Fraud Education and Resources

On This Page

Common Fraud Scams
Common Information Security Scams
How to Protect Yourself
Warning Signs of Identity Theft

Common Fraud Scams

Elder Fraud / Grandparent Scam

• Seniors are often targeted because they tend to be trusting and polite. They also usually have financial savings, own a home, and have good credit—all of which make them attractive to scammers.
• Criminals pose as a relative—usually a child or grand child—claiming to be in immediate financial need such as in jail or in trouble with law enforcement.

Money Mules

• A money mule is someone who transfers or moves illegally acquired money on behalf of someone else.
• Criminals recruit money mules to help launder proceeds derived from online scams and frauds or crimes like human trafficking and drug trafficking. Money mules add layers of distance between crime victims and criminals, which makes it harder for law enforcement to accurately trace money trails.
• Money mules can move funds in various ways, including through bank accounts, cashier’s checks, virtual currency, prepaid debit cards, or money service businesses.
• Some money mules know they are supporting criminal enterprises; others are unaware that they are helping criminals profit.
• Money mules often receive a commission for their service, or they might provide assistance because they believe they have a trusting or romantic relationship with the individual who is asking for help.
• If you are moving money at the direction of another person, you may be serving as a money mule.

Lottery and Sweepstakes Scams

• Criminals claim to work for legitimate charitable organizations to gain victims’ trust. Or they claim their targets have won a foreign lottery or sweepstake, which they can collect for a “fee.”

Romance Scams

• Romance scams occur when a criminal adopts a fake online identity to gain a victim’s affection and trust. The scammer then uses the illusion of a romantic or close relationship to manipulate and/or steal from the victim.
• The criminals who carry out romance scams are experts at what they do and will seem genuine, caring, and believable. Con artists are present on most dating and social media sites.
• The scammer’s intention is to establish a relationship as quickly as possible, endear himself to the victim, and gain trust. Scammers may propose marriage and make plans to meet in person, but that will never happen. Eventually, they will ask for money.
• Scam artists often say they are in the building and construction industry and are engaged in projects outside the U.S. Some may say they are in the military and stuck overseas or a government employee. That makes it easier to avoid meeting in person—and more plausible when they ask for money for a medical emergency or unexpected legal, medical or travel fee.
• If someone you meet online needs your bank account information to deposit money, they are most likely using your account to carry out other theft and fraud schemes.

Online Shopping Scams

Online shoppers can be scammed in many ways: from not receiving products despite the payment to losing money and payment information to fake websites and apps.

Scammers develop fake websites mimicking popular retailers’ sites and take your money and payment information without delivering products. They also create counterfeit apps containing malware (malicious software) for the same reasons.

Common Information Security Scams

Spoofing

• Spoofing is when someone disguises an email address, sender name, phone number, or website URL—often just by changing one letter, symbol, or number—to convince you that you are interacting with a trusted source.
• For example, you might receive an email that looks like it’s from your boss, a company you’ve done business with, or even from someone in your family—but it actually isn’t.
• Criminals count on being able to manipulate you into believing that these spoofed communications are real, which can lead you to download malicious software, send money, or disclose personal, financial, or other sensitive information.

Phishing

• Phishing schemes often use spoofing techniques to lure you in and get you to take the bait. These scams are designed to trick you into giving information to criminals that they shouldn’t have access to.
• In a phishing scam, you might receive an email that appears to be from a legitimate business and is asking you to update or verify your personal information by replying to the email or visiting a website. The web address might look similar to one you’ve used before. The email may be convincing enough to get you to take the action requested.
• But once you click on that link, you’re sent to a spoofed website that might look nearly identical to the real thing—like your bank or credit card site—and asked to enter sensitive information like passwords, credit card numbers, banking PINs, etc. These fake websites are used solely to steal your information.

Types of Phishing

Phishing has evolved and now has several variations that use similar techniques:

Vishing

Vishing scams happen over the phone, voice email, or VoIP (voice over Internet Protocol) calls.

Smishing

Smishing scams happen through SMS (text) messages.

Quishing

This is a new type of phishing attack the involves bad actors creating QR codes to be scanned that then redirects victim to downloading or visiting malicious content.

Pharming

Pharming scams happen when malicious code is installed on your computer to redirect you to fake websites.

Business Email Compromise (BEC)

In this scam, criminals target both businesses and individuals. It has evolved from a simple form of sending an email that appears to come from a business or individual you know and requesting a seemingly legitimate payment, often urgently, via a wire transfer, to compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.

Ransomware

Ransomware is a type of malicious software, or malware, that prevents you from accessing your computer files, systems, networks, or cell phone. Malware is installed in various ways, including through links and attachments in emails, downloads from malicious websites, or removable drives. Criminals hold your data hostage until the ransom is paid or pressure you for the ransom by threatening to destroy or release your data to the public.

How to Protect Yourself

Be wary of unfamiliar calls, computer messages, pop-up messages, texts or emails requesting personal information.

Be careful when posting personally identifiable information on social media. Enable security settings to limit what you share publicly.

Verify you are sending to a trusting recipient by calling a trusted or verified phone number from a recent bill or visit a local office.

Be cautious if pressured to respond on immediately; this is what scammers want you to do.

Scammers will ask you to pay in an unusual way such as gift card, pre-paid debit cards, bitcoin, and digital currency including CashApp, Venmo, Zelle, or Paypal.

Do not share login credentials nor account number; some scammers may convince you that you are owed money and may request your account information.

Never allow anyone to remotely access your computer nor mobile device. They may convince you that your device has a virus.

Turn On Multifactor Authentication

Multifactor authentication, also known as two-factor authentication, or MFA, is a highly effective security measure that requires an extra form of identification, on top of your password, when trying to access your digital assets and information. Most websites now offer this security feature such as a PIN, fingerprint, confirmation text, and authentication application.

Update Your Software

Criminals take advantage of well-known problems and vulnerabilities. Keeping your devices up to date with the latest security patches and utilizing automatic updates for operating systems, antivirus software, and applications will help protect your digital assets and information from cybercrime.

Recognize and Report Phishing

Phishing is the number one-way information gets compromised, and we are more likely to fall for phishing than we think. Be cautious of unsolicited phishing emails, texts, and calls that ask for personal and sensitive information. Don’t click on links or attachments from unknown sources and avoid sharing sensitive information or credentials over the phone or email, unless necessary.

Use Strong Passwords

Strong passwords are critical to protecting your digital assets and information. Make sure your password is long, unique, random, and including all four-character types.

Warning Signs of Identity Theft

According to the Federal Trade Commission:

• You see withdrawals from your bank account that you can’t explain.
• You don’t get your bills or other mail.
• Merchants refuse your checks.
• Debt collectors call you about debts that aren’t yours.
• You find unfamiliar accounts or charges on your credit report.
• Medical providers bill you for services you didn’t use.
• Your health plan rejects your legitimate medical claim because the records show you’ve reached your benefits limit.
• A health plan won’t cover you because your medical records show a condition you don’t have.
• The IRS notifies you that more than one tax return was filed in your name, or that you have income from an employer you don’t work for.
• You get notice that your information was compromised by a data breach at a company where you do business or have an account.

Resources for Common Scams and Other Scams

Consumer Financial Protection Bureau Article
Federal Bureau of Investigation Help Articles