Types of Fraud & How to Recognize Them
Learn how to spot these common scams
Knowledge is power when it comes to protecting yourself from fraud. While fraudsters are constantly looking for new ways to attempt to take your money, personal information or gain access to your accounts, most scams boil down to the same common methods.
By learning how to spot a scam, you can avoid becoming a victim. Click on the tiles below to learn more about these digital and in-person types of fraud. If you believe you have been a victim of fraud, click here to report it.
More types of internet fraud to watch for:
A form of malware targeting both human and technical weaknesses in organizations and individual networks in an effort to deny the availability of critical data and/or systems. Ransomware is frequently delivered through phishing emails to end users, resulting in the rapid encryption of files on a corporate network. When the victim organization determines they are no longer able to access their data, the cyber perpetrator demands the payment of a ransom, typically in virtual currency such as bitcoin, at which time the attacker will purportedly provide an avenue to the victim to regain access to their data.
Malware or Scareware
Malicious software that is intended to damage or disable computers and computer systems. Sometimes scare tactics are used by the perpetrators to solicit funds from victims.
A leak or spill of data that is released from a secure location to an untrusted environment. Data breaches can occur at the personal and corporate levels and involve sensitive, protected or confidential information that is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.
Business Email Compromise (BEC)
A sophisticated scam targeting businesses working with foreign suppliers or companies that regularly perform wire transfers or other electronic payments. The scam is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
Email Account Compromise (EAC)
Similar to BEC, this scam targets the general public and professionals associated with, but not limited to, financial and lending institutions, real estate companies, and law firms. Perpetrators of EAC use compromised emails to request payments to fraudulent locations.
Denial of Service
An interruption of an authorized user's access to any system or network, typically one caused with malicious intent.
Three Common Fraudster Tactics
Fraudsters are skillful at creating unsolicited text messages, emails or links to websites that appear realistic, but they are fake and threaten the security of your accounts if you engage with them.
Fraudsters like to create a sense of urgency or scarcity, so you’ll be less likely to think before you act.
Scammers often pose as authority figures in an attempt to make demands without being questioned. They might even identify themselves as RBFCU employees.
Learn about current fraud trends and how to protect yourself from becoming a victim from Alexander Aguillen, RBFCU Assistant Vice President of Enterprise Fraud Management.
By staying calm in high-stress situations and by giving ourselves a little extra time to think, we’re better able to save ourselves from making costly mistakes.
Fraudsters will try to trick you by posing as reputable companies in order to obtain your personal information, such as passwords or credit card numbers. Learning how to recognize fraudulent RBFCU notifications before taking action can help prevent fraud and save you from making a costly mistake.
Always be cautious when you receive any urgent communication from a financial institution — whether it’s an email, phone call, text message or mobile payment app request. When in doubt, don’t respond to these messages; contact your financial institution instead to verify the message is legitimate. If you treat all messages as potential risks, it will help protect you from falling victim to fraud. Here are some tips to help spot these common scams.
Signs of an Email Scam
The link or text looks suspicious
If you receive a link from a financial institution asking you to click and take an immediate action on your account, pause to verify the link is legitimate before clicking it.
Hover over the link to see where it actually goes. The real URL will display in the bottom left corner or in a pop-up in most web browsers or email programs.
If you think the email might be legitimate, call your financial institution or visit its website directly by typing a URL you know is correct in your web browser’s address bar. Better yet, bookmark the website in your browser, so you can be sure you’re always using the correct link.
If you notice misspelled words, grammatical errors or phrasing that “just doesn’t sound right,” these are also signs that you may have received a phishing email from someone pretending to be your financial institution.
You're pressured to make an immediate decision
Financial institutions won’t email you to verify your username and password or make an immediate payment, but fraudsters will.
If you’re asked to make an urgent decision, be skeptical.
No matter how legitimate an email looks, never reply to an email with personal information like usernames, passwords, one-time passcodes (OTP), PINs, Social Security numbers, or account or credit card numbers.
You're sent an attachment you weren't expecting
Financial institutions won’t send you documents that you aren’t expecting via email, but fraudsters may use attachments as a way to infect your computer with viruses, spyware, malware or ransomware.
If you receive an unsolicited attachment from your financial institution, contact them to verify it’s legitimate before opening it and potentially infecting your computer!
The only exception is if you’ve been communicating with your financial institution regarding a transaction, like finalizing a loan. If you’ve started a transaction, you may receive documents to complete it via email — but only after you’ve initiated contact.
Signs of a Phone Scam
The caller ID doesn't look correct (or maybe it does!)
Fraudsters can manipulate caller ID so a call may look like it’s coming from your financial institution, even if it’s not!
Always be on alert when you receive an incoming call from your financial institution.
It’s OK to hang up — even if you’ve already began a conversation or when the call sounds legitimate — and call your financial institution back at a verified phone number listed on its website or account documents. Don’t worry about being rude — it’s better to be safe!
You're asked to provide personal information
Your financial institutions may ask you for personal information to verify your identity when you call for assistance — but never when you haven’t initiated the call!
