Webinar: Spot and protect yourself from common student scams

College brings excitement and new experiences – and this time of life usually means living on a tight budget. This can make students vulnerable to scams.

Tags: Student, Fraud protection, Scams, Security
Published: September 25, 2020

In this webinar, you’ll learn to spot different types of scams that target students and get tips to keep your money and personal financial information safe. .


View video transcript

Now I'll turn it over to today's presenters. Take it away, Brett.

All right. Thank you, Courtney. I'm the director , or a director with U.S. Bank Enterprise Fraud Risk Management Group. And amongst my many responsibilities related to the management of fraud risk, employee and customer fraud education and awareness is a key focus of mine here at the bank. David.

Thanks, Brett. My name is David Morris, and I manage the cybersecurity exercise program at U.S. Bank, and I lead exercises which enable our organizational teams to be better prepared for response to cyber incidents and for the protection of our customer assets. Prior to joining U.S. Bank, I was the CTO for the enterprise Office of Cybersecurity for the state of Washington. Daniel.

Hi. Great. My name is Daniel Elliot. And the National Cyber Security Alliance is a nonprofit organization that builds strong public-private partnerships to create and implement broad-reaching cybersecurity education and awareness efforts to empower users at home, work, and school with the information they need to keep themselves, their organizations, and their systems safe and secure online. So I'm NCSA's director of education and strategic initiatives, and so I oversee our entire educational portfolio and key stakeholder partnerships.

Well, I want to personally thank you, Daniel and David, for participating today. And we're excited to be here as well today to talk about the topic all three of us are very passionate about, and this one is a very important one for students definitely.

So financial abuse comes in all shapes and sizes-- cyber fraud, mail fraud, even abuse from family members. And it's often targeted towards younger adults and not always older adults. Coming up, we'll discuss some background on scams and why it's important to have awareness as a student. We'll dive into strategies to help you identify and act on student scams, and we'll end with some answers to some of the questions you submitted during registration.

And after today's presentation, you'll be able to recognize, react, and report on student scams. You'll be able to evaluate emails, letters, calls, and sites for indicators of scams. You'll also be able to explain behaviors that commonly lead to financial fraud. This is important to realize that you're not alone. Many people get scammed. And leads on to the next one here, which is we'll provide you resources on who to contact without feeling ashamed. And then, finally, we'll also answer some of the questions received in the registration process.

But first, let's start off by taking a poll. So the first question is "Which of these options do not help control your digital footprint?" You have A, closing out old social media accounts; B, sharing personal information with a friend to help you stay safe online; C, being cautious, to not share personal details on social media; or D, which is putting privacy controls on your social media accounts. You can provide your answers directly in Webex using the radio buttons on the right side of your screen, and the poll will be open for five minutes OK.

Did you know that the Federal Trade Commission found last year those in their 20s lost money to scams at a higher rate than those in their 70s? And even the most tech-savvy are targeted, so therefore, never assume because you are proficient at circumnavigating the digital world that you're immune from being scammed.

Tech-savvy criminals, they prey on students for a number of reasons. One would be the need for money, obviously. The biggest one-- social isolation is also one. Living away from home for the first time, that can be very stressful. And willing victim. So that is you have a significant need for money, and your gut is telling you something isn't right about the activity, but you go ahead and do it anyway. Cybercriminals' actions appear in many forms. You may be approached in public or contacted by email, phone, mail, or social media. Or you may perform an online purchase through a website or an app and actually don't receive the items.

On this slide here, we're going to dive into the most common types of scams you face. We won't touch on all of these, but be aware of these. And if the opportunity feels like it's too good to be true, make sure you verify, verify, verify. Or you could find yourself wrapped up into a costly scam-- or in a costly scam, rather. Actually, Daniel, let me turn it over to you for more details on some common types of scams.

