Embassy Bank Security Center Internet Scams, Schemes, and Frauds

• Scammers often pose as a representative of a company, organization, business, or agency that you may be familiar with, such as, a bank, utility company, the IRS, a charity, Social Security, or Medicare.
• Scammers will pressure you to take urgent action due to a problem with your bank accounts or credit cards, submitting a claim for lottery or sweepstakes winnings, for a family emergency or a technology company like Microsoft, Apple, or Dell because of a computer virus.
• Scammers will usually ask you to make payment by cryptocurrency, gift cards or wiring funds.
• Sometimes scammers will offer you a portion of the proceeds from a check that they asked you to cash. Those checks are counterfeit and the bank will look to you to make good on the full amount of the check. Remember, If it’s too good to be true, think twice.

• If you are concerned or feeling pressured about a particular phone call, email or text message asking about your Embassy Bank accounts, hang up and contact Embassy Bank immediately.
• Never provide any personal or financial information.
• Never click on any suspicious links contained in a text or email.
• Search for the company’s website and locate published phone #s for the company to help verify its legitimacy.

There are ways to protect yourself and your bank accounts:

• Use strong, unique passwords & user IDs.
• Never use the same password for multiple websites
• Use a password locker (App that can create unique passwords and safely store them.)
• Employ 2 factor or multifactor authentication
• Use Biometrics (Fingerprint or facial recognition)
• Change passwords and User IDs often
• Avoid public Wi-Fi
• Look for the secure lock on webpages
• Subscribe to credit monitoring
• Obtain your free annual credit report
• Install updates for all technology devices (PCs, Laptops, Tablets, SmartPhones)
• Use virus protection software
• Use a paper shredder

• Cardvalet – Debit cards
• Notifi
• Credit Cards – Ability to turn your card on or off
• Remember Embassy bank will never ask for your credentials!

If you believe you have been a victim of fraud or received a suspicious email, phone call or text message appearing to be from Embassy Bank, please contact us at 610-882-8800. 

Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a popular tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate or familiar source. The goal of email spoofing is to get recipients to open, and possibly even respond to, a solicitation.

Although most spoofed emails can be easily detected and require little action other than deletion, the more malicious varieties can cause serious problems and pose security risks. For example, a spoofed email may pretend to be from a well-known shopping website, asking the recipient to provide sensitive data such as a password or credit card number. Alternatively, a spoofed email may include a link that installs malware on the recipient's device if clicked. One type of spear phishing attack used in business email compromises involves spoofing emails from the CEO or CFO of a company requesting a wire transfer or internal system access credentials.

While email spoofing is most popularly used to execute phishing attacks, a cybercriminal may also use this technique to avoid spam email blacklists, commit identity theft or tarnish the image of the impersonated sender.

Cyber-Defense Tactics:

If you receive an email that warns you, with little or no notice, that your account will be shut down unless you reconfirm certain information, do not click on the email link. Instead, use a phone number or enter the web address yourself. Clicking on a link that looks legitimate may in fact direct you to a fraudulent website where your personal information may be compromised.

Before submitting any financial information to a legitimate website, look for the “lock” icon on the browser status bar, or look for “https” in the web address. Both are indications that the information is secure and encrypted during transmission.

Be wary of unsolicited or unexpected emails from all resources.

If an unsolicited email arrives, treat it as you would a phishing source.

Report suspicious activity to the Federal Trade Commission (FTC).

Internet fraudsters often use identity theft as a starting point for larger crimes. In one case, criminals obtained the names and social security numbers of military personnel then used them to apply to a bank over the Internet for credit cards. In another case, stolen personal data was used to submit car loan applications online.

Cyber-Defense Tactics:

Keep a close eye on your account activity at your bank, either through statements or using their online services. Report anything that looks suspicious.

Your personal information can be obtained by “phishing,” “spoofing,” or the old fashioned way – dumpster diving. Make sure your unused checks, bills, and statements are shredded before discarding.

1. Don’t Judge By Initial Appearances. Just because something appears on the Internet – no matter how impressive or professional the website looks – doesn’t mean it’s real. The ready availability of software that allows anyone, at minimal cost, to set up a professional-looking website means that criminals can make their websites look as impressive as those of legitimate businesses, banks or government agencies.
2. Be Careful About Giving Out Personal Data Online. If you receive emails from someone you don’t know asking for personal data – don’t send the data without knowing more about who’s asking. While secure transactions with known e-commerce sites should be safe, especially if you use a credit card, non secure messages to both known and unknown recipients are not safe.
3. Be Especially Wary of Emails Concealing Their True Identity. If someone sends you an email using a mail header that does not have useful identifying data (e.g., W6t7S8@provider.com), it may be an indication that the person is hiding something and is not legitimate.
4. Review Credit Card and Account Statements as soon as you receive them to determine whether there are any unauthorized charges or suspicious charges/transactions. If your statement is late by more than a few days, call your credit card company or bank to confirm your billing address/account balances, and determine whether they have mailed your statement.
5. Watch Out For “Advance-Fee” Demands. Look carefully at any online seller of goods or services that wants you to send checks or money orders immediately to a post office before you receive the goods or services you’ve been promised.
6. Use Common Sense.

