Awareness and Scams

Scammers may try to take advantage of you and come at you from all directions.

They might get in touch by phone, email, postal mail, text, or social media. Protect your money and your identity. Don't share personal information like your bank account number, Social Security number, or date of birth. Learn how to recognize, report and protect yourself from scams. 
What you need to know...
Recently, there’s been an uptick in an old deposit scam. In a micro-deposit scam, crooks reach out to targets with the hopes of gaining access to and "verifying" accounts through small deposits of under a dollar. Many people have already fallen for this scam. That's why we’ve compiled this handy guide on micro-deposit scams, how they play out, and what to do if you’re targeted.

Before jumping into how the scam works, it is important to understand what a micro-deposits are and how members may legitimately receive them.

Micro-deposits are small sums of money transferred online from one financial account to another. The purpose of the deposits is to verify if the account on the receiving end is actually the account the sender intended to reach. Micro-deposits are generally less than $1 and can be as small as $0.02. They are typically deposited in pairs, within one to three business days of linking accounts, two micro-deposits should appear in your account. 

How do micro-deposit scams play out?
Micro-deposit scams can take one of two forms:

  1. Scammers open as many investment accounts as they can, linking each one to a handful of bank accounts. When micro-deposits come in, they quickly transfer the funds to another account before the brokerage company withdraws the deposits. Each micro-deposit may be small, but when multiplied by thousands, scammers can pull in a lot of money before being caught.
  2. Crooks will attempt to link accounts with strings of random numbers, hoping to hit a valid account. When a deposit is verified from an account, they will use additional information about the account holder to withdraw funds from this account as they please. Unfortunately, many people are uninformed about this scam and innocently verify the micro-deposits, giving the scammers free access to their accounts.
What should you do if you're targeted by a micro-deposit scam?
Micro-deposits are small enough to fly under the radar and you may unknowingly verify one with an uninformed click. Here’s what to do if you’ve received a micro-deposit from an unknown source:

  • Do not verify the deposit. Without verification, the scammer won’t know they’ve hit an authentic account.
  • Do not click on any links embedded in the verification request message or download any attachments.
  • Let us know you’ve been targeted by calling 254-776-9550.
  • Report the scam to the Federal Trade Commission at FTC.gov so they can do their part in catching the scammers.
  • Let your friends and family know about the scam so they can be on the alert as well.
Together, we can beat the scammers at their game and protect your accounts and your money. 
Beware of stimulus and tax scams!
Stimulus and tax season are happening at once and scammers couldn't be happier! They know that taxpayers are eager to get their hands on their stimulus payments and tax refunds. As consumers are working to file their taxes before the deadline, all that paperwork and payments mean people may be letting their guard down. For a scammer, nothing could be better!

The IRS is warning of a surge in scams as the tax agency continues processing tax returns and distributing stimulus payments to eligible adults who have not yet received them.

How the scams play out
In the most recent IRS-related scams, scammers will con victims into filing phony tax returns, steal tax refunds or stimulus payments or impersonate the IRS to get victims to sign documents or share personal information, such as Social Security numbers or checking account numbers. Scams are pulled off via email, text message or phone. Sometimes, victims will be directed to another (bogus) website where their device will be infected with malware. Other times, the victim receives a 1099-G tax form for unemployment benefits they never claimed or received, because someone has filed for unemployment under their name. Unfortunately, the losses incurred through most of these scams can be difficult or impossible to recover.

What you need to know
Information is your best protection against these scams. Here’s what you need to know about the IRS, the stimulus payments and tax returns:

  • The IRS will never initiate contact by phone or email. If there is an issue with your taxes or stimulus payment, the agency will first communicate via mail. There is no “processing fee” you need to pay before you can receive your stimulus payment or tax refund.
  • The IRS is not sending out text messages about the stimulus payments. If you receive a text message claiming you have a pending stimulus payment, it’s from a scammer.
  • You do not need to take any action to receive your stimulus payment. Likewise, aside from filing your tax return, there is nothing additional you need to do to receive your tax refund.

