September 19, 2017
Business Email Compromise
Over the past two years, fraudsters have stolen millions of dollars from businesses by compromising official company email accounts and using those accounts to initiate unauthorized wire transfers. We want you to be aware of this type of scam as we have seen local New Mexico businesses impacted by this scheme.
BEC scams often begin with an attacker compromising a business executive’s email account by using key logger malware or phishing methods. The attackers may create a domain that is similar to the company they are targeting. They may also send a spoofed email that tricks the victim into providing account details. Upon monitoring the compromised email account, the fraudster will try to determine who initiates wires and who requests them. Undetected, they may spend weeks studying the organization’s vendors, billing systems, and the CEO’s style of email communication. The fraudsters then impersonate high level executives, sending emails to a targeted employee in the finance office – a bookkeeper, accountant or controller, requesting wire transfers to fraudulent accounts.
The employee sends the money, just as he has done in the past. When the fraud is discovered, the money is hard to recover as the funds have been quickly drained from the account.
The FBI states that "The best way to avoid being exploited is to verify the authenticity of requests to send money by walking into the CEO’s office or speaking to him or her directly on the phone. "Don’t rely on email alone."
Additional Resources Available on BEC
September 8, 2017
Equifax 2017 Security Breach
Equifax, one of the three major consumer credit reporting agencies, announced on Thursday, September 7, 2017, that hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including names, Social Security numbers, dates of birth, addresses and driver’s license numbers. Approximately 209,000 credit card numbers and dispute documents with personally identifiable information for approximately 182,000 consumers were also stolen. Equifax stated that the breach occurred from mid-May to July.
To be clear, Century Bank was not compromised and your information was not stolen from our bank. However, Century Bank takes the security of our customer information very seriously, and we are providing you with the information we know about this massive breach and the steps you can take to protect your personally identifiable information if you so desire.
Equifax has established a dedicated website, www.equifaxsecurity2017.com, to help consumers determine if their information has been potentially impacted and to sign up for free credit file monitoring and identity theft protection. The offering, called TrustedID Premier, includes 3-Bureau credit monitoring of Equifax, Experian and TransUnion credit reports; copies of Equifax credit reports; the ability to lock and unlock Equifax credit reports; identity theft insurance; and Internet scanning for Social Security numbers.
Equifax recommends that consumers with additional questions visit www.equifaxsecurity2017.com or contact a dedicated call center at 866-447-7559, which the company set up to assist consumers. The call center is open every day (including weekends) from 7:00 a.m. – 1:00 a.m. Eastern Time.
Step 1: Consider Enrolling in Equifax's program
Note that even if the enrollment tool indicates you weren't exposed, you're still eligible for a free one-year subscription to Equifax's protection services. However, we recommend that you review the “FAQs for Consumer” section of their website for an overview of their program.
Step 2: Check your credit reports
More than three months passed between the time the breach and Equifax’s announcement. It is uncertain if the data of those affected was used maliciously during that period, so consider looking through your credit reports for any suspicious activity. The federal government guarantees everyone a free annual credit report from the three major bureaus. For information on obtaining a free credit report, go to: https://www.usa.gov/credit-reports.
The three credit reporting agencies are:
When looking through your reports, keep an eye out for new accounts you didn't open, late payments on debts you don't recognize and any other activity that looks unfamiliar. Should you see anything suspicious, you may contact any of the above agencies to notify them of any suspected fraud or identity theft.
If you suspect someone used your identity to open credit cards, take on loans, or re-open closed accounts, contact the credit card company's fraud department immediately. You are not responsible for charges made on a fraudulent card, but you have to report the issue in a timely manner. Once you've reported the fraudulent credit, follow the Federal Trade Commission’s guide to recovering from identity theft at https://www.identitytheft.gov/Assistant#.
Step 3: Consider Placing a Freeze or Fraud Alert on your credit file
Even if your credit report comes back clean, remain vigilant about protecting your credit. One of the most reliable ways to prevent someone from opening credit cards in your name is to place what's called a "credit freeze."
When you freeze your credit, you (or anyone masquerading as you) will be required to un-freeze your account by providing the PIN you got when you froze your credit. For more information about freezing your credit file, see https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs.
To freeze your credit, contact each of the credit bureaus using the phone numbers above.
If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you. To place a fraud alert, contact each of the credit bureaus using the phone numbers above.
