Blog

How to avoid fraud with P2P and A2A transfers

For many people, shopping and paying bills online is second nature. And now thanks to mobile payment apps, you can easily pay your friend or tip your hairdresser with a tap of your phone. But with the rise of mobile payment apps have also come a rise in fraud and scams. Add in the craziness of the holidays, and it can be easy to get distracted and fall victim to scams. Read on to learn more about P2P and A2A payments with mobile transfer apps and how you can best protect yourself from scams.

What are P2P & A2A transfers and how do they work?

Peer-to-peer (P2P) payments let you send money directly to another person. Commonly known through money transfer apps like Venmo, PayPal, and Zelle, P2P payments allow you to send and receive money through your mobile device. Typically, funds are transferred electronically from your checking account but some apps like Venmo accept a credit or debit card to transfer funds, sometimes for a fee. P2P payments are free to send through Georgia’s Own Bill Pay, online or with mobile banking, and the recipient can receive the funds faster by opting to pay a small fee.

Account-to-account (A2A) or external transfers can be used to electronically transfer funds to your accounts at other financial institutions or send money to friends and family if you know their account information (routing number, account number, etc.). A2A transfers can be set up online or through mobile banking and usually require you to validate access to the external account—sometimes that’s instant and other times that’s done through micro-deposit validation. Once the access has been granted, you can set up one-time or recurring transfers to those external accounts. Unlike P2P payments, A2A transfers can take a few business days to process, depending on the institution(s).

Both forms of payment are best used with people you know and trust. If you send or receive money via A2A, you need to share bank account information—which can potentially put you at risk for fraud. On the other hand, P2P payments are essentially like cash. Once the money is gone, it is gone. And while all systems encrypt personal data and financial information, they can still be susceptible to hackers or scammers.

Most common scams: what to look out for

Unfortunately, scammers are creative and constantly developing new ways to steal your money. Knowing some of the more common types of scams can help you keep you and your money safe.

With the rise of P2P payment apps, scammers have started “accidentally” paying people and then asking for a refund. Never send the money back, and instead contact the P2P service about the error. These payments are usually made with stolen funds or hacked accounts that will eventually be flagged as a fraud. If you send money back to the scammer, the P2P service could take funds out of your account or hold you responsible.

Another common A2A scam tactic is the impersonation of your financial institution. You may get a call to alert you about “suspicious activity” on your account. They may try to direct you to send money or ask you to confirm information such as your bank account username and password, credit card or debit card data, or Social Security numbers. Do not share this information—scammers want to create an account with your information, steal your identity, and gain access to your accounts.

Similarly, scammers may pretend to be contacting you on behalf of the government. They might use the name of a real government agency, like the IRS or Medicare, or make up a name that sounds official. Other scams involve pretending to be from a business you know, like a utility company or a charity asking for donations. Do not share any give your personal or financial information in response to a request that you didn’t expect. Honest organizations won’t call, email, or text to ask for your personal information, like your Social Security, bank account, or credit card numbers nor will they ask you to set up A2A payments.

Lastly, there has been an increase in scammers posing as a legitimate business. They may request a P2P payment to reserve a product or service. Once they receive your money, they disappear. Treat P2P payments like cash—do not pay until you receive the product. If you must pay in advance, use your credit card for extra protection.

Best practices for avoiding fraud

The most important tip for avoiding fraud with P2P payments and apps is to only send money to people you know and trust. In the case of real-time P2P payments, these transactions are the equivalent to handing over cash—once the money has left your account, it is gone. If you have two-factor authorization set up to receive a one-time passcode, do not share it. Your financial institution should never ask you for this information.

When setting up A2A payments, rely on processors that are sponsored or associated with your bank, like Georgia’s Own Bill Pay. This will allow you to track your payments and ensure the security of your account. Additionally, you should only set up A2A transfers with people you fully trust.

Always keep an eye on your account transactions, and watch for notifications from your financial institution. If you see notifications about a transaction that you didn’t make, contact your institution immediately. The faster you respond, the better chance of stopping the fraud from occurring. You also should not ignore messages about information changes. If you see something has changed and you didn’t make that change, contact your institution immediately.

Can I get my money back?

If you find unauthorized payments or think you’ve paid a scammer, there are several steps you’ll want to take. If you’ve used a mobile payment app, you will want to contact the app directly. You also need to report it to the FTC and potentially file a police report. When you report a scam, you help the FTC and other law enforcement agencies stop scams.

