Scams and Fraud

Scams & Fraud banner

View our Scams Magazine!

Business icon

Selling Scams
If you attempt to sell something online, you could encounter this type of scam. A buyer wants to send you a check for a higher amount than your asking price. You are instructed to deposit the check and then wire the extra amount back to the buyer.

With this scam, the check is deemed fraudulent (after you’ve deposited and wired the extra funds). If this occurs, you are responsible for the full amount of the check, including the amount you sent to the buyer.
Laptop Icon
Digital Currency and Bitcoin Scams
You are contacted by an individual that informs you there is a warrant out for your arrest, your social security number has been compromised, or some other threat or concern is brought to your attention by this individual. This person may even tell you they are with the IRS, law enforcement, or another organization.

Next, this individual tells you the only way to remedy this issue is through immediate payment, but not normal payment by cash, check, or wire, but using digital currency purchased at a digital currency or Bitcoin ATM or on the internet. After purchasing the digital currency or Bitcoin, the individual then instructs you to send them these funds electronically.

Family Emergency Scams
You get a call: “Grandma, I need money for bail.” Or money for a medical bill. Or some other kind of trouble. The caller says it’s urgent – and tells you to keep it a secret. But is the caller who you think it is?

Scammers are good at pretending to be someone they’re not. They can be convincing: sometimes using information they’ve obtained from social networking sites or hacking into your loved one’s email account, to make it seem more real. They’ll pressure you to send money before you have time to think.

Speech Bubble Icon

Romance Scams
You meet someone special on social media or a dating website. He/she professes their love quickly, and your conversations move to email or phone calls. You make plans to meet one another but plans are always cancelled last minute. Soon thereafter, he/she requests that you send them money for an emergency (car repair, medical bills, etc).

Team Icon

IRS Impostor Scams
You get a call from the IRS, a federal agent, or even your local utilities office. The caller states you owe back taxes, or that there
is a warrant out for your arrest, or that you have late or unpaid bills.

The caller threatens to sue you, arrest or deport you, revoke your license, or shut off your utilities if you don’t pay right away. They tell you to put money
on a prepaid debit card and provide them with the card numbers.

The caller may know part of your Social Security number, and your caller ID might show a Washington, DC area code; but is the call valid?
Swipe for more

Scams, Identity Theft, & Security Tips

Education is the best method for prevention. 

We are here to help.

Identity Theft

Identity theft occurs when someone steals your personal information, such as name, address, Social Security number, credit card, bank account numbers, or even medical insurance account numbers. 

This information can be used to hijack your bank account, make purchases, open new credit cards in your name, charge medical bills to your insurance, open utility accounts, and more.

Here’s what you can do:
  • Check your monthly statements and credit card bills for any unusual charges. Keep track of what bills you are expecting and contact the biller if a monthly statement is not received.
  • Regularly check your credit report for unexplained changes.
  • Keep a close eye on your wallet, credit cards, passwords, and any other personal information that could give someone else access to your money.
  • Be careful how and where you use your credit cards, both in person and online. Only shop from stores and on websites that are trustworthy and reputable.

How to Report Identity Theft

If you believe your identity has been stolen, there are a few ways you can report it:

Report your identity theft to the Federal Trade Commission (FTC), either online at or by phone by calling 1.877.438.4338 or TTY 1.866.653.4261. 

If you report online with the FTC, you will be provided with an identity theft report and recovery plan. If you create an account, you will be able to manage your recovery plan and will have access to pre-filled form letters to send to creditors.

You may also report identity theft to your local police. This may be necessary if you know who the thief is, if the thief used your identity in an interaction with the police, or if a police report is required by any of your creditors affected by the theft.

Specific types of identity theft can be reported to other federal agencies as well.

Medical identity theft can be reported to Medicare’s fraud office or your health insurance company’s fraud department.

Tax identity theft should be reported to the Internal Revenue Service (IRS), as well as your state’s Department of Taxation or Revenue.

