Keep Your Personal Information Safe
Banks, insurance agencies, retailers and credit card companies continue to be targeted with fraudulent phishing, spoofing, and scamming attacks. But you can reduce the chances of becoming a victim by remembering these tips.
Phishing attacks involve the mass distribution of spoofed e-mail messages with return addresses, links and branding which appear to come from a trusted organization. While we are unaware of any recent incidents involving Mission Valley Bank, or our clients—over the past few years, our customers (and those of other financial institutions) have reported receiving fraudulent e-mails that appear to be from our bank (and others).
Please be advised that use of our name and logo in these “phishing” schemes is done without our consent in an attempt to obtain sensitive, personal information. It’s important for our valued customers to know that Mission Valley Bank will NEVER send you an e-mail from firstname.lastname@example.org. This e-mail address is used only for incoming e-mails to the bank. Additionally, Mission Valley Bank will NEVER initiate a request for sensitive information such as your social security numbers, account numbers, or passwords from you via e-mail. To learn more about current online scams, visit the FTC website.
Reminder — Please remember to safeguard your personal information. Mission Valley Bank will never call or email you to verify your sensitive information or pass codes.
Federal Trade Commission Warns of Official-Sounding Calls about an Email Hack
May 5, 2016
April 2016 -- by Andrew Johnson Division of Consumer and Business Education, FTC
There’s a new twist on tech-support scams — you know, the one where crooks try to get access to your computer or sensitive information by offering to “fix” a computer problem that doesn’t actually exist. Lately, we’ve heard reports that people are getting calls from someone claiming to be from the Global Privacy Enforcement Network. Their claim? That your email account has been hacked and is sending fraudulent messages. They say they’ll have to take legal action against you, unless you let them fix the problem right away.
If you raise questions, the scammers turn up the pressure – but they’ve also given out phone numbers of actual Federal Trade Commission staff (who have been surprised to get calls). The scammers also have sent people to the actual website for the Global Privacy Enforcement Network. (It’s a real thing: it’s an organization that helps governments work together on cross-border privacy cooperation.)
Here are few things to remember if you get any kind of tech-support call, no matter who they say they are:
- Don’t give control of your computer to anyone who calls you offering to “fix” your computer.
- Never give out or confirm your financial or sensitive information to anyone who contacts you.
- Getting pressure to act immediately? That’s a sure sign of a scam. Hang up.
- If you have concerns, contact your security software company directly. Use contact information you know is right, not what the caller gives you.
Read on to learn more about tech-support scams and government imposter scams. And, if you spot a scam, tell the FTC.
IRS Alerts Payroll & HR Professionals to Phishing Scheme Involving W-2s
March 29, 2016
WASHINGTON — The Internal Revenue Service today issued an alert to payroll and human resources professionals to beware of an emerging phishing email scheme that purports to be from company executives and requests personal information on employees.
The IRS has learned this scheme — part of the surge in phishing emails seen this year — already has claimed several victims as payroll and human resources offices mistakenly email payroll data including Forms W-2 that contain Social Security numbers and other personally identifiable information to cybercriminals posing as company executives.
“This is a new twist on an old scheme using the cover of the tax season and W-2 filings to try tricking people into sharing personal data. Now the criminals are focusing their schemes on company payroll departments,” said IRS Commissioner John Koskinen. “If your CEO appears to be emailing you for a list of company employees, check it out before you respond. Everyone has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees.”
IRS Criminal Investigation already is reviewing several cases in which people have been tricked into sharing SSNs with what turned out to be cybercriminals. Criminals using personal information stolen elsewhere seek to monetize data, including by filing fraudulent tax returns for refunds.
This phishing variation is known as a “spoofing” email. It will contain, for example, the actual name of the company chief executive officer. In this variation, the “CEO” sends an email to a company payroll office employee and requests a list of employees and information including SSNs.
The following are some of the details contained in the e-mails:
- Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
- Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).
- I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.The emails are designed to trick taxpayers into thinking these are official communications from the IRS or others in the tax industry, including tax software companies. The phishing schemes can ask taxpayers about a wide range of topics. E-mails can seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information.
