During this time of year, there is often a surge in impersonation scams. In these types of scams, the bad guys reach out to you pretending to be someone you trust. Their goal is to get sensitive information like social security numbers, bank information, or account details for various websites. Scammers will change their tactics often, which makes the scams hard to detect.
Email Impersonation Scams
In this type of scam, the scammer will send an email posing as a trusted business, such as Amazon, DHL, USPS, or FedEx. The email will say your account will be suspended or placed on hold, you ordered something expensive (which you know you did not order), or they need to give you information about a shipment. It will usually contain a link or attachment for you to view information about one of these fraudulent lures. When you open the attachment, your computer is infected with malware meant to steal your information. If you click a link, it might take you to a website that looks legitimate to “update your account.” These fake pages usually ask you to login or provide personal information such as payment information. Do not click on any links or provide your information without verifying the email or the link, or better yet, do not click the link in the email, but go straight to the legitimate website in your browser or app. Most sites, like Amazon, have a Message Center which shows you a log of authentic communications sent from them.
Membership Scams
These are unexpected calls, text messages, or emails that tell you there is an issue with your membership and ask you to confirm or cancel a charge. These scammers try to convince you to provide payment or bank account information in order to reinstate a membership for something like Amazon Prime or Costco. Know that these companies should never ask you to provide payment information for products or services over the phone. To verify your membership status or make payments, log into your accounts directly via the web or app and check with them directly.
Tech Support and Hacked Account Scams
Scammers may pose as a customer support representative from a legitimate technology company such as Microsoft or Apple. The scammer may contact you via a phone call, text, email, or a popup window on your computer that instructs you to call a number for “assistance.” Once you call, the scammer will tell you to download software that gives them remote access to your computer. The scammer usually pretends to run a virus scan and falsely claims the computer is at risk of being hacked. Next, they’ll have you open your bank account to determine if there has been any unauthorized charges. This lets the scammer see how much money you have, so they know how much they can scam you for. The scammer the tells you to expect a call from your bank’s fraud department with further instructions.
In the next step, the Bank Representative Imposter calls and falsely claims your computer and financial accounts have been accessed by a foreign hacker and you must move your money to a “safe” third-party account, such as an account with the Federal Reserve or another U.S. Government agency. The victim is then directed to transfer money via a wire transfer, cash, or wire conversion to cryptocurrency, often directly to overseas recipients. The victim is also told not to inform anyone of the real reason they are moving their money. The scammer may instruct the victim to send multiple transactions over a span of days or months.
Finally, a U.S. Government imposter will contact the victim to emphasize that their funds are “unsafe” and they must be moved to a new “alias” account for protection until the victim concedes. Victims have reported losing their entire savings, retirement, and investment accounts under the guise of “protecting” their assets.
Fundraising or Charity Scams
The FBI recently issued a warning urging people to be cautious when donating to charities during the holiday or related to conflicts like the current Israel-HAMAS conflict. Scammers often try to exploit your generosity by posing as legitimate charities or creating new ones. To avoid these charity impersonation scams, research the charity thoroughly before donating. Visit their official websites and avoid donating using cash, gift cards, wire transfers, or cryptocurrency, and remember to never give out your credit card number over the phone.
Government Impersonation scams
The FBI has warned of an increase in government impersonation scams for the past couple years. Scammers will call or email, claiming to be from the FBI, IRS, or other government agencies, and threaten arrest or demand payment. Government agencies will never contact you to demand payment or threaten arrest by email or phone. If you receive a call or email from someone claiming to be from the FBI, IRS, or another government agency, do not provide any personal information or money. Instead, hang up immediately and report it on the appropriate agency’s website.
How to spot Impersonation Scams and Keep Your Information Safe
1. Trust only legitimate sites and apps.
Always go directly to the company’s website or mobile app when looking at order history, customer service, tech support, or if changes are really needed on your account.
2. Be wary of messages that cause urgency or alarm
Scammers usually try to create a sense of urgency to persuade you to do what they’re asking. They often do this by saying something needs to be updated immediately to prevent delays, or that something is on its way to you and you need to act now to stop it. Be on guard any time you get a message or talk with someone who tries to convince you you must act now.
3. Never pay over the phone.
Companies should never ask you to provide payment information, including gift cards (or “verification cards,” as some scammers call them) for products or services over the phone. Again, go to the trusted website or mobile app to make payments.
4. Don’t click links in emails or text messages.
While fake links often contain misspellings or repeated characters, scammers are finding new ways to make fraudulent links look legitimate. Go directly to the company’s website or mobile app for services, orders or to make changes to your account.
5. Verify the person or address sending the email.
Legitimate emails usually contain the company’s web address, such as “@amazon.com,” and not @gmail.com or other email service. In your web browser, hover over the display name under “From” to see full sender address, or on your mobile device, click the name in the “from” to see the address. Look for generic email address, unexpected website names, or website names that look correct but have misspellings or added or substituted characters.