Banking Sign In
Lock Icon

Charity & Disaster Scams

 

August 3, 2022

 

OUCH! Newsletter

 

Cyber criminals know that one of the best ways to rush people into making a mistake is by creating a heightened sense of urgency. And one of the easiest ways to create a sense of urgency is to take advantage of a crisis. This is why cyber criminals love it whenever there is a traumatic event with global impact. What most of us regard as a tragedy, cyber criminals view as an opportunity, such as the breakout of a war, a major natural disaster such as a volcanic explosion, and of course infectious disease breakouts like COVID- 19. When there is an immense amount of social media and news coverage about a certain event, cyber criminals know that is the time to strike.

They use this opportunity to create timely phishing emails or scams about the event, and then send that phishing email or launch the scam to millions of people around the world. For example, during a natural disaster, they may pretend to be a charity asking for donations to save children in need. Cyber criminals can often act within hours of a crisis or disaster, as they have all the technical infrastructure prepared and are ready ahead of time. How can we protect ourselves the next time there is a big crisis or disaster, and cyber criminals seek to exploit it?

How to Detect and Defend Against These Scams

The key to avoiding these scams is to be suspicious of anyone who reaches out to you. For example, do not trust an urgent email claiming to be from a charity that desperately needs donations, even if the email appears to be from a brand that you know and trust. Do not trust a phone call claiming to be a local food bank pressuring you to donate. The greater the sense of urgency, the more likely the request is an attack. Here are some of the most common indicators of a charity scam:

  • Be very suspicious of any charity that requires that you donate via cryptocurrency, Western Union, wiring money, or gift cards.
  • Cyber criminals can change their caller ID phone number to make their phone call look like it’s from your local area code or from a trusted name. Caller ID cannot be relied upon these days.
  • Some cyber criminals will use names and logos that sound or look like a real charity. This is one reason it pays to do some research before giving.
  • Cyber criminals will often make lots of vague and sentimental claims about what they will do with your money but give no specifics about how your donation will be used.
  • Some cyber criminals may try to trick you into donating to them by thanking you for a donation you made in the past when, in reality, you never donated to them.
  • Do not assume pleas for help on crowdfunding sites such as GoFundMe or social media sites such as TikTok are legitimate, especially in the wake of a crisis or tragedy.
  • Do not give out personal or financial information in response to any unsolicited request.

How to Make a Difference Safely

To donate in times of need or to help those impacted by a disaster, donate only to well-known, trusted organizations. You initiate the connections and decide who to reach out to, such as what websites to visit or what organizations to call. When you consider giving to a charity, search its name plus words like “complaint,” “review,” “rating,” or “scam.” Not sure which charities to trust? Start by researching on government websites you trust, or perhaps links provided by a well-known and highly trusted news organization. Donating in times of need is a fantastic way to make a difference, just be sure you are giving to legitimate organizations.

Guest Editor

Dr. Jessica Barker is an award-winning leader on the human side of security. She is the co-CEO of Cygenta and a bestselling author. Jessica is on the SANS Security Awareness Summit advisory board.

Resources

FTC Charity Fraud: https://consumer.ftc.gov/features/how-donate-wisely-and-avoid-charity-scams/

Social Engineering: https://www.sans.org/newsletters/ouch/social-engineering-attacks/

Top Three Scams: https://www.sans.org/newsletters/ouch/top-three-social-media-scams/

Messaging Attacks: https://www.sans.org/newsletters/ouch/spot-and-stop-messaging-attacks/

Phone Call Attacks: https://www.sans.org/newsletters/ouch/vishing/

Charity Navigator: https://www.charitynavigator.org/


 

A Reminder

 

8/1/2022

 

Please remember that The First Bank and Trust Company of Murphysboro will not call or text you to ask for your sensitive or personal information such as username/password for digital banking, a debit card number, social security number, etc. Please do not respond to any texts or calls that request this information.

 

 


 

Top Cybersecurity Tips For Vacations

 

7/20/2022

 

Overview

As the holiday season approaches, millions of people will be traveling. If you are among the many, here are some tips to help keep you cyber savvy and safe.

