On this episode of the Best Life Podcast, Tony speaks with Altra Federal Credit Union’s Fraud Department Manager Crystal Clark to learn more about recognizing and avoiding potential scams and fraud trying to get at your accounts and your personal information. In their discussion, you’ll learn about the rise of imposter scams, what the FBI is calling “The Phantom Hacker Scam,” and the worst kind of stuffing you can experience and that’s credential stuffing.
Below are some helpful links to learn more and how to recognize and report scams and fraud:
Altra Secure ID, Report Fraud to the Federal Trade Commission, Internet Crime Complaint Center (ic3.gov)
Best Life Podcast: Episode 22 – Scams and Fraud
Full Episode Transcript
(Tony Beyer)
Hello, welcome to the Best Life Podcast where we here at Altra Federal Credit Union are helping you live your best life. I'm your host, Tony Beyer, thank you so much for listening and today we're talking about a very important topic and it's one that if it hasn't affected you one way, shape, or form already, it most certainly will in the future and what we're talking about is fraud and scams, especially related to your finances and your information. So, help us learn what to do and what not to do and what to be on the lookout for, we're fortunate to be joined by Crystal Clark, our Fraud Department Manager here at Altra Federal Credit Union to help us learn how to stay safe. Thank you so much for taking the time to be on the podcast Crystal!
(Crystal Clark)
Thank you so much for having me.
(Tony Beyer)
It's our pleasure to have you here Crystal. So, I wanted to ask you as someone that is dealing with fraud, you know, all the time here with your role at Altra, has there been any fraud or scams that have been on the rise or anything our listeners should be aware of?
(Crystal Clark)
Sure. So, as you said, we deal with all types of fraud and scams they're ongoing and relentless, and there are a million different types of scams out there. So, unfortunately, we won't be able to cover them all today, but scams do have some common flags to them that you can identify and there are certainly some that are becoming more popular. Right now, we are seeing a lot of social engineering type of scams. So, social engineering is when fraudsters impersonate people that you know, and then utilize that trust to get you to give out information about yourself, that potentially could compromise your personal information or your accounts. So, the most common types of scams we've seen an uptick in recently, are tech support scams, those are extremely common, especially with our elderly population who maybe aren't as tech savvy. Those involve “pop-ups” that you receive on your computer or your device claiming that your computer is infected with a virus, and so it exploits that fear that people have that there could be malware or viruses on their computer, and so they immediately call the number on those “pop-ups,” and when you call that number, you're reaching out to a fraudster. So, the big thing with the tech support scam is, don't click on those “pop-ups.” If you receive some sort of a message that indicates that you've got a virus either, A.) you do an antivirus scan on your computer or device. Most people on their computers have some sort of antivirus so you can run that to see if there's any sort of vulnerabilities there, or you can contact your antivirus provider directly to get information to find out if they've sent any sort of communications to you, but don't call the number. Don't click a link, don't download anything. The way that those tech support scams is once you reach out to them, they indicate that there has been some sort of virus on your computer. They talk you into downloading “shadow software” onto your computer, so then they can shadow your computer, and then they typically have you log on to your online banking. So, they can see where you bank. They can see your balances in your account and typically they try and indicate that they’ve sent you some sort of a refund but have overpaid you, and then get you to send money back to them and that's how that scam works.
(Tony Beyer)
Okay. Okay.
(Crystal Clark)
There are other types of impersonator scams as well. Some common ones are your financial institution as well as government officials, so, like your law enforcement, IRS, Social Security. Again, they're impersonating companies or organizations that you trust and to kind of get you to do the same thing, to get your credentials, get into your accounts, or to have them send you money.
The biggest development in some of this is they've incorporated all of that together. Now, FBI are calling that the “Phantom Hacker Scam” is what they've coined it, and it combines tech support scams with financial impersonators and law enforcement to give it all credibility. So, you might start off with the tech support scam and then they say: “Oh, I'm going to connect you with your financial’s fraud department,” and they'll have someone call you claiming to be from your financial’s fraud department and they tell you that: “You need to send money to secure your account,” and then you might receive another follow-up call from a scammer who claims to be from law enforcement who indicates that yep, we know that you've been scammed, we'll try and recover the money but you need to send us money first. So, it's kind of a continual ongoing cycle of scams.
(Tony Beyer)
Oh wow! And it really sounds like they're coming at you from all angles, that seems like a very multi-faceted scam and everything going on, and with technology, I'm sure it's becoming easier for people to take advantage of those who may not be as tech savvy as well. And you mentioned overpayment, I wanted to ask you about that. If you get overpaid, whether that be you're selling an item, the refund like you mentioned, is overpayment, is that pretty much an automatic red flag when it comes to scams?
