Phone Scams are Getting Better: Here’s How to Protect Yourself

By Tero Vesalainen @ Shutterstock.com

Just this week alone, two investors told me they have recently received calls that were believable scams. The robocall scams that regularly target your phone are evolving. As criminals learn what works and what doesn’t, they make adjustments and adapt. Falling victim to a phone scam can change your life, for the worse. Here’s the story of one victim as told by Sarah Krouse at The Wall Street Journal:

The FBI agent sounded official on the phone. He gave Nina Belis his badge number and a story about how her identity had been compromised. She gave him her life’s savings.

For most Americans, robocalls are an annoyance. For Ms. Belis, an oncology nurse in her 60s, a law-enforcement impersonation scam that appeared to have started with a robocall drew her into financial losses that sapped her family’s nest egg and derailed her retirement.

The scale of her loss—nearly $340,000—and the ease with which the money was moved out of her accounts show why scam calls persist. They work, even on people who think they would never fall for one.

The caller preyed on what psychologists describe as a habitual reliance on people in authority, and kept Ms. Belis in a state of isolation and heightened emotion to cloud her judgment. He told Ms. Belis her Social Security number had been stolen and that crimes had been committed under her name, and persuaded her to transfer assets to accounts he controlled on the pretext of protecting the funds.

He coached the New York-area resident on how to satisfy compliance questions at financial institutions as she moved the funds and kept her on the phone for hours at a time.

Law-enforcement, telecom executives and psychologists who have reviewed Ms. Belis’s case say it is unique given how much money was lost. It also has all the hallmarks of government impersonation scams that have snared thousands of other consumers. [See tips on how to avoid robocall scams below.]

In the first nine months of the year, the Federal Trade Commission received more than 139,000 reports of fraud in which people claimed to be from the Social Security Administration, with losses totaling nearly $30 million.

You may think that scams like these could never fool you, but they are constantly changing. You need to make sure you’re vigilant about who you trust. It’s one of the reasons I prefer Fidelity over any other custodian. Fidelity is very aware of such scams and has suggestions for how to protect yourself. Fidelity Viewpoints suggests:

How to protect yourself

The good news is that you can protect yourself in most cases, by being aware of the threat and following certain practices for safeguarding your information.

1. Don’t take the phishing bait

Phishing is a technique used by criminals to trick victims into providing personal information that can be used for identity theft. Most phishing attempts are carried out by email, text messages, or phone.

  • Ignore deals, freebies, and awards that sound too good to be true. Disregard offers that appear to come from unusual foreign contacts, as well as requests from strangers for help.
  • Ignore phone calls, emails, or texts that appear to be from the IRS. The agency will not contact you by phone, email, text message, or social media to request personal or financial information.
  • Be suspicious of anyone requesting your Social Security number, date of birth, financial account number, PIN, email, or passwords—especially if there is a request to verify your information when you were not expecting it.
  • Never click a link or download an attachment inside an unexpected email. If the email claims to be from a company you do business with, don’t log in from a link in the email message—go to the company’s website and log in to your account from there.
  • Never provide personal information over the phone to an unsolicited caller. If you think the call might be a legitimate request from a company you do business with, hang up, and call the company directly.

2. Protect your phone service

Your phone has become an important part of security protocol and is the “master key” to accessing online accounts and information.

Criminals and scam artists are actively using stolen identity information to port your mobile phone number, or forward your phone calls and text messages. They do this by calling phone service providers such as AT&T, Verizon, Sprint, T-Mobile, Xfinity, etc. If you use Voice over IP (VoIP) phones such as from Xfinity, Verizon FIOS, Google Voice, etc., then your voice phone portal accounts are also at risk.

Cyber criminals do this to steal your 2-factor authentication codes and text messages to get into your financial institution accounts.

  • Learn signs that your phone may be hacked. If you notice your mobile phone showing “no service” or “emergency calls only,” or you stop receiving phone calls and text messages even after you restart your phone, contact your mobile company to see if your account has been compromised.
  • Ask your telecom provider about ways to better secure your account, especially verifying your identity with a PIN or 2-factor authentication to make changes, route phone calls, forward phone messages, or port your phone number.
  • Secure your online phone and internet service provider account where you pay bills and manage settings. Use a separate and strong password for such accounts and enable 2-factor authentication on these accounts.

3. Monitor and secure your accounts

Many companies, including Fidelity, go to great lengths to safeguard customers’ information and provide security tools. For instance, Fidelity offers 2-factor authentication, designed to prevent someone from accessing your account, even if they have your password.

Here are a few actions you can take to reinforce those safeguards.

  • Choose passwords that can’t be guessed easily. Use different passwords for different websites, and change them regularly.
  • Sign up for 2-factor authentication at your financial institutions and email service providers to protect all your online accounts.
  • Make sure your financial institutions have up-to-date contact information for you, especially your mobile number. Your financial institutions use this information to protect your accounts and to contact you when suspicious activity is detected.
  • Sign up for automated alerts of suspicious account activity wherever offered. Fidelity automatically alerts you by email and text messages of certain suspicious activity. Do not ignore these text alerts whenever received.
  • Check your credit report regularly. The 3 major agencies—Equifax, Experian, and TransUnion—are required by law to provide you with a free copy of your credit report once every 12 months, which means you can check your report for free 3 times throughout the year.

4. Secure your mobile devices and personal computers

Any device you use that is connected to the internet can become a mechanism of attack by cyber-criminals. Hackers can get in through newly discovered security holes in these devices and systems.

  • Apply updates and patches as soon as the system maker releases them.
  • Don’t download mobile apps and games that you do not trust. Some mobile apps have been found to contain hidden malicious software. Use your best judgment before using a brand new app from an unknown company and read reviews before downloading.
  • Run antivirus software on your computers, and ensure that your mobile devices have the most recent security updates and patches.

Keep good habits

Security measures aren’t foolproof, and anybody can suffer a moment of inattention or lapse in judgment. Nevertheless, awareness and basic prevention practices can protect you from the vast majority of attempts to steal your identity or money through fraudulent schemes.

In a world where the only barrier between you and scammer is whether or not you click “Accept” when the call comes up on your phone, constant awareness is a must.