 

Mobile Devices

Bring as few devices as you can. The fewer devices you bring while traveling, the fewer devices that can be lost or stolen. In fact, did you know that you are far more likely to lose a mobile device than have it stolen? Whenever leaving a hotel room, restaurant, taxi cab, train or airplane, do a quick device check and make sure you have all of your devices. Don’t forget to have friends or family traveling with you to double check for their devices too, like children who may leave a device behind on a seat or in a restaurant. As for the devices you choose to bring, make sure you update them so they are running the latest operating system and apps. Keep the screen lock enabled. If possible, ensure you have some way to remotely track your devices if they are lost. In addition, you may want the option to remotely wipe the device. That way if a device is lost or stolen, you can remotely track and/or wipe all your sensitive data and accounts from the device. Finally, do a backup of any devices you take with you, so if one is lost or stolen, you can easily recover your data.

 

Wi-Fi Connections

When traveling, you may need to connect to a public Wi-Fi network. Keep in mind you often have no idea who configured that Wi-Fi network, who is monitoring it or how, and who else is connected to it. Instead of connecting to a public Wi-Fi network, whenever possible connect to and use the personal hotspot feature of your smartphone. This way you know you have a trusted Wi-Fi connection. If that is not possible and you need to connect to a public Wi-Fi network (such as at an airport, hotel, or cafe), use a Virtual Private Network, often called a VPN. This is software you install on your laptop or mobile devices to help protect and anonymize your Wi-Fi connection. Some VPN solutions include settings to automatically enable the VPN when connecting to non-trusted Wi-Fi networks.

 

Public Computers 

Avoid using public computers, such as those in hotel lobbies or at coffee shops, to log into any accounts or access sensitive information. You don’t know who used that computer before you, and they may have infected it accidentally or deliberately with malware, such as a keystroke logger. Stick to devices you control and trust.

 

Social Media

We love to update others about our travels and adventures through social media, but we don’t always know who every friend or viewer is online. Avoid oversharing while on vacation as much as possible and consider waiting to share your trip until you’re home. Additionally, don’t post pictures of boarding passes, driver’s licenses, or passports as this can lead to identity theft.

 

Work

If you will be working while on vacation (we hope not!), make sure you check what your work travel policies are ahead of time, including what devices or data you can bring with you and how to remotely connect to work systems safely.

Vacation should be a time for relaxing, exploring, and having fun. These simple steps will help ensure you do so safely and securely.

 

Resources 

Securing Your Mobile Devices

The Power of Updating

Virtual Private Networks

Got Backups

 

 


Phishing

 

7/15/2022

 

What is phishing?

Phishing is a type of online scam where criminals make fraudulent emails, phone calls and texts that appear to come from a legitimate bank. Every year, people lose hundreds, even thousands, of dollars to these scams. The communication is designed to trick you into entering confidential information (like account numbers, passwords, PINs or birthdays) into a fake website by clicking on a link, or to tell it to someone imitating your bank on the phone.

 

What to do if you receive a scam email, call or text.

Email or Text

If you suspect that an email or text you receive is a phishing attempt:

  • Take a deep breath. In most cases, it’s perfectly safe to open a scam email or text. Modern mail apps, like Gmail, detect and block any code or malware from running when you open an email. The key is not to click links or download any attachments.
  • Do not download any attachments in the message. Attachments may contain malware such as viruses, worms or spyware.
  • Do not click links that appear in the message. Links in phishing messages direct you to fraudulent websites.
  • Do not reply to the sender. Ignore any requests from the sender and do not call any phone numbers provided in the message.
  • Report it. Help fight scammers by reporting them. Forward suspected phishing emails to the Anti-Phishing Working Group at reportphishing@apwg.org. If you got a phishing text message, forward it to SPAM (7726). Then, report the phishing attack to the FTC at reportfraud.ftc.gov.

