Fraud Prevention Help Center

Spot and Stop Attacks - Clues To Look For:

• Urgency: If the message creates a sense of urgency, it's because the sender is trying to trick you into rushing a decision, taking quick action, or making a mistake. An example of Urgency would be a sender/caller claiming that your debit card will be deactivated if you don't give them your card number and validate the card information immediately.
• Fear Tactics: If someone is threatening to arrest you, sue you, or subject you to other consequences if you don't pay them, it's likely a scam. 
• Pressure: An example of an attacker applying pressure would be someone claiming to be from the company you work for, pressuring you to ignore or bypass company security policies to give them access to information.
• Unusual Payment Methods Requested: If you are asked to send a prepaid card, gift card, cryptocurrency, or other unusual form of payment, or even a wire transfer, don't do it. Payment methods that are nearly untraceable are preferred by scammers, and once the money leaves your hands, it's usually gone for good.
• Pre-Payment Requested Or Required:  Anyone who offers you a prize or debt relief if you pay an upfront fee or shipping costs is scamming you.
• You Need To Keep It A Secret: If you have been asked to keep a financial transaction secret, you're likely being scammed. Scammers don't want you to talk to friends, family members, or your financial institution's employees because they are afraid the scam will be detected.
• Curiosity: Any message that generates a tremendous amount of curiosity or seems too good to be true, such as an undelivered UPS package or a notice that you are receiving an Amazon refund, is suspicious and likely a cyber attack.
• Tone:  When you receive an email or phone message from someone claiming to be your friend, family member, or coworker, but the "tone" of the message is wrong (the wording or phrasing doesn't sound like them).  Don't fall for it. If you feel that you need to double-check the validity of the message, do NOT call a number or click a link in the message. It can even be risky to call them directly, as their phone may have been stolen and the cyber attacker could answer it. 
• Sensitive Information: Any message requesting sensitive information, account numbers, or passwords and other login credentials is a scam.
• Generic:  You may receive a message from a trusted organization, but the message is generic such as starting with "Dear Customer". This is likely a phishing attack.
• Personal Email Address: Any email that appears to come from a legitimate organization, merchant, or co-worker, but is using a personal email address like @gmail or @hotmail is not legitimate.

The security of today's technology can be overwhelming, especially for family members who may be new to using mobile devices and apps, such as grandparents or young teens. 

The best way to help your family stay secure is by making security as simple as possible for them. It is important to also share information on scams with older family members, college students, and friends. Scammers prefer to prey on the elderly and young people who are managing their own finances for the first time, often resorting to harassment if they feel it will get them the information they desire. Work together to come up with a plan of what to say and do if they are contacted with requests for sensitive information. Taking a few steps can have a big impact:

• Explain that scammers and con artists have been around for hundreds of years, they are just using the Internet now to try to fool their victims. 
• Give examples of how scammers target their victims by pretending to be a government agency, financial institution, utility company, etc.  
• Be sure that family members understand the importance of never giving out sensitive personal information, account numbers, passwords, or remote access to their computer.  
• Explain that the more urgent the message seems (whether it is a text, phone call, or email) the more likely it is a scam. 
• Let your family members know about romantic scams also, explaining that con artists prey on people who are lonely and longing for love by pretending to be their match made in heaven.  
• Let your loved ones know that they can contact you any time they are unsure about an email or phone call.
• Emphasize that scammers also still utilize phone and mail scams. They can still become victims if they don't know the warning signs. It's important to always be cautious of any unsolicited contact, even if the call or letter appears to be coming from a legitimate company or organization. 
• When setting up Home Wi-Fi access for anyone who is new to technology, take the time to make sure their wi-fi is password-protected. Consider using a secure form of DNS service that can help stop people from visiting infected websites. For younger family members, restrict websites that you don't want them to have access to.
• Help your less tech-savvy family members keep their devices and systems updated and current. This makes it harder for scammers and hackers to compromise them. The simplest solution is enabling automatic updates.
• Inform family members about the importance of using secure passwords that are unique, and coach them to not use the same password across multiple sites.
• Mistakes can happen. Make sure reliable backups are in place and be sure that your loved ones know what to do and who to contact if they fall victim to a scam.

