Safety & Fraud Prevention
5 Ways to Add Muscle to Email Security
These tips from Cybersecurity and Infrastructure Security Agency (CISA) can help you build stronger email security and reduce email spam and scams.
- Be wary of unsolicited attachments, even from people you know. Just because an email message looks like it came from someone you know does not mean that it did. Many viruses can “spoof” the return address, making it look like the message came from someone else. If you can, check with the person who supposedly sent the message to make sure it’s legitimate before opening any attachments. This includes email messages that appear to be from your Internet service provider (ISP) or software vendor and claim to include patches or anti-virus software. ISPs and software vendors do not send patches or software in email.
- Keep software up to date. Install software patches so that attackers can’t take advantage of known problems or vulnerabilities . Many operating systems offer automatic updates. If this option is available, you should enable it. (See Understanding Patches and Software Updates for more information)
- Trust your instincts. If an email or email attachment seems suspicious, don’t open it, even if your anti-virus software indicates that the message is clean. Attackers are constantly releasing new viruses, and the anti-virus software might not have the signature. At the very least, contact the person who supposedly sent the message to make sure it’s legitimate before you open the attachment. However, especially in the case of forwards, even messages sent by a legitimate sender might contain a virus. If something about the email or the attachment makes you uncomfortable, there may be a good reason. Don’t let your curiosity put your computer at risk.
- Save and scan any attachments before opening them. If you have to open an attachment before you can verify the source, take the following steps:
- Be sure the signatures in your anti-virus software are up to date.
- Save the file to your computer or a disk.
- Manually scan the file using your anti-virus software.
- If the file is clean and doesn’t seem suspicious, go ahead and open it.
- Turn off the option to automatically download attachments. To simplify the process of reading email, many email programs offer the feature to automatically download attachments. Check your settings to see if your software offers the option, and make sure to disable it.
Additional tips and other resources are available at: Using Caution with Email Attachments | CISA
Don’t Let a Scam Artist Do a (PIN) Number on You.
Here are tips to prevent Personal Identification Number Scams
Taking a few simple steps can help keep scam artists from using your ATM, phone or other login PINs (Personal Identification Numbers) and accessing your money or other personal information. Remember to NEVER write a PIN down where others may see it (on the card, on a paper kept in your wallet, or on a paper in general) and try to make the numbers easy for you to remember and difficult for others to guess. Avoid variations on your (or a family member’s) birthdate, sequential numbers, any part of your social security number, address, or phone number.
Other tips include:
- Stand between the ATM keypad and the person around you so that they don’t see you in-putting your PIN.
- Guard your PIN as you enter it in the machine.
- If the ATM does not appear to be working correctly, contact bank staff. Don’t let a stranger assist you.
- Do not give your ATM PIN to someone else to run a quick errand for you. You give out your ATM PIN, you’ve just given access to your bank account.
- Do not leave your ATM card unattended.
- Use an ATM with adequate lighting.
- Never give out your PIN over the phone.
- Use the Word Method for PIN selection. Convert the digits of a word to the keys on the telephone. For example, if your word is DOGS, the equivalent from the keypad on your phone would be 3647.
Report Identity Theft to the Federal Trade Commission (FTC) online at IdentityTheft.gov or by phone at 1-877-438-4338
File Away These Tips to Avoid Fraud During Tax Season
- File Early: File your tax return as soon as you’re able giving criminals less time to use your information to file a false return.
- File on a Protected Wi-Fi Network: If you’re using an online service to file your return, be sure you’re connected to a password-protected personal network. Avoid using public networks like a Wi-Fi hotspot at a coffee shop.
- Use a Secure Mailbox: If you’re filing by mail, drop your tax return at the post office or an official postal box instead of your mailbox at home. Some criminals look for completed tax return forms in home mailboxes during tax season.
- Find a Tax Preparer You Trust: If you’re planning to hire someone to do your taxes, get recommendations and research a tax preparer thoroughly before handing over all of your financial information.
- Shred What You Don’t Need: Once you’ve completed your tax return, shred the sensitive documents that you no longer need and safely file away the ones you do.