Call

If you receive a phone call that seems to be a phishing attempt:

  • Hang up or end the call. Be aware that area codes can be misleading. If your Caller ID displays a local area code, this does not guarantee that the caller is local.
  • Do not respond to the caller’s requests. Financial institutions and legitimate companies will never call you to request your personal information. Never give personal information to the incoming caller.
  • If you feel you’ve been the victim of a scam, and you did provide personal or financial information, contact your bank immediately at their publicly listed customer service number. Often, this is found on the back of your bank card. Be sure to include any relevant details, such as whether the suspicious caller attempted to impersonate your bank and whether you provided any personal or financial information to the suspicious caller.

 

What to do if you fall for a scam email, call or text.

  1. Contact your bank, financial institutions and creditors
    1. Speak with the fraud department and explain that someone has stolen your identity.
    2. Request to close or freeze any accounts that may have been tampered with or fraudulently established.
    3. Make sure to change your online login credentials, passwords and PINs.
  1. Secure your email and other communication accounts
    1. Many people reuse passwords and your email or cell phone account may be compromised as well.
    2. Immediately change your accounts’ passwords and implement multi-factor authentication — a setting that prevents cybercriminals from accessing your accounts, even if they know your password — if you haven’t already done so.
  2. Check your credit reports and place a fraud alert on them
    1. Get a free copy of your credit report from annualcreditreport.com or call 877.322.8228.
    2. Review your credit report to make sure unauthorized accounts have not been opened in your name.
    3. Report any fraudulent accounts to the appropriate financial institutions.
    4. Place a fraud alert on your credit by contacting one of the three credit bureaus. That company must tell the other two.
      – Experian: 888.397.3742 or experian.com
      – TransUnion: 800.680.7289 or transunion.com
      – Equifax: 888.766.0008 or equifax.com
  3. Contact ChexSystems at 888.478.6536 to place a security alert on the compromised checking and savings accounts when a deposit account has been impacted. Or, make your report to ChexSystems online.
  4. Contact the Federal Trade Commission to report an ID theft incident: visit identitytheft.gov or call 877.438.4338.
  5. File a report with your local law enforcement.
    1. Get a copy of the report to submit to your creditors and others that may require proof of the crime.

 

FTC Business Blog on crypto scam losses

06/06/2022

 

The Federal Trade Commission has posted an article on its Business Blog, “Reported crypto scam losses since 2021 top $1 billion, says FTC Data Spotlight.” According to the latest FTC Consumer Protection Data Spotlight, since the start of 2021, more than 46,000 people have reported losing over $1 billion in crypto to scams. That’s about one out of every four dollars reportedly lost to fraud during that period.

 

The Data Spotlight reveals that reported losses to crypto scams in 2021 were nearly 60 times what they were in 2018. Certain features of cryptocurrency may explain why it’s a favorite payment method for crooks and cons. There’s no bank or other entity to flag suspicious transactions before they happen. Crypto transfers can’t be reversed. Once the money’s gone, it’s gone. And most people are still unfamiliar with how crypto works.

 

Nearly half the people who reported losing crypto to a scam since 2021 said it started with an ad, post, or message on a social media platform. Of those who specified the platform where the scam began, 32% said it was on Instagram, 26% said Facebook, 9% said WhatsApp, and 7% said Telegram. More than half of the reported losses involved bogus crypto investment opportunities.

 

What the Data Spotlight suggests is that even people who consider themselves tech-savvy can lose money to crypto crooks. Here are three things to bear in mind to protect yourself:

 

  1. Only scammers will guarantee profits or big returns.
  2. No one legitimate will insist that you buy cryptocurrency.
  3. If an online love asks you to send crypto – or claims they can show you how to make money investing in crypto – pull the plug on your virtual romance.

Looking for more information about crypto scams? Visit ftc.gov/cryptocurrency. Report deceptive practices to the FTC at ReportFraud.ftc.gov.

 


 

Cybersecurity Best Practices to Include in Your Institution’s Awareness Training

 

4/12/2022

 

Despite consumers’ varying perceptions of cybersecurity risk, anyone can be the target of hackers looking to steal money, information or an identity. But there is good news: Even the least computer-savvy people can take steps to protect themselves.

