Security Threats & Fraud
Below are security issues and fraud attempts recorded by our Customer Information Center or reported by other financial institutions and government agencies. If you recognize the fraud and suspect you’ve been a victim, follow the instructions in the summary.
Equifax, one of the three major credit bureaus, experienced a massive data breach in May and June. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people.
If you have a credit file, it is safest to assume that your information was compromised. It’s recommended that you take steps to protect yourself and monitor your personal information:
- Monitor your credit reports. You can order a free copy of your credit report from all three of the major credit bureaus (TransUnion, Equifax, and Experian) at https://www.annualcreditreport.com. You are entitled to download one free report from each of the bureaus once per year. You may want to stagger your free downloads so you receive a free report from one of the bureaus every four months.
- Monitor your bank accounts. Monitor your financial accounts regularly for fraudulent transactions. Use online and mobile banking to keep a close eye on account activity. If you notice anything suspicious or unfamiliar, call us immediately at 888-828-1690.
- Consider a fraud alert or credit freeze. A fraud alert puts a red flag on your credit report, which signals to creditors that they should take additional security steps (such as contacting you by phone) before opening a new line of credit. Fraud alerts are free and last for 90 days, and can be renewed. A credit freeze, on the other hand, prevents creditors from accessing your credit information altogether, which would strongly discourage or prevent them from issuing a new line of credit in your name. Unlike a fraud alert, a credit freeze does not expire; it can only be lifted (or “thawed”) with a special PIN the bureau will assign you if/when you want to grant a potential creditor access to your credit file. Placing and lifting a freeze may cost a small fee at each bureau. To determine whether a fraud alert or credit freeze is right for you, consider your personal situation and credit needs. The merits of each approach are thoroughly covered by security expert Brian Krebs on his KrebsOnSecurity website. If you decide you want to put a freeze on your credit file, contact the credit bureaus:
Equifax: 800-349-9960 | Equifax Security Freeze Website
Experian: 888-397-3742 | Experian Security Freeze Center
TransUnion: 888-909-8872 | TransUnion State Security Freeze
- Consider enrolling in a credit monitoring/protection service. There are many providers that offer credit monitoring services. Equifax is offering one year of free credit monitoring and other services; you can sign up at https://www.equifaxsecurity2017.com/.
- Finally, watch out for scams related to the breach. Do not trust emails that appear to come from Equifax regarding the breach. Attackers are likely to take advantage of the situation and craft sophisticated phishing emails.
You can learn more about the breach by visiting the FTC’s web page on the Equifax breach, KrebsOnSecurity, or directly from Equifax. To learn more about how to protect yourself after a breach, visit the resources at IdentityTheft.gov.
The IRS recently issued a Summertime Scams press release that warned about several tax-related scams, including these:
- Electronic Federal Tax Payment System (EFTPS) Scam: The scammer poses as an IRS official and informs the taxpayer that they owe tax and face arrest unless immediate payment is made by loading a prepaid debit card linked to the EFTPS (but which the scammer actually owns).
- Robocalls: Taxpayers receive a prerecorded “robocall” threatening arrest unless an immediate call back is made to the IRS. Similar to the EFTPS scam above, the scammer informs them that tax is owed and payment must be made immediately by wire transfer or by loading a prepaid debit card (that the scammer actually owns).
- Private Debt Collection Scam: The scammer poses as a debt collector working with the IRS to recover a payment owed by the taxpayer. However, the few taxpayers who would be contacted by a legitimate, IRS-contracted collector have known about their debt for years.
- Limited English Proficiency Scams: Like the scams above, the scammer informs the taxpayer (often speaking in their native language) that they must make an immediate tax payment via prepaid debit card, gift card, or wire transfer, or else face deportation, police arrest and license revocation, among other things.
If you suspect you are talking to a scammer, hang up immediately. Do not give out any information. Report the call on the IRS Impersonation Scam Reporting web page (or call 800-366-4484) and on the FTC Complaint Assistant web page (use “IRS Telephone Scam” in the notes).
Remember, the IRS will never call and demand immediate payment via a specific payment method (such as a prepaid debit card, gift card or wire transfer). The IRS will not threaten to immediately arrest you for not paying, nor will they ask for credit or debit card numbers over the phone. Visit “How to know it’s really the IRS calling or knocking on your door” for more information.
Bank of Canton is advising customers to be watchful for a variety of dangerous scams that are perpetrated during tax season.
