Preventing Fraud: Protecting Your Identity and Finances
Many people think they can spot and outwit a scam, but the truth is that scams become more savvy and sophisticated every year.
You may not be able to keep up with every new scheme, but there are red flags for every type of potential fraud. Knowing some basics and being vigilant can keep you and your money safe from scammers.
Prevent Identity Theft
Identity theft can take many forms and can impact your bank account and your credit score. Take steps to secure your personal information in both online and real-world transactions.
- Keep your browser secure: To guard your online transactions, use encryption software that scrambles information you send over the Internet. A “lock” icon on the status bar of your internet browser means your information will be safe when it’s transmitted. Look for the lock before you send personal or financial information online.
- Keep Passwords Private: Know whom you share your information with. Store and dispose of your personal information securely.
- Be Alert to Impersonators: Know who is getting your personal or financial information. Don’t give out personal information on the phone, through the mail or over the internet unless you’ve initiated the contact or know who you’re dealing with.
- Say You Will Contact Them: Do not click on links in an email. Instead, type the company name into your web browser, go to their site, and contact them through customer service. Or, call the customer service number listed on your account statement. Ask whether the company really sent a request.
- Encrypt Your Data: Be creative. Think of a special phrase and use the first letter of each word as your password. Substitute numbers for some words or letters. For example, “I want to see the Pacific Ocean” could become 1W2CtPo.
- Be Wise About Wi-Fi: Before you send personal information over your laptop or smartphone on a public wireless network, see if your information will be protected. If you use an encrypted website, it protects only the information you send to and from that site. If you use a secure wireless network, all the information you send on that network is protected.
- Lock Up Your Laptop: Keep financial information on your laptop only when necessary. Don’t use an automatic login feature that saves your user name and password, and always log off when you’re finished. That way, if your laptop is stolen, it will be harder for a thief to get at your personal information.
- Don’t Overshare on Social Networking Sites: An identity thief can find information about your life, use it to answer ‘challenge’ questions on your accounts, and get access to your money and personal information. Consider limiting access to your networking page to a small group of people. Never post your full name, Social Security number, address, phone number, or account numbers in publicly accessible sites.
- Wipe Your Memories: Before you dispose of a computer, get rid of all the personal information it stores. Use a wipe utility program to overwrite the entire hard drive. Before you dispose of a mobile device, delete information permanently, after transferring it to your new device. Remove the memory or subscriber identity module (SIM) card and delete your phone book, lists of calls made and received, voicemails, messages sent and received, organizer folders, web search history, and photos.
- Secure sensitive paperwork: Lock your financial documents and records in a safe place at home, and lock your wallet or purse in a safe place at work. Keep your information secure from roommates or workers who come into your home.
- Limit what you carry: When you go out, take only the identification, credit, and debit cards you need. Leave your Social Security card at home. Make a copy of your Medicare card and black out all but the last four digits on the copy. Carry the copy with you — unless you are going to use your card at the doctor’s office.
- Be stingy with information: Before you share information, such as your Social Security number, at your workplace, a business, your child's school, or a doctor's office, ask why they need it, how they will safeguard it, and the consequences of not sharing.
- Don’t leave a paper trail: Shred receipts, credit offers, credit applications, insurance forms, physician statements, checks, bank statements, expired charge cards, and similar documents when you don’t need them any longer.
- Guard your health records: Destroy the labels on prescription bottles before you throw them out. Don’t share your health plan information with anyone who offers free health services or products.
- Secure your mail: Take outgoing mail to post office collection boxes or the post office. Promptly remove mail that arrives in your mailbox. If you won’t be home for several days, request a vacation hold on your mail. When you order new checks, don’t have them mailed to your home, unless you have a secure mailbox with a lock.
Fraud and Identity Theft Reporting
Did you find a strange transaction on your card statement or receive medical bills for a doctor you never visited? If you suspect you're a victim of identity theft, find out what to do next and how we can help you prevent any further damage.
