Don’t Let Scammers Scrooge Your Holiday

Tuesday, October 10 at 01:00 PM
Category: Personal Finance
Shoppers looking for a good deal this holiday season should also be aware of increasingly aggressive and creative scams designed by criminals to steal money and personal information. According to the FBI’s Internet Crime Complaint Center (IC3) 2016 Internet Crime Report, the IC3 received a total of 298,728 complaints with reported losses in excess of $1.3 billion in 2016.  This past year, the top three crime types reported by victims were non-payment and non-delivery, personal data breaches, and payment scams. The FBI wants shoppers to be extra vigilant of the following schemes and red flags.
 
Online Shopping Scams: If a deal looks too good to be true, it probably is. Steer clear of unfamiliar sites offering unrealistic discounts on brand name merchandise or gift cards as an incentive to purchase a product, as you may end up paying for an item, giving away personal information, and receive nothing in return except a compromised identity. In addition, do not open any unsolicited e-mails or click on the links provided. Before shopping online, secure all bank and credit accounts with strong and different passwords. The same should be done for airline and rewards accounts, because the emergence of these offerings has led to an increase in the demand for and resale value of stolen information.
 
Social Media Scams: Beware of posts on social media sites that appear to offer vouchers or gift cards, even if it appears the offer was shared by an online friend. Some may pose as holiday promotions or contests that lead to participation in an online survey designed to steal personal information. In addition, do not post photos of event tickets on social media sites as fraudsters can use the barcode to recreate tickets for resale.
 
Craigslist Scams: Websites like Craigslist or eBay are especially popular during the holiday season, as people look for bargains or sell unneeded items for cash. Take steps to protect yourself by recognizing scams. Most scams attempts involve one or more of the following (source: https://www.craigslist.org/about/scams*):
  • Email or text from someone that is not local to your area.
  • Vague initial inquiry, e.g. asking about "the item." Poor grammar/spelling.
  • Western Union, Money Gram, cashier check, money order, Paypal, shipping, escrow service, or a "guarantee."
  • Inability or refusal to meet face-to-face to complete the transaction.
  • Requests for personal financial info (bank account, social security, Paypal account, etc.).
Smartphone App Scams: Some apps, often disguised as games and offered for free, may be designed to steal personal information from your device. Before downloading an app from an unknown source, look for third-party reviews and be mindful that alternative app marketplaces can potentially include stolen content and compromised versions of otherwise trustworthy applications.

Work-From-Home Scams: Beware of postings offering work that can be done from the comfort of home, as these opportunities may have unscrupulous motivations behind them. Take caution when money is required up front for instructions or products, or when a job post claims “no experience necessary.” Carefully research individuals or companies before providing them with personal information and never provide personal information when first interacting with a potential employer.
 
Additional steps to avoid becoming a victim of fraud:
  • Check bank and credit card statements routinely, including immediately after making an online purchase and weeks following the holiday season.
  • Only purchase merchandise from a reputable source.
  • Don’t trust a website to be secure just because it claims to be.
  • Do not respond to spam e-mails or click on links contained within them.
  • Avoid filling out forms contained in e-mails that ask for personal information.
  • Be cautious of all e-mail attachments and scan them for viruses before opening.
  • Verify requests for personal information from businesses or financial institutions by contacting them using the main contact information on their official website.
  • Be cautious when dealing with individuals outside of your own country.
How to report fraud: Consumers who suspect they’ve been victimized should immediately contact their financial institution and then law enforcement. Arvest customers with concerns about their accounts can report fraud by emailing reportfraud@arvest.com.
 
They are also encouraged to file a complaint with the FBI’s Internet Crime Complaint Center (www.ic3.gov*) regardless of dollar amount lost, and provide all relevant information regarding the complaint.
 
Links marked with * go to a third-party site not operated or endorsed by Arvest Bank, an FDIC-insured institution.
 
 

 

Tags: Consumer Protection, Financial Education, Privacy and Security, Technology
 

What is Financial Malware and How to Protect Yourself

Tuesday, July 18 at 11:00 AM
Category: Personal Finance

What is Financial Malware?

