While cybercrime often grabs the spotlight, it’s important to remember that criminals are still targeting traditional payment methods like checks, credit cards, and wire transfers.

These scams can cause significant financial harm to both individuals and businesses. Staying up to date on the latest fraud schemes is crucial for protecting your assets and personal information. By staying informed, you can take proactive measures to safeguard yourself, your family and your business against potential losses and ensure your financial security.

Don't fall for scams!

Make your way through Scam City while dodging common scams to keep your money safe. Created by the American Bankers Association.

What is check fraud?

If you mailed a check that was paid/cashed, but the recipient never received it, you may be the victim of check fraud. Individuals and criminal operations are swiping checks from mailboxes or the USPS’s blue drop boxes. Once they have a check that you mailed, they use chemicals to remove the ink on all lines except the signature line (“washing” the check). This allows them to change the amount or make themselves the payee. Then, they deposit or cash your check and steal your money.

How do you protect yourself?

Follow these top 10 ways to protect yourself.  And remember, if there is unusual or suspicious activity, notify us immediately. The sooner you report it, the better chance we have to help recover your funds.  

  1. Whenever possible, switch to secure electronic payment methods (ACH, online banking bill pay).
  2. Use online and mobile banking to monitor your accounts daily/regularly – don’t wait for your monthly statement.
  3. Use text and email alerts on online and mobile banking to notify you of unusual account activity.
  4. Identify any checks “outstanding” and contact the payee to ensure they received your check (place a stop payment with the bank and reissue if needed).
  5. Review your paid check images and ensure the checks were not altered (including the back of the check where it’s endorsed).
  6. Don’t let delivered mail sit in your mailbox. Pick it up right away. Arrange for the USPS to hold mail if you’re out of town.
  7. Use security envelopes, and always take checks to be mailed into the post office – don’t use the blue drop boxes.
  8. Use a pen with black or blue non-erasable gel ink.
  9. Don’t leave blank spaces in the payee or amount lines.
  10. Don’t write personal details, such as your Social Security number, driver’s license or phone number on checks.

Vigilance and timing are vital in battling check fraud! 

What is AI voice clone impersonation?

In today's digital era, the rapid advancements in AI have given birth to voice clones or deepfake voices, leading to a concerning rise in potential scams. As exciting as these technological innovations can be, they also carry significant threats. Here's a dive into the types of scams we can anticipate flourishing due to voice clones and how you can arm yourself against them.

Major AI voice clone scams to watch out for:

BEC (Business Email Compromise) scams: These scams are set to escalate, with fraudsters using AI voice to perfectly imitate CEOs or senior officials. Their main goal? Duping unsuspecting employees into making unauthorized wire transfers or leaking confidential data.

Extortion and Ransom scams: These are perhaps the most alarming. Scammers use AI-generated voice clones to mimic the voices of loved ones, often to convey fake emergencies or crises. The result? Victims may be coerced into paying a ransom, thinking they're helping someone they care about.

Protecting Yourself from AI Voice Scammers

Here are some key ways to identify and prevent falling for these scams:

  • Engage Them with a Random Question: Throw them off with an unexpected question like, "How's the weather in [random city]?" An AI, prepped with specific scripts, will falter.
  • Test Their Musical Abilities: Ask them to hum a tune or sing a song. Current AI voice clones can't match the pitch and variation of genuine human singing.
  • Introduce Humor: Tell a joke and observe the response. AI doesn't truly understand humor, and its response will be off-mark or entirely out of context.
  • Watch for Repetition: AI voice clones tend to regurgitate the same scripted answers. If you notice repeated or eerily similar responses, you're likely dealing with a clone.
  • Call Back: If you receive an unexpected call demanding action or information, hang up and call back on a known, trusted number for that individual or organization.
  • Background Noise Assessment: Listen for inconsistencies in background noise. AI-generated audio might lack ambient sounds typical of a genuine call or might use repetitive background loops. 
  • Trust Your Instincts: If something feels off, it probably is. Always trust your gut feeling and take a moment to evaluate the situation.

Social Media Safety Tips

Preventing AI voice cloning involves safeguarding your voice data much in the same way you'd protect other personal information. As AI and deep learning technologies become more advanced, even short audio samples can be used to recreate a person's voice. 

When considering social media and online sharing, here are some steps individuals can take to protect their voices:

  • Limit Public Videos: Refrain from posting long videos where you're speaking. If you need to share a video, consider using text overlays or subtitles instead of verbal communication.
  • Privacy Settings: Ensure that your social media profiles are set to private, limiting access to known friends and family. Regularly review and update these settings as platforms often undergo changes.
  • Be Mindful of Voice Apps: Be cautious when using voice-based social media applications or features, such as voice tweets or voice messages.
  • Avoid Voice Challenges: Social media platforms sometimes have voice challenges or trends that encourage users to share voice notes or videos. Participating in these can expose your voice to a broader audience.
  • Review Stored Media: Periodically check platforms where you've previously uploaded videos or podcasts. Consider removing or replacing older content, especially if it's no longer relevant.
  • Beware of Voice Phishing: Be cautious of any unsolicited calls or messages asking you to verbally confirm personal information.
  • Educate and Inform: Let friends and family know about the risks of AI voice cloning. The more people are aware, the less likely they are to inadvertently share content that features your voice.
  • Check for Consent: If you're attending events or webinars, or if you're part of podcasts or interviews, always ask how your voice will be used. If possible, get a written agreement that restricts unauthorized distribution or use.
  • Think before you click and share: Who is in your social media network? How well do you really know and trust them? The wider your connections, the more risk you may be opening yourself up to when sharing content about yourself. 

