Scammers don't just exclusively use the Internet and there are many ways they can steal your identity, credit card number, or even your virtual account information while you're out and about. While we have made several advancements when it comes to card security and the level of encryption payment processors and financial institutions use, it isn't 100% hack proof and can never really be.

Security is a two way street, while one entity may put their best foot forward, the other may not always be on their A game. I have a few basic tips will help you keep your identity and finances safer as you go about your holiday shopping and travel this year that you don't even have to thank me for - but it's the best gift I can give you. 

1. 🎁Leave your cards at home. Almost every financial institution offers a virtual card or virtual wallet compatible card that you can add to your Apple Pay, Google Pay, Samsung Pay or any virtual wallet app on your smart phone. These virtual cards connect to your account, but do not reflect your actual card number and do not have any available account information in their data composition, thus making it much harder for a hacker or scammer to intercept or steal. Set up your virtual wallet of choice and use your phone to tap to pay at any retailer that accepts credit or debit cards.

1.  🎁Use Credit instead of Debit and avoid entering your PIN. Credit card institutions provide more protection for fraud, reimburse victims, and will provide cars security services that a traditional bank or debit account cannot. Since credit isn't linked to your actual monetary wealth, a scammer or hacker stealing your credit card information can easily be rectified by cancelling the card, disputing or stopping the transaction, and contacting your credit card company. Not only this, but reimbursement is much easier to receive than if someone spends your entire bank account balance. If you don't have credit cards or don't have high credit limits, there are options for you as well. 
2. Avoid entering your PIN number into the terminal anywhere that isn't an authorized ATM attached to your financial institution, even if you are simply requesting cash back. Run your card as credit when asked to skip the pin entry or use your virtual wallet app. 🎁Only enter your card information for purchases through secured websites with encryption. You may notice a lock symbol in the upper left hand corner of a website running https protocols. You can click this icon and learn more about the way the website is encrypted and secured. Most banks use 256 bit level encryption, but this isn't entirely necessary for a merchant. Look for security details and verify the merchant before making your purchase. You can easily find business information online, including reviews and disputes made by customers. 
3. 🎁Use Screen Lock and 2 Factor Verification. Your phone is your life. If it's stolen or lost, there goes pretty much all of your sensitive information with it. For this reason, you should always use a screen lock. Biometrics work best as they are unique to you and allow you to create "passkeys' that can be used to unlock and access other accounts securely on other devices using your screen unlock method on your phone. Enable 2 Factor Verification for your accounts in the event that your device is compromised or even just for data. This can be done using a phone number or third party authenticator app. Some platforms also use methods like back up codes. Keep any and all of this information safe by printing it out, storing it in a physical file folder, and removing digital copies. 
4. 🎁Don't post your vacation plans or location on social media. Avoid responding to posts that ask questions about your birthday, full name, etc. Social Media platforms like Facebook and Instagram are set up to attach your location to your posts unless you disable this feature. If you plan on going away for the holidays, don't let would be burglars get a heads up by letting them know exactly how long you plan to be away lest you awaken Christmas morning to the tree and the presents missing. This may seem like common sense, but it's amazing how many people still post their whereabouts in ways that could result in break ins or even potential aggressive robberies. 
5. Make sure these settings are disabled on your children's profiles as well as your own or limit exposure to people that you know well using privacy and blocking settings. The second thing refers to popular 'games' on social media that will ask for these items to discover your 'spirit animal' or something of the sort. Many times, the responses to these questions are easily the answers to security questions that platforms use for account recovery. While it may seem innocent, consider who can access this information before you post it and how it may be used.

6. 🎁Take advantage of Informed Delivery, tracking, and in person package pickup services. If you suspect you have porch pirates or want to preemptively keep your packages safe for yourself or the person you have sent to, there are several free ways to help avoid the situation entirely. Most couriers will allow a ship to store option for consumers, often for no additional cost. You may select this option when purchasing a shipping label online or request it in person. This way, they will hold the package when it arrives until you can physically pick it up in person, completely avoiding the situation where your package is left out as porch pirate bait. If you don't like this option or can't easily access your local post office, UPS store or FedEx location, another option offered by USPS and (in some form) by other couriers is informed delivery. Informed delivery will notify you when a package is ready to be delivered and in the possession of your mail delivery person. From the link in a text or via email, you may arrange for them to hold the package or reschedule the delivery when you will be home to snatch it up before anyone else does. If you don't sign up for this, you can still sign up for free text alerts from all of these services on their website to receive updated shipping and delivery info for yourself and those you may ship to. 