Thanks, Brett. There are three in this list in particular that we at the National Cyber Security Alliance have been focusing a lot of attention on recently. And the first being employment scams. Now, employment scams occur when criminals deceive victims into believing they have a job or a potential job. The criminals leverage their position as quote, unquote, "employers" to persuade victims to provide them with personally identifiable information or to send them money, and the FBI has recently reported an increase in employment scams.

And it makes sense due to the large amount of people who are unemployed due to the pandemic. Criminals are opportunistic and will take advantage of situations like this. According to the FBI, the average reported loss from a job scam is nearly $3,000 per victim in addition to damage to the victims' credit scores. So verify job opportunities before submitting information, and never pay to get a job. So that's the first one.

Also been looking at video game scams. So this is another one where the pandemic has created a ripe environment for criminals. Due to social distancing and quarantining, people are watching TV and playing more video games than ever, with most games these days being internet-based or connected to the internet in some way. Criminals are able to ruin your fun by sending a malicious link in a chat feature, for instance, stealing your credentials and payment card information, and anything else they can monetize.

Now, the third that we've been focusing on is romance scams. And regarding romance scams, with so many people using mobile apps and online dating sites to find a romantic partner, it creates another opportunity for a criminal to take advantage of people when they are vulnerable. So the Federal Trade Commission reports that in 2019 people reported losing $201 million dollars to romance scams. That's a lot of money.

People reported losing more money to romance scams in the past two years than to any other fraud reporting to the FTC. They will often ask you to send money via a gift card or wire transfer. So in a nutshell, don't send money to someone you've never met, no matter how convincing they are online. And so, David, do you want to dive into some of the other common student scams?

Sure. Thank you, Daniel. There are a couple on this list which I've had to contend with on the digital forensics side for gathering evidence, and the first is fake check or money order scams. And Brett touched on this lightly just a moment ago. These have thrived in our current digital marketplace where we informally buy and sell goods with one another.

And the typical case here is where the criminal will send a fake check or money order and then ask you to take some action, such as depositing the fake check, the money order, and then purchasing gift cards, or worse, doing the deposit and then wiring the money to another individual. So a simple rule of thumb to spot these scams, at least most of these scams, is that gift cards are for gifts and not for payments.

Another scam, which I, unfortunately, personally have been a victim of is the fraud claim scam on this list. In this one, a criminal enters an unemployment insurance claim in your name, often using your personal information that was gained from a prior data breach, or they've gotten that information from multiple combined data breaches. And here in the state of Washington and many other states, we had criminal groups that took advantage of the COVID-19 pandemic to commit this type of unemployment fraud. Precautions that you can take are to closely monitor your credit reports and also to be proactive by creating an online account with departments, such as the IRS or with Social Security, before a criminal might do this in your name in advance of you.

OK. Now that we know a little more about the common types of scams, let's go ahead and review the poll results. Looks like the majority of you answered B, which is correct. Although it may be well intended, it's not a good idea to share your personal information with anyone because once it's out of your hands, it's no longer in your control.

OK. Let's keep going with another poll. Remember that you can answer by using the radio buttons on the right side of your Webex screen. And let's begin. Which costs more? This is kind of a fun one. The average data breach, which is not fun, or four years at Harvard? Submit your best guess and no cheating, please. Stay tuned to find out the answer here in a short bit.

With the rise in student scams, it's good to have an easy-to-remember strategy that you can use to help figure out what to do if you or someone you know gets caught up in a scam. One strategy that may work for you is an easy to remember-- it's called the three Rs, and it stands for recognize, react, and report. So let's explore each one of these in more detail starting on the next slide.

Cybercriminals can be very cunning. They may ask you for account information or credit card numbers. They may also ask you to wire or send money to them or to someone else. All of these should be huge red flags. David, what are your thoughts on this piece?

