Fraud Archives - SRI Federal Credit Union

Beware of Bitcoin ATM Scams: What You Need to Know to Stay Safe

As technology evolves, so do the ways scammers try to take advantage of unsuspecting victims. One of the latest tactics involves Bitcoin ATMs—machines that let users buy cryptocurrency using cash or debit cards. While legitimate Bitcoin ATMs exist, scammers have found ways to exploit them to steal money from innocent people.

At SRI Federal Credit Union, protecting our members from fraud is a top priority. Here’s what you need to know about these scams and how to stay safe.

How the Scam Works

Fraudsters often pose as trusted authorities, such as law enforcement, government agencies, or even your utility company. The scam usually follows a similar pattern:
You receive a call, text, or email claiming you owe money, have a fine, or need to make an urgent payment.
The scammer pressures you to withdraw cash immediately and deposit it into a Bitcoin ATM.
They provide a QR code or Bitcoin wallet address, instructing you to scan or enter it at the ATM to “make the payment.”
Once you send the money, it’s converted to cryptocurrency and transferred instantly, making it nearly impossible to recover.
Some scammers even pretend to be a friend or family member in distress, claiming they need your help right away.

Common Red Flags

Be alert for these warning signs:

You’re told to make an urgent payment to avoid arrest, disconnection, or other consequences.
The caller asks you to use a Bitcoin ATM, gift cards, or wire transfer.
You’re given a QR code or wallet address to “pay” someone.
You’re pressured to keep the transaction secret or told not to talk to your financial institution.
If any of these happen, stop immediately and contact SRI Federal Credit Union before sending money.

How to Protect Yourself

Never send money via Bitcoin ATMs to someone you don’t personally know.
Verify requests by contacting the organization directly using an official phone number or website.
Don’t trust caller ID; scammers can spoof real numbers.
Report suspicious calls or messages to the FTC (ftc.gov) or your local police department.
Educate family and friends, especially older adults, who are often targeted.

Tap Cards Are Here at SRI Federal Credit Union!

Big things are happening at SRI Federal Credit Union! We’re excited to announce that Tap Cards, also known as contactless payment cards, are now available for all SRIFCU Visa® Credit and Debit Cards. This means every member can now enjoy a faster, easier, and more secure checkout experience with just a simple tap.

Posted in Accounts, Fraud, Hello World, Loans, Uncategorized

Fraud Alert: Scammers Posing as U.S. Marshals

At SRI Federal Credit Union, protecting our members from fraud is always a top priority. We are alerting you to a new phone scam that has been reported in our community.

Posted in Financial Literacy, Fraud, Hello World

don't get caught up in an overpayment sacm!

All You Need to Know About Overpayment Scams

Great news – you’ve just received a check, and you’ve been overpaid! But there’s a catch: the check writer wants you to send the surplus back to them. Unfortunately, though, if you follow these directions, you’ll be buying right into a scam.

Overpayment scams are fairly common, and for the unaware, they can be difficult to spot. Let’s take a look at these scams and what you need to know to avoid falling victim to these ruses.

What is an overpayment scam?

In an overpayment scam, fraudsters target an individual who’s selling a large item online, such as a car. The scammer will reach out to the seller, offering to buy their car for more than the asking price. Then, they’ll send the seller payment in the mail.

At this point, the seller is thrilled. But, when the check comes, it brings with it a surprise – they’ve been overpaid. Soon after, the alleged buyer contacts the seller to ask them to refund the surplus. The seller may think it’s strange, but they comply, not wanting to keep money that isn’t theirs. The next thing they know, the original check hasn’t cleared and they realize they’ve been scammed. Not only have they not been paid for the purchase they believed the check writer was buying, but they’ve also lost the money they’ve sent back to the scammer.

Red flags

When selling an item on an online platform, look out for these red flags, which can alert you to a possible overpayment scam:

You’re offered more than your asking price for an item you’re selling online.
You get paid more than you’re owed for an item you’re selling.
You’re urged to act quickly and take up a buyer on an offer or risk having them pull the offer off the table.
You’re asked to refund an overpayment via wire transfer or prepaid debit card.

