Beware of These Recent Scams

To protect yourself, it’s important to be familiar with trending scams — keep reading to learn about the latest.

Tips & Facts

Be extra cautious when scanning QR codes from untrusted emails and from signs, posters, flyers, or other physical locations. If you receive an unexpected email or text with a QR code, don’t scan it, especially if it urges you to act immediately.

Think before scanning that QR code

Quishing, short for QR code phishing, is a new fraud scam that uses QR codes. Quick refresher: QR stands for “Quick Response,” and a QR code is a two-dimensional barcode (like the one shown below) that can be scanned by a smartphone’s camera to quickly access information, typically a website link. QR codes are made up of a grid of black and white squares. When you open your phone’s camera and scan it, it may open a website or an app on your phone. (Depending on your phone’s settings, you may need to tap on a link that appears after your camera registers the code. You can try it out using the code below.)
 

QR codes are very convenient – but just like an email or unexpected text message that contains a link, they can install malware or viruses on your phone, which can ultimately be used to steal your money or identity.
 
That’s why it’s unwise to scan QR codes posted in public places, from an unfamiliar email, in an unexpected text message, or anywhere else where you’re unsure of the source.
 
How the QR scam works
 
Scammers are posting physical images of QR codes in high traffic locations, as well as sending them via email or text message. Once you scan the QR code, it takes you to a scammer’s website, which may look legitimate. The scammer may try and lure you into providing personal or financial information. According to the USPS, these scammers often attempt to disguise themselves as a government agency, bank, or other company to lend legitimacy to their claims. Scammers have even been known to paste stickers of fraudulent QR codes on top of posters from legitimate businesses, such as inside of a fast food restaurant or a bank.
 
How to protect yourself

• Think. Before scanning QR codes, ask yourself: Where did this come from? Who posted or sent this QR code?
   
  Be extra cautious when scanning QR codes from untrusted emails and from signs, posters, flyers, or other physical locations. If you receive an unexpected email or text with a QR code, don’t scan it, especially if it urges you to act immediately.
• Report. If you think that the QR code is impersonating an organization, contact the bank, credit union, government agency, or company so they can work with law enforcement to investigate the activity and also alert others.
• Treat your personal information like cash – so don’t give away this information in response to a QR code. Your Social Security number, credit card numbers, and other personally identifiable information can be used to steal your money or open new accounts in your name without your knowledge or approval.
• Block spam messages. Contact your carrier’s customer service number (usually 611) and instruct them to block all text messages sent to you as email and block all multimedia messages sent to you as email. (Some carriers may also offer an option to activate these blocks online for your phone number.)

Student loan scams

Americans lost an astounding $5 billion to student loan fraud in 2022.¹ As students graduate high school and look to college in the fall, scammers are busier than ever. And if you’re one of the millions of Americans with existing student loans, beware that scammers are also looking to target you regarding relief and refinancing.
 
Many of the scams – for both new loans and for relief or consolidation of existing loans – involve payment of fees upfront. Other scammers pose as organizations simply to steal your personal information.
 
Here are four ways to protect yourself from student loan scams:

• Watch out for fees. While borrowing fees exist, they are included in the principal of legitimate loans, and will come up when you take the loan out. If someone is asking you to pay fees now, out of pocket, in order to refinance your loan, make a new loan, service an existing loan, apply for debt relief, or fill out a FAFSA form, it’s probably a scammer.
• Don’t give out your Federal Student Aid (FSA) ID or password. No one should be asking you for your FSA ID and password. You will use it to log in to legitimate government websites (like https://studentaid.gov/), but if someone is asking you for it on the phone, via text, via email, or in person, you’re dealing with a scammer. Be cautious when revealing other private information.
• Resist pressure to act immediately. Most student loan scams – and many scams in general – have something in common: pressure to act immediately.
• Do your research. Speaking of being pressured to act immediately, one reason for this is that scammers don’t want you to take the time to research the name of their company or organization. Many scammers have created sophisticated, professional-looking websites and social media profiles. But don’t trust a website or social media profile by itself.

Instead, research any person or business who contacts you. A simple search engine search of their name plus “reviews” or “scam” may reveal whether you’re dealing with a legitimate organization or not. Additionally, don’t accept as accurate any official-sounding language like “partner of the Department of Education” or “pandemic grant.”
 
The bottom line: if someone reaches out to you about a student loan, or if you see an advertisement on social media, do your research and think carefully before providing personal information or money.

Digital payments fraud

Our Patelco members have told us how much they love digital payments (like Venmo, PayPal, and other popular platforms) for being an easy and secure way to send money to people they know and trust. But because scammers may pose as people or businesses you know, it’s important to protect yourself – and your money.
 
Whether you’ve used digital payments before or are new to it, follow these tips to help you pay it safely:

• Only use digital payments to send money to people you know and trust
• Never share your online banking User ID or password. Patelco will NEVER contact you and ask for it – and there’s no reason anyone else needs it, ever.
• Never do a “test” transfer with any third-party payment service. Recent fraud uses someone pretending to be from Patelco asking you to do a “test” transaction or transfer. Patelco will NEVER ask you to do a test transfer, ever.
• Never use digital payment to make utility bill or credit card payments. A scammer may pretend to be a utility company or wireless carrier asking you to send a payment with a digital platform. Most digital payment platforms cannot currently be used to pay utility or credit card bills.
• Don’t send money back to someone who “accidentally” sent you money via digital payment. Scammers will send money from stolen accounts and then ask the recipient to send the money back – but the money sent back is your real money, while the money that you “accidentally” received is stolen.

 
If someone reaches out to you and says that they sent you money accidentally, tell them to reach out to their bank or credit union to resolve it. Never send the money back to them.

Fake debt collector scams

In this scam, fraudsters threaten legal action to pressure you to pay a fake debt. In late 2022, the Federal Trade Commission (FTC) returned more than $1 million to victims of just such scams.

To protect yourself from similar scams:

• Understand your finances. Keep records of past and current debts, so you won’t get fooled by a fake debt.
• Request a “debt validation letter.” This requires the debt collection agency to prove they’re legally collecting a debt you owe.
• Regularly review your credit report so you stay aware of the status of all your accounts.
• Know your rights, including those covered under the Fair Debt Collection Practices Act.

Romance scams

It’s easy to fall for a romance scam set up on a dating app or social media. The fraudster creates a fake profile to start sending sweet messages and big proclamations to their target. Once they have your trust and affection, the asks begin. They’ll ask for money to come see you (but won’t actually come), for unexpected expenses, or for a family emergency. What will you get in return? A lower account balance.

Here’s how to protect yourself if you think you’re dealing with a romance scammer:

• Stop communication immediately.
• Don’t send money or gifts to anyone you haven’t met in person.
• Do a reverse image search of their profile image using a search engine. Is it a stock image or a photo stolen from somewhere else?
• Never send revealing photos of yourself — these can be used for blackmail.
• Talk to your trusted friends or family about your new love interest. Do they have concerns?

Want to learn more about the different types of romance scams, and how to identify and avoid them? Watch a video with one of our Patelco experts below!