Have you been targeted
If you receive a suspicious phone call, text message or email that has allegedly been sent by the IRS, do not engage with the scammer. Block the number on your phone and mark the email as spam.

If you fall victim
Are you are the victim of identity theft related to taxes or stimulus payments? There are steps you can take to mitigate the loss.

  • If you received a 1099-G for unemployment benefits you’ve never filed for or received, it’s best not to ignore it. Contact your state’s unemployment office to report the fraud. It should be able to send you a corrected 1099-G showing you did not get any benefits.
  • First, report the scam to the correct authorities. If a fraudulent tax return was filed in your name, the IRS will mail you a Letter 4883C or 6330C to verify your identity. You may also need to call the toll-free number provided on the letter and visit an IRS Taxpayer Assistance Center . After reporting the fraud, you’ll likely need to file a paper tax return. Complete an Identity Theft Affidavit (Form 14039) and attach it to the back of your paper return.
  • If you’ve mistakenly shared your information with a scammer and they’ve stolen your stimulus check, you will likewise need to let the IRS know. Visit Identitytheft.gov where you will receive a personal recovery plan that will hopefully minimize the damage done by the scammer and help you reclaim your lost funds.

Call us
Once you report the scam to authorities, call us. As a member of GENCO, there are services available to you in the event of identity theft or fraud. Visit https://www.gencofcu.org/identity-theft or call us at 254-776-9550 for more information about Identity Theft protection services. Keep your guard up and follow the tips outlined here to prevent yourself from falling victim to one of the many circulating scams. Stay safe!

Congratulations on making it almost all the way through the year!


Now that holiday shopping is in full swing, we wanted to let you know about a few online shopping trends we’ve noticed and give a few tips about how to stay safe online while buying gifts for everyone on your list.


Generally, experts seem to believe that the average American is going to spend less this year – though pandemic restrictions have largely lifted, we’ve entered a new season of economic uncertainty. This means every dollar is even more important, which is why we want to help you protect your hard-earned cash from the scammers and hackers that pop up every year. It’s like they don’t care about the naughty list!

Here is what we think is cheerful and what we think is coal-worthy for shopping online this holiday season:


Merry and Bright

Keeping an eye on your bank statements

Your first line of defense against identity theft and fraud is to pay close attention to your financial records, like bank statements and credit card transactions. You can usually follow this data up-to-the-minute online. Flag any suspicious activity (like being charged for a purchase you didn’t make) and contact the institution immediately.


Knowing how much items should cost

When shopping online, have a general sense of how much the items you want to buy should cost. Not only will that make you a comparison shopping extraordinaire, but you can also get a sense if an online store has prices that are too good to be true. In these cases, you might pay less, but then you might get an item that doesn’t match the description, is a counterfeit, or you might pay and not get any item at all! A little bit of research can help protect you.


Making a cybersecurity list, checking it twice

This year, give yourself the gift of peace of mind by following our Core 4 behaviors:

  1. Protect each account with a unique, complex password that is at least 12 characters long – and use a password manager!
  2. Use multifactor authentication (MFA) for any account that allows it.
  3. Turn on automatic software updates, or install updates as soon as they are available.
  4. Know how to identify phishing attempts, and report phishing messages to your email program, work, or other authorities.


Shopping on public wi-fi

Public wi-fi and computers are convenient, and sometimes necessary to use. However, public wi-fi is not very secure – you shouldn’t ever online shop or access important accounts (like banking) while connected to public wi-fi. If you must buy a few gifts online while away from your home or work network, use a VPN (virtual private network) or mobile hotspot.


Grinch Bots

Last year, a record number of so-called “Grinch Bots” were recorded. These are automated programs that quickly buy up popular toys, sneakers, or other items and then resell the item for a huge mark-up to real people. Of course, buying supposedly new items on a resale market opens you up to an increased risk of fraud and counterfeit goods. The best way to defang Grinch Bots is to refuse to buy from them, and to only buy items from vendors you can verify.