Everywhere you turn today you seem to be bombarded with news coverage concerning the urgency of combating cybercrime, bad actors and hackers. There are many variations of malicious software, or “malware,” but financial malware, as its name implies is written specifically to commit financial fraud.

Cybercriminals use a variety of methods to infect their victims with malware including sending them email messages containing infected attachments or links to infected websites.

Once the victim is infected, the malware monitors the victim’s activity and may steal online banking credentials and other personal information using keystroke logging or screen shots images. 

In some cases, hackers may use the victim’s own web browser to collect sensitive information (e.g., the victim's PIN) by adding extra fields to legitimate online forms or by changing website wording and messaging, or by triggering legitimate-looking pop-up forms in real-time.

Financial malware may redirect the victim to a fake website designed to mimic a legitimate bank website. As the victim enters their credentials, the malware then redirects them into the legitimate site, potentially triggering a SMS or other second-factor authentication code that the Trojan can then capture via the fake website.

How to Protect Yourself
 
Most threats still need user interaction to infect a potential victim’s system. For this reason, becoming aware of these threats and diligently taking extra precautions can significantly reduce the risk of becoming a victim of cybercrime.  
 
  • Keep your operating system, web browser and other software up to date.
     
  • Make sure your computer has both an anti-spyware protection program that detects and removes spyware and an anti-virus program. Keep both programs updated. Scan your computer for viruses and spyware on a regular basis.
     
  • Be very protective of your personal account information. There are criminals who try to trick you by creating sites that look similar to real sites. The best way to know who you are dealing with is to type the address in your browser address bar; don’t click on a link that’s provided to you via email.
     
  • Do not open attachments in email messages if you do not know the sender or weren’t expecting the message. Attachments can contain viruses and spyware.
     
  • Avoid logging into password protected websites, such as online banking or email services from public computers. Instead, use trusted or secured networks.
     
  • Avoid downloading apps to your mobile phone from unofficial stores and pay attention to the permissions requested by apps before their installation.
     
  • Always sign off from sessions and close your browser after using password protected websites. 
     
  • Avoid using unencrypted email to conduct financial transactions or send sensitive information.
     
  • If you suspect your computer may be infected or that your online banking credentials may have been compromised, contact your bank and change your password from a different trusted computer. Contact a computer security professional for assistance in removing malicious software.
     
  • Regularly review your bank account activity and immediately notify your bank if you notice suspicious transactions in your account.
Tags: Consumer Protection, Financial Education, Privacy and Security, Technology
 

Helpful Tips to Protect Your Business from ID Theft and Fraud

Wednesday, May 10 at 06:10 AM
Category: Business Banking
With an increasing number of businesses operating online in addition to traditional means, it is critical that both consumers and business owners know how to help protect themselves from identity theft and fraud. Fraud not only can ruin the shopping experience, but have disastrous and long-lasting effects for a business. Even if your company doesn’t conduct retail business online, it is important to protect your private business information and data. 
 
  • Limit what you carry. When you go out, take only the identification, and business credit or debit cards you need.
  • Lock your financial documents and records in a safe place, such as a safe or locked file cabinet that only you have access to. 
  • Before you share information with vendors, ask why they need it, how they will safeguard it, and the consequences of not sharing.
  • Protect your company documents. Shred receipts, credit applications and offers, insurance forms, checks, bank statements, expired charge cards, and similar documents when you don’t need them any longer.
  • Install anti-virus software, anti-spyware software, and a firewall on all company computers. Set your preference to update these protections often.
  • Don’t open files, click on links, or download programs sent by strangers. Opening a file from someone you don’t know could expose your system to a computer virus or spyware that captures your passwords or other information you type.
  • Before you send your business information via your laptop or smartphone over a public wireless network in a public place, see if your information will be protected. If you use an encrypted website, it protects only the information you send to and from that site. If you use a secure wireless network, all the information you send on that network is protected.
  • Keep financial information on your laptop only when necessary. Don’t use an automatic login feature that saves your user name and password, and always log off when you’re finished.
For more extensive information on privacy and identity protection, visit www.ftc.gov* and look for the ‘Tips & Advice’ tab. If you’re interested in fraud prevention services for your business that includes theft-resolution and account monitoring services, Arvest offers ACH Fraud Block and ChecXchange® with some of its business services. To learn more, visit www.arvest.com and select Fraud Prevention under the ‘Business’ tab. 
 
