Security Resources


Century Bank is concerned about cyber security for our clients.

This page is dedicated to showing you pertinent information to protect you, your businesses, and your families by sharing news, updates, and articles regarding cyber security.
October 2, 2025
 
Protect Yourself and Your Money from the Bad Guys!
 

Fraud is on the rise.  Protect yourself by learning how to spot fraud and the actions to take to defend yourself. 

 

Although you may not be the person in your organization that is initiating payments, it is in your company’s best interest to understand how funds are sent out and verify proper internal controls are in place.   Please read and review this information with your employees.

 

These are some of the classic scamming techniques that you should be aware of:
  1. Your vendor is compromised.  Fraudster gets access to your vendor’s email and send you an invoice for payment that includes new or updated wiring or ACH instructions.
  2. Fraudster creates a fake e-mail that looks like it came from your vendor geico.com vs.  gieco.com.
  3. Your bookkeeper receives an email from the “CEO” wanting them to send money out. 
  4. Payment requests from a regular vendor that are not scheduled.
  5. Suspicious payment details, misspellings, fake invoices, multiple fonts, unusual beneficiary name, etc.
  6. Rushed requests

Types of Information
  1. Sending funds to brand new vendor/person that you have not sent to before
  2. Updating instructions from a good vendor but is now sending to a different bank and account number.  Please note that some banks will credit by account number only and they do NOT look at the name of the beneficiary.  

Things you can do
  • Call to verify instructions on any new or updates.  Make sure to use phone number that is from a valid source.  Don’t call the phone number that was on an e-mail.
  • Do NOT click on any email links. 
  • Setup dual control on your online banking (if you have not already done so).  This can be setup for all outgoing wire/ACH transactions or just above a certain dollar threshold.
  • Check with your insurance company to see if you are covered for cybersecurity fraud. 
  • Setup Positive Pay to review checks that you have issued to others and ACH debits/credits posting to your account.
  • Call Treasury Management 505.995.1300 for more information. 

 

The information outlines current fraud trends and provides steps to help limit your risk.  New fraud schemes are constantly emerging.  Staying ahead of fraud requires continuous vigilance.

 

 
August 5, 2025 
 
FBI Warnings: Crypto, Fraud, & More

The FBI’s Internet Crime Complaint Center received more than 10,956 complaints involving CVC (Convertible Virtual Currency) kiosks in 2024, with reported victim losses of approximately $246.7 million. The figures represent a 99% increase in the number of complaints and a 31% increase in reported victim losses from the previous year. 

Being asked to withdraw money from the bank and converting it to cryptocurrency, or gift cards is a huge red flag that what you are being asked to do is a scam! 

Help us help you and ask questions of your banker if someone has asked you to withdraw money from the bank!

 

July 17, 2025

National Disasters = New Charity & Authority Scams
 

As we’ve warned before, disasters often bring out scam charities claiming to help victims. Recent flooding in New Mexico and Texas is no exception. If you'd like to help, donate to a reputable charity. Use resources like Charity Watch or Charity Navigator to verify legitimacy.

We’ve also frequently warned that scammers spoof phone numbers — including ours. The FBI and New Mexico State Treasurer now report that fraudsters are also spoofing numbers from federal and local agencies like the ATF, U.S. Marshals, and Social Security. Scams include fake claims about frozen Social Security numbers, jailed relatives needing GPS monitoring, or unpaid fines.

These scammers typically demand payment via gift cards, wire transfers, or cryptocurrency ATMs—none of which are used by legitimate government agencies.

 

June 20, 2025 
 
Deep Fakes: AI Scams Are on The Rise
 
We all know to be skeptical of texts or emails from our "boss" urgently asking for money, right? But what if it's a phone call or a video request? Criminals are now using AI to create deep fakes - voice and video impersonations so convincing they're hard to tell apart from the real person. 
 
Imagine getting a phone call from your "child" in trouble, asking for money. With AI, a few samples of their voice can fool you, making it harder to confirm the situation like you would with a text. Scammers are using this tactic to make online scams harder to detect. 
 
Remember the old saying, "On the internet, no one knows you're a dog?" In the world of dating apps, we expect people to touch up their photos, but what if that same person, after building trust, asks for money to cover a "surprise expense" or pitches a "get-rich-quick" cryptocurrency scheme? This is a common scam known as "pig butchering", where victims lose large sums believing they'll gain more in return. 
 
The best advice: If a message arrives unexpectedly asking you to do something new, research the request, using a trusted method before acting." 
 
In short: If it seems too good to be true, it probably is. Millions of people fall victim to scams every year, losing billions of dollars. If someone asks you for money, consult your banker first. Together, we can protect your finances!
 
 
 
May 7, 2025
 
Encrypted Emails & When to Know it is From Century Bank
 
We send encrypted emails to protect your personal information—and to let you reply securely. But since it's hard to tell who sent an encrypted message, we’ll always call you or send a separate unencrypted email first to let you know it's coming.
 