Your financial institution should empower consumers with information through cybersecurity awareness campaigns, an important step in the fight against cybercrime. Providing education and promoting good cyber hygiene will mitigate cybersecurity risk for consumers and your institution while increasing the potential for new business through knowledge sharing.

As your institution plans cybersecurity awareness initiatives, consider including the following cybersecurity best practices to enhance protections for your customers or members.

  • Update Devices: Everyone is likely familiar with the annoying pop-up reminder that your computer or phone requires a software update. While it may be easy to click “Remind Me Tomorrow,” it is best that customers or members take the time to install those immediately. Those updates often contain critical security patches that are easily exploited by cybercriminals. Almost all devices offer the option for automatic updates to streamline this process.
  • Install Anti-Virus (AV) Software for Home Devices: Home devices are subject to the same viruses and malware that can infect corporate machines. Home users should invest in AV software and make sure it periodically scans machines and updates to the newest definitions. While a paid AV software is recommended, there are free versions for consumers from companies like Bitdefender, Microsoft, Sophos and others which offer options for MAC and Windows.
  • Sign Up for Alerts: CSI’s recent poll revealed that the top cybersecurity issues that worry consumers as related to their personal confidential information are identity theft and stolen credit or debit card information, at 60% each. Effective alerting could enhance consumer vigilance against these threats.

Many websites offer free alerting to let users know when something happens on an account. Encourage your customers or members to take advantage of these alerts to monitor for potential fraud. Many financial institutions and credit card companies also offer alerts on purchases of a certain size or purchases made without the card present. Encourage customers and members to utilize this feature to quickly know if a card number has fallen into the wrong hands and minimize the damage.

  • Think before Clicking: Hackers often use SPAM email and text messages to get people to click on malicious links that lead them to download viruses or spyware, or prompt users to enter their credentials. Before clicking, your customers and members should ask the following questions:
  • Is this email expected? For example, did the text come with a link to tracking information for a mysterious order?
  • Who is sending this text or email? Hackers often use email addresses that look correct at first glance but are forged. As an example, an email from Apple.com would be correct, but an email from AppleInc.com would be forged. Additionally, text messages from businesses traditionally come from a five-digit number. If a consumer receives a suspicious text claiming to be from a company, but it has a 10-digit number, it is best to delete and block the number.
  • Is this link legitimate? Before clicking on any link, hover over the link with a mouse to see the website the link directs to. If the underlying address does not match up to the address in the email, do not click it.
  • Does this feel weird? Your customers or members should evaluate the situation before letting stress set in and making decisions that might put them at risk. If something feels like a scam it probably is a scam; encourage them to trust their instinct.
  • Enable Multi-Factor Authentication: One of the most troubling results of this year’s survey is that 30% of Americans agree that it is okay to use the same password for an online bank account that they use for other online accounts. Your institution should encourage consumers to use strong passwords while providing and promoting multi-factor authentication (MFA) to make it more difficult for hackers to gain account access.

Unfortunately, a username and password does not always provide adequate protection against hacking. It is not uncommon for these credentials to make their way to the dark web and into the hands of cybercriminals. To increase protections, many websites that hold important information offer the option for MFA. Instead of logging in with only a username and password, a user must provide a third piece of information to access their account.

Typically, the third piece of information comes in the form of a code sent via text or phone call to a specified number. There are also authenticator applications that serve the same purpose. While MFA may not be needed for every account, it is highly recommended for email accounts, online banking, healthcare accounts and anything that holds sensitive information.

 

 

Michael Cripps,

President and CEO

 

 


 

National Financial Capability Month

4/11/2022

 

April is National Financial Capability Month, and the FDIC offers several resources to help educate and protect consumers.  The FDIC’s Money Smart financial education program can help people of all ages enhance their financial skills and create positive banking relationships.

 

How Money Smart Are You?

This suite of 14 self-paced online games is the newest addition to the FDIC’s Money Smart product family and now available in English and Spanish for anyone to access.  It covers topics such as: your income and expenses, borrowing basics, building your financial future, and protecting your identity and other assets.