If you suspect that you have been a victim of identity theft or another scam, the first step is to put a fraud alert on your credit file with all three credit-reporting agencies – Experian, Equifax, and TransUnion. Placing a fraud alert is free. The initial fraud alert stays on your credit report for 90 days. Record the dates you communicate with the credit reporting agencies and keep copies of your correspondence on file. If needed, you can renew the alert after 90 days.
After you place a fraud alert on your credit reports, you are entitled to one free copy of your credit report from each credit reporting company. Read the reports; check to see if your name, address, Social Security number, accounts, and other information are correct.
An Identity Theft Report will help you resolve problems with credit reporting companies, debt collectors, and businesses that allowed the identity thief to open new accounts in your name. The Report can help you:
- Get fraudulent information permanently removed from your credit report
- Prevent a company from collecting debts that result from identity theft or selling the debts to others for collection
- Get an extended fraud alert put on your credit report
If the report shows accounts you did not open or debts that are not yours, contact the credit reporting companies to report the fraud and have them corrected. You may want to contact the security or fraud department of each company where an account was misused or opened without your permission, too. Ask the company to send you proof that they corrected or closed the problem accounts.
File an identity theft complaint with the FTC online at http://ftc.gov/idtheft or by phone at 1.877.438.4338. Take your completed FTC identity theft affidavit to your local police, or the police where the theft occurred, to file a police report. Get a copy of the police report or the report number. Your FTC identity theft affidavit plus your police report makes an Identity Theft Report. Send copies to companies where you report fraud. Ask them to remove or correct fraudulent information in your accounts.
While some fraud involves outright stealing information from victims, other scams involve playing on the emotions or needs of the victims to obtain information, access, or cash. These types of scams can be harder both to identify and to admit, but education and knowledge can help you avoid these types of scams altogether, or to get out quickly and minimize damage if you suspect you are being scammed.
Scammers may prey on loneliness, joblessness, sympathy, your desire to help others, your own desperation, or even love to bilk you out of your money.
If you even suspect you are being scammed, go to the authorities and ask for help.
People looking for a job are easy targets for scammers who know job seekers may be in a desperate situation. Scammers advertise where real employers and job placement firms do, making promises about employment, bonuses, and other quick fixes. However, virtually all of them ask you to pay for something up front before you get the job.
- You need to pay to get the job: They may say they’ve got a job waiting, or guarantee to place you in a job, if you just pay a fee for certification, training materials, or the expenses of placing you with a company. Employers and employment firms shouldn’t ask you to pay for the promise of a job.
- You need to supply your credit card or bank account information: Don't give out your credit card or bank account information over the phone to a company unless you're familiar with them and have agreed to pay for something. Anyone who has your account information can use it.
- The ad is for "previously undisclosed" federal government jobs: Information about available federal jobs is free on usajobs.gov.
- Work-at-home, “work online,” or other home-based businesses or jobs may ask for money for supplies or training upfront. If you do actually work, they may not pay you once the work is done or it may be another whole process to get paid.
- Research any company thoroughly before accepting a job offer or becoming involved in a business.
- Get all details in writing.
- Avoid cash on delivery or money order requests for payment from job “opportunities.”
If you’ve been targeted by a job scam:
File a complaint with the FTC.
For problems with an employment service firm:
Contact the appropriate state licensing board (if these firms must be licensed in your state), your state Attorney General, and your local consumer protection agency.
You're looking for love, but what you get is a criminal. Dating scammers look for victims through dating sites, chat rooms, and social media. They may claim to be Americans traveling or working abroad. In reality, they often live overseas. The most common targets are women over 40 who are divorced, widowed, and/or disabled, but every age group and demographic is at risk. It has become one of the most common and lucrative scams, with victims losing tens of millions of dollars each year, because the criminal gangs behind these scams are very skilled at manipulation.
A scammer will appear to be someone interested in making a genuine connection, and will have a profile and a backstory to support their claims. Communication may continue for weeks or even months as they work to make victims form an emotional bond before they ask the victim for a favor – to cash a check, forward a package, or send cash to help out in a sudden emergency.