Lastly, one of the most important things you should do is talk about it with your friends and family. Unfortunately, we are all susceptible to fraud and talking about it may help others to see the signs before it is too late.

Final takeaways:

• Anyone and everyone can be susceptible to scams and fraud.
• Only pay people you know, and only set up A2A payments through your financial institution-sponsored payment options.
• Report any scams or fraud immediately to the correct organizations.

It is important to remember that fraud can happen to anyone, especially during this time of year as we may be distracted by friends and family. Keep your holidays happy and stay alert!

10 ways to stay safe online

Protecting information and securing systems and devices is an essential task that seems like an afterthought to some. However, it’s crucial to stay safe online to protect your personal and financial information. There are many steps individuals can take to enhance their cybersecurity without requiring a significant investment or the help of an information security professional. Below are ten tips you can put into action now:

1. Keep your software up to date

Keep all software on internet-connected devices—including personal computers, smartphones, and tablets—current to reduce risk of infection from ransomware and malware. Outdated software is vulnerable to hackers looking to steal personal information, like usernames and passwords, bank account numbers, or even your Social Security number. Configure your devices to automatically update or to notify you when an update is available. If you don’t enable automatic updates, it’s recommended to install software updates as soon as they roll out or check monthly.

2. Enable multi-factor authentication

Two-factor authentication or multi-factor authentication (like biometrics, security keys, or a unique, one-time code through an app on your mobile device) is a simple way to keep your financial information secure, and you should use it whenever offered. If a password is hacked, guessed, or phished, it’s not enough to give the intruder access without the second form of authentication—thus rendering it useless.

Two-factor authentication varies across platforms, but the overall process is generally the same. For example, you log in to your bank account with your username and password. If entered correctly, the server will send an authentication code to a secondary device, typically via text or email. You’ll then enter the unique code to confirm your identity and gain access. If someone is attempting to access your account, they won’t be able to without the authentication code.

3. Use long, unique passwords

Use a long, unique password to keep your accounts secure. A strong password is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember, while also using a combination of letters, numbers, and symbols. Do not use sequential letters and numbers, like “qwerty” or “1234.”

It’s also important to use separate passwords for different accounts. Around 66% of Americans use the same password for more than one account, which can be detrimental if there is a security breach. If you use the same password for your social media accounts and online banking, your financial information can easily be stolen if your social media password were to be hacked.

4. Use a password manager

It’s hard to keep track of multiple complex passwords, but avoid writing your passwords on paper or storing them on an unprotected device. The best way to manage unique passwords is through a password manager application. A password manager is software created to manage all your online credentials like usernames and passwords. It stores them in a safe, encrypted database and also generates new passwords when needed.

There are various free or cheap user-friendly password manager applications that can be used to securely store your information across multiple devices. Bitwarden offers a free personal plan that allows you to store unlimited passwords, use the app on unlimited devices, free sharing for two users, and more. They also offer a family plan for $40 per year that allows up to six users, encrypted file sharing, emergency contacts who can access your vault in case of an emergency, and more.

5. Think before you click

Links in emails, tweets, texts, posts, social media messages, and online advertising are the easiest way for cyber criminals to obtain sensitive information. Be wary of clicking on links or downloading anything that comes from a stranger or that you were not expecting. Clicking on unknown links or opening attachments may install malware, like viruses, spyware, or ransomware, on your device. The software is covertly downloaded, so you won’t notice until it’s too late.

If you do accidentally click an unknown link, disconnect your device from the internet and ensure your files are backed up. Next, scan your device for malware, then change your usernames and passwords. Lastly, set up a free fraud alert on your credit report with one of the three major bureaus: Experian, Equifax, or TransUnion.

6. Report phishing attempts

If you’re at the office and the email came to your work email address, report it to your IT manager or security officer as quickly as possible. Procedures vary between organizations, so be sure you know your company’s policy for reporting phishing attempts.

If you’re at home and the email came to your personal email address, do not click on any links (even the unsubscribe link) or reply to the email. Delete the email altogether. You can take your protection a step further and block the sending address from your email program, too.

7. Use secure WiFi

Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your laptop or smartphone while you are connected to them. Limit what you do on public WiFi, and avoid logging in to key accounts like email and financial services. Consider using a virtual private network (VPN) or a personal/mobile hotspot if you need a more secure connection.

VPNs encrypt your online traffic and anonymize your location, allowing you to browse safely and securely. Even if your traffic is intercepted, hackers can’t view your activity. VPNs are becoming increasingly popular due to the ability to unblock geo-blocked content on streaming platforms, and they’re also user friendly.