- Phishing: Taxpayers need to be on guard against fake emails or websites looking to steal personal information. The IRS will never initiate contact with taxpayers via email about a bill or refund. Don’t click on one claiming to be from the IRS. Be wary of emails and websites that may be nothing more than scams to steal personal information.
- Phone Scams: Phone calls, emails, or text messages from criminals impersonating IRS agents remain an ongoing threat to taxpayers. The IRS has seen a surge of these phone scams in recent years as con artists threaten taxpayers with police arrest, deportation and license revocation, among other things.
- Identity Theft: Taxpayers need to watch out for identity theft especially around tax time. The IRS continues to aggressively pursue the criminals that file fraudulent returns using someone else’s Social Security number.
- Fake Charities: Be on guard against groups masquerading as charitable organizations to attract donations from unsuspecting contributors. Be wary of charities with names similar to familiar or nationally known organizations. Contributors should take a few extra minutes to ensure their hard-earned money goes to legitimate and currently eligible charities. IRS.gov has the tools taxpayers need to check out the status of charitable organizations.
- Inflated Refund Claims: Taxpayers should be on the lookout for anyone promising inflated refunds. Be wary of anyone who asks taxpayers to sign a blank return, promises a big refund before looking at their records or charges fees based on a percentage of the refund.
The DOs & DON’Ts of Safe Online Use
These tips from www.usa.gov can help you keep your computer and personal information safe when going online:
- Learn how to spot common scams and fraud. Learn the warning signs of internet fraud, phishing, and other online scams.
- Keep your computer software updated. Download the latest versions of your operating system, web browsers, and apps.
- Talk to your kids about being safe and responsible online. Find out how you can protect your kids online by teaching them about the risks.
- Don’t share your passwords or sensitive information with anyone you don’t trust. It’s also important to learn how to keep your laptop safe from identity theft when you’re in public.
- Don’t use the same passwords for multiple accounts. Try to make your passwords unpredictable and avoid using names, dates, or common words.
- Don’t give out personal information over unencrypted websites. Only trust encrypted sites that begin with “https” (the “s” means they’re secure). They convert your information into a code that prevents exposure to potential scammers
Tips to Prevent ID Theft
IDENTITY THEFT happens when someone uses your personal information (name, Social Security number, credit card number, etc.) without your permission to commit fraud or other crimes. This is a serious crime that can have devastating consequences as some victims must spend hundreds of dollars and many hours repairing their good name and credit record.
Bank of Labor will do whatever it takes to keep your online identity safe. The following are some helpful tips that will assist you in preventing identity theft.
Beware of Phishing
Phishing is a scam where online criminals try to lure personal information such as credit card numbers or bank account information from unsuspecting victims. Be aware of spoofed email or websites that look like they come from your bank or another trusted source in an attempt to deceive you.
Bank of Labor will NEVER request personal information by email or text message including account numbers, passwords, personal identification information or any other confidential customer information. Fraudulent emails may be designed to appear as though they are originated by Bank of Labor. Do not respond to any email request asking for personal or confidential information and do not click any links listed on that e-mail. These communications are not from Bank of Labor! Never give out any information that the Bank already has if you are contacted by phone, text message, or email.
If you contact us we may verify your information to confirm your identity but we will never contact you and ask for your debit/credit card number. If we need to contact you, it will always be done in a manner that protects your personal, confidential information and we will clearly identify ourselves. If you are unsure, contact us directly using our contact information on your card, statement or our website.
Protect Yourself Online
- Install anti-malware software including virus and spyware protection and be sure to keep it up to date.
- Ensure your mobile device and computer are updated with the latest software patches for your installed programs and Operating System.
- Be sure and use a firewall when browsing. Firewalls help prevent unauthorized internet users from accessing private networks.
- Never click on links in unsolicited emails.
- Don’t surf to pages you are unsure of.
- For additional information on what you can do to protect yourself online, go to www.onguardonline.gov.
Check Your Credit Report
Make a habit of checking your credit report. You can get a free copy of your credit report from the big three reporting agencies each year. Visit www.annualcreditreport.com to learn more.
Practice ATM Safety
As with all financial transactions, please exercise discretion when using an automated teller machine (ATM) or night deposit facility. For your own safety, be careful. The following suggestions may be helpful.
