Common Fraud Schemes

Spam and Phishing

Cybercriminals have become quite savvy in their attempts to lure people in via e-mail and get you to click on a link or open an attachment.

The email you receive can look just like it comes from a financial institution, e-commerce site, government agency or any other service or business. You should be wary of any e-mail that comes from government agencies, such as the IRS, the Treasury Department, or other recognizable agencies or companies that ask you to click on a link or open an attachment. These, and other spam messages or phishing attempts, will generally urge you to act quickly, because your account has been compromised, your order cannot be fulfilled, or another matter. Cybercriminals often use threats such as these, or threats that security of your personal information has been compromised as the bait to trick you into following their direction. Tolleson Wealth Management will never contact you and ask you to confirm your personal information in this manner.

If you are unsure whether an email request is legitimate, try to verify it with these steps:

  • Contact the company directly, using information located on valid correspondence, account statements or other communications you know to be genuine.
  • Contact the company using information provided on the back of a debit or credit card.
  • Search for the company online – but not with information provided in the email.

Here are a few tell-tale signs of spam or phishing e-mails:

  1. Spelling and bad grammar – Look for typos or other noticeable errors. Cybercriminals are not known for their grammar and spelling. Professional companies or organizations will not allow a mass email with poor grammar and spelling to go out to its users. If you notice mistakes in an email, it might be a scam.
  2. Spoofing popular websites or companies – Scam artists use graphics in email that appear to be connected to legitimate websites but actually take you to phony scam sites or legitimate-looking pop-up windows. Criminals have become adept at using graphics from legitimate websites to lure you into releasing information that could be used against you in the future.
  3. Beware of links in email – If you see a link in a suspicious email message, don’t click on it. Rest your mouse (but don’t click) on the link to see if the address matches the link that was typed in the message. In the example below the link reveals the real web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company’s web address.


SMShing and Vishing

SMShing is phishing that happens via SMS text message. Criminals use these messages to trick you into divulging confidential personal or financial information. The text may also include urgent messages that your account has become compromised or your banking profile must be updated to complete a transaction. Tolleson Private Bank will never contact you with such claims, nor request personal and confidential information in this manner. Many include links that, when clicked, will install malicious software, called malware, onto your mobile device. Mobile and tablet devices are becoming a more widely accepted option for conducting banking transactions, and we recommend installing anti-virus and anti-malware programs for those devices if using them to conduct banking business.

Vishing is a variant which uses phone calls or voice mail messages, which could appear as originating from a legitimate business through the technique of “spoofing” caller ID features. Sophisticated criminals can spoof caller ID features as easily as websites. All of these tactics are used in an effort to obtain personal information that will be used to defraud you at some point in the future. In the event you receive a call that is unusual and appears to come from Tolleson, please call us to verify its authenticity.

To guard against these threats, we recommend that you NOT respond to text messages or voice mail messages that ask you for personal and confidential information.

Hacked E-Mail Accounts

If your e-mail account has been compromised or hacked, here are some ways to recognize it when it happens and regain control.

How do I know if my email or social network account has been hacked?

  • There are posts you never made on your social network page. These posts often encourage your friends to click on a link or download an App.
  • A friend, family member or colleague reports getting email from you that you never sent.
  • Your information was lost via a data breach, malware infection or lost/stolen device.
  • You receive calls or correspondence from companies you do business with, about information or transaction requests you didn’t authorize.

If you believe your account has been compromised, take the following steps:

  • Notify all of your contacts that they may receive spam messages that appear to come from your account. Tell your contacts they shouldn’t open messages or click on any links from your account and warn them about the potential for malware.
  • If you believe your computer is infected, be sure your security software is up to date and scan your system for malware. You can also use other scanners and removal tools.
  • Change passwords to all accounts that have been compromised and other key accounts as soon as possible. Remember, passwords should be long and strong and use a mix of upper and lowercase letters, numbers and symbols. We recommend you have a unique password for each account.

Money Transfer Scams

Wiring money is like sending cash. Once it’s gone, you can’t get it back. That’s one reason scammers often insist that people wire money, many times to addresses overseas. It’s nearly impossible to reverse the transfer, trace the money, or track the recipients. For this reason, we suggest you never wire money to a stranger or someone you haven’t met in person.

In a variation of a money transfer scheme, scammers will use Money Mules, who serve as a middleman for criminals’ intent on laundering funds that have been stolen or received from other criminal activity. Sometimes victims themselves, money mules fall prey to “get-rich” quick schemes orchestrated by the criminal, which involves depositing the funds into the mules’ personal accounts and wiring a portion of the stolen funds to the criminal’s account. In most instances, the mule is deemed liable for repayment of all funds, those they kept and those wired to the criminal.


Malware is a generic term, which is short for malicious or malevolent software and is designed by hackers and criminals to disrupt or contaminate a user’s computer. You may know these by the more common terms of: computer virus, Trojan horse, worm, spyware, and adware. These are all forms of malware and how they infect your computer and spread to others can be subtly different.

A computer virus attaches itself to a program or file and is released on your computer by opening an infected file, or running an infected program. Viruses require human interaction to spread to others; that is, by the user unknowingly sending an infected file or program to others. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but cannot actually infect your computer unless you run or open the malicious program. Executable files are not always easy to spot, so be very careful when opening attachments or clicking on links that are delivered to you from sources you don’t know and trust. If you suspect a virus, make sure your anti-virus program is up to date and use it to do a full system scan of your computer.

A Worm is slightly different, and far more infectious. Worms don’t need any unwitting accomplices. They have the ability to use your computer to spread to others; friends, family and co-workers by using your computers built-in file transport capabilities. But they don’t stop there. Many also have the ability to replicate, or copy themselves, allowing multiple computers to become infected simultaneously.

All forms of malware are meant to be disruptive; and some are capable of stealing your confidential information, which is marketable information for criminals. The best deterrents are:

  • If you use a personal wireless network for your home or workplace, make sure you secure it with a strong password, and change it periodically. We also recommend that you give your network a non-descript name, as others may see it, or consider disabling the feature that the network name is viewable to others.
  • Never download or open a file or attachment, or follow a link, in e-mail messages that you were not expecting, without calling the sender to verify its safety.
  • Minimize “drive by” downloads. Your browser security setting can be set to detect unauthorized downloads.
  • Don’t respond to pop-up advertising. Resist clicking any link in a pop-up window, especially those that claim to have detected security issues on your computer. Close the window by clicking on the “X” in the title bar.
  • Run full system scans of your computer at least weekly; and more if you work on or through the internet with people you do not know well. Use security software from well-known companies that updates automatically.
  • Access financial accounts only from trusted computers and secure networks and change your password often. Consider devoting a single computer to accessing financial accounts and refrain from using that computer for accessing the internet for any other purpose.

For additional information about how to keep your confidential information secure while online, please visit the Resources link in our Security Center.