If you encounter any of these red flags while trying to sell an item online, do not engage with the “buyer.” Block their email address and mark it as spam to avoid further contact from the scammer. You may also want to report them to the platform you’re selling the item on to help stop them from reaching out to others.

How to avoid overpayment scams

The FTC offers the following tips for avoiding overpayment scams when selling online:

Always know who your buyer is. Confirm the buyer’s name, street address and telephone number independently.
Never accept payment for more than your selling price.
Never agree to finalize a transaction until the buyer’s check has completely cleared. This can take several days.
Never agree to wire funds back to a buyer.
Don’t be tempted by offers that urge you to “act now.” If a buyer is offering you a price that seems too good to be true, it may just be a scam. Slow down, and research the buyer thoroughly before reaching any agreements.
It’s best not to accept payment by a check from an unknown buyer.
If you do accept payment by check, ask for a check that’s associated with a local bank, or a bank with a local branch. This way, you can visit the bank to determine if the check is authentic. If you cannot get a check from a local bank, ask for the bank’s phone number and call it to verify its validity.
If cash is not an option and you want to avoid checks, consider an alternative method of payment, such as an escrow service or online payment service. If the buyer wants to use a service with which you are not familiar, verify its legitimacy before agreeing to accept payment from this service. You can research its website, customer service hotline, read its customer reviews and more.

If you’ve been targeted

If you believe you’ve been targeted by an overpayment scam, there are steps you can take to mitigate the damage.

First, report the scam to your financial institution, as they may be able to reverse the payment. Next, alert the FTC at ftc.gov so they can do their part in catching the criminals. Finally, you can let your local law enforcement agencies know about the scam and warn your friends and family about it as well.

Don’t get caught in an overpayment scam! Use this guide to stay safe.

Posted in Financial Literacy, Fraud, Hello World

Protecting Our Members After the NationalPublicData.com Breach

In today’s digital landscape, data breaches have become all too common. The most recent incident involves a hacker known as “USDoD,” who allegedly breached the systems of National Public Data, a company that aggregates data to provide background checks. This breach, which is believed to have started in or around April 2024, resulted in the theft of personal records that were later posted for sale and eventually released by other criminal groups onto the dark web.

As a credit union committed to the security and privacy of our members, we want to keep you informed about this incident and provide you with actionable steps to protect yourself from potential fraud and account takeovers.

Understanding the Breach

The breach at National Public Data exposed a significant amount of personal information. While this breach did not directly involve our credit union’s systems, the compromised data could still affect our members if their personal details were included. Currently, available information suggests that this breach involved personal information—such as names, addresses, contact information, and potentially Social Security numbers—not credit or debit card information. At this time, we do not believe card data was compromised in this event.

How This Could Affect You

Even though credit and debit card information was not compromised, the exposure of personal data still poses a risk. Cybercriminals may use this information to engage in identity theft, phishing scams, or account takeovers. They could impersonate you, gain unauthorized access to your accounts, or create new accounts in your name.

Steps to Protect Yourself

Monitor Your Accounts Regularly:
- Keep a close eye on your credit union accounts and any other financial accounts you may have. Look for any unfamiliar transactions or changes. If you notice anything suspicious, report it to us immediately.
Enable Two-Factor Authentication (2FA):
- Wherever possible, enable 2FA on your accounts. This extra layer of security requires you to verify your identity through a second method, such as a text message or an authentication app, making it harder for unauthorized users to access your accounts.
Update Your Passwords:
- Change your passwords, especially for any accounts associated with the email address or phone number potentially exposed in the breach. Use complex passwords that combine letters, numbers, and symbols, and avoid reusing passwords across different accounts.
Be Wary of Phishing Attempts:
- Be cautious of emails, texts, or calls that ask for personal information or prompt you to click on links. Fraudsters often use this information to trick you into giving away your credentials. Always verify the sender’s identity before responding.
Check Your Credit Reports:
- Regularly review your credit reports for any new accounts or inquiries you don’t recognize. You can obtain free credit reports annually from each of the three major credit bureaus at AnnualCreditReport.com.
Place a Fraud Alert or Credit Freeze:

Fraud Alert: A fraud alert is a warning placed on your credit report that tells creditors to take extra steps to verify your identity before issuing credit in your name. This can be particularly helpful if you believe your personal information may have been compromised, as it makes it harder for identity thieves to open new accounts.

