Jump to main content

Cyber Threats & Identity Theft Guide

Scams and Frauds Video 

Romance Scams (Turning Victims into "Money Mules")

Victims of Identity Theft

If you believe you have been a victim of identity theft, go to https://www.identitytheft.gov/ for a step by step process of reporting identity theft and receiving a recovery plan.

Identity Theft Prevention

Identity theft and cyber attacks are an everyday occurrence and, with technological advancements, it is becoming very difficult to guard against. We encourage our members to stop and think before connecting online to protect yourself and your identity from a cyber criminal attack. Practice good online safety habits with these tips and advice from a collaboration of the National Cyber Security Alliance and the U.S. Department of Homeland Security:  https://stopthinkconnect.org/tips-advice/general-tips-and-advice

Protecting your personal information is the first step in helping reduce your risk of identity theft. There are four main ways to do it:

Keeping Your Personal Information Secure Offline

  • Lock your financial documents and records in a safe place at home, and lock your wallet or purse in a safe place at work. Keep your information secure from roommates or workers who come into your home.
  • Limit what you carry. When you go out, take only the identification, credit, and debit cards you need. Leave your Social Security card at home.
  • Before you share information at your workplace, a business, your child’s school, or a doctor’s office, ask why they need it, how they will safeguard it, and the consequences of not sharing.
  • Shred receipts, credit offers, credit applications, insurance forms, physician statements, checks, bank statements, expired charge cards, and similar documents when you don’t need them any longer.
  • Take outgoing mail to post office collection boxes or the post office. Promptly remove mail that arrives in your mailbox. If you won’t be home for several days, request a vacation hold on your mail.

Keeping Your Devices Secure

  • Use Security Software
    Install anti-virus software, anti-spyware software, and a firewall. Set your preference to update these protections often. Protect against intrusions and infections that can compromise your computer files or passwords by installing security patches for your operating system and other software programs.
  • Avoid Phishing Emails
    Don’t open files, click on links, or download programs sent by strangers. Opening a file from someone you don’t know could expose your system to a computer virus or spyware that captures your passwords or other information you type.
  • Be Wise About Wi-Fi
    Before you send personal information over your laptop or smartphone on a public wireless network, see if your information will be protected. If you use an encrypted website, it protects only the information you send to and from that site. If you use a secure wireless network, all the information you send on that network is protected.
  • Lock Up Your Laptop
    Keep financial information on your laptop only when necessary. Don’t use an automatic login feature that saves your user name and password, and always log off when you’re finished.
  • Read Privacy Policies
    Yes, they can be long and complex, but they tell you how the site maintains accuracy, access, security, and control of the personal information it collects; how it uses the information, and whether it provides information to third parties.

Keeping Your Personal Information Secure Online

Know who you share your information with. Store and dispose of your personal information securely.

  • Be Alert to Impersonators
    Make sure you know who is getting your personal or financial information. Don’t give out personal information on the phone, through the mail or over the Internet unless you’ve initiated the contact or know who you’re dealing with. If a company that claims to have an account with you sends email asking for personal information, don’t click on links in the email. Instead, type the company name into your web browser, go to their site, and contact them through customer service.
  • Safely Dispose of Personal Information
    Before you dispose of a computer, get rid of all the personal information it stores. Use a wipe utility program to overwrite the entire hard drive.
  • Encrypt Your Data
    Keep your browser secure. To guard your online transactions, use encryption software that scrambles information you send over the internet. A “lock” icon on the status bar of your internet browser means your information will be safe when it’s transmitted. Look for the lock before you send personal or financial information online.
  • Keep Passwords Private
    Use strong passwords with your laptop, credit, bank, and other accounts. Be creative, use a combination of letters, numbers and special characters.
  • Don’t Overshare on Social Networking Sites
    If you post too much information about yourself, an identity thief can find information about your life, use it to answer ‘challenge’ questions on your accounts, and get access to your money and personal information. Never post your full name, Social Security number, address, phone number, or account numbers in publicly accessible sites.

