Beware of These Recent Scams

To protect yourself, it’s important to be familiar with trending scams — keep reading to learn about the latest.

Holiday scams

Scams spike during the holidays, targeting generous donors, busy shoppers, and those eagerly awaiting packages. Here’s the top 3 seasonal scams, and how to stay safe.
 
Charity Fraud
 
Red flags include pressure to donate immediately, misspelled websites, and requests for payment via gift cards / wire transfers / cryptocurrency.
 
Examples of misspelled charity websites include:
 
www.g0fundme.com (using zero instead of “o”)
 
www.redcros-help.org (misspelling; added hyphen and word)
 
www.donate-redcross.org (looks official but isn’t the real domain)
 
Delivery Scams
 
Be wary of unexpected messages claiming “delivery issues” or asking for personal details. Avoid website links that don’t match official USPS or courier domains (like usps.com or fedex.com).Track packages using official apps or websites. Use secure delivery options (like lockers at a store or signature-required delivery). Install a porch camera if possible.
 
Fake Shopping Sites
 
Prices that seem “too good to be true” usually are. Look for a return policy and contact information – if these are missing or unclear, the site may be fake. Beware of websites that are slightly misspelled or contain extra words (like uggboots-sale.com).
 
Use stores you know, and check reviews online. Avoid deals that seem unrealistic. Be careful of ads on social media. Do an internet search for the official retailer to make sure you’re on their real site.

reCAPTCHA scams

Appearing on fake websites — or embedded in real websites that have been compromised — this cutting edge scam copies human verification tests (like reCAPTCHA) and tricks you into installing malware on your computer.
 
How it works
 
You’re probably familiar with tests that ask you to prove that you’re a human (rather than a bot). Many websites – including ours – use these as protection against criminals, and they’re a great thing. However, on fake websites (or on a real website that has been compromised) these reCAPTCHA-like tests can install malware and viruses on your computer.
 
In this scam, you’ll be asked to perform a series of keyboard strokes, such as WINDOWS + S + P and then CTRL + V and then Enter. (This is an example and not necessarily an actual combination that a malware program would use.) Real verifications will never ask for a series of keystrokes.
 
Once you enter those keystrokes, a malware program designed to steal your usernames, passwords, and other personal information is installed on your device.
 
What you can do
 
Keep your software updated, and run regular anti-virus and malware scans on your devices (both computers and phones). Never click on unexpected messages or pop-ups. Know that legitimate programs to prove you are not a robot will never ask you to input a series of keystrokes.

Tax season scams

It’s tax season — and your accountant and the IRS aren’t the only ones with an eye on your taxes. Scammers are on the lookout too! This sounds scary, but you can protect yourself by learning about common tax season scams. Here’s what to look for:
 
Phishing
 
Scammers pretend to be tax professionals (or the IRS) and send emails or text messages with links. Don’t click on links sent by people you don’t know.
 
If you get a tax email you believe is fraudulent, forward it to phishing@irs.gov.
 
Gift card scams
 
Gift cards remain a popular way for scammers to steal because they’re like cash: once someone has the gift card information, it’s nearly impossible to get back. Scammers are calling claiming to be the IRS, reaching out to collect back taxes or fines. They’ll ask you to buy gift cards and then take the card information for themselves.
 
Hang up and report the scam — the IRS will never ask for payment via gift card.
 
Refund bait and switch
 
If criminals have your sensitive personal information, such as Social Security number or tax forms they stole from the mail, they may file a fraudulent return on your behalf. Once the funds hit your account, the scammers will impersonate someone from the IRS and call you demanding the return of the money. They will ask you to deposit it into a different account or send a check to an address.
 
If you receive an unexpected tax bill or refund, file a complaint with the FTC, contact the IRS at 800.908.4490 and ask the major credit bureaus to put a “fraud alert” on your file.
 
Dishonest tax preparers
 
Unfortunately, there are scam artists posing as tax professionals. They offer to do your taxes, collect a fee upfront, and then ghost you. Only hire professionals with a valid license – check online here.
 