Beware Of These Recent Scam Tactics

1. iMessage Phishing:  A scam that's getting a lot of attention right now, hackers have found a way to disable Apple's phishing protections on the iMessage platform. Normally the phishing protections gray out links in texts if the links are found to be malicious. The scammers are now utilizing the feature that asks you to text a "Y" or "N" response if you want more information, but responding can disable your iPhone's iMessage phishing protection. When iPhone users respond with a "Y" to the phishing text, they receive a text with a link that is not grayed-out, which gives them a false sense of security that the link can be trusted.  Clicking on a malicious link can lead to a spoofed website that steals personally identifiable information. Malicious links can also install malware on your device and download spyware or ransomware. 
2. Parking Ticket Scam:  In this recent new scam the scammers create realistic-looking parking citations and place them on the windshield of vehicles, misleading the owners into believing they have been legitimately ticketed.  The fake tickets typically include logos and detailed information that make then look authentic at first glance. They also have a QR Code that the 'violator' can scan to pay the 'fine'.  Consumers see that the fine listed on the fake ticket is low and they want to get it taken care of right away, so they scan the QR Code, visit the designated website listed on the ticket, or they call the phone number on the fake ticket to provide their payment details.  This puts them at risk of identity theft and financial loss.
3. PayPal Attacks:  Cyberattacks targeting PayPal users have been persistent for a while now. Some of them still use the phishing attack methods, while others have evolved to employ sophisticated techniques such as credential stuffing attacks. Cybercriminals use automated tools to attempt logins on accounts, using login credentials obtained from previous data breaches. Once they gain access, they initiate unauthorized transactions on the PayPal account.
4. AI-aided Phishing Scams Targeting Business Execs:  This advanced phishing scam has become the starting point for over 90% of successful cyberattacks, leading to substatial financial losses. Scammers, aided by AI bots or Deepfake technology, craft a highly personalized and believable phishing email that is specifically designed to deceive high-level executives. Attackers may exploit current events, company news, or urgent situations to create a sense of urgency and pressure the exec to act quickly without verifying that the message is legit.  The goal of these attacks it to trick the executive into revealing sensitive information or transferring large sums of money. 
5. SEO Poisoning:  Hackers have found ways to turn Google searches into malvertising (a scam ad that installs malware or brings you to a bogus website when you click on it). 
6. "Brushing" Scam (featuring QR Code Hacking of your Phone): Have you received a package you didn't order? CAUTION: The scammers who send the package often include a QR Code inside the box. They want you to scan the QR Code to see the name of the person who sent the package or where the 'gift' came from. DO NOT SCAN THE QR CODE! If you scan the code it can download malware to your smart phone and access/hack the information on your phone.   
7. "Brushing" Scam (featuring Fake Review):  Another form of the brushing scam is when a scammer sends a package to your home without your permission, then the company posts a fake positive review for the product using your name. Why? Because the goal of a brushing scam is to increase the popularity and/or rating of a product to get more sales. The package they send is often an inexpensive item such as beauty products, household goods, or gadgets. 
   • What should you do if you receive a strange package?
     • Never scan a QR Code contained inside the package
     • Check around to see if it's a gift sent to you by family or friends
     • If you didn't order it and it wasn't a gift, report the package. You can report it online to the sending company or contact their customer service
     • Monitor your accounts.  Keep an eye on transactions for several months to make sure no one is using your account. If you notice suspicious activity, report it to your financial institution right away. You can also consider requesting new cards and account numbers.
     • Change your password on Amazon, and consider changing passwords and setting up two-factor authentication on your online shopping and banking accounts.
8. Police Phone Call Scam:  A scam call circulating in the Wisconsin area consists of citizens receiving a call that claims to be coming from the local police or sheriff's office. The caller claims that you have unresolved legal matters, and the caller tries to get information or even funds from you. Law Enforcement and other Police and Sheriff's office employees will never ask for payment over the phone. Hang up on these calls. Never give out information to unsolicited callers.
9. AI Scams:  AI stands for Artificial Intelligence, and cybercriminals have discovered just how convincing AI can be in helping them trick you into sending them money.
   • Scammers can fake an entire Video Call
     • Imagine receiving an email claiming to be from your company's Chief Financial Officer asking you to do a financial transaction for the company.  You are wary, but you join a video call to discuss the request. The video call looks and sounds exactly like the CFO, so after the meeting you feel convinced that the financial request is genuine and you send the payment as requested.  However, it turns out scammers have used AI Technology to create believable video and audio of the Chief Financial Officer. This is called a deepfake.
   • Scammers can Clone Voices of Loved Ones
     • With "voice cloning" tools a scammer can use a simple snippet of your loved one's voice (lifted from a video on your loved one's social media account, collected from a voice mailbox recording, or obtained by recording a spam call made to the loved one). The audio sample is run through an AI program that replicates the voice, including laughter, fear, or emotions. This allows the scammer to enter text of anything they want the voice to say, and you end up getting a panicked phone call from your loved one asking you to do a cash app transfer to cover an emergency medical bill or auto repair.
   • How can you protect yourself?
     • Be suspicious of any unexpected phone calls. 
       • If you receive a call from an unknown number, don't answer it.
       • If you do answer, let them speak first. Be aware that anything you say can be recorded.
       • Never give out any information.
     • Beware of Caller ID spoofing, which creates a fake Caller ID on your phone.
       • The scammer's number could show up as a number that you recognize, such as a government agency or a well-known company.
     • Hang up if you're suspicious, then look up the legitimate phone number of the person, agency, or company and call them directly to verify the authenticity of the caller.
     • Never wire money or pay with a gift card. Legitimate companies will not ask you to do this.
     • Be careful what information you share online. Social media is a fun way to connect, but it's essential to protect yourself from scammers, hackers, and identity thieves.
     • Educate older and younger family members so they can protect themselves, too.
10. Cybercriminals posing as Amazon support and sending notifications claiming your Amazon account is on hold due to billing errors. The scam email includes a link to 'resolve the issue' by updating your billing info.
11. Cybercriminals use Facebook Messenger to ask you about your business. The message includes an attachment, which installs malware if you download or select the attachment.
12. Per the FBI, Callback Phishing Attacks are on the rise. Cybercriminals send an email claiming you have a pending charge on one of your accounts, but if you call the number provided in the email the cybercriminal will guide you on how to connect with them through a legitimate system management tool (i.e. remotely connecting to your computer or device and controlling your device). Once the legitimate software has been installed, cybercriminals can use it to sneak ransomware onto your device, resulting in your sensitive information being stolen or used to extort you or your organization.

