E-Mail & Internet Fraud
Keep Your Personal Information Safe
E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. Distributors of spam often use spoofing in an attempt to get recipients to open (and possibly respond to) their fraudulent solicitations.
It’s often hard to detect fraudulent e-mails because the e-mail address of the sender appears genuine (even the design and graphics). However, there are often signs to assist you in ascertaining whether an e-mail is fraudulent.
E-mails asking you to provide any personal data should always be suspect. NEVER reply to unsolicited e-mails from anyone, regardless of whether or not you have legitimate business with them. If you have questions regarding your account, call the company direct, or start with a clean Web browser, type in the company’s name and contact them directly. Do not click on any links provided in the text.
The Federal Bureau of Investigation hosts a very informative site where you can learn about some of the newest E-Scams and Warnings. This site also provides a link to report E-Scam attempts.
Requests for information on your Mission Valley Bank Cash Management and Internet Banking sites are secured with SSL technology. To confirm you are on a secured site, there should be a “padlock” icon at the bottom of your screen. You can click on the padlock or other secure identifier, such as the VeriSign logo. The Internet page’s security information can then be viewed so you can make sure the certificate for the site is authentic and valid.
Safeguarding Your Business: Cyber Security
June 15, 2016
Small businesses are frequent targets of criminal attacks and hostile threats to systems, according to the National Institute of Standards and Technology. Owners face serious challenges in protecting their business information, as well as safeguarding their clients and employees privacy. As small businesses become increasingly dependent on online tools for day-to-day operations, protecting confidential information in cyberspace is crucial.
Cybercriminals target small businesses with sophisticated attacks. Criminals use spoofed emails, malicious software and online social networks to obtain login credentials to businesses’ accounts, transfer funds from the accounts and steal private information.
Fraud with increased sophistication like corporate account takeovers are on the rise. This type of fraud is where thieves gain access to a business’ finances to make unauthorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable.
Combating account takeover is a shared responsibility between businesses and financial institutions. Bankers can explain the safeguards small businesses need and the numerous programs available that help ensure fund transfers, payroll requests and withdrawals are legitimate and accurate. As a starting point, here are several tips to help prevent account takeover:
Educate employees. Cyber protection is a team effort. Employees are the first line of defense against an account takeover. Employees should know the warning signs, safe practices and responses to a suspected takeover. They should be on alert for strange network activity, instructed not to open suspicious emails and should never share account information.
Protect your online environment. Just as physical locations and assets are protected, virtual environments should be protected as well. Do not use unprotected Internet connections, and be sure to encrypt sensitive data and keep reputable anti-virus and anti-spyware programs updated. Passwords should be complex and updated periodically.
Partner with your bank for payment authentication. Talk to your banker about services that prevent unauthorized transactions, such as call backs, device authentication, multi-person approval processes, batch limits and other tools that increase protection against account takeover.
Pay attention to suspicious activity and react quickly. Unexplained account transactions, unauthorized network activity, pop ups or suspicious emails can all indicate cybercrime. If detected, stop all online activity, keep records of all suspicious transactions, and contact your financial institution immediately. Remove any systems or computers that may have been compromised from the rest of your network.
Understand your responsibilities and liabilities. An account agreement with your financial institution details what commercially reasonable security measures are required for your business. Understanding in full detail what security safeguards are required in the agreement is critical to maintaining adequate cyber protection. Failure to do so means you could be liable for losses resulting from a takeover. Effectively implementing these safeguards ensures your cyber security can withstand and prevent hacks and attacks. Talk to your banker if you have any questions about your responsibilities.
by Marianne Cederlind /Senior Vice President and Chief Business Banking Officer /Mission Valley Bank
Federal Trade Commission Warns of Official-Sounding Calls about an Email Hack
May 5, 2016
April 2016 -- by Andrew Johnson Division of Consumer and Business Education, FTC
There’s a new twist on tech-support scams — you know, the one where crooks try to get access to your computer or sensitive information by offering to “fix” a computer problem that doesn’t actually exist. Lately, we’ve heard reports that people are getting calls from someone claiming to be from the Global Privacy Enforcement Network. Their claim? That your email account has been hacked and is sending fraudulent messages. They say they’ll have to take legal action against you, unless you let them fix the problem right away.
If you raise questions, the scammers turn up the pressure – but they’ve also given out phone numbers of actual Federal Trade Commission staff (who have been surprised to get calls). The scammers also have sent people to the actual website for the Global Privacy Enforcement Network. (It’s a real thing: it’s an organization that helps governments work together on cross-border privacy cooperation.)
Here are few things to remember if you get any kind of tech-support call, no matter who they say they are:
- Don’t give control of your computer to anyone who calls you offering to “fix” your computer.
- Never give out or confirm your financial or sensitive information to anyone who contacts you.
