Stay a Step Ahead of the Predators and Avoid being a Victim of Fraud

EAP Ask the Expert: Dan Coleman, Senior Investigator, MGH Police & Security

The idea of being taken advantage of and losing money, control of your Identity or devices is daunting and can be anxiety-provoking. The predators are clever, opportunistic, and persistent, and are always looking for new ways to invade our lives.

Many of us may believe we are immune from fraud. While certain populations (such as children, the elderly, military members, and recently, some in healthcare), are at higher risk, even those who are tech-savvy have been tricked by scammers who make their schemes seem very legitimate.

Who wouldn’t be a little scared when receiving an email demanding money or risk losing control of your device (or worse) because the sender knows one of your usernames and passwords (and produces them)? This is a scam, but many have fallen for it.

According to the Federal Trade Commission (FTC):

• 2.8 million consumers reported losing more than $5.8 billion to fraud in 2021.
• This represents a 70% percent increase from 2020.

There are definitely things you can do to prevent being a victim of fraud and limit negative impacts if your personal information is compromised.

For this feature, the EAP is partnering with Senior Investigator, Dan Coleman, from MGH Police and Security. Dan shares his expertise to help you protect yourself and your loved ones.

What Explains the Big Increase in Fraud & Loss?

Dan indicates that much of the uptick is related to increased and regular reliance on technology and devices, and how they impact our busy lives.

• We are overwhelmed with communications and information, and very accustomed to doing anything and everything on our devices.
• New platforms have been introduced over the last few years and the technology learning curve changes rapidly.
• We want immediate results and quick resolutions to problems (whether legitimate or not).
• All of the above, combined with our busy lives, creates a perfect storm in which we are not as vigilant or skeptical as we should be.

Educate Yourself about Fraud Schemes

It’s beneficial to understand how scammers work and which areas they target (and how). Knowing what types of schemes are out there will give you an advantage because you won’t be caught off-guard or risk reacting based on fear. Few industries or tactics are off the table in efforts to get control of your money, identity, devices and even your emotional well-being. Targets include:

• Mail
• Phone
• Online platforms, via phishing (emails or texts which look legitimate but are not, and influence you to click links to control your computer or access your information and money. Phishing uses Malware (viruses, spyware, ransomware, that gets secretly installed onto your device).

Most common in 2021
(from the FTC)

• Imposter scams (a scammer pretends to be someone you trust to convince you to send them money)
• Online shopping scams
• Prizes, sweepstakes, & lotteries
• Internet services
• Business & job opportunities

On the radar right now
There are too many to list, but here are a few that are in the headlines:

• Tech scams to gain control of financial accounts
  Scammers, posing as tech company representatives, claim that financial accounts have been compromised (for example, a bank account has been hacked or there is a computer virus). The goal is to convince victims to move their assets, allowing scammers to access devices and financial accounts.
• Healthcare
  Dan warns of a number of current fraud schemes in the healthcare space, such as Drug Enforcement Administration (DEA) scams.
  This involves attempts to get information from clinicians/prescribers by people posing as government officials. Providers are led to believe that their prescribing credentials have been compromised, indicating a problem with their account. They are threatened with potential prosecution if they don’t cooperate.
  Other risks include imposters posing as Medicare or healthcare providers, in attempt to get money or personal information.
• Tax rebate scams
  Scammers may send texts about a “tax rebate” or some other tax refund or benefit. The goal is to get you to click on a link to trigger malware or get your information.
• Law enforcement imposters requesting money
  The Boston Police Department cautions against becoming a victim when being contacted by a phone number that appears to be originating from a legitimate law enforcement agency seeking money for various reasons.

• Fake puppy scams
  A fake seller markets and collects payment for a dog that does not exist or that they have no intention of selling. The fraudster may post ads and even go so far as to arrange a pickup, but never shows up.