Links marked with * go to a third-party site not operated or endorsed by Arvest Bank, an FDIC-insured institution.  

Tags: Arvest Biz, Business Banking, Privacy and Security
 

Tech Support Scams

Monday, April 17 at 09:35 AM
Category: Personal Finance

In a recent twist, scam artists are using the phone to try to break into your computer. They call claiming to be computer techs associated with well-known companies like Microsoft. They say that they’ve detected viruses or other malware on your computer to trick you into giving them remote access or paying for software you don’t need. But the purpose behind their elaborate scheme isn’t to protect your computer – it’s to steal your identity or/and to make money.

How Tech Support Scams Work
Scammers have been peddling bogus security software for years. They set up fake websites, offer free “security” scans*, and send alarming messages to try to convince you your computer is infected. Then, they try to sell you software to fix the problem. At best, the software is worthless or available elsewhere for free. At worst, it could be malware — software designed to give criminals access to your computer and your personal information.
 
The latest version of the scam begins with a phone call. Scammers can get your name and other basic information from public directories. They often try to gain your trust by pretending to be associated with well-known companies or confusing you with a barrage of technical terms. They may ask you to go to your computer and perform a series of complex tasks. Sometimes, they target legitimate computer files and claim they are viruses. Their tactics are designed to scare you into believing they can help fix your “problem.”
 
Once they’ve gained your trust, they may:
  • Ask you to give them remote access to your computer and then make changes to your settings that could leave your computer vulnerable.
  • Try to enroll you in a worthless computer maintenance or warranty program.
  • Ask for credit card information so they can bill you for phony services — or services you could get elsewhere for free.
  • Trick you into installing malware that could steal sensitive data, like user names and passwords.
  • Direct you to websites and ask you to enter your credit card number and other personal information.
Regardless of the tactics they use, their purpose is to steal your identity or/and to make money.

If You Get a Call
If you get a call from someone who claims to be a tech support person, hang up and call the company yourself on a phone number you know to be genuine. A caller who creates a sense of urgency or uses high-pressure tactics is probably a scam artist.
 
Keep these other tips in mind:
  • Don’t give control of your computer to a third party who calls you out of the blue.
  • Do not rely on caller ID alone to authenticate a caller. Criminals spoof caller ID numbers. 
  • If you want tech support, look for a company’s contact information on their software package or on your receipt.
  • Never provide your credit card or financial information to someone who calls and claims to be from tech support.
  • If a caller pressures you to buy a computer security product or says there is a subscription fee associated with the call, hang up. If you’re concerned about your computer, call your security software company directly and ask for help.
  • Never give your password on the phone. No legitimate organization calls you and asks for your password.
  • Put your phone number on the National Do Not Call Registry*, and then report illegal sales calls*.
If You’ve Responded to a Scam
If you think you might have downloaded malware from a scam site or allowed a cybercriminal to access your computer, don’t panic. Instead:
  • Get rid of malware*. Update or download legitimate security software and scan your computer. Delete anything it identifies as a problem. 
  • Change any passwords you gave out. If you use these passwords for other accounts, change those accounts, too.
  • If you paid for bogus services with a credit card, call your credit card provider and ask if they can reverse the charges. Check your statements for any other charges you didn’t make, and ask to reverse those, too.
  • If you believe someone may have accessed your personal or financial information, visit the FTC’s identity theft website*. You can minimize your risk of further damage and repair any problems already in place.
  • File a complaint with the FTC at ftc.gov/complaint*.
How to Spot a Refund Scam
If you paid for tech support services, and you later get a call about a refund, don’t give out any personal information. The call is almost certainly another trick to take your money.
 
