Security Alerts & Tips
Alerts
Windows Virus Scam:
Some of you may have heard of the Windows virus scam, and some of you may have even been affected. If you see a random technical support pop-up on your computer that asks you to call a phone number or click on a link to fix your Windows or Apple Mac OS, your machine may be infected with an adware or a potentially unwanted program (pup). Do NOT call or click on the link. If you’re suspicious, contact a local computer technician. Scams like this have been reported in our communities.
Protect Your Personal Information:
If you receive a phone call or an email asking for any personal information such as birth date, social security number, or debit card information and you’re not expecting it, do not give it out. Chances are, you’re being scammed. Most reputable companies will never ask for your personal information via email or text message. If you’re wary contact the company directly yourself.
Debit Card Phishing Scam:
Perpetrators are attempting to obtain debit card and personal financial information for fraudulent use. There are several types of phishing scams out there so it is extremely important to be aware if and when something like this happens to you. These scams can be in the form of emails or phone calls. The phone calls may be automated or you may even speak with a live individual. Types of information that you may be asked to provide are your social security number, debit card number, or your pin number.
Never provide any of this information to anybody over the phone or in an email! Financial institutions will never ask for personal financial information via email. In light of the recent data breaches at merchants such as Home Depot and Target, the perpetrators may say that your information has been compromised or that your card has either been locked or blocked. In order to unlock your card, they may say you need to provide some type of personal financial information. If you receive any phone call or email that seems suspicious, your best response is to not respond at all. If you think the call or email may be legitimate, always contact Currie State Bank before providing any information.
10 Things You Can Do To Avoid Fraud*
- Spot imposters . Scammers can often pretend to be somebody you trust, like a family member, government official or a company you do business with. Don’t send money or give out personal information when it is an unexpected request.
- Do online searches. For example, use Google to search the company or product in question with words like “review”, “compliant”, or “scam”.
- Don’t believe your caller ID. Technology makes it possible for scammers to fake caller ID information so the name and number you see aren’t always real. If someone calls asking for money or personal information, hang up. If you think the caller might be telling the truth, call back to a number you know is genuine.
- Don’t pay upfront for a promise. You may be asked to pay in advance for things such as debt relief or credit and loan offers and they may even say you have won a prize. If you do pay, they will most likely take the money and disappear.
- Consider how you pay. Credit cards have significant fraud protection built in; other payment methods such as debit cards may not. Wiring money through services like Western Union or MoneyGram is risky because it’s nearly impossible to get your money back.
- Talk to someone. Before you give up money or personal information, talk to somebody you trust.
- Hang up on robocalls. If you answer the phone and hear a recorded sales pitch, hang up and report it to the FTC.
- Be skeptical about free trial offers. Nothing is free! Some companies use free trials to sign you up for products and bill you every month until you cancel.
- Don’t deposit a check and wire money back. By law, banks must make funds from deposited checks available within days, but uncovering a fake check can take weeks. If a check you deposit turns out to be a fake, you’re responsible for repaying the bank.
- Sign up for free scam alerts from the FTC at ftc.gov/scams to get notified and report any scams to ftc.gov/complaint.
*Information from the Federal Trade Commission
Using Online Banking or Mobile Banking? ALWAYS Remember These Important Security Tips!
Always control and have ownership of the device, whether it is your mobile phone, tablet or laptop. It is also recommended that a backup method be installed on a mobile device so that should the device be lost or stolen and the device needs to be remotely wiped that no data is lost.
Create strong passwords. Easy to remember passwords or PINs may also be easy for a thief to figure out. Also remember to keep your screen clean after use on your mobile device. Smudges on the screen can be used to determine swipe or gesture patterns. In addition to this, never store your login or credit card information within any applications or websites.
Don’t respond to texts or emails from unknown or untrusted sources. Texts with links in them can often lead to viruses or other malware being downloaded onto your devices. Third party apps and programs are available to detect and/or combat these potential threats.
Don’t access unknown or untrusted websites, even on your mobile browser. More and more mobile specific threats are being used to infect mobile devices from the web.
When downloading apps, ensure that they are from a genuine and trusted source. ASI (our core software provider) recommends that iTunes/App Store, Google Play and Windows Store only be used to download apps. Third party marketplaces can contain apps designed to infect devices and/or steal data. Never install an app attached in an email or delivered in a text message.
Only download apps from trusted developers. Also inspect what permissions the apps need. If a simple game or app wants access to your contacts and device location, the end user (you) should be highly skeptical about downloading and using the app or game.
Never use unsecured “public” wireless networks when using your various devices.
It is a good idea to have some type of anti-malware and anti-virus software running on all of your devices.
Familiarize yourself with these important terms:
Phishing:
the activity of defrauding an online account holder of financial information by posing as a legitimate company. These attempts are usually made through email.
Smishing:
security attack in which the user is tricked into downloading a Trojan horse, virus, or other malware onto their cellular phone or other mobile device. Short for "SMS phishing".
Pharming:
a cyber-attack intended to redirect a website's traffic to another, fake site.
Spoofing:
a person or program successfully masquerades as another by falsifying data, thereby gaining an illegitimate advantage.
Signs You May Be On a Phishing Site
Phishers are becoming more and more sophisticated in designing their phony websites. There's no surefire way to know if you're on a phishing site, but here are some hints that can help you distinguish a real website from a phishing site:
Check the Web address. Just because the address looks correct, don't assume you're on a legitimate site. Look in your browser's URL bar for these signs that you may be on a phishing site:
- Incorrect company name. Often the web address of a phishing site looks correct but actually contains a common misspelling of the company name or a character or symbol before or after the company name. Look for tricks such as substituting the number "1" for the letter "l" in a web address (for example, www.paypa1.com instead of www.paypal.com).
Be leery of pop-ups. Be careful if you're sent to a website that immediately displays a pop-up window asking you to enter your username and password. Phishing scams may direct you to a legitimate website and then use a pop-up to gain your account information.
Give a fake password. If you’re not sure if a site is authentic, don't use your real password to sign in. If you enter a fake password and appear to be signed in, you're likely on a phishing site. Do not enter any more information; close your browser. Keep in mind, though, that some phishing sites automatically display an error message regardless of the password you enter. Just because your fake password is rejected, don't assume the site is legitimate.
Use a Web browser with anti-phishing detection. Web browsers such as Internet Explorer and Mozilla Firefox have free add-ons (or "plug-ins") that can help you detect phishing sites.
Be wary of other methods to identify a legitimate site. Some methods used to indicate a safe site can't always be trusted. A small unbroken key or locked padlock at the left of the URL bar of your browser is not a reliable indicator of a legitimate website. Just because there's a key or lock and the security certificate looks authentic, don't assume the site is legitimate.