• Fake package scams
  Predators use tactics such as texting to get personal information, including your credit card number.
• Money mules
  Money mules (people that receive and move money that came from victims of fraud) are recruited by criminals. This money transfer is often facilitated via questionable job roles or on-line dating scams, when people are asked to transfer money that doesn’t belong to them.

Measures you can Take to Avoid Being a Victim of Fraud

In addition to keeping updated on potential fraud schemes, there are other steps you can take to maximize the security of your information, finances, and devices.

Slow down and think before Responding
Dan emphasizes that the #1 most important strategy is to avoid reacting in haste or panic. Instead, take a breath and a step back before responding. The scammers are banking on the fact that you will engage with them or take action for a quick resolution. Consider the request and options for responding before you do anything. Any non-criminal person or organization will understand that you want to get a full understanding before acting.

Do some investigation:

• Does the situation make sense?
• Do you actually have an account with this vendor?
• Does a legitimate organization or company behave this way or use this type of language/grammar?
• Did you hover over the email address to see if it’s really from who they claim it’s from?
• Ask for help from someone (family, friend, or law enforcement) with knowledge.
  – Don’t be embarrassed about requesting assistance. This is preferable to losing your money or worse.

The good news is that many sources offer specific, helpful, and parallel guidance on how to beat the scammers at their own game. Some resources may require a small investment of time or money. Dan stresses that comparatively, it will cost you a lot more time and money if you are hacked or have your identity stolen. He recommends incorporating anything that helps to trigger good security habits, such as regularly changing your passwords.

Protect your personal information and identity

• Check your credit reports. This will provide warnings about fraudulent activity with credit cards or loan applications.
• Use Fraud alerts and security freezes.
  – Fraud alerts inform creditors about potential fraud and encourages them to contact you to verify your identity.
  – A security freeze stops anyone from viewing your credit report and prevents someone from opening a credit account in your name.
• Shred documents with financial or personal information, and destroy expired credit cards.
• Dan recommends doing an accounting of what information about you is in the public domain via Nuwber and opting out of sources of personally identifiable information as relevant.

Minimize your online risk
(Adapted from the FBI & Forbes)

• Understand that legitimate customer, security, or tech support companies do not initiate unsolicited contact with individuals.
• Never trust any company requesting personal or financial information.
• If a pop-up or error message appears with a phone number, don’t call the number. Real error messages never include phone numbers.
• Be cautious of customer support numbers obtained via online searching. Phone numbers listed in a “sponsored” results section are likely boosted via Search Engine Advertising.
• Do not give unknown, unverified persons remote access to devices or accounts.
• Do not download or visit a website that an unknown person may direct you to.
• Consider password managers, which offer an encrypted way to store your private login information, so that it’s easily accessible (to you) and hard to access/hack by anyone else.
• Activate password or biometric identification (like fingerprints or facial recognition) on devices.
• Use 2-factor authentication (a second way to verify yourself) for your accounts.
• Avoid public or open Wi-Fi as they are vulnerable to hackers.
• Add Antivirus and malware software to protect personal information.
• Secure social media accounts and be cautious about the information you make public.
• Check for data leaks via sites such as F-Secure and have i been pwned? to ensure that your data hasn’t been compromised.

*Neither the EAP or MGH Police & Security endorses or recommends any specific-fee-based security resource.

Learn how to prevent fraud via the phone
( adapted from The FCC)

• Do not answer calls from unknown numbers.
• If the caller claims to be from a legitimate company or organization, hang up and call back using a valid number found on the official website or on your bill.
• Do not respond to prompts to stop receiving calls, or answer questions. Just hang up. Scammers often use these tricks to identify and target live respondents or to apply unauthorized charges on your bill.
• Caller ID showing a “local” number no longer means it is necessarily a local caller.
• Legitimate organizations, like law enforcement will not ask for payment with a gift card.
• Use a robocall blocking service via your phone company.
• Consider registering your telephone numbers in the National Do Not Call Registry.
• If you receive a scam call, file a complaint with the FTC
  – 1(877) FTC-HELP (1-877-382-4357) or TTY 1-866-653-4261.