Be suspicious of unexpected emails, particularly if they include an attachment or link, or if they ask for personal or financial information, OR if you are asked to call a number.  If you are concerned that the claims in the email may be true, always navigate directly to the secure website of the company to find the best contact number and make a direct call instead of trusting the phone number in the email.

More Scams To Be Aware Of

More information about these types of scams can be found on the Federal Trade Commission website: consumer.ftc.gov

• Password theft or Online Banking Login Credentials theft
• Fake shopping websites
• Free trial offers
• Scam texts or emails claiming debit or credit card is blocked
• Scam phone calls claiming security check
• Fake fraud alerts
• Amazon phone scam
• Paypal invoice scam
• Netflix (or other streaming) scam
• Online lending scams
• Gift card scams
• Fake work-from-home scam
• Fake CDC or World Health Organization emails for new vaccines
• Government check scams
• Phishing emails, texts or phone calls
• Fake investment scams
• Fraudulent check/Mobile Deposit scam
• Grandparent scam
• Law enforcement or Hospital emergency phone call scam
• IRS scams
• Payday Lender scam
• Zoom Installer scam
• Computer Tech Support or Computer Takeover scam
• Microsoft scam
• Fake letter from lawyer claiming inheritance
• ATM Skimming device scams
• Utility company scam
• Fake smart phone apps
• Fake charity or holiday-related websites
• Fake delivery notices
• Fake Facebook “new friend request” messages
• Online Romance scams
• Auction site fraud

Bottom line, be vigilant and protect your hard-earned funds at all times.  If something doesn’t seem right, end it.  Log off the computer, delete the email or text, stop responding to phone calls…do what you need to do to protect yourself, your identity, your accounts, and your sensitive personal information.