Security: Frauds & Scams

4 Secure Actions for Daily Life

October 2, 2024 by Jake Holmes, Maine Credit Union League

October is Cybersecurity Awareness Month—a time to raise awareness about online threats and the steps people can take to better protect themselves when using the internet. This year’s theme is Secure our World. By viewing your actions through a cyber lens, you’re more aware of what you are and aren’t doing while online. The Cybersecurity & Infrastructure Security Agency (CISA) promotes Cybersecurity Awareness Month each October and their enduring campaign goal is to have everyone implement the following four actions into their day-to-day lives to increase online security:

#1 - Enable Multi-Factor Authentication

Multi-factor authentication is an extra security step in the process of logging into an account. As usual, people enter either their username or email address––followed by their password. However, instead of being granted access to their account after successfully entering the password, the user needs to confirm their identity via another specified method. For example, the user may receive a text message or an email with a one-time code that must be entered to complete the login process. Other two-factor authentication methods include biometric information, such as fingerprint or facial recognition scanning.

Also, growing in popularity are authentication apps. The apps generate short codes that change on a regular basis. If the app is someone’s method of multi-factor authentication, they will need to copy the code from the app to log in. This makes it much more difficult for fraudsters to gain access to accounts. Even if a fraudster was able to get their hands on someone’s password, they still wouldn’t be able to access their account without the user’s personal device. With facial recognition or fingerprint scanning, they still wouldn’t be able to access the account even if they had the password and device. If you don’t already have multi-factor authentication enabled on your accounts, now is the time!

#2 – Use Strong Passwords

It’s a good idea to regularly change your password and create unique, strong passwords for all your online accounts. If you reuse a password, data breaches can give fraudsters access to all the sites you use that password on. For example, if your password is “WickedG00dLobstah1” on both Amazon and Netflix, and Netflix.com experiences a data breach, the fraudster may take your username and password and plug it in to other sites. This is called “credential stuffing.” If they eventually try your credentials on Amazon, you will now have two compromised accounts instead of one. Use different passwords for all your online accounts. Also, avoid including personal information in your passwords. Names, birthdays, anniversaries, and other easily guessable information should never be used. The strongest passwords should have a minimum of 12 characters and include upper and lowercase letters, numbers, and special characters.

#3 – Recognize and Report Phishing

Scammers use email, fake social media accounts, and other forms of online communication tools to try and steal your passwords, account numbers, Social Security numbers, and more. With that information, they can gain access to your accounts and even sell your information to other scammers. To protect yourself, enable email spam filters, ignore friend or follow requests from users you aren’t familiar with, and keep an eye out for anything that looks suspicious. Don’t click on suspicious-looking links or open any unexpected attachments. Poor spelling and grammar is also a red flag. Further, if you receive an email that threatens a consequence or opportunity loss unless urgent action is taken, it’s likely a scam. This approach is used to rush you into action before you have an opportunity to study the email for potential flaws or inconsistencies. Lastly, if you see an individual or group trying to solicit passwords, Social Security numbers, credit card numbers, or other sensitive information from you or someone else, report it at www.cisa.gov/report.

#4 - Update Your Software

Fraudsters are always looking to exploit flaws in your system. Network defenders work hard to protect your system, but their efforts depend on you consistently updating your software with the latest fixes. Update the operating system on your mobile phones, tablets, and laptops regularly. These personal devices often hold your emails and your financial and tax documents––often including your Social Security number. Fraudsters who gain access to this valuable information can commit identity theft, put harmful software on your devices, or both. Turn on automatic updates for all devices, applications, and operating systems to limit exploitation opportunities for fraud.

Identity Theft

Identity theft occurs when a fraudster steals your personal information that could be used to falsely apply for credit, benefits, a loan, or any other service that literally steals your identity. The three common ways that fraudsters steal your identity is via stealing mail or sensitive documents, phishing, and fake job listings.

1. Stealing Mail or Sensitive Documents: Your information can easily be found if you throw away documents that contain your personal information listed on it. This can be a trashcan you place outside your home on garbage day or your work trashcan. Be sure to shred all documentation that has any personal information. Fraudsters also use the personal information you put on your social media accounts to steal your identity.

2. Phishing: This happens when someone contacts you via email or text and says there is an issue with your credit union account and you need to verify the account with a date of birth, account number/bank routing number, or social security number. If you receive an email that threatens a consequence or opportunity loss unless urgent action is taken, it’s likely a scam. This approach is used to rush you into action before you have an opportunity to study the email for potential flaws or inconsistencies. It is totally fine to call the credit union to see if the request for information is real. Remember, credit unions will never ask for your personal information via an email.

3. Fake Job Listings: Fraudsters will post fake job opportunities on various employment websites to get you to freely give them your personal information. The fraudster can then sell your personal information provided in the job application that you provided.

If you see an individual or group trying to solicit passwords, Social Security numbers, credit card numbers, or other sensitive information from you or someone else, call the credit union and report it at www.cisa.gov/report.

Investment Fraud: Know the Red Flags Before You Invest

Scammers often target individuals with investment opportunities that seem too good to pass up. Here are three common types of investment fraud to watch out for:

1. The “Free Lunch” Investment Pitch

Be cautious of seminars offering a free meal alongside a high-pressure sales pitch for a “can’t-miss” investment. These events often create a false sense of urgency—pressuring you to invest on the spot before the presenter conveniently “leaves town.”
Red Flag: If you're asked to act immediately or miss out, it's likely a scam.