Learn how to recognize that your accounts might have been compromised
(adapted from Experian)

The sooner you identify a problem, the sooner you can stop the fraud and reconcile/secure your accounts. Be on the look-out for:

• Not receiving household bills in the mail as expected.
• Being turned down for a loan or credit card, despite having good credit.
• Charges that are not yours on known accounts and credit card bills for accounts you don’t recognize
  -This includes nominal (small) charges (known as “test charges”).
• A rejected tax return because there was a duplicate filed.

Steps to Take if you think you have been a Victim of Fraud
(adapted from the FBI & Experian)

• Run virus scans to check for potentially malicious software installed by the scammers. Consider having your computer professionally cleaned.
• Contact your financial institutions immediately by using the number on the back of your bank card or by visiting the institution in person.
• Review your credit reports to make sure everything is accurate.
• Use Fraud alerts and security freezes.
• Dispute any inaccurate information you find in your credit report.
• Change all passwords if the scammer had access to your device.
• Expect additional attempts to contact. The scammers often share their victim database information.
• Keep all original documentation, emails, faxes, and logs of all communications.
• File a report with your local police.
• If an online crime, file a complaint with the FBI’s Internet Crime Complaint Center
• If you think your identity might have been compromised, file an identity report with:
  – The Federal Trade Commission; 1(877) FTC-HELP (1-877-382-4357) or TTY 1-866-653-4261
  – The Police
• Consult with your hospital security department (see full MGB list below). Dan indicates that although they do not have jurisdiction to act in non-work cases, they can help point you in the right direction.

Resources

General

• Federal Trade Commission – Fraud Resources
• FBI – Scams & Safety
• MGB EAP – Fraud & Consumer Protection Resources
• U.S. Department of Justice – Consumer Information
• Mass.Gov – Consumer Guide to Scams
• Mass.Gov – Protecting Yourself if Your Identity is Stolen
• MGH Blum Center – Dan Coleman: Protect Yourself from Identity Theft
• State and Local Consumer Agencies in Massachusetts
• Cambridge Savings Bank – Fraud Protection Library
• OSINT Opt-Out Guide

For Mass General Brigham

• Identity Theft Insurance Benefit via Corestream
• Healthstream – Phishing 
• Hospital Police & Security Departments – Available for consultation
  – Assembly Row (MGB and Mass General Brigham Health Plan  857-282-6000
  – Assembly Row (MGB and Mass General Brigham Health Plan) 857-282-6000
  – BWH stat/emergency line 617-732-6555 (non-emergency is 617-732-6565)
  – CDH 413-582-2840
  – BWFH 617-983-7875 or operator 617-983-7000 (Security Dispatch 617-983-7677)
  – McLean 617-855-2121
  – MEE 617-573-3121
  – MGH 617-726-2121
  – NSMC 978-354-2521 or switchboard 978-741-1215 x 2222
  – NWH (Public Safety) 617-243-6478
  – Spaulding Hospital Cambridge 617-876-4344 x 3610 (617-234-7756)
  – SRH 617-573-2121 (Boston=952-5100)

For the Elderly

• Elder Fraud Resources

For Kids

• Equifax – Protect Children from Identity Theft 
• Children & Technology Resources

For Veterans

• VA.GOV – Prevent Pension Poaching Fraud and Protect VA Benefits 
• USA Today – How Veterans & Active-Duty Members can Protect themselves from Online Scams

Other EAP-MGH Security News Feature Collaborations:

Personal Safety for Women: Self-defense Goes Way Beyond the Physical

Help from the EAP

The EAP offers free and confidential services for employees and immediate household family members. EAP records are separate from medical and HR records. Contact the EAP at 866-724-4327 or request an appointment via our online form for confidential assistance.