Learn about fraud and scams to better protect yourself online

Wire transfers are an increasingly popular choice with criminals because of their speed and immediate availability of funds. Once the transaction goes through, it is difficult, if not impossible, to recover the funds.

Businesses need to be especially aware of the risks associated with wire transfers. Criminals have identified opportunities to exploit vulnerabilities with internal business controls around wire processing and email requests. These emails are disguised as a trusted and known entity (vendor, supplier, broker, etc.).

Common red flags of wire transfer fraud include:

• An overt sense of urgency or confidentiality conveyed in the request
• Wire transfer request contains new or modified payment instructions for known entities or individuals
• A wire request was received from an individual at the business who does not usually make these requests
• Suspicious solicitation by email, phone, fax, mail, or from an online acquaintance or business

Reduce your risk of becoming a victim by:

• Confirming the request with the sender verbally at a telephone number that can be verified (not what is provided to you)
• Verify the request is legitimate through a reliable source
• Research the request further if you have any hesitation
• Ask questions

If you still have concerns, do not send the wire transfer.

What do you do if you believe you fell victim to a wire fraud scam?

• Contact Bank of the West immediately (1-800-488-2265, TTY 1-800-659-5495) and request a wire recall due to fraud
• File a report with the Internet Crime Complaint Center at https://bec.ic3.gov/
• Save all of the emails involved with the transaction

Internet thieves attempt to "phish" for confidential information by means of "pop-ups" or emails with internet links to deceive you into disclosing sensitive information (such as account numbers, your Social Security Number, or online banking credentials).

Often the email appears to be from a trusted source, like your bank, and directs you to a "spoof" website that closely resembles the real website that asks you to give sensitive information or even asks you to call a phone number and provide account information.

What you should look out for:

• Unsolicited requests for personal or business information. Bank of the West will never send you emails with embedded links or pop-up windows that ask for confidential information, such as your account numbers, Social Security Number, ATM or debit card number, or PIN.
• Urgent appeals claiming your account may be closed if you fail to respond with your personal or business information. Bank of the West will never ask you to verify information this way.
• Messages about system and security updates claiming the bank needs to confirm important information due to upgrades. The message may state that you must update your information online. Bank of the West will not ask you to verify information this way.
• Offers that sound too good to be true. You may be asked to fill out a short customer service survey in exchange for money being credited to your account. You are then asked to provide your account information. Bank of the West will not conduct a survey this way, and these are often scams.
• Typos and other errors. Be on the lookout for grammatical errors, awkward writing, and poor visual design.

Deliveries may be delayed, but scammers are coming out of the woodwork right on cue—preying on impatient buyers with fake shipping alerts that require “verification” for delivery. In other words, they’re using our reliance on shipping services against us. When you click the link, or fill out the form, they could be installing malware on your computer or phishing for your information to gain access to other accounts.

Don't click on a link sent to you. Instead, go to the original site and request delivery updates from there. Avoid emails with attachments at all costs. Unless someone you know explicitly says they will be sending an email with an attachment, don’t open it.

Another top consumer complaint is about scams that started on social media related to romance scams or economic relief or income opportunities, which often target people who have lost a job or other income because of the pandemic. About half of all romance scam reports to the FTC since 2019 involve social media, usually on Facebook or Instagram.

For more information and tips on how to avoid being scammed while on social media, check out the FTC's data spotlight.

BEC is an increasingly common type of payment fraud scam targeting businesses that regularly perform wire transfers.

In some instances, the fraudster may also use BEC scams to obtain employee, or personally identifiable information, such as W2 forms, that can be used to perpetrate other fraud scam schemes.

The BEC scam may start with a phishing email but is ultimately conducted using a combination of social engineering and infected computers and devices. This allows computer intrusion tactics that help the fraudster identify a business's procedures and protocols, including employees authorized to send wire transfers or release the requested information.

Information obtained through these tactics can include employee email addresses, executive travel calendars, and previous wire details, including frequency, amounts, account numbers, and vendor names.

