person holding a cell phone

Security Tips

Technology Topic of the Month


Scammers use email or text messages to trick you into giving them your personal and financial information. But there are several ways to protect yourself.


Scammers use email or text messages to try to steal your passwords, account numbers, or Social Security Numbers. If they get that information, they could get access to your email, bank, or other accounts. Or they could sell your information to other scammers. Scammers launch thousands of phishing attacks like these every day- and they're often successful.

Scammers often update their tactics to keep up with the latest news or trends, but here are some common tactics used in phishing emails or text messages:

Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. You might get an unexpected email or text message that looks like it's from a company you know or trust, like a bank or a credit card or utility company. Or maybe it's from an online payment website or app. The message could be from a scammer, who might

  • say they've noticed some suspicious activity or log-in attempts- they haven't
  • claim there's a problem with your payment information- there isn't
  • say you need to confirm some personal or financial information- you don't
  • include an invoice you don't recognize- it's fake
  • want you to click on a link to make a payment- but the link has malware
  • say you're eligible to register for a government refund- it's a scam
  • offer a coupon for free stuff- it's not real
Here are some signs that an email is a scam, even though it looks like it comes from a company you know- and even uses the company's logo in the header:

  • The email has a generic greeting
  • The email says your account is on hold because of a billing problem.
  • The email invites you to click on a link to update your payment details.
While real companies might communicate with you by email, legitimate companies won't email or text with a link to update your payment information. Phishing emails can often have real consequences for people who give scammers their information, including identity theft. And they might harm the reputation of the companies they're spoofing.


Four Ways to Protect Yourself From  Phishing

1. Protect your computer by using security software to update automatically so it will deal with any new security threats.

2. Protect your cell phone by setting software to update automatically. These updates could give you critical protection against security threats.

3. Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication. The extra credentials you need to log in to your account fall into three categories:

  • something you know- like a passcode, a PIN, or the answer to a security question.
  • something you have- like a one-time verification passcode you get by text, email or from an authentication app; or a security key
Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.

4. Protect your data by backing it up. Back up your data on your computer to an external hard drive or in the cloud. Back up the data on your phone, too.


If you get an email or a text message that asks you to click on the link or open an attachment, answer this question:

Do I have an account with the company or know the person who contacted me?

If the answer is "No", it could be a phishing scam. Go back and review the advice in HOW TO RECOGNIZE PHISHING and look for signs of a phishing scam.

If the answer is "Yes", contact the company using a phone number or website you know is real- not the information in the email. Attachments and links might install harmful malware.
Fake checks drive many types of scams- like those involving phony prize wins, fake jobs, mystery shoppers, online classified ad sales, and others. In a fake check scam, a person you don't know asks you to deposit a check-sometimes for several thousand dollars and usually for more than what you are owed- and wire some of the money back to that person. The scammers always have a good story to explain the overpayment- they're stuck out of the country, they need you to cover taxes or fees, you need to buy supplies, or something else. But by the time your bank discovers you've deposited a bad check, the scammer already has the money you sent, and you're stuck paying the rest of the check back to the bank.

The Federal Trade Commission receives tens of thousands of reports each year about fake checks. Over the last three years, the number of complaints has steadily increased, and so have the dollars lost.

The FTC's new info graphic developed with the American Bankers Association Foundation, offers some tip-offs to rip-offs and what to do if you get a check from someone you don't know.

Please share this information with others. Victims may be embarrassed to talk about their experiences, but you can help. A simple phone call, email or text, saying "Look what I just found" and sharing this information may make a difference in someone else's life.
Here are the most common Zelle scams to watch out for:

1. Money Mule Scams

Work from home job scams- that turn distressed job seekers into unsuspecting money mules- are nothing new. These job scams usually unfold this way:
  • The candidate applies for a "lucrative work-from home job" online
  • A "hiring manager" reaches out, usually via Messenger, Telegram, Skype, or a text message
  • The "hiring manager" extends an offer to the candidate, but there's a catch.. The candidate is asked to front money or deposit a check, usually in the guise of purchasing work equipment.
  • It always ends the same way- with the candidates still out of work, and no means to get their stolen money back.
Here's what to do:

  • Be wary of any job for which the entire interview process takes place through text messages. Legitimate jobs usually require at least one phone call or in-person interview.
  • Legitimate jobs don't require you to pay for your own equipment.
  • Never give your Zelle account information- including your phone number or email- to unknown individuals.
2. Zelle transfers to "yourself"

Here's what to do:

  • If you suspect you're on the phone with a scammer, hang up.
  • Never share your bank or Zelle account authentication codes with anyone.
  • Don't send money to yourself via Zelle to "reverse unauthorized payments"
Account upgrade scam

  • Spoofing is a type of phishing scam in which the scammer is deliberately impersonating a company and/or installing malicious software at the same time.
Here's what to do:

  • Know that Zelle will never solicit money via emails or phone calls.
  • Verify that the sender's email address is from an official domain.
  • Look for signs of phishing- questionable grammar and a tone of forced urgency are some tip-offs.
4. Bank impersonators

Smishing is a form of phishing in which scammers send text messages purporting to be from reputable companies, usually banks.

