Security you can count on.

Account Takeovers 

Account Takeovers, also known as Corporate Account Takeovers, is a fast-growing electronic crime where thieves typically use some form of malware to obtain login credentials to online banking accounts and then fraudulently transfer funds from those accounts. This can be an account-to-account transfer, a POP Money transfer, etc.

There are multiple methods for the thieves to try and steal your credentials; the most popular is through malware that infects a computer. Malware can be distributed through malicious websites, email links and social networking sites.

How to Reduce Your Risk of Account Takeovers:

1. Maintain strong passwords
2. Watch your statements and/or accounts closely for unauthorized activity.

3. Install Security software, like antivirus and anti-spyware.

    

Hacked Email

When an attacker gets a hold of your email account and sends emails from your email account (Gmail, Yahoo, Hotmail, etc.) to your friends or your financial institution, it is considered email hijacking.

In the emails, the attackers insert links that include malware, hoping your friends or financial institution will click on the link because it is from a known contact or trusted friend.

• You might have been hacked if:
• Friends and family are getting emails or messages you didn’t send
• Your sent messages folder has messages you didn’t send, or it has been emptied
• Your social media accounts have posts you didn’t make
• You can’t log into your email or social media account

In the case of emails with random links, it’s possible your email address was “spoofed,” or faked, and hackers don’t actually have access to your account. But you’ll want to take action, just in case.

What to do if you have been a victim of email hijacking:

Change your email password. Create a strong password that you don’t use for any other service. Contact your service provider for help and advice.

Go into your email account’s advanced options and change your account recovery options (challenge questions, phone numbers, and backup email address). Review these settings for changes you did not make.

Check the websites and applications that are allowed to access your account and revoke any settings that are unfamiliar.

Check your advanced mail settings for suspicious forwarding addresses or delegated accounts. Check your email folders (such as spam, sent items and deleted items) for any messages that may have been sent from your account.

Contact recipients of unauthorized email to inform them of what occurred. Consider advanced security settings that protect you from future issues.

Phishing

Phishing is what it sounds like: scammers throw a wide net (billions of fraudulent emails) in an attempt at “hooking” a few people. In this case, the trophy is your password, username, and personal information. Once they get this information, it could be quickly used to access your accounts. The term phishing refers to a fraudulent attempt to obtain account information done via email.

Don’t be a victim. Learn to spot the hallmarks of phishing. Phishing may have the following hallmarks:

• Unexpected email that warns of some consequence (like account suspension). This may have a “clickable” link that takes you to a “lookalike” site.
• Poorly worded or confusing terminology in the text.
• Promise of reward or refund, with a clickable link to a “lookalike” site.
• Lack of personal information in the email. Things like account details are very generic.

Scammers may research a business more directly, and even target people by name. This is called “spear phishing.” No matter the form, precautions are still the same.

If you get a message via email, text, popup or phone that asks you to call a phone number to update your account or give your personal information to access a refund – don’t respond and cease communication. When in doubt, call the number on the back of your credit or debit card, or on your financial statements to confirm the information.

If you believe you may have compromised your account information, please immediately report it to our Support team at 952.893.6868.

To learn more about phishing, visit the Federal Trade Commission’s website Onguardonline.gov.

SMiShing

SMiShing scams are similar to phishing scams. You may get a text message appearing to be from a bank or service provider asking you to do something. However, the SMiShing is really a message from a scam artist.

How SMiShing Works

SMiShing scams often direct you to visit a website or call a phone number. If you dial the number, you’ll be asked for sensitive information like a credit card number.

After visiting the website, it may attempt to infect your computer with malware. Scammers continually get more and more creative. Most consumers are savvy enough not to fall for the old “we need your bank account password” email. However, a text message seems less threatening.

Instead of just trying to get money from you, such as with cashier’s check scams, SMiShing schemes often just try to get information such as credit card numbers.

What You Need to Know About SMiShing

If you get a suspicious message, don’t fall for it. Call a bank from a phone number you trust – one that is on your statement or the bank’s website. If you get a message about a service you’ve been signed up for, and will have to cancel, search the web for other reports of the message. To learn more about the related threat of phishing, visit the Federal Trade Commission’s website Onguardonline.gov.

Vishing

Scammers are increasingly using a low-tech tool, the telephone, to rip people off. They can set up a system that automatically dials a long list of phone numbers and asks for account information. Many times the phone number that they are calling from is masked. The caller shows up with a name that looks legitimate.

