The Internet offers convenient ways to shop for financial services and conduct banking business online, any day of the week, at any time. However, safe online and mobile banking involves making good decisions that will help you avoid costly surprises and scams.
Cybercriminals use online scams to attempt to gain access to your private information. The following information is designed to help you understand common online scams and safely navigate the realm of online and mobile banking and protect your private information.
Lea County State Bank will never ask for your username, passwords, PINs, or security passcodes through unsolicited emails, phone calls, text messages or pop-up windows.
Social Engineering\email scams
Cybercriminals like to use social engineering and email scams to gain access to your personal private information. Commonly called Phishing, Spoofing and Baiting, Social engineering remains one of the most dangerous hacking techniques employed by cybercriminals, largely because it relies on human error rather than technical vulnerabilities. This makes the attacks much more dangerous because it's a lot easier to trick a human than it is to breach a security system.
The best way to avoid common scams is to understand how they usually work. Most social engineering attacks follow a similar pattern. Once you start to recognize the pattern you can quickly tell if someone is trying to scam you online.
Here are a few things you should look for to help protect yourself from Social Engineering and Email scams-
Carefully check the emails including the name and address. If the address looks suspicious or you don/t know the sender use extra caution. Verify the email is legitimate by contacting the sender on a published number. Never Open emails from senders you don't know.
Recognize common phishing email subject lines. Every phishing email uses an enticing and emotionally charged subject line to hook its victims. Some of the subject lines to watch out for include- Notice: Your online account has been accessed, IRS Tax Transcript, Service cancellation [date}, Shipping Document\Tracking Information, FBI Letter of Notification, Notice of Payment.
Slow down and assess any emotions the email or website might generate. Social engineering attacks prey on human instincts such as trust, excitement, fear, greed, and curiosity. If you have a strong reaction to an email or online offer, take a moment to check it out before proceeding.
Credible representatives will never make you feel threatened or demeaned, nor will they pressure you to act quickly. And they should not need to ask you for your login or sensitive information over the phone, email or text.
Never click on suspicious links in emails, tweets, posts, nor online advertising. Links can take you to a different website than their labels indicate. Typing an address in your browser instead of clicking a link in an email is a safer alternative.
Only give out sensitive information over websites using encryption so your information is protected as it travels across the Internet. Verify the web address begins with “https://” (the “s” is for secure) rather than just “http://”. Some browsers also display a closed padlock.
Do not trust sites with certificate warnings or errors. These messages could be caused by your connection being intercepted or the web server misrepresenting its identity.
And remember, if an offer sounds too good to be true, it probably is.
Online Relationship/romance scam
These scams play off of some of the deepest emotions. Typically during this type of scam, the victim is courted online for some time before the scam starts. These scams almost always begin online through social media sites like Facebook or Dating apps. At first, the criminal is very interested in the victim and will make many promises. This is done to build trust and intimacy. After a period of time, sometimes days or months, they will ask the victim for financial help. This is either due to an illness, accident, job loss, family emergency, or their bank accounts have been frozen for some unknown reason.
Sometimes the scammers will trick their victim by "being temporarily unable to access their bank accounts". They may even send a check to the victim and ask them to wire the money to an overseas account. After doing this the victim finds that the check bounces and there is little hope of recouping the money.
There are ways to prevent this type of scam.
First you need to realize that this can happen to anyone. Many people think that they could not fall for this type of scam. But they prey on the people's emotional vulnerability. The criminals will say anything to make themselves appear as the perfect companion. It's important to realize that these scams don't just happen to other people.
You should always verify someone's online identity. This type of scammer works off of false identities, creates a false profile and uses stock images or images from other legitimate social media accounts. When you meet someone online it’s important to research their story. Beware of social media profiles that are light on details and short on history. You can even use search engines to conduct an image search to find out if the photo they are using actually belongs to them. If you find it associated with another name, or a different profile, that should send up an immediate red flag.
Watch out for the mistakes commonly associated to this type of scammer. There are often some telltale signs that should raise suspicions. Look for broken English, poor grammar and misspelled words. Look for inconsistencies in their story. Be careful of anyone who wants to escalate a relationship too quickly. Take things slow and realize that real relationships take time to develop.
Ask to meet the person. Most Romance scammers will have a variety of excuses for why they cannot meet in person. Many times they will agree to the meeting but have to cancel at the last minute due to unforeseen circumstances. This should raise a red flag. And remember, if you plan a face-to-face meeting with someone you met online always arrange to meet in a public place with others around, arrange for your own transportation and let your friends or family know about your plans.