- The IRS, state tax agencies and tax industry are engaged in a public awareness campaign — Taxes. Security. Together. — to encourage everyone to do more to protect personal, financial and tax data. See IRS.gov/taxessecuritytogether or Publication 4524 for additional steps you can take to protect yourself.
- The IRS recently renewed a wider consumer alert for e-mail schemes after seeing an approximate 400 percent surge in phishing and malware incidents so far this tax season and other reports of scams targeting others in a wider tax community.
October 30, 2015
FDIC Consumer News — Money and Banking Tips for the Tax Season & Beyond
April 21, 2015
Guard against tax-related frauds. Examples include scam e-mails falsely claiming to come from the IRS. Many of these are intended to trick taxpayers into revealing Social Security numbers and other personal information that can be used by criminals to steal victims' identity and money, including tax refunds. Others involve phone callers saying the taxpayer owes money to the IRS that must be paid promptly by wire transfer (that actually goes to the crook) or by loading funds onto a prepaid debit card and then sharing the number. The scammer may try to intimidate a targeted victim who refuses to cooperate, such as by threatening arrest or suspension of a business or driver's license. For information from the IRS about tax frauds targeting consumers, visit www.irs.gov/uac/Tax-Scams-Consumer-Alerts.
New Scam – Done ‘Old School’
April 22, 2014
In a recent twist, scam artists are using the phone to try to break into your computer. They call, claiming to be computer techs associated with well-known companies like Microsoft. They say that they’ve detected viruses or other malware on your computer to trick you into giving them remote access or paying for software you don’t need.
These scammers take advantage of your reasonable concerns about viruses and other threats. They know that computer users have heard time and again that it’s important to install security software. But the purpose behind their elaborate scheme isn’t to protect your computer; it’s to make money.
FTC Warns Small Businesses: Don’t Open Email Falsely Claiming to be from Federal Trade Commission
March 3, 2014
The Federal Trade Commission is warning small businesses that an email with a subject line “NOTIFICATION OF CONSUMER COMPLAINT” is not from the FTC. The email falsely states that a complaint has been filed with the agency against their company. The FTC advises recipients not to click on any of the links or attachments with the email. Clicking on the links may install a virus or other spyware on the computer.
The FTC’s advice: Delete the email. For more information on malicious software (malware), visit www.OnGuardOnline.gov.
The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC's online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s website provides free information on a variety of consumer topics. Like the FTC on Facebook, follow us on Twitter, and subscribe to press releases for the latest FTC news and resources.
Tips for Small Businesses to Combat Fraud
September 25, 2013
Cybercriminals are targeting small businesses with increasingly sophisticated attacks. Criminals use spoofed emails, malicious software and online social networks to obtain login credentials to businesses’ accounts, transfer funds and / or steal private information, a fraud referred to as “corporate account takeover.”
Combating account takeover is a shared responsibility between businesses and financial institutions. Bankers can explain the safeguards small businesses need and the numerous programs available that help ensure fund transfers, payroll requests and withdrawals are legitimate and accurate. Companies should train employees about safe internet use and the warning signs of this fraud, because they are the first line of defense.
As part of National Cyber Security Awareness Month coming in October, Mission Valley Bank offers small businesses these tips to help prevent account takeover: Protect your online environment. It is important to protect your cyber environment just as you would your physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated anti-virus and anti-spyware protection on your computers. Change passwords from the default to something complex, including at point-of-sale terminals.
- Partner with your bank for payment authentication. Talk to your banker about services that offer call backs, device authentication, multi-person approval processes, batch limits and other tools that help protect you from unauthorized transactions.
- Pay attention to suspicious activity and react quickly. Put your employees on alert. Look out for strange network activity, do not open suspicious emails and never share account information. If you suspect a problem, disconnect the compromised computer from your network and contact your banker. Keep records of what happened.
- Understand your responsibilities and liabilities. The account agreement with your financial institution will detail what commercially reasonable security measures are required in your business. It is critical that you understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover. Talk to your banker if you have any questions about your responsibilities.
IMPORTANT: If you are a customer of Mission Valley Bank and have already responded to a suspicious e-mail, and provided any personal or sensitive information, please contact us immediately at (818) 394-2300.