Card cracking happens when a fraudster reaches out to a bank customer promising quick cash. The customer provides account credentials to the scammer, who then deposits a fake check in the customer’s account. The fraudster then makes and immediate ATM withdrawal, sharing some of the funds with the customer. Meanwhile, the customer is instructed to report the card or credentials lost or stolen so that the bank will reimburse the stolen money–making the customer a criminal accomplice. Avoid online solicitations for easy money, never share an account number or PIN, never file a false fraud claim with a bank and report suspicious social media posts connected to scams.

Fraud Alert: Consumers Beware and Watch Out for New Phishing Scams

There has been quite a bit of recent media attention about data breaches and card security in general, we want to remind you to be vigilant about protecting your credit and debit card data and beware of phishing scams that can become more prevalent after a widely-publicized incident. As always, it is important to remember that MasterCard does not directly contact cardholders to request personal credit or debit card account information.

You’ve probably heard the term “phishing” but you may not be sure how to identify if you’ve been targeted and what to do if you think you may have been affected. In order to help you become savvier about phishing scams, here are some quick tips and resources to help you avoid getting pulled into their scam:

• Be skeptical of any unsolicited phone call, email, text message or social media request from an individual claiming to be a MasterCard representative, and importantly DO NOT RESPOND. Instead report the fraudulent inquiry to the bank that issued your credit or debit card, or the U.S. Federal Trade Commission at http://www.ftc.gov/bcp/edu/microsites/idtheft/.
• Do not double click on any attachment including PDFs sent by an unknown or un-validated source no matter how harmless or familiar the title appears.
• Invest in up-to-date antivirus, anti-spam, and firewall software for your home computer. If shopping on-line consider registering with MasterCard SecureCode for enhanced security.
• To review a list of various phishing scams and hoaxes, visit http://www.ic3.gov/crimeschemes.aspx.
• The approaches criminals use to mask their phishing scams are ever-evolving and changing, so be aware and don’t hesitate to report any activity you are suspicious about.

Many scammers use the Internet to promote fraud through uninvited email, commonly known as “spam”. These scams include pyramid schemes, investment opportunities, “Risk Free” opportunities, phishing (Identity theft) and many others. New scams come out every day. Anyone who uses a computer and connects to the Internet needs to be familiar with spam and other types of Internet fraud and take measures to protect themselves and their computers against these types of attack.

Phishing – According to Webster’s is “the practice of luring unsuspecting Internet users to a fake Web site by using authentic-looking email with the real organization’s logo, in an attempt to steal passwords, financial or personal information, or introduce a virus attack”.

Vishing – In this scenario an attempt to persuade consumers either by email, text message, or a telephone call, purportedly from their credit card/debit card company or bank, to divulge their Personally Identifiable Information, claiming their account was suspended, deactivated, or terminated.

Smishing is a form of criminal activity using social engineering techniques similar to phishing. The name is derived from “SMs PhISHING”. SMS (Short Message Service) is the technology used for text messages on cell phones.

Lottery & Sweepstakes Scams – The potential victim is sent an e-mail notification that they have won money. However, to obtain the supposed winnings the winner is told that he/she must pay taxes up front or some other fictitious fee. Sometimes the scammer doesn’t require money up front, but asks for the winner’s account number, supposedly to deposit the winnings, but really to steal.

Nigerian Scams – This e-mail is supposedly from a citizen of another country (often Nigeria). He writes that he needs your help to gain access to his funds that he cannot touch because of the country’s regulations. He offers to greatly reward you for your help. All he needs is your account number, supposedly to transfer the funds, but really so that he can drain your savings. There are many versions of this scam.

Online Auction Scams – In this scenario, the victim is the seller. The buyer sends a cashier’s check to the seller for an amount larger than the purchase price. They buyer asks that the difference is sent back to him/her and usually tells the seller that he/she can keep a little extra for the trouble. Even though it is a cashier’s check, that doesn’t mean that it’s safe. This check is later found to be counterfeit and the seller is out the money that they sent back to the buyer.

