out personal information, enabling them to hack into your account.

Caller ID/Phone# Spoofing
Spoofing is when a caller deliberately falsifies the information transmitted to your caller ID display to disguise their identity. Scammers often use neighbor spoofing so it appears that an incoming call is coming from a local number, or spoof a number from a company/government agency that you may already know and trust. If you answer, they use scam scripts to try to steal your money or valuable personal information, which can be used in fraudulent activity.

Romance/Friendship Scam
In Romance Scams, the scammer forms a romantic relationship with the victim, typically through dating or social media apps. These relationships often develop extremely quickly, with the scammer professing love early in the relationship. Scammers use various manipulative techniques to build trust. Once the scammer has developed a hold on the victim, they claim to need money for any number of reasons, including to visit the victim, assist a sick family member, or help with another financial hardship. The scammer claims they need the funds urgently, convinces the victim to send funds using cryptocurrency, and upon receiving them, is never heard from again

Smishing/Text Messaging Scams
Most people are aware of phishing or email scams, but they may not realize scammers can also target them with deceptive text messages sent to their smart devices. It’s called “smishing”: a mashup of SMS  (for “short message service”) and phishing. A typical smishing scam message may seem like it’s from a bank, maybe your bank, and include a link or phone number to bait you into clicking or calling. If you do, you stand a good chance of being hooked. And that’s when the scammers get to work, manipulating your personal information, which they can sell and/or use in other scams. Smishers may also try to entice you into downloading malware to your device.

Social Engineering
Social engineering is when a fraudster tricks someone into giving up their confidential account and/or personal information by convincing them to think they are communicating with trusted and known sources.

Tech Support Scam
Tech support scams take place when scammers trick you into unnecessary technical support services to fix nonexistent problems on your computer, software or internet, ultimately trying to gain access to personal and financial information. The scammer will initiate contact by displaying fake error messages on your computer enticing you to call tech support or they will call you directly pretending to be from a well-known tech company.

USPS Mailbox Fishing
Mailbox fishing is when a fraudster “fishes” for envelopes containing written checks in the United States Postal Service mailboxes. When they come across a check, they use techniques to erase all of the details in order to rewrite a fraudulent check to themselves for a large sum of money.

Vishing
Vishing, or voice phishing, is when a fraudster calls using personal information a scammer has previously obtained from a phishing attack. After stealing your confidential information from the fraudulent email, the cybercriminal will need to take it a step further to receive your SMS password or digital token to finalize the fraud operation.

You, or someone you know, could become the victim of a growing crime in America — financial exploitation of senior adults. Criminals are targeting people of all ages, especially individuals over 60 years old. Scams targeting senior adults resulted in over $3.4 billion in losses in 2023 (source: FBI). Fraudsters frequently target those who they feel may be lonely or have cognitive challenges.

We strive to equip senior adults and their family caregivers with the knowledge and resources needed to minimize their risk of financial theft due to scammers and con artists. A few tips to remember:

• Help with finances should come only from a trusted source.
• Scammers pretend to be from an organization you know such as government agencies, tech support businesses and other legitimate businesses to trick you into giving them money or sharing your financial and personal information.
• Artificial intelligence (AI) is increasingly being used to create convincing voice clones, which scammers exploit to trick seniors. For example, these fraudsters mimic the voices of family members in distress, convincing the senior adult that their loved one is in trouble and needs money immediately. Always hang up and call the loved one directly to verify the claim.
• Never share your personal or financial information including your social security number & account numbers in response to an unexpected request and resist the pressure by scammers to act urgently.
• Stop and talk to someone you trust before doing anything. Don’t sign or agree to anything you don’t understand. Speak with someone you trust first.
• Monitor Your Credit Report. You’re entitled to a free copy of your credit report from each of the 3 major credit bureaus once every 12 months. To order your free annual reports, go to AnnualCreditReport.com or call toll- free (877)322-8228. Be sure accounts have not been opened in your name, without your knowledge.

It’s important to stay vigilant with emails, phone calls or text messages claiming to be legitimate businesses. Please review the resources below for information on how to protect yourself from scammers.

Risk Factors that can Lead to Elder Financial Abuse:

Video from the Alzheimer’s Association Greater PA Chapter Executive Director Clayton Jacobs, related to risk and exploitation:

AARP’s lead volunteer on consumer protection and fraud, Mary Bach, provides information to help older adults protect themselves from scammers:

Identity theft can wreak havoc on your finances and your credit history. Generally, the criminal will illegally apply for credit in another person’s name and run up large bills — leaving the victim with the hassle of sorting out the confusion with creditors.

If you suspect that your personal information is being misused, act quickly. Here are some steps you should take:

• Contact InFirst Bank, any other financial institutions you bank with, and your credit card issuers immediately. They can review your accounts for fraudulent activity and, if necessary, stop payments on checks, change personal identification numbers and passwords, and open new accounts.
• Check your accounts to see if anyone has changed your address, altered your PIN, or requested new checks or cards.
• Report any fraudulent activity on your InFirst Bank account(s) and any unauthorized transactions to your local branch.
• Report any fraudulent charges on your InFirst Bank account(s) at 800-349-2814, or contact the issuers of any other cards.
• File a report with your local police department. The report will be helpful in explaining to creditors that you are a victim of identity theft.