(Crystal Clark)
Correct. Any sort of overpayment should be a big red flag in your mind, to say: “This is not legitimate.” It could be a job scam, where you've been, given funds in a new job to purchase equipment and then keep the rest for yourself, or send funds somewhere to make a purchase for something for business expenses and keep the rest, that technically is an overpayment, right? Your employer should be paying for those expenses directly and your payroll should come separately, or for like a mystery shopper scam, if you've been sent funds to mystery shop a money order service, you're technically sending funds somewhere and being told to keep the rest as your incentive for that mystery stopper scam. All of those are overpayments in some way, where you're being told to keep a portion and send a portion somewhere else. Anytime you have that scenario, it's going to be a scam.
(Tony Beyer)
Sure, sure, and that makes sense and Crystal, talking about technology, again, we are a very online connected world and, what are some things that people should do to protect themselves online or what are some things that people shouldn't do or shouldn't put out there when it comes to technology?
(Crystal Clark)
So, we always suggest that you don't share personal information online, it opens yourself up to possible danger. So, the less potential information you can share on social media or online in any way, shape, or form, the better. What you put online is always out there, so, you have to remember, it could be cached on a data server somewhere, somebody could have taken a screenshot of it, but also think about what you're sharing as far as your personal information, with businesses, websites, and apps too. Like, if you're sharing your location, your access to photos, if you're allowing all cookies, instead of the essential cookies, all of those businesses, are gathering information about you as well, and you have to think, could potentially be a breach of that information at some point in time in the future. You also want to be very careful about using public Wi-Fi as well and not entering private information or accessing sensitive sites like financial sites on public Wi-Fi. You're better off using your phone's data or waiting until you can get to a private Wi-Fi Source
(Tony Beyer)
All great information. Yeah.
(Crystal Clark)
Additionally, I just want to put a plug out there for your credentials that you use for online sites as well. So, it's really important to use complex, username and passwords make them unique and make them long and strong, and that also includes usernames. There's something called Credential Stuffing where bots can just take common or breached credentials and plug them into different various websites and see what sticks. So, if you're not using unique, strong or complex usernames or passwords, that can be easy for a credential stuffing attack as well as it's important not to share credentials across sites too.
(Tony Beyer)
Yeah, Credential Stuffing, it's not just for Thanksgiving anymore…That's a bad joke, the worst Thanksgiving dish…terrible!
(Crystal Clark)
So, it's also important to make sure that you're not reusing credentials across platforms. So, if your credentials, if one merchant has a data breach, your login credentials could be compromised. If you've used those same credentials at other sites, then those sites’ credentials have been compromised, as well, essentially, so, it's especially important for your sensitive sites, like your financials, not to reuse credentials across different platforms.
(Tony Beyer)
That makes sense, and I mean for the most part, it's not just a scammer or a hacker, somebody just like trying “password1,” “password2,” like, this is being entered into like programs and algorithms, right? Like, and they're doing all this, and they can do it very, very quickly too, right?
(Crystal Clark)
Right. They can, they can enter millions of different combinations in the blink of an eye. It's very easy now with those bots for them to try a variety of different credentials so you just want to make sure that they are strong, complex, and unique.
(Tony Beyer)
Yeah, good advice, and going back to what we mentioned in the beginning of the podcast, how really when it comes to all of this it's no longer of question of if you're going to be a victim of fraud, you know, sometime in your life, it's more of a question of when is it going to happen and just to back that up some numbers from the Federal Trade Commission, they stated that consumers lost more than $10 billion dollars in fraud in 2023, that is a 14% increase from the previous year, 2022, so again, a really important topic and we really appreciate you taking the time. And again, we're speaking with Crystal Clark, she is the Manager of our Fraud Department here at Altra Federal Credit Union. So, I was curious Crystal, are there any other General tips that you would recommend, or what are some things that people should keep in mind when faced with a potential scam or spotting fraud that may be happening.
(Crystal Clark)
Some general things that you can do to protect yourself, is to be cautious of any unsolicited communications. So, if you've received a phone call or a text or an email that you're unsure about, the best thing to do is to independently verify those communications directly with the source so, don't use the communication, use a phone number or an email of the company that you know to be legitimate and definitely don't answer your phone if you don't know who's calling. Caller ID can be spoofed, it can be made to look like anyone. So, if you don't know who's calling let it go to voicemail. Typically, if fraudsters receive a voicemail they'll move on to the next person.