Agreed. In cybersecurity, we commented for years about the foreign prince email scams. These have been going on for decades now, and they're felt to be obvious to spot. And the thing is they are to most people, but to their target market, they're enticing and they work. And these cons, they're based on one that predates the digital age. They go back approximately 200 years. So those emails will continue as long as they're profitable. And the awareness tropes to be on the lookout for grammar and for spelling, they generally apply to these low-objective types of messages.

However, criminal groups, they have many different objectives, and they've matured and become extremely sophisticated over the years with these phishing messages. And so that's what makes it especially important to be cautious. Now, these messages, they're not just emails anymore. They're also phone calls and text messages, or they're social media links. So you have to look at the overall message.

And for emails, you ask yourself, is this unsolicited? And do you recognize the domain, or is it just a little bit off when you look at it? For example LinkedEn.com, E-N, versus LinkedIn.com, I-N. They'll register domains, and those registrations are fresh, and so they're able to be used to slip past security defenses.

If you hover over a link, does the actual destination match the link? Is the language-- is it asking for urgent or immediate action? These are also all red flags. You should always report these messages rather than delete them so that security analysts can take action, and then you can help the broader community or the broader organization. Daniel, what do you think?

Yeah. Scams aren't new, but the delivery mechanism for them is-- the internet. So as mentioned earlier, criminals are opportunistic, and they're going to prey on your confusion, fear, generosity, curiosity, and every other emotion to take advantage of you. That's why it is always smart to stop and think before acting. Take a moment to breathe. Don't react to a phone call, a text message, or email that triggers your emotions without first stopping to think about the legitimacy of that message.

For instance, if you suspect a scammer has left a message on your phone, do not call back. Instead, first do a quick internet search or have a caregiver or a trusted family member do a search for you to make sure the company is credible. If they are credible, reach out via a trusted communication channel-- an email address, phone number on their website, or the phone number on the back of your credit card or on your bank statement. These are some ways that you can help reduce you falling victim to a cybercriminal.

Account alerts are a great way to keep tabs on your money in real time so you can quickly identify and resolve issues, including things like unauthorized account activity. You could set up alerts in mobile and online banking. If you don't have the app yet, go ahead and you can text GET APP to 872265 to download the U.S. Bank mobile app. David, you have some thoughts on this as well.

Yeah. Thanks. In security, we always want to build our best defenses around our most important assets. And you can easily apply the same personal-- or, excuse me, the same principle to your personal finances, and that's by leveraging the technology to your benefit. So don't just stop at these alerts if you can. Look to increase the security around your login credentials as well by adding an additional authentication factor to your account to go along with that password.

And here's also a few steps that you can take to protect yourself from student scams. In addition to those automated alerts that I just mentioned and my recommendation for a second authenticate, at minimum you're going to need to use secure passwords for your banking. And what's important here is that these passwords are unique across all the services that you subscribe to so if one of those passwords gets compromised, those credentials aren't able to be used to access your bank account. Personally, I use a password manager to assist with this need.

If you do get an alert that seems odd or suspicious, don't just keep it to yourself. Speak to a trusted advisor. Having the ability to get a second opinion and a different perspective can help you to determine what next steps to take. For example, my brother just asked me the other day about some odd activity that he saw in his business bank account, and it felt good for me on the advisor side to just help. Don't be afraid to ask for help as some of us-- we do like to assist, and it can lead to your protection. And Daniel also has a few additional tips to share here.

Yeah. My first one is research companies or charities, et cetera, before conducting business with them. So I'll start with charities. Many fraudsters will set up fake charities to take advantage of your generosity. Use sites like Charity Navigator or Better Business Bureau to vet a charity before donating your well-intentioned money. That research also applies to online shopping or downloading an app. Do your research on these companies before making a purchase or downloading to determine if they are legitimate. 

For instance, what do the user reviews say? Does the website or app have security features, such as two-factor authentication or the ability to configure your privacy and security settings? Long story short, take a moment to do your best to determine if this company is going to be an asset to you or a liability.

