Tis' the Season to be Hacked

IT security defenses are being regularly tested. Hackers want data very badly, so they can sell it to criminals on the dark web. They also want to encrypt your data, so they can collect huge cryptocurrency ransoms. And not a day goes by when hackers are not searching for ways to divert wire transfers to fraudulent bank accounts. The motivation is big money, coupled with a miniscule risk of getting caught.

Cybercriminals love the holidays because consumers spend a lot of time and money online. Many people are also traveling and spending time with family and friends. The bad guys know how easy it can be to let your guard down and take full advantage of the opportunity to cash in. Keep in mind that these schemes don’t just target emails; they use voice and text messages, too. And thanks to rapid advances in technology, it’s getting harder to spot the imposter.

Learning how to identify telltale signs of fraud is your first and most important line of defense. Read on to identify common schemes that cybercriminals use to trick their targets into opening an attachment, clicking a link or revealing sensitive information. 

Red Flags

  • Order or shipping confirmations that provide attachments or links to view or track items you did not order – even if they look credible.

An example of a fraudulent shipping label.

  • An attachment to claim a prize for a sweepstakes you did not enter.
  • Messages instructing you to reset your password by clicking a link.
  • Unsolicited requests to purchase gift cards.
  • Unexpected requests to provide data or remit payment for services.
  • Communications inviting you to rate the U.S. Postal Service or another company by clicking a link.
  • A phone call that appears to come from a family member in trouble who needs money right away.

If you receive any of these communications, ask yourself:

Did I place an order for this item? If you can’t recall, go straight to the source. Check your receipts or order status on the vendor’s official website.

Do I remember entering this contest? Who doesn’t love getting free stuff? Before getting too excited, remember that fraudsters love to reel folks in this way. If it’s too good to be true, it probably is. By clicking a link in an email to claim your prize, you could infect your computer or mobile device with malware.

Would someone sending me a gift spoil the surprise by using my email address for order or shipping confirmation? Although some delivery companies request the recipient’s email or phone number, confirmation of receipt is triggered after delivery, so you know who to thank. If you did not receive the item referenced, the communication is likely a scam.

Was I recently locked out of my account or request a password reset? If not, a fraudster may have attempted to access your email account. It could also be someone impersonating a vendor to trick you into revealing your username or password to access your personal or financial data.

Would a friend or family member call me with an urgent request to send them money? If this behavior is not common practice and seems odd, it is more than likely the fraudster has used voice cloning to pretend to be someone you know.

Trust Your Instincts

If something feels “off,” trust your instincts. Take a moment to check the credibility of the request before acting on it. Never assume it is safe to click a link or open an attachment in ANY communication, even if the request appears to come from someone you know.

1. Never use the contact information provided in an unsolicited communication. It could lead you to a bad actor who is prepared to continue the ruse.

Pro Tip

Email: Hover your mouse over the hyperlink to see where it routes you. Compare the URL to the organization's official website. If they don't match, the message is fake. 

Phone call or text: If the message comes from an unknown number, be suspicious.

2. Always be suspicious of changes to wiring instructions. Wire fraud is one of the most pervasive schemes targeting homebuyers. 

Pro Tip

Know that legitimate changes to wiring instructions are extremely rare--even if they appear to come from your title company or closing agent.

3. Always contact the alleged sender of a communication using a verified phone number.

Pro Tip

When doing business with title or real estate professional(s), consider adding their direct line or branch office number to your cell phone contacts for quick reference.

Educating yourself about the latest cybercrimes can help protect your funds and keep your holidays merry and bright. For more information about these and other scams, visit the Federal Bureau of Investigation’s Common Scams and Crimes page.