How to Place a Fraud Alert:

- You can request a fraud alert by contacting any one of the three major credit bureaus (Equifax, Experian, TransUnion). Once you place the alert with one bureau, they are required to notify the other two, so your alert is added to all three of your credit reports.
- The initial fraud alert lasts for one year and can be renewed if necessary. You can also request an extended fraud alert, which lasts for seven years, if you have a police report or other documentation showing you’ve been a victim of identity theft.

Credit Freeze: A credit freeze (also known as a security freeze) is a more robust protection that locks your credit report, preventing creditors from accessing it entirely. This means that new credit accounts cannot be opened in your name while the freeze is in place. Unlike a fraud alert, a credit freeze does not expire and remains in place until you remove it.

How to Place a Credit Freeze:

- To place a credit freeze, you must contact each of the three major credit bureaus individually. Here’s how:
  - Equifax: Visit the Equifax website or call their automated line to request a freeze.
  - Experian: You can place a freeze online through the Experian website or by phone.
  - TransUnion: TransUnion also allows you to freeze your credit via their website or by calling their support number.
- You will be provided with a PIN or password when you place the freeze. Keep this information secure, as you’ll need it to lift the freeze if you want to apply for credit in the future.
- It’s important to note that a credit freeze does not affect your existing accounts, nor does it prevent you from using your credit cards. It only stops new creditors from accessing your credit report.
Report Suspicious Activity:
- If you believe your identity has been compromised, report it immediately to the Federal Trade Commission (FTC) at IdentityTheft.gov. Also, contact your financial institutions to notify them of the potential fraud.

Our Commitment to Your Security

At SRI Federal Credit Union, your security is our top priority. We are continuously monitoring our systems and taking proactive measures to protect your accounts. We also encourage you to take these precautions to safeguard your personal information. If you have any questions or concerns, please do not hesitate to reach out to our member services team.

Together, we can protect your financial well-being and maintain the trust you’ve placed in us.

Posted in Financial Literacy, Fraud, Hello World

All You Need to Know About One-Time Password Scams

One-time passwords (OTPs) are a crucial security feature in our digital age by offering an extra layer of protection for online transactions and account logins. Unfortunately, though, scammers often try to hijack these codes to steal sensitive information, money, or both.

Here’s what you need to know about one-time password scams and how to avoid them.

What is a one-time password scam?

One-time password (OTP) scams are designed to trick individuals into sharing their OTPs, which scammers then use to gain unauthorized access to accounts. Here are the various ways these scams go down:

Phishing scams. Here, cybercriminals send fake emails or text messages that appear to be from legitimate sources, such as credit unions or banks, online retailers, or social media platforms. These messages often contain urgent requests to verify your account or resolve an issue, prompting you to enter your OTP on a fraudulent website.
Vishing (voice phishing). In this scam, scammers call victims pretending to be from a reputable organization, such as a bank or government agency. They may claim suspicious activity on your account and request your OTP to secure your account, exploiting your trust and urgency.
Man-in-the-middle attacks. In this method, attackers intercept communications between you and a legitimate service provider. When you request the OTP, an attacker captures it and uses it to gain access to your account.
Social engineering. Scammers use psychological manipulation to trick you into revealing your OTP. They may impersonate friends, family, or colleagues, convincing you that sharing the OTP is necessary for a legitimate purpose.

