Common Methods and Scams


Short for "malicious software," malware includes various forms of computer Viruses, Spyware, Trojans, and Worms, which are not always detectable, are generally designed to infiltrate and damage computer systems, collect unauthorized data, and ultimately to commit fraud.

Viruses usually enter your computer system through an email attachment opened by the email recipient, that can attack your operating system and get into your email address book to send out unauthorized email appearing to be from you.

Spyware is a software program that may be installed on your computer without your knowledge or consent.  It can record your key strokes, send pop-ups ads, and redirect you to certain websites to gather your information.

Trojans are programs used to gain unauthorized access to your computer to gather information and send spam or other information from your system. Unlike Viruses and Worms, Trojans do not make copies of themselves to be spread across many computers and systems.

Worms can reproduce themselves over a computer network, are designed to destroy communications throughout the network, and can shut down systems for long periods of time.

Here are some ways to help minimize the risk of your computer/network being infected by malware:

Avoid downloads from public file sharing and social networking sites. Attachments and free software from unknown sources are very common distribution points for malware to reach your computer.

Be wary of pop-up advertisements that appear on your computer, especially those asking for you to provide personal or financial information. Reputable financial companies will not attempt to gather your information this way and such pop-up advertisements should be closed immediately. Utilize the pop-up blocker on your computer and spam blockers provided by your Internet/email service provider.

Update your security and system software regularly to proactively protect your computer from malware threats. Utilize available software and hardware firewalls to protect your system against unauthorized access.


A method used by fraudsters using Voice over Internet Protocol (VoIP) to call you to gain personal information from you, vishing is usually in the form of an automated recording on your voicemail. The message informs you that your account has experienced unusual activity and instructs you to call the phone number shown in the spoofed caller ID, which appears to be from the financial company the fraudsters are pretending to represent. Vishing attempts may also include similar emails and text messages containing fraudulent contact numbers for you to call to give up your identity information. Never provide the information until you have contacted your financial company using the contact information on your statement to validate the request.


SMiShing involves the use of text messaging to commit fraud. Smishing is when a fraudster sends you a text message appearing to be from a government agency or financial company attempting to get you to provide your personal information. If you were to follow the fraudulent text instructions, you may unknowingly be providing your confidential information to allow the fraudster to gain access to your accounts. Always confirm these requests with the financial company using the contact information on your statement before providing the information. Do not use the contact information provided within the suspicious text message.

Lottery and Inheritance Scams

These scams inform you that you have won the lottery or a sweepstakes, or an inheritance from an unknown relative. They can be communicated to you in various ways, including but not limited to: letter, fax, email, and telemarketing calls. The communication will generally ask you to keep a small portion of the check the fraudster has sent you and that all you need to do is wire out the remaining proceeds to another location. Most times the recipient deposits the check, wires out their own money while the check is clearing, and ends up with a returned check and an overdrawn account, and funds that are not recoverable.

Money Mule Scams

These refer to a fraud in which unsuspecting victims are recruited by fraudsters who use the “mules” to launder stolen funds. Money “mules” are usually lured into the fraudster’s efforts by the promise of a new job opportunity, with good pay and minimal work requirements. The fraudster first recruits the money “mules,” sends them stolen money (usually stolen over the Internet by various forms of hacking into the financial system) and then asks the money “mule(s)” to transfer the money unwittingly back to the fraudster, while keeping a portion of the money. Using the money “mule” masks the criminal's identity. Money mule victims of these scams often have their bank accounts closed and financial reputations ruined, and are often left financially responsible for the stolen funds.

The most common signs of money “mule” scams include, but are not limited to:

  • Foreign companies or agencies recruiting you as a US money transfer agent;
  • Requests to open new bank accounts in your name to receive money from someone you don't know;
  • Being asked to accept the transfer of large sums of money into your personal bank account as a "job opportunity", of which you do not know the source of the funds; and/or
  • Sending money out of your personal bank account to people or a company you do not know.

Square 1 recommends that you visit the FBI’s website, which provides additional information about these and other common financial system fraud scams:


To report cyber and other fraud scams to the FBI, file a complaint with the FBI’s Internet Crime Complaint Center: http://www.ic3.gov/default.aspx. You should also file a local police report.