Century Bank is concerned about cyber security for our clients. This page is dedicated to showing you pertinent information to protect you, your businesses and your families by sharing news, updates, and articles regarding cyber security.
Don’t give any information when you receive a call that appears to be from Century Bank!
Spoofing phone numbers is easy and cheap, and crooks do it all the time. Often the crooks call from a spoofed Century Bank number. They will say they are from the fraud department and are calling about some recent charges that look suspicious. They are trying to get you to give them information that (if they really were from Century Bank) they would already have. Like your Online Banking Username, or your secret question. Never give anything that is part of your account login (username/password/PIN/secret question), or transaction verification process (SAC code), to anyone who calls you, no matter whom they appear to be. Call back to a number you looked up and entered. Don’t click on a link in an email or text message which may not go where the visible text seems to indicate, and don’t trust the number showing on your caller id.
Unexpected Micro Deposits could be the first sign of account compromise.
All the pieces involved in the security of your banking accounts are important…your username and password when accessing Online Banking, Secure Access Codes you receive from Online Banking, and the PIN you use as a password when accessing telephone banking. None of these should ever be given to anyone. If you suspect one has been compromised, you should immediately change it and call us at 505.995.1200.
Our Online Banking provider has detected a scam where the scammers compromise the victim’s telephone banking PIN (in many cases by asking them for it). The scammer confirms the PIN by making a micro deposit of just a few cents. This is a common first step for a new bill pay being set up. Using the compromised PIN, which they have confirmed with the micro deposit, the scammer then sets up transfers out of the account.
We have procedures in place to prevent this (as does our Online Banking provider), but, the more personal information the scammer has, the harder it is for us to be certain it is not really our customer with whom we are dealing.
If you see unexpected micro deposits (especially if you are not in the process of setting up a new bill pay or setting up an external transfer arrangement), or if you suspect any of your account access credentials have been compromised, contact Century Bank immediately so we can assist you in continuing to protect your accounts!
November 8, 2022
Pay close attention…your debit card is locked! But it is a scam!
Cell phone users in the 505-area code are receiving text messages telling people to call now, your debit card has been locked!
The text message does not indicate the name of the bank that issued the “locked” card. They just use your phone number as the “account number". But the scammers are hoping that you will not pay attention to that, because…oh my gosh, your debit card could be locked!
If you call the number the scammers will get as much personally identifiable information as you will give them such as your name, date of birth, Social Security number, real account numbers, passwords and if you talk, they will keep asking questions. All that information can be used against you in future identity theft efforts.
Do not fall for the fake pressure! Don't call the number provided in text messages (or in a pop up on your computer). If you need to contact a company, look up the information at a site you know and trust, and dial the number yourself (do not click a link that may not go where it says).
Scammers are counting on you to not pay close attention and to not pause and think. Do not fall for it!
Fake Purchase Overpayment/Refund Scam email and text messages now also adding Zelle.
Customers are reporting the following: You receive an email or text message indicating that you have been charged for a recent purchase on a major name website or store. The message asks you to verify, and if this is incorrect to call the phone number in the message to prevent/reverse the charge. The message may even indicate that it comes from the fraud department. When you call the number, they apologize and offer to refund the purchase to your card or bank account, or they may ask you to use Zelle to send money to yourself. If you provide them with your account information (or they ask for remote control of your PC and you log in to the site), they will then ask for the security code you receive. Using the security code, the fraudster registers their bank account with Zelle using your information. Your payment to “yourself” goes to their account. Remember sending money with Zelle is like handing someone cash…there is little ability to get it back once sent, so…never transfer to anyone you do not know well.
In other variations of this scam, they appear to “deposit” much more than the refund amount. The scammer pretends to panic and says they will be fired if you do not get them the extra money back…they tell you to purchase gift cards for the “extra” amount at local stores and then read or photograph the card numbers to them. The scam here is…they never moved any money to your account, but the gift cards you give them the numbers for, are real money out of your account!
A few key things: 1) don’t call the number in an email or text message about a purchase you did not make; 2) don’t give anyone you don’t know remote access to your PC (and especially not when you are logged in to your online banking); 3) never give anyone the secure access code you were sent for a transaction (if you do, then it ceases to be secure); and 4) if you are being asked to purchase gift cards…there is a 99.99% probability it’s a scam!