BEC scams are a compromise or spoof of legitimate business email accounts—often belonging to the Chief Executive Officer or the Chief Financial Officer of a company for the purpose of conducting unauthorized wire transfers or other money movements. After compromising or spoofing the email account, usually via social engineering or malware, the fraudsters can send wire transfer instructions using the victim's email.

BEC scams typically target businesses that conduct wire transfers; however, they may also target businesses that send ACH payments or checks. This depends on the company's standard practices.

Source: http://www.ic3.gov/media/2015/150122.aspx

EAC scams are similar to BEC scams in that the motive and method of execution are the same. However, EAC scams target individuals rather than businesses.

Like BEC scams, EAC scams are typically phishing emails that infect computers and devices, allowing fraudsters to gather personal information such as personal identifying information, frequently contacted financial advisors, and confidential banking information. Once fraudsters have gained this information, email accounts are either taken over or spoofed and used to request unauthorized wire transfers, ACH payments, and even checks.

• EAC scams typically target wealthy or high-profile individuals who have accountants, financial institutions, or other third parties managing their finances. However, anyone can be a victim
• Fraudsters may hack into a legitimate email account, or use "spoof" email accounts, which will appear identical to legitimate email accounts making differences difficult to detect.
• Victims are generally from the U.S. who regularly conduct business, travel to, or have international ties.
• Fraudsters use EAC scams to trick victims to wire money from personal bank accounts.
• Unauthorized wire requests almost always have a sense of urgency, request strict confidentiality, and are flagged as time-sensitive or highly confidential. The emails may be well-written, appear genuine, and align with normal day-to-day operations. However, they could be poorly written, contain typos, and appear suspicious.

Amazon, Microsoft, and the Internal Revenue Service don't call or email you asking for payment via gift cards or wires, nor will they ask to obtain remote access to your computer. Only fraudsters pretending to work for these companies will operate in this way.

This scam typically begins with an unsolicited communication from someone pretending to be Nigerian or foreign government officials. This "official" offers you a percentage in exchange for helping them deposit money in overseas bank accounts. You may be asked to send your account numbers, business letterhead stationery, or other kinds of information via a fax number they provide.

Avoid any offers that involve the complex transfer of funds, particularly those that involve sending money overseas. Don't put your money, business identity, or reputation at stake.

This scam begins with a notice that you are the winner of a lottery or sweepstakes. You may be asked to provide banking details, personal information, and copies of your driver's license or passport to prove your identity and complete the transfer of your winnings. If you give them what they asked for, the scammers will have enough information to steal your identity.

To receive the "winnings," you must first pay a small percentage for fake "taxes" or other fees. The scammer typically instructs the victim to wire advance fees through Western Union. Once the money is transferred, the scammer moves on or requests additional funds, but the "lottery winnings" never appear.

Legitimate lotteries or sweepstakes will not require payment to receive the winnings. Don't respond to emails, letters, or faxes that claim you've won money. Never give your confidential personal or business account information to anyone claiming to hold your "winnings." Participation in foreign lotteries is against the law.

Scammers are manipulating gift cards and tricking individuals into buying cards with no value. Gift card numbers/PINs are all that is needed to use a gift card’s balance. Scammers will ask you to provide the numbers and Pins, so they may take the funds which makes them worthless. They may also scan gift card numbers to use online later, or swap out new cards with used ones — all actions resulting in a useless non-refundable gift card for the customer.

Examples and how to protect yourself:
A customer purchases a gift card. When trying to use the gift card, the recipient finds the balance is zero because a scammer has already used it. Because it is a gift card (managed through a third-party vendor), the company it was purchased from will not provide a refund.

• Look out for gift cards and/or gift card packaging that has been tampered with. Make sure the pin on the card has not been scratched off or the sticker to reveal the card number hasn’t been previously removed.
• If you must activate your gift card online, only do so using the exact website on the back of your card. Scammers can create similar activation sites to collect your gift card information and funds.
• Do not give information to anyone calling and asking for your gift card information or payment via gift card. Government agencies, banks, and other legitimate organizations will never contact you for this information.
• Do not share your gift card number and/or PIN aside from when redeeming at the legitimate company (in person or online).
• Ensure gift card details match information reflected on cashier’s terminal and receipt.