Sharing more than you feel comfortable with

While you need to share data to make a purchase online, you should be wary of any retailer that is requesting more information than you feel comfortable sharing. Oftentimes, you don’t need to fill out every field, and you shouldn’t if you don’t want to. If an online store requires you to share more information than you want, find another retailer on the internet – or in real life!


Keep the spirit of cybersecurity going all year long

These are some great tips for shopping safe online for the holidays, but they are also sensible habits to follow no matter what month it is. Want to make some cybersecurity resolutions for the new year? It’s easy – we promise! Check out our cybersecurity basics page to learn more!





You're not the only one joyfully anticipating the holiday season. Cyber criminals are all aflutter, too, as they look forward to the killing they'll make ripping off innocent shoppers like you.
Here are some of the most common ways these thieves operate, because awareness can help you avoid becoming yet another victim.

Antisocial media
Beware those enticing ads that turn up on Facebook and other social media sites offering vouchers, gift cards and deep discounts, as well as the online surveys these ads often link to. These offers are often only empty promises designed to steal your personal information. Additionally, if you receive concert, theater or sporting event tickets as a gift, never post pictures of them online. Cyber thieves spend lots of time monitoring social media, just waiting for the opportunity to create phony tickets they can resell from your barcode image. If your ticket is resold, you might just find yourself out of a seat on the night of your event. It's also unwise to post live from an event that gives criminals a heads-up that your home is empty and ripe for picking. Better to wait until the next day to post about the wonderful time you had.

Pandora's inbox
It may be a mystery to you how cyber thieves got your private email address, but it's chillingly clear they're up to no good. Your inbox may fill up with all kinds of legitimate-looking product offers and delivery notices this holiday season, but clicking on links of bogus ones or entering personal information on the linked sites can provide criminals with the opportunity to steal your identity.

Apps are far from immune
With mobile apps available for just about everything, it's a sad sign of the times that certain free mobile apps (often disguised as games) have been specifically designed to steal personal information from your phone. This is a particularly scary development since many people use their phones to secure their cars and homes. For this reason, only install apps from familiar companies and, at the very least, find a third-party review from a trusted site if you're interested in an app from an unfamiliar source.

USB Trojan horses
Lots of people use portable USB drives, which makes it all the more important to avoid those being distributed as giveaways this holiday season unless they're from a trusted source. These innocent-looking devices are often used as a method of introducing malware to computers.

Gifts that keep on giving ... to criminals
A spirit of generosity is traditional at holiday time, but if you're not careful, your donations may never make it to the needy. Fake charities that skillfully tug at your heartstrings abound at this time of year, just waiting for you to willingly give your hard-earned cash to scammers. Before donating, be sure to check out charities thoroughly, to make sure that they're not only legitimate, but also that they allocate the bulk of funds toward their causes rather than “administrative costs.”

Tips to avoid holiday scams
These strategies will also help keep you a step ahead of scammers:
  • Only shop online with reputable businesses you trust, using secure websites with an address that begins with https.
  • Don't shop or bank over public Wi-Fi.
  • Protect your credit card privacy by covering your account number with your hand when shopping in public
  • Don't respond to suspicious unsolicited calls or emails. Only open email attachments from senders you trust, and contact businesses only through their official websites, phone numbers or email addresses.
  • Monitor your credit to catch fraud at its earliest stages.
  • Scammers may be smart, but you can still outsmart them. A little foreknowledge and caution go a long way toward ensuring you'll enjoy a safe and memorable holiday season.
© Copyright 2016 NerdWallet, Inc. All Rights Reserved
Hello, Summer!

It’s the season of flip-flops and ice pops, of sun-drenched afternoons and lazy days at the beach. Unfortunately, summertime is also prime time for scammers. People are more relaxed, schedules are looser and vacationers are traveling in unfamiliar locations. All of this can lead people to let their guard down during the summer, and the scammers know it.

Don’t fall victim to a summer scam! Follow these tips to stay safe.

1. Never pay for a “prize” vacation - The Classic Summer Scam
So you won an all-expense-paid trip to Aruba or a whirlwind weekend in a remote French chalet? All you have to do is pay a small fee to reserve your prize. Although it sounds like a dream come true, if you commit to the deal, you’ll be caught up in a nightmare. If you’re asked to pay even a small fee to claim a free vacation prize, you’re looking at a scam. A legitimate company will never ask winners to pay a fee for a prize.

