FRAUD - They Are Out To Get You! - part 3

Last month I wrote about fraud occurring through your cell phone and the dangers associated with answering that call from an unknown number. In this edition I want to focus on your other online activity with your Personal Computer, Online Banking, and all of those wonderful websites that you purchase items that you must have. Email fraud is another one of those attacks that often catch people off-guard. Spoofing of emails is a leading tool used by fraudsters and often leads to big losses for individuals. Here are three very common types of email spoofs: Display Name Spoofing: The attacker uses a trusted name with a different email address (e.g., "John Smith fakeaddress@example.com"). Domain Spoofing: The attacker forges the entire email to look like it’s coming from a legitimate domain (e.g., johnsmith@trustedcompany.com). Reply-to Spoofing: The attacker manipulates the "Reply-to" field to redirect responses to their email address. The simplest rule that I have learned to defeat email spoofing is to NEVER CLICK ANYTHING IN AN EMAIL SENT TO ME . For example, I make purchases at Amazon, Office Depot, Kohl’s and other online retailers, oftentimes, I receive confirmation from the retailer that I have made a purchase, and it includes a receipt. Many people assume that email is secure between themselves and the sender – in reality there are many programs running on the internet that are glancing at those messages and finding information. This little bit of information alerts the scammers that I do business with that company – and it also gives them my email address. So, about a couple of days later I receive an email from Customerservice@khls.com. If I’m not paying attention and only see the Kohl’s logo, I am inclined to click the link that they provided me to fix my recent purchase or to guide me to their site to steal my login information for my Kohl’s account. If you are speed reading this article – you likely missed the subtle change in the DOMAIN of the email that I received from khls.com, not kohls.com. I learned a long time ago, because I was a victim of fraud, that I no longer click any email links or open any email attachments from companies. I will simply go to the company website and login to my account in order to confirm the information that I’m being told is so very important. Remember, also, that the fraudsters rely upon rushing you into a rapid response to their email or phone message. IF YOU HURRY – YOU’LL BE SORRY… Let me give you a few quick suggestions on dealing with email and keeping yourself safe with your home computer. Use a Secure and Reputable Email Provider: Choose an email provider like Gmail, Outlook, or Yahoo that offers robust built-in security features, including SPF, DKIM, and DMARC protection. Enable Multi-Factor Authentication (MFA): Add an extra layer of security to your email account by enabling MFA. This requires a second verification step (like a text message or authentication app) to access your account. Recognize Spoofed Emails: Be cautious with emails that: a. Urge immediate action or sound too good to be true. b. Contain spelling errors or unusual language. c. Have suspicious links or attachments. d. Hover over links to see the actual URL before clicking. 4. Keep Your System Updated a. Regularly update your operating system, browser, and email client to protect against known vulnerabilities. b. Use antivirus software to scan for malware that may arrive via email attachments. If you follow the simple rules, you can avoid being taken advantage of by the myriads of scams that appear in your email Inbox on a daily basis – sometimes multiple times per day. Take some time to sign up for an ID Theft program to have an extra set of eyes for your online health. We offer a great product at Washington State Bank called ID Theftsmart – it is an inexpensive way to protect your financial life. There are many good companies that provide similar services, and I would strongly encourage you to take advantage of the offerings before you fall victim to identity theft or fraud. One last suggestion…use a Credit Card for all of your online activity. It adds one more layer of protection away from your personal banking accounts that are accessed via your debit card. There is much lower risk to your financial health in using a credit card for your purchases. All the best as you keep yourself safe from all of the bad actors out on the internet and your email inbox. Michael Herzog President

Every single day the fraudsters are looking for ways to infiltrate your defenses and to take advantage of your weakness. Think for a moment about all of the SPAM phone calls that you receive – the kind that block their numbers from caller-id, the kind that come up on your caller-id as a “local” number, the kinds of calls that you are unsure as to whether you should even answer the phone. Allow me to make a simple suggestion. IF YOU DON’T RECOGNIZE THE NUMBER – DON’T ANSWER THE CALL! A legitimate caller will leave you a voice message. A legitimate caller won’t keep calling your phone. A legitimate caller doesn’t make multiple calls in a row without leaving a message. I hear customers say things like the following: I didn’t want to miss a call from my doctor or healthcare provider. I was sure that the number was someone that I knew. The caller-id said that it was a federal agency (FBI, DHS, FTC). The same caller was on my phone 2 or 3 times in an hour. The biggest danger that we face is in answering the phone and beginning a conversation with a potential scammer. Trust me when I say, the person that is calling you is well-rehearsed, extremely convincing, and they will immediately make you feel that you must do something right now to help them or to remove yourself from the trouble they suggest you are involved in. Scammers utilize an appeal to authority and time pressure to make you afraid. They use this fear to get you to do what they ask of you. They will tell you a story about unclaimed property, or cash prizes, or even that you are helping law enforcement with an investigation of your bank. All of these stories are false, but they have just enough truth and a lot of correct sounding jargon to make you believe that you are doing something good that will benefit you. They may even send you to the bank and ask you to keep them on the phone, telling you that the bank employees are going to suggest that you are involved with a fraud – that’s all part of their hook. Finally, the scammer will ask you to buy Pre-Paid gift cards after withdrawing cash from your bank – and to reveal the numbers on the back of the card to them. IF YOU DO THIS – YOUR MONEY WILL BE GONE! There is no Identity Theft Protection that will keep you from doing this on your own. Please take the time to think through answering your phone. I have an old friend who used to say, “I have a phone for my convenience, I don’t answer the phone unless I know who is calling me.” Allow me to make some simple suggestions that may very well keep you safe from the myriad of scammers… If someone calls you from a familiar place and isn’t confirming information that you already know or are waiting to hear, hang up the phone and call that place directly. · Scammers are using technology that spoofs phone numbers – the caller-id may indicate it is from your local bank or the doctor’s office. Your bank will NEVER, EVER, ask for your specific account information – we already have that information. Bank’s do not know your PIN #s for cards, that is your information and is issued specifically to you. Your bank will NEVER, EVER need to ask you for a PIN number. Be careful with your card information. Scammers are very good at talking you into giving away specific information and making it seem like they already know the information. · For example – the three digit card security number on the back of your cards. The conversation will go something like this… · Scammer: I know that your card ends in 1234, and your expiration date is 08/27. Would you please give me the 3-digit code in order to verify your account? · Person: Sure, it is 111. Criminals have access to so much of our data, the simple process of asking you questions is to gain your trust. Please don’t fall for this trick. In closing this piece. Remember the old rule, “If it sounds to good to be true, it probably is.” Even the biggest prize company in the world – Publisher’s Clearing House states that they will never call you, email you, send mail to you – they will show up at your home when you are the winner. No legitimate organization needs you to send them money in order to investigate another organization. All of these people are attempting to take advantage of you and steal your money. And sadly, once you withdraw cash and give it to them – IT IS GONE FOREVER! Please be safe in this increasingly dangerous world. Michael Herzog President