<
Financial Poise
Fraud Prevention requires vigilant monitoring of bank accounts, as with a smartphone.

Fraud Prevention for Suckers

How to Identify Phishing

Our lives are increasingly going cyber, and therefore, so is our personal data. Data breaches, including the Capital One breach in July that left 100 million customer accounts vulnerable, are becoming more common. In turn, fraud prevention is a perpetually hot topic.

But it isn’t always a hacker that gets access to our data. Sometimes it’s an Average Joe that takes advantage of the elderly or uninformed by using a tactic called phishing. Phishing scams come in the form of emails and telephone calls in which an individual pretends to be from a certain company to coerce someone into providing sensitive information, such as a social security number or credit card number.

Here’s an example of fishing that my dad received by email. It looked like this:

From: John Maryline [mailto:john.maryline@yahoo.com]

Sent: Friday, February 16, 2018 1:21 PM

Subject: Your ATM Cards Released..

Attention: This is to inform you that we have agreed to release your fund valued at USD $5.8 Million which will come to you via ATM Cards. Please do re-confirm your information as below to avoid wrong delivery. Forward your information to the delivery office here: mr.markjames@collector.org and instruct them to send the card to you immediately.

Full Name (Receiver):_____,

Country of Resident: ______,

Office/Home Street Address: _____,

Nearest Airport: _____,

Mobile Phone Number: _____,

Identification papers (Passport copy or ID card) which you will present it before delivery is made: _____

Thank you for understanding and may God bless you.

Yours faithfully,

Mr. Mark James

Email: mr.markjames@collector.org

My dad sent Mr. Mark James / Mr. Maryline (did you notice that the top of the email identifies the sender as one and the signature line is that of the other?) the requested information and then forwarded the email to his entire company telling them that he quit.

No, my dad is not really an idiot.

My dad really did send the email to his company, but everyone knew he was kidding. And no, he didn’t really reply to the email he received from Mr. Mark James / Mr. Maryline.

Phishing is Everywhere

There’s a sucker born every minute, as the saying goes, but good, smart people are fooled every day. Want to know how to identify a scam email? You should definitely learn. Why? Because in 2019, phishing accounts for 90% of all data breaches, and phishing attempts have grown 65% over the last year. To make matters worse, 15% of people who fall for a phishing scam will be targeted once more in the same year. .

Instances of fraud among the elderly are especially rampant, and the last thing you should do if your elderly parent or grandparent falls for one is to blame or shame them. Instead, you should be proactive in their education about fraud prevention.

How to Talk to Your Parents About Scams and Fraud Prevention

Sid Kirchheimer, writing for AARP, interviewed Anthony Pratkanis, a social psychologist at the University of California, Santa Cruz. Pratkanis noted, “When protectors take over finances or lecture parents about their mistake, it plays right into the scammers’ hands by threatening the target’s independence.” In other words, as Pratkanis said, “[F]or scam victims to admit they were wrong means they’re stupid and unable to take care of themselves.”

Some scams are harder to detect than others, and some perpetrators are experts at what they do. Don’t blame the victim.

Instead, take a look in the mirror, because there are things you can to do protect them ahead of time from fraudulent scams. For example, as Kirchheimer counsels in his article:

  1. Don’t just tell them to hang up or throw out the letter. Have a talk about why.
  2. Try some reverse psychology. Kirchheimer states, “If you become aware that an aged parent is playing a sweepstakes or making a ‘double your money’ investment, ask how you can do the same. Psychologists say this tactic sometimes prompts a warning—your parent doesn’t want you to lose money, too. That’s your cue to ask, ‘Then why do you do it?’ This could start a conversation that helps the parent come to terms with the scam.”
  3. Consider setting up online access to their bank and credit card accounts and check their credit report regularly. It’s generally easier to fix problems when you discover them sooner.

If someone you care about falls victim, you or they can call the AARP Fraud Fighter Call Center at 800-646-2283. You message will probably be returned within 48 hours.

Can You Detect a Scam? | Identifying Phishing Examples

Some scams are harder to detect than others, and some perpetrators are expert at what they do. Still, some red flags make some scams are pretty obvious. For example:

1. Emails or Calls that Ask for Personal Information

Computer help desks do not have to ask you to read information from your computer screen if they are already monitoring your computer and calling you to tell you that something is wrong.

Banks, credit card companies and other financial institutions do not email you asking you to sign into your account using a link contained in the email.Or, an “important update on your account” will require you to update your personal information through a link. In these cases, it is probably best to pick up the phone and call your bank to verify the email and update the information by phone.

If you ever get an email like the one below, for example, you can be sure it is not really from Bank of America.