How to Protect yourself from Vishing

• To protect yourself from vishing, use some of the same techniques you use to avoid phishing scams.
• Don’t give information to anybody unless you are certain you know who you’re dealing with. If you get a phone call about one of your accounts, hang up and call the institution.
• To learn more about the related threat of phishing, visit the Federal Trade Commission’s website Onguardonline.gov.

Fake Checks + Payment Scams

While most people consider checks a convenient and safe form of payment, they can be misused by scammers. A “fake check” scam happens in many ways.

In most cases, the scammer sounds very credible. Someone could offer to buy something you advertised, pay you to do work at home, give you an “advance” on a sweepstakes you’ve supposedly won, or pay the first installment on the millions that you’ll receive for agreeing to have money in a foreign country transferred to your bank account for safekeeping.

Don’t fall for their con. Scammers hunt for victims and seek to make them “mules.” They do this by sending a fake check that draws money from an account that does not belong to them (another victim). They may offer this check as payment for service or work. Many times, they will call the victim an “agent,” requesting they transfer money overseas. In exchange, they will typically allow the victim to keep a percentage of money as “payment.” Whatever the scam, the act is illegal and the victims will be defrauded. They may also be subject to legal prosecution.

Tip: Just because funds are available, it doesn’t mean that the check has cleared. If a check doesn’t clear, you will be liable for money drawn against it.

To avoid being victimized, consider the following precautions:

• If you accept payment by check, ask for a check drawn on a local bank, or a bank with a local branch. That way, you can make a personal visit to make sure the check is valid. If that’s not possible, call the bank where the check was purchased, and ask if it is valid.
• Throw away any offer that asks you to pay for a prize or a gift.
• Avoid entering foreign lotteries. It’s illegal to play a foreign lottery through the mail or the telephone, and most foreign lottery solicitations are phony.
• Never wire money to strangers. If possible, meet them before sending money.
• If you’re selling something, don’t accept a check for more than the selling price, no matter how tempting the offer or how convincing the story.
• If the buyer insists that you wire back funds, end the transaction immediately.

Visit the Federal Trade Commission’s website Onguardonline.gov to learn more about fake check scams, online shopping, and internet auctions.

Malware

What is Malware?

Malware, short for malicious software, is software designed to infiltrate or damage a computer system without the owner’s informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. The term “computer virus” is sometimes used as a catchall phrase to include all types of malware, including true viruses.

Malware can be brought to a computer in many ways, but the most common ways are through email and webpages. Email from strangers with attachments or clickable links can install malware, or simply surfing the web to a page that hosts malware can cause this problem.

Types of Malware

• Virus: A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the user. It can go from computer to computer, or it can come from a website. There is no useful purpose for a virus, it is meant to put malicious software on your computer.
• Spyware: Spyware is a type of virus that is usually not harmful to your computer. Most of the time it tracks the websites where you’ve been going along with the passwords you use at those sites and can popup advertisements. They also slow your computer dramatically and can act like an antivirus program.
• Trojans: Trojans in computing is any malicious computer program which misrepresents itself as useful, routine, or interesting in order to persuade a victim to install it. Many times, illegal copies of software will contain Trojans. Trojans are also spread by some form of social engineering, for example where a user is duped into executing an email attachment disguised to be unsuspicious, (e.g., a routine form to be filled in). Unlike computer viruses and worms, Trojans generally do not attempt to inject themselves into other files or otherwise propagate themselves.

How to prevent Malware on your computer:

• Keep your computer up to date by applying software updates (patches) as soon as possible.
• Don’t rely solely on antivirus to protect your computer. Install and configure a quality software security suite, and keep it updated. Be sure that the product contains multiple protection methods, including antivirus, anti-spyware, and web protection. Don’t ignore warnings from security software. Take the recommended actions (if offered).
• Only install reputable, legal versions of software on your computer.
• Don’t change computer or Internet browser settings to values that weaken security.

If your computer is infected with malware:

• Stop using that computer for banking online or for online shopping.
• On an unaffected computer change your passwords (especially the passwords to your financial institution).
• Obtain professional help from a reputable business who has experience in computer support and specializes in malware identification and removal.
• For serious malware infections, consider wiping the computer and reloading it from original install disks. This method will remove data and programs from the computer, so only do this you have backed up your personal data. This is the most reliable way of removing complex malware threats.

To learn more about malware, visit the Federal Trade Commission’s website Onguardonline.gov.