If you receive any communication like what is described above, stop, and do not give the scammer any personal information. Hang up, then call us at 505.995.1200 and let us know.
A word of caution when using Mobile Payment apps. If they are asking for your Secure Access Code…it’s a scam!
If you are doing a transaction with anyone, and they are asking for the Secure Access Code from your mobile banking app…It’s a scam!
Whether you are using the Zelle Peer to-Peer payment option (and that should only be used for persons whom you know well), or any other option in our online banking, if you are being asked by the remote party for the Secure Access Code (SAC), the other party is trying to steal access to your bank account! We use the combination of the randomly generated and time-limited Secure Access code, which is sent to a device we know belongs to you, and your password to secure your personal accounts. It is called multi-factor authentication. If you re-use passwords across multiple websites (which you shouldn’t) thieves may be able to easily guess or steal your password. The SAC provides an additional layer of protection for your information and your money.
Remember, Century Bank will never ask you for a Secure Access code during a call. If you receive a call that looks like it is from Century Bank (and thieves will spoof our caller id, it’s not hard to do), and you are asked for your SAC…hang up and contact a Customer Service representative right away. Questions? Call 505.995.1200.
Cloned apps may contain dangerous things...
Century Bank has been made aware of third-party app stores that are hosting what appear to be copies of the MyCenturyBank Mobile banking app. We are working to get these removed, because, it is highly likely that these apps also include other features such as Keyloggers or other malware that could compromise your personal information when entered using them. Always download apps that access sensitive personal information from either the developing company directly, or from the official Apple or Google Play stores. Those stores have measures in place to ensure that the apps they host are legitimate products and don’t contain any dangerous “extra” features.
Sometimes a social media quiz is more of a test than you might think...
If you have ever used social media, you have probably seen a “quiz” like the one below.
Which pet should you get? Answer these questions to find out:
- Have you ever traveled outside of the country?
- What town did you grow up in?
- Who is your favorite fictional character?
Now it’s time for your results: You got... a phish!
That’s right, the answers to these simple questions could give cybercriminals the data they need to gain access to your sensitive information.
How Can Cybercriminals Use This Information?
The questions in a social media quiz may seem trivial, but your answers reveal a lot about you. Let’s look at how cybercriminals could use your answers to the questions above:
Have you ever traveled outside of the country?
This question reveals whether you have a passport. Knowing which forms of identification, you have could help a cybercriminal steal your identity.
What town did you grow up in?
This question reveals a detail that can be used to verify your identity. The town where you grew up could also be where you were born, where you went to high school, or where you met your partner. Cybercriminals could use this information to answer security questions and gain access to an important account.
Who is your favorite fictional character?
This question reveals your interests. Knowing what books or movies you enjoy could provide cybercriminals with a hint to crack your password. Cybercriminals could also use this information to target you on social media. Claiming to have a shared interest is an easy way for cybercriminals to appear friendly and trustworthy.
Remember These Tips to Stay Safe:
- Don’t share any information online that you wouldn’t want to make public. No matter how cautious you are, any information posted on social media can still fall into the wrong hands.
- Social media platforms have many security options that can easily be overlooked, such as your tagged photo settings. Review and edit your privacy settings to be sure your information is kept safe.
- The next time you see a friend or family member post a quiz on social media, inform them of the risks involved. They may share sensitive information that you both have in common, such as your hometown. Cybercriminals may realize this connection, so your friend’s post could put you and others at risk.
Be cautious with where you go, and what you do when on the internet (both at work and at home) and don’t provide criminals with information that can turn you into a victim.
Could your business survive a Cyber Attack?
Did you know that 74% of all U. S. organizations experienced attempted or actual payment fraud in 2020? As partners in your financial safety, your team at Century Bank wants to remind you of the potential scams that could impact your organization. Please be vigilant. It’s not a matter of if, but rather when your organization will be attacked.
These schemes can cost your business as little as a thousand dollars or more than a million. Could your business weather a half-million or million-dollar loss? Could you possibly be terminated if your employer experiences an avoidable loss due to payment fraud when you did not follow company policy or the tips listed below?
Below we have highlighted a few of the most prevalent fraud schemes from the guide: Protecting Against Cyber Fraud, produced by the National Association of Clearing Houses.