Securing Your Social Security Number

  • Keep a close hold on your Social Security number and ask questions before deciding to share it. Ask if you can use a different kind of identification. If someone asks you to share your SSN or your child’s, ask:
    • Why they need it
    • How it will be used
    • How they will protect it
    • What happens if you don’t share the number
  • The decision to share is yours. A business may not provide you with a service or benefit if you don’t provide your number. Sometimes you will have to share your number. Your employer and financial institutions need your SSN for wage and tax reporting purposes. A business may ask for your SSN so they can check your credit when you apply for a loan, rent an apartment, or sign up for utility service.

The "Phantom Hacker" Scam (Multi-step Deception)

According to FBI Cleveland, (Source: https://www.ic3.gov/Media/Y2023/PSA230929 of October 3, 2023) scammers are impersonating technology, banking, and government officials "in a complex ruse to convince a typically older victim that foreign hackers have infiltrated their financial account."
Once they've gotten the victim's attention, "The Phantom Hacker" then instructs the victim to immediately move their money to an alleged U.S. Government account to “protect” their assets. In reality, there was never any foreign hacker, and the money becomes fully controlled by the scammers.
How "The Phantom Hacker" strikes:
The FBI says it has observed repeated behavior by criminals involved in “The Phantom Hacker” scam, which is often perpetrated in three major steps:
 
Tech Supporter Imposter
In the first step, a scammer posing as customer support representative from a legitimate technology company initiates contact with the victim through a phone call, text, email, or a pop up window on their computer and instructs the victim to call a number for “assistance.”
Once the victim calls the phone number, a scammer directs the victim to download a software program allowing the scammer remote access to the victim’s computer. The scammer pretends to run a virus scan on the victim’s computer and falsely claims the victim’s computer either has been or is at risk of being hacked.
Next, the scammer requests the victim open their financial accounts to determine whether there have been any unauthorized charges a tactic to allow the scammer to determine which financial account is most lucrative for targeting. The scammer informs the victim they will receive a call from that financial institution’s fraud department with further instructions.
Financial Institution Imposter
In the second step, a scammer, posing as a representative of the financial institution mentioned above, such as a bank or a brokerage firm, contacts the victim. The scammer falsely informs the victim their computer and financial accounts have been accessed by a foreign hacker and the victim must move their money to a “safe” third party account, such as an account with the Federal Reserve or another U.S. Government agency.
The victim is directed to transfer money via a wire transfer, cash, or wire conversion to cryptocurrency, often directly to overseas recipients. The victim is also told not to inform anyone of the real reason they are moving their money. The scammer may instruct the victim to send multiple transactions over a span of days or months.
U.S. Government Imposter
In the third step, the victim may be contacted by a scammer posing as the Federal Reserve or another U.S. Government agency. If the victim becomes suspicious, the scammer may send an email or a letter on what appears to be official U.S. Government letterhead to legitimize the scam. The scammer will continue to emphasize the victim’s funds are “unsafe” and they must be moved to a new “alias” account for protection until the victim concedes.
Victims often suffer the loss of entire banking, savings, retirement, and investment accounts savings, retirement, and investment accounts under the guise of “protecting” their assets under the guise of “protecting” their assets.

Tips to Protect Yoursel from "The Phantom Hacker"
• Do not click on unsolicited pop ups, links sent via text messages, or email links or attachments.
• Do not contact the telephone number provided in a pop up, text, or email.
• Do not download software at the request of an unknown individual who contacted you.
• Do not allow an unknown individual who contacted you to have control of your computer.
• The US Government will never request you send money to them via wire transfer, cryptocurrency, or gift/prepaid cards.
 

Resources

For additional information, visit https://www.consumer.ftc.gov/topics/identity-theft

The Ohio Attorney General and Ohio Highway Patrol also offers these resources:

Need a Speaker on Frauds & Scams?

CES Credit Union will also provde speakers and a brief presentation on topics related to scams and frauds. We will come to your classroom or group meeting to discuss (in general terms) what activity we see in our community, and offer tips on how to detect and avoid scams and frauds. Call us at 888-397-1136 or email us at  marketing@cescu.com to find out more.