Social engineering is malicious act to gain access to your personal information

Social Engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking into a website or using technical cracking techniques. Social Engineering may be perpetrated via phone, email or even in person to gain customer account information.

Bank fraud & scams

Spoof websites/Phishing

What is it?

Through the use of fraudulent techniques, internet thieves attempt to "phish" for confidential information. They attempt to steal your information by means of "pop-ups" or emails with internet links to deceive you into disclosing sensitive information (such as account numbers, your Social Security Number, or online banking credentials).

Often the email appears to be from a trusted source, like your bank, and directs you to a "spoof" website that closely resembles the real website that asks you to give sensitive information or even asks you to call a phone number and provide account information.

View fake emails and websites


What you should look out for:


  • Unsolicited requests for personal or business information. Bank of the West will never send you emails with embedded links or pop-up windows that ask for confidential information, such as your account numbers, Social Security Number, ATM or debit card number or PIN

  • Urgent appeals. Claiming your account may be closed if you fail to respond with your personal or business information. Bank of the West will never ask you to verify information in this way

  • Messages about system and security updates. Claiming the bank needs to confirm important information due to upgrades. The message may state that you must update your information online. Bank of the West will not ask you to verify information in this way

  • Offers that sound too good to be true. You may be asked to fill out a short customer service survey in exchange for money being credited to your account. You are then asked to provide your account information. Bank of the West will not conduct a survey in this way, and these are often scams

  • Typos and other errors. Be on the lookout for grammatical errors, awkward writing and poor visual design

Additional resources

We've listed some of the most popular internet scams and some ways to identify them. For more detailed information on internet scams, please visit the Federal Trade Commission (FTC) website www.ftc.gov.

What is Auction Fraud?

Internet auction fraud involves the faking or non-delivery of an advertised product through an internet auction site. Internet auction fraud is among the top-ranking consumer complaints to the FTC.

Take the following steps to protect yourself:

  • Know the auction site you're shopping on
  • Find out what protections the site offers you, such as guarantees for good or services not delivered
  • Never provide your employer identification or driver's license number online
  • Don't provide the account number until you're ready to make your purchase

It's likely that you'll use an online payment method, like PayPal or an escrow service, to complete your purchase. If so:

  • Check out the company handling the payment by reading their website and calling their customer service department
  • Ask about their security policy and terms of service. You need to make sure that you are protected should the seller not deliver

Keep in mind:

  • Be cautious of sellers who pretend to be in the U.S., but later reveal they are they are located out of the country when you are ready to buy
  • Wiring funds directly to the seller leaves you with no options if you become a victim of internet auction fraud. Even wires sent through well-known banks or an escrow service won't protect you

What is Email fraud/SPAM?

For many fraudsters, the purpose of spamming is to get personal or business information that can be used to steal your money and/or your identity. Never send your personal or business information to an unknown source via email. Criminals may try to get information from you or your business by claiming that an offer is only good if you buy now or if you give them your personal or business information right away. No legitimate business would deny you the time to check out their claims.

If you don’t know the source of an email, delete it. Even if a friend or co-worker sends you a link or an attachment, it may be infected.

Keep your computer firewall, anti-virus, and anti-spyware software up to date.

How Nigerian letter/419 scam works

This scam typically begins with an unsolicited communication from someone pretending to be a Nigerian or foreign government officials. This "official" offers you a percentage in exchange for helping them deposit money in overseas bank accounts. You may be asked to send your account numbers, business letterhead stationery, or other kinds of information via a fax number they provide.

Avoid any offers which involve the complex transfer of funds, particularly if it involves sending money overseas. Don’t put your money, business identity or reputation at stake.

How Lottery or Sweepstakes scam works

The scam begins with a notice that you are the winner of a lottery or sweepstakes. You may be asked to provide banking details, personal information, and copies of your driver's license or passport to prove your identity and to complete the transfer of your winnings. If you give them what they've asked for, the scammers will have enough information to steal your identity.

