NerdWallet's Smart Money Podcast - How To Guard Against Cyber Fraud: Essential Steps to Protect Your Identity
Episode Date: April 11, 2024Explore how to protect yourself from identity fraud, understand its emotional toll and learn fraud recovery steps. How can you protect yourself from identity theft and fraud? What steps should you t...ake if you become a victim of financial fraud? Hosts Sean Pyles and Sara Rathner delve into the unsettling world of identity theft and fraud prevention to help listeners safeguard their finances and wellbeing. They begin with a discussion on the various facets of identity theft, with tips and tricks on identifying fraudulent activity, enhancing personal banking security and dealing with the aftermath of having your identity compromised. Then, they discuss the differences between identity fraud and scams, the importance of good cyber hygiene, and the steps to take immediately if your personal information is breached. Sean also speaks with John Breyault, Vice President of Public Policy, Telecommunications and Fraud at the National Consumers League, about the current trends in identity theft and the forms of fraud that are on the rise in 2024. They cover topics such as new account fraud, the impact of zero-day vulnerabilities on personal data security and the necessity for consumers to stay vigilant with software updates and report incidents promptly. They also explore how victims can navigate the process of recovering from fraud, including freezing credit reports, changing passwords, and engaging with financial institutions and law enforcement to document the crime and seek restitution. In their conversation, the Nerds discuss: identity theft, fraud prevention, financial fraud, cyber security, bank account fraud, scams, identity fraud, data breach, zero-day vulnerabilities, credit report freeze, two-factor authentication, artificial intelligence, online banking security, phishing, cyber criminals, emotional impact of fraud, credit card fraud, fraud alerts, financial wellbeing, scam awareness, cyber hygiene, consumer protection, financial predators, cyber theft, financial crime, financial education, cyber vigilance, fraud recovery, financial security, scam prevention, identity protection, personal finance, cyber fraud, bank fraud, fraud detection, identity theft awareness, and fraud restitution. To send the Nerds your money questions, call or text the Nerd hotline at 901-730-6373 or email podcast@nerdwallet.com. Like what you hear? Please leave us a review and tell a friend.
Transcript
Discussion (0)
So there you are just going along with your life, running errands, finishing work projects,
walking the dog, making lunch, paying bills.
And then you realize something is very, very wrong.
Someone has gotten into your accounts and stolen your money.
August 28th was a normal day.
Like I took my cat to the vet, went and got groceries.
That morning, I checked my online banking just to make sure I had enough
money to do everything. It just seemed like a normal day. And then everything changed that
evening when I got that email. Welcome to NerdWallet's Smart Money Podcast. I'm Sean Piles.
And I'm Sarah Raffner. We're back with our nerdy deep dive into identity theft,
fraud, and scams, and their potentially devastating effects on your finances if you become a victim.
As we said last episode, and we'll continue to reiterate over and over, these crimes do not discriminate.
Absolutely anyone can find themselves in deep water with their money situation because these financial criminals have so very many tools and options at their disposal.
Yeah. And Sean, I think we also want to repeat the message that this doesn't just happen to you because you're ignorant or careless. It happens because as our guest last week said,
we have to be 100% right all the time. We have to be watching our accounts and changing our
passwords, realizing we're talking to someone who's pretending to be from a bank, etc, etc.
And the criminal only has to be right a bank, et cetera, et cetera.
And the criminal only has to be right once to get what they're after.
So if they catch you in a moment
where you're tired or hangry, they might just do that.
Mm-hmm.
So the last thing that you should feel
is embarrassed or ashamed
if you do become a victim of ID theft or a scam.
Angry and upset, yes.
Ashamed, no.
The more we all talk about it, the more educated we become,
and the harder we make it for the thieves and scammers.
Yes. Let's take our power back.
Yes.
So last week, we talked about identity theft,
how it happens, what to be on the lookout for,
and how to protect yourself as much as possible.
Today, we're going to look at the next step in that process,
which is the identity fraud that happens after the theft.
It's the credit card opened in your name.
It's the tax return that isn't really yours.
