Watch out for money transfer scams and fraudsters impersonating reps from your financial institution
Financial technology such as digital wallets and person-to-person payment apps have made it considerably easier to take care of bills, collect payments, and even settle everyone’s share of the dinner check without unneeded friction. Indeed, The Police Credit Union’s own “Pay a Person” feature has made it a breeze to instantly take care of your important financial affairs — from paying rent to quickly transferring money to friends and family.
Unfortunately, fraudsters are also finding these online tools useful, and have been quick to exploit the fact that they are fast, and often free to use. Moreover, financial institutions and regulators are still learning to navigate the landscape of financial crimes involving instant payment services.
On the other hand, there is no need to forgo the enhanced convenience these services offer if you exercise some reasonable precautions. Safeguard your money and sensitive financial information by staying alert to these facts about digital banking fraud and some red flags common with scams involving instant payment services:
Beware of messages alerting you that your account has been compromised in some way.
It’s unfortunate that scammers have learned to invoke fears about the security of your accounts in order to perpetuate a crime that actually violates that security, but it’s a tactic that’s proven effective time and again. When it comes to money transfer apps, a common ploy is for the fraudster to start by sending a text, ostensibly from your financial institution. The message requests that you verify that you’ve initiated a large money transfer from your account. If you respond “no,” you might then get a call from someone who claims to be with your financial institution. By using a spoofed phone number that appears as your bank on your caller ID, the caller averts suspicion. Once the scammer has you on the phone, they’ll announce that someone is trying to steal funds from your account with the digital money transfer service you use. According to the scammer, the way to resolve this issue is by resending the funds to yourself. But first, you’ll need to disable your mobile phone number, which links your bank account to the payment app. The fraudster insists that this step is critical for security reasons. But in reality, this action will set the mechanism in place to divert funds from your account to the one the scammer maintains at the same financial institution. Because once you have disabled your mobile number, the fraudster plans to take the opportunity to connect it to the fraudster’s own bank account.
Scammers may ask you to divulge sensitive information such as login credentials or a one-time passcode in order to resolve the problem.
In order to pierce the additional layer of defense provided by the two-factor authentication process, the perpetrator of this popular scam simply tells you to read the verification code over the phone as a standard part of the recovery process. When they’ve successfully surmounted this obstacle, they can complete the process of linking your phone number to their own account. You’re instructed to hit send, and the money is then transferred almost instantly to the fraudster’s account. And your chances of recouping the funds become slim to nearly impossible, especially since there’s a good possibility that the bank won’t be able to recover the stolen money either.
In many cases, financial institutions will not reimburse you for losses in cases where you authorized the transfer, even though it was a scam.
As The New York Times reports, the Consumer Financial Protection Bureau has been inundated with complaints from those who have been bilked out of thousands of dollars from scams involving money transfer apps. While regulators have taken recent measures to clarify the types of losses banks are required to repay, there are still areas which remain open to interpretation. Financial institutions are now mandated to reimburse losses to consumers that were “initiated by a person other than the consumer without actual authority to initiate the transfer.” As The Times explains, this would apply to incidents where stolen devices have been used to initiate money transfers. But as of this writing, regulators are still grappling with how financial institutions should handle losses when the defrauded person actually initiates the transfer.
Regardless of how regulations regarding financial fraud continue to evolve, you can greatly reduce your chances of becoming a victim of a digital banking scam today by taking these steps:
- Be aware that your financial institution will never contact you to request that you provide your login credentials (e.g., user IDs or passwords), a PIN or a one-time passcode. Furthermore, they will not ask you to transfer money to yourself to resolve a fraudulent incident.
- If you’re concerned about a message you’ve received, contact your financial services provider directly using the number on the back of your debit or credit card, or the phone number from the organization’s official website.
- Take care not to disclose personal financial information to a person who calls, texts or emails you unexpectedly. Also keep in mind that scammers may impersonate family members or use information gleaned from online resources and social media to gain your trust.
- Stay alert to spoofed phone numbers. Fraudsters commonly fake the phone number that appears on your caller ID so that they appear to be calling you from a legitimate organization.
- Don’t click on links or attachments in unsolicited texts, emails or online messages, even if they appear to be legitimate. Never log on to your account from a link provided by an unsolicited message.
- Use strong passwords for all of your accounts. Avoid using personal details from your life that are publicly available, such as names of your children, pets, birthdays, favorite sports teams, etc. Consider using a password manager that can take the hassle out of creating unique passwords and store all of your passwords conveniently and securely.
- Enable multi-factor authentication when possible so a user cannot gain access to your account unless they have presented two forms of evidence (e.g., a one-time code texted to your phone, a fingerprint scan).
- Be cautious when using public Wi-Fi in places such as cafes, libraries, hotels and airports. Data on public networks is unsecured, allowing hackers to easily gain access. Either wait to do your shopping or personal banking transactions when you get home, or use a VPN (virtual private network) or your smartphone’s data connection when you’re out and about. You can easily set up a personal hotspot for your laptop with a few quick taps.