Scammers are using text and follow-up phone calls to scam individuals with notification of fraud alerts. They offer to stop the alleged fraud by having the victim send themselves money via Zelle^®. Using a one-time code provided by the victim, the scammer is able to access a customer’s bank account and direct and receive the victim’s money into the scammer’s account.

Examples and what to look for:
You receive a text message fraud alert that appears to come from your bank about unusual activity. Once you respond to the text, you will receive a call from a scammer pretending to be a representative from your bank. The scammer offers to help stop the alleged fraud by asking you to send money to yourself with Zelle^®. They will then ask you for a one-time code you just received from your bank, which the fraudster uses to enroll their bank account with Zelle^® using your email or phone number. The scammer now can receive your money into their account.

• The request involves using Zelle^® to send money to yourself.
• The request involves excessive urgency, persuasion, pressure, or manipulation.
• The request involves sharing a one-time code.
• You are unable to validate the phone number that supposedly comes from your bank.

Callback phishing occurs when cybercriminals, pretending to be service providers, send you an email stating your subscriptions (e.g., TV, internet or phone) are due to be renewed automatically. When you reach out to the number in the email to stop the automatic payment, they send you a “cancellation” email with malicious links.

Examples and how to protect yourself:
A cybercriminal, pretending to be a regional internet provider, sends you an email telling you that your subscription will be automatically renewed, and payment will be processed with your existing payment method. To prevent auto renewals and payments, you call the number in the phishing email to try to sort out the “mistake.” When you call the number, you speak to cybercriminals who send you a new email with a fake cancellation link that directs you to a website with malware. This malware is then used to launch ransomware on your system, which they use to extort you out of your funds.

• The request involves a sense of urgency or has consequences for not responding quickly.
• The request involves providing or confirming any kind of personal or financial information (incl. credit card information).
• The request contains fake links or spelling errors in the email address or content.

Fraudsters are impersonating customer support agents from online retailers, calling individuals and claiming that large purchases have been made on their accounts. They claim they want to help reverse the charges as soon as possible.

Examples and what to look out for:
A customer support agent from a well-known online retailer calls and claims an order for a smartphone (or other expensive item) has been placed on your account. The caller offers to rectify the issue by refunding the transaction. They request your credit card information and/or remote access to your device(s). Once they have access to your account, they attempt to transfer money out of your bank account. The agent sounds very professional and acts with urgency to “help” fix this issue for you.

Check out the tips below to learn how to avoid such scams

• The request involves excessive urgency, persuasion, pressure, or manipulation.
• The request involves providing or confirming any kind of personal or financial information (incl. credit card information).
• The request involves visiting a website, downloading an app, or providing remote access to your device.
• If you receive any unsolicited calls that require “urgent action,” hang up immediately and call the institution or company using information from their website.

Many investors want in on the newest, seemingly most lucrative investment offer – and right now, fraudsters are using market interest in cryptocurrency to lure investors into scams. They use high-pressure sales tactics and promises of high returns to trick victims out of their savings.

How it works and what to watch out for:
Victims are directed to a specific trading platform to convert their funds into crypto assets, and then encouraged to transfer these assets to a fake investment website to fund an “account.” In some cases, the victim may be instructed to download software to supposedly facilitate asset conversion and transfer, but instead provides fraudsters with remote access to their computer. Using false statements and the illusion of rapid gains, even allowing partial withdrawal of funds to build trust, fraudsters will strongly encourage investors to make additional deposits. Ultimately, requests to withdraw their assets will fail, fraudsters will stop replying to communications and the victim will lose their funds.

Check out the tips below to learn how to avoid such scams

• If you are unable to validate the investment firm’s reputation or the representative’s professional background with your own independent research.
• If the investment representative encourages you to download specific software to supposedly assist with transferring funds or purchasing crypto assets.
• If a company offers to recover funds lost to cryptocurrency fraud; this is often a secondary scam.

During these difficult and uncertain times, unemployment has skyrocketed. Employment scams involve jobs offering easy money, high wages, flexible working hours, or exciting future opportunities. Some of the most common scams include car wrapping, mystery shopping and depositing counterfeit checks.