JURY Duty Scam – A new type of fraud has surfaced and is growing.

The caller claims to be a jury DUTY coordinator. If you protest that you never received a summons for jury duty, the Scammer asks you for your Social Security number and date of birth so he or she can verify the information and cancel the arrest warrant. If you give out any of this information your identity was just stolen.

The fraud has been reported so far in 11 states, including Oklahoma , Illinois , and Colorado , AZ and more. This (swindle) is particularly insidious because they use intimidation over the phone to try to bully people into giving information by pretending they are with the court system.

The FBI and the federal court system have issued nationwide alerts on their web sites, warning consumers about the fraud.

Scammers are working hard at trying to fraudulently get consumers money. Please visit the Internet Crime webpage for details of some of the most common scams and protect yourself!

http://www.ic3.gov/crimeschemes.aspx

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports from consumers who received an e-mail that has the appearance of being sent from the FDIC. The e-mail informs the recipient that “in cooperation with the Department of Homeland Security, federal, state and local governments…” the FDIC has withdrawn deposit insurance from the recipient’s account “due to account activity that violates the Patriot Act.” It further states deposit insurance will remain suspended until identity and account information can be verified using a system called “IDVerify.” If consumers go to the link provided in the e-mail, it is suspected they will be asked for personal or confidential information, or malicious software may be loaded onto the recipient’s computer. This e-mail is fraudulent. It was not sent by the FDIC. It is an attempt to obtain personal information from consumers. Financial institutions and consumers should NOT access the link provided within the body of the e-mail and should NOT under any circumstances provide any personal information through this media. The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Until this is achieved, consumers are asked to report any similar attempts to obtain this information to the FDIC by sending information to alert@fdic.gov.

ONLINE FRAUD PREVENTION TIP

The FBI and Banks are warning small business owners and consumers to use two computers. Utilize one computer to handle online banking activities and yet another entirely to surf the web and for email. This approach, while not as convenient, is the best way to prevent malicious software from infecting the computer and makes it much harder to manipulate electronic transfers.

There are many places on the Internet that provide free information on how to protect yourself from Internet Scams. These are some of the sites with helpful information:

http://www.sec.gov/complaint.shtml- U.S. Security and Exchange Commission – Complaint Site

http://www.ftc.gov/bcp/edu/microsites/idtheft/ – Federal Trade Commission – ID Theft Home Page

http://www.ic3.gov/default.aspx – The Internet Crime Complaint Center (IC3) was established as a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) to serve as a means to receive Internet related criminal complaints and to further research, develop, and refer the criminal complaints to federal, state, local, or international law enforcement and/or regulatory agencies for any investigation they deem to be appropriate. Your Local Internet Service Provider should be able to provide additional web site references regarding scams, phishing and other types of fraud.

• Consider every email, telephone call, or text message requesting your Personal Identification Information as a scam
• Never click on embedded email or cell phone links
• When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source
• Never give social security numbers, account numbers, passwords, or driver’s license numbers over the internet, in an e-mail or by phone if you did not initiate the call to a valid posted phone number for the business
• Sign up for the Do Not Call list
• Check your credit report at least once a year
• As always, pay close attention to your bank statements and financial affairs

It is strongly recommended that everyone with a home computer that connects to the Internet have the following on their computer:

Anti-Virus Software – Be sure to keep your anti-virus software active and update it frequently. New anti-virus database updates are usually out weekly.

Spam Blocking Software – Run this software at least weekly and update it frequently. New updates are usually released every few weeks.