2. Oil & Gas Scams

Someone calls with claims of striking it rich by drilling for oil in remote locations like the Gulf Coast. They promise cutting-edge technology and incredible returns—but conveniently skip over whether the investment or broker is registered.
Red Flag: Always verify if both the investment and the seller are registered with your state or the SEC.

3. Gold & Silver Coin Scams

You hear a radio ad urging you to protect your wealth with gold or silver coins during “uncertain economic times.” What they don’t tell you is that those coins are often marked up by 300–500%, meaning you lose money the moment you buy.
Red Flag: Exaggerated claims of value or urgency, especially without full disclosure of fees and pricing.

Protect Yourself

Before investing, ask questions, do your research, and consult with a trusted financial advisor. If it sounds too good to be true—it probably is.

Common Scams

Scammers are constantly evolving their tactics. Fraudsters often prey on emotions like excitement, love, and fear to trick their victims. Here are some common scams you should know about—so you can stay one step ahead.

Disaster-Related Charity Fraud

When a natural disaster strikes, fraudsters are quick to exploit the moment. You may receive emails, phone calls, or social media messages asking for donations to help victims. While the cause sounds urgent and compassionate, the money often goes straight into a scammer’s pocket—not to those in need.
Protect Yourself: Always donate through verified charities. Be cautious of unsolicited requests, especially those asking for payment via wire transfer, gift card, or cryptocurrency.

Tech Support Scams

You might see a pop-up or get a call warning that your computer has a virus—allegedly from Microsoft, Apple, or another trusted tech brand. The scammer will urge you to give them remote access to your device. Once in, they may install malware or charge you for fake “repairs.”
Protect Yourself: Legitimate companies will never call you out of the blue or ask for remote access. If you get an alert, contact your software provider directly using a trusted phone number or website.

Fake Check Scams

This scam often targets individuals selling items online. The fraudster sends a check for more than the asking price, claiming it was a mistake or meant to cover shipping or fees. They’ll ask you to deposit the check and send back the difference—before the bank discovers the check is fake.
Protect Yourself: Never accept overpayment or return funds from a check unless you're 100% certain it has cleared. Just because a check shows up in your account doesn’t mean it’s valid.

Travel Scams

That dream vacation deal may be too good to be true. Scammers promote discounted trips or luxury packages online or over the phone, requiring upfront payment. Once you've paid, the company disappears—or you arrive to find the booking doesn't exist.
Protect Yourself: Research the company thoroughly. Don’t pay in full up front or through untraceable methods like wire transfers or gift cards. Use trusted travel websites or licensed agents.

Romance Scams

Fraudsters create fake profiles on dating apps or social media to form emotional bonds with victims. Once trust is built, they claim to need money—for emergencies, travel, or personal hardships. Victims may send thousands before realizing it was all a lie.
Protect Yourself: Never send money to someone you’ve only met online. Be cautious of anyone who avoids video calls or in-person meetings. If the story seems dramatic or urgent—step back and reassess. Ask your family members and friends how they feel about your relationship.

Lottery & Prize Scams

You’re told you’ve won a lottery, sweepstakes, or prize—often from a contest you never entered. But to “claim” your winnings, you’re asked to pay taxes, fees, or customs charges. After paying, the prize never arrives.
Protect Yourself: Legitimate lotteries never ask winners to pay upfront fees. If you didn’t enter, you didn’t win. Never share personal or financial info to claim a prize.

Grandparent Scams

Scammers call pretending to be a grandchild in trouble—or a lawyer or officer acting on their behalf. They’ll say there’s been an accident, arrest, or emergency, and they need money right away. The caller often begs you not to tell the parents.
Protect Yourself: Hang up and contact your grandchild or family directly. Don’t be rushed into secrecy or payment. Scammers count on emotional panic to override logic.

Hotel Scams

Traveling? Be alert. Scammers target hotel guests using tactics like fake calls pretending to be from the front desk, asking you to confirm your credit card over the phone. Others slip phony restaurant menus under your door, hoping you’ll order food and unknowingly hand over your payment info to a criminal.
Protect Yourself: Never give out payment info over the phone. Walk to the front desk to verify any requests. When ordering food, confirm the restaurant is real by checking online reviews or asking hotel staff.

Shipping Scams

These scams often arrive by text, email, or social media message. You’re told there’s an issue with a package delivery and are asked to click a link to resolve it. That link may lead to a phishing site designed to steal your personal or payment information—or install malware on your device.
Protect Yourself: Don’t click on unsolicited shipping links. Go directly to the official website of the carrier (like USPS, UPS, or FedEx) to check delivery status. Be especially wary of poor grammar or urgent language in messages.

Quick Tips to Stay Safe

• Don’t trust unsolicited requests for payment or personal info.

• Always verify through official channels.

• When in doubt, don’t click—delete the message and contact the company directly.

Stay Alert, Stay Secure

Whether it’s a promise of love, luck, or urgency—always verify before you act. If you’re unsure, speak to someone you trust or contact your financial institution. Your caution could stop a scam in its tracks.

When in Doubt, Reach Out

If something feels off, don’t ignore your instincts. Contact us or a trusted financial advisor before responding to unexpected requests for money, access, or personal information. Staying informed is your best defense.

Downloadable Puzzles & Games

The Maine Credit Union League provides downloadable puzzles and games so that you can learn even more about staying safe. This is also a good way to engage conversation with your children so they can be educated about remaining safe from scams and fraud.