2. Use credit cards when traveling - Protection from Summer Scams
A credit card will offer you the most protection in case something goes wrong. You’ll be able to dispute unauthorized charges, and in most cases, reclaim your lost funds. To learn more about GENCO credit cards, click here.

3. Ignore celebrity messages - The Fame Effect Summer Scam
Celebrities might have a direct line with the public through their social media platforms, but don’t believe a private message appearing to be from your favorite movie star, singer or athlete. Direct messages from "celebrities" asking for money for a charity, or claiming you’ve won a prize, but need to pay a processing fee, is a scam.

4. Check for skimmers at the pump - Skimmer Summer Scam
If you’ll be spending a lot of time on the road this summer, and pumping gas in unfamiliar places, it’s a good idea to check the card reader for skimmers before going ahead with your transaction. A card skimmer will read your credit or debit card information, enabling a scammer to empty your accounts. Here’s how to check for a skimmer on a card reader:

  • Try to wiggle the card reader; this should dislodge a skimmer if there is one.
  • Check the keypad to see if it looks newer than the rest of the card reader.
  • Touch the surface of the keypad to see if it’s raised.
  • Never use your debit card PIN number, use credit.
5. Research vacation rentals - Vacation Home Summer Scam
Many vacationers now book stays at private homes instead of hotels, making it easier than ever scammers to target travelers. With a few fake photos and a bogus address, you’ve got yourself a fake vacation rental. In other vacation rental scams, scammers will falsely advertise a rental as a beachfront property, claim that it’s larger or more modern than it is, or promise amenities that are missing when you arrive.

Before booking a vacation rental, read the reviews. If there aren’t any, or they sound fake, you’re likely looking at a scam. Look up the address of the rental to see if it even exists and if the location matches the description listed. You can also ask the owner for more details about the property just to see their reaction; if they sound vague or uneasy, it’s likely a scam. Finally, as mentioned above, use a credit card to pay for the stay so you can dispute the charges if it is a scam.

6. Vet potential contractors - Mr. Fix-It Summer Scam
Contractors who go from door-to-door looking for work are a fairly common summertime sight. Unfortunately, some of these “contractors” are actually scammers looking to con innocent homeowners out of their money. They’ll deliver shoddy work at an inflated price, disappear once a down payment been made, or do more harm than good with their “home improvement” work.

Before hiring a contractor, thoroughly research them, asking for contact info of previous clients, checking out their online presence and looking up the business on the BBB website. It's also a good idea to only work with contractors you've personally sought out. Those that come knocking on your door are likely not the real deal. Finally, if possible, don't agree to pay more than a third of the total cost of a job before work begins. Even then, only pay when you see the materials arrive.

In conclusion...
Don’t let summertime turn into scam-time. If you've been hit by a card skimming device or a scammer managed to get your debit card information, Freeze your debit card through Online Banking and contact GENCO as soon as possible. Stay alert, follow the tips outlined above, and stay safe!


Over the past several years, a crime trend called “bank jugging” or “jugging” has grown in popularity in Texas. Jugging occurs when a suspect(s) watches a financial institution or high-end store and then follows a customer after they leave to steal their money or valuables. Law enforcement has been warning the public about the scheme, and some cities have created a task force to crack down on this crime. Here’s what you need to know about jugging. 

What is bank jugging?

Bank jugging is a term used to describe suspects who sit in financial institutions parking lots watching customers withdraw money from an ATM or go in and out of the financial institution. The suspects then follow the customer and look for an opportunity to take their cash. Similar schemes have also been committed outside of high-end stores that sell jewelry or other valuables. Jugging can be committed by one person, but it’s often carried out by two or more perpetrators. 

Why is it called “jugging?”

The origin of the word isn’t entirely clear. Some reports that the name comes from the nickname of a bank bag. Urban Dictionary defines jugging as “making money” or “stealing.”

