Stay ahead of scams:
Phishing, smishing, and vishing
Cybercriminals now target individuals through emails, texts, and phone calls.
Romance Scams
When a scammer fakes a romantic relationship online to steal money or personal information.
Imposter Scam
When someone impersonates a trusted person or organization to steal money, personal info, or account access.
"Too good to be true" offer
Lures victims with fake deals or promises to steal fees or personal information.
Fake approval offer
Claims victims are pre-approved for loans or benefits, then asks for fees or personal info with no real offer.
Malware and viruses
Tricks victims into downloading harmful software or viruses disguised as updates, files, or attachments to steal info or damage devices.
Best practices for protecting your financial information
Personal Banking
Enable Account Alerts: Set up account alerts through online banking to stay on top of activities like transactions, low balances, or insufficient funds. These alerts help you quickly detect and respond to potential fraud. To get started, log in to online banking, navigate to the “Resources” menu, and select “Alerts.” From there, you can choose the types of alerts you want and how you’d like to receive them—via SMS, push notifications, or email.
Use Two-Factor Authentication (2FA): Enable 2FA for an additional layer of security. This requires a second form of verification, such as a code sent to your phone or email, when logging into your account.
Use Secure Connections: Always use a secure connection for online banking. Avoid public Wi-Fi networks, which are more vulnerable to cyberattacks. Instead, use a trusted Wi-Fi network or a virtual private network (VPN) for added security.
Log Out of Sessions: Always log out of banking apps and websites after use, especially when accessing them from shared or public devices.
Be Cautious with Mobile Banking: While mobile banking is convenient, it requires extra precautions. Download apps only from official app stores, keep your device and apps updated, and enable a PIN or biometric authentication (such as fingerprint or facial recognition) to secure your banking access.
Update Passwords Regularly: Use strong, unique passwords for your online banking accounts, and change them periodically to reduce the risk of hacking.
Educate Yourself and Your Family: Cybersecurity is a shared responsibility. Stay informed about cyber threats and encourage family members to follow best practices, like not sharing passwords and being cautious with links in emails or messages.
Review Your Credit Reports: Regularly check your credit reports from the major bureaus (Equifax, Experian, and TransUnion) for unauthorized activity. You’re entitled to one free credit report from each bureau every year. Monitoring your reports can help catch identity theft early.
Business Banking
Enable Account Alerts: Set up account alerts through online banking to monitor unusual activities, such as large withdrawals, low balances, or changes to account details. These alerts can help you detect and respond to potential fraud quickly, protecting your business’s financial health.
Use Secure Connections: Always use a secure connection for online banking or managing business accounts. Avoid public Wi-Fi, which is more susceptible to cyberattacks. Instead, use a trusted Wi-Fi network or a virtual private network (VPN) to safeguard sensitive business information.
Be Cautious with Mobile Banking: Mobile banking can streamline managing your business finances, but extra precautions are necessary. Only download apps from official app stores, keep your devices and apps updated, and secure access with a PIN or biometric authentication.
Implement Role-Based Access: Limit access to sensitive financial accounts and information to only those employees who need it for their role. Regularly review and update access permissions.
Utilize Dedicated Devices: Use dedicated computers or devices for online banking to minimize exposure to malware or other cyber threats from everyday internet browsing.
Train Your Team: Cybersecurity is a team effort. Educate your staff about identifying phishing attempts, protecting passwords, and avoiding suspicious links in emails or messages. A vigilant team can reduce the risk of cyber threats to your business.
Install Robust Security Software: Ensure all business devices have up-to-date antivirus, anti-malware, and firewall software installed.
Establish an Incident Response Plan: Develop and practice a plan to respond to data breaches or suspicious account activity. This ensures quick action to minimize damage in the event of a cyberattack.
Secure Vendor Relationships: Vet and monitor third-party vendors who have access to your business’s financial systems to ensure they adhere to cybersecurity best practices.
Regularly Review Financial Statements: Monitor your business accounts and credit reports frequently for unauthorized activity. Early detection of discrepancies can help prevent significant financial loss and ensure the integrity of your business operations.
Review Your Credit Reports: Regularly check your credit reports from the major bureaus (Equifax, Experian, and TransUnion) for unauthorized activity. You’re entitled to one free credit report from each bureau every year. Monitoring your reports can help catch identity theft early.