It's the healthcare account that also isn't yours.
That gets the thief medical care on your dime.
Listener, we're going to help you understand what it looks like,
how to avoid it, and what to do if it happens to you.
All right.
Well, we want to hear what you think too, listeners. Tell us your stories of identity theft or share how you're working to avoid it and what to do if it happens to you. All right, well, we want to hear what you think too, listeners.
Tell us your stories of identity theft
or share how you're working to fight it or recover from it.
Leave us a voicemail or text the Nerd Hotline at 901-730-6373.
That's 901-730-NERD.
Or email a voice memo to podcast at nerdwallet.com.
So Sean, where do we start today?
Well, we're do we start today?
Well, we're going to start today with a real world tale of identity fraud.
We're hearing from Charlene McNeil, a mom from Alberta, Canada.
She's got a story about what happened when someone was able to get into her account at BMO Bank, a subsidiary of the Bank of Montreal.
Then after Charlene, we're going to talk with an expert in ID fraud
who's seen it all in his capacity at the National Consumers Union.
Charlene McNeil, welcome to Smart Money.
Hello, thanks for having me.
Charlene, you experienced a form of bank account fraud.
When did you first realize that something was wrong?
On August 28th, I had just put my kids to bed and I got an email pop up on my cell phone saying that I had a credit limit
alert from BMO and it told me that I had $33 left in my account. And so that was an indication that
you didn't have sufficient funds or maybe your credit was run up. What were you thinking when
you first saw that? I panicked when I saw the $33. it just didn't make sense. So I immediately went on to my online
banking and noticed that my line of credit was maxed to the $15,000 mark. And what steps did
you take once you realized that something was very wrong with your account? I immediately called
BMO and just told them what the email that I got. And she told me that she would cancel my card right away and my account
and to go to the branch immediately the next day to file a report of what had happened.
So the next day, did you go in and talk with them about that?
Yeah, I went in the next morning and I told her what had happened. And she had told me that there
was a text message that was sent to me,
like a one-time passcode. And I tried to think back to the day before, because I do get text
messages or calls from scammers sometimes. But that summer, I felt like I had gotten quite a few,
but I just kind of always ignored them. So I didn't really think much of it. And then when
she was looking at my account, she asked me if I knew the company Wise, because she noticed that's where the money had been sent. And I googled Wise right away because I didn't know what she was talking about. And when I googled it, it said international money sending. So she was like, oh, that's a red flag. Like, that's crazy. And she kind of made me feel like we should be able to get the money back, that she would
fill up this report and send it off and it should be okay. What had happened was they took my line
of credit money, transferred it to my checking account, and they set up a bill payment to the
company-wise. And then they sent out the money that way through a bill payment.
So a slightly convoluted way to get the money that you have in your line of credit over to them, essentially. Yes, exactly. And so it seems like things are maybe going okay.
This was a frustrating experience, but you thought you were going to be able to get your money back.
Yeah, like I went back to work and I felt like relief, like, okay, that's done. It should be
fine. But that's not what ended up happening. No. Two days later, the teller that had helped me,
she called me and started the conversation with, I have some very unfortunate news.
They will not refund that money to your line of credit. And my heart fell because I was just like,
what do you mean? And this was $15,000. They said they weren't going to refund.
I had a balance on there before. So really, they just took whatever I had left in my line of credit and sent it out.
So it was like $9,700.
And what reason did they give you for why you wouldn't be able to get this money back?
They had told me that they tried reaching out to Wise, but the money had already been
transferred.
So whoever the bill was made out to through the company, they had the money and that's it.
They couldn't get the money back.
But she did say, if you want, we could escalate this and see if there's something else that they could do.
Because there have to be some kind of protections.
This was an instance of fraud.
You didn't authorize this transfer of money.
No, but as this continued on, they kept saying that I had gotten this one time passcode sent to me August 28th at like 4.20 p.m.
But like, I don't recall entering this six digit code that they're telling me that I entered.
But from their records, it shows I entered the code and that it was all good.
Where it's also possible that someone could have somehow gained access to your phone number
or gotten that code themselves, correct?