For more information about placing a fraud alert on your credit report see https://www.consumer.ftc.gov/articles/0275-place-fraud-alert.
Step 4: Change Passwords
It’s always a safe bet to change passwords for sites that contain sensitive information like financial, health or credit card data. Do not use the same password across multiple sites and do not use your Social Security number as a username or password, especially in the wake of the recent Equifax breach.
Step 5: Report Identity Theft
If you believe you are the victim of identity theft, contact your local law enforcement office and/or your state attorney general. Finally, you may also want to consider reviewing information about recovering from identity theft, which is available from the Federal Trade Commission (FTC) at https://www.identitytheft.gov/ or by calling 1-877-IDTHEFT (1-877-438-4338). The FTC also offers general information to protect your online presence at https://www.consumer.ftc.gov/topics/privacy-identity-online-security.
Step 6: Monitor Accounts
Monitor your existing credit card and bank accounts closely for charges you don't recognize. Following this unprecedented breach, we are imploring our customers to be extra vigilant and report any suspicious activity in your Century Bank accounts by calling 505.995.1200. You can track your account activity by signing up for Century Bank’s online banking service.
Step 7: Be EXTRA Vigilant
ALWAYS treat everything you receive online with an abundance of suspicion, in case hackers are trying to trick you out of even more information.
July 17, 2017
Keep Security in mind on your summer vacation.
The Federal Trade Commission (FTC) has released an alert on ensuring good digital security while traveling. Security recommendations include using caution while accessing free Wi-Fi hotspots, keeping all software updated, and using Virtual Private Networks (VPNs).
June 26, 2017
Federal Trade Commission News.
The Federal Trade Commission (FTC) has released an alert on technical-support scams. In these schemes, deceptive tech-support operations[consumer.ftc.gov] offer to fix problems that don't exist, placing calls or sending pop-ups to make people think their computers are infected with viruses. Users should not give control of their computers to any stranger offering to fix problems.
June 12, 2017
FDIC Consumer News.
The FDIC often hears from bank customers who believe they may be the victims of financial fraud or thefts. The Summer 2017 FDIC Consumer News alerts the public to common scams and provides basic tips for protecting personal information and money. Topics include:
- An overview of 10 schemes bank customers need to be aware of, starting with the crime that occurs when thieves pose as government employees with false claims about needing a payment or valuable information, such as Social Security or bank account numbers;
- Basic defenses to consider in your everyday life, especially when engaging in financial transactions with strangers through e-mail, over the phone or on the Internet; and
- Resources to turn to for more information on how to avoid becoming a victim of financial scams.
The Summer 2017 FDIC Consumer News can be read or printed at https://www.fdic.gov/consumers/consumer/news/cnsum17[links.govdelivery.com]
May 12, 2017
New FTC website helps small businesses.
The Federal Trade Commission (FTC) has released an announcement about its new website devoted to protecting small businesses. This resource aims to help business owners avoid scams, protect their computers and networks, and keep their customers' and employees' data safe. Business owners are encouraged to visit this new site at:
May 11, 2017
Business E-mail Compromise, E-mail Account Compromise and The 5 Billion Dollar Scam.
The Internet Crime Complaint Center (IC3) has issued a Public Service Announcement describing a growing number of scams targeting businesses working with foreign suppliers or businesses that regularly perform wire transfer payments. These sophisticated scams are classified as business email compromise (BEC) or email account compromise (EAC) and use social engineering techniques to defraud businesses. The scam is carried out when a subject compromises legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
You are encouraged to review the IC3 Alert[ic3.gov] for details
February 14, 2017
FBI Releases Article on Romance Scams.
The Federal Bureau of Investigation (FBI) has released an article addressing the rise of Internet romance scams. In this common type of fraud, cyber criminals target victims, gain their confidence, and trick them into sending money.
To stay safer online, review the FBI article on Romance Scams and US-CERT publication ST06-003 on staying safe on social networking sites. Please file a complaint with the FBI's Internet Crime Complaint Center if you believe you have been the victim of a romance scam.
January 31, 2017
Tax Identity Theft Awareness Week.
This is Tax Identity Theft Awareness Week[consumer.ftc.gov], and many federal agencies are offering consumers information and resources on the topic. Tax identity theft happens when a scammer files a fraudulent tax return using your Social Security number (SSN) and claims your refund. It also happens when someone uses your SSN to earn wages, and sticks you with the tax bill.
