In 2024, online scams resulted in estimated losses of $10 billion in the U.S. alone. Phishing, romance scams, investment fraud, and tech support scams are some of the most common types that contribute to these losses. As the internet and social media platforms continue to evolve, so do the tactics used by scammers, making it harder for people to spot these frauds.
At Horicon Bank, we have systems in place to catch unusual online behavior and our employees are trained to dig in. Steve Lang, eBanking Representative, recently responded to an alert of an inconsistent online banking login for a customer. After investigating, he discovered the login attempt was coming from a Middle Eastern country. What did Steve do? He dug in to protect our customer.
Steve, what did you do after you received the alert of a suspicious login?
Steve: I made contact to inquire about the situation. The customer was friendly and stated they were logged into their own online banking, so there was nothing to worry about. However, while on the phone with the customer, I could see in real time that a transfer to an account outside the bank was created for a significant amount of funds.
Yikes! What did you do next?
Steve: I asked simple questions like: Have you been traveling for vacations lately? Do you have any relation overseas? And have you ever tried sending money to anyone from your online banking?
The customer answered that they do not travel, do not have family overseas, and use Bill Pay but otherwise did not send funds to people.
So you knew something was up. It’s not an easy conversation to ask if a customer has potentially compromised that information. I know I would feel a bit defensive if that happened to me. How did you approach that conversation?
Steve: Knowing that a transfer was initiated, I asked if there was someone else that could have access to their online banking that would try to transfer money. The customer said they do not share their personal information. I then asked if they were currently logged into their computer. This is when the breakthrough happened for both of us. The customer said they were not logged into their computer but was having it "cleaned" by some professionals.
For a banker that sees online fraud of all types, this had to be a red flag for you. But scammers can be very convincing and trustworthy at first. That’s how they create successful scams after all. How did the customer initially react to you suggesting this might be fraud?
Steve: The customer was initially confident in the professionals' work and mentioned that they had been instructed not to change anything on the computer as it could harm the cleaning process. They were reluctant to believe that a scam was happening and refused to stop the "professionals" from their work. The customer trusted the professionals because they had been working on the computer for about four hours already.
Now, you could have left it at that. You could have said “Well, if you feel confident, then I’m sure it’s fine.” But you didn’t. Something didn’t feel right to you. How did you work with the customer to identify the scam?
Steve: I asked if the customer knew the professionals personally or had met them in person. The customer stated they were confident in their work but had never met them face-to-face. They mentioned that the professionals had reached out to them – not the other way around. Realizing right then it was a scam, I asked the customer to shut off their computer. The customer was initially reluctant. I explained to the customer that individuals were actively attempting to steal their funds and possibly their identity. Despite the customer's initial reluctance, I informed them that I had deleted the external fund transfer and disabled their internet banking for security reasons. After further discussion, the customer finally agreed to unplug their computer.
You were able to catch the fraudulent scheme and save the customer’s money! Without someone paying attention to the unusual activity, asking open questions and taking time to build a trusting relationship, that customer may have suffered a significant loss. Did you advise the customer to do anything else?
Steve: The customer has since gotten a new computer and thankfully has not lost any funds to the fraudsters. The customer has called numerous times to say "thank you" to Horicon Bank for our service and commitment to protection of their lifetime’s work.
How can people reading this article prevent such scams from happening to them?
- Be cautious of unsolicited calls: Do not trust unsolicited calls from individuals claiming to be professionals offering services. Verify their identity and credentials before allowing them access to your computer or personal information. If you aren’t sure who the person calling is, let it go to voicemail. If it is important, they will leave a message. If you still aren’t sure on the legitimacy of the call, talk to a trusted friend, family member, or your banker before proceeding.
- Watch out for companies that sound reputable at first glance. We commonly see scammer posing as reputable companies such as Google, Microsoft, Apple or an antivirus company. These large companies will not reach out to you individually if there is an issue with your device. It is also common to receive pop ups on your computer claiming to be one of these reputable companies and asking you to call for more information. Companies like Microsoft, Google or Apple will not ask you to call them directly. This is a scam.
- Do not share personal information: Never share your online banking credentials, passwords, or personal information with anyone, especially over the phone or email. If you receive an unsolicited call from someone asking for this information, hang up. Call the company requesting the information back on a published phone number (from the company’s website, for example) to verify the identity of the caller.
- Monitor your accounts regularly: Regularly check your bank accounts for any suspicious activity and report any unauthorized transactions immediately.
- Use strong passwords: Create strong, unique passwords for your online banking and other accounts. Avoid using easily guessable information such as birthdays or common words.
- Enable two-factor authentication: Use two-factor authentication or biometrics for an added layer of security on your online accounts.
- Keep your software updated: Ensure that your computer's operating system, antivirus software, and other applications are up to date to protect against security vulnerabilities.
- Be aware of phishing scams: Be cautious of emails or messages that ask for personal information or direct you to suspicious websites. Verify the sender's identity before clicking on any links or providing information.
For more information on how to avoid scams, check out this advice from the Federal Trade Commission.