Security Center |
Account Takeover PreventionIn today's ever-evolving digital world, cybersecurity is a top concern and in our efforts to ensure a safe banking experience - we are outlining the latest scam trends and the steps you can take to protect your information. Reverse Instant Payment Scam AlertReverse instant payment scams occur when cybercriminals trick victims into sending them money through digital payment apps such as Venmo®, Zelle® and PayPal® that allow users to instantly send funds from their bank accounts to other registered users, needing only the other user's phone number or email address. Cybercriminals will send their victims what appear to be automated text messages asking them if they have attempted to make an instant payment. When the victim replies "No" to the text, they then receive a reply saying that their financial institution's fraud specialist will be contacting them shortly. Cybercriminals who sound credible will then call the victim claiming to be fraud specialists, using sophisticated technology to have their caller ID appear to be the victim's financial institution's legitimate toll-free number. The cybercriminal will then tell the victim to secure their digital payment app account by removing their email address as the cybercriminal proceeds to add the email to an account they control so that when they ask the victim to send another instant payment to themselves over the app in order to "reverse" the payment referenced in the original text message, the payment goes to the cybercriminal rather than back to the victim. Here's how you can spot a potential reverse instant payment scammer:
Call St. Anne's directly at 1.877.STANNES if you receive an unsolicited request to verify account information - do not simply reply to unsolicited text, phone call or email requests. For more details on reverse instant payment scams, please refer to the Federal Bureau of Investigation's (FBI) Public Service Announcement here. Account Takeover Fraud TrendAccount takeover fraud occurs when a scammer has obtained sufficient credentials to pose as the cardholder to financial institutions. They can then execute changes to account or card-level settings that assist in the commission of fraud, including demographic changes (phone numbers, emails, passcodes etc.), increased limits, PIN changes and travel exemptions that suppress normal fraud monitoring. As an example, scammers may call you pretending to be from a fraud alert center. You may be sent a one-time passcode (OTP), and the scammer may ask you for that code as well as your member/account number and instruct you to reply "not fraud" on alerts by the real fraud alert contact center in response to suspicious account activity. The scammer may then use the information they tricked you into providing to change your card/account settings, allowing them to take over your account for their own use. Here's how you can spot a fraud alert imposter and keep your account secure:
St. Anne's takes your privacy and security very seriously. If you think you've been a victim of fraud, contact us immediately at 1.877.STANNES. PHISHING SCAMSCountless families and individuals are struggling financially during COVID-19. In a truly malicious response to the situation, scammers are lurking and launching phishing attacks claiming to offer financial assistance to those in need. These phishing emails impersonate local government where you are directed to click a link in the email for more information and receive financial assistance. If you click the link, you are taken to a phony government website that will ask for your personal information including your social security number. Don’t be fooled! Anything you enter here is sent directly to the cybercriminals.
protect yourself while online shoppingDue to COVID, the majority of us are going to be doing our shopping online. Here are some ways to protect yourself when doing online shopping:
Fake login pagesA popular method used to steal your credentials is to use fake login pages to capture your login details. These types of attacks usually start with a phishing email that directs you to use a link in the email to "log in to your account". The emails are usually authentic-looking and present a seemingly-normal request. If you click this link, you’re brought to a login page that looks almost identical to the one you’re used to but is actually a fake page. Once you’ve entered your email and password on the fake page, you may be redirected to the real website–leaving you unaware that your login credentials were stolen. How Do I Spot a Fake Page? As the first line of defense, always navigate to your account’s login page by typing the web address in your browser, or using a bookmark that you’ve saved–rather than clicking through links in an email. Also, be aware of the following tips to help you identify fake web pages:
VISHING scamThere have been reports of members becoming targets in vishing scams. Vishing (phone-based phishing) involves one spoofing their phone number to appear the call is originating from wherever they please. It is a method commonly used to steal personal information from individuals as well as businesses. Fraudsters are spoofing their phone numbers to make it appear like a call is coming from the victim’s financial institution (like a credit union). When the member answers the call they are told they need to confirm suspicious debit card transactions. The fraudster will then ask the victim to verify their CVV2/CVC2 code on the back of the card as well as the expiration date. Often, fraudsters will already have a copy of the victim’s card and need this information to reset their PIN number. Once they reset the PIN number, they are free to withdraw from the victim’s account. Simply, never give any personal information over the phone. St. Anne’s will never request this information from you, nor would we ever need it. If you receive a phone call requesting these details from you, just hang up. Still unsure? Call the credit union directly to confirm the legitimacy of the call. Unemployment Benefits ScamUnemployment insurance programs are being targeted by imposters, who are using personal information obtained from earlier data breaches to steal identities and illegally receive the financial benefits. If you receive a letter from the Commonwealth of MA (or your state of residence) confirming enrollment in the unemployment insurance program but did not enroll for unemployment insurance – it is an indication that you are a victim of identity theft – PLEASE DO NOT IGNORE. If you believe that someone is using your identity to falsely claim unemployment benefits – you will need to immediately follow these steps:
For more information regarding this particular scam, visit https://www.mass.gov/info-details/report-unemployment-benefits-fraud. CORONAVIRUS (COVID-19) SCAMHackers frequently send spear-phishing emails or run disinformation campaigns that incorporate content about crises or current events. The attacker often adds a sense of urgency to drive home the “importance” of the scenario. As coronavirus infections surge globally, hackers and nation-state actors are using information about the COVID-19 virus to spread malware and disinformation. The attackers have been sending messages with a Microsoft Word document that appears to contain recommendations for preventing a coronavirus infection, but if targets click through the prompts to enable editing and content, they may end up downloading a variant of malware. How to avoid falling victim to pressure: The reason these attackers are often successful is that they‘re convincing the target to either avoid a negative consequence or gain something of value. Stop and think about the likelihood of the scenario before making the wrong move.
Security AlertsThe IRS noticed a significant increase in phishing attempts to steal money or tax data, therefore you must be on high alert. Consumer Protection Information - Federal Trade Commission (FTC) Identity TheftIdentity theft is the fastest growing crime in America today. It happens when fraudsters willfully and wrongfully obtain and use your personal data to defraud you. Learn how to protect yourself from becoming a victim. Identity Theft - Federal Trade Commission (FTC) Business SecurityRunning a successful business involves identifying and managing all kinds of risk. To help you protect your business from fraud and other security risks, St. Anne’s provides these helpful articles to take care of your business. Corporate Account Takeover - Mass.gov Online & Mobile SecurityTechnology has brought us easier ways to bank, shop, and manage our day-to-day lives. It’s also brought forth fraudsters who are using sophisticated technology to defraud you. Learn tips, tools, and strategies to protect your money and your technology. Consumer Online Safety - Federal Trade Commission (FTC) cyberSecurityIn today’s digital world, cybersecurity is becoming a top concern and cost for both businesses and individuals as our dependency on computers increases and users becoming more skilled. A majority of the population believes a cyber attack won’t happen to them, but it’s important to consider realistic data which gauges the likelihood of experiencing a cyberattack as one in four. Advancing technology allows us to complete more tasks online than ever before and find answers we need in a matter of seconds, but with this luxury increases the threat of cybercriminals who continually evolve their strategies and tactics to gain access to, and compromise unauthorized data. The best defense against these threats is to be mindful of your actions online and practice smart computer usage that will safeguard both your work and personal life. Take advantage of St. Anne’s smart tools such as CardValet® - a mobile app that allows you to turn your card off/on if your debit card is lost or stolen to prevent fraud. IRS AND TAX SCAMSThe IRS noticed a significant increase in phishing attempts to steal money or tax data, therefore you must be on high alert! Scammers have a number of tax-related tricks up their sleeves when it comes to stealing your money and/or sensitive information. Here are a few examples of sophisticated tax scams that have been found:
These are only a few current examples and these scam artists are constantly coming up with new ways to fool you. Remember these helpful tips during tax season and all year round. The IRS:
PURCHASING SCAMSDon't be fooled when someone offers you more money for an item you are selling online! It is a “red flag” when anyone responds to your posting or ad wanting to pay more for the item. The buyer offers to use a cashier's check, personal check, or corporate check BUT at the last minute, comes up with a reason for writing the check for more than the sales price. They ask you to wire back the difference after you deposit the check. However, when you deposit the check and after you have already wired the funds back, you find out that the check bounced leaving you liable for the entire amount. Some tips to protect yourself are listed below:
|