Cybercriminals use sophisticated tactics to impersonate trusted or legitimate sources via email, phone call and text.
Even if you receive a call from a number you recognize, never provide the caller with personal data. Instead, hang up and call back using a known, trusted phone number.
Avoid clicking on links or opening attachments in unsolicited emails or text messages.
Additionally, be cautious of requests to make payments or to provide access to your devices.
Cybercriminal activity continues to evolve as fraudsters develop more sophisticated tactics to trick victims and execute crimes such as identity theft, consumer fraud and financial abuse.
Many of the latest scams revolve around social engineering—using a false pretense to convince individuals to share personal information. The information may seem rather innocuous, and a victim might think there’s no harm in sharing it. But it could be deviously deployed later to initiate an attack.
So, it’s critical to stay uptodate about common fraud schemes you might encounter. Let’s start by examining three types of tactics used by fraudsters to perpetrate social engineering scams: phishing, vishing and SMiShing.
1
Phishing
Phishing starts with an email that often looks like it’s from a trusted or legitimate source. The email will ask you to do something—usually click on a link or download an attachment.
The link typically takes you to a website that seeks to steal your information, or attempts to download malicious software (or “malware”) onto your computer. Meanwhile, opening the attachment may infect your computer with malware.
Once the malware invades your computer a hacker can use it to look at personal documents saved on your computer, such as a tax return. They can also capture the keystrokes on your computer (or take screenshots of sites you visit) to harvest your logins, passwords and other sensitive information. After hackers steal your information, they’ll often try to access your bank accounts or contacts, or sell your data to other cybercriminals.
Security tips: Never click on a link or open an attachment from unsolicited sources, and don’t provide personal information when responding to an email request.
2
Vishing
With this phone scam, a fraudster calls you and poses as a representative from a reputable organization, often times your bank or financial institution, to obtain your personal information. Vishing calls usually have a sense of urgency or panic to make you more likely to share the requested data.
Security tips: Only answer phone calls from numbers you recognize. You should not give out your personal information over the phone when you receive an unsolicited in-bound call. Before you respond, make sure the person asking for the information is from a legitimate organization and is who they claim to be. You can always hang up and call the organization back using a phone number found through a trusted source–such as the company’s mobile application, official web site or a financial statement.
3
SMiShing
Short for “SMS phishing,” this occurs when a cyberthief tries to fool you into providing them with your personal information via a SMS or text message or attempts to get you to click on a link in the text. The fraudster may also try to download malware onto your mobile device.
Security tips: Just like with phishing emails, never click on unknown links embedded in a text message, especially from a sender you don’t recognize. If you have any doubt about the authenticity of the sender, don’t respond. Instead, do some research to verify the validity of the sender.
Once cybercriminals have your personal information, they can use it to execute a variety of social engineering schemes. Here are several of the most popular ones:
The Internal Revenue Service (IRS) calls saying you owe back taxes and threatens you with a lawsuit or jail time if you don’t immediately pay the debt with a wire transfer, prepaid card or gift card.
What’s wrong with this scenario? If you owe taxes, the IRS won’t call you. Instead, the agency will contact you by mail. Also, the IRS will never ask for money using those payment options or threaten to arrest or sue you.
Using the name of an organization that’s similar to a well-known, reputable charity, fraudsters employ high-pressure tactics (usually during the holidays) to encourage you to donate on the spot.
Security tips: Ask for detailed information about the organization and take the time to confirm it’s a trustworthy charity. Don’t feel the need to give money on the phone. You can always donate later through the charity’s site.
Have you ever received a call from someone telling you there’s a serious problem with your computer? It’s likely a fraudster seeking remote access to your device in order to “fix” the issue. Instead, they’ll infect your computer with malware.
Security tips: Never grant access to your device when you receive this type of call. Don’t provide the caller with any personal, account or computer-related information. Instead, ask the caller for their name, as well as the name of their company. Then hang up, and call back using the official phone number for the company.
Be leery of people you’ve met online–often through dating or social media sites–who initially seem romantically interested in you. But, as time goes on, they ask for money (usually by wire transfer, gift card or cryptocurrency) to pay for a medical emergency, the cost of travel to visit you or some other reason.
Security tips: Avoid sending money or gifts to someone you’ve never met in person. Ask anyone you meet online plenty of questions and look for discrepancies in their answers. If you feel someone is trying to scam you, stop all contact with the perpetrator immediately.
While the details of these schemes vary, they all involve a fraudster asking you to pay a small fee upfront in exchange for a larger return later. The payout you’re promised may be connected with an investment opportunity, lottery winning or special gift. After paying the fee, you’ll receive little or nothing of value in return.
Security tips: Don’t conduct business with someone you haven’t researched on your own to confirm their authenticity. You may want to search for information online about the individual, check with your local police, contact the Better Business Bureau or speak to your Financial Advisor or lawyer.
Also, don’t sign any non-disclosure or non-circumvention agreement that’s designed to prevent you from independently verifying the credentials of the person offering the opportunity.
Designating a Trusted Contact to Help Prevent Fraud
Another line of defense is designating a Trusted Contact to your accounts, which can help protect against fraud and is permitted by FINRA.1 A Trusted Contact is a person appointed by a client who serves as a point of contact in case a concern arises about the client’s health status, financial activities or wellbeing. It is important to note that a Trusted Contact is not authorized to act on your behalf or make any investment decisions.
Financial scams can impact data security, fracture families and lead to a potential loss of trust. The best prevention may lie in being familiar with the latest scams and taking action when suspicious activity occurs.
Wealth ManagementTech Support ScamsFraud artists are savvy and can be very convincing. The Tech Support Scam is a popular social engineering technique, with several twists.
Wealth ManagementP2P Payment ScamsMore and more people are using mobile payment apps like Zelle®, Venmo® or CashApp®. P2P payments can make splitting the bill or paying for a service simple and convenient, but vigilance is key.
Wealth ManagementAdvance Fees ScamsIf something sounds too good to be true, it usually is. Keeping that age-old adage in mind is the best way to spot and thwart Advance Fee Scams.
Wealth ManagementGrandparent ScamsThe bond between a grandparent and grandchild is unique. Unfortunately, fraudsters may exploit this loving, trusting relationship to trick you and steal your money.
Wealth ManagementRomance ScamsAccording to the FTC, Romance Scams are one of the top five scams targeting American seniors age 60 and above—and have increased significantly in recent years.
If you suspect you may be the victim of fraud or identity theft, or if you notice
suspicious account activity or receive a questionable email or text that
appears to be from Morgan Stanley, please contact us immediately at
888-454-3965.
(24 hours a day, 7 days a week)
For international clients, please contact your Morgan Stanley Client
Representative immediately to report any online fraud or security concerns.
Please note that by clicking on this URL or hyperlink you will leave a Morgan Stanley Smith Barney LLC website and enter another website created, operated and maintained by a different entity. Morgan Stanley Smith Barney LLC is not implying an affiliation, sponsorship, endorsement with/of the third party or that any monitoring is being done by Morgan Stanley of any information contained within the linked site; nor do we guarantee its accuracy or completeness. Morgan Stanley is not responsible for the information contained on the third party web site or the use of or inability to use such site.
This material has been prepared for informational purposes only.