That's what I'm trying to explain to them.
Like, I just know that I didn't enter this code.
So did you end up escalating this then?
I did.
I escalated it three times.
And then I finally got a final response just saying that it's really unfortunate,
but we can't get that money back. And they just kept telling me it's the one-time passcode. And
that's the reason why the money was sent out that I pretty much authorized it to be sent out.
I'm really sorry to hear that. Do you know how the people were able to get into your account?
I don't know. I just have a lot of people just giving me different ideas of how maybe it could have
happened.
Like I had a conference in Vegas at the beginning of August and it was on the news that Vegas
was having issues with scammers.
Was it an issue with people getting on public Wi-Fi and logging into their bank accounts?
That or people also told me that maybe somebody walked by my purse and scanned my purse. But people have told me that thinking it's because
of the Wi-Fi. So I'm wondering, Charlene, how has this experience made you feel about the safety of
your money? Have you thought about switching banks, anything like that? I'm very nervous
because it just it blows my mind to think that somebody can get on
to your online banking and then move money like that without a signature or maybe a voice
recognition or something. I shut down my line of credit now and I'm kind of waiting to hear
what's going to happen, but I am really considering moving banks. I wish this almost
happened on a credit card because I feel like credit card companies
have your back more than the bank.
Yeah, your story brings me back to a theme,
which is that fraud, scams,
anyone can experience these things.
And it's not like you followed a typical playbook
of seeing a text message come through on your phone
or clicking a link in email
and entering your login credentials. You don't know how someone got your information. It just
exemplifies that you could be doing everything right and somehow people could still get your
information and still get into your bank. Yeah, exactly. August 28th was a normal day.
Like I took my cat to the vet, went and got groceries.
That morning, I checked my online banking just to make sure I had enough money to do everything.
It just seemed like a normal day.
And then everything changed that evening when I got that email.
What do you think your next steps will be?
I'm not very hopeful, to be honest.
It's something that I just kind of have to accept.
And I mean, I've done better the last couple months, but like in the beginning, it was very difficult. I lost lots of sleep,
missed some work. It was very stressful. And you kind of feel like you're the one that did
something wrong. Well, I'm sorry that you experienced this. I'm wondering if there's
anything that you would like listeners to keep in mind as they try to protect themselves and
their finances online? Yeah, I mean, it's so important to be checking your banking probably
daily just to make sure everything is going as you think. Be very careful, I guess, on public
Wi-Fi. I was actually just on a trip with my family to Mexico and like so many people use public Wi-Fi. And I did in Vegas just to like
load my boarding passes. I did not check my online banking. I know a lot of people when they hear me
say that I was on public Wi-Fi in Vegas. I did not check my online banking, but I was on public Wi-Fi.
And I guess people can be sitting in that room and gaining all of your information.
So I don't know. I don't want people
to be paranoid, but I kind of feel paranoid. It might not be a bad idea in the year 2024 when
if you're on a public Wi-Fi network, someone who's also on that can get into your device very easily.
That's the truth of where we are right now. Yes. And I heard once they're in, then they can be
in there for a while. If I would have
checked my online banking a day or two later, they could have seen me enter my codes. Yeah,
it's very invasive. Well, Charlene, thank you for sharing your story with us today.
Well, thank you for hearing me.
Oh, Sean, this just makes me so sad and angry that anybody has to deal with this because it's just not fair. It's not a fair fight against these really savvy identity thieves. how these criminals got into her account. Again, it just shows that this kind of fraud can happen to anyone.
But as tempting as it might be
to just throw up your hands and yell,
I give up, that just feeds the beast
and doesn't do us any good.
Well, I'm looking forward to some advice
on how to avoid all of this
and anything that we could do
to keep it from happening to us,
to me, to my loved ones,
and of course, to our listeners?
Well, our next guest will walk us through some of what happens when you're the victim of identity
fraud and give advice on how to avoid it and recover from it if it does happen to you.
John Breo is Vice President of Public Policy Telecommunications and Fraud
at the National Consumers League. That's coming up. Stay with us.