And never send money. The goal of the scammer is to get your money. Initially they may cite an emergency of some sort that has left them short on cash or unable to access their bank account. They will often request small amounts at first. Once this is successful the appeals will escalate as they seek larger and larger amounts. The hope is to steal as much as possible before being exposed. Or they might not go for cash directly but instead trick their victims into sharing credit card or account information.
Relationship\Romance scams are extremely common and lucrative for the criminals that are behind them. The best way to avoid them and other online scams is to stay vigilant, trust your instincts and educate yourself about common fraud tactics.
Should you think that you are the victim of a scam contact the Lea County State Bank fraud department.
PaRENT/gRANDPARENT SCAM
Scammers have usually done their homework before attempting this type of scam. Information has been gotten from Facebook and other online accounts to verify that the offspring is out of town. The criminal also verifies the names and numbers of the victims as well as the relationship to the child.
This scam usually starts with a parent or grandparent receiving a text, email or phone call. The caller proports to be either a law enforcement agent, the child of the individual or a close friend. Sometimes the caller even "spoofs" the caller ID to make the incoming call appear to be from the relative. The criminal will state that the child\grandchild of the victim has incurred a financial hardship, such as incarceration, vehicle trouble or health issue, usually while traveling or attending college. In most cases they will state that the victim is the only relative they can get in touch with.
After developing the bond the criminal will ask for money to be wired to an account so that it can be used for the benefit of the relative. Either to get them out of jail, get the vehicle fixed or get them home.
There are some things you can do to avoid falling victim to this type of scam.
Ask probing questions that only the real person would know. For example ask about the last time you saw them or the nickname you call them.
Try calling or messaging the person claiming to be calling you or someone close to them. Try to verify the story you are being told.
If you have been a victim of this type of scam report it to the Lea County State Bank fraud department.
Online security- passwords and Multi-factor authentication
There are several things you can do to help protect yourself online. The first thing is to establish a strong password.
Create a unique password for each the different systems you use. If you don’t then one breach can leave all your accounts vulnerable. You should always use different passwords for online banking than you use for social media accounts.
Never share your password over the phone, in texts, by email, or in person. If you are asked for your password it’s probably a scam. Reputable agents will never ask for your sensitive information over the phone or via email.
Use unpredictable passwords with a combination of lowercase letters, capital letters, numbers, and special characters.
The longer the password, the tougher it is to crack. Use a password with at least 8 characters. Every additional character exponentially strengthens a password.
Avoid using obvious passwords such as:
- your name
- your business name
- family member names
- your user name
- birthdates
- dictionary words
- repeating letters or numbers
Online security- Additional security considerations
Avoid using public computers or public wireless access points for online banking and other activities involving sensitive information when possible.
Always “sign out” or “log off” of password protected websites when finished to prevent unauthorized access. Simply closing the browser window may not actually end your session. Do the same when you are finished with an app.
Configure your device to require a passcode to gain access if this feature is supported in your device.
Avoid storing sensitive information on mobile devices. Mobile devices have a high likelihood of being lost or stolen so you should avoid using them to store sensitive information (e.g. passwords, bank account numbers, etc.). If sensitive data is stored then encryption should be used to secure it.
Keep your mobile device’s software up-to-date. These devices are small computers running software that needs to be updated just as you would update your PC. Maintain active and up-to-date antivirus protection provided by a reputable vendor. Schedule regular scans of your computer in addition to real-time scanning. Use the automatic update option if one is available.
Review the privacy policy and data access of any applications (apps) before installing them.
Disable features not actively in use such as Bluetooth, Wi-Fi, and infrared. Set Bluetooth-enabled devices to non-discoverable when Bluetooth is enabled.
Delete all information stored on a device before the device changes ownership. Use a “hard factory reset” to permanently erase all content and settings stored on the device.
Be cautious of unsolicited phone calls, emails, or texts directing you to a website or requesting information.
If you suspect your computer is infected with malware, discontinue using it for banking, shopping, or other activities involving sensitive information. Use security software and/or professional help to find and remove malware.
Use a cable lock to physically secure laptops, when the device is stored in an untrusted location.
Create a unique password for all the different systems you use. If you don’t then one breach leaves all your accounts vulnerable.
Additional Resources
To learn more about information security visit any of the following websites:
Need financing? Look no further.