In order to receive the winnings, you must first pay a small percentage for "fake" taxes or other fees. The scammer typically instructs the victim to wire advance fees through Western Union. Once the money is transferred, the scammer moves on or in some cases comes back to request additional funds, but the "lottery winnings" never appear.

Legitimate lotteries or sweepstakes will not require payment to receive the winnings. Don't respond to emails, letters or faxes that claim you've won money. Never give your confidential personal or business account information to anyone claiming to hold your "winnings." Participation in foreign lotteries is against the law.

How Overpayment scam (Counterfeit check) works

Someone responds to your posting or ad, and offers to use a cashier's, personal or corporate check to pay for the item you're selling. At the last minute, the “buyer” or the buyer's "agent" gives you a reason for writing the check for more than the item’s purchase price, and asks you to wire back the difference after you deposit the check. You deposit the check and wire the difference back to the "buyer." Later, the check bounces, leaving you liable for the entire amount.

Know your buyer. With any sale, you should confirm the buyer's name, address, and phone number. Don't accept a check for more than the selling price. If the buyer insists that you wire back funds, end the sale immediately.

What is Collection scam?

Criminals have devised counterfeit check schemes targeting attorneys. Scammers will use the names of real companies and create fake email addresses to show a connection to the real company. Scammers will email, fax, or call the law firm requesting legal services in connection with a settlement.

How it works

If the attorney responds, the scam begins and the attorney will eventually receive a fraudulent settlement check (either a fake cashier's or business check). The attorney is asked to deposit the settlement check, keep a retainer fee and wire the remainder of the settlement to the client's (scammer's) overseas account. The original settlement check is later returned as unpaid and the attorney is left responsible for the funds wired out of their bank account.

Be suspicious of a solicitation that offers a relatively large fee for minimal work and is outside your usual practice. Scrutinize unsolicited emails and calls from anyone requesting services with whom you’ve had no prior dealings, particularly if the offer comes from outside the U.S.

Educate your staff to be cautious of these types of schemes. If you accept payment by check, ask for a check from a local bank, or a bank with a local branch. Then, visit the branch and have the bank verify that the check is valid. If a visit isn’t possible, call the issuing bank and verify that the check is valid. You can obtain the issuing bank's valid phone number online or via directory assistance. Monitor your bank accounts and ensure that settlement check(s) you deposit clear the banking system and you get the funds as expected before you send money to clients.

What is Online job scam?

Another common internet scam involves soliciting people for a “lucrative” position that allows them to work at home or work as an independent agent.

How it works

Scammers will use reputable online job boards to offer work-at-home jobs or accounting positions. These scams may require people to receive money into their existing bank accounts (or open new accounts) and then transfer funds to another account, often overseas. As payment, the job seeker is instructed to keep a small percentage of the transfer.

Be cautious of any employer offering a job without an interview. Most of these offers are check-cashing or shipping scams. Thoroughly research any employer requesting that you transfer funds or receive packages for shipment, especially if they’re located overseas. Don’t provide your Social Security Number or any other personal information unless you’re confident that the employer is legitimate.

Malware


What is it?


Malware or "malicious software," includes viruses, spyware and Trojans that are designed to infect or damage a computer system. Malware is often used to steal personal or business information. There are several easy ways to minimize the risk:


  • Avoid downloads from file sharing and social networking sites
  • Don’t open email attachments or install free software from strangers
  • Don’t click on pop-up ads asking for financial information
  • Regularly update your security and system software

Vishing & Phishing


What is it?


Vishing is the scam practice of using the telephone to get illegal access to private financial information. Phishing is made possible by internet-telephone services which allow computer users to establish phone numbers without verification screening. A customer may receive a fraudulent email stating their online bank accounts have been disabled and asking the caller to dial the provided phone number instead of replying via email. On the call, an automated voice then prompts the caller to enter his/her personal information which goes directly to the vishing scam artist.