   Before we conclude, I wanted to address those who may be thinking cash is still king when it comes to avoiding some of these things. While cash is indeed a secure option from the data side of things, unfortunately many stores and companies will not always accept cash payments, particularly if change is needed or if using a self checkout. Many organizations have also stopped accepting bills larger than $20 denominations due to the high level of counterfeit fraud, particularly during the holidays.

   If you don't use a bank or credit card, you still have the option of using a prepaid debit card, many of which are sold in popular grocery stores and are provided by well kowm companies like PayPal or NetSpend. Prepaid cards allow you to use digital payment options and make purchases online with a preset amount you can either "load" onto the card in-store using cash or transfer onto the card from your bank account. These cards can still be skimmed or hacked and aren't 100% secure in that regard, however, if you want to make secure purchases using a card or set a budget for your holiday spending, purchasing a prepaid Visa or MasterCard could be the best option for you. 

   
   

🎄And with that, we wish you a safe and secure holiday season. May you have a wonderful Christmas and happy New Year! 

In 2023, victims reported losses up to $10 billion dollars to scams, the highest amount ever reported to the FTC. A 14% increase from 2022.

(Image source and data from ftc.gov)

When we think of hackers and con artists, we usually don't picture the kid next door that goes our lawn or the mailman that has been delivering our mail since we moved in to the neighborhood.

The reality is that ANYONE could potentially be a scammer, con artists, fraudster, or even a malicious hacker just like anyone can become a victim of their craft. 

People also tend to think that only 'stupid' people fall victim to these crimes, and, while scammers overseas will often brag about how 'stupid Americans are' indeed, truthfully it has nothing to do with intelligence, race, gender, or nationality.

Businesses and individuals must be vigilant when it comes to education and protecting themselves from these "attacks". In many cases, even intelligent individuals find themselves dealing with the fallout from a scam or loss of account control, stolen identity, and other fraud.

The persons enacting these crimes are constantly updating their software and their methods, educating eachother and sharing information. One of the most common mistakes is that you have to 'initiate' the scam or performed some kind of action that resulted in the wrong people getting your sensitive information. Unfortunately, it's not as easy as avoiding specific websites or watching for signs that a form is legitimate or not. While being savvy as to some of the tactics these individuals use is definitely helpful, it won't prevent all potential avenues that can be used to lure victims into participating in their master plan.

From legitimate data centers or call centers, your first name, last name, and phone number is easily bought and sold by criminals from legitimate businesses with bad actors within them. Information and data sent between verifiable institutions such as banks can be intercepted and used to make victims think that they are dealing with a legitimate business or customer service agent. 

The holidays is always a crucial time to be on alert and to proceed with caution when it comes to safe guarding your data and using precautions to protect yourself from these bad actors. With several thousand transactions taking place each day leading up to Christmas in brick and mortar stores and online, it isn't surprising that scammers and hackers take advantage of all the holiday chaos. 

As a public service and to safeguard our clients, your clients, and employees, we want to share some resources and information that could save you the headache and financial turmoil of becoming a victim.

While we cannot possibly present every scenario or advise you on how to proceed in every situation that a scammer could come up with, we are well aware of several strategies and methods used by these bad actors and there are ways to throw them off or avoid the potential data loss all together. 

As a side note, the best weapon we have against these individuals is education. The elderly are often targets because they typically aren't tech savvy and have a completely different worldview from growing up in a different era that makes them vulnerable. Education is the best tool we have to fight these individuals looking to take advantage of others and we encourage anyone reading this to pass on this information to friends, family, coworkers, bosses, and so on.

You really just never know who could be next and a lot of these crimes go unreported as the victims feel embarrassed or stupid for falling for it. There is no shame. If you are intelligent, they have to be just as intelligent to get to you if not more so.

These players have been playing the game much longer than you have and it's definitely rigged in their favor. 

• 🔐Write your passwords down in a ledger with your other credentials. Keep the ledger updated. It's easy to store passwords in your Google account or on your devices, but unfortunately this allows a backdoor for someone that has access to your email or your device to now access the account information you have stored on it. No database is 100% safe and hack proof these days, but pen and paper stored in a safe place (not under the keyboard or somewhere people often hide passwords!) cannot be accessed online or through a network account. 

