Fraud Schemes
Protect What You’ve Earned
Stay alert—here are some common forms of fraud and what you can do to prevent them.
Social Engineering
Social Engineering is a technique used to obtain or attempt to obtain access to confidential information by tricking an individual into disclosing the information.
The basic goal of social engineering is to gain unauthorized access to systems or information in order to commit fraud, network intrusion, industrial espionage, identity theft, or simply to disrupt and compromise computer systems.
Common Techniques
- Social Engineering by Phone – Pretexting attacks rely on building a false sense of trust with the victim. The attacker may build a credible story by masquerading as an HR, IT, or medical billing office representative, saying they need you to verify information, when in fact they are looking to steal data to use to stage secondary attacks or commit identity theft.
- Dumpster Diving - Fraudsters sift through trash to get compromising information.
- Online Social Engineering
- Phishing – attacks using email or malicious websites to solicit personal information by posing as a trustworthy organization.
- Vishing – the telephone equivalent of phishing. Advanced vishing attacks can take place completely over voice communications by exploiting Voice over Internet Protocol (VoIP) solutions and broadcasting services. VoIP easily allows caller identity (ID) to be spoofed.
- SMiShing – using SMS/text messaging to direct people to a fraudulent website or to call a phone number.
- Pharming – directing Internet users to a fraudulent website that mimics the appearance of a legitimate one.
- Persuasion - Fraudsters leverage a person's attitudes or beliefs by appealing to logic and reason. A criminal may give themselves a fancy-sounding title to appear credible, target a specific religious or ethnic community, the elderly, or professional group, and/or pitch "once-in-a-lifetime" opportunities.
- Reverse Social Engineering – With this scheme, the fraudster does not initiate contact with the victim. Rather, the victim is tricked into contacting the attacker. The attacker convinces the target that he or she has a problem and that he/she, the attacker, is ready to help solve the problem. The attacker may seem unassuming and respectable, possibly masquerading as a new employee, repair person, or researcher, and even offering credentials to support that identity.
- Shoulder Surfing – Looking over a shoulder to see what someone is typing.
What You Should Do
- NEVER share your username or password with anyone.
- Delete emails and end phone calls immediately when offered anything that demands payment in advance with cash, money orders, credit cards, debit cards, gift cards, Western Union, or any other form of payment.
- Do not trust caller ID. Scammers have technology that lets them display any number or name on your screen. If you are unfamiliar with the number calling, let it go to voicemail so you can decide if the call is important enough to return.
- Properly destroy papers that include a social security number, driver’s license number, or bank account number rather than putting in your garbage or recycling. (Dumpster-diving identity thieves can use your sensitive information to steal your identity.)
- Be skeptical. Do not give offers from strangers the benefit of the doubt. If something seems too good to be true, it probably is.
- Don't be rushed into making a decision.
- Crews Bank & Trust will NEVER call or text you and ask for your username or password.
- If you receive a call that appears to be from our bank, but you are not sure or aren't expecting a call, please hang up and contact us.
- If you receive a text that appears to be from our bank, but you aren't sure or aren't expecting one, please don't click any links in the text and contact us.
- Always be aware of your surroundings. Shield the keypad on the ATM when you enter your PIN and use strong passwords so it’s hard for an observer to guess what you typed on your laptop or mobile device.
Phishing
Phishing attacks use email or malicious websites to collect confidential and financial information or infect your computer with malware and viruses.
Phishing is an attempt to steal information by trying to manipulate or lure you to do something. For example, an attacker may send an email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year (such as natural disasters, epidemics or health scares, economic concerns, political elections, or holidays).
Why do they send these emails?
- Fraudsters are trying to steal information.
- Fraudsters may be trying to install malicious software on your computer. Be sure to keep your computer healthy by installing antivirus software, security updates and turning on your firewall.
Tips for spotting a suspicious/phishing email or text messages:
- It may appear to be from someone important, like the bank.
- It may have an urgent message.
It may have links and attachments that contain malicious software also known as malware. - It may ask for your personal information.
- Poor grammar and sentence structure, misspellings, and inconsistent formatting are other indicators of a possible phishing attempt.
What do I do with these emails?
- Do not respond to these emails or click on links or attachments.
- The bank will not ask for personal information by sending an e-mail.
- If you receive an email appearing to be from our bank, but you are not sure, please contact us.
All other phishing may be reported to The FTC Complaint Assistant or simply delete the email and then delete it again from your deleted items.
Learn more about common scams and how to avoid them
How to recognize and avoid phishing | Federal Trade Commission
Recent scams and how to recognize the warning signs | Federal Trade Commission
Lost or Stolen Visa Debit Cards
Contact us immediately if you believe your card and/or PIN has been lost or stolen, or if you believe that an unauthorized transaction has occurred.