- Prepare for your transactions in advance (for instance, by filling out a deposit slip) to minimize your time at the ATM or night deposit facility.
- Mark each transaction in your account record, but not while at the ATM or night deposit facility. Always save your ATM receipts. Don’t leave them at the ATM or night deposit facility because they may contain important account information.
- Compare your records with the account statements you receive.
- Don’t lend your ATM card to anyone.
- Remember; do not leave your card at the ATM. Do not leave any documents at a night deposit facility.
- Protect the secrecy of your Personal Identification Number (PIN). Protect your ATM card as though it were cash. Don’t tell anyone your PIN. Don’t give anyone information regarding your ATM card or PIN over the telephone. Never enter your PIN in any ATM that does not look genuine, has been modified, has a suspicious device attached, or is operating in a suspicious manner. Don’t write your PIN where it can be discovered. For example, don’t keep a note of your PIN in your wallet or purse.
- Prevent others from seeing you enter your PIN by using your body to shield their view.
- If you lose your ATM card or if it is stolen, promptly notify us. You should consult the other disclosures you have received about electronic fund transfers for additional information about what to do if your card is lost or stolen.
- When you make a transaction, be aware of your surroundings. Look out for suspicious activity near the ATM or night deposit facility, particularly if it is after sunset. At night, be sure to use a facility (including the parking area and walkways) that is well lit. Consider having someone accompany you when you use the facility, especially after sunset. If you observe any problem, go to another ATM or night deposit facility.
- Don’t accept assistance from anyone you don’t know when using an ATM or night deposit facility.
- If you notice anything suspicious or if any other problem arises after you have begun an ATM transaction, you may want to cancel the transaction, pocket your card and leave. You might consider using another ATM or coming back later.
- Don’t display your cash; pocket it as soon as the ATM transaction is completed and count the cash later when you are in the safety of your own car, home or other secure surrounding.
- At a drive-up facility, make sure all the car doors are locked and all of the windows are rolled up, except the driver’s window. Keep the engine running and remain alert to your surroundings.
- We want the ATM and night deposit facility to be safe and convenient for you. Therefore, please tell us if you know of any problem with a facility. For instance, let us know if a light is not working or there is any damage to a facility. Please report any suspicious activity or crimes to both the operator of the facility and the local law enforcement officials immediately.
Call (913) 321-4242 if you notice suspicious account activity or experience customer information security-related events.
For tips to protect your data privacy, visit: https://us-cert.cisa.gov/ncas/tips/ST04-013
COVID-19: Plan for scams to continue throughout the pandemic
As of June 25th, 2020, the Federal Trade Commission (FTC), had logged nearly 111,000 consumer complaints related to COVID-19 and stimulus payments, two-thirds of them involving fraud or identity theft.
Victims have reported losing $72.2 million, with a median loss of $281.
Here are some types of coronavirus scams to continue to watch out for while the pandemic continues:
In-demand products and/or bogus cures
To date, no vaccines or drugs have been approved specifically to treat or prevent COVID-19, the disease caused by the novel coronavirus. Beware of messages stating otherwise.
Also beware of those selling or offering in-demand supplies such as surgical masks, test kits and household cleaners, often in robocalls, texts or social media ads.
Beware of calls or emails, purportedly from government agencies, that use the term “stimulus” (the official term is “economic-impact payment”) and ask you to sign over a check or provide personal information like your Social Security number.
If you own a small business, beware of promises of quick capital. With unemployment and economic anxiety rising, crooks have been seen impersonating banks and lenders to offer fake help with bills, credit card debt.
Beware of fraudsters touting investments in companies with products that supposedly can prevent, detect or cure COVID-19. Do your research. This type of fraud involves con artists that have already bought the stocks in order to inflate the price. Then, they dump the stock, saddling legitimate investors with big losses.
Beware of emails or texts supposedly from contact tracers warning you that you’ve been exposed to someone with COVID-19. These messages include a link that, if clicked, downloads malware to your device. (Messages from actual contact tracers working for public health agencies will not include a link, or ask you for money or personal data.)
