Recent reports suggest a worrisome uptick in scams targeting customers of financial institutions. The latest version starts with a communication that seems to come from your own bank, credit union, or even Fidelity. Though the caller ID says it's your bank calling, it can actually be a scammer using a spoofed phone number. The person on the other end of the line may claim to be an employee of the institution and may even impersonate a real employee.
The scammers will make up a story. For example, they may say that they noticed fraudulent activity in your account and you need to take action right away. The scammers explain that they need to send a one-time passcode to verify your identity. But what they are really doing is trying to change your password with your financial institution. The institution requires them to enter a passcode and the scammer tricks you into reading it to them.
This is why we tell you not to share any passcodes we send to you as part of an online activity.
To further trick you, scammers may tell you not to call your financial institution because they are “in on the fraud.” Trust your intuition and not an unsolicited phone call. If you have any questions or concerns about your account, please contact Fidelity directly.
To help safeguard your information, if you get an unrequested phone call:
- Do not provide or "confirm" any of your personally identifying information.
- Never read back a one-time security passcode (unless you have initiated the service call to a company's official phone number).
Here are 4 more steps to protect against scams and identity theft.
1. Stay vigilant against phishing
Phishing is a technique criminals may use to try to trick you into giving them your personal information—information that they may then use to try to steal your identity. They often do this by impersonating a company or institution, and then asking you to click on a link, open an attachment, or to "confirm" your date of birth, Social Security number, or account credentials.
Even if you feel confident in your ability to spot a scam, it's important to stay vigilant in your daily life. Most phishing attempts are carried out by email, text message, or phone. Here are several warning signs that should raise suspicion:
Warning signs of phishing attempts
- Someone contacting you to say that you have won an award or freebie.
- Someone contacting you with a deal that sounds too good to be true.
- Phone calls, emails, or texts that claim to be from the IRS.
- Unusual communication from someone asking for help.
- Unusual communication (that may sound legitimate) claiming to be from a company you work with.
- Communication from an unfamiliar email address or phone number.
Remember that phishers may use urgent-sounding language to try to get you to click on a link or attachment right away—before you have time to think it through. To create this sense of urgency, they might claim that something very good has happened (like you've won some money), or that something very bad has happened (like you're in debt with the IRS). Be suspicious anytime you receive an out-of-the-ordinary text, call, or email that makes such claims.
Here's how you can protect yourself, particularly if you've received a suspicious or unexpected communication:
Protecting yourself against phishing attempts
- Stop communication with the phisher immediately.
- Hang up the phone, or ignore the suspicious email or text.
- Do not click on any links or download any attachments.
- Do not provide or "confirm" any of your personally identifying information.
- If you think the communication could be a legitimate request from a company you do business with, hang up and then call the company directly.
- Never grant remote access to your computer or read back a one-time security passcode (unless you have initiated the service call to a company's official phone number).
2. Protect your phone service
Think of how protective you are with something like your Social Security number. You know that if a criminal were to obtain it, they might be able to take out a credit card in your name, obtain your tax refund, or even worse.
Increasingly, your cell phone account is becoming something you need to protect just as diligently. If criminals can gain access to your phone calls and text messages, they can potentially steal one-time passcodes and break into your accounts.
For example, one way they may do so is with "SIM swapping." (A SIM card is a small plastic card that stores identifying information on your cell phone, and that allows you to make and receive calls.) With this scam, a fraudster may call your cell phone provider pretending to be you, saying that you have a new SIM card to activate. If the scammer already has some of your personal information (like the last 4 digits of your Social Security number, your date of birth, or your password for your mobile provider account), they might be able to convince the cell phone carrier that they are you and get your phone number reassigned to their SIM card.
Here are several warning signs not to ignore:
Warning signs that your phone has been compromised
- You stop receiving phone calls and text messages.
- Your phone says "no service" or "emergency calls only."
- Restarting your phone does not restore service.
- You receive emails from your cell phone provider about changes to your account.
If you notice any of these warning signs, contact your provider right away to see if your account has been compromised. You can also take some proactive steps to help better protect your cell account:
Protecting your cell phone against hackers
- Set up a PIN on your mobile account.
- If you believe your PIN has been compromised, reset it.
- Secure your cell phone and internet service accounts, like by setting up multi-factor authentication.
- Ask your cell provider about additional ways to secure your account.
3. Strengthen your account security
Many companies, including Fidelity, go to great lengths to safeguard customers' information and accounts, and are continually working to build new and enhanced layers of protection.
You can help reinforce those safeguards by being cautious with your passwords, opting in for new security measures, and making sure the companies you work with know how to reach you if they ever need to.
Here are some proactive steps you can take to strengthen security for your accounts:
Protecting your financial and other accounts
- Set up online access for your accounts, if you haven't already.
- Sign up for multi-factor authentication, when available.
- Use complex passwords, and change them if you believe they've been compromised.
- Don't use the same password for multiple accounts.
- Make sure your institutions have up-to-date phone and email contact information for you.
- Sign up for automated alerts of suspicious account activity, when available.
- Monitor your accounts.
Fidelity offers a number of security-strengthening measures that customers should be aware of. For example, customers can turn on additional login security with multi-factor authenticationLog In Required. Customers can also use money transfer lockdown to block electronic money movement out of their accounts, if they believe or know they have recently been a victim of fraud or identity theft. Enrolling in Fidelity MyVoice® means that when you call Fidelity, you no longer have to enter a PIN or password, and your identity is instead verified using your voiceprint.1
4. Secure your devices
Finally, any device you use that's connected to the internet can become an avenue for cybercriminals to attack. Hackers may get in through newly discovered security holes in these devices and systems. From there, they may also be able to record your keystrokes, access your personal information, or even break into your accounts.
Here are some measures you can take to help secure your devices:
Protecting your devices from hackers
- Change any default passwords when setting up your devices.
- Apply operating system and application patches as soon as the system maker releases them.
- Don't download apps or games from companies you don't know.
- Run antivirus and personal firewall software.
- Avoid conducting financial or other sensitive transactions using shared devices or unsecure networks.
- Avoid public Wi-Fi unless you are taking steps to encrypt and protect your activity.
In conclusion
Protecting your information and online accounts can help avoid the hassle and heartache of ID theft. Take advantage of all security measures offered—and remember that the best way to prevent theft and scams is with a strong defense.
If you believe you have been a victim of identity theft, a scam, or a cybercrime, there are government resources that may help you.
- To report identify theft and establish a recovery plan, visit the Federal Trade Commission's Identity Theft page.
- To report a scam, visit the Federal Trade Commission.
- To report a cybercrime, visit the FBI's Internet Complaint Center.