After reporting your identity theft to the federal government agencies, it should also be reported to various other organizations as well. One of the three major credit reporting agencies, Equifax, Experian, or TransUnion, should be contacted so a freeze or alert can be added to your accounts so no one can try to open any new accounts or cards with your name. Also ensure that the credit reporting agency will communicate this with the other two credit reporting agencies.

Report the theft to any of the financial institutions that you have accounts with.

If the thief has used your information to open an account or apply for a job anywhere, alert those companies about the identity theft.

If your identity was stolen after a stay in a nursing home or long-term care facility, report it to the National Long-Term Care Ombudsman Resource Center.

Learn More About Reporting Identity Theft From the FTC

Trustworthy and Reliable Site Criteria

A trustworthy and reliable website will be one that has a website certificate and uses encryption to protect information submitted on the website. To know if a site has a website certificate, check for a closed padlock icon, either up by the URL or at the bottom of the window in the status bar. This indicates that the website is secure. Also check that the URL includes “https:” and not just “http:” as this means they encrypt any information submitted on their website to protect the customer’s information.

Make sure it is a reputable site and not a fake, malicious site designed to look like the legitimate website. Scammers will create these deceiving websites that are not secure to trick customers into giving their personal information. The scammers can then use this information to take your money or your identity.

Attackers will try to send phishing emails, where they ask consumers to submit personal information through email, or link them to a malicious website. A reputable business will never ask for personal information through email, and they rarely send unsolicited links via email. If something is suspicious, open a new browser window and type in the website address directly instead of replying to an email or clicking any links in the email.

Credit cards are safer to use when purchasing online. If fraud takes place on your debit card, you may have to wait for the refund process to complete prior to regaining access to your funds. With a credit card, you are not out any of your own money during the reversal process. Credit cards are not tied to any of your deposit accounts.

It is also useful to check a website’s privacy policy before providing any personal information on the site. The privacy policy will outline how the website intends to use and store the information it is asking for.

Click Here for More Information from the United States Computer Emergency Readiness Team

Checking your Credit Report

Check your credit report regularly to help prevent identity theft. The Fair Credit Reporting Act (FCRA) allows everyone to check their credit report once every 12 months for free from each of the three national credit reporting agencies: Equifax, Experian, and TransUnion.

Be careful of impostor sites promising free credit reports. There is only one website, that has the authority to fill orders for free credit reports, under law. When other sites offer any sort of free credit scores or reports, be wary of the stipulations that may be hidden.

The three nationwide credit reporting companies or will never ask you to submit any personal information through email or on the phone. If you are ever asked to provide personal information, be suspicious of a possible scam. The only information you need to provide to receive your annual free credit report is your name, address, Social Security number, and date of birth.

While you are eligible to receive a free credit report from each nationwide credit reporting companies, you do not have to order them all at one time. It is suggested that you stagger your credit report orders from each company so that you can keep a better eye on your credit report for suspicious activity.

It is suggested that you take advantage of your three free credit reports annually. Requesting your credit report will not harm your credit score since it is not an inquiry about new credit. Therefore, checking your credit report regularly can only help protect you from possible identity theft.

Learn More About Checking Your Credit From the FTC

How to identify & report a scam

How to protect yourself

Give the bounce to fake check scams

It’s your lucky day! You just won a foreign lottery! There’s just one catch: this is a scam. The lottery angle is a trick to get you to wire money to someone you don’t know. If you were to deposit their check and wire the money, you would soon learn that the check was a fake. The money you wired can’t be retrieved, and you’re responsible for the checks you deposit—even though you don’t know they are fake.

This is just one example of a counterfeit check scam that could leave you owing money. The Federal Trade Commission wants you to know that counterfeit check scams are on the rise. The scammers use high quality printers and scanners to make the checks look real. Some of the checks contain authentic-looking watermarks. These counterfeit checks are printed with the names and addresses of legitimate financial institutions. And even though the account and routing numbers listed on a counterfeit check may be real, the check still can be a fake.