Remember, while these tactics are potential threats, it's essential to be aware of them to put defenses in place. We are continually enhancing our security measures and training personnel to recognize and prevent such attempts. On the user's end, being cautious and verifying any unusual requests independently can be a strong defense against potential AI voice impersonation scams.

What is Tech support fraud? 

It occurs when the subject claims to be associated with a computer software or security company, or even a cable or Internet company, offering technical support to the victim. Phony tech support companies utilize several different methods to contact or lure their victims.

This list is not all inclusive, as the subjects are always varying their schemes.

  • Cold call

  • Pop-up or locked screen

  • Search Engine Optimization: The subject pays to have their company websites appear in the top of search results when a victim searches for technical support

  • URL Hijacking / Typosquatting: The subject relies on mistakes made by the victim when entering a URL, which either causes an “error” or redirects to the subject’s website

Once they have you on the phone, they often try to gain your trust by pretending to be associated with well-known companies or confusing you with a barrage of technical terms. They may ask you to go to your computer and perform a series of complex tasks. Sometimes, they target legitimate computer files and claim that they are viruses. Their tactics are designed to scare you into believing they can help fix your "problem." 

Once they've gained your trust, they may:

Ask you to give them remote access to your computer and then make changes to your settings that could leave your computer vulnerable.

Try to enroll you in a worthless computer maintenance or warranty program.

Ask for credit card information so they can bill you for phony services — or services you could get elsewhere for free.

Trick you into installing malware that could steal sensitive data, like user names and passwords.

Direct you to websites and ask you to enter your credit card number and other personal information.

If you get a call from someone who claims to be a tech support person, hang up and call the company yourself on a phone number you know to be genuine. A caller who creates a sense of urgency or uses high-pressure tactics is probably a scam artist.

Tips to avoid tech support fraud:

Do not give anyone access to your computer, phone, or tablet — nor to your personal or financial information — unless you initiated the contact and know that contact is legitimate.

Examine pop-ups and emails closely for signs that might indicate fraud, such as spelling and grammar mistakes.

Do not rely on caller ID alone to authenticate a caller. Criminals spoof caller ID numbers. They may appear to be calling from a legitimate company or a local number, when they’re not even in the same country as you.

If you think there may be a problem with your computer, phone, or tablet that you aren’t able to resolve on your own, consult with someone you trust or take the device to a business that offers in-person technical support.

Never provide your credit card or financial information to someone who calls and claims to be from tech support.

If a caller pressures you to buy a computer security product or says there is a subscription fee associated with the call, hang up. If you’re concerned about your computer, call your security software company directly and ask for help.

Never give your password on the phone. No legitimate organization calls you and asks for your password.

Put your phone number on the National Do Not Call Registry, and then report illegal sales calls.

What is phishing ?

Phishing attacks aim to deceive individuals into divulging sensitive information like login credentials, credit card numbers, or personal data. With technological advancements, scammers continually refine their tools and techniques for such attacks.

Email phishing is a form of cyber attack that aims to deceive individuals or organizations by masquerading as a trustworthy entity.

Phishers send fraudulent emails that appear to be from reputable sources, such as banks, online services, or government agencies.

These emails often contain alarming or enticing messages to prompt recipients to take immediate action.

Phishing emails may employ various tactics to appear legitimate, such as using official logos, professional language, or personalization.

Attackers often create a sense of urgency or fear to increase the likelihood of recipients falling for the scam.

Phishing attacks can have severe consequences, including identity theft, financial loss, or unauthorized access to sensitive accounts.

To protect against email phishing, it's essential to be cautious when interacting with unsolicited emails, verify the authenticity of email senders, avoid clicking on suspicious links or downloading attachments, and regularly update security software.

Here is a list of email phishing cues to watch out for

Errors:

Spelling and grammar irregularities: Does the message contain Inaccurate spelling or grammar use, including mismatched plurality?

Inconsistency: Are there inconsistencies contained in the email message?

Technical indicator:

Attachment type: Is there a potentially dangerous attachment?

Sender display name and email address: Does a display name hide the real sender or reply-to email addresses?

URL hyperlinking: Is there text that hides the true URL behind the text?

Domain spoofing: Is a domain name used in addresses or links plausibly similar to a legitimate entity's domain?

Visual presentation indicator:

No/minimal branding and logos: Are appropriately branded labeling, symbols, or insignias missing?

Logo imitation or out-of-date branding/logos: Do any branding elements appear to be an imitation or out-of-date?

Unprofessional-looking design or formatting: Does the design and formatting violate any conventional professional practices? Do the design elements appear to be unprofessionally generated?

Security indicators and icons: Are there any markers, images, or logos that imply the security of the email?

Language and content:

Legal language/copyright info/disclaimers: Does the message contain any legal-type language such as copyright information, disclaimers, or tax information?

Distracting detail: Does the email contain details that are superfluous or unrelated to the email’s main premise?

Requests for sensitive information: Does the message contain a request for any sensitive information, including personally identifying information or credentials?

Sense of urgency: Does the message contain time pressure to get users to quickly comply with the request, including implied pressure?

Threatening language: Does the message contain a threat, including an implied threat, such as legal ramifications for inaction?

Generic greeting: Does the message lack a greeting or lack personalization in the message?

Lack of signer details: Does the message lack details about the sender, such as contact information?