Email account compromise (EAC)

EAC scams are similar to the Business Email Compromise (BEC) scams, in that the motive and method of execution is the same. However, EAC scams target individuals rather than businesses.

Like BEC scams, EAC typically are phishing emails that infect computers and devices, allowing fraudsters to gather personal information such as personal identifying information, frequently contacted financial advisors and confidential banking information. Once fraudsters have gained this information, email accounts are either taken over, or spoofed and used to request unauthorized wire transfers, ACH payments, and even checks.

How it works


  • EAC scams typically target wealthy or high profile individuals who have accountants, financial institutions or other third parties manage their finances. However, anyone can be victim

  • Fraudsters may hack into a legitimate email account, or use “spoof” email accounts, which will appear identical to legitimate email accounts making differences difficult to detect

  • Victims are generally from the U.S. who regularly conduct business, travel to, or have international ties

  • Fraudsters use EAC scams to trick victims to wire money from personal bank accounts

  • Unauthorized fraudulent wire transfers have primarily been sent to China, India, or Hong Kong

  • Unauthorized wire requests almost always have a sense of urgency and request strict confidentiality, are flagged as time sensitive or highly confidential. The emails may be are well-written, appear genuine and align with normal day-to-day operations. However, they could be poorly written, contain typos and appear suspicious

Business Email Compromise (BEC)

Business Email Compromise (BEC), also known as Masquerading, is an increasingly common type of scam for payment fraud targeting businesses that regularly perform wire transfers.

In some instances, the fraudster may also use BEC scams to obtain employee, or personally identifiable information, such as W2 forms, that can be used to perpetrate other fraud scam schemes.

The BEC scam may start with a phishing email to, but is ultimately conducted using a combination of social engineering and infected computers and devices. This allows computer intrusion tactics that help the fraudster to identify a business’s normal procedures and protocols, including employees who are authorized to send wire transfers or release requested information.

Information obtained through these tactics can include employee email addresses, executive travel calendars, previous wire details, including frequency, amounts, account numbers, and vendor names.

BEC scams are a compromise or spoof of legitimate business email accounts—often belonging to the Chief Executive Officer or the Chief Financial Officer of a company for the purpose of conducting unauthorized wire transfers or other money movement. After compromising or spoofing the email account, usually via social engineering or malware, the fraudsters are then able to send wire transfer instructions using the victim’s email.

BEC scams typically targets businesses who conduct wire sending wire transfers; however, they may also target businesses that send ACH payments or checks. This depends on the company’s standard practices

Source: http://www.ic3.gov/media/2015/150122.aspx

Money mules

How it works?

Money mules are unsuspecting victims who become middlemen for criminals trying to launder stolen money. Money mules are often recruited with job advertisements for "payment processing agents," "money transfer agents," "local processors," and other similar titles. Criminals recruit mules, send them stolen money and then have the “mule” wire or transfer the money to their accomplices, usually in another country. Mules are unaware that the money they’re sending is stolen.

In some cases, funds from unauthorized wire transfers are directed to money mules’ bank accounts. Money is then transferred from the mule's account to the fraudster. Money mules transfer stolen money either in person, through a courier service, or electronically. Typically, the mule is paid for services with a small part of the money transferred.

Victims of these scams may not only have their bank accounts closed, but are also often held financially responsible for returning the stolen funds. Using the money mule masks the criminal's identity.

Common signs of a money mule scam:

  • Overseas companies requesting “money transfer agents” in the U.S.
  • Opening new bank accounts to receive money from a stranger
  • Accepting large sums of money into your bank account for a new job
  • Transferring or wiring funds from your bank account to strangers

Contact us to report

Fraud or suspicious activity
1-800-488-2265
TTY 1-800-659-5495

Lost or stolen credit cards
1-800-996-2638

Suspicious Bank of the West emails
abuse@bankofthewest.com