The FBI offers these hints that your online “date” may only be interested in your money:
- Presses you to leave the dating website you met through and to communicate using personal e-mail or instant messaging.
- Professes instant feelings of love.
- Sends you a photograph of himself or herself that looks like something from a glamour magazine.
- Claims to be from the U.S. and is traveling or working overseas.
- Makes plans to visit you but is then unable to do so because of a tragic event.
- Asks for money for a variety of reasons (travel, medical emergencies, hotel bills, hospitals bills for child or other relative, visas or other official documents, losses from a financial setback or crime victimization.)
- Writes in unusual or broken English with strange grammar and poor spelling. The tone and voice may change between messages, which can be a sign that the communications are from different writers.
Do not cash checks, forward packages, send cash, or give account numbers to people you have only met online. Ask the people you trust to help you assess a situation that seems fishy or “too good to be true,” and listen to their advice. Don’t be embarrassed if you are caught up in a dating scam – ask for help and report the crime quickly.
The FBI strongly recommends reporting a dating scam or any other online scam with the Internet Crime Complaint Center (www.ic3.gov). Before forwarding the complaints to the appropriate agencies, IC3 collates and analyzes the data—looking for common threads that could link complaints together and help identify the culprits. This helps keep everyone safe.
Money transfers are virtually the same as sending cash — there are no protections for the sender.
By using money transfers, criminals can quickly get their hands on your cash – and often get away before you realize you’ve been cheated. It is almost impossible to reverse a money transfer or trace it. When you wire money to another country, the recipient can pick it up at multiple locations, making it nearly impossible to identify them or track them down. The receiving agents of the money transfer company might be part of the scheme. Many schemes involve money transfers through companies like Western Union and MoneyGram.
Safe money transfer guidelines from the Federal Trade Commission (FTC) state that you should never wire money to:
- A stranger — in this country or anywhere else.
- Someone claiming to be a relative in a crisis — and who wants to keep their request for money a secret.
- Someone who says a money transfer is the only form of payment that’s acceptable.
- Someone who asks you to deposit a check and send some or all of the money back.
Counterfeit Check Scams – Someone sends you a check and asks you to cash it and wire them the money. Sometines they say you can keep a certain percentage. But the check is fake, and when it is found out, the money will come out of your account. This type of transfer scam can take a variety of forms:
- Sweepstakes or lottery: If someone is offering you money for nothing, because they claim you won a lottery or sweepstakes, for example, it’s too good to be true. Do not deposit a cashier’s check and wire money to an unknown party.
- Check overpayment: Scammers will sometimes hide a fake transaction with a real transaction. For example, someone offers to buy something long distance and sends you a check. But the check is greater than the amount of the sale, and they want you to wire back the extra cash. If the check bounces, which it likely will, you are out of luck and out your money.
- Service test: Someone hires you to test the services at a money transfer company. After you deposit a check you have been given and wire the money, no one collects your evaluation of the services. The check you deposited bounces and you are responsible for the money you withdrew.
- Online buying: If you are buying something online and the seller insists on a money transfer as the only form of payment, consider it a red flag. Use a credit card, a trusted escrow service, or another way to pay.
- Advance Fee Loans: If you have to wire money for the promise of a loan or credit card, it’s likely you’re dealing with a scam artist.
- Family Emergency Scams: If you get a call from a family member for a secret, emergency money transfer, think twice. Take the time to check it out and independently verify the person’s situation and location. If you are concerned and can’t ignore the request, try to verify the caller’s identity by asking very personal questions a stranger couldn’t possibly answer. Keep trying to reach the family to check out the story.
- Apartment Rental Scams: Don’t transfer money to someone you haven’t met for an apartment you haven’t seen. It can be challenging to move , especially long distances, and scammers know it. They will ask you for an application fee or deposit on a fake rental listing.
