REGION – It may seem innocent enough: You’re at a mall, or having a coffee, and someone approaches you for a favor. They say, “Can I borrow your phone for a minute? I won’t go anywhere with it. I need to call my – friend? father? wife? husband?” Being the trusting person that you are, you hand over your phone, and the borrower, standing in front of you, quickly types in what should be a plea to someone for help. Acting politely, you are thanked, the phone is returned, and the borrower walks away. Surprise! You’ve been scammed.
This is exactly what occurred to one good Samaritan recently. Approximately an hour after the encounter, she received a message from her bank that her account was debited for $5,000. It turns out that in her case, the young person who borrowed her phone accessed her Zelle account. A similar scam was reported on financial guru Clark Howard’s website, www.clark.com. The victim here was a bit luckier, only losing $2,000 in a Venmo scam.
For readers unfamiliar with Zelle and Venmo, these applications, which are available on internet enabled devices, allow users to easily transfer money to others directly from their bank accounts. Efficient? Yes. Expedient? Yes. Dangerous? Definitely. When used properly, subscribers can make payments on purchases, send money to family members, or transfer money between accounts. The problem is, transfers are instantaneous. When the button is pressed, the money is moved.
In both cases, the criminal was able to access the victim’s account because the victim had not set a password or required multi-factor authentication (MFA). Basically, the account had open access to anyone using the cell phone. There are some basic rules with the use of money transfer applications. When setting up one of these accounts, be sure to use MFA. MFA requires the use of a security code that can be sent by text message, email, or phone call. Without the code, the account cannot be accessed.
Don’t hand over your phone to a stranger. If the person wants to call someone, make the call yourself and put the call on speaker. Do not allow the person to do anything other than talk to the other party. Often, payment apps have a password but the password is a default, which means that the same initial password is set for all users. Change the password to a unique passphrase known only to you and a trusted family member or friend. Finally, in terms of cash transfer applications, never use them to make payment to an unknown party. Use of these conveniences should only occur when you clearly know the identity of the other party.
On a different note, Americans continue to turn to online shopping, and even pharmacies, grocery stores, and local businesses have joined the party. Consumers seem to like the “touchless” approach to shopping, and as a result, delivery services such as UPS, FedEx, Amazon, and DHL are prospering. Enter the “Porch Pirate.” According to Safewise, over 210 million packages were swiped from doorsteps last year and that number only represents the package thefts reported. Porch pirates are thieves who steal deliveries that are left at the front door. These thefts can occur at any time of day and the frequency of broad daylight thefts is rising.
A few tips: Place a hold on the package if no one will be present when the delivery is scheduled. Try changing the delivery location to a safe place. Most delivery companies allow for packages to be held at their facilities for pickup or have alternate locations for deliveries that are secure such as a Staples store or Walgreens – Amazon offers “lock box” delivery in some locations. Before changing delivery location or time, check with the delivery service to find out if there are any fees. UPS has a delivery change fee of $7.99 per item in some cases. You can also purchase the service at an annual fee of $19.99. Another solution is to purchase a delivery box for your home. The open box can be accessed by delivery services and then locked with a padlock or an automatic locking device.
Elliott Greenblott is a retired educator and coordinator of the AARP Vermont Fraud Watch Network. Questions or concerns? Contact egreenblott@aarp.org.