-
Scam of the Week
From Flow Charts to Phishing
You may have used Microsoft Excel, Word, and PowerPoint for work projects, but you might be less familiar with Microsoft Visio. Visio is used to make diagrams and flow charts. However, cybercriminals are using this tool to try to steal your user credentials. In this week’s scam, cybercriminals send you a phishing email that contains a link. The email appears legitimate, and it looks like a proposal or purchase order.
If you click the link, you will be taken to a Microsoft Sharepoint page that contains a Visio file. The Visio file contains another link, and you will be instructed to press your Ctrl key and click the link. If you press this key, it will bypass security features on your computer and allow the link to direct you to a fake Microsoft login page. The cybercriminals can see any information you enter here, and they are trying to trick you into giving them your sensitive information!
Follow these tips to avoid falling victim to a phishing scam:
- If you receive a suspicious email, be cautious. If you have doubts about the email’s legitimacy, follow your organization’s procedure to report it.
- Always be cautious when opening unexpected attachments or files, even if they appear to come from someone you might know.
- Always think before you click. Cyberattacks are designed to catch you off guard and trigger you to act impulsively.
The KnowBe4 Security Team
-
Scam of the Week
Artificial Intelligence, Real Scam
You may be familiar with ChatGPT, an AI assistant that generates realistic conversations. It was developed by an organization called OpenAI. In this week’s scam, cybercriminals could send you a phishing email that appears to be from OpenAI. The email warns that you will lose access to ChatGPT unless you update your payment method and pay a subscription fee.
The email appears to be legitimate, and it even contains the OpenAI logo and an official support email address in the text. But like many phishing scams, the email also includes a link to a fake webpage asking for your personal data and credit card information. If you click the link and enter your information, your subscription to ChatGPT will not be renewed. Instead, the cybercriminals will have stolen your personal information and money!
Follow these tips to avoid falling victim to a phishing scam:
- When you receive an email, stop and look for red flags. If you have doubts, always visit the official website to verify that the email you received is legitimate.
- Always hover your mouse over links in emails. Watch out for spelling mistakes, unusual domains, or suspiciously long URLs that can hide a website’s true domain.
- If you receive a suspicious or unexpected email, follow your organization’s procedure for reporting it.
The KnowBe4 Security Team
-
Scam of the Week
From Tickets to Email Trickery
If you recently bought a ticket to a local event, you may have used Eventbrite’s website or smartphone app. Eventbrite is an online platform that allows you to create, promote, and attend events. But cybercriminals are abusing this platform to steal your personal information and money. In this week’s scam, cybercriminals use Eventbrite to set up a fake event and then email you an invitation.
The Eventbrite email invitation contains realistic logos and brands, and it appears to be legitimate. But if you select the link within the email, you will be taken to a fake webpage that is actually controlled by cybercriminals. The webpage will prompt you to enter personal data such as your login information, tax identification number, and even your credit card number. The cybercriminals are trying to steal your personal details and funds!
Follow these tips to avoid falling victim to a phishing scam:
- Be wary of emails that urge you to take quick action. Phishing emails are designed to catch you off guard and trigger you to act impulsively.
- Never select a link in an unexpected email. In this case, it would be best to navigate to Eventbrite’s official website or smartphone app if you have concerns about tickets you’ve purchased.
- If you aren’t sure if an email you received is legitimate, contact Eventbrite’s customer support directly to verify.
-
Scam of the Week
The Fake TSA Precheck Email
Many air travelers turn to TSA PreCheck for its quickness and ease. TSA PreCheck is a US airport screening program that allows you to get through airport security with fewer steps and without waiting in long lines. But cybercriminals take advantage of this tool to trick travelers. In this scam, you receive an email that appears to come from TSA PreCheck. The email encourages you to enroll or renew your membership and provides a link to what looks like the official TSA PreCheck website.
The website promises you can skip the long security lines at the airport by paying a fee. However, this website is a fake version of the real TSA PreCheck website. If you enter any money or financial information here, the scammers will be able to see it immediately. The benefits you buy from the fake website will not work at any airport. Worst of all, the cybercriminals have stolen your sensitive information and money!
Follow these tips to avoid falling victim to a phishing scam:
- This particular scam targets US air travelers, but remember that this type of scam can be used for other organizations as well. Always be cautious before clicking on unexpected emails.
- Be wary of requests to pay a fee right away. Cybercriminals will try to pressure you into acting quickly.