The tactics that scammers use in smishing scams closely resemble phishing or spoofing schemes. Most smishing text messages claim to either flag a "suspicious login" or a "suspicious purchase".

If you respond or click on a link in the text, you will most likely receive a call from a bank representative impersonator.

5. Account takeovers

Account takeover fraud (ATO) is exactly what it sounds like- a scammer gets access to your Zelle account, changes the password, and locks you out.

  • Account takeovers usually unfold the same way as phishing, spoofing or smishing scams wherein the victim clicks on a phony login link.
  • This gives the scammer access to your accounts.
  • Then, they change your password and other account details to lock you out of your account.
  • Since the locked-out account is still connected to your bank account, you'll be the one footing the bill for the scammer's spending spree.
Here's what to do:

  • Only enter your Zelle login credentials on the official Zelle app or website.
  • Send a $1.00 transfer to confirm that you've reached the intended recipient prior to making larger transfers.
6. Zelle scammers on Facebook Marketplace

  • In this scam, the alleged buyer responds to a listing on Facebook Marketplace asking if the item is still available. This usually happens within a couple of hours after the listing goes up. The scammer often pretends to be a senior citizen who isn't very tech-savvy.
  • They ask for your phone number or email address to send you the money on Zelle.
  • You may then receive a phishing email from Zelle lookalike domain, "" is an example.
  • These emails typically prompt you to pay to upgrade to a Zelle business account. You may even be asked to pay via link in the phishing email.
Here's what to do:

  • Ask for the recipient's Zelle email address- not a phone number. Spotting typos in email addresses is easier (and more obvious) than identifying incorrect digits in a phone number.
  • Remember that you don't need a Zelle business account to make and accept payments on Zelle.
  • Don't use Zelle for commercial transactions.
7. Refund and recovery scams

If someone bilked you, scammers know you will be desperate to get your money back. Refund and recovery scams take advantage of your already vulnerable state by charging for bogus services.

  • You may receive a call out of the blue flagging a fraudulent transaction from your bank account.
  • The caller purports to be from your bank and even offers evidence such as a seemingly legitimate caller ID.
  • They then walk you through an elaborate, fake Zelle refund process. You inadvertently end up paying the scammer to reclaim funds you never lost in the first place.
Here's what to do:

  • If you're not convinced you're speaking to a bank representative, hang up and call the official number on your bank's website.
  • Be wary if anyone demands upfront payment to "recover" your lost funds on account access.
8. Craigslist scams

Over payment and rental scams may be the two most common scams on Craigslist.

  • If rental scams pressure you into paying advances for a listing that's too good to be true, overpayment scams operate differently.
  • An "interested" buyer may contact you about the item you're selling on Craigslist.
  • When the buyer pays you with a certified or cashier's check, you notice it exceeds the sale price.
  • They then urge you to deposit the check and wire the overpaid amount.
  • By the time the bank flags the counterfeit check, you've lost the sale item and the overpaid amount.
Here's what to do:

  • Look up the bank account address, and phone number for the bank name displayed on any check you receive. Call the bank's official phone number- not the one listed on the check- to confirm.
  • Turn down checks made out to an amount larger than what you discussed. If the buyer insists that you return any over payments using apps like Zelle, it's a scam.
Why are these Scams on the Rise?

Zelle has quickly become the most popular peer-to-peer payment app, its popularity alone would be enough to make it a prime target for scammers. However, there are a few specific reasons why fraudsters target Zelle specifically.

Zelle transfers are near-instant and irreversible.

  • If the person you're sending money to is also a Zelle user, the payment can't be canceled.
  • Zelle- like Venmo or Cash App- was designed to transfer money between family and friends, not unknown users. This is why Zelle uses the Automated Clearing House payments system to expedite transactions.
Zelle connects directly to your bank account or debit card

  • Unlike its competitors, Zelle is owned by Early Warning Services- a fintech company run by seven of the largest banks in the United States.
  • Money transfers require little more than tapping on the Zelle integration on participating bank's mobile app.
  • If your bank doesn't integrate with Zelle, the standalone Zelle app will initiate transfers as long as you connect Visa or Mastercard debit card.
How to Avoid Cryptocurrency Scams!
Scammers are always finding new ways to steal your money using cryptocurrency. To steer clear of a crypto con, here are some things to know.

