Fraud Files: How to Avoid Falling Victim to Spoofing

The following are actual events of a scam experienced by a BHFCU member. These events offer insight into how fraudsters operate and provide valuable lessons on what to avoid.

While fraudsters’ strategies continue to become more sophisticated, some remain committed to the basics. This quarter’s fraud files focuses on an old-school scammer tactic, spoofing. Let’s start with a definition refresher.
 

spoof
/spo͞of/

To hoax or trick (someone).

(in the context of fraud in particular) spoofing is a type of cybercrime where someone or something forges a sender’s information, pretending to be a legitimate source.

Recently, a member experienced a real-life spoofing event during which a fraudster used our number. Learn from the tactics used to avoid falling victim.
 

The Phone Call That Seemed Off.

When a member’s phone started ringing with 605-718-1818, they expected to hear from a BHFCU team member when they answered. (Unfortunately, spoofing has made that something you can’t entirely bank on.) They were then asked to verify card transactions for suspected fraudulent activity. The first sign of an issue was when the supposed BHFCU caller seemed a little off. Their phrasing and language led the member to question whether the caller was truly from the credit union.
 

A Request for Personal Information.

After inquiring about an apparent $200 purchase in the United Kingdom, the caller began to request more personal information. They asked for things like the member’s full card number to ‘research additional charges,’ their online banking username and password, their member number, and the names of anyone else on their account. While one of these requests alone may not instantly ring alarm bells, all of them together become invasive and put a dangerous amount of personal information in the wrong hands.
 

Telling the Member to Ignore Legitimate Calls.

During the call, our fraud department noticed inconsistencies caused by the scammer and began calling the member. When the member mentioned getting another call, the fraudster asked for the phone number and told the member to ignore it ‘because they were already being taken care of.’  We would never ask you to ignore a call! That itself is a red flag.
 

So, What Does This All Mean for You?

Fortunately, the member disengaged before giving away too much sensitive information. Let this be a reminder that you have the ability to protect yourself. While it’s impossible to fully prepare for the moment a fraudster targets you, the lessons from this incident can help. 
 

• Caller ID Can Be Spoofed. Even though a phone number appears to be from a trusted source, it may not be.
• Suspicious Language is a Red Flag. If something seems off, disengage.
• Don’t Let Them Isolate You. Telling you not to answer a call is proof enough that they’re not the real deal.
• Share the knowledge! Share this article with your loved ones. The more stories we read and learn from, the more ready we are to put up a fight against fraud.

Remember, if something feels off during a call, disengage! Rest assured, any of us at the credit union will applaud you for it when you call back.