John, thanks so much for joining us on Smart Money.
Hey, thanks for having me on the show. I really appreciate it.
So last week, we spent some time explaining identity theft and the various ways that bad actors can steal our IDs from us. And today we're going to explore what they do with all
that information once they've got it. So I'd like to start by asking you to explain maybe the difference between ID fraud and scams. We're going to talk about
scams in our next episode, but what differentiates the two? Both scams and ID theft, we call fraud,
right? It's a crime where it involves typically a scammer trying to acquire information or funds that they can use
for their own purposes. So identity fraud is definitely a subset of fraud overall, but it is
certainly one of the biggest subsets. So we know that, for example, the Federal Trade Commission
every year puts out their Consumer Sentinel data book.
It's a compilation of millions of fraud complaints that they get from agencies and
organizations like mine all over the country.
And in 2022, which is their most recent data, they received 5.2 million fraud reports.
And the number one category that they heard about was identity theft.
And so clearly this continues to be a major
problem that the biggest enforcement agency out there is hearing about. Definitely identity theft
is one of the biggest types of fraud and one I think we continue to see consumers of every age
level, every education level, every demographic be victimized by. And when you think about specific ways that ID fraud and scams can manifest,
what makes them distinct? I think what makes each scam distinct is often, number one, what is the
sort of entry point for the scammer? Is it one where they have to interact with the victim,
say by sending them a link that the consumer clicks on and then provides the data
to the identity thief or the scammer that's then used to commit fraud? Or is this something where
the scammers can commit identity fraud really with no interaction with the victim at all?
We know, for example, that due to data breaches, it's practically limitless information about almost every American out
there on criminal forums on the dark web that can be used to basically commit identity theft
as a service. With a few hundred dollars or in Bitcoin, you too can hire an identity thief to
do things like start bogus credit card accounts in your name or try and get health care benefits
or unemployment insurance. These are all very common types of identity theft that's out there
and that doesn't require any of us to do anything. So you touched on this a little bit, but John,
can you give us a sense of what you're seeing out there right now? What are some of the most
prevalent forms of identity fraud in 2024?
Yeah, I would say some of the fastest growing types of identity theft is new account fraud.
It's not necessarily a new type of identity theft.
We've seen scammers using information to create new credit card accounts for decades at this point.
But certainly it is returning to its previous position
as one of the top types of identity fraud.
And it's happening because the resources
that identity thieves were devoting
to government benefits fraud is going down.
As those pandemic relief programs start to wind down,
there's less money for the identity thieves to steal.
And so they've gone back to some of the tried and true
types of identity fraud. Is there anything that's relatively new that consumers should know about
that maybe they haven't really heard about? What we have seen over the past year has been a
staggering increase in the number of data breaches attributable to what are called zero-day
vulnerabilities. And if you've never heard of a zero-day vulnerability, that's okay. Basically what it means is it's a vulnerability
that nobody else has identified. Think of it as having a key to a vault that nobody else has.
And until the people who own that vault figure out that you have that key, they have no reason
to try and solve the problem or change the lock. So this could be something like
a weakness in our phones operating systems that allows a bad actor to get into our phones.
Yes, exactly. It's operating systems like Windows. It is browsers that can be hacked. It could be
Microsoft Office. Really, you know, any software program can have a zero day vulnerability. And so what's
concerning to us is just the increase in breaches that were attributable to zero days. It's gone up,
I believe, the number that the ITRC cited was by more than 100% over the past 12 months.
