By Liz Hacquebord, SVP, Director of Financial Fraud Analysis & BSA Officer and
Gregory Berks, SVP, Director of Operational Risk, Vendor Management, and Information Security
Life for many of us has returned to normal as the recent pandemic recedes. Unfortunately, credit and debit card scams have returned with a vengeance, as well as new types of financial fraud that deserve everyone’s attention.
Here are five areas of financial fraud you should be aware of, and some simple actions you can take to keep your money and credit score safe.
1. Online shopping hacks. Online shopping has become a safe house for fraudsters. If they find a point of entry into our online presence, criminals may learn what we’re looking for as we browse. They may reach out promising amazing prices. Enter your financial information on an unfamiliar site, and you could be working with a fraudulent merchant or someone who wants your card information to commit other types of fraud. On Amazon, which is trusted by so many people, dodgy third-party sellers have proliferated.
What you can do: As a general rule, use strong passwords for all your online accounts and store them in a secure password manager. Beware of authentication exhaustion, where people turn off security measures to make it as easy as possible to log in to financial or shopping accounts. Don’t allow your browser to remember your password. And enable dual-factor authentication by adding your phone number on trusted sites when it’s available.
2. Phishing scams. It wasn’t too long ago that you easily could identify bogus texts and emails thanks to poor spelling, grammar mistakes, and low visual quality. Today it’s not unusual for a scammer to gain access to your inbox based on a weak password, monitor it for as long as a month, then craft a phishing email that looks like it’s legitimate and from someone you correspond with routinely.
One recent scam lowers the victim’s guard with a text that appears to be from their bank. It might say, “Did you make this purchase at Walmart for $500 in Florida? Text back yes or no.” When the recipient texts back no, they immediately get a phone call from someone who claims to be from the bank, asking for information such as an online banking login or PIN.
What you can do: Like most banks, Middlesex texts customers about unusual financial activity, but we never add a link for you to click on. We'll ask for a simple yes or no but won't ever request anything further. Also remember that if we’re calling you to question activity, we already have all your information. So we don’t need to ask you for anything other than data that can’t be used against you, such as your address or the last four digits of your Social Security Number.
Be wary of unprompted links in texts and emails that appear suspicious. If someone calls and asks you for personal or financial information, hang up. Better yet, hang up and call the main number for the institution that claims to be calling you, or give us a ring at our Information Center.
One other note here: you can’t always rely on Caller ID. Phone numbers can easily be spoofed, so don’t assume that because a company name shows up on Caller ID, that’s the name of the company that’s really calling you.
3. Check fraud. Mailbox phishing continues to be a problem. Banks have seen many cases where a customer places a bill in their home mailbox, and within hours the check has been stolen from the box. Criminals also use equipment to cut squares out of the sides of USPS boxes and pull mail out. They may steal or even buy keys from postal workers to gain access. Scammers are then able to apply chemicals to the front of personal checks, remove the name of the payee, replace it with another one, and even adjust the amount upwards. Existing fraud protections in check clearing systems sometimes fail to pick up on these changes.
What you can do: Checking accounts are still necessary to perform electronic transactions or to carry a debit card, so the solution isn’t canceling them. Instead, it’s always a good idea to pay bills electronically whenever possible and avoid writing paper checks if you can do so. Whenever you do need to mail a check, don’t put it in your own mailbox or a freestanding postal mailbox. Walk it into the post office and hand it to a postal worker. It’s not necessarily convenient but it is far safer.
Gregory Berks, SVP, Director of Operational Risk, Vendor Management, and Information Security
Life for many of us has returned to normal as the recent pandemic recedes. Unfortunately, credit and debit card scams have returned with a vengeance, as well as new types of financial fraud that deserve everyone’s attention.
Here are five areas of financial fraud you should be aware of, and some simple actions you can take to keep your money and credit score safe.
