Learn about fraud and scams to better protect yourself online

Internet thieves attempt to "phish" for confidential information by means of "pop-ups" or emails with internet links to deceive you into disclosing sensitive information (such as account numbers, your Social Security Number, or online banking credentials).

Often the email appears to be from a trusted source, like your bank, and directs you to a "spoof" website that closely resembles the real website that asks you to give sensitive information or even asks you to call a phone number and provide account information.

What you should look out for:

• Unsolicited requests for personal or business information. Bank of the West will never send you emails with embedded links or pop-up windows that ask for confidential information, such as your account numbers, Social Security Number, ATM or debit card number, or PIN.
• Urgent appeals claiming your account may be closed if you fail to respond with your personal or business information. Bank of the West will never ask you to verify information this way.
• Messages about system and security updates claiming the bank needs to confirm important information due to upgrades. The message may state that you must update your information online. Bank of the West will not ask you to verify information this way.
• Offers that sound too good to be true. You may be asked to fill out a short customer service survey in exchange for money being credited to your account. You are then asked to provide your account information. Bank of the West will not conduct a survey this way, and these are often scams.
• Typos and other errors. Be on the lookout for grammatical errors, awkward writing, and poor visual design.

Mail fraud is on the rise as criminals use stolen keys to open mailboxes, steal checks, and change the payee and amount on them.

The USPS reported earlier this year that 299,020 complaints of mail theft were received between March 2020 and February 2021, a 161% increase from the previous year. According to the United States Postal Inspection Service, 1,079 mail theft cases were reported nationwide in 2021.

Keep your mail and personal information secure

Make it difficult for your mail to be stolen or tampered with. If thieves can’t access your mail, they can’t steal it!

• Buy and install a locking mailbox
  • Get a security camera or camera-equipped doorbell that monitors your mailbox
  • Retrieve your mail promptly every day or ask a trusted person to do so for you
  • Do not leave any outgoing mail with a method of payment or personal information in your mailbox
  • Take bills to a post-office rather than leaving them in your mailbox or placing them in a drop box outside a Post Office
• Sign up for free Informed Delivery® to see incoming mail in your email so you know what can be expected to arrive in that day's mail
  • Make the switch to paperless billing so important bills are never in your mailbox
  • Know your billing cycles, and watch for any missing mail
  • Follow up if bills or new cards do not arrive on time 
• If you’ll be out of town for an extended period of time, submit a request to have the post office hold your mail delivery until you return

What to do if you have fallen victim to mail theft

• Report it to the United States Postal Inspection Service
• Report any fraud incidents to your state’s Attorney General and the Federal Trade Commission
• Set up fraud alerts on your credit reports and monitor them closely

This scam typically begins with a phone call prompting you to speak to an Amazon representative. The fraudster will tell you that you have unauthorized transactions on your Amazon account and ask if you have a laptop or a PC to get a refund. The fraudster will ask to take over your computer via a screen-sharing or other "support" tool, accessing your online banking account to transfer funds from your savings to checking account and then request funds via Zelle®, wire, or gift cards for payment sent to them.

Avoid accepting unanticipated calls from anyone claiming to be from Amazon or any other business, and never allow a third party to share your screen or control your computer unless you are going through a known, secure channel initiated by you. Be particularly alert for any business or individual that requests payment or refund via nontraditional methods. Call the business yourself to validate the information, and never provide your banking credentials to anyone.

Deliveries may be delayed, but scammers are coming out of the woodwork right on cue—preying on impatient buyers with fake shipping alerts that require “verification” for delivery. In other words, they’re using our reliance on shipping services against us. When you click the link, or fill out the form, they could be installing malware on your computer or phishing for your information to gain access to other accounts.

Don't click on a link sent to you. Instead, go to the original site and request delivery updates from there. Avoid emails with attachments at all costs. Unless someone you know explicitly says they will be sending an email with an attachment, don’t open it.

You receive an email message that uses one of these or similar statements:

• We've noticed some suspicious activity or log-in attempts
• Please verify your bank account or debit card number
• Confirm your personal information so we may process your order/refund
• We're having trouble with your current billing, so please click here to make your payment

Don't click on a link that was sent to you. If you need to verify a billing issue, go to the original site and investigate from there. And again, avoid emails with attachments at all costs.