If you’ve wired money to a scam artist, call the money transfer company immediately to report the fraud and file a complaint. You can reach the complaint department of MoneyGram at 1.800.MONEYGRAM (1-800-666-3947) or Western Union at 1.800.448.1492. Ask for the money transfer to be reversed. It’s unlikely to happen, but it’s important to ask. Then, file a complaint with the FTC.
The promise of no interest, low payments, and consolidated debt can be hard to resist when you are juggling high-interest balances and payments. But if someone says they can reduce or eliminate your debt for a fee, chances are it is a scam.
The Federal Trade Commission (FTC) offers these signs that a company that promises to help you manage your debt may not be on the up and up. Avoid any organization that:
- Charges fees before it settles your debts.
- Guarantees it can make your unsecured debt go away.
- Tells you it can stop all debt collection calls and lawsuits.
- Won’t send you free information about its services unless you provide personal and financial information, like your credit card and bank account numbers.
- Contacts you through an unsolicited, pre-recorded sales call.
- Asks for your credit card, bank account or Social Security numbers, or any other personal information with telemarketers who call you out of the blue.
You can work on managing your debt by talking with a credit counseling organization. A reputable credit-counseling agency should send you free information about its services without requiring you to give details about your situation or pay any money before they provide services.
A scammer may decide the easiest way to get the information they want is to simply ask you for it while posing as a company, government agency, or even a non-profit. This practice is known as phishing. Scammers gain your trust by looking official – perhaps even using familiar logos and email formats that look like genuine correspondence. They may try to frighten you with warnings about fines, disruption of services, closing accounts, or even by saying your accounts have been hacked.
The senders are phishing for your information so they can use it to commit fraud. Area codes can mislead, too. Some scammers ask you to call a phone number to update your account or access a "refund." It can seem secure, but a local area code doesn’t guarantee that the caller is local.
- Delete email and text messages that ask you to confirm or provide personal information (credit card and bank account numbers, Social Security numbers, passwords, etc.). Legitimate companies don't ask for this information via email or text.
- Don’t reply, and don’t click on links or call phone numbers provided in the message, either. These messages direct you to spoof sites – sites that look real but whose purpose is to steal your information so a scammer can run up bills or commit crimes in your name.
- If you’re concerned about your account or need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card.
- Use trusted security software and set it to update automatically. In addition, use these computer security practices.
- Don't email personal or financial information. Email is not a secure method of transmitting personal information.
- Only provide personal or financial information through an organization's website if you typed in the web address yourself and you see signals that the site is secure, like a URL that begins https (the "s" stands for secure). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
- Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call to confirm your billing address and account balances.
- Be cautious about opening attachments and downloading files from emails, regardless of who sent them. These files can contain viruses or other malware that can weaken your computer's security.
Forward phishing emails to firstname.lastname@example.org – and to the company, bank, or organization impersonated in the email. You also may report phishing email to email@example.com. The Anti-Phishing Working Group, a group of ISPs, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing.
File A Complaint With The FTC: File an identity theft complaint with the FTC online at http://ftc.gov/idtheft or by phone at 1.877.438.4338. Take your completed FTC identity theft affidavit to your local police, or the police where the theft occurred, to file a police report. Get a copy of the police report or the report number. Your FTC identity theft affidavit plus your police report makes an Identity Theft Report. Send copies to companies where you report fraud. Ask them to remove or correct fraudulent information in your accounts.
You might have heard about online "phishing" scams designed to steal money from unsuspecting Web users, but now criminals are using a phone scam called "vishing" to commit the same crimes. The term comes from combining "voice" with "phishing."
Attackers make it look like calls are coming from a legitimate or known phone number. They may ask people to provide credit card numbers, PIN codes, and/or Social Security numbers to verify their account or they provide another number where the consumer is to call to provide account details.
Be aware: Consumers need to know that these scams exist. To find out more information, go to the FTC Website.
Be suspicious of all unknown callers: People should be just as suspicious of phone calls as they are of e-mails asking for personal information. Let calls from unknown callers go to voicemail.