CATO is a fast growing electronic crime where thieves obtain log-in credentials to corporate on-line banking accounts and fraudulently transfer funds from corporate bank accounts.

Businesses should protect themselves against CATO in several areas:

• Domestic and International Wire Transfers
• Business-to-Business ACH Payments
• Online Bill Payments
• Electronic Payroll Payments

The following is a helpful list of key terms to be aware of and practical tips that will provide guidance on what steps you can take to prevent CATO for your business:

How does CATO work?

1. Fraudsters target victims by scams using phone calls, text messages or e-mails.
2. Fraudsters may pose as the FDIC, IRS, Better Business Bureau, NACHA, Banks or other organizations requesting personal or account information, the installation of software or user’s access credentials.
3. Victim unknowingly installs malware by clicking on a hyperlink, visiting an infected website, or opening a file or zip file.
4. Installed malware collects and transmits a victim’s log-in credentials to the fraudsters.
5. Fraudsters initiate a funds transfer from the victim’s account.

Social Engineering:

Social Engineering refers to manipulating, influencing or misleading people into performing actions for the purpose of divulging confidential information, data gathering, fraud, or system access.

Email:

Some experts believe e-mail is the biggest security threat of all. It’s the fastest, most effective method of spreading malicious software to the largest numbers of users... victims. Be on the lookout for electronic greeting cards, chain letters, jokes, graphics, spam and junk e-mail.

Other Red Flags to watch out for:

• Don’t recognize the sender or the sender’s e-mail address.
• The e-mail address is from a suspicious domain.
• The e-mail is unexpected, unusual or out of character.
• E-mail was addressed to a mixed group of people.
• The subject is irrelevant or doesn’t make sense.
• Hovering over a hyperlink reveals an address for a different website.
• Hyperlink or e-mail address is misspelled.
• E-mail arrived at an unusual time of the day/night.
• E-mail contains bad grammar and/or spelling errors.
• E-mail requests the opening of a file, zip file, clicking on a link, providing sign-on credentials or personal or confidential information.
• In general, the e-mail seems suspicious, out of place, or unusual.

Malware:

Short for malicious software, it is software designed to infiltrate a computer system without the owner’s knowledge or informed consent. Malware includes computer viruses, worms, Trojan horses, spyware, dishonest adware, ransomware, scareware, crimeware, most rootkits and other unwanted malicious software. Malware can be found in malicious websites (including Social Networking and Video Sharing websites), e-mail, Person-to-Person (P2P) downloads, and in ads on popular websites.

Ransomware/Scareware:

This form of malware deceives or misleads users into paying for the fake, simulated or actual removal of malware and Is a growing and serious security threat.

• Mainly relies on social engineering in order to defeat the security software.
• Most have a Trojan Horse component which users inadvertently install on their PC.
• Trojan Horse sources – browser plug-ins (toolbars), web image downloads, screensavers, zip files, video clips, shared software, free on-line malware scanning services.

Phishing:

Phishing is the criminally fraudulent process of attempting to acquire sensitive information (usernames, passwords, credit card details) by masquerading as a trustworthy entity in an electronic communication. Be wary of commonly received communications pretending to come from:

• Social websites
• Auction sites
• Banks
• Payment processors
• Websites
• IT Administrators

Tips for Detection and Protection

• Educate - provide security awareness training for employees.
• Communicate basic on-line security standards to staff.
• Stay informed through newsletters, webinars, seminars and publications.
• Make note of any changes in the performance of a user’s PC.
• Do not open attachments, files or links from suspicious e-mail addresses.
• Do not use public internet access points with company owned equipment.
• Secure PCs and network.
• Limit internal administrative rights.
• Install and maintain spam filters, virus protection & fraud detection software.
• Use routers and firewalls to prevent unauthorized access.
• Install security updates to operating systems and applications.
• Use pop-up blockers.
• Back-up data daily.
• Perform penetration testing.

• Business Protection Topics – Cybersecurity
• FDIC Consumer News
• FDIC Consumer Protection Topics - Cybersecurity