Suspicious Activity: How to Detect and Report It
Identity theft is on the rise. Each year, millions of Americans are affected by identity theft. And when the deed is done, their bank accounts are typically left with tumbleweeds.
With more than 1,500 data breaches in 20171, cybercriminals seem to be getting more effective at reaching their goal. However, our increasingly digital world requires that we move toward more digital finance. It’s a classic catch-22 situation.
Shrinking from the reality of modern banking by keeping your cash in a coffee can under the bed is not the answer. Instead, you can take steps to protect your information. Keep reading to find out how to spot suspicious financial activity before it turns you into a victim.
Identifying Suspicious Activity: What to Look For
The best way to avoid a scam is to spot it before it strikes your bank account. Although countless scammers will try to worm their way into your accounts, you can stop their endeavors by skillfully detecting suspicious activity.
The internet is a playground for scammers that want to steal your hard-earned money. Here are some common ways that scammers operate:
PAYMENT APP FRAUD
Payment apps can be useful tools to move money quickly. Splitting a meal with a friend or sending money to your roommate for rent is much easier with payment apps such as PayPal, Zelle, CashApp, and Venmo.
However, with the rise of this convenient method of payment has come a new scam tactic. Scammers can steal thousands of dollars through these apps within just a few minutes. Unfortunately, it is not guaranteed that you will be reimbursed for your loss.
There are a few different ways for a scammer to take advantage of payment apps:
- Unauthorized fund transfers. A thief can use your stolen information to transfer money out of your bank account through a payment app. They can obtain your credit card information and find other information they need through data breaches or card skimming. It is even possible that they will ask to “borrow” your phone in an emergency to “phone a friend” when in fact they are accessing your payment apps.
- Seller scams. If you are buying an item through a peer-to-peer marketplace on the internet, then it pays to be cautious. A thief can pose as the seller of an amazing item at a great price, like concert tickets at less than face value. Of course, it is tempting to buy the item but you should proceed with caution. Make sure that the listing is legit before making your purchase. Otherwise, you may never receive your item after sending over the money. If you frequently use Craigslist or Facebook Marketplace to score deals, then use caution. Try to have your item in hand before you send over the money.
- Buyer scams. As the seller of a good, you should be equally wary of payment apps. Even if the money appears in the balance of your payment app, you are not necessarily in the clear. The money may seem to be in your account but it is only on the assumption that the payment made will be processed soon. The thief can dispute the charge later to create a “chargeback” which will leave you without the payment.
One effective way to prevent both buyer and seller scams is to suggest meeting at the parking lot of your local police station. Typically, this helps to deter would-be scammers from picking you as a target.
Account takeover fraud is as simple as it sounds – the hacker literally takes over your account information. With that information, they can drain bank accounts or make obscenely large purchases with your credit card. There are many ways for scammers to obtain your account information. Here are a few of the most popular methods:
- Data Breaches. You likely heard about data breaches in the news when an Equifax breach left millions of people exposed. When a data breach occurs, it opens up your private information to scammers. With this information, criminals can infiltrate your accounts and impersonate you to steal your money.
- Card skimmers. Some scammers will steal your information through a credit card skimmer. These little devices are placed where shoppers insert a credit or debit card during a transaction. You can spot a skimmer by checking to see that the card reader does not wiggle or by checking the integrity of the security seal. Gas pumps closest to the store or cashier are often less easily fitted with a card skimmer.
- Trash. If you throw away financial statements, any thief can steal this information out of your trash. The best way to avoid this is by shredding all documents with important information.
- Changed mailing address. When you move to a new place, it is easy to forget to change your mailing address. If bills and bank statements still go to your old address, then you are vulnerable to fraud. Anyone could use your information to take over your financial accounts.
- Point of sale. Anytime you purchase something in-person or over the phone, the person handling your credit or debit card has an opportunity to steal your information. They simply need to scan the card or write the information down as they process your purchase.
Account takeover fraud can have significant financial consequences. Take action to prevent the theft of your own information.
Phishing, Vishing, and Smishing
Phishing, vishing, and smishing are different kinds of attempts to steal your personal information. Luckily, some of these attempts can be easy to stop if you know what you are looking for.
Phishing emails are an attempt to obtain your personal information through email. The fraudster will send you an email with a sense of urgency to prompt you into taking the bait. Here are some things that can help you spot fake emails.
- Do you know the sender? If you do not recognize the sender, then do not click any links or download attachments.
- Does the email sound suspicious? Even if you recognize the sender, ask yourself if this email is typical of the messages you usually receive from this sender. If not, call or text the person to find out if the email is legit before clicking any links or downloading attachments.
- Does it request personal information? If the email outright requests personal information, then you can easily classify it as a phishing attempt.
- Is there an attachment? If there is an attachment that you did not expect in the email, then confirm its content with the sender before opening it.
- Are the links legit? When you hover over the links within the email, do they take you to the correct place? If not, it is likely spam. You can head to the link that you know is correct directly through your browser to check out the potential request. For example, if “your bank” emails you about an account problem then you can go to the URL that you know is correct to find out more.
- Are there grammatical errors? If there are overt grammatical errors or typos, then proceed cautiously.
Vishing is another attempt to obtain personal information. In this scenario, a scammer will contact you over the phone to solicit your personal information. Over the phone, scammers will rely on social pressure to trick you into giving away your information. Luckily, a vishing attempt is easy to combat if you know what to look for.
If ‘your bank’ calls to confirm personal information, immediately hang up. A financial institution will never call you to confirm your personal information without cause. Even if ‘your bank’ calls from a valid number with a seemingly valid reason, just hang up. Then, call your bank back with a number that you know is legitimate.
Smishing is very similar to phishing and vishing. However, the means of infiltration is through a SMS (text) message. When you are the target of a smishing attack, the text usually contains a link or phone number with instructions to act immediately. To stop a smishing attack, do not click on any links from unknown phone numbers. Your best response is to delete the text.
How to Report Suspicious Activity
If you suspect that you are the target of suspicious financial activity, it’s important that you take the time to fight back.
First, call your bank immediately. Your bank should be able to help you identify the issue and work through any consequences of this activity. Hopefully, your bank also has protections in place to safeguard against these attacks.
Next, report the attack to a regulatory agency. If this attack is part of a coordinated criminal campaign, the public has a right to know about it. You can lodge your complaints here:
- Internet Crime Complaints Center: The IC3 will process your complaint and work with the appropriate law enforcement agencies for investigation and public awareness.
- EConsumer.gov: If you suspect the suspicious activity is part of an international scam, EConsumer.gov will take the appropriate action to inform consumer protection agencies across the globe.
- Federal Trade Commission: You can report a wide range of criminal activity here. While the FTC will not be able to resolve the complaint, they can outline the next steps that you should take.
- Department of Justice: If you aren’t sure where to report the attack, then work with the Department of Justice to find the best avenue.
While there is a trend of increasing suspicious activity and data breaches, the good news is that you are not helpless. Protect yourself by staying informed and taking appropriate action as soon as possible to avoid a painful and expensive experience.
- "2017 Annual Data Breach Year-End Review," Identity Theft Resource Center, Retrieved July 29, 2019.
Suspicious Activity: How to Detect and Report It
This blog post was published by Axos Bank on August 28, 2019 and last updated on August 28, 2019.