Each year, fraudsters find new ways to trick people and financial institutions out of money. Whether it’s an imposter scam – impersonating a love interest, a grandchild, debt collector, etc. – or stealing someone’s identity, these fraudsters know how to pull it off. While some of these scams involve new tricks, many have been around for decades.
Using common channels like emails, text, and phone calls; fraudsters typically disguise their identity while retrieving confidential member information.
Romance Scams
Using fake online dating profiles with photos of other people to lure their victims, scammers often say they are from the U.S. but are temporarily traveling or working overseas. Some of the fictitious occupations include working on an oil rig, in the military, or as a doctor with an international organization.
The scammers quickly profess their love and tug at the victim’s emotions with fake stories and their need for money. They often request money for reasons such as a plane ticket, other travel expenses, and customs fees – all needed to get back into the country. The victims often wire the scammers money never hearing from their “sweetheart” again.
Other variations of this scam include:
Victims are duped into providing online banking login credentials. The scammer then logs into the account and uses the account-to-account (A2A) / external feature to initiate ACH debits against accounts at other institutions pulling funds into the victim’s account for deposit. The victim is instructed to send the funds to the scammer by Western Union or MoneyGram. The ACH debits are subsequently returned to the credit union as unauthorized up to 60 days later.
According to the Better Business Bureau, up to 30% of those scammed in 2018 were used as money mules, asked to open bank accounts by the scammer so they could send money to the victim for a short period of time. If the account is flagged as suspicious, they will close the account and find another victim. Many of those scammed are embarrassed to report it. If a romance scam is suspected, stop communicating with the scammer and explain your situation to a trusted friend or family member for their advice.
The scammer logs into the victim’s account and requests mobile remote deposit capture service. Once the account is set-up for mobile remote deposit capture, the scammer transmits images of fraudulent checks for deposit to the victim’s account. Again, the victim is instructed to send the funds to the scammer by Western Union or MoneyGram. The checks are subsequently returned unpaid.
Phishing / Vishing / SMiShing
Social engineering fraud is range of malicious activities carried out by fraudsters through human interactions. It uses psychological manipulation to trick users into making security mistakes. Unsolicited emails, text messages, and telephone calls purportedly from a legitimate company or individual requesting personal, financial and / or login credentials.
Phishing – One of the most popular forms of social engineering attempts to acquire sensitive information such as usernames, passwords and account or card details by masquerading as a trusted entity and creating a sense of urgency, curiosity or fear in victims. It then prods recipients into revealing sensitive information, clicking on links to malicious websites, or opening attachments that contain malware. Remind members not to click on links or open attachments in emails received from individuals they do not know.
SMiShing – A type of phishing attack where mobile phone users receive text messages containing a website hyperlink; which, if clicked would lead to a malicious URL and/or download malware to the mobile phone. It could appear to come from the recipient’s credit union with an intent to gain their personal or account information. In addition, there could be a request to call a fraudulent phone number. Warn members that if they receive these types of texts to call the institution at a number of record, not the one included in the text, to verify legitimacy.
Vishing – Voice phishing is the telephone equivalent of phishing attempting to scam the user into surrendering private information that will be used in identity theft. Often, the call will come from a spoofed phone number making it look like the credit union is calling the member which will provide the member with a sense of legitimacy. Inform members that if they receive this type of call to contact the credit union or whatever business is represented at a number of record, not a callback of the incoming number, to verify legitimacy.