US-CERT encourages taxpayers, business owners, and tax preparers to educate themselves on tax identity theft by reading Internal Revenue Service (IRS) publication Taxes.Security.Together.[irs.gov] and the US-CERT Tip on Identity Theft[us-cert.gov].
You can also check out these events on avoiding tax identity theft[consumer.ftc.gov] hosted by the Federal Trade Commission (FTC), IRS, Department of Veterans Affairs, and other agencies.
December 9, 2016
New Device? Check Your Cybersecurity.
In this month’s issue, we’ll focus on another aspect of the holiday season: that new device you get or give during the holidays... Click here to read more.
November 29, 2016
Security Tips to Protect Your Identity During the Holidays.
It’s a wonderful time of year for some. Black Friday, Small Business Saturday, and Cyber Monday are here. Even for those who don’t participate in the madness that is the holiday shopping season can find some great deals this time of year... Click here to read more.
November 4, 2016
Internet Outage Shows How Sophisticated Attacks Can Target Your Home
The cyber attack last week that slowed many popular websites to a crawl used a new type of malware that takes control of tens of millions of personal devices connected to the internet — including home routers, baby monitors and cameras — without their owners' knowledge.
To protect your privacy and security, experts recommend:
•Learning how your connected devices work and determine whether they're internet-enabled.
•Follow security instructions to change default passwords on all devices (including those that may not have obvious passwords).
•Update hardware with the latest software and consider using an internet hub at home for any smart-home hardware
To read the NBC News article, click here.
October 13, 2016
IRS Scam Alert
Please be aware of a deceptive new scam making the rounds. Taxpayers are sent a phony IRS Form CP 2000, which is typically used by the IRS to identify discrepancies between the income reported on your tax return and the income reported by your employer. The scammers also claim that the correspondence is related to the Affordable Care Act in order to pique your curiosity and interest.
Carefully review email messages that contain attached IRS documents before clicking on any attachments. Also watch for text messages and phone calls promoting the same type of scam.
Please know that the IRS does not initiate taxpayer communications via email or text. Most often, a paper communication is sent through the U.S. Postal Service.
If you receive emails, text messages, or phone calls relating to this topic, do not respond. Contact your tax provider for guidance or call the IRS (1-800-366-4484[IRS%20(1-800-366-4484]) for confirmation. The IRS has also set up a website to report suspicious correspondence – Go to www.tigta.gov[tigta.gov].
May 16, 2016
FBI Releases Article on Ransomware
The Federal Bureau of Investigation (FBI) has released an article addressing the proliferation of ransomware campaigns. Ransomware is a type of malicious software that infects a computer and restricts users' access to it until a ransom is paid to unlock it. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee access will be restored. To read more click here.
March 9, 2016
FDIC Consumer News
A Bank Customer's Guide to Cybersecurity... To read more click here.
December 21, 2015
Securing Your Home Network
US CERT and Homeland Security issue security bulletin... To read more click here.
December 18, 2015
Before You Connect a New Computer to the Internet
US CERT and Homeland Security issue security bulletin... To read more click here.
November 5, 2015
How to Shop Online Securely
"Tis the season to be cautious. The holiday season is close upon us and soon millions of people around the world will looking to buy the perfect gifts..." To read more click here.
October 29, 2015
New Credit Card Chip Technology
Maybe you've gotten a new credit or debit card in the mail or heard something about the U.S. moving to the "Chip and Signature" or "Chip and PIN" standard. To read more click here.
September 3, 2015
What is Ransomware?
The FBI alerts the public about the rise of Ransomware scams to extort money from victims. To read more click here.
August 31, 2015
FBI Public Service Announcement.
E-mail Account Compromise (EAC) is a sophisticated scam that targets the general public and professionals. Examples of EAC are listed and identifies what to do if you are a victim. To read more click here.
August 10, 2015
FBI Public Service Announcement.
The Internet Crime Complaint Center (IC3) recently received an increasing number of complaints from businesses reporting extortion campaigns via e-mail. To read more click here.
July 13, 2015
Securing Merchant Card Payment Systems from the Risks of Remote Access.
This advisory was prepared in collaboration with the Financial Services Information Sharing and Analysis Center (FS---ISAC), the Retail Cyber Intelligence Sharing Center (R---CISC), the United States Secret Service (USSS), and with the support of Visa Inc., and is directed to retailers or companies which are processing financial transactions and managing customer personally identifiable information. To read more click here.