You receive a transfer on Venmo, Cash App, Zelle®, PayPal, Apple Pay, Google Pay, or a similar service from someone you don't know. The amount of this transfer may vary, but will probably be a few hundred dollars. You'll receive a message after the transfer claiming that it was sent by accident, and the sender will ask you to send the money back. You want to do the right thing, so you refund them the "accidental" transfer amount, only to realize later you never received a transfer from them, and now you've lost a few hundred dollars or more.

Don't send it back—tell them to cancel it. If you send funds, they will cancel at their end, and the funds you received are gone, but they have the money you "returned."

Another top consumer complaint is about scams that started on social media related to romance scams or economic relief or income opportunities, which often target people who have lost a job or other income because of the pandemic. About half of all romance scam reports to the FTC since 2019 involve social media, usually on Facebook or Instagram.

For more information and tips on how to avoid being scammed while on social media, check out the FTC's data spotlight.

Prize and lottery scams can start in many ways, but they often begin with an unexpected phone call. The scammers may claim to be from the government or an official-sounding organization. They make wild claims about big winnings and demand payment up front. If you get a call like this, hang up. You probably already know that, but you may know someone who doesn't so give a call to someone who might be a bit isolated and could use a reminder about these scams. The FTC knows that people who talk about scams are less likely to fall for them, and we hope to spark discussions by offering conversation-starting ideas. Here are a few tips you can share about prize and lottery scams when you chat:

• Legitimate contests don't ask you to pay a fee or give your bank account or credit card number to get your prize.
• Never send money by wire transfer, gift card, or cryptocurrency. Anyone who asks you to pay for things that way is a scammer.
• Don't trust caller ID. Scammers can make it look like they're calling from anywhere.
• After you talk, invite your friend or relative to call you back if they have questions, or if they get a surprise phone call. If they say they already spotted a scam or sent money, please ask them to report it to ReportFraud.ftc.gov. You're welcome to file a report for someone if they ask for help.

This scam involves soliciting people for a "lucrative" position that allows them to work from home or as an independent agent.

Scammers will use reputable online job boards to offer work-from-home jobs or accounting positions. These scams may require people to receive money into their existing bank accounts (or open new accounts) and then transfer funds to another account, often overseas. As payment, the job seeker is instructed to keep a small percentage of the transfer.

Be cautious of any employer offering a job without an interview. Most of these offers are check-cashing or shipping scams. Thoroughly research any employer requesting that you transfer funds or receive packages for shipment, especially if they're located overseas. Don't provide your Social Security Number or any other personal information unless you're confident that the employer is legitimate.

Criminals have devised counterfeit check schemes targeting attorneys. Scammers will use the names of real companies and create fake email addresses to show a connection to the real company. Scammers will email, fax, or call the law firm requesting legal services in connection with a settlement.

If the attorney responds, the scam begins, and the attorney will eventually receive a fraudulent settlement check (either a fake cashier's or business check). The attorney is asked to deposit the settlement check, keep a retainer fee, and wire the remainder of the settlement to the client's (scammer's) overseas account. The original settlement check is later returned as unpaid, and the attorney is left responsible for the funds wired out of their bank account.

Be suspicious of a solicitation that offers a relatively large fee for minimal work and is outside your usual practice. Scrutinize unsolicited emails and calls from anyone requesting services with whom you've had no prior dealings, particularly if the offer comes from outside the U.S.

Educate your staff to be cautious of these types of schemes. If you accept payment by check, ask for a check from a local bank, or a bank with a local branch. Then, visit the branch and have the bank verify that the check is valid. If a visit isn't possible, call the issuing bank, and verify that the check is valid. You can obtain the issuing bank's valid phone number online or via directory assistance. Monitor your bank accounts and ensure that settlement check(s) you deposit clear the banking system, and you get the funds as expected before you send money to clients.