Whichever method is deployed in an attempt to steal your OTP, the scammer will then use it to access your accounts and possibly steal your identity

Red flags

Avoid falling victim to a one-time password scam by watching out for these red flags:

Unexpected requests. Be cautious of unsolicited messages or calls asking for your OTP. Legitimate organizations typically won’t ask for your OTP unless you’re actively engaged in a transaction or login process.
Urgency and threats. Scammers often create a sense of urgency, claiming that immediate action is required to prevent account suspension or fraud. For example, a text message allegedly sent from your financial institution may claim you have 10 seconds to input the one-time password to verify your account. This tactic can make you act without thinking.
Unusual sender information. Check the sender’s email address or phone number carefully. Often, scammers use addresses or numbers that are slightly altered versions of legitimate ones.
Suspicious links. Hover over links in emails or messages to see the actual URL before clicking. Be wary of links that don’t match the official website of the organization they’re purportedly from.
Generic greetings and language. Scammers often use generic greetings like “Dear Customer” to send out mass emails. Their missives also tend to have spelling or grammatical errors. Legitimate communications are usually more personalized, professional, and proofread.

Protect yourself

Staying safe from OTP scams requires vigilance and adopting best practices for online security. Here are some steps you can take:

Never share your OTP. Treat your OTP like your password — never share it with anyone, even if they claim to be from a trusted organization.
Verify the source. If you receive a request for your OTP, verify the legitimacy of the request by contacting the organization directly using a known and trusted communication method.
Use multi-factor authentication (MFA). Whenever possible, enable MFA on your accounts. MFA typically involves a combination of something you know (password) and something you have (OTP), providing an additional layer of security.
Be wary of links. Avoid clicking on links in unsolicited emails or text messages. Instead, navigate to the organization’s official website directly through your browser.
Install security software. Use antivirus and anti-malware software on your devices to help detect and prevent phishing and other cyber threats.
Educate yourself and others. Stay informed about the latest scam tactics and share this knowledge with friends and family, especially those who may be less tech-savvy.

If you’ve been targeted

If you believe you’ve been scammed and/or have shared your OTP, take immediate action.

First, change the passwords on all affected accounts and those that have similar login credentials. Next, inform the host organization of the account that it’s been compromised. They can help secure your account and guide you on additional steps to take. Monitor your accounts in the ensuing weeks and months, keeping a close eye on your financial statements and account activity for any unauthorized transactions. Finally, file a report with your local consumer protection agency, the Federal Trade Commission (FTC), and the Internet Crime Complaint Center (IC3).

You may also want to consider identity theft protection at this time if sensitive information was compromised.

One-time password scams can be difficult to spot and wreak massive damage. Use this guide to learn about one-time password scams and how to prevent yourself from falling victim.

Stay safe!

Posted in Financial Literacy, Fraud, Hello World

All You Need to Know About Pig-Butchering Scams Category: Scams: Phishing Scams

You may have received a text or chat message in recent months about an attractive-looking investment opportunity. The message may have seemed to be sent mistakenly, but it’s all too real. In fact, it’s likely a pig-butchering scam.

Let’s take a look at these prevalent scams and how you can avoid falling victim.

What is a pig-butchering scam?

“Pig butchering” refers to the practice of fattening up a hog before slaughter. This scam, which originated in China, has been spreading around the world since COVID.

In a pig-butchering scam, a fraudster creates a fake online persona, usually accompanied by an attractive photo and a luxurious lifestyle that is showcased in more photos to flesh out their story. Then they’ll initiate contact with a target on dating or other social media platforms, pretending to have reached out by mistake. Somehow, they’ll transition from there into a chat about the target’s life, family, work and more. To make themselves sound more believable, the scammer will invent details about their own life. They’ll use this to create a real rapport with the target until they’re actual friends, albeit with only a remote connection.

Next, the scammer will start dropping hints about a fabulous investment opportunity. They’ll brag about their own success with this investment, sometimes even sharing screenshots of an alleged brokerage account with handsome earnings. They’ll try persuading the victim to invest in this “opportunity” as well, building on their growing relationship, until the victim agrees to join in the supposed opportunity.