These fakes range from cashier’s checks and money orders to corporate and personal checks. Could you be a victim? Not if you recognize and report them.

Fake checks: variations on a scheme

Counterfeit or fake checks are being used in a growing number of fraudulent schemes, including:

  • foreign lottery scams
  • check overpayment scams
  • internet auction and secret shopper scams
  • scams selling cars or other valuable items through classified ads or online auction sites.
Here’s how it happens:

A scam artist replies to a classified ad or auction posting, offers to pay for the item with a check, and then comes up with a reason for writing the check for more than the purchase price. The scammer asks the seller to wire back the difference after depositing the check. The seller does it, and later, when the scammer’s check bounces, the seller is left liable for the entire amount.

Who is responsible for what?

Under federal law, financial institutions generally make funds available to you from U.S. Treasury checks, official checks (cashier’s checks, certified checks, and teller’s checks), and checks paid by government agencies at the opening of business the day after you deposit the check. For other checks, financial institutions must make the first $225 available the day after you deposit the check. 

However, just because funds are available on a check you’ve deposited doesn’t mean the check is good. It’s best not to rely on money from any type of check (cashier, business or personal check, or money order) unless you know and trust the person you are dealing with or, better yet—until the financial institution confirms that the check has cleared. Forgeries can take weeks to be discovered and untangled.

The bottom line is that until the financial institution confirms that the funds from the check have been deposited into your account, you are responsible for any funds you withdraw against that check.

Protecting yourself

  • Throw away any offer that asks you to pay for a prize or a gift.
  • Resist the urge to enter foreign lotteries. It’s illegal to play a foreign lottery through the mail or the telephone.
  • If you are selling something, don’t accept a check for more than the selling price, no matter how tempting the offer.
  • As a seller, you can suggest an alternative way for the buyer to pay, like an escrow service or online payment service. To learn more, visit the FTC website.
  • If you accept payment by check, ask for a check drawn on a local financial institution.
  • If the buyer insists that you wire back funds, end the transaction immediately.

If you think you are a victim

If you think you’ve been targeted by a counterfeit check scam, report it to the following agencies:

  • The Federal Trade Commission or 1.877.FTC.HELP (1.877.382.4357).
  • The U.S. Postal Inspection Service or call your local post office.
  • Your state or local consumer protection agencies; visit for a list of state Attorneys General.


How to recognize it

How to prevent it

Guarding against account hijacking

It is the fastest growing form of identity theft, and it can have the most devastating effect on us. It is called Account Hijacking, and some 2 million people are victimized yearly. Account hijacking occurs when a criminal obtains your personal banking information and uses it to take over your bank accounts. It can take weeks or months to discover. Fortunately, there are steps you can take to protect yourself.

Quick facts about account hijacking

  • An estimated 2 million people are hit with account hijacking each year; most say it was from a phishing email.
  • Overall account fraud totals more than $2.4 billion annually, $1,200 per victim.
  • People who monitor their accounts online (rather than just with mailed statements) can detect hijacking earlier. In one report, victims’ losses were one-eighth of those who detected the crime via paper statements due to early detection.

Protecting Yourself

Step 1: Understand the threat

Often, the account hijacker uses one or more methods to obtain your personal data. You should be particularly aware of two:

  • Hijacking by phishing deceives customers into providing their user names, passwords, and account numbers via deceptive e-mails, fake Web sites, or both. The classic phishing attack involves a deceptive e-mail that purports to be from a legitimate financial institution. The e-mail typically tells the customer that there is some sort of problem with the customer’s account, and instructs the recipient to click on the included hyperlink to ”fix” the problem. In reality, the fake Web site is simply collecting customer user names and passwords in order to hijack accounts.
  • Hijacking by spyware works by inserting malicious software, often referred to as “spyware,” on a person’s personal computer. Spyware can be loaded when a user opens a seemingly innocuous e-mail attachment or clicks on a pop-up advertisement. The spyware collects selected information (e.g., user names, passwords, and account numbers) and forwards that information to the fraudster.
Step 2: Fortify your system