Fraudulent emails that purport to be from a company, by the way, rarely use email addresses that end with the company name. The one above, for example, was sent by someone using a “comcast.net” email address. Learning how to identify phishing examples takes practice, but some are easier to spot than others. For example, Bank of America can afford a custom email domain and will not send emails from domains such as Gmail, Hotmail, Yahoo or AOL.

Use a site like domaintools.com or my-ip-tools.com to find out who owns which domain name. Companies with domains ending in “.edu” or “.gov” are usually much more reliable than those ending in “.com,” “.org,” and “.net.”

2. Bad Grammer… er, Grammar

Emails written with typos or bad grammar are most likely fraud. And if you’re buying products online, check the grammar on the seller’s product listings. Grammatical errors on product listings are a good sign that English isn’t the seller’s first language. While not all international sellers are scammers, be cautious and do a background check on the seller to confirm that they’re not selling you any counterfeit goods. If you want to know how to identify a scam email, start with a quick grammar check.

3. Emails with Big Promises

If a company emails you promising “big winnings,” like a free trip to Fiji or a free iPad, or if they ask you to “enter your email and password, so we can send you further information on how to collect your prize,” it is a scam.

The Secret Service offers these tips for determining telemarketing fraud:

  1. High-pressure sales tactics
  2. Insistence on an immediate decision
  3. Too-good-to-be-true offers
  4. A request for your credit card number for any purpose other than to make a purchase
  5. An offer to send someone to your home or office to pick up the money (or some other method such as overnight mail to get your funds more quickly)
  6. A statement that something is “free,” followed by a requirement that you pay for something
  7. An investment that is “without risk”
  8. Unwillingness to provide written information or references (such as a bank or names of satisfied customers in your area) that you can contact
  9. A suggestion that you should make a purchase or investment on the basis of “trust”

4. Emails with Generic Greetings

First impressions are everything. If an email starts with “Hi,” “Hello,” or doesn’t refer to you by name, you should be cautious. If you are a Bank of America customer, for example, then it’s likely that Bank of America will greet you by name.

5. No Contact Details

If an email signature doesn’t have proper contact details, then it may be a scammer. Reputable companies will leave their contact information, such as an office telephone number and extension. If the email just has a person’s name and a potentially fake title, you should probably reconsider.

6. Threatening Language

You may have seen the Youtube videos of scammers that call random numbers pretending to be from the IRS or a sheriff’s department. They claim that the person is in trouble and must provide their bank account information in order to avoid arrest. Urgent and sometimes threatening messages or phone calls can be a major sign of phishing.

In addition, if an email has attached photocopies of account “evidence” or government documents, it’s important to know that photocopies are not legitimate forms of verification.

Fraud Prevention | Be Part of the Solution

If you receive a phone call or email that you think is a scam, and if you have a few extra minutes, you may want to check out one or more of these resources:

  • 419eather: This is a great general resource for those who want to learn more about these scams and how to fight them.
  • Kitboga: He is a fun YouTuber who wastes the time of scammers.
  • Rescam:  If you get an email you think is a scam, just send forward it to Rescam by sending it to me@rescam.org. Rescam uses artificial intelligence intelligence to start a long, drawn out email conversation with the scammer, to waste her or his time.
  • The National Do Not Call Registry: The National Do Not Call Registry is managed by the Federal Trade Commission (FTC), the nation’s consumer protection agency. Sign up and legitimate phone solicitors should stop calling you. This will not, however, stop scammers.
  • There are also paid and unpaid services (including apps) that you can get.  Examples include Hiya Caller ID, Nomorobo Robocall Blocking and RoboKiller.

In the end, if don’t know how to identify a scam email, or if you fall for a scam, don’t beat yourself up. Seek help immediately.

Think at least twice before sharing your personal information with anyone or clicking on any attachment to any email you may receive.

The best fraud protection is common sense. Consider freezing your credit and using credit monitoring and identity protection services; use very strong, long (and different) passwords on each of your financial accounts; and, when it comes to inbound calls or emails, follow that old rule: don’t talk to strangers.

[Editor’s Note: To learn more about this and related topics, you may want to attend the following webinars: Data Breach Response: Before and After the Breach and How to Build and Implement Your Company’s Information Security Program. This is an updated version of an article that originally appeared on March 6, 2018.]

Like what you just read?

Then sign up to receive our weekly Financial Poise newsletter, our take on the most relevant and topical business, financial and legal issues affecting investors and small business owners.

Always Plain English. Always Objective. Always FREE.

About Sophie Friedland

A passionate environmentalist and animal rights' advocate, Sophie Friedland is dedicated to the idea that furthering these imperatives and being financially successful are not mutually exclusive. A college Freshman at the time of her first submission to Financial Poise, Sophie is Financial Poise's youngest-ever contributor.

View all articles by Sophie »

>