Business Email Compromise (BEC)
Have you received an email from a vendor or your boss requesting that a wire or ACH be sent immediately or to a new bank account number? Fraudsters have been compromising or impersonating valid business email addresses to make such a request and unfortunately your most vulnerable department is accounts payable, as these departments were the target of 61% of all BEC fraud attempts in 2020. Avoid being a victim and require that you and your staff take the time to pick up the phone and call the sender to verify the validity of the request. DO NOT use the contact information in the email, use another source because you could be simply interacting with the fraudster if you use details from the email.
Vendor Impersonation Fraud
Vendor impersonation can occur when a business or organization receives an unsolicited request, purportedly from a valid contractor/vendor to update payment information. The update could be to request a wire or provide a new payment method. Avoid being a victim and take the time to call the supplier to verify the request. Be additionally diligent when the request is from a construction related contractor. Payments to contractors are a favorite target by fraudsters due to their size.
Payroll Impersonation Fraud
Fraudsters target employees by directing them to fake websites or making a request that may seem legitimate such as an email from human resources to make a direct deposit change. Help your employees from being a victim by educating them on various scams and have a specific procedure to update direct deposit information.
Ransomware is a type of malware that will prevent you from accessing your computer files, system, or networks and demands you pay a ransom, via cryptocurrency, for their return. Ransomware is usually distributed through email by sending a malware-embedded attachment. Avoid being a victim by educating your staff on taking time to review emails for legitimacy and be cautious of websites that they are accessing. A few key giveaways in these emails and websites are bad grammar, misspellings, and if the sender has an odd email address. Also, check with your insurance provider to ensure you have a cyber policy with a rider that will help defray the expenses that come with recovering from a ransomware attack. Not only will you have to pay the attackers, but you will have to pay IT professionals to make sure your systems are restored and all malware is removed.
Please take the time to view the guide: Protecting Against Cyber Fraud and share with your staff and friends. As always, feel free to contact us with any concerns or questions you may have about protecting yourself and your businesses from potential fraudsters.
July 16, 2021
Fake Purchase Overpayment/Refund Scam.
Customers are reporting the following : You receive an email indicating that they were charged for a recent purchase on a major name website. The email asks you to verify, and if this is incorrect to call a phone number in the email. When you call the number they apologize and offer to refund the purchase to your card or bank account, if you provide them the information (or they ask for remote control of your PC and you log in to the site). Then, they appear to “deposit” much more than the refund amount. The scammer pretends to panic, and says they will get fired if you don’t get them the extra money back…they tell you to purchase gift cards for the “extra” amount at local stores and then read or photograph the card numbers to them.
The scam here is…they never moved any money to your account, but the gift cards you give them the numbers for, are real money out of your account!
A few key things: 1) don’t call the number in an email about a purchase you did not make; 2) don’t give anyone you don’t know remote access to your PC (and especially not when you are logged in to your online banking); and 3) if you are being asked to purchase gift cards…there is a 99.99% probability it’s a scam!
If you receive any communication like this, stop, don’t give the scammer any personal information. Hang up, then call us at 505.995.1200 and let us know.
April 13, 2021
Scammers are calling Century Bank customers indicating that they are from Century Bank Security.
During these calls the scammers ask customer for their Debit Card Pin, or their Secure Access code for Online banking, or their user ID and password for online banking.
Please note that Century Bank will NEVER call you, and ask for any of these things (we already know all of them except the Secure Access Code).
If you receive a call like this, stop, don’t give the scammer any personal information. Hang up, then call us at 505.9951200 and let us know.
What are some classic warning sights of possible fraud and scams?
- Calling or emailing you, claiming to be from the government and asking you to pay money.
- Asking you to pay money or taxes upfront to receive a prize or gift
- Asking you to wire them money, send money by courier, or put money on a prepaid card or gift card and send it to them.
- Asking for access to your money-such as your ATM cards, bank accounts, credit cards, or investment accounts.
- Pressuring you to "act now" or else the deal will go away. Or someone who seems to be trying hard to give you a "great deal" without time to answer your questions.
Tap. Snap. Send.
That's how easy it is to deposit a check with Century Bank's Remote Deposit Anywhere.