- When you first enroll in the actual TSA PreCheck, you pay in person, not online. Also, real Transportation Security Administration (TSA) emails never contain direct payment links. When in doubt, contact the TSA directly.
The KnowBe4 Security Team
-
Scam of the Week
Beware the Fake Cashier’s Check
No one is immune to being targeted by scammers, including lawyers and law firms. Lawyers often handle debt collection, and cybercriminals are seeking to take advantage of that. In this week’s scam, a law firm is contacted by someone claiming to be a client who needs assistance with collecting a debt payment. The firm works with the client to determine who owes the debt and then sends a letter requesting that the debt be paid. The person who owes the debt money immediately agrees to pay and sends what appears to be a real cashier’s check to cover the cost.
The law firm deposits the check and wires money to the client’s account. However, both the client and the person who owes the debt are scammers who are working together. The entire story about being owed a debt is a scam, and the cashier’s check is fake. The fake check doesn’t clear at the bank, and the scammers are able to escape with the law firm’s money!
Follow these tips to avoid falling victim to a cashier’s check scam:
- Look for red flags. Always be suspicious of situations or opportunities that seem too good to be true.
- Be extra cautious when dealing with money or other financial requests. Trust your instincts and contact your bank if you have concerns about a check or money transfer.
- Be suspicious of requests to take action quickly. Cybercriminals pressure their victims to act quickly so they won’t be caught.
The KnowBe4 Security Team
-
Scam of the Week
The Fake Funeral Livestream
Unfortunately, cybercriminals will go to great lengths to try to trick you and steal your information. In this week’s scam, cybercriminals are stealing photos and personal details of recently deceased people from social media. They use these photos and personal details to create convincing comments on Facebook. When an announcement is posted about the deceased person, the cybercriminals leave a comment. The comment says that the funeral is being streamed online and that you need to click a link to watch it.
However, the funeral service isn’t actually being streamed online. If you click the link in the comment, you’ll be taken to a fake website that’s controlled by the cybercriminals. The website includes instructions to enter your credit card information so that you can supposedly watch the funeral. If you enter any information here, the cybercriminals will be able to see it immediately. You won’t actually be able to watch the funeral service online, but the cybercriminals will be able to charge your credit card!
Follow these tips to avoid falling victim to a fake funeral scam:
- Never donate money to an online fund unless you can verify it has been set up by an official source.
- If you’re experiencing a major loss, set your social media websites to private before posting details about the deceased person. This will make it more difficult for cybercriminals to steal personal photos and information.
- Always use caution when entering financial information online. Make sure that the website you’re visiting is legitimate.
The KnowBe4 Security Team
-
Scam of the Week
Don’t Fall for This Blackmail Scam
Cybercriminals are always looking for ways to trick you into acting impulsively, and this scam is no exception. They obtain your personal information through data breaches and then use photos of your home accessed from Google Maps to play on your emotions. They claim that they have videos of you and other personal information that they will release if you don’t pay a ransom.
In this scam, you receive an email with an attachment containing a photo of your home and your street address. The scammers claim they know where you live and that they’ve hacked into your home computer to take videos of you using its camera. Then, they threaten to release the footage if you don’t pay them with Bitcoin immediately. The photo of your home makes it seem like they could have actual videos of you, making their scam terrifying and convincing. The catch is that the cybercriminals don’t have any videos of you in your home. They are trying to scare you into giving them your money!
Follow these tips to avoid falling victim to this blackmail scam:
- Never click a link or download an attachment in an unexpected email.
- If you receive a similar email, do not respond or pay the ransom. Attacks like these are designed to catch you off guard and trigger you to act impulsively.
- Be careful with the personal information you share online. Cybercriminals can use this information to target you in phishing attacks.
The KnowBe4 Security Team
-
Scam of the Week
Hurricane Scams
Scammers will frequently use high-profile events, such as natural disasters, to try to trick you. In the aftermath of Hurricane Helene in the United States, scammers have wasted no time in turning this situation to their advantage. They’ve been using AI to generate fake images that play on your emotions, to get you to donate your money to help people who have been affected by the disaster. Recently, an image of a scared little girl holding a puppy and being evacuated from a flood area has been circulating on Facebook and other social media.
However, this image is fake. The scammers are trying to trick you into clicking a link to “donate” to a fake relief effort or to steal your personal information. In either case, their goal is to get you to act impulsively. If you donate money or enter any personal information, it will not help any victims who were impacted by the hurricane. However, it will help the scammers steal your money and your data!
