E-Mail & Internet Fraud

Keep Your Personal Information Safe

E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. Distributors of spam often use spoofing in an attempt to get recipients to open (and possibly respond to) their fraudulent solicitations.

It’s often hard to detect fraudulent e-mails because the e-mail address of the sender appears genuine (even the design and graphics). However, there are often signs to assist you in ascertaining whether an e-mail is fraudulent.

E-mails asking you to provide any personal data should always be suspect. NEVER reply to unsolicited e-mails from anyone, regardless of whether or not you have legitimate business with them. If you have questions regarding your account, call the company direct, or start with a clean Web browser, type in the company’s name and contact them directly. Do not click on any links provided in the text.

The Federal Bureau of Investigation hosts a very informative site where you can learn about some of the newest E-Scams and Warnings. This site also provides a link to report E-Scam attempts.

Requests for information on your Mission Valley Bank Cash Management and Internet Banking sites are secured with SSL technology. To confirm you are on a secured site, there should be a “padlock” icon at the bottom of your screen. You can click on the padlock or other secure identifier, such as the VeriSign logo. The Internet page’s security information can then be viewed so you can make sure the certificate for the site is authentic and valid.


Identity Theft Today – A Constantly Changing Landscape

June 30, 2017

hands with black gloves stealing a telephone in concept of crime onlineby Marianne Cederlind 
Executive Vice President & Chief Business Banking Officer
Mission Valley Bank

As cyber criminals get craftier, individuals need to arm themselves with facts on identity theft and take the necessary precautions to protect themselves.

Mobile phones and social media are the new frontier -- Fraudsters are expected to introduce as many as 1,000 different phone/social media scams this year, according to one expert. In fact, a social media identity may be more valuable to cyber criminals than credit cards since it offers them the opportunity to manipulate friends. Safety tip: Keep smart phone operating systems up-to-date. Use passwords to gain access to your phone and install apps that enable remote deletion of phone data if it is lost or stolen. (READ MORE…)

Tax return fraud costing billions -- Identity thieves file fake returns using stolen social security numbers and claim refunds worth billions. These taxpayer-victims only learn of the fraud when the Internal Revenue Service rejects their own return because someone already received the money using their identity. This type of fraud has doubled in the last year – now at $24 billion – and cases can take up to a year to clear up. Safety tip: File your tax return early. Don’t answer any emails allegedly from the IRS since they will never contact you via email.

ID theft prevention -- Experts say that while financial institutions are continually improving security – through layered security, multi-factor authentication and other measures – many consumers are still not changing bad habits that leave them at extreme risk. Without personal diligence, cyber criminals will find new, innovative ways to steal consumers’ hard-earned money. Safety tip: Upgrade your electronic security, and make sure computers and phones are locked and password protected when not in use. Do not share personal information unless you know the other party, and monitor your accounts regularly.

Business Travelers Beware!

May 5, 2017

Courtesy of CYBERHEISTNEWS
There is a new spin on an existing phishing scam you need to be aware of.  Bad guys are doing research on you personally using social media and find out where and when you (might) travel for business. Next, they craft an email especially forYoung woman in airport looking at flight information board you with an airline reservation or receipt that looks just like the real thing, sent with a spoofed "From" email address that also looks legit. (more…)

Safeguarding Your Business: Cyber Security

June 15, 2016

Door w LOCKSSmall businesses are frequent targets of criminal attacks and hostile threats to systems, according to the National Institute of Standards and Technology. Owners face serious challenges in protecting their business information, as well as safeguarding their clients and employees privacy. As small businesses become increasingly dependent on online tools for day-to-day operations, protecting confidential information in cyberspace is crucial.

Cybercriminals target small businesses with sophisticated attacks. Criminals use spoofed emails, malicious software and online social networks to obtain login credentials to businesses’ accounts, transfer funds from the accounts and steal private information.

Fraud with increased sophistication like corporate account takeovers are on the rise. This type of fraud is where thieves gain access to a business’ finances to make unauthorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable.