• 🔐Update / change passwords often. This also seems like an annoyance and a pain in the butt that many of us circumvent when password expiration is enforced by our workplace or a specific website. However, changing your password often (and using this opportunity to log out from all devices signed in to that website) can save the headache in the future if someone has unauthorized control / usage of your account. It is important to make each password unique and not a reiteration of the last five passwords, as well. This makes your passwords harder to guess and will kick anyone that you don't want logged into your accounts off of them. Try and change your passwords every 30 days as a general rule of thumb. Avoid common terms and passwords that can easily be guessed. Use combinations of letters, numbers, and symbols (when allowed) to create a difficult to guess password that is also hard to crack, but not impossible. This can significantly reduce the damage of hacked accounts and prevent them, but a determined hacker can always discover the new password. You can never create a hack proof password, but you can make it very hard to do so. 

• 🔐Be suspicious of random calls from banks or seemingly legitimate companies discussing your accounts(s) or requesting sensitive or personal information. The most recent scams have come from seemingly legitimate sources, but they always will either originate from a call or end in one. Scammers know that once they get the victim on the phone they can use charm and intimidation to get the victim to perform the tasks they require from them or share key information they can use against them. Remember, no business, bank, government institution, or legitimate business organization will call you 'out of the blew' without your initiation.

For example, if you request a call back from your financial institution for support and they return your call, that is more likely to be a legitimate call than one made without your knowledge or initiation. Always check the company policies as many will state they will never call you and ask for personal or account information over the phone.

In fact, if you are to receive communications by phone, text, or email from nearly any company in the USA you will have to physically 'opt in' to receive them and those settings can also be verified. 

🔐See this list of the 9 Most Common Call Scams from Synchrony Bank 

• 🔐Beware the Long Cons. Relationship / Romance Scams fit this bill. These scammers are patient, cunning, and will put victims in situations where they may be perceived as an accomplice or they may unknowingly implicate themselves in the crime by laundering money for the scammer or performing other activities to facilitate the scam.

These people often troll dating websites and apps looking for lonely, often elderly singles (but not always - check out this article) that they believe may have a bit of wealth or even younger, accomplished singles - men and women alike. They will create a fake profile that seems appealing to their targets, sometimes even pretending to be celebrities or well known persons, using photos they have stolen from legitimate accounts or tabloids. They will lead the victim to believe that they care about them, develop an ongoing relationship with them, and when they feel the victim is comfortable with them, they will start requesting sums of money for 'travel expenses' or make claims that they need to pay medical bills, can't pay their mortgage, etc. 

These scams can lead not only to financial loss and emotional damages, they have even lead to criminal charges and even death for those unfortunate enough to be caught in them.

Just like a bad relationship, it can be very hard to cut ties with the scammer as they will often retaliate in a nasty way.

If you or someone you know (or you suspect may be) a victim of a scam like this, click here. If you are a dating site / app user and want to know how you can protect yourself, click here. 

• 🔐Verify URLs, do not click / tap URLs in texts from anyone you don't know and double check email addresses before following links or downloading attachments. This is easier said than done and because of the prevalence of these 'phishing' and ransomware scams, scammers have found new ways to get around even the most savvy and vigilant consumers. If you received an unwarranted email or text from what seems to be a legitimate company regarding anything from a missed package 📦 text from USPS or a refund response from Amazon, check the sender - either the email address or phone number. Many times you will notice that the address has some kind of alteration, a misspelling, a dot where their normally wouldn't be, or the attachment/ URL doesn't appear to have anything to do with the alleged purpose of the text or email. If you suspect that you received something strange, always contact the company directly using the contact information on their official website. They will be able to verify the information in their systems (or not).

• 🔐But, do really double check that email address or phone number. Recently, my hometown experienced a scam at a local public highschool that had contracted a construction company to do something for the school. The accountant in charge of paying the invoices received an email from what appeared to be the person they had contracted regarding payment methods for the invoice that they had received. This seemed to be legitimate because the individual had been emailing the contractor back and forth about this the previous day and thought nothing was out of the ordinary when she submitted the cheque using the method the alleged contractor supplied here. The actual contractor eventually followed up and that was when the school realized they had just hired thousands to some account in Africa. This is called interception and it has become more and more prevalent recently. All a scammer needs to do is have access to your inbox or some knowledge of your current communications and affairs to interject their fake email in a way that appears consistent with your conversation. This further reiterates the need to change your password to something hard to guess often and log out of your accounts often along with verification and vigilance. 

