What is the most common method used in phishing scams to trick users into revealing sensitive information?
According to DarkTrace's Security Threat Report published in 2020 94% of malware originates in email boxes.
A unique identification number used for retirement benefits and personal information, susceptible to identity theft.
What is a Social Security Number?
Your "Bank" calls and indicates there is an ACH payment coming out of your account in the amount of $150,000. The system has flagged it as fraud and they just need to verify you in order to cancel the outgoing payment.
Will you verify the following information: Can you verify your username? If you will also confirm your password we can send you a code to verify you and then get that payment cancelled?
Please hang up the phone and ignore them as they hurry and attempt to call you back. Call you Bank directly and speak with someone that you are familiar with.
Story time
Generally pertains to the fraudulent negotiation of checks stolen from the U.S. Mail. Fraud, including check fraud, is the largest source of illicit proceeds in the United States and represents one of the most significant money laundering threats to the United States.
Mail theft-related check fraud.
Example:
Change the name on an actual check and cash it
Take the routing# and account # and reproduce fake checks.
How much money was lost in romance and impersonation scams in 2024?
What is $2.95 BILLION, and increase of 30% from 2023. That is only the reported losses.
Example: Wife with Alzheimer's Disease, Women going to meet her Lawyer Boyfriend in SLC, Gentlemen who was helping a fellow veteran get back on his feet.
Phishing where the scammer targets a specific person or organization by using personal information, gains the victim’s trust and appears more legitimate.
What is Spear Phishing?
A unique set of digits assigned to you when you open a financial account.
A vendor sends you a check for more than their account balance. When you call the number on the check they indicate you should deposit the check and just send them a check for the difference. What should you do?
What is return the check or What is shred the check or What is contact your vendor using a verified phone number?
Scammers give you what seems like a plausible reason to overpay you with a check. Then, they’ll ask you to send the extra money back to them. Even though it might show up as “cleared” in your account, by the time the bank discovers the check was bad, the scammer already has the money you sent them.
True or False:
When conducting investigations the FBI will commonly reach out to account holders and ask for verification of cash deposits on their account.
False:
The FBI will not call you. They will send an officer to your home and if you aren't home they will leave a business card.
Example: The man who mailed $10,000 on the way to the dentist.
How can you determine if the picture someone sent you is a real person?
What is reverse image searches? Paste the picture into google and search to see where else it appears.
Also, can search the person's name and email with the word scam to see if other people have reported them.
A variation of phishing that leverages SMS text messaging instead of email and can infect your phone with malware.
What is Smishing?
The act of exploiting human psychology – rather than technical hacking techniques – to gain access to buildings, systems or data.
These attacks rely heavily on human interaction and involve manipulating victims into performing certain actions that break standard security practices.
What is Social Engineering?
An email is sent to your bookkeeper indicating ABC Parts LLC's accounts have been compromised and they need to update their account information for your monthly ACH payment as the bank required them to close the account. Is this a red flag?
What is Yes or What is Maybe?
Make sure procedures are clear for approving purchases and invoices and ask your staff to check all invoices closely. Pay attention to how someone asks you to pay and tell your staff to do the same.
Example- Email take over $250,000 loss
someone who transfers or moves illegally acquired money on behalf of someone else. Criminals recruit them to help launder proceeds from online scams, frauds, or crimes like human trafficking and drug trafficking. They add layers of distance between crime victims and criminals, making it harder for law enforcement to trace money trails.
What is a Money Mule?
Signs of Money Mule Activity
True/False
It is common for individuals to ask for money in legitimate online relationships/friendships?
FALSE: Scammers will ask for payment in various methods, such as a deposit into a cryptocurrency exchange or ATM, sending funds through a money transfer app or prepaid card, participating in an investment opportunity, etc.
REAL FRIENDS/PEOPLE DO NOT REQUEST MONEY ONLINE
A type of online scam involving an email which claims to be from a legitimate or known source but actually directs the recipient to a website which collects personal information in order to commit identity fraud.
What is Phishing?
Occurs when a fraudster fakes circumstances to compel a victim into providing access to sensitive data or protected systems. Examples include a scammer pretending to need financial data to confirm the identity of the recipient. The scammer might pretend to be member of a trusted entity like the IT Department in order to manipulate the victim into granting computer access.
What is Pretexting?
Scammers can "spoof" phone numbers and appear to be calling from the Bank or other legitimate places. Don't be fooled. If the bank is calling you, we aren't going to be asking for user names, passwords, SSN or account numbers. Hang up and call the bank directly.
What is your best line of defense for business scams?
What is a well trained and informed staff?
Your best defense is an informed staf. Train employees not to send passwords or sensitive information by email, even if the email seems to come from a manager. Explain to your staff how scams happen and encourage them to talk with their coworkers if they suspect a scam.
Name 1 of 2 websites that can assist you if you have been a victim of Identity theft.
Federal Trade Commission www.ftc.gov
What is a common tactic used by romance scammers to gain trust of their victims?
We are asked to be Christ like and support those who have less than us. Be wary of this being used against you. Sob stories and made up emergencies are often used to request financial support.
How can you spot suspicious links in phishing emails?
What is by hovering over the links and looking for misspelled or unfamiliar URLs.
Using social engineering to take advantage of a user’s fear, Scareware is a malware tactic that manipulates users into believing they need to download or buy malicious software. Most often initiated by a pop-up ad, they coax the victim to download fake antivirus software.
What is Scareware?
Close the browser. Disconnect from the internet. Do not click on any link or provide any payment information.
How can fraudsters be attacking your business without ever accessing your building or bank account?
What is email takeover?
Email account takeover (ATO) is a type of cyberattack where a malicious actor gains unauthorized access to a user's email account by stealing their login credentials.
Prevention:
Strong Passwords, Two Factor Authentication, Security Awareness Training, Regularly monitoring account activity
A scam that relies heavily on social engineering tactics. Criminals send an email message that appears to come from a known source making a legitimate request. Attackers often impersonate CEOs or high-ranking executives
What is Business Email Compromise?
3 examples of BEC attacks from the FBI:
A vendor your business regularly deals with sends an invoice with an updated email address.
A company CEO asks an internal employee to purchase gift cards to send out as employee rewards. They ask for the serial number off the cards so they can email them out to the “employee” right away.
A homebuyer receives a message from his title company with instructions on how to wire his down payment.
What is the most common reason people don't seek help or verification when caught up in a Romance or Impersonation scam?
What is SHAME?
Seek trusted advice. Discuss your situation with friends or family. They may catch inconsistencies, spot red flags, and share a perspective from a neutral space.