8. Back up your data

Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely. If you have a copy of your data and your device falls victim to ransomware or other cyber threats, you will be able to restore the data from a backup. Use the 3-2-1 rule as a guide to backing up your data. The rule is: keep at least three (3) copies of your data, and store two (2) backup copies on different storage media, with one (1) of them located offsite.

9. Check your settings

Every time you sign up for a new account, download a new app, or get a new device, immediately configure the privacy and security settings to your comfort level for information sharing. Regularly check these settings to make sure they are still configured to your comfort.

10. Share with care

Think before posting about yourself and others online. Consider what a post reveals, who might see it, and how it might affect you or others. One popular trend on social media consists of answering a list of personal questions, such as the name of your first pet or the street you grew up on. Many of those are common security questions, and you’re unknowingly distributing those answers for hackers to view—and potentially gain access to your financial information.

Following the above steps is essential to keeping your personal and financial information secure. This is the first in a series of cybersecurity education posts meant to help you stay safe online. Over the next few months, we’ll share greater insight and tips on each of the topics mentioned above. In the meantime, we offer additional resources to brush up on your financial education, with ACHIEVE for consumers and small businesses. Click here to start learning today.

Top identity theft scams on the rise

Did you know that in 2020 alone, the Federal Trade Commission (FTC) received nearly five million fraud reports from consumers? And while we hate to be the bearer of (more) bad news, that statistic does not include those consumers who may not have realized they had experienced fraud, meaning the number is probably even higher. One of the top categories of reported fraud is identity theft, which is becoming more of an issue as we venture further into the digital age. So how do you avoid becoming an identify theft scam’s next victim? In this case, information is power—so read on to learn how to recognize some common identity theft scans.

Prizes, lotteries, and contests

We’ve all gotten those spam texts that congratulate us for entering a contest we don’t remember signing up for, complete with a link to click on to claim our prize. Read carefully: never click on strange links.

Even if you just click on one of these fraudulent links without entering additional information, many of these website and services have the ability to gain valuable information that is stored elsewhere—like on your Google Chrome account or from your Facebook app. If you do click on a link by mistake, exit ASAP and monitor your credit and other activity to ensure your personal info stays safe.

Password passivity

It’s hard to keep up with all your passwords—between social media, email, job-related resources, and even your home alarm keycode, you probably feel the need to keep your passwords simple and easy to remember. But you should know that using these simpler passwords makes it easier for scammers to gain your personal info—especially if you don’t change your password often.

Create passwords that don’t include your birthday, kids’ names, favorite pet, or your mother’s maiden name—this is all info that anyone can look up online. Instead, create passwords that are difficult to guess and include a lot of variables, like capital and lowercase letters, numbers, and special characters. Bonus: you can use an online password storage system to help you out… just be sure to change your password to whatever service you use.

Unsolicited calls or emails

Raise your hand if you have gotten at least three calls today about your car’s supposed warranty expiring. The rate of spam calls has risen dramatically over the last few years, and while many of us know better than to trust the person talking about a nonexistent warranty, you should also know that many spam callers are working smarter to get you to take their call.

For instance, many spammers now use a local number that will increase the odds of you answering the call. Spammers also use email to personalize messages to you that seem legit enough to stay under the radar of your system’s spam filter. Use your common sense for these—if you didn’t purchase a “car warranty,” it can’t have expired. Send those calls to voicemail and then block the number or hit the “mark as spam” button and delete any weird emails you receive.

High-pressure communicators

You’re on LinkedIn when you get a private message asking you to consider a job opportunity. The person’s profile seems legit, Googling the company yields some results, but something about the message doesn’t ring true. Before you can answer, the person messages again, telling you that you must decide quickly. This is a red flag situation—legitimate potential employers will not ask you to decide on a job online within a matter of seconds.

These high-pressure tactics are also used by some spam callers who try to convince you that your social security number has been compromised or that you are under arrest and the police are on the way. If you’re not sure about the legitimacy of a caller or messenger, ask for their info to call them back (which they will probably not give) and do some research on your own. If it feels wrong, trust your instincts.

Ignoring data breaches

As much as we wish it didn’t happen, data systems can fail, sometimes leaving your information vulnerable. When this happens, the company who was breached will contact you or post a public announcement, but it’s up to you to update and secure your information, usually by changing a password. Even reputable businesses can experience data breaches, so don’t think you don’t have to take a threat seriously just because you feel confident in the business.