 

The following are just a few of the tools available from How Money Smart Are You?:

 

  • My Monthly Expense Log -This tool will help you organize and categorize how you use your money. This is an important step to building a spending and saving plan.
  • Estimate What I Can Afford for Housing– You can use this worksheet to estimate what you can afford to pay for housing. Remember, housing expenses include more than the rental payment or mortgage payment.
  • Save Money for My Goals– Use this form to calculate how much money you need to save every day, week, month, or year to reach your goals.
  • Get Ready to Borrow Money– You can use this tool to estimate how a lender might evaluate your creditworthiness. Doing so can help you get ready to borrow money.
  • Reduce the Risk of Identity Theft– You can use these strategies to reduce the risk of identity theft. But remember, you can never eliminate all risk.

 

 

 


March 22nd, 2022

Statement from Secretary Mayorkas on Cybersecurity Preparedness

“As the Russian Government explores options for potential cyberattacks against the United States, the Department of Homeland Security continues to work closely with our partners across every level of government, in the private sector, and with local communities to protect our country’s networks and critical infrastructure from malicious cyber activity. Organizations of every size and across every sector should continue enhancing their cybersecurity defenses. Organizations can visit CISA.gov/Shields-Up for best practices on how to protect their networks, and they should report anomalous cyber activity and/or cyber incidents to report@cisa.gov or (888) 282-0870, or to an FBI field office. DHS will continue to share timely and actionable information and intelligence to ensure our partners and the public have the tools they need to keep our communities safe and secure, and increase nationwide cybersecurity preparedness.”

 

 


March 1st, 2022

 

Don’t Pass By This Password Reminder:

 

You’ve heard it before, but we’ll say it again. It’s important to have strong passwords and change them regularly to help keep your accounts safe. Here are the basics: Don’t use personal information. This includes names of people in your family, your address, or birthdays, since this information can be publicly available to hackers.  Don’t use real words. Password cracking tools can process every word in the dictionary until a match is found. Instead use uppercase and lowercase letters combined with special characters such as “&” or “#” Create longer passwords. The longer it is, the better. Try for at least 10 characters.  Don’t use the same password for multiple websites. If one website has a data breach and you’ve used that password elsewhere, it’s easier for hackers to steal more information. Change your passwords. Get in the habit of changing them twice a year.

 

– Michael N. Cripps

President & C.E.O.

 

 


February 8th, 2022

Joint Release: Federal Agencies Launch Joint Effort to Alert Online Daters and Social Media Users of Romance Scams That Have Cost Americans Millions

WASHINGTON—Today, five federal agencies joined forces to remind the public about the ongoing dangers of romance scams. The Commodity Futures Trading Commission, the Consumer Financial Protection Bureau (CFPB), the Department of Homeland Security’s U.S. Immigration and Customs Enforcement (ICE), the U.S. Postal Inspection Service, and the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) have launched Dating or Defrauding?, a national awareness effort to alert the public to romance scams that target victims largely through dating apps or social media. The campaign is supported by USAGov/Outreach, a division of the U.S. General Services Administration’s Technology Transformation Services.

Romance scams are not new, but with the proliferation of online dating apps, social media, and even messaging apps, new types of scams are emerging that target new audiences and have drained victims of millions of dollars. According to the Federal Trade Commission (FTC), 2020 was a record year for romance scams. Consumer reports to the FTC indicate that the number of romance scam complaints continued to increase through 2021. A year-over-year comparison through the third quarter showed a 48 percent increase in reported romance frauds.

The joint federal agencies’ initiative shows the public how to recognize the scams before they give any money or assets and provides steps to take if they are victimized. Over the coming weeks, the interagency Dating or Defrauding? awareness campaign will reach the public via social media, local and national media outreach, and public-private partnerships to encourage them to be vigilant when making online love connections.

This effort is spearheaded through the following federal agency offices: CFTC’s Office of Customer Education and Outreach, CFPB’s Office for Older Americans, DHS/ICE’s Homeland Security Investigations, the U.S. Postal Inspection Service, and Treasury’s FinCEN.

 


 

December 1st, 2021

 

SCAM ALERT

THE SOCIAL SECURITY ADMINISTRATION WILL NEVER THREATEN, SCARE OR PRESSURE YOU TO TAKE ACTION.

