Fraud Awareness

HOW TO PROTECT YOURSELF ONLINE

Safeguard your digital profile against cybercrimes with these tips from the National Cyber Security Alliance (staysafeonline.org)

Download Our Cyber Security Guide

{beginNavtabs}

Protect Yourself

Own It

  • Never click and tell. Limit the personal information you share on social media platforms, including the use of location services.
  • Keep tabs on your apps. Only download apps from trusted vendors and sources. Review app permissions to ensure default permissions are not set to run in the background.

Secure It

  • Shake up your password protocol. Avoid using standard passwords or phrases across multiple websites. Consider using a password manager to generate and store unique and complex logins for each of your accounts.
  • Double your login protection. Enable multi-factor authentication (MFA) when available.
  • Play hard to get with strangers. Do not respond to or click on the links or attachments of “phishy” emails.

Protect It

  • If you connect, you must protect. Maintain the most up-to-date security software, web browser, operating system, and antivirus software (if available) to protect your computer, smartphone, game device, or other network device.
  • Stay protected while connected. Refrain from conducting sensitive activities, such as banking, when connected to a public Wi-Fi network.

Account Takeover

HOW TO AVOID ACCOUNT TAKEOVER FRAUD

What is an “account takeover”?

An account takeover happens when a fraudster poses as a financial institution to get your personal or account information. Once the fraudster has access to your account, they can make unauthorized transactions.

How Does It Work?

An account takeover begins with a fraudster sending a text message to your mobile phone. They usually claim they‘re from a financial institution‘s fraud department. They ask you to confirm a suspicious payment that was sent from your account — this may not be true and could be part of the fraud.

If this is a fraud attack, the fraudster typically follows up with a phone call and asks for your personal information to “cancel the payment.” NOTE: we will NEVER ask for your personal information over the phone.

While account takeover fraud attempts can happen at anytime, it usually begins on a Friday, after business hours, and runs through the weekend.

The phone shows an example of a fraudulent “account takeover” text message.

How Can You Prevent Account Takeover Fraud?

Icon If someone posing as contacts you by phone, email, or text message and wants you to share your personal information, consider it fraud.
Icon If you receive a text (or email) like the one shown here, do not reply to the sender. Ignore the message and do not call any phone numbers listed in the text.
Icon If you receive a phone call that seems to be a phishing attempt, end the call immediately. And be aware that area codes can be misleading: a local area code does not always guarantee that the caller is local.

Protect Your Business

PROTECT YOUR BUSINESS

What is an “Corporate Account Takeover”?

Corporate Account Takeover (CATO) is a form of business identity theft where criminals gain control of a business’ bank account by stealing employee passwords and other valid credentials. Malicious actors can then initiate fraudulent wire and ACH transactions to accounts they control.

What is “Business Email Compromise”?

Business Email Compromise (BEC) is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds. This includes compromising the business email accounts of a company’s vendors and/or customers.

What to look out for:

  • Suspicious sender emails. Criminals often leverage email addresses that resemble reputable organizations but alter a few letters or numbers.
  • Generic greetings and signatures such as "Sir/Ma’am" or lack of contact information.
  • Odd sentence structure, misspellings, poor grammar, and inconsistent formatting are strong indicators of a possible phishing attempt.
  • Spoofed websites and hyperlinks. When hovering a cursor over links in the body of an email, if links do not match, the link may be spoofed.
  • Malicious variations from legitimate domains that use different spellings or domains such as .net, vs .com. Other tactics include the usage of URL shortening services to conceal the true destination of links.
  • Unsolicited links and email attachments are common delivery mechanisms for malware. Opening one of these could make your entire network vulnerable.
  • Suspicious or altered attachments. Often a criminal will edit or alter invoices or payment instructions to have funds redirected.
  • Sudden changes in business practice. For example, if a vendor suddenly asks to be contacted at a personal email address instead of their company email or is pressing you to act quickly. Be wary of any financial institutions and other agencies who ask for your account information or credentials via phone or email.

Best Practices:

  • Establish dual control procedures. Initiate ACH and wire transfer payments under dual control, with a transaction originator and a separate transaction authorizer. Implement dual control in your company’s callback process.
  • Verify the callback number. Do not call back the number on the email or any attachment sent to you. Verify the previous number you had on file, or search for the company’s website to ensure that the number matches.
  • Do not confirm payment instructions only via email. Always perform a call back using a phone number from a system of record to the person making the request to validate payment requests or changes to account information.
  • Avoid clicking on links or attachments from unknown senders. Don’t click on anything in an unsolicited email or text message.
  • Use the forward option instead of hitting reply on important emails, so you can type in the correct email address or select it from your email address book to ensure you’re using the real email address.
  • Never open an email attachment from someone you don't know and be wary of email attachments forwarded to you.
  • Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
  • Enable alerts for suspicious activity, such as foreign logins.
  • Enable security features that block malicious emails, such as anti-phishing and anti-spoofing policies.
  • Create an IT plan to quickly engage your IT and information security staff to determine if there has been a network or email compromise.
  • Verify use of a secure session (https not http) in the browser for all online banking.
  • Avoid using automatic login features that save usernames and passwords for online banking.
  • Ensure virus protection and security software are updated regularly.

What to do if you fall victim to fraud:

Icon
  • Contact the bank and call the police immediately.
  • Prepare any reports and notifications required by regulation, law or policy and deliver as appropriate.
  • For international wire transfers over $50,000, call your regional FBI office (https://www.fbi.gov/contact-us/field-offices) and local police. The FBI offers a Financial Fraud Kill Chain (FFKC) process to help recover large international wire transfers stolen from the United States.
  • Any wire transfers that occur outside of these thresholds should still be reported to law enforcement (http://www.ic3.gov/) but the FFKC cannot be utilized to return the fraudulent funds.

Zelle Security

You already know Zelle® is a fast, safe and easy way to send money to people you know and trust. With that in mind, it’s important to remember to “pay it safe.”

Here are three tips to help you 'pay it safe' with Zelle®:

Only send money to people you know and trust.

Money moves fast with Zelle®. Directly from bank account to bank account within minutes.* So, it's important you know and trust people you're sending money to. You can't cancel a payment once it's been sent if the recipient is already enrolled with Zelle®, so it's important to get it right the first time.

Beware of payment scams.

If you send money to someone you don't know for a product or service you might not receive (like paying for something in advance), you may not get your money back.

Treat Zelle® like cash.

Money moves fast - directly into the enrolled recipient's bank account. Make sure you're sending to the right person by confirming the first name displayed is that of your recipient.

To learn more about using Zelle® safely, watch this video.

{endNavtabs}

If you feel that you have been the victim of fraud, contact us immediately.

Need additional help?

Contact Us

Phone

888-266-9707

Email

[email protected]