Here are some basic safety measures you can implement immediately:

  • Password protection - If your password is easy for you to remember, the chances are good it is also easy for an Internet hacker to figure out. Experts advise a combination of letters and numbers…and avoiding pet names, your home address, and similar easy-to-crack codes.
  • Anti-virus software - Your computer’s anti-virus software is like a vaccine—it works at first, but you need to keep it up-to-date to guard against new strains.
  • Anti-spyware - Anti-programs are readily available, and every computer connected to the Internet should have the software installed…and updated regularly.
  • “Phishing awareness” - If you receive an unexpected email, or one that you consider suspicious, delete it. Remember: your bank will never email you and ask you to go to another site to “verify information.”
Step 3: Vigilance Pays

Chances are you will never be victimized by account hijacking identity theft. But if you are victimized, early detection is critical.

  • Check your statements regularly. If something seems irregular, contact your banker to discuss it. A recent study showed that customers who monitor their accounts online discover problems sooner.
  • Check your credit report at least annually. You are entitled to one free credit report annually from each of the three major credit bureaus. If a hijacker is misusing your credit, clues are likely to show up here. For a free report:

Your bank is taking substantive measures to protect the safety and security of your accounts. By acting today to strengthen security at your end of the Internet highway, hijackers will have an even tougher time. Stop by your bank to learn more.


Security Threats

Social Networking Sites

Everyone seems to be on a social networking site these days. Between Facebook, Twitter, Instagram, Tubmlr, and the countless other ones out there, you can be connected to anyone and everyone with just a few clicks. Social networking sites help us stay connected to friends and family close and far, lets us virtually "meet" new people through our existing friends, and they even give us the opportunity to connect with public figures. While social networking sites are popular for these reasons and many more, they also come with unique dangers.

Social networking sites allow you to create and personalize an account. People often share information about themselves, post photos, and update statuses of where they're at at any given moment. While this may seem like a fun way to update your friends and family about your life, sometimes more than just your friends and family are watching. When providing information on a social networking site, people tend to share more personal information than they might when meeting someone in person. These sites provide a false sense of anonymity and security due to the lack of physical interaction. With the majority of people now on at least one type of social networking site, it's important to understand how they work and the security dangers you could face while on one.

Here’s what you can do:
  • Be cautious about the amount of information you provide. Avoid sharing information such as your address or your schedule that could make you more vulnerable to scammers and strangers.
  • Keep in mind that the Internet can be accessed by anyone. Anything posted online is kept forever. Even after it is deleted from the site, a saved or cached version may still exist somewhere.
  • Be skeptical of information obtained on a social networking site. People can post false or misleading information and create fake profiles on these sites as well. Be wary of strangers trying to connect with you online and always try to verify information read on social networking sites with a second and more reliable source.
  • Research your social networking site's privacy settings and policies. Sometimes the default settings don't hide as much information from the public eye as you may think and their privacy policy may not prevent them from sharing information from your account with other companies.
  • Be careful when giving third-party applications access to your account. Many of these third-party apps are used for entertainment, but they may also be gathering information from your account when they are downloaded. Make sure you trust the app before downloading it or giving it access to your account.
  • Make sure your password is strong and changed immediately if you think someone may have gained access to your account without your permission.

Click Here for More Information from Cybersecurity and Infrastructure Security Agency

Social Engineering Attacks

Someone shows up to your business and says they are with your security company and are here to do a routine check on all of your security cameras. The company this individual claims to be with is in fact your security company, but you don't remember them saying anything about routine checks of equipment. Nonetheless, you allow this person access to your security cameras, footage, and computers, as well as answer any questions they have.

This is an example of how easy it is to fall for a social engineering attack. The person claiming to be from your security company was lying, but used their social skills and human interaction with you to gather private information about your business, and even possibly about your customers as well. 