Financial institutions will never reach out to you and ask you to provide personal information like usernames, passwords, one-time passcodes (OTP), PINs, Social Security numbers, or account or credit card numbers.
You're asked — or threatened! — to make an urgent decision
Fraudsters rely on creating an urgent or scary situation in order to catch you off-guard and pressure you into making a decision without thinking.
Examples include calling you to tell you your account will be closed or that fraud has been detected — yup, fraudsters will claim they’re trying to help you with fraud to gain your trust!
If your financial institution reaches out to you, don’t provide any personal information and don’t make any snap decisions. Remember, it’s OK to hang up and call your financial institution back at a verified phone number, even when you think the call might be legitimate or you’ve already begun a conversation.
Signs of a Text Message Scam
You're alerted to a serious situation
Oh no! You receive a text message saying there’s a problem with your account, and you should sign in to fix it immediately!
Stop and pause for a second: Financial institutions will never text you and ask you to sign in to your account, or ask you to provide or verify personal information via text message.
Although you may receive text messages from your financial institution regarding things like debit and credit card fraud, transfers, transactions or demographic changes, you’ll never be asked to sign in or provide personal information via text to address those situations.
If you think there may be a problem with your account, you can always contact your financial institution directly to ask.
You're sent a link to click
Your financial institution won’t send you a link to verify your username or password, or ask you to sign in and take action on your account.
Be wary of any text message asking you to sign in to a website. If you think it might be a legitimate text message, contact your financial institution directly by phone. You can also send a secure message or chat with a representative by visiting your financial institution’s website.
Just don’t click that link in the text message — type your financial institution’s verified URL directly in your browser’s address bar or click a bookmarked link instead.
You're asked to text back with personal information
Your financial institution will never text you and ask you to verify or provide personal information like usernames, passwords, one-time passcodes (OTP), PINs, Social Security numbers, or account, debit card or credit card numbers.
Never, ever provide this information via text message or a link sent via text message.
Signs of a Mobile Payment App Scam
You receive a phone call or text about a mobile payment app
Scams where a fraudster asks you to send money via a mobile payment app usually start with a phone call or text message encouraging — or demanding! — immediate payment to avoid a dire consequence.
Stop and pause before sending money: Fraudsters count on scaring you into making rash decisions.
Your financial institution will never contact you and ask for a payment via a mobile payment app like Zelle®, Venmo® or CashApp™. It’s a scam.
If you think there might be trouble with your account, hang up or don’t respond, and contact your financial institution directly via a verified phone number or their website to get assistance.
You're asked to use a mobile payment app to pay someone you don't know
You’re shopping on Facebook® Marketplace or Craigslist®, and see something you’d like to buy. The seller says they’ll hold the item for you — but only if you use a mobile payment app to send them part or all of the item’s cost.
Don’t do it! Mobile payment apps are the same as sending someone cash. If the seller is a scammer, you’ll never see that money again!
Only use a mobile payment app to provide payment to someone you know, like family and friends, and never provide payment to someone until you receive the item. This guide from Facebook has more tips to stay safe when buying and selling on Facebook Marketplace.
You're asked to make an urgent payment via a mobile payment app
You receive a phone call telling you a payment via Zelle®, Venmo® or CashApp™ is needed immediately or you’ll be arrested — or audited by the IRS, or your account will be overdrawn and you’ll incur fees. Hang up, because it’s a scam!
Government agencies and financial institutions will never request money be sent via mobile payment app (or gift cards or other unconventional payment methods). Most won’t call you either; instead, you’ll receive a letter in the mail.
Financial exploitation has been called “the crime of the 21st century” with one study suggesting that older Americans lost at least $2.9 billion to financial exploitation in 20101 by a broad spectrum of perpetrators, including persons they know and trust, as well as strangers.
Money Smart for Older Adults is designed to provide you with information and tips to help prevent common frauds, scams and other types of elder financial exploitation in your community.
Fraud in the News
If you believe you have been a victim of fraud, click here to report it.
1The MetLife Study of Elder Financial Abuse: Crimes of Occasion, Desperation, and Predation against America’s Elders (New York, NY: MetLife, June 2011) [available at https://vtechworks.lib.vt.edu/bitstream/handle/10919/24184/mmi_elder_financial_abuse_2011.pdf].
All trademarks and brand names belong to their respective owners. Use of these trademarks and brand names do not represent endorsement by or association with RBFCU.
RBFCU will never initiate a phone call, email or text message to anyone — members or non-members — asking for your sign-in information, including usernames, passwords, security questions and answers, multifactor authentication (MFA) codes, MFA recovery codes and one-time passcodes (OTP), or other personal information, like account, credit card, debit card or Social Security numbers.
If you receive a suspicious phone call, email or text message, hang up, do not respond to the message, do not click any links, and do not open any attachments. Forward any suspicious emails and text message screenshots to email@example.com, then delete the message. If you believe your account, username or password has been compromised, you should immediately contact RBFCU at 210-945-3300 for assistance. Additionally, members should monitor their accounts regularly and report any suspicious transactions.