How to keep yourself safe:

1. Be on the lookout for individuals backed into parking spaces, who do not exit their vehicle to conduct business.
2. Be ex-tra vigilant when using ATMs, since they typically target these areas.
3. Be vigilant when arriving and departing. Be aware of your surroundings and don’t leave your car or the building if you observe suspicious vehicles parked in or around the park-ing lot.
4. Conceal your money before you leave the credit union.
5. Don't openly carry bank bags, envelopes or coin boxes or leave out them visible in your car.
6. Make banking the last stop of your errands
7. Call 911 if you are being followed.

Cybercriminals like to go phishing, but you don’t have to take the bait.

Phishing is when criminals use fake emails, social media posts or direct messages with the goal of luring you to click on a bad link or download a malicious attachment. If you click on a phishing link or file, you can hand over your personal information to the cybercriminals. A phishing scheme can also install malware onto your device.

No need to fear your inbox, though. Fortunately, it’s easy to avoid a scam email, but only once you know what to look for. With some knowledge, you can outsmart the phishers every day.


See it so you don’t click it.

The signs can be subtle, but once you recognize a phishing attempt you can avoid falling for it. Before clicking any links or downloading attachments, take a few seconds (like literally 4 seconds) and ensure the email looks legit. Here are some quick tips on how to clearly spot a phishing email:

Here are ways you can regain control if your account has been compromised or hacked.


What are some signs that my online account has been hacked?

When hackers strike, acting fast is crucial. But to act fast, you need to determine that one or more of your online accounts has been compromised. Here are some quick tips to see if someone else has gained access to your account:

  1. There are posts you never made on your social network page or your account has sent direct messages that you never wrote. Commonly, these posts may encourage your friends to click on a link, download an app, or buy something through an online store.

  2. A friend, family member or colleague tells you that they received emails from your email address that you never sent.

  3. Your information was lost via a data breach, malware infection or lost/stolen device. Companies are required to tell you if your data was compromised in an incident.

If you believe one or more of your accounts have been compromised, take these steps:

  1. Notify all of your contacts that they may receive spam messages that appear to come from your account or email address. Tell your contacts they shouldn’t open these messages or click on any links from your account. Warn them about the potential for malware. Keep them apprised of the situation as it makes sense; let them know when the situation is cleared up and accounts are secure again.

  2. If you’re concerned your computer is infected, ensure your security software is up to date, and scan your system for malware. Antivirus software will scan your device to check for any security issues.

  3. Change your passwords to all accounts that have been compromised as soon as possible. Also, change your passwords for your other key accounts, like email, social media, and banking. This is especially true if you have reused passwords for different accounts. If you’ve been the victim of an account breach, you should really change your passwords to every online account. Your passwords should be long strings of letters, numbers, and symbols – at least 8 characters. You can use phrases to help remember them (think: “I l0ve country music!”), but the best passwords are ones that aren’t recognizable as words. Use a password manager (sometimes they are included with web browsers or computer operating systems) to store your passwords for you.

Resources


eBay


Facebook


Twitter


Yahoo


Gmail/Google


Paypal


Outlook


YouTube


Protect yourself with these tips:


Keep a clean machine

Keep all software on internet connected devices – including personal computers, smartphones and tablets – current. This reduces the of infection from ransomware and malware. If you don’t want to think about it, configure your devices to automatically update (our recommendation). You can also set your device to notify you when an update is available.


Enable multi-factor authentication

Use 2-factor authentication or multi-factor authentication (like biometrics, security keys or a unique, one-time code through an app on your mobile device) whenever offered.


Use long, unique passwords

Length trumps complexity. A strong passphrase is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember. It’s even better to have long strings of letters, numbers and symbols that aren’t recognizable as words. And, yes, you should have a long, complex password that is unique to each account. Does this sound complicated and hard to remember? Nowadays, it is easier than ever. Use a password manager to take care of it all.


Use a password manager

Shred your password notebooks. The best way to manage unique passwords is through a password manager application. A password manager is software created to manage all your online credentials like usernames and passwords. It stores them in a safe, encrypted database. These programs also generates new passwords when needed. Many of them are free, and some are even built into web browsers and computer operating systems.