Vishing is the scam practice of using the telephone to get illegal access to private financial information. Phishing is made possible by internet-telephone services which allow computer users to establish phone numbers without verification screening. A customer may receive a fraudulent email stating their online bank accounts have been disabled and asking the caller to dial the provided phone number instead of replying via email. On the call, an automated voice then prompts the caller to enter his/her personal information, which goes directly to the vishing scam artist.

BEC is an increasingly common type of payment fraud scam targeting businesses that regularly perform wire transfers.

In some instances, the fraudster may also use BEC scams to obtain employee, or personally identifiable information, such as W2 forms, that can be used to perpetrate other fraud scam schemes.

The BEC scam may start with a phishing email but is ultimately conducted using a combination of social engineering and infected computers and devices. This allows computer intrusion tactics that help the fraudster identify a business's procedures and protocols, including employees authorized to send wire transfers or release the requested information.

Information obtained through these tactics can include employee email addresses, executive travel calendars, and previous wire details, including frequency, amounts, account numbers, and vendor names.

BEC scams are a compromise or spoof of legitimate business email accounts—often belonging to the Chief Executive Officer or the Chief Financial Officer of a company for the purpose of conducting unauthorized wire transfers or other money movements. After compromising or spoofing the email account, usually via social engineering or malware, the fraudsters can send wire transfer instructions using the victim's email.

BEC scams typically target businesses that conduct wire transfers; however, they may also target businesses that send ACH payments or checks. This depends on the company's standard practices.

Source: http://www.ic3.gov/media/2015/150122.aspx

EAC scams are similar to BEC scams in that the motive and method of execution are the same. However, EAC scams target individuals rather than businesses.

Like BEC scams, EAC scams are typically phishing emails that infect computers and devices, allowing fraudsters to gather personal information such as personal identifying information, frequently contacted financial advisors, and confidential banking information. Once fraudsters have gained this information, email accounts are either taken over or spoofed and used to request unauthorized wire transfers, ACH payments, and even checks.

• EAC scams typically target wealthy or high-profile individuals who have accountants, financial institutions, or other third parties managing their finances. However, anyone can be a victim
• Fraudsters may hack into a legitimate email account, or use "spoof" email accounts, which will appear identical to legitimate email accounts making differences difficult to detect.
• Victims are generally from the U.S. who regularly conduct business, travel to, or have international ties.
• Fraudsters use EAC scams to trick victims to wire money from personal bank accounts.
• Unauthorized wire requests almost always have a sense of urgency, request strict confidentiality, and are flagged as time-sensitive or highly confidential. The emails may be well-written, appear genuine, and align with normal day-to-day operations. However, they could be poorly written, contain typos, and appear suspicious.

Amazon, Microsoft, and the Internal Revenue Service don't call or email you asking for payment via gift cards or wires, nor will they ask to obtain remote access to your computer. Only fraudsters pretending to work for these companies will operate in this way.

Wire transfers are an increasingly popular choice with criminals because of their speed and immediate availability of funds. Once the transaction goes through, it is difficult, if not impossible, to recover the funds.

Businesses need to be especially aware of the risks associated with wire transfers. Criminals have identified opportunities to exploit vulnerabilities with internal business controls around wire processing and email requests. These emails are disguised as a trusted and known entity (vendor, supplier, broker, etc.).

Common red flags of wire transfer fraud include:

• An overt sense of urgency or confidentiality conveyed in the request
• Wire transfer request contains new or modified payment instructions for known entities or individuals
• A wire request was received from an individual at the business who does not usually make these requests
• Suspicious solicitation by email, phone, fax, mail, or from an online acquaintance or business

Reduce your risk of becoming a victim by:

• Confirming the request with the sender verbally at a telephone number that can be verified (not what is provided to you)
• Verify the request is legitimate through a reliable source
• Research the request further if you have any hesitation
• Ask questions

If you still have concerns, do not send the wire transfer.

What do you do if you believe you fell victim to a wire fraud scam?