The refund scam* works like this: Several months after the purchase, someone might call to ask if you were happy with the service. When you say you weren’t, the scammer offers a refund. Or, the caller may say the company is going out of business and providing refunds for “warranties” and other services.
 
In either case, the scammers eventually ask for a bank or credit card account number. Or they ask you to create a Western Union account. They might even ask for remote access to your computer to help you fill out the necessary forms. But instead of putting money in your account, the scammers withdraw money from your account. If you get a call like this, hang up, and report it at ftc.gov/complaint*.

Conclusion
You don’t need to be a victim of a tech support scam. Learn how these scams work, so you can detect them for what they are and protect yourself.

Information courtesy of Federal Trade Commission Consumer Information.

Links marked with * go to a third-party site not operated or endorsed by Arvest Bank, an FDIC-insured institution.  

Tags: Consumer Protection, Financial Education, Fraud Alert, Privacy and Security, Technology
 

Fraud Targets Small Businesses: Don't Be a Victim

Wednesday, February 08 at 05:25 AM
Category: Business Banking

While large firms may have sophisticated technology and staff dedicated to thwarting crime, many small businesses don't — and scammers know this. Here are ways to protect yourself:

Be on guard against inside jobs. This includes employee theft or misuse of cash, merchandise or equipment as well as fraud. "Minimize risks through steps such as pre-employment background checks, automated inventory tracking systems, audits, and clearly outlined policies for personal use of computers and other business equipment," said Luke W. Reynolds, chief of the FDIC's Outreach and Program Development Section. "Also, carefully select who handles revenue from customers, pays the bills and reviews account statements. And, ensure that there are procedures in place to detect and deter fraud."

Watch out for fraudulent transactions and bills. Scams can range from consumer payments with a worthless check or a fake credit or debit card to fraudulent returns of merchandise. Be sure you have insurance to protect against risks. Also ignore offers to buy lists of federal grant programs. To learn more about protecting your business, consult your local Small Business Administration District Office*. 
 
Electronic fraud by third parties can be very costly to businesses, so take them seriously. The FDIC has seen an increase in reports of unauthorized electronic transfers made from bank accounts held by small businesses. 
 
"The most common and dangerous scam for small businesses is account takeover," said Michael Benardo, chief of the FDIC's Cyber-Fraud and Financial Crimes Section. "By sending fake emails and using fake websites to deliver malicious software, such as keystroke loggers, fraudsters may be able to obtain the IDs and passwords for online bank accounts and then make withdrawals from accounts."
 
According to federal law enforcement, businesses are increasingly targeted by business email compromise (“BEC”) fraud where perpetrators, posing as business executives or vendor partners, use compromised or spoofed email accounts to request fraudulent wire transfers or make changes in payment instructions for invoices. Federal agencies recommend separately confirming such communications and not relying solely on email to conduct financial transactions.
 
Because businesses are generally not covered by federal consumer protections against unauthorized electronic fund transfers, a bank likely will not be responsible for reimbursing losses associated with the theft from the account if it says that negligence on the part of the business, such as falling for a common scam, was a factor.
 
Also equip your computers with up-to-date anti-virus software and firewalls (to block unwanted access). Make backup copies of critical business data on every computer. Also monitor account balances regularly, perhaps daily, to look for suspicious or unauthorized activity.
 
And, don't click on links in or attachments to an unsolicited email that asks for confidential information, even if it appears to be from a company you do business with or the government. Legitimate organizations won't request that kind of information in an email. When in doubt, go to another source to find the organization's contact information so you can independently confirm the validity of the request.
 
Be proactive about protecting your small business from ill-intentioned people by learning what scams they use and how to not fall victim to those tactics. 

Links marked with * go to a third-party site not operated or endorsed by Arvest Bank, an FDIC-insured institution. 

Tags: Arvest Biz, Business Banking, Fraud Alert, Privacy and Security

Choose one or more categories to subscribe to:

Cancel