1. Online shopping hacks. Online shopping has become a safe house for fraudsters. If they find a point of entry into our online presence, criminals may learn what we’re looking for as we browse. They may reach out promising amazing prices. Enter your financial information on an unfamiliar site, and you could be working with a fraudulent merchant or someone who wants your card information to commit other types of fraud. On Amazon, which is trusted by so many people, dodgy third-party sellers have proliferated.
What you can do: As a general rule, use strong passwords for all your online accounts and store them in a secure password manager. Beware of authentication exhaustion, where people turn off security measures to make it as easy as possible to log in to financial or shopping accounts. Don’t allow your browser to remember your password. And enable dual-factor authentication by adding your phone number on trusted sites when it’s available.
2. Phishing scams. It wasn’t too long ago that you easily could identify bogus texts and emails thanks to poor spelling, grammar mistakes, and low visual quality. Today it’s not unusual for a scammer to gain access to your inbox based on a weak password, monitor it for as long as a month, then craft a phishing email that looks like it’s legitimate and from someone you correspond with routinely.
One recent scam lowers the victim’s guard with a text that appears to be from their bank. It might say, “Did you make this purchase at Walmart for $500 in Florida? Text back yes or no.” When the recipient texts back no, they immediately get a phone call from someone who claims to be from the bank, asking for information such as an online banking login or PIN.
What you can do: Like most banks, Middlesex texts customers about unusual financial activity, but we never add a link for you to click on. We'll ask for a simple yes or no but won't ever request anything further. Also remember that if we’re calling you to question activity, we already have all your information. So we don’t need to ask you for anything other than data that can’t be used against you, such as your address or the last four digits of your Social Security Number.
Be wary of unprompted links in texts and emails that appear suspicious. If someone calls and asks you for personal or financial information, hang up. Better yet, hang up and call the main number for the institution that claims to be calling you, or give us a ring at our Information Center.
One other note here: you can’t always rely on Caller ID. Phone numbers can easily be spoofed, so don’t assume that because a company name shows up on Caller ID, that’s the name of the company that’s really calling you.
3. Check fraud. Mailbox phishing continues to be a problem. Banks have seen many cases where a customer places a bill in their home mailbox, and within hours the check has been stolen from the box. Criminals also use equipment to cut squares out of the sides of USPS boxes and pull mail out. They may steal or even buy keys from postal workers to gain access. Scammers are then able to apply chemicals to the front of personal checks, remove the name of the payee, replace it with another one, and even adjust the amount upwards. Existing fraud protections in check clearing systems sometimes fail to pick up on these changes.
What you can do: Checking accounts are still necessary to perform electronic transactions or to carry a debit card, so the solution isn’t canceling them. Instead, it’s always a good idea to pay bills electronically whenever possible and avoid writing paper checks if you can do so. Whenever you do need to mail a check, don’t put it in your own mailbox or a freestanding postal mailbox. Walk it into the post office and hand it to a postal worker. It’s not necessarily convenient but it is far safer.
"Middlesex texts customers about unusual financial activity, but we never add a link for you to click on. We'll ask for a simple yes or no but won't ever request anything further via text."
Liz Hacquebord, SVP, Director of Financial Fraud Analysis & BSA Officer
4. Identity theft and impersonation. With the rise in consumer information on the dark web, scammers are making bolder attempts to impersonate other people. This includes someone calling the bank trying to pass themselves off as you or creating fake identities by cobbling together different pieces of personal information that might include yours.
What you can do: When you set up a new financial account, you’re completely within your rights to ask about that company’s fraud department and anti-fraud processes. Middlesex has particularly strong security software to monitor transactions, but many banks are behind the curve. Some banks don’t have dedicated personnel related to fraud. So ask about it when selecting your bank.
Consumers should set up alerts in online banking so that you’ll get text messages on different types of events when they happen on your account. For businesses, choose Positive Pay for checks as well as electronic payments. With Positive Pay, businesses submit a file to their bank of the checks that they’ve written. When those checks come into the bank, they have the opportunity to approve them. If they see something that doesn’t look right, they can stop it so that the funds never come out of their account.