  • ONLY SCAMMERS DEMAND PAYMENT IN CRYPTOCURRENCY. No legitimate business is going to demand you send cryptocurrency in advance- not to buy something, and not to protect your money. That's always a scam.
  • ONLY SCAMMERS WILL GUARANTEE PROFITS OR BIG RETURNS. Don't trust people who promise you can quickly and easily make money in the crypto markets.
  • NEVER MIX ONLINE DATING AND INVESTMENT ADVICE. If you meet someone on a dating site or app, and they want to show you how to invest in crypto, or asks you to send them crypto, that's a scam.
Spot Crypto-Related Scams
Here are some common investment scams, and how to spot them.

  • A so-called "investment manager" contacts you out of the blue. They promise to grow your money- but only if you buy cryptocurrency and transfer it into their online account. The investment website they steer you to looks real, but it's a fake, and so are their promises. If you log in to your "investment account", you won't be able to withdraw your money at all, or only if you pay high fees.
  • An online "love interest" wants you to send money or cryptocurrency to help you invest. That's a scam. As soon as someone you meet on a dating app asks you for money, or offers you investment advice advice, know this: that's a scammer. The advice and offers to help you invest in cryptocurrency are nothing but scams. If you send them crypto, or money of any kind, it'll be gone, and you typically won't get it back.
  • Scammers guarantee that you'll make money or promise big payouts with guaranteed returns. Nobody can make those guarantees. Much less in a short time. And there's nothing "low risk" about cryptocurrency investments. So: if a company or person promises you'll make a profit, that's a scam. Even if there's a celebrity endorsement or testimonials from happy investors. Those are easily faked.
  • Scammers promise free money. They'll promise free cash or cryptocurrency, but free money promises are always fake.
  • Scammers make big claims without details or explanations. No matter what the investment, find out how it works and ask questions about where your money is going. Honest investment managers or advisors want to share that information and will back it up with details. 

Technology Topic of the Month

Account Takeover

What is Account Takeover

Account Takeover (ATO) fraud involves a criminal gaining unauthorized access to a user's account and using it for some type of personal gain.

What is Account Takeover Fraud?

Account takeover fraud can involve any type of online account, social media, and online banking accounts. Commonly targeted accounts are those from which a criminal can steal money. For example, a hacker might gain access to an online banking account and send funds to their own account. A fraudster could take over a social media account and invent a reason to request money from family and friends of the victim.

Difference Between Account Takeover and Identity Theft

With account takeover, the fraudster is using an existing account, whereas in identity theft, they would open up a new account while posing as the victim.

How Do Criminals Get Credentials In the First Place?

Data Breaches

A data breach is when a list of usernames (and potentially accompanying passwords) is leaked. These lists go on sale on the black market, meaning any number of criminals could be using them at the same time.

If a username and password for one account is known, hackers can use automated systems to try the same combination on a list of popular online platforms. This is referred to as credential stuffing, and is the reason it's so important to use a different password for every account.

Phishing Scams

These attacks may occur via email, over the phone, or via text message. The fraudster is trying to get you to hand over your login information. A phishing email might pose as a customer support message that persuades you to click a link to a phishing site (a fake website designed to phish for information). Here, you are prompted to enter your login information, which is then stolen by criminals.

Phone Scams

An example of an account takeover scam initiated over the phone is an iteration of the tech support scheme.

For example, the criminal poses as a Microsoft representative and persuades you that your computer has a virus and needs to be fixed. You hand over remote access to your device, and the criminal can access any accounts you have credentials stored for. They may purport to be "testing" accounts and access them in plain sight, or they could remote access to install spyware.


Specific types of malware downloaded onto your device from malicious email links or attachments could expose your credentials. Some spyware takes regular images of your computer sessions, while key loggers record every keystroke, exposing your usernames and passwords.

Hacking Over Unsecured Wife

Many people think nothing of logging in to free Wi-Fi while at a cafe', mall, hotel, or airport. But these networks are often unsecured and represent a great opportunity for hackers to steal your information. A common attack over these networks is a man in the middle attack in which the hacker intercepts the contents of your internet traffic.

What are Attackers Trying To Do?

Here are some of the different things that criminals can get up to once they have access:

  • Credit Card Fraud- Credit Card details for use in credit card fraud.
  • Merchant Account Fraud- With access to bank account, an attacker can transfer funds to another account, among other things.
  • Re-sell credentials: Username and password combinations may be posted for sale on the black market.
  • Take out loans: Access to financial accounts can be used to take out loans and even mortgages in the victim's name.
  • Monetary requests: By taking over a victim's social media account, the attacker can pose as the victim and make requests to family and friends for money.

* Once a criminal has access to an account, they usually very quickly try to lock the real user out by changing the password, recovery email, two-factor authentication settings, and security questions and logging out of other devices.


Proudly serving North Texas for over 130 years.