Common Examples of Fraud
ID Theft Identity theft occurs when someone uses your name, Social Security number, credit card number, or other identifying information to commit fraud or other crimes.
The Department of Justice says, "With enough identifying information about an individual, a criminal can take over that individual's identity to conduct a wide range of crimes: for example, false applications for loans and credit cards, fraudulent withdrawals from bank accounts, fraudulent use of telephone calling cards, or obtaining other goods or privileges which the criminal might be denied if he were to use his real name. If the criminal takes steps to ensure that bills for the falsely obtained credit cards, or bank statements showing the unauthorized withdrawals, are sent to an address other than the victim's, the victim may not become aware of what is happening until the criminal has already inflicted substantial damage on the victim's assets, credit, and reputation."
From the Federal Trade Commission:
Stay alert for the signs of identity theft:
- Accounts you didn't open and debts on your accounts that you can't explain.
- Fraudulent or inaccurate information on your credit reports, including accounts and personal information, like your Social Security number, address, name or initials, and employers.
- Failing to receive bills or other mail. Follow up with creditors if your bills don't arrive on time. A missing bill could mean an identity thief has taken over your account and changed your billing address to cover his tracks.
- Receiving credit cards that you didn't apply for.
- Being denied credit, or being offered less favorable credit terms, like a high interest rate, for no apparent reason.
- Getting calls or letters from debt collectors or businesses about merchandise or services you didn't buy.
Resources For tips on preventing Identity Theft – How to Protect Yourself
To report possible identity theft - If you think you may have provided personal account or password information in response to an email, text or phone call you received, please call us immediately at 1-800-480-BANK (2265) 24 hours a day, 7 days a week.
The FTC has provided a list of steps to take in addressing and limiting the damage associated with identity theft.
Phishing and Smishing
Phishing (fraudulent email or pop-ups) and Smishing (fraudulent text messages/SMS phishing) are used to trick people into providing personal information that can be used for identity theft or even unwittingly downloading a virus or spyware. Some email messages direct you to fraudulent websites, designed to trick you into believing they belong to a company you know by using its brands' domain names and graphics.
The ultimate goal of this fraud is to use your information to gain unauthorized access to your bank or financial accounts or to engage in other illegal acts. Criminals can make an email look as if it comes from someone else.
Fake emails often contain the following characteristics:
- The sender's email address doesn't match the organization's website address.
- The email uses a generic greeting, such as “dear customer.”
- They display a sense of urgency (i.e. Unless you act immediately, your account could be closed.).
- They request personal information such as user name, password or account numbers.
- "We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."
- "During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information."
- firstname.lastname@example.org / Congratulations! Your Huntington Bank cash back reward is ready to be redeemed! Simply call 877-555-5555 to redeem.
If you ever receive an email of this nature, do not open the attached files, and do not provide any personal information. Please treat the email as fraudulent and forward it to us at email@example.com or call 1-877-932-BANK (2265) 24 hours a day, 7 days a week.
If you do open an attachment or click a link containing a virus or other malicious program, you will need to take steps to reestablish the security of your system:
- The most comprehensive approach would be to make a full backup of all user data, re-image the system and restore the user data. In addition, all user credentials (usernames, passwords, answers to challenge questions) should be changed.
- Alternatively, you can clean your system using anti-virus software and change your user credentials. Depending on the nature of the virus or malicious program, the anti-virus program may or may not be successful in removal. We encourage you to check frequently for updates to these virus-detecting programs and install updates as necessary.
- If you respond to a phishing email (this should link to phishing section on scams/threats page) with personal or account information, contact Huntington immediately at 1-800-480-BANK (2265) 24 hours a day, 7 days a week.
Note: Huntington email communications:
- Huntington may on occasion send you emails with links to new product information or promotions.
- Huntington may notify you by email when there is a new message or security alert waiting for you in your Message Center or Security Alert Center. The notification email may contain a link to Huntington.com to log in and view more details.
- These links are provided for convenience only. If there is ever a question concerning the validity of an email, you should access the information by navigating directly to the Huntington.com URL.
Spear Phishing and Whaling
- Spear phishing is phishing that is directed at particular individuals or organizations. The individual targeted will usually have access to valuable information and/or access to secure parts of the organization’s network, such as a network administrator or system architect. This form of phishing is usually more successful than random or broad phishing attacks. When a small number of people or a single individual is picked as the target, the fraudster can then research and obtain a deeper knowledge of the targets in order to form a more convincing con.
- Whaling is the term used to refer to spear phishing directed specifically at high profile targets within businesses, such as senior executives. Examples of such an attack might be a customer complaint, a legal subpoena, or some sort of business-wide concern.
A fairly new phenomenon, chat-in-the-middle attacks, direct victims to fake websites where a fraudulent chat window pops up. The website and pop-up window are designed to look legitimate. The scammers then pose as financial institution employees and ask victims to validate their passwords, account numbers, user names, and more.
Vishing (VoIP phishing)
Other scammers send emails, text messages, or pop-ups that appear to be from a legitimate business and ask you to call a phone number to update your account, receive a "major" credit card, a prize, or other valuable item -- then ask you for personal data, such as your Social Security number, credit card number or expiration date, or mother's maiden name. Because they use Voice over Internet Protocol technology, the area code you call does not reflect the scammers’ actual location. Instead of calling the business back, go to your financial statements or credit cards and call the legitimate business number. Find out if they sent the email and/or report the fraudulent message.
If someone you don't know calls you on the telephone and offers you ANYTHING in exchange for personal information, ask them to send you a written application. If they refuse, tell them you're not interested and hang up. The FBI says, "Never give your credit card number over the telephone unless you make the call."
Like phishing, pharming is most often used to steal important personal information that can be used later to commit identity theft. Pharming is perpetrated when a hacker installs malicious code on a personal computer or server with the intent of redirecting legitimate Internet traffic to a fraudulent website. Users will unknowingly be redirected from their intended website to a similar fraudulent website designed to collect user credentials (username, password, security question responses, etc.) and other personal information.
Fake Mobile Banking Apps
Criminals may develop and publish fake mobile banking applications designed to look like official Huntington Mobile Banking apps. The intent of these applications is to collect personal information, including user credentials (username/password), with the goal to commit identity theft or account takeover.
Here are tips for recognizing an official Huntington mobile application:
- Official Huntington mobile applications are only available from the Apple App Store (iOS) and Google play (Android). Any mobile apps advertised on third-party sites will be fraudulent and should be avoided.
- The developer or author of the application will be Huntington National Bank. To help protect your accounts and information, never download or install any Huntington mobile banking applications that do not meet the above criteria.
Still Have Questions?
If you can’t find what you’re looking for, let us know. We’re ready to help in person, online or on the phone.
24 hours a day, 7 days a week. 1-800-480-BANK (2265)