BE ALERT!! Wire Fraud and Social Engineering
Wire fraud and social engineering scams are growing. Social engineering involves the disclosure of personal information such as usernames and passwords, social security numbers or bank account numbers to conduct ID theft and financial fraud. Social Engineering is usually done by phone, email, text messaging or mail.
How to Avoid Being Scammed
The safest way to conduct a financial transaction is to know the person with whom you are dealing. Avoid dealing with someone you do not know, have just met or have any suspicions about.
Don't accept cashier/certified checks or money orders from people you don’t know. The Association cannot determine if an item is fraudulent before it is deposited. If you deposit a check or money order and it is fraudulent, you are responsible.
Never give out personal or financial information such as your social security number, birthdate, credit card number, or bank account number. This information can be used to obtain withdrawals from.your account.
Wire Fraud Scams
Email hacking is being used to create alternative accounts by applying minor changes to the name of the email account.
Hackers will use attachments and links to gain access to emails and other login credentials, along with other personal information. Phishing emails embedded with links and attachments from unknown addresses are the easiest way to get access. Hackers may also target someone at a company with the authority to authorize a wire transfer usually from the company website.
The hacker will send an email with the alternative account information claiming that the account information is being revised or changed. The difference in the spoofed email is very subtle and can easily be mistaken for the legitimate business email address and sender. For example, an extra letter may be added to either the sender’s name or the email address:
Correct email: firstname.lastname@example.org
Fraudulent e-mail addresses: email@example.com or firstname.lastname@example.org
Sometimes, the email will say that the wire transfer is related to “urgent,” “confidential”, or “personal” matters and must not be discussed with any others.
Once the Association receives a wire request, its obligation is to wire the funds to the account number listed, not to the payee name/ address. Funds wired to an alternative account based on the fake wiring instructions are difficult and may be impossible to recover as they may be to off-shore accounts. Because the funds were not paid to the proper party, you may have to pay the funds again.
Protect yourself against wire fraud scams by having proper policies and controls in place. Always call the person or company to verify the wire instructions. Never rely solely on wiring instructions in an email or a phone number in an email as both could be fake. Any fraudulent activity should be immediately reported to the Association and to the FBI thorough its Internet Crime Center at https:/www.ic3.gov.