Veterans’ frauds, caution in answering online questions and ways to avoid all scams

Prior to the U.S. Veterans Day holiday, Winston Mittens, a retired Army staff sergeant, answered a call from someone who said he worked at Mittens’ bank. The caller said the bank was beefing up its security, so it needed Winston to verify his account information and Social Security number, which he did. But in the next week, Winston visited his bank to deposit a check and found he had a zero balance in his account. A bank official told Winston that someone had used his identity to steal his banking credentials and drain his money. Lucky for him, the bank covered the fraud and restored his balance. The bank also changed his account credentials so he hopefully wouldn’t be a victim again.

Vets and service members are prey for impostor scams

Although this case is fictional, it represents a scam aimed toward U.S. veterans, service members and their families, especially around military holidays like Veterans Day. According to the Federal Trade Commission (FTC), fraudster callers — who are impersonating representatives of USAA Bank, Navy Federal Credit Union and other banks — contact victims via phone calls and voicemail, emails and texts to gain access to personally identifiable information (PII) to steal their banking credentials and identities.

The fraudsters will tell victims their debit cards have been blocked, the bank has detected fraudulent activity or some other urgent excuse to gain PII. They’ll also use impressive logos in emails and texts.

If victims click on links in fraudsters’ messages, they run the risk of hackers installing malware on their phones or computers, which hands fraudsters complete access to their devices and information.

The FTC offers advice:

• Don’t trust caller ID. Scammers fake the numbers they call from. Never call back numbers from your caller ID or those left in voicemails.
• Never give PII to anyone who contacts you out of the blue. Financial institutions won’t ask you for PII or passcodes. If you think a call might be legit, contact the company using a website or phone number you know is real.
• Don’t click links in unexpected texts or emails. Those are often phishing scams. If you’ve clicked a link by mistake, update your phone’s and computer’s security software. (See “Imposter scams targeting veterans and servicemembers,” by Gema de las Heras, FTC, Consumer Alert, Nov. 16, 2022.)

Answer security or quiz questions and risk losing your PII

Organizations often use online security measures to help prevent intrusions on accounts from unscrupulous individuals. Let’s say you’re setting up an account with an investment company, and the website asks, “Where were you born?” or “What was the name of your first pet?” When you visit the site again, you correctly answer the questions and you’re successfully logged into your account. We’ve all used this common security method.

The FTC warns of the dangers of innocently providing answers to online personality tests, quick surveys and other types of online quizzes that seem harmless but have been posted by fraudsters. They then try to use those answers to match your answers on your online accounts, and steal your bank account information and then your money. Some scammers also hack social media accounts and send malware links to friends of hacked account holders under the guise of sharing quizzes.

The FTC provides advice:

• Before you take a quiz to find out which Marvel character you are, ask yourself, do I know who’s gathering this information about me — or what they plan to do with it?
• Maintain strong passwords and use multifactor authentication.
• Just steer clear of all online quizzes or don’t answer them truthfully.
• When you’re setting up online accounts, provide random answers to security questions. Asked to enter your mother’s maiden name? Say it’s “Parmesan” or another word you’ll remember. Or use an encrypted password manager to store unique answers.
• If you suspect an online quiz is a phishing scam, tell your family members and friends. Then report it to the FTC at ReportFraud.ftc.gov. (See “Don’t answer another online quiz question until you read this,” by Terri Miller, FTC, Consumer Alert, Jan. 11, 2023.)

Four signs of a scam

The FTC provides advice on avoiding scam victimhood. Scammers:

1. Pretend to be from an organization you know. For example, scammers often pretend to be contacting you on behalf of the government. They might use a real agency name, like the Social Security Administration, IRS or Medicare, or make up a name that sounds official. Some pretend to be from a business you know, like a utility company, a tech company or even a charity asking for donations. They use technology to change the phone number that appears on your caller ID.
2. Say there’s a problem or a prize. They might say you’re in trouble with the government, you owe money, someone in your family had an emergency or a virus is on your computer. Some scammers say there’s a problem with one of your accounts and you need to verify some information. Others say you won money in a lottery or sweepstakes, but you need to pay a fee to get it.
3. Pressure you to act immediately. They want you to act before you have time to think. If they reach you on the phone, they might tell you not to hang up so you can’t check out their story. They might threaten to arrest you, sue you, take away your driver’s or business license, or deport you. They might say your computer is about to be corrupted.
4. Tell you to pay in a specific way. They often insist that you pay with cryptocurrency, by wiring money through a company like MoneyGram or Western Union, or by putting money on a gift card and then giving them the number on the back. Some will send you a check (that will later turn out to be fake) and tell you to deposit it and send them money.

How to avoid a scam

• Block unwanted calls and filter unwanted text messages.
• Don’t give your personal or financial information in response to a request you didn’t expect. Honest organizations won’t call, email or text to ask for your PII, such as your Social Security, bank account or credit card numbers.
• Don’t click on links in emails or text messages from companies you do business with even if you think they’re legit. Contact the businesses using websites you know are trustworthy or look up their phone numbers. Don’t call numbers they gave you or the numbers from your caller ID.
• Resist their pressure to act immediately. Honest businesses will give you time to decide. Anyone who pressures you to pay or give them your PII is a scammer.
• Know how scammers tell you to pay. Never pay someone who insists you pay with cryptocurrency, a wire transfer service like Western Union or MoneyGram, or a gift card. And never deposit a check and send money back to someone.
• Stop and talk to someone you trust. Before you do anything, tell someone — a friend, a family member, a neighbor. Talking about it could help you realize it’s a scam. (See FTC scam articles.)

Here to help

Please use information about these scams in your outreach programs and with your family members, friends and co-workers. As part of my outreach program, please contact me if you have any questions on identity theft or cyber-related issues that you need help with or if you’d like me to research a scam and possibly include details in future columns or as feature articles.

I don’t have all the answers, but I’ll do my best to help. I might not get back to you immediately, but I’ll reply. Stay tuned!

Robert E. Holtfreter, Ph.D., CFE, is a distinguished professor of accounting and research at a university in the U.S. Northwest. He currently serves as vice president of the Pacific Northwest chapter for the ACFE. He’s a member of the Accounting Council for the Gerson Lehrman Group, a research consulting organization and is a member of the White Collar Crime Research Consortium Advisory Council. He’s also on the ACFE’s Advisory Council and the Editorial Advisory Committee. Holtfreter was the recipient of the Hubbard Award for the best Fraud Magazine feature article in 2016. Contact him at doctorh007@gmail.com.