How it works and what to watch out for:
A fraudster may employ you to help with banking transactions. They may send you a check and ask you to deposit it into your bank account. Then, they will ask you to transfer the money to another account in exchange for a percentage of the original deposit value. When the original check is discovered to be fraudulent, you may find yourself on the hook for its entire value, plus the amount you unknowingly transferred to the fraudster.

Check out the tips below to learn how to avoid such scams

• If the job involves depositing checks or transferring funds.
• If the job is being offered over email or text, with little or no recruiting process.
• If the posting involves words like "guaranteed" or phrases like "easy money."

If you’re considering selling your old devices or last season’s designer clothes online, watch out for "accidental" overpayments that exceed the agreed upon price. These scams involve tricking you into refunding money to a fraudster who has overpaid you with a bad check, stolen card and/or email money transfer (EMT) such as Zelle^®, or wire payment.

How it works and what to watch out for:
A fraudster agrees to buy an unlocked mobile phone from you and “accidentally” sends you a check for more than the agreed-on price. The fraudster then contacts you to request a reimbursement for the excess amount. However, what you don’t know is that the fraudster is using a fraudulent check to buy the phone. You deposit the check using your mobile banking app and then the money appears in your account. Then, you send the excess money back to the buyer by Zelle^®, Venmo, PayPal, etc. When the check bounces a few days later, the money from the sale of the phone and the reimbursement will be gone.

Check out the tips below to learn how to avoid such scams

• If someone pays you more than the price that you agreed on.
• If they immediately request reimbursement for part of the payment.
• If the transaction involves unusual shipping, processing, or customs fees.

When the COVID-19 pandemic began in early 2020 many travel-related businesses, including car rental companies, faced a sudden drop in bookings. As the demand for rental vehicles began to recover in 2021, scammers found new ways to take advantage of unsuspecting customers.

Reports of car rental scams increased in the last few months as more people started to feel comfortable with the idea of travelling. The Federal Trade Commission issued a warning about schemes that use fake car companies, websites, and customer service departments to lure people into making phony reservations.

How it works and what to watch out for:
In a car rental scam, fraudsters create legitimate-looking websites for fake companies that advertise low prices. The website will provide a customer service number to call to verify the fee and make a reservation. However, it’s the way you pay that’s the catch.

The fake rental company will ask that you reserve your vehicle by prepaying with a gift card or prepaid debit card, often claiming there is a special discount or promotion by doing so. Once you’ve provided the card number and PIN, the fraudster can quickly convert the card to cash, leaving you without a car or your money.

Check out the tips below to learn how to avoid such scams

• Companies that ask you to prepay with a gift card or prepaid debit card.
• Deals or promotions that are too good to be true. If you’re suspicious about a deal or promotion, verify with the rental car company by visiting the official website and calling the number on the site.

Criminals have devised counterfeit check schemes targeting attorneys. Scammers will use the names of real companies and create fake email addresses to show a connection to the real company. Scammers will email, fax, or call the law firm requesting legal services in connection with a settlement.

If the attorney responds, the scam begins, and the attorney will eventually receive a fraudulent settlement check (either a fake cashier's or business check). The attorney is asked to deposit the settlement check, keep a retainer fee, and wire the remainder of the settlement to the client's (scammer's) overseas account. The original settlement check is later returned as unpaid, and the attorney is left responsible for the funds wired out of their bank account.

Be suspicious of a solicitation that offers a relatively large fee for minimal work and is outside your usual practice. Scrutinize unsolicited emails and calls from anyone requesting services with whom you've had no prior dealings, particularly if the offer comes from outside the U.S.

Educate your staff to be cautious of these types of schemes. If you accept payment by check, ask for a check from a local bank, or a bank with a local branch. Then, visit the branch and have the bank verify that the check is valid. If a visit isn't possible, call the issuing bank, and verify that the check is valid. You can obtain the issuing bank's valid phone number online or via directory assistance. Monitor your bank accounts and ensure that settlement check(s) you deposit clear the banking system, and you get the funds as expected before you send money to clients.