‘Tis the season to be shopping, and most of your members are probably frantically shopping for last-minute presents with holiday loans they have received from you, their credit union. But making sure that your members have enough money to buy those gifts is only a fraction of what they should be concerned with during this holiday season.
For example, your long-time member Stacy’s phone dings in the middle of a crisp winter day to let her know that she has just received a Facebook Messenger notification. Glancing at her phone, she sees that a message was just received from a “Mr. John David,” and he is letting her in the know on a “Big Secret” $250 gift card giveaway Walmart is having for Black Friday. Jumping into action, Stacy quickly clicks on the link for the giveaway, and as the site pulls up, it asks Stacy some basic information about herself to enter. (Her name, address, phone, email, last 4 of social, etc.) “Well… it only makes sense to enter this information, because how else are they going to get hold of me and prove who I am in case I win?!” Stacy ponders to herself. Trustingly, she decides to input her personal information and with one swift click of a “submit” button the giveaway entry has been sent to “Walmart.” Weeks go by and Black Friday has come and gone, and Stacy has long but forgotten about that Walmart Gift Card Giveaway, because “What were the chances of me winning anyway…” she says to herself. Meanwhile, Stacy’s phone dings again but this time it is not from friendly John David, but instead it is from YOU, her credit union letting Stacy know that her credit card has just made a $2,000 purchase from a different country and is suspected for fraud! “How could this happen?!” Stacy cries out; while at the same time her Facebook friend “John David” on the other side of the world is raking in the benefits of her financial worry. Stacy unfortunately is now a part of a $22 billion yearly statistic for getting phished by cybercriminals, and that number gets higher every year, according to CNBC. Even though you are there for your member Stacy and her unfortunate financial holiday scam, you still wish there was something you could have done to help better protect her, your member.
As the holidays are rapidly approaching, shops everywhere are slashing their prices for the next big holiday sale (such as Black Friday & Cyber Monday) and the vast amount of people partaking in them. Companies rely on this momentary weakness as a psychology during the holidays—and so do cybercriminals. Here are some common tactics scammers use during the holiday season to tell your members to keep a lookout for.
1. The Bait & Phished
It could be easy to get excited about giveaways and/or drawings during the holidays, especially when that new iPad would be a perfect Christmas present for Nana.
These expensive items typically come in the form of “bait and phished” fraud. Scammers use this trick to show off an expensive prize, and ask you to enter a drawing where a number of lucky participants will win such prize, for example, a new iPad. (Or a brand name store gift card as mentioned in the earlier example.)
To even get the slightest chance of winning, though, your members may be asked to enter a few personal details. Cybercriminals can use this to collect personal information about others and use them for their own benefit (whether it be stealing their identities, bank info, etc.). The bottom line on how to avoid this cyber-attack is to never enter private details on sites you don’t trust or have never heard of. Only use sites you’ve used before, or that have been personally recommended to you by family or friends.
Even though saving money on gifts during the holidays may be a priority, doing your due diligence to make sure your credit union’s site is publishing alert notices or rate changes is just as important. Encourage members to check online reviews, or compare prices on other sites. Now we are not saying that charges from smaller-named Mom and Pop shops won’t be affected, (after all, they are the very heart of America), but just make members aware to keep their options open, and search around. Sometimes smaller businesses with exclusive products might sell their items through third-party sellers such as eBay, Etsy, or Amazon.
Ways to check if site is clean: Remind members to check the bottom right hand corner of a website during the check-out process and look for a security icon that ensures it’s a safe transaction, signs of encryption (like an SSL certificate), read customer reviews, compare 3rd party sites, and it is recommended by Nerdwallet to pay using a credit card and/or PayPal so that way you can cancel the transaction and get refunded if the purchase is a scam.
2. Fake Facebook Pages, Identity & Ads
Impersonations and false identity is a key ingredient to all scams. According to an article from Support The Guardian, “Millennials are falling victim to scams involving handing money to fraudsters more than any other age group, according to Lloyds Bank. New data shows that victims aged 18 to 34 are losing an average of $3,362 to fraud, which typically involve scammers impersonating banking staff, the police, or HM Revenue and Customs.”
Social media platforms seem to be a great way for false identity to take place for a scammer. Tell your members to beware of good old Facebook friends like “John David,” who do an action called “Like Farming.” This is just an algorithm scammers typically perform to get more Facebook likes and shares on their content for a pay-per-click scheme. Typically around the holidays scammers create fake Facebook accounts and business pages that promise valuable Black Friday deals and tell you that the only way to get this promotion is by sharing their ads. Naturally, such awesome jam-packed deals need to be shared with all of your friends and so on, making their fake ad posts reach thousands of people. Once the post reaches enough profiles, the post typically changes to a different product they can get some serious money off of, due to pay-per-click. The cybercriminal can then sell the page they created and all of the content on it to the dark web, making all the people who have interacted with the fake page’s posts visible as well (such as birthdays and addresses).
Ways to tell if a Facebook Page is real: Typically, scammers have generic first and last names, such as Mike Thomson, James David, and John Smith. Their page is nothing but ads that request you to share their content.
3. App & Bank Transfer Scams
Your kindhearted members might be in the giving mood for the holidays, which brings a sense of wanting to help others. Bank transfer scams have gone up by 40% just from last year alone. Scammers will take advantage of that fact and try to find benevolent people and give them a heartbreaking story, looking for a “financial” Christmas miracle. This type of scam according to MoneySavingExpert.com is called a “Push Payment (APP) Fraud” which is “when someone is tricked into transferring money from their own account to one belonging to a criminal. The money is then transferred to numerous other accounts and withdrawn by the cybercriminals.”
New Code Banks Are Enforcing to Protect Their Members: A new code was introduced back in May, 2019 which will help victims of APP scams to get their money back. This voluntary code commits financial institutions to reimburse their members for their financial loss, unless they were neglectful of their bank’s warning signs of the scam or who they were sending the funds to.
4. Texting Scams Disguised as Banks
Fake social media accounts is just the start of where scammers have gone to reach members. A woman in North Carolina reported that she was tricked out of $2,000 in a scam that professionals say could happen to anyone who owns a bank or credit union account. According to CBS News, the victim received a text from her “bank” saying that her credit card was suspected of fraudulent activity with a large purchase. She replied back saying she did not make the purchase claimed, which then led to her “bank” calling her and asking for personal information, such as card number and pin, so that they could suspend her card from any other charges. After this information was given to the supposed “bank employee,” she then got another text soon after from her real bank contact, informing her that the account was overdrawn.
What to Remind Your Members: Tell your members before corresponding further with a text notification such as the one mentioned above, to call your main customer support number to verify that the communication they are receiving is genuine, and to not respond to any further calls or texts claiming to be your credit union.
An important thing to keep in mind after reading this, is that even though scams are extra popular during the holidays, it does not mean that everyone is trying to rip you off or steal your member’s identity. In fact, most stores and sites are trustworthy, but these tips are just here to share with them, so your member is not at financial risk and your credit union is supporting its community needs. Check out these 7 authentication strategies to reduce fraud at your credit union from NAFCU here.
By: Richard Gallagher, CEO, Oak Tree Business Systems, Inc. Oak Tree has been serving the credit union industry for 35+ years with top quality COMPLIANT forms and disclosure packages. In addition, our forms packages easily integrate with any data processor in any state. #CreditUnionTips