There’re also dishonest tax preparers inflating your tax return to pocket some of the refund. Criminal tax preparers will inaccurately file your taxes in order to receive a higher refund. They will pocket some of the refund for themselves. If you’re using a tax preparer, always double check their work and the amount they received from your tax filing.

Tips & Facts

Be extra cautious when scanning QR codes from untrusted emails and from signs, posters, flyers, or other physical locations. If you receive an unexpected email or text with a QR code, don’t scan it, especially if it urges you to act immediately.

Think before scanning that QR code

Quishing, short for QR code phishing, is a new fraud scam that uses QR codes. Quick refresher: QR stands for “Quick Response,” and a QR code is a two-dimensional barcode (like the one shown below) that can be scanned by a smartphone’s camera to quickly access information, typically a website link. QR codes are made up of a grid of black and white squares. When you open your phone’s camera and scan it, it may open a website or an app on your phone. (Depending on your phone’s settings, you may need to tap on a link that appears after your camera registers the code. You can try it out using the code below.)
 

QR codes are very convenient – but just like an email or unexpected text message that contains a link, they can install malware or viruses on your phone, which can ultimately be used to steal your money or identity.
 
That’s why it’s unwise to scan QR codes posted in public places, from an unfamiliar email, in an unexpected text message, or anywhere else where you’re unsure of the source.
 
How the QR scam works
 
Scammers are posting physical images of QR codes in high traffic locations, as well as sending them via email or text message. Once you scan the QR code, it takes you to a scammer’s website, which may look legitimate. The scammer may try and lure you into providing personal or financial information. According to the USPS, these scammers often attempt to disguise themselves as a government agency, bank, or other company to lend legitimacy to their claims. Scammers have even been known to paste stickers of fraudulent QR codes on top of posters from legitimate businesses, such as inside of a fast food restaurant or a bank.
 
How to protect yourself

• Think. Before scanning QR codes, ask yourself: Where did this come from? Who posted or sent this QR code?
   
  Be extra cautious when scanning QR codes from untrusted emails and from signs, posters, flyers, or other physical locations. If you receive an unexpected email or text with a QR code, don’t scan it, especially if it urges you to act immediately.
• Report. If you think that the QR code is impersonating an organization, contact the bank, credit union, government agency, or company so they can work with law enforcement to investigate the activity and also alert others.
• Treat your personal information like cash – so don’t give away this information in response to a QR code. Your Social Security number, credit card numbers, and other personally identifiable information can be used to steal your money or open new accounts in your name without your knowledge or approval.
• Block spam messages. Contact your carrier’s customer service number (usually 611) and instruct them to block all text messages sent to you as email and block all multimedia messages sent to you as email. (Some carriers may also offer an option to activate these blocks online for your phone number.)

Digital payments fraud

Our Patelco members have told us how much they love digital payments (like Venmo, PayPal, and other popular platforms) for being an easy and secure way to send money to people they know and trust. But because scammers may pose as people or businesses you know, it’s important to protect yourself – and your money.
 
Whether you’ve used digital payments before or are new to it, follow these tips to help you pay it safely:

• Only use digital payments to send money to people you know and trust
• Never share your online banking User ID or password. Patelco will NEVER contact you and ask for it – and there’s no reason anyone else needs it, ever.
• Never do a “test” transfer with any third-party payment service. Recent fraud uses someone pretending to be from Patelco asking you to do a “test” transaction or transfer. Patelco will NEVER ask you to do a test transfer, ever.
• Never use digital payment to make utility bill or credit card payments. A scammer may pretend to be a utility company or wireless carrier asking you to send a payment with a digital platform. Most digital payment platforms cannot currently be used to pay utility or credit card bills.
• Don’t send money back to someone who “accidentally” sent you money via digital payment. Scammers will send money from stolen accounts and then ask the recipient to send the money back – but the money sent back is your real money, while the money that you “accidentally” received is stolen.

 
If someone reaches out to you and says that they sent you money accidentally, tell them to reach out to their bank or credit union to resolve it. Never send the money back to them.