With scams evolving and growing in volume and maturity, it is more important than ever before to be vigilant about what information is available to nefarious actors. This article provides common scam scenarios, tips for identifying red flags, and what to do when you are compromised.

We’ve all been there: a notification appears on your phone, and you open the text to see that there is suspicious activity involving your bank account. The text requests you click a link to provide more information to respond to the issue. Or maybe the text says there is package that cannot be delivered because of a logistics issue, and please follow the link to input new information.

These are common examples of scams that seek to elicit a knee jerk reaction from the end user: clicking the link and providing the information requested. Beware: there is no issue with your bank details or delivery, but a scammer on the other end wants more information. Increasingly, people are falling for these scams, and unfortunately paying real world consequences (and funds) as a result.

At StoneTurn, we typically deal with multifaceted, complex scenarios of fraud or other malfeasance in our investigations. However, the end goal of the fraudster is not much different than that of the common scam—and at the end of the day, they want your money and/or your identity. Vigilance is key to preventing them.

Following are tips for avoiding common scams, and what to do if you find yourself compromised.

Know Your Sender

It is more important than ever to be vigilant about suspicious or unusual communications, as well as what information you are offering online or sharing over the phone about yourself.

Unfortunately, in a digital world, the opportunity, frequency, and sophistication of scams are constantly evolving. Recognizing common schemes and proactively identifying red flags are critical to mitigating risks of identity theft scenarios and scams.

Remember that financial institutions will not call you, text you or email you looking for information on your accounts. In most cases, neither will the government. If you receive outreach from a financial institution, the government, law enforcement, or others, verify independently that the communication is legitimate by ending the call or email/text exchange, and finding the official phone number or contact mechanism for the organization.

Safeguard Keys to the Kingdom

If you suspected an unauthorized person had the keys to your home, you would change your locks, wouldn’t you? The same goes for passwords and PIN numbers, except these are much more accessible than a physical key to a bad actor. This means you should be proactive and review and update your passwords regularly.

Do not fall into the trap of using short, simple passwords you can easily remember. The National Institute of Standards and Technology (NIST) recommends a password of 14 to 16 characters consisting of a mix of random characters. Never use personal information like your birthday or your name to set a PIN or password—while easy to remember, they’re also easy to defeat. Also, with the evolution of Artificial Intelligence (AI), passwords are even more vulnerable. Use two-factor authentication across your accounts and devices where possible to further safeguard your personal information and prevent opportunities for future identity theft.

Monitor Your Online Profile

Be mindful of the information you volunteer on social media platforms. Images or posts that may seem innocent and enjoyable to share can be a gold mine in the hands of a bad actor, as they can leverage personal information to gain access to sensitive accounts or identify patterns in behavior that make it easier to compromise you.

Posting pictures of yourself on a vacation in real time, for example, does more than just show your friends and family what a great time you are having. Not only does it indicate that you are not home, it also may alert a fraudster that your guard is down—and make it easier for them to trick you into complying with a request for information, or access your accounts without your immediate knowledge.

If Something Goes Wrong: Take Action

If you’ve discovered that your identity has been stolen, immediately file a report with IdentityTheft.gov, which is run by the Federal Trade Commission (FTC). The information can then be used by the FBI and other law enforcement agencies to identify or track down the perpetrator, as well as provide the individual with a personal recovery plan. You can also file a local police report to document the issue for further support.

Also be sure to alert any companies or accounts that may have been impacted by fraudulent transactions, including bank accounts, credit cards, health insurance, among others. You should then freeze your credit by contacting the three major credit bureaus, which are Equifax, Experian, and TransUnion. You can access credit reports and alerts through these bureaus. Make sure you immediately review the report you receive from each bureau to ensure there are no accounts or activity that you are not aware of. It is important to review each report as the information can slightly vary from bureau to bureau depending on which creditors provided information to them.

One of the most common misconceptions about identity theft recovery is that after initial steps are taken – you cancel your credit cards; you notify your bank and health insurance – the issue is resolved. Unfortunately, the reality is that once compromised, recovering your identity is ongoing and requires proactive vigilance and caution against future or recurring fraudulent activity. Another misconception about identity theft, more broadly, is that it only happens to people with poor security practices. In our digital-first world, everyone is susceptible to bad actors, fraudulent activity, and opportunity for compromise.

Depending on the nature of the breach, options for recourse will vary. However, it is important to take action immediately and monitor your accounts for the long-haul. Unfortunately, once your information is compromised, the issue can continue to flare up over a period of time.

As we progress through the summer months, our inclination will be to relax and enjoy all the season has to offer. But make no mistake: bad actors do not take vacations. Vigilance is key 365 days a year to prevent and detect activity from fraudsters. Take care to know the red flags, ways to be proactive, and what to do if something goes awry.

Posted In:


About the Authors

David Burroughs

David C. Burroughs

David C. Burroughs, a Partner with StoneTurn, brings over 30 years of law enforcement, public and private sector experience in fraud and forensic investigations, security threat and risk assessments, compliance […]

Read Bio