Think before you click

Links or attachments in email, tweets, texts, posts, social media messages and online advertising are the easiest way for cyber criminals to get your sensitive information. Be wary of clicking on links or downloading anything that comes from a stranger or that you were not expecting. Take four seconds to examine each email, message, post or text before taking action.


Report phishing

If you’re at the office and a phishing email comes to your work email address, report it to your IT manager or security officer as quickly as possible. If you’re at home and the email came to your personal email address, do not click on any links – even the unsubscribe link! Don’t reply back to the email. Delete the email. You can take your protection a step further and block the sending address from your email program, too.


Use secure Wi-Fi

Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your laptop or smartphone while you are connected. Limit what you do on public WiFi and avoid logging in to key accounts like email and financial services. Consider using a virtual private network (VPN) or a personal/mobile hotspot if you need a more secure connection.


Back it up

Protect your valuable work, music, photos and other digital information by making an electronic copy and storing it safely. If you have a copy of your data and your device falls victim to ransomware or other cyber threats, you can restore the data from a backup. You can back up your data on the cloud (i.e., securely on servers online), or on physical backup devices like external hard drives, or, ideally, both. Use the 3-2-1 rule as a guide to backing up your data. The rule is: keep at least three (3) copies of your data, and store two (2) backup copies on different storage media, with one (1) of them located offsite.


Check your settings

Every time you sign up for a new account, download a new app or get a new device, immediately configure the privacy and security settings to your comfort level for information sharing. Regularly check these settings to make sure they are still configured to your comfort. Additionally, you should audit your apps and software every so often. In the audit, delete those apps you no longer use.


Share with care

Think before posting about yourself and others online. Consider what a post reveals, who might see it and how it might affect you or others. Consider creating an alternate persona that you use for online profiles to limit how much of your own personal information you share.


Victims of credit card skimming are completely blindsided by the theft.


They notice fraudulent charges on their accounts or money withdrawn from their accounts, but their credit and debit cards never left their possession. How did the theft happen?

How Credit Card Skimming Works

Credit card skimming is a type of credit card theft where crooks use a small device to steal credit card information in an otherwise legitimate credit or debit card transaction. When a credit or debit card is swiped through a skimmer, the device captures and stores all the details stored in the card's magnetic stripe. The stripe contains the credit card number and expiration date and the credit card holder's full name. Thieves use the stolen data to make fraudulent charges either online or with a counterfeit credit card.

Credit card skimmers are often placed over the card swipe mechanism on ATMs and gas stations, but they skimmers can be placed over almost any type of credit card reader. With ATMs, the crooks may also place a small, undetectable camera nearby to record you entering your PIN. This gives the thief all the information needed to make fake cards and withdraw cash from the cardholder's checking account.

Occasionally, certain retail and restaurant workers who handle credit cards are recruited to be part of a skimming ring. These workers use a handheld device to skim your credit card during a normal transaction. For example, we routinely hand our cards over to waiters to cover the check for a restaurant. The waiter walks away with our credit cards and, for a dishonest waiter, this is the perfect opportunity to swipe the credit card through a skimmer without being detected.

Once the victim's credit card information is stolen, thieves will either create cloned credit card to make purchases in store, use the account to make online purchases, or sell the information on the internet. Victims of credit card skimming are often unaware of the theft until they notice unauthorized charges on their account, have their card unexpectedly declined, or receive an overdraft notification in the mail.

How to Spot a Credit Card Skimmer

Credit card skimming devices are crafted to blend in seamlessly with the machine it's placed on. Unless you're specifically looking for a skimming device, you may not notice anything out of the ordinary. Look out for credit card skimmers anywhere you swipe your credit card, but especially at gas stations and ATMs. Becoming familiar with the look and feel of regular credit card readers can help you detect when there's something out of place. Here are some ways to detect a credit card skimming device.