Combating account takeover is a shared responsibility between businesses and financial institutions. Bankers can explain the safeguards small businesses need and the numerous programs available that help ensure fund transfers, payroll requests and withdrawals are legitimate and accurate.  As a starting point, here are several tips to help prevent account takeover:

Educate employees.     Cyber protection is a team effort. Employees are the first line of defense against an account takeover. Employees should know the warning signs, safe practices and responses to a suspected takeover. They should be on alert for strange network activity, instructed not to open suspicious emails and should never share account information.

Protect your online environment.     Just as physical locations and assets are protected, virtual environments should be protected as well. Do not use unprotected Internet connections, and be sure to encrypt sensitive data and keep reputable anti-virus and anti-spyware programs updated. Passwords should be complex and updated periodically.

Partner with your bank for payment authentication.     Talk to your banker about services that prevent unauthorized transactions, such as call backs, device authentication, multi-person approval processes, batch limits and other tools that increase protection against account takeover.

Pay attention to suspicious activity and react quickly.     Unexplained account transactions, unauthorized network activity, pop ups or suspicious emails can all indicate cybercrime. If detected, stop all online activity, keep records of all suspicious transactions, and contact your financial institution immediately. Remove any systems or computers that may have been compromised from the rest of your network.

Understand your responsibilities and liabilities.     An account agreement with your financial institution details what commercially reasonable security measures are required for your business. Understanding in full detail what security safeguards are required in the agreement is critical to maintaining adequate cyber protection. Failure to do so means you could be liable for losses resulting from a takeover. Effectively implementing these safeguards ensures your cyber security can withstand and prevent hacks and attacks. Talk to your banker if you have any questions about your responsibilities.

by Marianne Cederlind /Senior Vice President and Chief Business Banking Officer /Mission Valley Bank

Federal Trade Commission Warns of Official-Sounding Calls about an Email Hack

May 5, 2016

April  2016 -- by Andrew Johnson Division of Consumer and Business Education, FTC

There’s a new twist on tech-support scams — you know, the one where crooks try to get access to your computer or sensitive information by offering to “fix” a computer problem that doesn’t actually exist. Lately, we’ve heard reports that people are getting calls from someone claiming to be from the Global Privacy Enforcement Network. Their claim? That your email account has been hacked and is sending fraudulent messages. They say they’ll have to take legal action against you, unless you let them fix the problem right away.

If you raise questions, the scammers turn up the pressure – but they’ve also given out phone numbers of actual Federal Trade Commission staff (who have been surprised to get calls). The scammers also have sent people to the actual website for the Global Privacy Enforcement Network. (It’s a real thing: it’s an organization that helps governments work together on cross-border privacy cooperation.)

Here are few things to remember if you get any kind of tech-support call, no matter who they say they are:

  • Don’t give control of your computer to anyone who calls you offering to “fix” your computer.
  • Never give out or confirm your financial or sensitive information to anyone who contacts you.
  • Getting pressure to act immediately? That’s a sure sign of a scam. Hang up.
  • If you have concerns, contact your security software company directly. Use contact information you know is right, not what the caller gives you.

Read on to learn more about tech-support scams and government imposter scams. And, if you spot a scam, tell the FTC.

IRS Alerts Payroll & HR Professionals to Phishing Scheme Involving W-2s

March 29, 2016

WASHINGTON — The Internal Revenue Service today issued an alert to payroll and human resources professionals to beware of an emerging phishing email scheme that purports to be from company executives and requests personal information on employees.

The IRS has learned this scheme — part of the surge in phishing emails seen this year — already has claimed several victims as payroll and human resources offices mistakenly email payroll data including Forms W-2 that contain Social Security numbers and other personally identifiable information to cybercriminals posing as company executives.