Follow these tips to avoid falling victim to a hurricane scam:
- Be wary of AI-generated images. Look for signs that an image might be fake, such as unusual details or inconsistencies.
- Make sure that the charity you’re donating to is legitimate. Only donate through the official websites of well-known charitable organizations.
- Don’t act impulsively. Take time to research before donating or clicking on links, especially in the aftermath of a disaster.
The KnowBe4 Security Team
-
Scam of the Week
The Shopping List Swindle
Walmart’s Lists feature allows you to create an online shopping list and share it with others. In this week’s scam, cybercriminals are using Lists and malicious Google ads to steal your personal information and money. This scam begins when you search for Walmart’s customer service page on Google. You’ll see a sponsored ad result that claims to lead to a page that provides Walmart’s customer service information. If you click it, the ad will direct you to a Walmart List page. However, instead of containing normal shopping items, the List contains a phone number that appears to be for Walmart’s customer service team.
However, both the ad and the Walmart List were created by cybercriminals. If you call the number, you’ll be connected directly to a scammer. They will ask for your personal and financial information, and then they will attempt to scare you by saying that your account was used to transfer money illegally. The scammer will then try to pressure you into transferring your money into a Bitcoin account in order to prevent additional transactions. If you do transfer the money, it will go directly to the cybercriminals!
Follow these tips to avoid falling victim to a shopping list swindle:
- Be wary of clicking on Google ads. Anyone can buy a sponsored ad on Google, including cybercriminals.
- Be suspicious of anyone forcing you to act quickly. Scammers frequently attempt to trick you into acting impulsively.
- Always think before clicking on a link or providing your personal information, even on official websites. Trust your instincts and be on the lookout for anything that seems suspicious.
The KnowBe4 Security Team
-
Scam of the Week
Watch Out for Election-Themed Scams
In this week’s scam, cybercriminals are taking advantage of the upcoming United States elections to try and steal your personal information and money. The scams vary slightly and involve fake text messages, social media posts, phone calls, and more. Cybercriminals use AI to make these phishing attempts even more convincing. These scams can be easy to fall for since political candidates also use these methods to raise funds and promote their campaigns.
In one version of this scam, you receive a text message or email with a malicious link directing you to donate to a political candidate. The link takes you to a fake webpage asking you to share your credit card number. If you donate, your money goes directly into the cybercriminals’ pockets. The cybercriminals also pretend to be campaign volunteers and send fake surveys requesting your personal and financial information. In another version of this scam, you receive a phone call asking you to update your voter information or register to vote. If you provide your voter information on the call, the cybercriminals will steal it!
Follow these tips to avoid falling victim to an election-themed scam:
- Before you click a link, always hover your mouse over it. Only use secure, official websites to donate funds to candidates and register to vote.
- This scam concerns the US elections, but remember that cybercriminals can use these tactics during elections in any country.
- Trust your instincts. If you receive suspicious phone calls, messages, or emails, follow your organization’s reporting policies.
The KnowBe4 Security Team
-
Scam of the Week
The Microsoft Forms Fakeout
In this week’s scam, cybercriminals are using a tool called Microsoft Forms to try and trick you into giving them your Microsoft 365 or Adobe login information. Microsoft Forms allows you to create surveys, quizzes, and other documents. Unfortunately, cybercriminals are using this tool to create forms that contain malicious links. These fake forms can easily fool you into thinking they’re official Microsoft documents because they have convincing titles and even use Microsoft icons when viewed in a web browser.
In this scam, you receive an email instructing you to urgently change your password, read messages, or look at sensitive work documents. The email directs you to the form, prompting you to click a link. However, the link is malicious, and if you click it, you will be directed to a fake Microsoft 365 or Adobe login page. This page will prompt you to enter your sign-in details, such as your email address and password. If you enter your login credentials here, cybercriminals can steal them!
Follow these tips to avoid falling victim to a Microsoft Forms scam:
- Be cautious whenever you receive an urgent request, such as changing your password or viewing sensitive documents. Remember that cybercriminals play on your emotions by forcing you to act quickly.
- Before you click a link, always hover your mouse over it. Watch out for spelling mistakes or suspiciously long URLs that can hide a website’s true domain.
- If you receive a suspected phishing email, follow your organization’s policies for reporting suspicious emails.