Don't trust caller ID: Just because your caller ID displays a phone number or name of a legitimate company, it doesn't guarantee the call is really coming from that company.
Ask questions: If someone is trying to sell you something or asking for your personal or financial information, ask them to identify who they work for, and then check them out to see if they are legitimate.
Call them back: Tell them you will call them back and then either verify the company is legitimate, or if it's a bank or credit card company, call them back using a number from your bill or your card.
Guard your information: Never provide credit card information or other private information to anyone who calls you.
Do Not Call Registry: Register your number with the National Do Not Call registry at donotcall.gov. If you are on the list and get a call from a supposed telemarketer, that could be a tip that the offer is bogus.
Report incidents: Report vishing calls to www.ftc.gov or call 1.888.382.1222. If you think you've been a victim of a vishing attack you, can also contact, the Internet Crime Complaint Center.
Scam artists try to trick people into clicking on links that will download malware and spyware to their computers.
Keep your security software updated. At a minimum, your computer should have anti-virus and anti-spyware software, and a firewall. Set your security software, Internet browser, and operating system (like Windows or Mac OS) to update automatically.
Instead of clicking on a link in an email, type the URL of the site you want directly into your browser. Criminals send emails that appear to be from companies you know and trust. The links may look legitimate, but clicking on them could download malware or send you to a spoof site designed to steal your personal information.
Don’t open attachments in emails unless you know who sent it and what it is. Opening attachments — even in emails that seem to be from friends or family — can install malware on your computer.
Download and install software only from websites you know and trust. Downloading free games, file-sharing programs, and customized toolbars may sound appealing, but free software can come with malware.
Minimize "drive-by" downloads. Make sure your browser security setting is high enough to detect unauthorized downloads. For Internet Explorer, for example, use the "medium" setting at a minimum.
Use a pop-up blocker and don't click on any links within pop-ups. If you do, you may install malware on your computer. Close pop-up windows by clicking on the "X" in the title bar.
Resist buying software in response to unexpected pop-up messages or emails, especially ads that claim to have scanned your computer and detected malware. That's a tactic scammers use to spread malware.
Talk about safe computing. Tell your kids that some online actions can put the computer at risk: clicking on pop-ups, downloading "free" games or programs, opening chain emails, or posting personal information.
Back up your data regularly. Whether it's text files or photos that are important to you, back up any data that you'd want to keep in case your computer crashes.
Monitor your computer for unusual behavior. Your computer may be infected with malware if it:
- Slows down, crashes, or displays repeated error messages
- Won't shut down or restart
- Serves up a barrage of pop-ups
- Displays web pages you didn't intend to visit, or sends emails you didn't write
- Displays new and unexpected toolbars, icons or shortcuts
- Suddenly or repeatedly changes in your computer's internet home page
- Loses its charge quicker than normal (for laptops)
If you suspect there is malware on your computer, take these steps:
- Stop shopping, banking, and doing other online activities that involve user names, passwords, or other sensitive information.
- Update your security software, and then run it to scan your computer for viruses and spyware.
- If your computer is covered by a warranty that offers free tech support, contact the manufacturer. Before you call, write down the model and serial number of your computer, the name of any software you've installed, and a short description of the problem.
- Many companies – including some affiliated with retail stores – offer tech support on the phone, online, at their store, and in your home.
Important Fraud-Prevention Resources
Anti-Phishing Working Group: www.antiphishing.org
Department of Motor Vehicles (DMV): www.dmv.org
Federal Trade Commission: www.ftc.gov
Internet Crime Complaint Center (IC3): www.ic3.gov
Opt out of credit and insurance offers by mail: www.optoutprescreen.com
Postal Inspection Service: www.usps.com
Social Security Fraud Hotline: 1.800.269.0271
Contact the Three Major Credit Bureaus
You can request a copy of your credit report to look for fraudulent activity. Make sure all of your account and contact information is accurate.