 

“This is a new twist on an old scheme using the cover of the tax season and W-2 filings to try tricking people into sharing personal data. Now the criminals are focusing their schemes on company payroll departments,” said IRS Commissioner John Koskinen. “If your CEO appears to be emailing you for a list of company employees, check it out before you respond. Everyone has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees.”

IRS Criminal Investigation already is reviewing several cases in which people have been tricked into sharing SSNs with what turned out to be cybercriminals. Criminals using personal information stolen elsewhere seek to monetize data, including by filing fraudulent tax returns for refunds.

This phishing variation is known as a “spoofing” email. It will contain, for example, the actual name of the company chief executive officer. In this variation, the “CEO” sends an email to a company payroll office employee and requests a list of employees and information including SSNs.

The following are some of the details contained in the e-mails:

  • Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
  • Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).
  • I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.The emails are designed to trick taxpayers into thinking these are official communications from the IRS or others in the tax industry, including tax software companies. The phishing schemes can ask taxpayers about a wide range of topics. E-mails can seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information.
  • The IRS, state tax agencies and tax industry are engaged in a public awareness campaign — Taxes. Security. Together. — to encourage everyone to do more to protect personal, financial and tax data. See IRS.gov/taxessecuritytogether or Publication 4524 for additional steps you can take to protect yourself.
  • The IRS recently renewed a wider consumer alert for e-mail schemes after seeing an approximate 400 percent surge in phishing and malware incidents so far this tax season and other reports of scams targeting others in a wider tax community.

FDIC Alert

October 30, 2015

FDIC Alert

FTC Warns Small Businesses: Don’t Open Email Falsely Claiming to be from Federal Trade Commission

March 3, 2014

Warning Sign 03 03 14The Federal Trade Commission is warning small businesses that an email with a subject line “NOTIFICATION OF CONSUMER COMPLAINT” is not from the FTC. The email falsely states that a complaint has been filed with the agency against their company. The FTC advises recipients not to click on any of the links or attachments with the email. Clicking on the links may install a virus or other spyware on the computer.

The FTC’s advice: Delete the email. For more information on malicious software (malware), visit www.OnGuardOnline.gov.

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC's online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s website provides free information on a variety of consumer topics. Like the FTC on Facebook, follow us on Twitter, and subscribe to press releases for the latest FTC news and resources.

Tips for Small Businesses to Combat Fraud

September 25, 2013

Cybercriminals are targeting small businesses with increasingly sophisticated attacks. Criminals use spoofed emails, malicious software and online social networks to obtain login credentials to businesses’ accounts, transfer funds and / or steal private information, a fraud referred to as “corporate account takeover.”

Combating account takeover is a shared responsibility between businesses and financial institutions. Bankers can explain the safeguards small businesses need and the numerous programs available that help ensure fund transfers, payroll requests and withdrawals are legitimate and accurate. Companies should train employees about safe internet use and the warning signs of this fraud, because they are the first line of defense.

As part of National Cyber Security Awareness Month coming in October, Mission Valley Bank offers small businesses these tips to help prevent account takeover: Protect your online environment. It is important to protect your cyber environment just as you would your physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated anti-virus and anti-spyware protection on your computers. Change passwords from the default to something complex, including at point-of-sale terminals.

  • Partner with your bank for payment authentication. Talk to your banker about services that offer call backs, device authentication, multi-person approval processes, batch limits and other tools that help protect you from unauthorized transactions.
  • Pay attention to suspicious activity and react quickly. Put your employees on alert. Look out for strange network activity, do not open suspicious emails and never share account information. If you suspect a problem, disconnect the compromised computer from your network and contact your banker. Keep records of what happened.
  • Understand your responsibilities and liabilities. The account agreement with your financial institution will detail what commercially reasonable security measures are required in your business. It is critical that you understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover. Talk to your banker if you have any questions about your responsibilities.
IMPORTANT: If you are a customer of Mission Valley Bank and have already responded to a suspicious e-mail, and provided any personal or sensitive information, please contact us immediately at (818) 394-2300.