The KnowBe4 Security Team
-
Scam of the Week
The Fake Funeral Livestream
Unfortunately, cybercriminals will go to great lengths to try to trick you and steal your information. In this week’s scam, cybercriminals are stealing photos and personal details of recently deceased people from social media. They use these photos and personal details to create convincing comments on Facebook. When an announcement is posted about the deceased person, the cybercriminals leave a comment. The comment says that the funeral is being streamed online and that you need to click a link to watch it.
However, the funeral service isn’t actually being streamed online. If you click the link in the comment, you’ll be taken to a fake website that’s controlled by the cybercriminals. The website includes instructions to enter your credit card information so that you can supposedly watch the funeral. If you enter any information here, the cybercriminals will be able to see it immediately. You won’t actually be able to watch the funeral service online, but the cybercriminals will be able to charge your credit card!
Follow these tips to avoid falling victim to a fake funeral scam:
- Never donate money to an online fund unless you can verify it has been set up by an official source.
- If you’re experiencing a major loss, set your social media websites to private before posting details about the deceased person. This will make it more difficult for cybercriminals to steal personal photos and information.
- Always use caution when entering financial information online. Make sure that the website you’re visiting is legitimate.
The KnowBe4 Security Team
-
Scam of the Week
Don’t Be Fooled By Fake Phone Numbers
In this week’s scam, cybercriminals are using Google search results to try to trick you into calling a phone number that they control. If you search for an organization on Google, scammers can manipulate the search results to display a fake phone number for the organization. Don’t take a chance of losing your investments on a risky phone call.
If you search on Google and call the fake number from one of these manipulated search results, you will be connected to a scammer. They will attempt to trick you out of your money by saying that your account needs updates or you need to transfer funds. They may ask you for your login information so that they can access your account. Once they gain access to your account, they can quickly transfer your funds to accounts that they control. This is one investment that you don’t want to risk!
Follow these tips to avoid falling victim to a phone number scam:
- Confirm that you are on the organization’s official website if you are going to buy one of their products or use one of their services.
- Double-check that the listed phone number is the same one on the organization’s official website.
- Report any fake listings, ads, or any other type of disinformation through Google’s Report services.
The KnowBe4 Security Team
-
Scam of the Week
Beware of the Celebrity AI Cash Grab
In a recent scam, cybercriminals posted a fake video of Elon Musk on YouTube, trying to trick you into handing over your money. Cybercriminals often use AI to impersonate celebrities so that they can spread misinformation or trick people into falling for their scams. This particular scam attempts to trick you into depositing your cryptocurrency into an online account.
In this scam, the cybercriminals used AI to create a fake video that looks and sounds like the real Elon Musk. The video contains a QR code, and the AI-generated Musk urges you to scan it. If you follow the instructions to scan the code, you will be directed to deposit money into an account with the promise of receiving a larger return for your investment. The catch is there is no return on your investment. Your funds are deposited right into the scammers’ pockets!
Follow these tips to avoid falling victim to an AI video scam:
- Be wary of any social media content that uses endorsements from celebrities, because celebrities can be impersonated online.
- Be cautious whenever you are prompted to enter financial information online. Only use official financial websites.
- No legitimate financial institution will guarantee a large return on a small investment. If the opportunity seems too good to be true, it usually is.
The KnowBe4 Security Team
Remember:
We will never contact you by phone, email or text asking you to provide account numbers, passwords, social security numbers or other personal information.
Contact us immediately if you think you’ve spotted a scam or worry you might be affected.
Resources
Strong Passwords |
Create and Use Strong Passwords - cisa.gov |
ID Theft Resource Center |
Identity Theft Resource Center |
Avoid Romance Scams |
Romance Scams - U.S. Secret Service |
U.S. Government Identity Theft |
Scams and Identity Theft |
BBB Scam Survival Toolkit |
Visit the Scam Survival Toolkit |
National Credit Union Association |
Cybersecurity Resources - NCUA |
Phishing Attacks |
Phishing Attack Prevention - OCC |
Free resources on cybersecurity best practices |
Stay Safe Online - National Cybersecurity Alliance |
Rates effective as of: December 11, 2024
Test Modal
Modal Content
Ea rerum vel molestiae omnis molestias. Et ut officiis aliquam earum et cum deleniti. Rerum temporibus ex cumque doloribus voluptatem alias.
Open Account
Leaving Our Website
You are leaving our website and linking to an alternative website not operated by us. We do not endorse or guarantee the products, information, or recommendations provided by third-party vendors or third-party linked sites.