• 🔐Update Your Operating System, Apps, and Software. Not everyone needs a complex antivirus license unless you use your home network for work or perform work that includes the usage, viewing, and transfer of sensitive information. Everyone has heard of ransomware attacks against companies and organizations, but the key to preventing these attacks is often very simple. Hospitals, municipalities, and public schools are often prime targets for these attacks as hackers take advantage of the backdoors and exploits within older software and operating systems that have been fixed or addressed in newer updates / versions. Keeping your software up to date on all of your devices can help keep you secure at home and at work. Seems simple enough, yet many big corporations (even our government at times) neglect this simple yet crucial part of device maintenance and security.

The fear that the update may cause data loss or incompatibility issues is largely unfounded when compared to potential ransomware attacks, where, in several cases, victims aren't able to recover their systems even after the ransom has been paid. 

For the record, I am referring to critical updates. Many developers will release optional updates or patches for operating systems and software that you may defer or postpone for a bit (or indefinitely). As Apple has admitted to creating their own system lag and eating memory when it comes to updates for their older devices, it isn't a surprise that Apple users are the most apprehensive to do so. While Apple devices are considered secure due to the nature of the operating system and encryption, these devices can still be hacked and more and more exploits are becoming available for Apple software. So don't wait, do the update. 

• 🔐If they want a wire transfer or gift card payment, It's not legitimate. Back in 2015, I worked as a customer service manager at a local grocery store where my duties included lottery printing and redemption, scratch off sales and redemption, tobacco sales, Western Union transfers, payouts, and money orders, as well as being the person that you went to if you needed assistance or had something to return. I typically ran the counter by myself and multitasked, taking several people at once. I remember it was close to Christmas just like it is now and this older gentleman came in the front doors which had him pass by where I was working the front desk. 

He was on the phone with someone and I could tell he was confused and hesitant. He kept asking whoever was on the other end to repeat what they were saying, but I caught the beginning of the call when he came through the doors. This man had received what he thought to be a legitimate email from Amazon claiming that his 'HD Television purchase has been completed'. 

If you guessed it, he didn't buy a TV from Amazon. So this gentleman was thinking someone has purchased this television on his dime somehow and he needs to contact Amazon to cancel the order and get his refund. This is exactly what the scammer wanted him to do. They knew that he would see the email and immediately take action to 'get his money back.' They provided him with a fake number that directed to them where they pretended to be Amazon customer service reps. 

At some point, the scammer had instructed this man he needed to pay a fine to receive his refund. 

The scammer told the man he would accept specific types of gift cards, such as Google Play or Best Buy gift cards. 

When the man got confused and started asking questions, the scammer switched off his nice customer service character and began to lean into this man in an attempt to pressure him to make the purchase.

The scammer wanted to keep him on the phone throughout the process to ensure that he was doing what the scammer instructed. The scammer knows that if they can keep the person on the phone, they are more likely to do what they want. 

I got the older man's attention and waved at him, all but screaming at him over my customers in line to hang up and that it was a scam. Finally, he turned from the gift card rack and saw me. I could see the look of understanding on his face and he shifted gears, "I do not think that we need to be discussing this any further, goodbye," and he hangs up. 

He was shaken, obviously.  He barely muttered a thanks to me before he walked back out the doors. It was understandable. He came really close to making the first move that could have lead to a domino effect. Scammers will always try and get you for more if they have had success.

They will threaten you and make comments that can lead you to believe you and your family are being surveilled even if they gleaned this information from something you posted on Facebook and forgot about. He did come back and thank me in person, face to face thereafter. I was just happy that I could prevent it from happening.

Unfortunately, I have had more instances where the person making the purchase is so intimidated or convinced that they have to do this that they will lie and argue with those trying to prevent them from being taken advantage of, defending the purchase of 5 $500 Best Buy gift cards to even their financial institution, which will often decline this type of transaction initially. 

No legitimate business or company, organization, or independent contractor will request that you pay them in gift cards of any kind. Scammers ask for this form of payment because once it's purchased, it is virtually untraceable. If it doesn't sound right, it probably isn't. 

🔐Another common relevant scam will involve Western Union Wire Transfers. Scammers will request that the victim pays them in a wire for whatever reason. They will usually provide a fake name and dummy address or use another victim's information and have them pick up the funds to provide the scammer another layer of security. These scammers will call pretending to be your utility company or even a government agency, demanding payment for accounts unpaid. As mentioned before, these entities will never randomly call you - even to demand payment. If you are unsure, look up the company or agency in question and verify the information with them. In many cases, you will find that they don't even accept Western Union payments