If you receive a call, text, or email that . . .ou to take an immediate action.

  • Threatens to suspend your Social Security number, even if they have part or all of your Social Security number
  • Warns of arrest of legal action
  • Demands or requests immediate payment
  • Requires payment by gift card, prepaid debit card, internet currency, or by mailing cash
  • Pressures you for personal information
  • Requests secrecy
  • Threatens to seize your bank account
  • Promises to increase your Social Security benefit
  • Tries to gain your trust by providing fake “documentation,” false “evidence,” or the name of a real government official

…it is a SCAM!

DO NOT GIVE SCAMMERS MONEY OR PERSONAL INFORMATION – IGNORE THEM!

Protect yourself and others from Social Security-related scams

  • Try to stay calm. Do not provide anyone with money or personal information when you feel pressured, threatened, or scared.
  • Hang up or ignore it. If you receive a suspicious call, text, or email, hang up or do not respond. Government employees will not threaten you, demand immediate payment, or try to gain your trust by sending you pictures or documents.
  • Report Social Security-related scams. If you receive a suspicious call, text, or email that mentions Social Security, ignore it and report it to the SSA Office of the Inspector General (OIG). Do not be embarrassed if you shared personal information or suffered a financial loss.
  • Get up-to-date information. Follow SSA OIG on Twitter @TheSSAOIG and Facebook @SSA Office of the Inspector General for the latest information on Social Security-related scams. Visit the Federal Trade Commission for information on other government scams.
  • Spread the word. Share your knowledge of Social Security-related scams. Post on social media using the hashtag #SlamtheScam to share your experience and warn others. Visit oig.ssa.gov/scam for more information. Please also share with your friends and family.

 

               Michael Cripps,

              President and CEO


December 1st, 2021

Over 300,000 Android users have downloaded banking malware apps

Cybersecurity researchers report that password-stealing banking trojans were disguised as QR code readers, fitness monitors, cryptocurrency apps and more.

Here is the article : Over 300,000 Android users have downloaded these banking trojan malware apps, say security researchers | ZDNet

This article lists the apps that are on google play that should not be downloaded or installed : ‘Banking’ Trojan Malware Hits Over 300,000 Android Users | List of Apps to Avoid on Google Play App Store | Tech Times

 

 


November 16, 2021

 

I just wanted to share some information to help better protect you and your family as the holidays approach.

Researchers at Tessian (an email security company) caution that people should be wary of scams as Black Friday approaches. The researchers found that 30% of people in the US reported receiving a phishing message around Black Friday in 2020.

“Nearly a third of U.S. consumers (30%) said they received a phishing email around Black Friday last year, either by email or SMS to their personal email or cell,” the researchers write. “The thing is that consumers expect to receive more marketing and advertising emails from retailers during this time, touting their deals, along with updates about their orders and notifications about deliveries.

Inboxes are noisier-than-usual and this makes it easier for cybercriminals to ‘hide’ their malicious messages. What’s more, attackers can leverage the ‘too-good-to-be-true’ deals people are expecting to receive, using them as lures to successfully deceive their victims. When the email looks like it has come from a legitimate brand and email address, people are more likely to click on malicious links that lead to fake websites or download harmful attachments.”

Tessian also notes that employees at retailers should be vigilant for phishing attacks as they approach the busiest time of the year.

“And it’s not just consumers that need to be wary,” Tessian says. “Employees in the retail industry will be busier and more distracted than ever during this time, faced with hundreds of orders, thousands of customer queries to respond to, and overwhelming sales targets to hit. Cybercriminals will use this to their advantage, crafting sophisticated phishing emails and cleverly worded social engineering messages in the hope that a stressed worker will miss the cues and comply with their requests.”

 

            Remember: The bad actors are out in force, and you need to remember to implement good cybersecurity and cyber-hygiene practices – especially over the next couple of months. Be extra cautious of any emails invoking an emotional response or asking for your account information. Feel free to review the October National Cybersecurity Awareness emails and forward them to your family members.

 

 

 

Michael Cripps,

President and CEO