While you may not think that a data breach from your favorite pizza place matters, consider how many times you have ordered online from this restaurant, and whether your credit card info may be stored in their data. Small issues can turn into big ones when it comes to strangers having access to your finances.

Scams designed for kids

It seems especially wrong to scam a child, but, unfortunately, it’s been known to happen. Even older kids don’t always understand that a nice person asking them for personal information may have bad intentions, so it’s important to talk to your kids about what kind of info they should share with strangers.

If your child enjoys playing online games where purchases can be made, lock down the accounts as much as possible to avoid being defrauded by another player. Even features like the chatrooms available on many games can be used as avenues to gain personal info, so monitor your kids’ chats (or turn the feature off) to make sure they are not oversharing.

It may seem like identity theft is inevitable—but it doesn’t have to be. You can take steps to ensure the safety of you and those around you by implementing some simple safeguards. Change your passwords often, don’t answer sketchy calls, always double check that your emails are from a legitimate source, and get into the habit of treating your personal information like the invaluable resource it is. Not saving passwords on websites might seem unnecessary now, but the potential of undoing a web of financial fraud makes these extra steps worth it.

Are you high risk for identity theft?

Young adults ages 18-24 are most at risk for identity theft and often targeted by people they know. But, it’s vital to understand and recognize that identity theft can happen to anyone—even you! Identity theft may not seem like a big deal until it happens to you. It can damage your credit report and financial history as a young adult. Knowing this, it’s crucial to safeguard your financial information—but what does that mean? Here are five ways you can keep yourself from being at risk for identity theft:

Don’t leave out credit or debit cards

It’s as simple as it sounds—don’t leave your credit or debit cards lying out, whether you’re at home or in public. For example, you’re at a restaurant and pay for the check. You leave the table for a few minutes to run to the bathroom—in that short period, someone could easily and quickly snap a photo of your credit or debit card and use that information to their advantage. You’d never know, either, until you check your bank account, your account is drained, and there are dozens of unfamiliar charges. An easy way to combat that is by putting your credit or debit card in your wallet as soon as you’re finished using it.

Don’t leave your wallet in an unlocked room or office

You may think your office is one of the safest places to leave your wallet, and that could be the case—but only if your office is locked. Anyone could walk by while you’re gone and grab your wallet that contains sensitive information, from your credit and debit card numbers, driver’s license number, and more. It seems tedious, but if you’re leaving your office, even for just a second, be sure to lock the door if you can. If you can’t, bring your wallet with you.

Safeguard personal documents

Lock up and protect any documents that contain personal information like bank account, Social Security, and personal identification (PIN) numbers. Your best bet is to store them in a safe deposit box at your financial institution or credit union. If you have copies of those documents or want to keep the original documents with you, purchase a fireproof safe for at-home storage. You can purchase a fireproof safe with a locking mechanism for less than $50. Not only does it protect you from identify theft, but it also safeguards those documents in the event of an emergency, like fires or floods. And, be sure to shred receipts, credit card offers, and bank statements at least once per month.

Keep your guard up

Never provide financial information over the phone, via text, or email. One scam on the rise, called spoofing, allows fraudsters to fake the number they’re calling from by making a fake number appear on your caller ID. It can be easy to fall for, as the number could appear to be your bank’s phone number. They may say there’s a charge on your account you need to verify, or you may receive a fake text message. Remember, financial institutions (or any legitimate organization) will never ask for your Social Security number, card number, PIN, CVV, or expiration date.

Monitor your accounts

In addition to protecting your information, it’s necessary to monitor it, too. Checking your bank account or credit card activity often can help you recognize identity theft sooner. If you notice any suspicious activity, it’s a good idea to freeze or lock your debit or credit card so no one can use it, and contact your credit union or financial institution immediately. They can ensure you aren’t penalized for these transactions, help you get your money back, and ensure your card is replaced promptly. You should also periodically check your credit report to ensure no one opened any new accounts in your name. As a Georgia resident, you can request free copies of your credit reports through each of the three credit bureaus for free up to three times per year.

It may seem scary, but protecting yourself from identity theft is a necessary measure in today’s world. Your financial history is crucial in nearly every aspect of your life, and it’s critical to ensure no one gains access to personal information to potentially damage that. By implementing these measures, you’re taking control of your finances and preventing yourself from becoming someone’s next target.