Make sure you visit genuine health authorities’ websites. Scammers have been found running fake CDC and WHO websites. A good place to start is your State or County Health Department. https://www.usa.gov/state-health ; https://www.usa.gov/local-governments
The official CDC Website: https://www.cdc.gov/
The official WHO website: https://www.who.int/
EMPOWERING THE LATINO COMMUNITY TO AVOID AND REPORT SCAMS
by Alvaro Puig
Consumer Education Specialist, FTC
Every year, Hispanic Heritage Month gives us a chance to reflect on the great contributions Latinos have made to society. To keep those contributions coming, it’s important to continue to do everything possible to protect Latinos from fraud.
So let us take this opportunity to tell you about the resources we have for you — and tell you how to get them for free.
FBI ALERT: Be On The Lookout for Mobile App Fraud
(Source: FBI, https://www.fbi.gov/scams-and-safety )
The FBI anticipates an increase in mobile app fraud, as Americans are increasingly using their mobile devices to conduct banking activities such as cashing checks and transferring funds.
Studies of US financial data indicate a 50 percent surge in mobile banking since the beginning of 2020. With city, state, and local governments urging or mandating social distancing, Americans have become more willing to use mobile banking as an alternative to physically visiting branch locations. The FBI expects cyber actors to attempt to exploit new mobile banking customers using a variety of techniques, including app-based banking trojans and fake banking apps.
App-Based Banking ‘Trojans’
The FBI recommends caution when downloading apps on smartphones and tablets, as some could be concealing malicious intent. Scammers target banking information using banking ‘trojans’, which are malicious programs that disguise themselves as other apps, such as games or tools. Once the user enters their credentials into the false login page, the trojan passes the user to the real banking app login page so they do not realize they have been compromised.
Fake Banking Apps
Scammers also create fraudulent apps designed to impersonate the real apps of major financial institutions, with the intent of tricking users into entering their login credentials. These apps provide an error message after the attempted login and will use smartphone permission requests to obtain and bypass security codes texted to users. In 2018, nearly 65,000 fake apps were detected on major app stores, making this one of the fastest growing sectors of smartphone-based fraud.
TIPS TO AVOID MOBILE APP FRAUD
Obtain Apps from Trusted Sources
The FBI recommends only obtaining smartphone apps from trusted sources like official app stores or directly from bank websites.
Use Two-Factor Authentication
Since 2016, surveys of application and website users have identified that a majority of users do not enable two-factor authentication — a second layer of security — when prompted. Security experts identify two-factor authentication as a highly effective tool to secure accounts against compromise, and enabling any form of two-factor authentication will be to the user’s advantage
- Do enable two-factor or multi-factor authentication — via biometrics, hardware tokens, or authentication apps — on devices and accounts to protect them from malicious compromise, whenever possible.
- Do monitor where your Personal Identifiable Information (PII) is stored and only share the most necessary information with financial institutions.
- Don’t click links in e-mails or text messages; ensure these messages come from the financial institution by checking email credentials and calling the bank. Many criminals use legitimate-looking messages to trick users into giving up login details.
- Don’t give two-factor passcodes to anyone over the phone, email or via text. Financial institutions will not ask you for these codes over the phone.
Use Strong Passwords and Good Password Security
Cyber actors regularly exploit users who reuse passwords or use common or insecure passwords. The National Institute of Standards and Technology’s most recent guidance encourages users to make passwords or passphrases that are 15 characters or longer.
- Do use passwords that contain upper case letters, lower case letters, and symbols and a minimum of eight characters.
- Do create unique passwords for banking apps.
- Do consider using a password manager or password management service.
- Don’t use common passwords or phrases (EX: “Password1!” or “123456”) or reuse the same passwords for multiple accounts.
- Don’t store passwords in written form or in an insecure phone app like a notepad.
- Don’t give your password to anyone. Financial institutions will not ask you for this information over the phone or text message.
If a Banking App Appears Suspicious, Call the Bank
If you encounter an app that appears suspicious, exercise caution and contact that financial institution. Major financial institutions will never ask for your login username and password over the phone. If the phone call seems suspicious, hang up and call the bank back at the customer service number posted on their website.
Need to reach us? Please contact us at the number below and our team will gladly assist you. If you would like to open an account or speak to a personal banker visit us at any of our locations located in the Greater Kansas City Metro Area.