• Contact Bank of the West immediately (1-800-488-2265, TTY 1-800-659-5495) and request a wire recall due to fraud
• File a report with the Internet Crime Complaint Center at https://bec.ic3.gov/
• Save all of the emails involved with the transaction

Money mules are unsuspecting victims who become middlemen for criminals trying to launder stolen money. Money mules are often recruited with job advertisements for "payment processing agents," "money transfer agents," "local processors," and other similar titles. Criminals recruit mules, send them stolen money, and then have the "mule" wire or transfer the money to their accomplices, usually in another country. Mules are unaware that the money they're sending is stolen.

In some cases, funds from unauthorized wire transfers are directed to money mules' bank accounts. Money is then transferred from the mule's account to the fraudster. Money mules transfer stolen money either in person, through a courier service, or electronically. Typically, the mule is paid for services with a small part of the money transferred.

Victims of these scams may not only have their bank accounts closed, but are also often held financially responsible for returning the stolen funds. Using the money mule masks the criminal's identity.

Common signs of a money mule scam:

• Overseas companies requesting "money transfer agents" in the U.S.
• Opening new bank accounts to receive money from a stranger
• Accepting large sums of money into your bank account for a new job
• Transferring or wiring funds from your bank account to strangers

Internet auction fraud involves the faking or non-delivery of an advertised product through an internet auction site. Internet auction fraud is among the top-ranking consumer complaints to the FTC.

Take the following steps to protect yourself:

• Know the auction site you're shopping on
• Find out what protections the site offers you, such as guarantees for goods or services not delivered
• Never provide your employer identification or driver's license number online
• Don't provide the account number until you're ready to make your purchase

You'll likely use an online payment method like PayPal or an escrow service to complete your purchase. If so:

• Check out the company handling the payment by reading their website and calling their customer service department
• Ask about their security policy and terms of service. You need to make sure that you are protected should the seller not deliver

Be cautious of sellers who pretend to be in the U.S., but later reveal they are located out of the country when you are ready to buy. Wiring funds directly to the seller leaves you with no options if you become a victim of internet auction fraud. Even wires sent through well-known banks or an escrow service won't protect you.

For many fraudsters, the purpose of spamming is to get personal or business information that can be used to steal your money and/or your identity. Never send your personal or business information to an unknown source via email. Criminals may try to get information from you or your business by claiming that an offer is only good if you buy now or if you give them your personal or business information right away. No legitimate business would deny you the time to check out their claims.

If you don't know the source of an email, delete it. Even if a friend or co-worker sends you a link or an attachment, it may be infected.

Keep your computer firewall, anti-virus, and anti-spyware software up to date.

This scam typically begins with an unsolicited communication from someone pretending to be Nigerian or foreign government officials. This "official" offers you a percentage in exchange for helping them deposit money in overseas bank accounts. You may be asked to send your account numbers, business letterhead stationery, or other kinds of information via a fax number they provide.

Avoid any offers that involve the complex transfer of funds, particularly those that involve sending money overseas. Don't put your money, business identity, or reputation at stake.

This scam begins with a notice that you are the winner of a lottery or sweepstakes. You may be asked to provide banking details, personal information, and copies of your driver's license or passport to prove your identity and complete the transfer of your winnings. If you give them what they asked for, the scammers will have enough information to steal your identity.

To receive the "winnings," you must first pay a small percentage for fake "taxes" or other fees. The scammer typically instructs the victim to wire advance fees through Western Union. Once the money is transferred, the scammer moves on or requests additional funds, but the "lottery winnings" never appear.

Legitimate lotteries or sweepstakes will not require payment to receive the winnings. Don't respond to emails, letters, or faxes that claim you've won money. Never give your confidential personal or business account information to anyone claiming to hold your "winnings." Participation in foreign lotteries is against the law.

Someone responds to your posting or ad, and offers to use a cashier's, personal, or corporate check to pay for the item you're selling. At the last minute, the “buyer” or the buyer's "agent" gives you a reason for writing the check for more than the item’s purchase price and asks you to wire back the difference after you deposit the check. You deposit the check and wire the difference back to the "buyer." Later, the check bounces, leaving you liable for the entire amount.

Know your buyer. With any sale, you should confirm the buyer's name, address, and phone number. Don't accept a check for more than the selling price. If the buyer insists that you wire back funds, end the sale immediately.