Once the victim agrees to go along with the investment, the scammer will offer to help them with the investing process. They may explain exactly how to wire money to a crypto wallet and, ultimately, to a bogus brokerage. Sometimes, they’ll recommend that the victim starts with a modest investment, which will soon show a (fabricated) gain. They may even allow the victim to withdraw some funds, which will convince the victim that the investment is genuine.

Here’s where things get really ugly. Once the faux trust has been established, and the pig has been good and fattened, the scammer will persuade the victim to invest heavily in this “stock”. The victim, sure it is a legitimate opportunity that will only show gains, is more than happy to do so. They will even sometimes pursue mortgaging their house to get in on this investment. Other victims have liquidated their retirement savings or taken out loans. The scammer will continue to put pressure on the victim, watching gleefully as they pour more and more of their savings into the alleged investment.

When the victim has sunk a significant amount of money into the investment, the scammer will suddenly disappear, leaving the victim with a useless “investment” and no way to recover their funds.

Red flags

Watch out for these red flags that can alert you to a possible pig-butchering scam:

An interaction that happens by “mistake” morphs into a real relationship, often a romantic one.
You’re offered the opportunity to get in on an investment that seems too good to be true.
You’re urged to act quickly to take advantage of an investing opportunity.
You’re asked to invest via a crypto wallet or an investment app.
An investment opportunity has inconsistent or vague details.
You find it difficult or impossible to cash in on your larger “investments.”

Stay safe

Don’t get butchered! Follow these tips to stay safe.

First, thoroughly research every investment opportunity before dropping any of your funds in it. Next, only use a registered and secure investment platform or app. Stay away from investments that guarantee quick, high returns and press you to act quickly. Be wary of any strangers who’ve contacted you “by mistake” and insist on pursuing the relationship. As with any scenario, never share your sensitive information with an unverified contact.

If you believe you’ve been targeted by a pig-butchering scam, alert the FTC and your local law enforcement agencies. Do not engage with the scammer and be sure to block their number and/or email address from your devices. Finally, let your friends know the scam is happening in your circle.

Stay safe!

Posted in Financial Literacy, Fraud, Hello World, Uncategorized

Don’t Get Caught in an Investment Scam!

Investment is rarely without risk. Nearly every investment option carries with it the possibility of loss. What many don’t realize though, is that in addition to the typical risks, investing also carries the danger of falling prey to an investment scam.

Investment scams can include promises of high return for minimal investments that never materialize, scammers posing as financial planners and offering useless – even harmful – advice for a hefty fee, and illegal securities offered as IRA investments. However, the most common investment scam is the Ponzi scheme.

Let’s take a closer look at this scam and how you can avoid falling victim.

What is a Ponzi scheme?

Named for the original pyramid scammer Charles Ponzi, a Ponzi scheme is simply a sophisticated way that scammers rob from Peter to pay Paul. The orchestrator of the scheme will promise high returns to investors, often through a fictitious investment opportunity or business venture. Instead of using investments to generate profit, though, the scammer uses these funds to pay returns to their earlier investors. This creates the illusion of a profitable enterprise. The scheme grows, with more investors joining, and the scammers at the top of the pyramid making the most money. Eventually, the entire house of cards comes toppling down, with investors losing significant amounts of money.

How to spot a Ponzi scheme

Look out for these key characteristics of a Ponzi scheme to ensure you don’t get caught:

Unrealistic returns: Ponzi schemes promise consistently high returns far exceeding market averages and legitimate investment opportunities. These exaggerated returns are often said to be “guaranteed” or “risk-free,” playing on investors’ desire for quick wealth.
Lack of transparency: Scammers operate Ponzi schemes with little to no transparency or accountability. They may provide vague or evasive explanations regarding the source of returns or underlying investment strategy, making it difficult for investors to assess the legitimacy of the opportunity.
Promises of exclusivity: Ponzi schemes often use tactics like exclusivity or invitation-only memberships to create a sense of privilege and allure among potential investors. By positioning the opportunity as limited or exclusive, scammers exploit investors’ fear of missing out (FOMO) to drive participation.
Pressure to recruit new investors: If an investment opportunity requires you to recruit friends and family members as new participants, you’ve likely stumbled upon a Ponzi scheme.
Unregistered or unlicensed operators: Verify the credentials of the individuals or entities offering the investment opportunity. Legitimate investment professionals and firms are registered or licensed with regulatory authorities and adhere to strict compliance standards
Lack of audited financial statements: Request audited financial statements or documentation verifying the legitimacy of every investment opportunity. Ponzi schemes generally lack verifiable financial records or provide falsified documentation to create the illusion of credibility.

Protect yourself from Ponzi schemes

Ponzi schemes are fairly common, but with a little bit of knowledge and awareness, you can protect yourself from falling victim. Here’s how to protect yourself from Ponzi schemes:

Research every investment opportunity. Be sure to find out everything you can about a possible new investment, including the background of the individuals or companies involved, the track record of the investment manager, and the legitimacy of the underlying investment strategy.
Seek independent advice. Consult with a trusted financial advisor or investment professional before making any investment decisions. An objective third party can help you assess the risks and potential returns of the investment opportunity.
Diversify your investments. Avoid putting all your eggs into one basket by diversifying your investment portfolio across different asset classes, industries, and geographical regions. Diversification helps mitigate risk and protect against potential losses from fraudulent schemes.
Stay informed. Stay vigilant and educate yourself about common investment scams and warning signs of fraudulent activity. Knowledge is your best defense against falling victim to Ponzi schemes and other financial frauds.

If you’ve been targeted

If you believe you’ve been targeted by a Ponzi scheme or investment fraud, report it to the appropriate authorities as soon as possible so they can do their part in apprehending the criminals. You can alert the Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority (FINRA) and the Federal Trade Commission (FTC) as well as your local law enforcement agencies.

Ponzi schemes and other investment scams prey on the universal desire for easy money, but the only beneficiaries from these ruses are the scammers at the top of the pyramid. Stay alert, and stay safe!

Posted in Financial Literacy, Fraud

Don’t Get Caught in an Emergency Scam!

It’s your grandson on the line and he’s in deep trouble! He’s telling you he’s been kidnapped for ransom, or perhaps he’s in trouble with the police and needs money for bail. Whatever the “emergency,” he’s asking you to wire money ASAP!

You may already be calculating how much you can send, but pause for a moment, because you’re likely being scammed. Here’s what you need to know about emergency scams and how to protect yourself.

How the scams play out

In an emergency scam, a target receives a phone call, email or text message allegedly from a close relative. The caller claims to have been caught in hot water, which can be anything from a kidnapping, an issue with the police, a car accident or even getting stuck overseas with no money. Sometimes, the call will include another party, such as the “kidnappers” or “police officers” who are supposedly involved in the emergency.

The caller will then ask the target to send over money as soon as possible using a wire transfer or prepaid debit card. They’ll also demand that this information not be shared with any other family members. They’ll claim to be embarrassed that they’ve gotten into this situation and ask that you honor their request to keep it quiet.

While emergency scams are commonly played out with a grandparent of an alleged caller, they can also target parents, uncles, aunts, and siblings of the “caller”. They may even call posing as a friend or old neighbor of the target in an attempt to lure them into the scam.

Unfortunately, if the target follows the directions of the caller and sends over money, these funds will go directly into the pockets of a scammer.

How emergency scams lure victims

If you’re reading the description of an emergency scam and thinking that no one could possibly fall for one of these ruses, think again. Scammers use several convincing methods to convince their targets that they are actually the callers they claim to be.

First, the scammer will troll the target’s social media pages to learn their name, home address, job details, date of birth, and any other details about their life. Sometimes, they’ll hack the target’s email account to get this information.