If you’re a business owner, it’s more important than ever that you remain vigilant against common threats, like:

• Unauthorized access to your bank account(s) by outsiders or even employees
• Compromised IDs and Passwords
• Corporate Account Takeovers
• Email Compromise

Fraudsters have learned that stealing from a business is much more lucrative than scamming consumers one at a time.  They entice an employee or employer to click a link in an unsolicited email, or to visit an infected website. That’s all it takes to plant malware on your computer system, obtain your online banking credentials, and gain other sensitive info across your network. Fraudsters like to target small to medium sized businesses that use ACH or wire services and may not reconcile accounts every day. From there, it’s a simple matter for them to empty your bank accounts to a local account, which in turn immediately wires the funds out of reach. Don’t take any risks! Make sure any wire requests are personally validated.

At InFirst Bank, we want to help you ensure that your confidential information remains private, not only at the bank but also in all of your financial transactions. Confidential information is that which is not publicly available or easily accessible by the public. This information is not limited to your social security number, driver’s license number, or mother’s maiden name. Other types of confidential data include: names of previous employers, previous living addresses, and memberships in organizations. Best practice is to always think twice before giving out this type of information.

Below are some things you can do to keep your personal data from falling into the wrong hands:

• Monitor your InFirst Bank account(s) using our Online & Mobile Banking Tools.
• Create a unique password for your Online Banking account that you don’t use for any other web account.
• Protect your Social Security number, passwords, and personal identification numbers (PINs). Never give this information over the phone or the internet.
• Shred bank receipts, credit card offers, statements, and other sensitive documents.
• Be on the lookout for missing incoming mail, and don’t mail important information from your home mailbox. Take it to the post office instead.
• Review your credit report annually for incorrect information. You’re eligible for 1 free credit report from each of the 3 credit bureaus annually.
• Only use secure websites. A lock icon in the url security status bar typically indicates a secure connection.

Businesses should also take steps to ensure key information is secure, not only for their customers but for their employees as well:

• Divide financial responsibilities among employees, and regularly review account activity.
• Keep all personal information, check supplies, and deposit slips in a locked file or secure location.
• Do not leave confidential information on cell phones, e-mail, pagers, or voicemail.
• Use secure methods of disposing of personal information, such as using shredders.
• Upgrade computer systems regularly to ensure personal and confidential information is secure.
• Instruct staff on security procedures; adopt a written privacy/protection policy.

5 WAYS TO HELP PROTECT YOUR IDENTITY

HOW TO AVOID A TECH SUPPORT SCAM

TELEPHONE SPOOFING

ROMANCE SCAMS

IRS IMPOSTER SCAMS

WHY REPORT FRAUD

IMPERSONATION SCAMS – HOW THEY WORK

Helpful Tips To Fend Off Credit Card Debt (downloadable PDF)

Best Practices to Prevent Digital Fraud (downloadable PDF)

If you see a “Point of Sale” (POS) on your bank statement that has the information below – DO NOT CALL THE 800 NUMBER.

Point of Sale Withdrawal/
Microsoft*Store 800-642.7676
MSBILL.INFO WAUS
(Date)

The amount of the debit can vary but it is usually under $10.00. Most instances are in the amount of $8.70.

• #1 – If you call the number you will hear a message that “your information will be shared with other countries not for training purposes.”
•   #2 – The message will direct you to a web site
• #3 – Once on the site there is a message “If you wish to talk to a customer service representative, please enter your credit card information.”

Click HERE to view a brochure from the FTC on how to avoid a scam. There is also additional links below that our customers can go to learn about and report  fraud:

• Consumer Financial Protection Bureau (CFPB) – https://www.consumerfinance.gov/consumer-tools/fraud/
• Federal Trade Commission (FTC)
  Our mission is protecting consumers and competition by preventing anticompetitive, deceptive, and unfair business practices through law enforcement, advocacy, and education without unduly burdening legitimate business activity.
• What To Do if You Were Scammed | Consumer Advice (ftc.gov)
• ReportFraud.ftc.gov

Get more detail about data breaches
The impact of a data breach that involves your personal information can go beyond financial information. To learn more about what’s involved and the best strategies if your information has been part of a breach, visit the Federal Trade Commission’s Consumer Information site.

• Review your account statement regularly and promptly report any fraudulent activity.
• Create a complex Online Banking password. Use a combination of letters, both capital and lowercase, numbers and symbols.
• Protect your Online Banking ID and password. If you share this information with someone, all transactions they initiate are considered as authorized by you, even for transactions you did not intend for them to make.
• Never leave your computer or mobile device unattended during an Online Banking session. Sign off from Online Banking and mobile banking when you are finished with each session by using the ‘Logout’ button.
• Shred financial documents and paperwork with personal information.
• Never give out personal information over the phone or Internet unless you are certain you know who you are dealing with.
• Never click on links sent in unsolicited emails.
• Inspect your credit report for inaccurate data. You can obtain a free report by visiting annualcreditreport.com

Perform your own risk assessment, evaluating both risks and controls in your environment regarding online banking and/or remote deposit capture. Be sure to consider:

• Assigning individuals their own unique usernames/passwords
• The possibility of internal fraud or theft
• Delays in terminating the rights of former employees
• Segregating duties so that dual control is in place
• Conducting employee background checks
• Conducting internal or third party audits
• Using firewalls and up to date anti-virus protection to prevent outside intrusion