Here’s what you can do:
  • Do not give any information out to someone unless you are certain they are who they say they are.
  • When scheduling repair work, always ask for the name of the individual that will be doing the work and confirm this individual's name when they arrive.
  • If someone claiming to be with a specific company is there to do maintenance or work that you were not expecting, call the company's trusted number to confirm that this individual is with them and can be trusted.

Click Here for More Information from CISA

Phishing Attacks

A phishing attack is a type of social engineering attack done through the computer, either through email communication or malicious websites. A phishing attack may be an email that looks like it's from your bank or credit card company claiming there is an issue with your account. They request that you reply back to their email with your account information to correct the issue. Unfortunately, when that information is sent in response to a phishing attack, the scammer now has access to your bank account or credit card information.

Another popular phishing attack goes hand-in-hand with charity scams. An email appears to be from a popular charity or in relation to a current event, like a natural disaster or a political election. The email is asking you to click on a link in the email to donate money on their website; however, the website the link takes you to is malicious. After entering your card information on the malicious site to donate money to what you think is a worthy cause, the attacker steals your information and can now use your card and access your computer.

Here’s what you can do:
  • Do not share any personal information through email, including bank account and credit card numbers.
  • If you receive an email that is requesting your bank or credit card information, always call the company directly to confirm from a trusted number that is not listed in the email. Ask why they need your information and if you can provide it over the phone instead of in email.
  • Avoid clinking links in emails that are unsolicited. The link could be malicious, giving your computer a virus and allowing access to your personal information.
  • If you receive an email asking you to donate money by clicking on a link, always search for that organization's legitimate website on a search engine and donate from there instead of using the link in the email. 
  • See Trustworthy and Reliable Site Criteria above for more information on how to confirm that a website is safe.
  • Remember that the IRS will never contact you through email, text, or social media. Never release any personal information to the "IRS" through these channels. 
  • Always "Think Before You Click!"

Click Here for More Information from CISA   Click Here for More Information from the IRS   

Learn More About Phishing Attacks From the FTC

Online Banking & Data Security

Online banking has grown rapidly into a major new way to bank. Some surveys show more people prefer to bank online than in the traditional ways. This phenomenal growth has been accompanied by increases in the safety and security measures undertaken by banks and their customers. But cyber-criminals are always looking for new ways to electronically break into the bank and steal your money.

Safe online banking depends on continuing and strengthening this partnership for safe online banking. 

Click Here for More Information about Online Banking & Data Security

Caller ID Spoofing

Have you ever received a call that shows up on your caller ID as a friend, your bank, or even the local police department, but when you answer the call it's someone trying to sell you something or get you to donate money? Scammers have gotten more creative and have started tricking people into answering their calls by using this tactic called 'caller ID spoofing.' Sometimes instead of displaying a specific name on the caller ID, the call will look like it's coming from a local number. Scammers do this to cause a sense of panic or concern. They hope you think it's a neighbor that might need your help or the school nurse calling about your child. It can be hard to field these scamming attempts as you don't want to miss an important call, but caller ID is no longer a reliable way to avoid scammers and telemarketers.
Here’s what you can do:
  • Do not answer the call if you don't recognize the number. This will send the caller to your answering machine or voicemail where they can leave a message if it is important.
  • If you receive a strange call from a government agency asking you for personal information, do not comply. Hang up and call back on a phone number listed on their official government (.gov) website.
  • Be suspicious of any calls requesting personal information or money for a time sensitive reason. Do not give into their pressure for the information they want. This is a scare tactic scammers use to trick you into giving up your personal information or credit card numbers without thinking it through.
  • Join the National Do Not Call List. This list may not stop all calls, but it should stop most. If you are still receiving scam calls after you have registered your phone number, the scammers are disregarding the law and should be reported.

Learn More About Caller ID Spoofing From the FTC   Report Unwanted called and Join the National Do Not Call List   


Provided for informational purposes only.