Next, scammers may pretend to be an “authority figure” who allegedly authenticates the caller’s story. They may pose as a lawyer, police officer, or even a doctor. Victims are often pulled into the scam when they hear an alleged authority figure on the call with their relative.

Finally, some scammers go the extra mile by using AI to clone the “caller’s” voice. They simply scrape an audio clip they find on the internet and then use a voice-cloning program to make the emergency sound legitimate, even though it never happened.

Red flags

Here are some signs that can alert you to the possibility of an emergency scam:

Your “relative” calls you to tell you about an emergency situation they’ve landed in, but they ask that you not share this information with any other family members.
You’re urged to act quickly.
You’re asked to send money via untraceable means, such as a wire transfer, prepaid gift card, or cryptocurrency.
You’re asked to share sensitive information over the phone.

Protect yourself

Follow these tips to keep yourself safe from emergency scams:

If a friend or family member calls you with an urgent request for funds, hang up and call them directly from a phone number they’ll recognize.
Never wire money or send a prepaid gift card to an unverified contact.
If you’re unsure whether a caller is actually your friend or family member, ask them questions about some of your shared memories to determine if the caller is actually who they claim to be.
Always be cautious and avoid acting rashly, regardless of the situation.
Don’t share your personal information with an unknown contact.
Don’t be afraid to share details of a phone call with other family members and friends, despite instructions not to do so.

Emergency scams play on the target’s emotions and assume they will act quickly to save their relative from a hairy situation. Stay calm and alert, and use the information here to avoid getting caught in an emergency scam.

Posted in Fraud, Hello World, Uncategorized

All You Need to Know About Spoofing Scams

Scammers have been at their game since time immemorial, but modern technology has weaponized them in new and dangerous ways. In particular, spoofing has become more sophisticated and difficult to spot. Let’s take a look at spoofing, how it works, and red flags that can alert you to a possible spoofing scam

What is spoofing?

Spoofing is the criminal act of disguising a communication from an unknown source to appear as if it’s being sent from a trusted and known contact. The ultimate goal of spoofing is to get the target to share their sensitive information and/or their money with the scammer. For example, a spoofer may pretend to represent a victim’s credit card company and lead them into sharing their account details.

Types of spoofing

Cybercriminals have a variety of ways to pull off their spoofing. Here are the more common forms:

Email spoofing

In email spoofing, an attacker sends an email message appearing to be from a known or trusted source. The emails typically include links to harmful websites or attachments that will infect the victim’s device with malware. Alternatively, the scammer may use social engineering to persuade the recipient to share sensitive information.

IP spoofing

In IP spoofing, an attacker tries to gain access to a system by sending messages via a bogus or spoofed IP address, which appears to be from a recognized, trusted source, such as one on the same internal computer network. The spoofed IP address will mask the true source, which is a third party that is out to infect the victim’s device with malware and steal their information.

Caller ID spoofing

Here, attackers make a phone call to a target that appears to be from a known caller. The scammer will often pose as the victim’s bank or credit union. The victim, believing they are speaking with a representative of their financial institution, will disclose their account information and even passwords, which can lead to the scammer emptying their accounts and/or stealing their identity. Sometimes, the scammer will provide the victim with a phone number to call, which will allegedly connect them with their bank or credit union. This number, of course, will only connect the victim to a scammer.

4. Facial spoofing

In this most recent form of spoofing, a scammer uses a photo or video of a target’s face to simulate their facial biometrics. This enables them to unlock accounts that can only be opened via facial recognition.

5. Website spoofing

In website spoofing, a scammer will create a bogus site that looks just like a reputable website that the victim often visits. Attackers will lure victims to this site for the purpose of stealing their login credentials and personal information.

Text-message spoofing

In this scam, also known as smishing, a victim will receive a text message on their personal device appearing to have been sent via a trusted source, such as the victim’s financial institution, place of work, or doctor’s office. The text will ask the victim to share personal information. They’ll often do so, mistakenly believing the sender of the text message to be who they claim to be.