Now, with secure payments, to add another layer of security, it's always best practice to use a secure payment service when you want to complete any financial transaction online. And these often hide your actual account information from potential eavesdroppers. It's also always best to tie your credit card to these accounts as credit cards have more consumer protections than debit cards. And with a debit card, if a criminal gets access to that information, they have access to your bank account, and you do not want that.

Now, regarding the last two bullets on the slide, these go back to my point of verify to clarify. If you have a question about the legitimacy of an email, contact the organization and don't use the contact information in the email or the voicemail of question. Use the contact information listed on the official website. I again want to emphasize the role research plays in keeping yourself safe. It takes a little extra time, yes, but that time is well spent when you're protecting your money and your personal data.

Now, things, actually, that we suggest you should not do. So on the last slide, we talked about verify to clarify. And I think the method criminals use more than any other when it comes to electronic crimes is with a link. More than 90% of cyber incidents begin with an email. I know that, Daniel, you had some more thoughts on this as well.

Thank you. I appreciate you coming in. Yeah. Like you said, more than 90% of cyber incidents begin with an email. It can be sent to you in an email, which is what we often think of, but these links can also come in a text message, which is becoming more prominent as we use our mobile phones more for everything, and through a chat message, such as through social media. So don't click on a link that you are not expecting, even if it is from someone you know.

So what can you do? In your email account, configure the settings so they display the sender's email address and not just their display name. For instance, if you get an email from the university requesting you to send sensitive information to them but the sender's email is not from an official university domain, then it's a good indicator it's a fraud attempt.

Hover to discover. So here's one. Hover over the link with your cursor, taking caution not to click, to reveal the path of the hyperlink. If it looks suspicious, don't click it. Another point is to have antivirus and antimalware software installed in your devices, including mobile phones. Now, these won't catch everything, but they will help. And lastly, when in doubt, throw it out. Call whoever emailed you to verify the request, or log into your trusted portal, such as your bank's online portal, to access any messages or alerts. So David and Brett, I'll let you take it from here.

Yeah. Thanks, Daniel. Those are really great points, especially about the hover. That was one that I'd also touched on. It's really important to just pause and look at that. You should also avoid sharing personal information with people you don't know, including over the phone, online, or social media. Be careful to manage your digital footprint. That first poll question mentioned your digital footprint. This makes it difficult for criminals to be able to pass themselves off as legitimate when they're messaging or talking to you because they don't have some of that information to try to social engineer with you.

I've received a phone call from Microsoft that purports to be them, and it says, hey, we've gotten a report that your computer's having a problem. And I usually respond with, oh, really? Which one of my computers? And that just leads to them hanging up. The advice is to step back and think through the situation because this is really important. You should have absolute confidence in the individual you're speaking to before you ever share your credit card details or your account numbers or your Social Security numbers.

Most importantly, also, don't send money to people or institutions that you don't know. As Daniel mentioned earlier, technology can help you to research the legitimacy of an individual or of an organization. You should always start with that base approach of doing your diligence before you transfer any funds. This small amount of online research can save you from becoming a victim. Brett.

I completely agree, David. And another point here that I'll make is you should also avoid paying for an offer you do not understand. So if the terms and conditions are confusing or too good to be true, trust your gut and just don't do it. If the offer is asking for upfront money, it's likely a scam. Or asks you to move money on behalf of another. You may be taking part in a money mule scam, which is against the law.

Another point we make is please don't lie about the situation. If you find yourself being scammed, we can better help you if provided with all the information. The situation can be stressful and unnerving. I completely get that, but being honest about what occurred is absolutely the best policy.
And lastly, as a best practice-- and Daniel made this point earlier about secure payments-- is avoid using your debit card to make online purchases or payments. This will help protect your checking account from potentially being compromised and lessen the negative impacts from an account takeover through your debit card. We suggest you make online purchases or payments with a credit card or a reputable payment service.

