Cyber Scams 101
What is a cyber scam?
The FBI’s Internet Crime Complaint Center, or IC3, is the US government’s central public repository for all forms of internet fraud and published their 2020 annual report showing that cyber scams grew in size and scope while citizens were battling the pandemic.
IC3 fielded nearly 800,000 complaints in 2020 and said Americans reported more than $4 billion in loss due to cyber scams.
The most common forms of internet fraud, according to IC3, include business fraud, credit card fraud, internet auction fraud, investment schemes, Nigerian letter fraud, and non-delivery of merchandise.
Scams specifically highlighted by IC3 include business e-mail compromise, which targets wire transfer account numbers in international business by hacking e-mail accounts and then forging invoices and payment receipts.
Prominent cyber scams in 2020 also include data leaks, organized denial of service attacks, e-mail account compromise to request fraudulent payments, network disabling malware, phishing, and ransomware.
By partnering with the private sector, with local, state, federal, and international agencies, and with the general public, IC3 resolved 82% of its business e-mail compromise complaints in 2020, freezing $380 million of the nearly $462 million in reported losses.
How to protect yourself from cyber scams?
DECU has more information on specific steps to building vigilance to avoid most cyber scams here. Still, industry experts all agree that the strongest online security comes from good internet user habits.
According to cyber security experts, your unique account password should be strong enough to prevent simple hacking, but a strong password sometimes isn’t enough.
Global market research company Forrester said 80% of all hacking-related data breaches involve the abuse of privileged credentials, and instead of a password alone, experts recommend multi-factor authentication (MFA) for all your sensitive online accounts.
MFA grants website or app access only after the user presents two or more pieces of evidence upon request from the authentication mechanism.
Those additional factors can be:
- Something you know (password, birthday, temporary code, etc.)
- Something you have (phone, computer, device, key fob, SIM card, employee ID, etc.)
- Something you are (facial recognition, fingerprint, etc.)
While password theft and hacking continue, internet users can take active responsibility for their data and keep cybercriminals at bay by using MFA to control sensitive online accounts.
Likewise, the IC3 has published a list of measures that consumers can take to shore up their personal internet defenses, which we include below:
- Secure devices with a difficult-to-guess password and/or biometrics
- Update your software
- Use a virtual private network
- Use a virtual wallet from DECU
- Go to the source if a deal looks too good to be true
- Be cautious
- Don’t open attachments from unknown e-mail addresses
- Use retailer apps and shop direct
- Don’t give your card number if you get a call or e-mail to “confirm a purchase”
- Don’t respond to an e-mail “double-checking your address”
- Sign up for text alerts from DECU
- Check to see if you have free or discounted ID theft insurance available
DECU Digital Banking Security
Deere Employees Credit Union uses two-factor authentication (2FA) for our digital banking app and online access.
Our recent upgrade to DECU’s digital banking platforms improved member service and the most advanced technical solutions for digital banking access.
During implementation and testing, we emphasized user safety from hacking and stolen passwords, including the implementation of 2FA for first-time users and on new, unrecognized online devices.
DECU also engaged a browser session timeout after 10 minutes of inactivity, authentication token security to ensure end-to-end data encryption and 3rd-party testing for all security upgrades.
Despite these and other cyber security measures, the issue of internet fraud and cyber scams requires consumers to remain vigilant and be cautious when operating online.
Where to report cyber scams
In the event that you find evidence of cyber scams and wish to file a report, we include the following list of US Government agencies and their internet fraud hotlines.
Report computer or network vulnerabilities to US-CERT via the hotline (1-888-282-0870)
or the website (www.us-cert.gov). To report phishing attempts to US-CERT, forward
phishing e-mails or websites to US-CERT at firstname.lastname@example.org.
Report fraud to the Federal Trade Commission at www.ftc.gov/complaint, if applicable.
Report identity theft at www.IdentityTheft.gov, the government’s free, one-stop resource
to help you report and recover from identity theft.
If you are a victim of online crime, file a complaint with the Internet Crime Complaint
Center (IC3) at www.ic3.gov. IC3 is a partnership between the Federal Bureau of
Investigation (FBI) and the National White Collar Crime Center (NW3C)
If you believe someone is using your Social Security number, contact the Social Security
Administration’s (SSA) fraud hotline at 1-800-269-0271. For additional resources, visitthe SSA at http://oig.ssa.gov/report-fraud-waste-or-abuse.