The IRS recently released its 2017 “Dirty Dozen” list of tax scams, and the top three are very well covered by Thomas J. Duffy, Chair of the Multi-State Information Sharing & Analysis Center™, in his piece, “Staying Safe from Tax Scams.”
To keep yourself safe during tax season (and beyond), Duffy’s key points include:
- File early! Falsely filed tax returns are best prevented by you filing before the would-be criminal. Try to file as soon as the last of your required filing forms is available.
- Avoid clicking links in emails appearing to be from government tax agencies, or financial providers. Instead, type the organization’s website into your browser’s address bar. If something seems suspicious, contact the organization using contact methods listed on their website; don’t use the contact methods contained in the email. And never reply to emails or texts asking for personal or financial information.
- Beware of calls/emails/texts from supposed tax preparers or officials who request personal or financial information from you, or inform you that you owe money that needs to be paid immediately by credit or debit card. Some may even request less common payment methods like wire transfers and gift cards.
If you suspect you’ve received a fraudulent email, forward it to [email protected]. Other forms of tax fraud activity can be reported on the IRS’s website. And as always, if you suspect you’ve been a victim of fraud or identity theft, visit www.identitytheft.gov immediately for step-by-step instructions on security measures you should take.
Some customers have recently reported unauthorized, out-of-state transactions taking place on their Bank of Canton debit cards. To protect our customers, we are currently blocking all ATM withdrawals in New York state.
If you are traveling to New York and may require ATM access there, please complete and return a Travel Maintenance Form to have this block lifted for your card(s).
We are also strongly encouraging all of our customers to review recent account activity for any suspicious transactions. Please report any transactions that you do not recognize at once.
The security of our customers’ information and accounts is our utmost concern. We apologize for the inconvenience this ATM block may cause, and we appreciate your understanding. You are welcome to contact us with any questions.
Business E-mail Compromise (BEC) is a sophisticated & growing scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. Between December 2015 and March 2016, the FBI tracked 44 fraudulent wire transfers resulting from BEC totaling $75,657,487. The largest attempted wire transfer was over $19.8 million.
The BEC scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized wire transfers. The majority of the fraudulent wire transfers are destined for banks in Mainland China and Hong Kong.
To protect themselves against BEC, businesses should:
- Scrutinize all e-mail requests for wire transfers to determine if the requests are out of the ordinary.
- Confirm wire transfer instructions with the requester (especially when the requester is out of the office) using an alternate, previously established communication avenue.
- Question any variations to typical business practices and wire transfer activity, such as a current business contact suddenly asking to be contacted via their personal e-mail address when all previous official correspondence has been through a company e-mail address.
- Require multiple approval authorities, and establish this procedure in such a way that would be difficult for fraudsters to discover.
Read more about this scam & how to protect your business on the FBI’s Internet Crime Complaint Center (IC3) website.
A scam that has been around for many years targeting credit and debit card customers at various financial institutions has recently been reported again by some Bank of Canton customers.
In this scam, a customer receives a fraudulent text message informing them that there is an issue with their credit or debit card. The message instructs them to call a phone number, which leads to an automated recording that prompts them to enter their card number, expiration date, PIN, and the card’s security code.
THIS IS A PHISHING ATTEMPT. Bank of Canton will never ask you to provide personal or account information in an unsolicited manner such as an automated text message. Furthermore, if you ever contact Bank of Canton about an issue with your debit or credit card, we will NEVER ask you for your PIN number or security code.
If you receive a similar text message, delete it without opening it. Do not provide any information about your accounts with Bank of Canton.
If you have recently received and responded to this kind of text message, please call 888.828.1690 during normal business hours or 800.236.2442 after normal business hours. The Customer Service Representative you speak with will be able to take appropriate steps to help protect your Bank of Canton card from potential fraudulent use.
It has come to our attention that some customers have received calls or an automated message informing them that their debit/credit card has been suspended.
Customers are being asked to provide the 16 digit card number and security code on the back of the card for verification.
THIS IS A PHISHING ATTEMPT. Bank of Canton will never ask you to provide personal or account information in an unsolicited manner such as an automated message. If you receive a similar message, please do not provide any information about your accounts with Bank of Canton.
If you have recently received and responded to an automated call, please call 888.828.1690 during normal business hours or 800.236.2442 after normal business hours. The Customer Service Representative you speak with will be able to take appropriate steps to help protect your Bank of Canton card from potential fraudulent use.