Before we get to your questions and the additional resources for you, we want to stress the importance of reporting scams. If you spot a scam or, worse yet, if you've been scammed, what do you do? It can be a frightening situation, and feeling ashamed is extremely common, but it's important to report it. Unreported scams do not do you or anyone else a favor other than the fraudster, right? So reporting scams can help you move closer to protecting yourself in the future and provide law enforcement with the needed information to crack down on these scammers.

That's a great point, Brett. And you should also document the incident as well as you can. What happened? When? With whom? Try to take down as many notes as you can see so you can report them correctly to each of the authorities.

Yep. Yep. Exactly. And then after you have all the information documented, you want to report the incident to the bank. This is the first step to help secure your account to potentially prevent further fraud. Then next, you should contact the impacted businesses of the fraud to help protect your name, one, then also to potentially prevent the fraudster from receiving any products or services or money they are trying to procure.

Next, contact credit agencies, like Equifax, TransUnion, and Experian if your personal information has been used to apply for credit. You can also place blocks and alerts on your credit. Some of the services, like from the credit bureaus, can be accomplished at no cost, but some services do have a cost tied to them. There's also outside service providers as well, so they may have cost. So make sure you do your research.

Those are great reminders, Brett. After you've contacted your bank, your impacted companies, and a credit agency, you'll then want to file a report with your local police department. If you're the victim of identity theft, such as when I had an unemployment benefits claim filed in my name, you should file an identity theft report with the Federal Trade Commission at IdentityTheft.gov.

Also, the FTC, they have lots of resources available on their site for protecting yourself so you can help avoid fraud in the future. You can even request resources in bulk if you want for your organization. We used to do this with the state of Washington. The FTC has a lot of material that they can provide to help educate communities that you care about. Then, finally, file a criminal complaint online at the FBI Internet Crime Complaint Center at IC3.gov.
OK. Let's review the second poll results here. The majority, slight majority, but chose A, data breach, which that is correct. The cost of a data breach in the United States is about $3.86 million according to the Ponemon Institute. When you think about impacted businesses and individual costs, this really makes sense. And the estimated cost of 4 years of undergraduate study at Harvard, as published on their website, is just under $77,000 per year for a total of nearly 307,400. And, of course, that's assuming the prices stay the same for four years.

Before we jump in your questions, we have some additional resources to share with you. And I'm going to turn it over to Courtney. So go ahead and take it away, Courtney.

Thanks, Brett. And Brett mentioned we have a few additional resources to share with you all today. You can review the recording of this webinar and our previous webinar replays at USBank.com/WellnessWebinars. There are also fantastic resources, including articles, videos, lessons, infographics, and more about the common types of fraud, how to avoid fraud, and other financial-related topics available at USBank.com/FinancialIQ. Daniel also had some wonderful resources to share with us today.

Yeah. Thank you. The National Cybersecurity Career Awareness Week is coming up, and it's led by the National Initiative for Cybersecurity Education. And it aims to inspire people of all ages to pursue careers in cybersecurity. And they emphasize the multifaceted nature of cybersecurity, but you don't necessarily have to have a degree in computer engineering to enter the field. So this week focuses on career pathways and resources for those considering cybersecurity as a career. And you can learn more on the link on the slide.

We mentioned a lot about best practices on this webinar also. And the National Cyber Security Alliance has a full library of tip sheets and videos and infographics that delve deeper into each of these topics we mentioned today. For instance, over the summer, we released a whole tip sheet on employment scams and another on online gaming. These resources are all free for you to use and share, and you can view them at StaySafeOnline.org. And we'll also be featuring a lot of information during Cybersecurity Awareness Month, which is recognized every October, and you can find more information about that on our website as well.

That's great. Thank you, Daniel. There's still time for students to participate in U.S. Bank's student scholarship. You can scan the QR code located at the bottom left of the slide now or visit USBank.com/Scholarship to get started on your chance to win up to $20,000. The more financial lessons you complete, the more money you could win. So register and complete at least four lessons by October 30 to become eligible.