Do we know why this might be? Is it that software developers are maybe pushing out code a bit faster
than they should and they aren't combing through her vulnerabilities? Or is it that hackers are
really zeroing in on these vulnerabilities and trying to exploit them? Well, I think that's the
$64,000 question. As they say, we have theories on how that is. One of the more worrying ones
is that the scammers have learned how to automate their search for zero-day vulnerabilities using
artificial intelligence. And if they're able to search for these zero days at scale, a very low
cost, that is scary because I think AI has revolutionized so many other facets of our
economy and businesses and government over the past several years, it definitely has the
potential to do the same thing when it comes to fraud. I think many of us who work on fraud and
identity theft on a daily basis, we are thinking of the potential of this as the same kind of
potential for supercharging fraud and scams that we saw when the internet sort of became a technology
that everybody was using. That's the kind of scale
of the threat that's out there. And so when people get notifications on their phone saying,
oh, you have a new software update to patch a security vulnerability, this might be something
that is being addressed, correct? And it's important for people to actually update their
phones regularly so that they are having the most secure software possible? Yes. So the cyber hygiene is definitely one of the lowest cost and easiest ways for consumers
to reduce their risk of falling victim to identity fraud.
Because once they are detected, the operating systems and browser makers are usually pretty
quick to plug the hole.
But that is often dependent on consumers paying attention to those little pop-up boxes that say, do you want to update your browser? Do you want to update Windows? And
actually taking action. Definitely don't wait to update. Make sure you do that because it really
is one of the easiest ways to reduce your risk. So, John, walk us through some of the ways that
listeners can protect themselves from identity fraud. We heard last week about protection from
identity theft. So let's assume that the theft has already happened and now we have to react to prevent
the fraud. What are some first steps here? Well, number one, I would say act quickly.
We know that identity theft is a crime that often relies on consumers doing nothing. If you
know that your information has been compromised, take steps to reduce your risk.
For many people, that's going to start with freezing their credit report.
All of the major credit reporting bureaus offer consumers the ability to freeze credit.
Number two, I would say try and limit the damage to the extent you can. For example, particularly if your primary email address has been compromised, that can be the entry point for scammers to take over lots of other accounts, your bank accounts, your social media accounts.
So definitely change the password on your primary email account right away and turn on two-factor authentication as well to add an additional layer that the scammers have to get through.
They're going to try and use that entry point. I would do the same for any financial accounts that you may
have linked to that email account. In addition, call the banks and let them know what's going on
so that they can place fraud alerts on your accounts. And then finally, make sure and get
a police report. Identity theft is a crime in all 50 states, but consumers,
I think particularly if you start to see activity related to identity theft, having that report
is often documentation that will be needed to get the kind of help from not just law enforcement,
but also from banks and other entities that you will need. I think, unfortunately, we know that local police
departments aren't always super excited to create those reports. So you may have to be persistent
to do that. But definitely local police departments is the place I would start and then
work your way up to the Attorney General and ultimately the Federal Trade Commission.
Related to what you were just discussing, let's go a step further. So let's say someone took your information and then fraud
happened before you could get to it. Who should you really go to for help? Let's talk about
reporting it and starting to deal with the fallout of fraud. Yeah, once fraud has occurred,
typically you still have rights. For example, an identity thief created a credit card in your name and started running a bunch of charges.
You aren't liable for that, but you're going to need to take steps like have that identity theft affidavit,
a police report ready to show to creditors who may wonder why you have been paying your credit card bill that you just opened a few weeks ago. So definitely, I would say, you know, getting those reports is going to be
one key piece of information to have. Also, call and talk to the entities who the identity thief
is using in your name. Let them know who you are, what's been going on, and see what you can do to
address the fraud. Most of us don't spend all day every day recovering
from identity theft, but most of the financial institutions do have people who are devoted to
helping you through that journey. But you got to keep records of that. Grab a notebook, create a
little Word document on your computer and start logging every communication that you have with
those entities so that you can create a paper trail,
because you can't just depend on them to know where you are in the process and to ensure
that in one place, they're going to quickly try and use that information to commit identity theft
in other places as well. Earlier in this episode, I spoke with a woman who experienced a form of
bank fraud. A fraudster got access to her line of credit, and her bank didn't offer much in the way of resolving the issue. She didn't get her money back. And I've heard other similar stories before. What sort of recourse do people in that situation have to try to recoup their losses? one who is actually hitting send on the money transfer, whether it's through a payment app or
through a wire transfer from your bank, then you have protections under federal law as well as many
state laws. So I think it's important that if in a case like that, where it sounds like the scammer
kind of got in because they were able to hack this woman's credentials, that she should have rights.