(Tony Beyer)
Yeah. Yeah, all good information.
(Crystal Clark)
Some additional things to think about is to think before you click. If you receive some sort of communication, don't just click on those links, it could download malicious content onto your computer or device. Be very protective of your personal and financial information. If you think about it, your financial is not going to ask you if they're reaching out to you for any personal identifying information, any financial account or card information, or for your passwords, credentials or codes, we have all of that information up front. We're not going to contact you and ask for you to provide it to us. Additionally, things like asking someone to send money in some way or request to shadow your computer or device is always something that you should be cautious of and not do in any sense if you're getting an unsolicited communication.
(Tony Beyer)
Yeah. And we've spoken previously about computer security and computer safety in previous episodes of the Best Life Podcast, you can find those on our website at altra.org and all of your podcast needs, and I remember when we spoke with our computer security expert, he said, with, with all of this, when faced with a potential scam or somebody telling you to do something, you know, you're the one in the driver's seat, you're the one that has that information, you know, you don't have to provide it, you don't have to click on this link or download this attachment, you know? Really, You're the one that's in control,
(Crystal Clark)
Right. Fraudsters, work off of a sense of urgency. They create either a sense of a reward or a threat to get you to act quickly and impulsively before thinking, so always slow down, you're in control, you can stop that communication. You can hang up and validate it. You can reach out to somebody else and ask for advice. We have a Fraud Department here at Altra Federal Credit Union you can reach out to us and ask us our opinion, or even do research online. Sometimes, with a lot of those scams there's good information out on the FTC about it, or if even if you just Google whatever it is and scam you might get good information about it as well.
(Tony Beyer)
If somebody feels that they have been a victim of fraud or that they see, you know, something suspicious on their accounts or something like that, what can an Altra member do or what resources do we have available in those instances?
(Crystal Clark)
So, if you think that you're the victim of a scam or fraud reach out to Altra immediately, that's the biggest thing is don't delay. Reach out to us right away so that we can start investigating and securing your accounts. We do have as mentioned in internal fraud department that we can get those claims started and those investigations started right away and depending on your situation, we'll walk you through step by step what needs to be done to secure your account. We would also recommend reporting any scams to the Federal Trade Commission using their website on ftc.gov, or the FBI's internet complaint center, which is ic3.gov, in addition to potentially reporting any losses through scams to your local law enforcement as well.
(Tony Beyer)
And we'll have that information in the show notes, it'll be right there in the episode description however you're listening to the Best Life Podcast and, if you're listening to us while you're driving, just focus on driving. Wait till it gets to a spot where you're able to stop and able to do that safely here. So, Crystal, we really appreciate you uh taking the time here and we're getting towards the end of the podcast but is there anything or any questions I haven't asked or anything you wanted to mention here at the end about potential scams and also fraud?
(Crystal Clark)
If I can just put in a little plug about making sure that you're taking advantage of any additional security layers that you can set up. A lot of times, there's typically additional security that you can set up on various websites, right. So, there might be a minimum layer of security, like your login credentials, the user ID and password. However, a lot of sites have what's called multi-factor authentication and that can look like anything from a one-time passcode to biometrics to an authenticator app that provides an additional layer of security in case your credentials have been compromised in some way. Altra also has additional security options that you can opt into as well. So, things that include adding a verbal password to your account so that if you come into an office or call in to our call center, we'll ask you for verbal password before proceeding in verifying your account. You can register for Visa Purchase Alerts, that will alert you to card activity that comes through so that you can be alerted sooner if there's fraudulent activity, you can report that quickly. You can register for online, banking alerts to alert you to login, activity or failed login activity,
(Tony Beyer)
Gotcha, gotcha, excellent information as always Crystal, we really appreciate your time and expertise and being here on the Best Life Podcast. Thank you, Crystal!
(Crystal Clark)
Thanks for having me, Tony.
(Tony Beyer)
On this episode of the Best Life Podcast, we spoke with Crystal Clark, who is the Manager of the Fraud Department at Altra Federal Credit Union.
Well, that's gonna do it for this episode of the Best Life Podcast brought to you by Altra Federal Credit Union. We appreciate you taking a moment to learn how you could live your best life. If you have a question or topic you'd like us to cover, send me an email at tjbeyer@altra.org and who knows, it may even make it to a future episode. Don't forget to follow the Best Life Podcast pretty much wherever you get your podcasts, or find it on our website at altra.org.
Thanks again, be well, and we'll talk to you again soon.