New scam alert: spoofing

A unique type of technology now enables fraudsters to fake the number they are calling from by making a false number appear on your caller ID. It’s extremely effective, because the number displayed appears to be your bank’s correct contact number.

This scam is called number spoofing. Using specialized technology, the number appears on the victim’s caller ID display. The fraudsters may call to say there is a charge you need to verify or you might receive a text saying someone from Georgia’s Own will contact you. If you receive either of these, you need to call our numbers to confirm if we called you or sent you a text.

Here is what you need to know:

• Don’t trust caller ID. Scammers can spoof any number so it looks like they are calling from a particular company, even when they’re not.
• Don’t give personal information. Don’t provide any personal or financial information unless you’ve initiated the call and it’s to a phone number you know is correct. Georgia’s Own would never ask members to verify your full SS#, full card number, card expiration date, CVV or PIN number.
• If you get a robocall, hang up. Don’t press 1 to speak to a live operator or any other key to take your number off the list. If you respond by pressing any number, it will probably just lead to more robocalls.

The best advice to beat the scam is simple – never assume that someone is who they purport to be just because the number displayed on your caller ID matches that of an organization you know. Always be suspicious if you’re asked for your four-digit PIN or full online banking passwords. Same goes for transferring or withdrawing money or giving your card to a courier. Remember, your Credit Union will never ask you to do any of these things.

Fraud alerts: COVID-19 scams to look out for

With so much uncertainty in our world right now, the presence of COVID-19-related fraud and scams is an unfortunate reality. Now, more than ever, it’s important to be vigilant about your protected information and, as your financial institution, we’re committed not only to providing the utmost security for your accounts, but also to increasing awareness around common schemes. We’ll keep an updated list of known scam attempts and tips to stay safe, so check back often to remain in the know. And remember: we will never call you and ask for your account information, social security numbers, or other sensitive material.

The FTC is a great resource for consumers during this time. See below for their recommended best practices and visit their website to learn more.

• Don’t respond to texts, emails, or calls about checks from the government. Here’s what you need to know.
• Ignore online offers for vaccinations. There are no products proven to treat or prevent COVID-19 at this time.
• Be wary of ads for test kits. The FDA recently announced approval for one home test kit, which requires a doctor’s order. However, most test kits being advertised have not been approved by the FDA, and aren’t necessarily accurate.
• Hang up on robocalls. Scammers are using illegal robocalls to pitch everything from low-priced health insurance to work-at-home schemes.
• Watch for emails claiming to be from the CDC or WHO. Use sites like coronavirus.gov and usa.gov/coronavirus to get the latest information. And don’t click on links from sources you don’t know.
• Do your homework when it comes to donations. Never donate in cash, by gift card, or by wiring money.

Be on the lookout for some of these trending scams being reported from the FTC. This blog post is a great way to stay in touch with what other consumers have seen as well.

• The top complaint categories relate to travel and vacations, online shopping, bogus text messages, and all kinds of imposters.
• While reports of robocalls are way down overall, we’re now hearing about callers invoking the COVID-19 pandemic to pretend to be from the government, or making illegal medical or health care pitches, among other topics.
• If you’re getting calls, emails, or texts, or you’re seeing ads or offers online, keep a few things in mind: First, the government will never call out of the blue to ask for money or your personal information (like Social Security, bank account, or credit card numbers). And second, anyone who tells you to pay by Western Union or MoneyGram, or by putting money on a gift card, is a scammer. The government and legit businesses will never tell you to pay that way.
• The big states have, not unexpectedly, the biggest number of reports. You can check out how many people are reporting what in Georgia.

Below are some additional tips from the Department of Justice’s National Center for Disaster Fraud. If you believe you are a victim of a scam or attempted fraud involving COVID-19, you can report it without leaving your home by calling their hotline at 866.720.5721 or via the NCDF Web Complaint Form.

• Be cautious of unsolicited healthcare fraud schemes of testing and treatment through emails, phone calls, or in person.  The U.S. have medical professionals and scientist working hard to find a cure, approved treatment, and vaccine for COVID-19. Learn more about what to avoid
• Be the lookout for an increase in cryptocurrency fraud schemes including but not limited to blackmail attempts, work from home scams, paying for non-existent treatments or equipment, or investment scams. Read more on how to report these scams
• Be wary of unsolicited telephone calls and e-mails from individuals claiming to be IRS and Treasury employees.  Remember, the IRS’s first form of communications is by mail—not by phone. Learn more about fraudulent schemes related to IRS