5. Ransomware. When you think of ransomware – which can lock your system down and make files inaccessible until you pay a fee – you may envision the culprit in a dark basement with a small PC. The reality is much closer to a corporate office environment, with rooms of people selling and supporting ransomware. Last year major hospitals, hosting service providers, publishers, school districts and even the San Francisco 49ers were hit by ransomware attacks.
What you can do: Cyber criminals always go after the easy target, which tends to be a smaller company. That’s why our business experts always recommend that customers use cybersecurity tools to guard their network perimeters or pay for IT security expertise. Patch management and vulnerability scanning are key to managing risks, as well as ensuring your employees know what to do and not to do in these cases.
Finally, there are excellent institutions and resources you can use if you have been the victim of financial crime.
What you can do: When you set up a new financial account, you’re completely within your rights to ask about that company’s fraud department and anti-fraud processes. Middlesex has particularly strong security software to monitor transactions, but many banks are behind the curve. Some banks don’t have dedicated personnel related to fraud. So ask about it when selecting your bank.
Consumers should set up alerts in online banking so that you’ll get text messages on different types of events when they happen on your account. For businesses, choose Positive Pay for checks as well as electronic payments. With Positive Pay, businesses submit a file to their bank of the checks that they’ve written. When those checks come into the bank, they have the opportunity to approve them. If they see something that doesn’t look right, they can stop it so that the funds never come out of their account.
5. Ransomware. When you think of ransomware – which can lock your system down and make files inaccessible until you pay a fee – you may envision the culprit in a dark basement with a small PC. The reality is much closer to a corporate office environment, with rooms of people selling and supporting ransomware. Last year major hospitals, hosting service providers, publishers, school districts and even the San Francisco 49ers were hit by ransomware attacks.
What you can do: Cyber criminals always go after the easy target, which tends to be a smaller company. That’s why our business experts always recommend that customers use cybersecurity tools to guard their network perimeters or pay for IT security expertise. Patch management and vulnerability scanning are key to managing risks, as well as ensuring your employees know what to do and not to do in these cases.
Finally, there are excellent institutions and resources you can use if you have been the victim of financial crime.
- The Federal Trade Commission (FTC) website. If you’ve experienced fraud or identity theft of any type, this site will walk you through a questionnaire and provide all the next steps you should take.
- The FBI’s Internet Crime Complaint Center (IC3). By filling out a simple report here, you can help the FBI track down cyber criminals around the world. You can report for yourself or on behalf of other individuals.
- Your local police department. If you’ve lost money in a scam, be sure to file a police report. Not all local police departments are able to investigate every instance, but the more people that report theft, the greater the likelihood that your department will try to get to the bottom of it and stop it from happening to other people.
- Middlesex has a security center on our website, plus a library of information that we can mail or email to you based on the type of fraud you may be experiencing or whatever questions you may have – just call or stop by a branch and ask.
As a backup to the advice in this column, major security monitoring services offer tools such as freecreditreport.com. Set up alerts on one of these sites so you’ll be notified immediately about changes in your credit score that may be linked to fraud.
Financial fraud takes place against a backdrop where we’re being bombarded with more information every day. It can be easy to let your guard down when you’re tired or distracted, so it’s important to step back and take a deep breath. The minute you don’t feel in control, hit delete or hang up. And remember, if it’s Middlesex calling you, we already know your information, and we’re here to help you keep it secure.
Financial fraud takes place against a backdrop where we’re being bombarded with more information every day. It can be easy to let your guard down when you’re tired or distracted, so it’s important to step back and take a deep breath. The minute you don’t feel in control, hit delete or hang up. And remember, if it’s Middlesex calling you, we already know your information, and we’re here to help you keep it secure.