Enabling fraud alerts on your financial accounts is smart. These alerts warn you of different activities that take place within your account such as deposits, withdrawals, password and address changes and other activities you need to be aware of. The alerts act as a safety net so that you know when account activity happens, without alerts you may not be aware if your accounts have been compromised.

But what happens when the fraud alert is itself fraudulent?

Scammers can mimic fraud alerts and trick you into providing your personal and financial information to them. These fake alerts can look like they are coming from your bank, credit union, brokerage firm, retirement account, credit card company or other financial institutions.

While each scam is different, they all follow a similar pattern, you receive an account alert notification, this can come in an email message, text message or phone call. The person pretends to be with your financial institution and says there is a problem with your account, their goal is to gain access to your account.

In many cases the scammer will already have some of your personal information due to the numerous data breaches that have taken place or from gathering the information from what you have shared on social media, so they can sound legitimate. They may have your name, address, account balance and even your Social Security number.

Often their intent is to steal your multifactor authentication code so they can gain full access to your account. They may say that to secure your account they need to send you a code that they ask you to give them, if you follow through and provide them with the authentication code, they use it to access your account. With the data breaches that have occurred, chances are your username and password may have been compromised. This is why using the same password for multiple sites is a very bad idea. If the scammer already has your username and password all they need is the authentication code to get in.

How to Protect Yourself

Enable fraud alerts on all of your financial accounts, even though scammers can try to trick you with fake alerts it is important that you are aware of any activity related to your accounts. You will become familiar with a legitimate alert so it will be easier to spot a fake.

Enable multifactor authentication on all of your accounts.

Use a strong, long password for each account, never use the same password twice and change your passwords several times a year. Use a password manager to store your information.

If you receive a phone call, text message or email message warning you of activity on your account do not respond. Instead log into your account online or call your financial institution to check on your account.

Never engage with anyone you don’t know.

No legitimate company will ever ask you for your username, password or authentication code.

Scammers can spoof legitimate phone numbers, even if the caller ID displays a number that looks authentic be skeptical.

Scammers will try to instill a sense of urgency to get you to react and respond quickly without thinking it through. Your financial institution will never use threats or scare tactics.

Never answer any questions from a random caller.

Do not post sensitive information online. The less information you post, the less data you make available to cybercriminals. Criminals scan social media and harvest bits of information that they can use along with information obtained through a data breach to build a detailed profile on you.

Remember, if something doesn’t feel right, it probably isn’t.