Common Fraud Schemes

Phishing, SMiShing and vishing make up over 90% of financial cyber fraud incidents.

All three aim to do the following:

  • Social Engineering: On social networks and websites, fraudsters posing as your friends and colleagues can fool you into revealing your personal information. Because social engineering attacks look legitimate, they can be difficult to detect
  • Identity Theft: The fraudulent acquisition and use of someone else’s personal information, such as name, address, Social Security numbers, driver’s license number, bank account number, PIN number, Online Banking password, etc., usually for financial gain. All three of these schemes get you to divulge this type of personal information.
  • Malware: A combination of the terms “malicious” and “software, “ used to describe any software designed to cause damage to a single computer, server, or computer network. Criminals sometimes use malware – programs like viruses and spyware – to get into your computer, and once there, they can steal information, send spam and commit fraud. Learn to spot the signs of malware and what you can do to reclaim your computer and your electronic information. 
  • Phone numbers, emails and links to websites can look legitimate and can resemble those from your trusted sources when in fact, they are scams.
  • These messages compel you to react quickly and lead you to believe that if you do not react quickly, you will face consequences.
  • Phishing and SMiShing: Work through legitimate looking emails or text messages. They count on you to click on links or phone numbers embedded within fraudulent messages. Phone numbers are often linked to automated voice response systems. Many SMiShing messages come from an “800” number, but, often times the fraudsters may spoof the 800# of a financial institution and these messages are sent via email.
  • Vishing: is the deceptive practice cybercriminals call to gain access to your personal information or money. People can also use this information to pretend to be you and open new lines of credit. Vishers use social engineering tactics to gather information through a variety of strategies, including impersonation, scare tactics and emotional manipulation.
  • Sometimes fraudsters will first bait you with a friendly call, text or email to engage you and then follow up with phishing or SmiShing.

Here is an example of a Vishing attempt:

Caller: “Hello, this is officer John Doe. I am a state trooper. May I speak to Jane? Your sister has been in an accident. She has a broken nose and other minor injuries but the driver of the other vehicle has died. Your sister gave me your phone number as someone who can post her bond. I can take a credit card payment over the phone.”

Many victims get emotionally manipulated and start reacting without thinking. That’s exactly what the fraudster wants. There is nothing in that call that you can’t find about almost anyone just by skimming through public information available on the Internet.

Be calm. Be cautious and ask questions:

  • Don’t ever share or verify your IDs, PINs, Passwords, Date of Birth, SS#, credit or debit card numbers or other personal, identifiable information over the phone or in email or text messages.
  • Ask for the full name of any unexpected callers and ask them to spell their full name.
  • Ask them for their ID/Badge number, their supervisor’s name and the address of the location they are calling from.
  • Request to give them a call back or put them on hold while you look up their phone number on their company’s website. Type the name of the website in your web browser. Don’t get to it by clicking on the link that someone sends you.
  • When in doubt, call the number your bank includes on statements, cards, etc., rather than the number provided in the suspicious phone, email or text message.
  • Legitimate callers will be happy to work with you. Illegitimate callers may quickly move on to finding an easier target.
  • Pay careful attention to grammatical errors, correct pronunciation of your name and any avoidance in providing their personal information.
  • If they mispronounce your name, ask them to spell you name.
  • If you receive a suspicious email or text, report it to your bank or other financial institution immediately.

Remember: SunTrust will never send texts asking you to provide, update or verify your personal or account information, such as passwords, Social Security numbers, personal identification numbers (PINs), credit or debit card numbers.

Advance Fee Scam: A common type of fraud that requires the victim to pay a small up-front payment to obtain a large sum of money. However, that large sum of money doesn’t exist.

Cookies: A small text file that a website can place on your computer’s hard drive to collect information about your activities on the site or to allow the site to remember information about you and your activities.

Drive-by Download: Software that installs on your computer without your knowledge when you visit certain websites. To avoid drive-by downloads, make sure to update your operating system and web browser regularly.

Online Profiling: A scam that involves Internet fraudsters who send spam or pop-up messages to lure personal information (credit card numbers, bank account information, Social Security number, passwords, or other sensitive information) from unsuspecting victims.

Pharming: A form of online fraud that’s much like phishing, where fraudsters (or in this case “pharmers”) use bogus websites to retrieve a person’s confidential information.

SIM Swap: A form of fraud where fraudsters use social engineering to gather enough personal data to convince their victim’s mobile phone company to transfer their phone number to the SIM on to the fraudster’s phone device. Victim’s phone loses network connection the minute that swap is completed. At that point the fraudster can leverage the texts and emails to gain access to victim’s bank accounts, credit cards, and other sensitive information. 

Social Engineering through Social Networking Sites: Websites that allow users to build online profile and share information, including personal information, photographs, blog entries, and music clips, and connect with other users, whether to find friends or land a job are ripe with opportunities for fraudsters to pieces together personal information that helps target their potential victims.

Spyware: A software program that may be installed on your computer without your consent to monitor your use, send pop-up ads, redirect your computer to certain websites, or record keystrokes, which could lead to identity theft.

Trojans:  Programs that, when installed on your computer, enable unauthorized people to access it and sometimes to send spam from it.

Remember: SunTrust will never send texts asking you to provide, update or verify your personal or account information, such as passwords, Social Security numbers, personal identification numbers (PINs), credit or debit card numbers.

Identify, Report & Resolve Fraud

We are here to help protect and resolve fraud.

Prevent and Protect

Discover tips and techniques to help you prevent fraud and identity theft before it happens.

SunTrust Fraud & Security Center

Be confident in knowing how to keep your information safe.

IDnotify™ Enrollment

Protect your identity with IDNotify by Experian®, a free, premium monitoring service for SunTrust clients.