Man-in-the-Middle (MitM) attacks

There are three players involved in MitM attacks: the victim, the party the victim is attempting to communicate with, and the “man in the middle”, otherwise known as the scammer who is intercepting the communications. In these spoofs, the scammer tries to eavesdrop on the interaction between the victim and the other party. Alternatively, they may try to impersonate the other party to get at the victim’s personal information.

Deepfakes and spoofing

Deepfakes is a relatively new and dangerous tool for spoofers. A deepfake is a fake image, video, or audio clip that has been edited to appear authentic. For example, a scammer may create a deepfake video using an image and audio recording of a celebrity and make it appear as if they are telling you to open a link or support a specific cause.

Scammers use deepfakes to trap victims and appear as if they represent a trusted source.

Protect yourself

Spoofing is a formidable danger for consumers across the economic spectrum, but with the right tools and knowledge, you can avoid falling victim to these scams. Here’s how to protect yourself from a spoofing attack:

Turn on your email’s spam filter and be sure to mark incoming emails that look suspicious as spam.
Use two-factor authentication and/or biometric logins when possible.
Use strong, unique passwords across all of your accounts.
Ensure your device’s security system is at its strongest setting and uses the most updated patches. If you haven’t already done so, it’s worthwhile to invest in robust security software.
Never click on links or open attachments that are sent from an unverified source.
Never share personal information online or over the phone with an unknown contact.
If you’re allegedly contacted by your financial institution and asked to provide your login credentials or account details to fix a supposed issue with your account, don’t respond. Instead, delete the message or abort the call and contact your bank or credit union directly to ask about any possible issues with your account.
Don’t take phone calls at face value, even with caller ID. If you suspect foul play, Google the phone number presented on the caller ID to see if it’s associated with scams.
Consider an app, like Hiya, that filters out known scammers, spoofers, and other nefarious numbers.
Opt to display file extensions in Windows. This will enable you to view any spoofed extensions so you can avoid opening malicious files.
Identify deepfakes by looking for small details that give them away. Zoom into the image or video to verify if the words and lip movements are in sync. Look for lip color that looks unnatural, unrealistic facial hair, exaggeratedly wrinkled or smooth skin, and non-existent moles.

Red flags

Look out for these red flags that can alert you to a possible spoofing attack:

Websites with a URL that is very similar to the URL of a reputable site.
Websites riddled with typos, unusual syntax, and spelling errors.
An alleged rep of your bank or credit union asks you to call a number that is not associated with your financial institution.
You’re asked to share your login credentials or account number with an unverified contact.
Familiar corporate branding, such as logos, colors, and call-to-action buttons within a message asking you to take an action that is not typical.

If you’ve been targeted

If you believe you’ve shared sensitive information with a scammer through a spoofing attack, there are steps you can take to mitigate the damage.

First, contact your financial institution to let them know about the attack. You may place a credit alert or a credit freeze on your accounts, making it difficult or impossible for a scammer to open a line of credit or take out a loan in your name. If you believe your identity has been stolen, check out identitytheft.gov to learn what your next step should be. Finally, change the passwords on all your accounts to protect them from further attacks.

Spoofing has gotten a lot more dangerous in recent years, but with proper awareness and basic protective measures, you can avoid getting scammed. Use the tips outlined here to stay safe.

Posted in Financial Literacy, Fraud, Hello World

Fraud

Beware of Bitcoin ATM Scams: What You Need to Know to Stay Safe

Tap Cards Are Here at SRI Federal Credit Union!

Why Tap Cards?

How to Get Your Tap Card

Stay Tuned

Fraud Alert: Scammers Posing as U.S. Marshals

How the Scam Works

What You Should Do

Protect Your Community

All You Need to Know About Overpayment Scams

Protecting Our Members After the NationalPublicData.com Breach

All You Need to Know About One-Time Password Scams

All You Need to Know About Pig-Butchering Scams Category: Scams: Phishing Scams

Don’t Get Caught in an Investment Scam!

Don’t Get Caught in an Emergency Scam!

All You Need to Know About Spoofing Scams