A credit card reader that sticks out far past the panel. Skimmers are designed to fit over the existing credit card reader. If you notice a credit card reader that protrudes outside the face of the rest of the machine, it may be a skimmer. This is especially the case when an additional part seems to be affixed to the rest of the credit card reader.

At a gas station, you can compare a suspicious credit card reader to the readers at nearby pumps. If something looks out of the ordinary, avoid paying at the pump. Pay inside or go to another gas station.

Parts of the credit card reader are loose or move when jiggled. The credit card reader should be securely in place. Moving parts are a sign the reader has been tampered with or that a skimming device has been affixed to the existing reader.

A security seal that has been voided. Gas stations often place a security label across the gas pump that lets you know if the cabinet panel on the fuel dispenser has been tampered with. When intact, the label has a flat red, blue or black background. However, once the seal has been broken, the words "Void Open" appears in white. If the seal is broken, it's a sign that someone without authorization has accessed the cabinet. Let the gas station attendant know and do not use the credit card machine at that pump.

A pinpad that's thicker than normal. In addition to a skimming device, thieves may place a fake keypad on top of the real one to capture your keystrokes. This way they can capture your pin or billing zip code in addition to your credit or debit card details. If the keys seem hard to push, eject your card and use another ATM. Use a bank-operated ATM, which is less likely to have a skimmer, rather than an ATM at a store or gas station.

How to Prevent and Detect Credit Card Skimming

Thankfully, many banks and credit card issuers are becoming better at detecting fraudulent transactions and may not process suspicious charges until you verify that you initiated the transaction.

Simply using your credit card puts you at risk of becoming a credit card skimming victim. Credit card skimming incidents can be difficult to detect. Unless you know what you're looking for, it can be extremely difficult to detect skimming devices.

Catching fraudulent charges related to a skimming incident requires you to watch your accounts frequently. Monitor your checking and credit card accounts online at least weekly and immediately report any suspicious activity to your bank or credit card issuer.

Here are a few more tips for avoiding credit card skimming:
  • Watch where you shop. Restaurants, bars, and gas stations seem to be the places where credit card incidents happen most frequently. Retail store self-checkouts and ATMs, especially standalone ATMs (those that aren't at the bank) are also places that skimmers can be found.
  • Check ATMs before using them. At ATMs, skimmers often place a camera within view of the keypad to steal your PIN. These cameras are often tiny and difficult to detect. When you're using an ATM, cover your hand as you type your PIN to keep a camera from catching a view of what you're typing.
  • Don't become a victim of "credit card cleaning" scams, where thieves claim to clean the magnetic strip on your credit card to help it work better. These thieves simply swipe your credit card through a credit card skimmer and take your credit card information.

How to Report a Credit Card Skimming Loss

If you think you've been a victim of credit card skimming, contact your bank or credit card issuer even if you haven't spotted any fraudulent charges. The sooner you report your suspicions, the more you shield yourself from liability of unauthorized charges. Provide as much detail about the possible location of the skimmer, e.g. the location of the ATM or gas station you visited, can help the bank prevent future losses.
Alert the Federal Trade Commission at www.ftc.gov. They often work to break up large credit card skimming rings. Your complaint will help catch the thieves.

You can read more about identity theft .

The first step toward bringing cybercriminals to justice is reporting cybercrime when it happens.


With just a click of a button on your web browser or an email to IT, you can help take a bite out of cybercrime!

It’s true, cybercrime can be difficult to investigate and prosecute because it often crosses legal jurisdictions, even international boundaries. Offenders often disband online criminal operations and launch new ones with new approaches at a rapid clip. This constant churn means authorities can be working one step behind the hackers.

Criminals don’t own the internet, though – responsible digital citizens like you do. Authorities have seriously upped their game since the first viruses, malware, and phishing attacks. Federal, state, and local law enforcement are hyperfocused today on becoming ever more sophisticated about cybercrime. Billions of dollars in resources are devoted to preventing, stopping, and investigating cyber threats. Legislation continues to be passed that further empowers federal, state, and local authorities to bring cybercriminals to justice and show the world that crime doesn’t pay, even on the internet.

