August 26, 2020
The Colorado Division of Securities, part of the Department of Regulatory Agencies (DORA), is warning the public that there has been an increase in pop-up scams involving securities accounts in 2020. A “pop-up” is a window that pops up suddenly over another window on a computer. Pop-up scams often include a “spoof” or hoax website that the scammers created to look legitimate. When an unsuspecting consumer visits the website, the site triggers a pop-up that directs the consumer to the scam.
Be on alert if you see a pop-up while you are on a website. The website may look like it is from your bank or brokerage firm, but it may be a “spoof” website that triggered the pop-up. The pop-up may say your accounts are frozen or present some other warning that lures you into contacting the scammers so they can attempt to gain money or confidential information from you.
Pop-up scams are a tool that cyber criminals have used to steal millions of dollars a year from unsuspecting account holders. Here are ways to spot a scam and ways to protect your securities investments.
HOW TO SPOT A SPOOF WEBSITE AND POP-UP SCAM
Scammers use pop-ups and spoof websites to tell a story to trick you into responding to them and connecting with them. The pop-up or website may:
- say you have a security problem that they need to fix,
- say they’ve noticed some suspicious activity or log-in attempts,
- claim there’s a problem with your account or payment information,
- say you must confirm some personal information,
- include a fake invoice,
- say you’re eligible to register for a government refund, or
- offer a coupon for free stuff.
- Scam pop-ups and websites always have an “ask.”
Once scammers get your attention, they will ask you for something:
- they may ask you to call them, and when you do, they will try to get money or sensitive information from you;
- they may ask you to give them remote access to your computer and then they will have access to everything on the computer;
- they may direct you to liquidate your securities accounts and to transfer funds to them;
- they may ask you to click on a link or attachment that will install malware on your computer or click on a link to a form for you to fill in personal, confidential information;
- they may ask you directly for personal confidential information.
WHAT TO DO IF YOU SUSPECT A WEBSITE SPOOF AND POP-UP SCAM
- Close the pop-up and close the website.
- If you can’t close the pop-up, shutdown your computer and restart.
- Don’t do anything the pop-up asks. Don’t call them at the number they provide.
- If you do call them, don’t provide any personal information, don’t allow them remote access to your computer, and don’t transfer securities or funds to them.
- You should also contact the real company through a phone number or website you know is legitimate. Ask the real company about the pop-ups and about their real website address.
- Being online is part of the way we live, but scammers are online with us too.
When it comes to your investments, take the extra steps to verify websites and protect yourself against pop-ups.
If you think you have fallen victim to an investment scam or you want to report one, contact the Colorado Division of Securities for help. Email dora_SecuritiesWebsite@state.co.us or call 303-894-2320.
For resources and more information, check out the Colorado Division of Securities website by clicking here.
DORA is dedicated to preserving the integrity of the marketplace and is committed to protecting a fair and competitive business environment in Colorado. Consumer protection is our mission. Visit dora.colorado.gov for more information or call 303-894-7855 / toll free 1-800-886-7675.