Certainly if the bank seems unwilling to work with her, I would say your next stop should be
the state attorney general, as well as groups like the Identity Theft Resource Center,
which have great resources and help coach victims through recovering from these identity theft
schemes. Yeah. And your advice just there brings up the idea of jurisdiction. The woman that I spoke with,
it was based in Canada, where they have different rules and regulations than we do in the US. So
I think it's important for anyone to be familiar with what laws protect them,
where they're living, whether it's in a different country or a specific state.
Yeah, absolutely. And I would say a great place to start
that journey of learning what your rights are
and what laws may apply is the FTC has a great website
at identitytheft.gov, where you can start
to go through their checklist and create an identity theft
recovery plan.
Well, one final question.
I'm asking this of all the experts
that we're talking with for this series, so I'll ask you to have you ever fallen victim to a scam or identity theft or fraud? I took to Jamaica on vacation where I was in a bar, which probably tells you the first thing
that I wasn't thinking very clearly, but one of the locals came up to me and said, Hey, if you give
me $20, I can get you cheaper drinks at the bar. And I said, great. And so I gave him the $20 and
he turned around, bought some beers for him and him and his friends and just ignored me. And I
wasn't about to start a fight with a bunch of guys in a bar in Jamaica.
So I just said, okay, lesson learned.
Don't always take what people say to you at face value
and listen to your gut before you hand over your money.
Unfortunately, in this country,
we have, when it comes to identity theft
and being a victim of fraud,
we often have this tendency to blame the victim.
And there's a real stigma attached
to being a victim. And there's a real stigma attached to being
a victim of fraud. And we often use terms like you fell for a scam, or people say,
I can't believe I was so stupid. Or we use terms like pig butchering scams, which suggest that
somehow the victim is the one who's culpable. I think that that is wrong. If I could have one additional
message for listeners of this podcast, it's show a little compassion the next time somebody tells
you their fraud story and recognize that these are people who are victims of organized, multinational,
very savvy criminals and help them work through sort of this crime they've been a victim of
and encourage them to report it.
Well, John, thank you again for talking with us.
I appreciate it, Sean.
Sarah, one thing that I really want listeners to remember is that the cost of experiencing
identity fraud can go well beyond the money loss, which of course can be significant.
People who are victimized in this way often suffer mental health consequences.
Many feel ashamed or likely brought this upon themselves. So like John said, if you've experienced
a loss like this, get help. Yes, contact the FTC and your local police, but also think about
talking with a loved one or a therapist who can help you process your emotions around this.
Yeah, know that you are not alone.
You probably know people who have gone through something like this
and you could commiserate with each other.
The important thing is to receive nonjudgmental help
from people who are on your side
and will help you wrap your head around everything that's happened to you.
And you can come out the other side stronger
and more determined to protect yourself in the future.
Okay, Sean, tell us what's coming up in episode three of this series.
I assume there are more horrors on the way.
Unfortunately, yes.
Next week, we're going to walk into the lion's den of the scammiest people on earth.
Imposter scams, romance scams, phishing, vishing, all in the name of parting you from your money.
That's what these scammers try to do.
They try to rush you into making a decision by telling you something's urgent or an emergency,
like the family emergency scam, where they'll say, oh, this is your grandchild and I'm overseas
and I need you to wire money fast because I'm in jail or in the hospital.
Yikes.
Well, for now, at least, that's all we have for this episode.
Do you have a money question of your own?
Turn to the nerds and call or text us your questions at 901-730-6373.
That's 901-730-NERD.
You could also email us at podcast at nerdwallet.com.
Also, visit nerdwallet.com slash podcast for more info on this episode.
And remember to follow, rate, and review us wherever you're getting this podcast.
This episode was produced by Tess Vigeland.
I helped with editing.
Kevin Barry helped with fact checking.
Sarah Brink mixed our audio.
And here's our brief disclaimer.
We're not financial or investment advisors.
This nerdy info is provided for general educational and entertainment purposes
and may not apply to your specific circumstances.
And with that said, until next time,
turn to the nerds.