- Getting pressure to act immediately? That’s a sure sign of a scam. Hang up.
- If you have concerns, contact your security software company directly. Use contact information you know is right, not what the caller gives you.
Read on to learn more about tech-support scams and government imposter scams. And, if you spot a scam, tell the FTC.
IRS Alerts Payroll & HR Professionals to Phishing Scheme Involving W-2s
March 29, 2016
WASHINGTON — The Internal Revenue Service today issued an alert to payroll and human resources professionals to beware of an emerging phishing email scheme that purports to be from company executives and requests personal information on employees.
The IRS has learned this scheme — part of the surge in phishing emails seen this year — already has claimed several victims as payroll and human resources offices mistakenly email payroll data including Forms W-2 that contain Social Security numbers and other personally identifiable information to cybercriminals posing as company executives.
“This is a new twist on an old scheme using the cover of the tax season and W-2 filings to try tricking people into sharing personal data. Now the criminals are focusing their schemes on company payroll departments,” said IRS Commissioner John Koskinen. “If your CEO appears to be emailing you for a list of company employees, check it out before you respond. Everyone has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees.”
IRS Criminal Investigation already is reviewing several cases in which people have been tricked into sharing SSNs with what turned out to be cybercriminals. Criminals using personal information stolen elsewhere seek to monetize data, including by filing fraudulent tax returns for refunds.
This phishing variation is known as a “spoofing” email. It will contain, for example, the actual name of the company chief executive officer. In this variation, the “CEO” sends an email to a company payroll office employee and requests a list of employees and information including SSNs.
The following are some of the details contained in the e-mails:
- Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
- Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).
- I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.The emails are designed to trick taxpayers into thinking these are official communications from the IRS or others in the tax industry, including tax software companies. The phishing schemes can ask taxpayers about a wide range of topics. E-mails can seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information.
- The IRS, state tax agencies and tax industry are engaged in a public awareness campaign — Taxes. Security. Together. — to encourage everyone to do more to protect personal, financial and tax data. See IRS.gov/taxessecuritytogether or Publication 4524 for additional steps you can take to protect yourself.
- The IRS recently renewed a wider consumer alert for e-mail schemes after seeing an approximate 400 percent surge in phishing and malware incidents so far this tax season and other reports of scams targeting others in a wider tax community.
October 30, 2015
FTC Warns Small Businesses: Don’t Open Email Falsely Claiming to be from Federal Trade Commission
March 3, 2014
The Federal Trade Commission is warning small businesses that an email with a subject line “NOTIFICATION OF CONSUMER COMPLAINT” is not from the FTC. The email falsely states that a complaint has been filed with the agency against their company. The FTC advises recipients not to click on any of the links or attachments with the email. Clicking on the links may install a virus or other spyware on the computer.
The FTC’s advice: Delete the email. For more information on malicious software (malware), visit www.OnGuardOnline.gov.
The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC's online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s website provides free information on a variety of consumer topics. Like the FTC on Facebook, follow us on Twitter, and subscribe to press releases for the latest FTC news and resources.
Tips for Small Businesses to Combat Fraud
September 25, 2013
Cybercriminals are targeting small businesses with increasingly sophisticated attacks. Criminals use spoofed emails, malicious software and online social networks to obtain login credentials to businesses’ accounts, transfer funds and / or steal private information, a fraud referred to as “corporate account takeover.”
Combating account takeover is a shared responsibility between businesses and financial institutions. Bankers can explain the safeguards small businesses need and the numerous programs available that help ensure fund transfers, payroll requests and withdrawals are legitimate and accurate. Companies should train employees about safe internet use and the warning signs of this fraud, because they are the first line of defense.
As part of National Cyber Security Awareness Month coming in October, Mission Valley Bank offers small businesses these tips to help prevent account takeover: Protect your online environment. It is important to protect your cyber environment just as you would your physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated anti-virus and anti-spyware protection on your computers. Change passwords from the default to something complex, including at point-of-sale terminals.
- Partner with your bank for payment authentication. Talk to your banker about services that offer call backs, device authentication, multi-person approval processes, batch limits and other tools that help protect you from unauthorized transactions.
- Pay attention to suspicious activity and react quickly. Put your employees on alert. Look out for strange network activity, do not open suspicious emails and never share account information. If you suspect a problem, disconnect the compromised computer from your network and contact your banker. Keep records of what happened.
- Understand your responsibilities and liabilities. The account agreement with your financial institution will detail what commercially reasonable security measures are required in your business. It is critical that you understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover. Talk to your banker if you have any questions about your responsibilities.
IMPORTANT: If you are a customer of Mission Valley Bank and have already responded to a suspicious e-mail, and provided any personal or sensitive information, please contact us immediately at (818) 394-2300.