It is almost a cliche these days. The Nigerian scammers offering to deposit a few hundred thousand in your account if you just provide your bank account information. The problem is while these scams are on the unsophisticated side of the scale, there are plenty of financial scams which tilt more sophisticated that you need to avoid. So what can you do about financial scammers?
Financial Fraud is Prevalent
According to study by the New Javelin Strategy and Research group in 2016 over $16 billion dollars was taken via identity fraud. Moreover more than 15.4 Million US people were impacted. Financial fraud is big business and needless to say if it is impacting 15 Million people it’s often more sophisticated than simply a badly written email about a Nigerian Princess.
The IRS and Financial Scammers
I have observed some of these common financial frauds recently. One common example was a financial scammer calling a coworker and pretending to be the IRS. They told him if he did not wire them money within 24 hours he would be arrested. Thankfully he was wise enough not to take the bait and instead reported the incident (the IRS does not correspond via phone and they certainly will not arrest you if you do not respond in 24 hours).
Another common financial scam these days is a simple email link coming from what appears to be a trusted source. Click the link on an email and it will lock your computer. Often referred too as ransomware, they lock your computer and your files down until you provide them with a release fee. There is a common theme here. These financial scams pray on peoples fears and pretend to be trusted sources. So what is the solution?
Solutions to Keep the Financial Scammers at Bay
- The easiest and most common form of financial scam involves something called fishing. Essentially someone will call or email you and attempt to elicit some private data from you in order to exploit a weakness. This could be the password to a key account, a social security number, or even your birthday. Any time someone calls you that you do not personally know, for anything financial, you need to validate whom they are. Ask for a call back number and name. Go online and validate the phone number belongs to the organization or company. Then call them back. You should never provide any important identity information without first doing so.
- With emails first check their source. You can do so by first checking the from address. The first sign of problems would be if the email from does not have the name of the organization on that latter part of the address. For example Amex.com is likely American Express. But Amex.someurl.com is likely a financial scam. The thing is this is a first line of defense. With access to an email server you can technically spoof any email address. Without much knowledge at all you can make any email look like it came from someone else.
- Furthermore, email is one of the least secure means of communication on the internet. This is why if you do financial business via email you will likely receive the information via an encrypted attachment. It is relatively trivial to sit a machine between the sender and receiver of an email and read the email. Never trust important information to email unless it is encrypted in some way. Also never click a link on an email that is not from a trusted source, written in proper english, and within what you would normally expect from the sender. If it is out of the ordinary contact the sender via other means and validate. This should include looking up contact methods via other sources.
- It is also a relatively trivial task to spoof a website. The way you get to a website is via a server using something called Domain Name Servers (DNS). DNS essentially tells your computer where to navigate too when you type in a web address. The problem of course is someone can inject incorrect routing into the DNS server which can send you to their server instead of your destination. So whenever you visit a page with financial data you need to validate the site. Thankfully the Internet provides such a capability with secure certificates. If you go to a financial site you should see a lock somewhere on your browser. Click that lock and you can view the certificate from a trusted source validating the site is who they say they are. Make sure to click the link and actually check the certificate as there have been a number of well publicized browser bugs in the last few years which have allowed a fake lock to appear. However the certificate itself is hard to spoof since it is encrypted. After checking a few times you will get a feel for whom are the correct certificate providers for your site. Check it each time you visit the site.
- Consider asking your financial service provider for multi factor identification. Multi-factor identification typically means you need both the password for an account and some other sort of identification to get into an account. Most major brokerage and financial houses offer this service for free. For example you might have a little dongle where you copy a number and your password into a site for login. Or you might have something that messages your phone with a number to type in with your password. Without both pieces of information you cannot log in. This limits the likelihood of being caught via a spoofed website in the middle or other password stealing mechanism. A note, it is preferable to utilize an app for the second factor rather than a phone. Recently hackers have been social engineering phone companies to port numbers to gain access to financial accounts.
- Even with multi-factor identification you should always choose goods passwords for your site. What are good passwords? Something not easily guessed either with base information about you or overused as a password by others. You can find a list of some of the common overused passwords here. In general do not use passwords like the word password or 12345.
- When dealing with automated credit card machines check if the reader has been tampered with. For example at a gas station or ATM, if the reader looks sketchy do not use it. It is another fairly trivial activity to attach a skimmer to a card reader which reads your card data and relays it to an observer. Especially with bank accounts I also recommend covering the key pad when you enter a pin. It is common for ATM skimmers to include a video camera to capture your pin and the card reader to grab your card at the same time.
- Keep an eye on your credit report and accounts. No matter how diligent you are with the above, it is still possible you could be a financial fraud victim. Things like a waiter skimming your credit card, the retailer you do business with being hacked, or any number of other things can still result in you getting financially scammed. The only way you can handle these is to monitor your accounts and be prepared to address the hopefully few issues that still slip through. There is no such thing as a hack proof system, only one that is more difficult to hack.
- Finally I recommend using accounts with built in fraud protection. For example the fraud protection is stronger with a credit card then a debit card. By default with the credit card liability maxes out at 50 dollars. Liability on a debit card is determined based on how soon after the fraud you report the incident. This is another reason to keep an eye on accounts if you choose to use debit cards, though I’d just prefer to stick to credit.
Hopefully this helps you in route to doing a better job protecting yourself from financial scammers. Remember though you may not be the only one. Others in your family, especially the elderly can be an easier mark. Where possible keep an eye on the elder members of your households accounts and finances. Where possible also try to educate them about these risks.
Have you been the victim of a financial scam?