But at the end of the day, stopping cybercriminals begins with you. If you are a target of cybercrime, it cannot be rectified unless the authorities are aware of it. This is also true if you were just a potential target of a nefarious attack, like you identified a phishing email or text before clicking any links. Depending on the nature of the attack, reporting a cybercrime can be as simple as selecting a button on your email program.

Remember, you aren’t alone online! You have the power to stop cybercriminals!


Who to contact    -   Local Law Enforcement

Even if you have been the target of a multinational cybercrime, your local law enforcement agency (such as your local police department or sheriff’s office) has an obligation to assist you by taking a formal report. They are also required to make referrals to other agencies, when appropriate. Report your situation as soon as you find out about it. Nowadays, many local agencies have detectives or departments that focus specifically on cybercrime.


Your workplace’s IT department

If the cybercrime happened in a work context, like if you received a suspected phishing email in your work email inbox, you should contact a supervisor or your company’s IT department. It is very important that you report the situation promptly – cybercriminals might be targeting your company at large so early detection can be critical in stopping this.


Your email provider

Deleting spam, malicious messages or any other suspicious emails keeps you safe, but you can bolster your cybersecurity by reporting any serious cybercrime attempt to your email client. Many of the major email services (like Gmail and Outlook) make this very easy to do. You can also block senders, so you can ensure a bad actor email account never contacts you again, but bear in mind, the bad guys change email addresses, and spoof legit ones, faster than a game of Whack-a-Mole.


The Internet Crime Complaint Center (IC3)

You can get the federal government’s help with your issue by contacting IC3. IC3 is a partnership between the Federal Bureau of Investigation (yes, that FBI) and the National White Collar Crime Center (funded, in part, by the Department of Justice’s Bureau of Justice Assistance). IC3 will thoroughly review and evaluate your complaint and refer it to the appropriate federal, state, local or international law enforcement or regulatory agency that has jurisdiction over the matter. File your complaint with the IC3 here.


Federal Trade Commission (FTC)

While the FTC does not resolve individual consumer complaints, it does run the Consumer Sentinel, a secure online database used by civil and criminal law enforcement authorities worldwide to detect patterns of wrong-doing. Nailing down patterns leads to investigations and prosecutions. You can file your complaint to the FTC here.

If you are the victim of identity theft, you can receive additional help through the FTC hotline at 1-877-IDTHEFT (1-877-438-4338). Find more resources aimed at individuals, businesses and law enforcement at identitytheft.gov.


Local victim services provider

Because cybercrime has impacted so many people across the country, many communities in the United States actually have victim advocate initiatives to help you. These advocates can help you with resources, emotional support and advocacy. Find local victims service providers here.


COLLECT AND KEEP EVIDENCE

Dust off your detective hat. You might not be asked to provide evidence when you initially report cybercrime, but it is imperative that you keep any evidence related to the complaint. That phishing email, suspicious text or ransomware isn’t just bits and bytes – it’s evidence. This material can help law enforcement stop and prosecute hackers.

Keep items in a safe location in the event you are requested to provide them for investigative or prosecutive evidence. All of the following documentation might be considered evidence, but you should keep anything you think could be related to the incident:

  • Canceled checks
  • Certified or other mail receipts
  • Chatroom or newsgroup text
  • Credit card receipts
  • Envelopes (if you received items via FedEx, UPS or U.S. Mail)
  • Facsimiles Log files, if available, with date, time and time zone
  • Social media messages
  • Money order receipts
  • Pamphlets or brochures
  • Phone bills
  • Copies of emails, preferably electronic copies. If you print the email, include full email header information
  • Copies of web pages, preferably electronic
  • Wire receipts

ADDITIONAL RESOURCES     


Report Social Security Fraud

If you believe someone is using your social security number for employment purposes or to fraudulently receive Social Security benefits, contact the Social Security Administration’s fraud hotline at 1-800-269-0271. Request a copy of your social security statement to verify its accuracy.

Report tax fraud


Additional places to report cybercrime




I want to: Calculate my options

Use these online calculators as a resource for planning, estimating and exploring your financial opportunities!