Personal Firewall – This helps prevent others from controlling your computer remotely while connected to the Internet. If you think you are a victim of an Internet fraud, an Internet scam or Identity Theft, here are some suggestions:

1. Contact the fraud departments of any one of the three major credit bureaus to check your credit report and place a fraud alert on your credit file
   • Equifax | 1-800-525-6285 | www.equifax.com
   • Experian | 1-888-397-3742 | www.experian.com
   • Trans Union | 1-800-680-7289 | www.transunion.com
2. Close the accounts and/or credit cards that you know or believe have been tampered with or opened fraudulently. File a police report and get a copy of the report. Your creditors and others may require a copy of the report to assist you.
3. File a complaint with the FTC (www.ftc.gov/complaint). The FTC maintains a database of identity theft cases used by law enforcement agencies.
4. Contact the Social Security Administration (www.ssa.gov) if you believe your Social Security Number has been compromised.
5. Review all billing and bank statements for errors and unknown transactions.
6. Document all activity to include everyone you contact and who has contacted you. Make copies of all correspondence sent and received.

MOBILE BANKING FRAUD PREVENTION TIPS

• Do not leave your phone unattended. Treat your mobile device as if it contained cash. Mobile devices can contain everything from passwords to contact lists to calendar appointments – things that you don’t want to fall into the wrong hands.
• Password protect your mobile device and lock your device when it’s not in use. Most devices have a security setting that makes it mandatory that you insert a Password or Personal Identification Number (PIN) to access the device.
• Utilize The Security Features Available on Your Mobile Phone. Enable encryption and remote wipe capabilities if available. Research additional security software and antivirus solutions that may be available for your type of device. (Contact your mobile provider or review your user manual.)
• Keep the Operating System on Your Phone Updated.
• Download only the official APP from First National Bank. You can download the First National Bank Mobile Banking App from the Apple or Android Market, verify that the app publisher is First National Bank and or Malazaui Software.
• Exercise caution for what Information You Store On Your Mobile Device. Saving passwords to sites used for email, social networking, shopping or where personal information is stored makes you vulnerable.
• Immediately Notify The Bank and Your Mobile Service Provider If Your Device Is Lost or Stolen. The mobile phone number can be removed from your information at the bank required for accessing mobile banking. The service provider can disable your device to reduce the risk of the information being accessed.
• Exercise caution when downloading items to your phone. Mobile devices are specialized computers. This makes it possible for someone to design an app that could try to access your information. Research before downloading a game, widget or any app to make sure the app developer has a good reputation. Download updates regularly as these may include “fixes” to security flaws.
• Don’t Follow Links. Use typical online security precautions, the same as you would follow when browsing the internet or accessing email from your PC. Phishing is the practice of tricking someone into revealing private information. This may be as simple as sending out a text message or email in an effort to obtain information. Spoofing involves the creation of a fake Web site designed to mimic your bank’s official site in an effort to obtain personal information. Never follow a banking link sent to you in a text message or email. These links could send you to a “spoofed” site that will steal your login credentials or other personal information. Always navigate to a site directly via your own bookmarks or by entering the address yourself.
• Avoid Banking While on Public Networks. Public connections aren’t secure. Most places that offer public WI-FI warn users not to share sensitive information over the network, including logging into your bank account or shopping online. A solution is to disable WI-FI and switch to a cellular network for a more secure connection.
• Use a Complex Password. Do not use your name, birth date or other easily identifiable personal information in your password. Use capital letters and/or symbols in the password to make it more complex.
• Change Your Password Frequently.
• Do Not Send Personal Information or Log-In Credentials Via email or SMS (Text Messaging).
• Review Any Pop-Up Notices or Alerts That Appear On Your Device. These may be warnings that you are leaving a trusted site or of security issues.
• Regularly Delete Text Messages, Clear Browser History and Delete Files From Your Phone.
• Remove ALL Information From Device Before Discarding or Selling the Phone.
• Only Enter Personal Information On A Secure Site. Do not enter personal information on a site unless there is an “s” after http which indicates that the site is secure.
• Do Not Allow Any Phone Settings to Auto-Fill User ID’s or Password Information.
• Always Log Off Completely After Using Mobile Banking.
• Monitor your accounts regularly Any suspicious activity should be reported to the bank as soon as possible. With mobile banking you can monitor your accounts quickly and easily. If you check your account often, you’ll be able to spot any

SENIOR RESOURCES

Cybersecurity Tips