We received amazing questions during the registration process. We'll answer a few of the questions we received here today. If you still have questions following today's session, please schedule an appointment with a banker at USBank.com/Book.

Our first question is from Melissa. She asked, "How do you recognize a cyber threat at first glance?" Daniel, can you please help answer this one for us?
Sure. First is to understand common strategies cybercriminals use, which include phishing, smishing, and vishing. Now, understanding these terms will help you remain alert so you don't get caught in any type of scam, and so let's understand these terms.

Phishing. Phishing scams often appear to be from a trustworthy company or organization to entice a person to provide personal and account information. An email example is provided on the slide. Now, smishing is any kind of phishing that involves a text message or SMS message. And the third, vishing, that's the practice of making phone calls or leaving voice messages claiming to be from reputable companies in order to induce individuals to reveal personal information, such as your bank or credit card details.

So a few red flags for a cyber threat include, if you look at numbers two and four on the slide, the call, email, or text has a sense of urgency. They want you to act quickly and try to prey upon your emotions, as I talked about earlier. If you do this now, you'll be expelled-- or, I'm sorry, if you don't do this now, you'll be expelled, or your student loan will be in default. Getting you to worry.

If you reference number five on the slide, the message asks you to submit sensitive information, such as credentials or send money-- again, often with wire transfer or gift cards. The requester is asking you to bypass the traditional policies-- another hint. Are they asking you to do something the requester wouldn't normally ask you to do? If you reference number six on the slide, the message has shortened links or a hyperlink that, when hovered over, does not go to the actual trusted page. Many secure domains start with HTTPS.

And if you reference number one on the slide, another tip is to look at the reply to address in the message. Criminals can make these look pretty convincing. There might just be one letter off. So know the domain of the actual sender, such as your university's email domain. And if the sender's reply to email does not match, it's a good indicator it's a scam.

Thanks, Daniel, for sharing those red flags with us today. Our next question comes from Tony. Tony asked, "What do you know now that you wish you knew 15 to 20 years ago?" Brett has some sound advice for you, Tony.

Thank you, Courtney. And I do as well have a college-aged student, and this is advice that I've provided him pretty early on. But your name and your credit are two extremely valuable assets that will either help you or hurt you throughout life, so protect it like you would any other personal asset of value. Make sure to keep your personal information secure even what you share online through social media, for example. That can be used by bad guys to perpetrate fraudulent activity. You can learn more about this, actually, on October 13th at our cybersecurity webinar, so go ahead and look for that.

And then, also, check your credit. At least at no cost, you can do this annually through services like AnnualCreditReport.com. Or for U.S. Bank customers in online banking or mobile, you can go into the Credit View dashboard.

That's great advice and a good reminder to check our credit scores. Thanks, Brett. Our last question comes from Farrell. Farrell wants to know "how can I protect my card from hackers?" Farrell, David has some helpful tips for you.

Thanks, Courtney. We've talked about being diligent when giving your number to an individual over the phone. If you're taking this precaution, in addition to those that you've noted here, then you're certainly headed in the right direction. Being proactive with your account monitoring is one of the best protection mechanisms that you can take because, unfortunately, in today's world, it's more likely that your credit card numbers will be taken in a data breach than in an action that's taken by you, so that monitoring is very important.

Thanks, David. And thank you to all of our speakers for joining us today and presenting on the topic. Please use your phone's camera to register for our next webinar, which is "Rainy day savings: 5 myths about emergency funds" on September 29. As a reminder, we'll post this recording from today at USBank.com/WellnessWebinars in the next week. Remember to provide us with your feedback in the post-event survey following this session. This concludes our webinar. Have a wonderful afternoon, everyone.

Looking for more financial tips that are just for students? Here’s where you can find pointers to help you manage your financial life while you’re on campus and beyond – from managing student loans, to building credit, to sticking to a budget as a student.