June 18, 2015
Social Engineering Through the Internet
Social engineering refers to the methods attackers use to manipulate people into sharing sensitive information, or taking an action, such as downloading a file. Sometimes a social engineer is able to rely solely on information posted online or will sometimes interact with the victim to persuade the victim to share details or perform an action. Click here to read more.
May 27, 2015
Don't Take the Bait on Phishing Scams
More than 200 billion emails are sent and received worldwide each day. That represents a lot of opportunity for phishing scams, in which scammers distribute emails that appear to come from legitimate organizations or individuals and try to entice the recipient into clicking on malicious links or attachments. Click here to read more.
May 13, 2015
Fraudsters Drain Starbucks Accounts, Attackers Target Loyalty Card, Mobile App Users
When it comes to getting a coffee fix, beware automatic refills.
That's one takeaway from warnings that fraudsters have been successfully exploiting some U.S. and Canadian consumers who use a Starbucks card or the Starbucks mobile payments app to successfully drain hundreds of dollars from their Starbucks accounts... Click here to read more.
May 11, 2015
Business Email Compromise (BEC)
The FBI's Internet Crime Complaint Center (IC3) has issued an alert that reveals a growing threat to commerce by compromised business email accounts. The IC3 notes that the fraudsters perpetrating these scams do their homework before targeting a business and its employees, monitoring and studying their selected victims prior to initiating the fraud. Individuals actually responsible for company wire transfers are usually targeted, the requests are well-worded, requesting typical payment amounts, are industry specific and often don't trigger suspicion. The fraud occurs when the controller, treasurer, or accounting officer at the business receives an e-mail that appears to be from a company executive. The e-mail is a request that a wire transfer be sent.
We have been notified of several local businesses being targets of this scheme.
Go to the FBI’s website for more information and alert your employees about this scam.
Click here for more information.
March 16, 2015
Things You Should Do When Your Email Is Hacked
When this happens the question becomes, "What should I do now?" Click here to read more.
March 4, 2015
Avoiding Online Tax Scams
"It’s tax season, which means it’s also time for tax scams, with numerous online scams that attempt to steal people’s tax refunds, bank accounts, or identities."
October 20, 2014
Ebola Phishing Scams and Malware Campaigns
As coverage for the Ebola virus continues to be highlighted in international, national, and local news and social media, an increased risk for phishing scams and malware campaigns exists for Gladiator customers. Please be aware that cyber actors may leverage the fear and concerns generated by this event to lure users into opening attachments containing malicious code or to click on links directed to websites to collect personal information. Customers should practice safe internet browsing both on personal and corporate computer systems.
Protective measures against phishing scams and malware campaigns include:
- Maintain up to date antivirus software
- Do not follow unsolicited web links in email, text, or chat messages
- Use ad-blocking software to avoid 'malvertising' and potential downloading of malicious content
- Enable "click to play" in your internet browser to avoid automatically playing embedded content on a web page (i.e. news sites, Facebook, etc...)
- Do not open unexpected attachments
- Save and virus scan attachments before opening them
- Do not provide personal or corporate information over the phone, through a website, or via email to unknown persons or to an unsecure web site.
- Verify the identity of the person with whom you are communicating
July 28, 2014
Cyber Security and your Summer Vacation
The summer vacation season is underway and for many of us that means lounging on sunny beaches, reading a book under a shade tree or hitting the road for a new adventure. It can also mean identity theft and other crimes if we aren’t careful about our online activities and protecting our information. Click here to learn more.
July 9, 2014
Tech Support Scams
The bank has received reports of a scam that has successfully targeted Century Bank customers.
Scam artists are using the phone to try to break into your computer. They call, claiming to be computer techs associated with well-known companies like Microsoft. They say that they’ve detected viruses or other malware on your computer to trick you into giving them remote access or paying for software you don’t need.
Please read the Federal Trade Commission’s Consumer Information Alert on “How Tech Support Scams Work”.
February 6, 2014
US-CERT (United States Computer Emergency Readiness Team) Alert
Sochi 2014 Winter Olympic Games
The Sochi 2014 Winter Olympic Games provide hacktivists with opportunities to create malicious sites and/or social engineer users into downloading malicious software or steal users bank account information.
This Tip provides information for users to be mindful of when visiting websites covering the Olympic Games or those who are traveling to Sochi.
Read the alert at https://www.us-cert.gov/ncas/tips/ST14-001