If you didn't get that heads-up, don't open the encrypted email.
IT IS NOT FROM US! 
 
Stay safe - together we can protect your information and your money! 

















































Don't forget to check out our Identity Theft and Security page to learn more about this crime and ways you can protect yourself from having your identity stolen!
Scammers are getting smarter, but so are we. Fraudsters often pose as banks, even spoofing our phone number to make it seem like we’re calling you. But here’s how to tell the difference and keep your accounts safe.
 
When We Call You
  • We use the phone number in our records.
  • We may ask you to confirm your identity but will never request your account number, Social Security Number (SSN), or other personal details we already have.
  • If someone claiming to be from Century Bank asks for this information, it’s a scam—hang up and call us directly.
 
When You Call Us (or if someone pretends to be you)
  • We verify your identity with security questions that only you should know—not easily stolen details like your address or SSN.
  • We never ask for Secure Access Codes (SACs) sent to you.
  • If you receive an SAC for a transaction you didn’t authorize, call us immediately.
 
Your Best Defense? Stay Alert
  • Scammers rely on confusion and panic. The best way to protect yourself is to pause, verify, and never share sensitive, static information. By working together, we can keep your money safe and secure.
  • Help us help you—vigilance is your best protection!
If you use Microsoft Edge, there's a new security setting to protect you from "scareware" pop-ups.
 
Fraudsters often use pop-ups like, "Microsoft has detected an issue with your PC. Call now!" or "McAfee Antivirus has found an infection. Call now!" These scams try to rush you into calling a number or clicking a link, aiming to steal your financial information.
 
To block these pop-ups in Edge:
  1. Go to Settings > Cookies and site permissions.
  2. Under "All permissions," select Pop-ups and redirects.
  3. Toggle on "Block (recommended)."
At work, this setting is already enabled. If you use Edge at home, it's a good idea to enable it as well to protect yourself from scams.
At Century Bank, we’ll never ask for your Social Security Number (SSN) or date of birth (DOB) to confirm your identity. Why? We already have that information on file, and frankly, it’s not secure anymore. Over the past decade, countless data breaches have compromised sensitive information, making it unreliable for verification. Scammers know this too, and they’ll use it to trick you.
 
If you get a call claiming to be from Century Bank, don’t answer questions like your SSN or DOB. Scammers can turn this info around and pretend to be you. Instead, here’s what you should do:
 
  • Ask for the caller’s name.
  • Hang up.
  • Look up Century Bank’s official number (don’t rely on the caller ID—it can be spoofed).
  • Call us directly and ask for the individual who reached out.
If it’s a legitimate call, you’ll be connected to the person. If not? You just outsmarted a scam!
 
When you call us, we’ll verify your identity using details only you’d know, like your recent transactions—when they occurred, for how much, and which account they involved. These change frequently, making them safer than static information like SSNs.
 
Remember: scammers can’t succeed without your help. Never share permanent, sensitive information over the phone. Stay alert, and together, we’ll keep your accounts and identity secure.
 
Help us help you protect your money. Vigilance is your best defense!
In movies, the brilliant hacker always bypasses security, but in real life, multi-factor authentication (MFA) can be nearly foolproof. It requires both something you know (like a password) and something you have (like a code sent to your phone). As long as your security codes aren’t sent to an easily hackable email or phone number, and you notice quickly if your phone goes missing, MFA should keep you safe.
 
However, if a hacker manages to contact you directly, asking for your password, one-time secure access code (SAC), or account info, it doesn’t matter how secure your system is. Be cautious if you receive a call—even if the caller ID appears legitimate, like from your bank—and they ask for sensitive information that they should already have. Remember, caller ID can be easily spoofed.
 
If you ever get such a call, don’t provide any personal information. Instead, ask for a contact name and call them back using a trusted number from your phone or the company’s website—not the number they gave you. This ensures you're speaking with a legitimate representative, not a scammer.
 
By staying vigilant and using available security features correctly, we can work together to protect your money.
Almost everyone has encountered scare emails claiming, "I know what you’ve been watching on your PC, and if you don’t pay, I’ll tell all your friends." Often, these scammers also allege they’ve hacked into your camera and captured compromising images.
 
Now, with AI and a recent breach of 2.9 billion personal records—six times the population of the U.S.—the tactics are becoming more sophisticated. Scammers can include real details like your home address and phone number, and even a photo of your house (thanks to Google Street View), making their threats feel more credible.
 
These emails typically contain PDFs, which are images disguised as PDFs to slip past email filters.
 
So, we have a highly personalized ransom note that can bypass many security measures. It’s crucial not to send any money, and if you encounter someone who’s been targeted, encourage them to resist the urge to pay. Remember, these scammers don’t know anything more about you than those behind classic scams, like the infamous Nigerian prince—just using better tools to manipulate their victims.
Since much of our family information these days comes from posts on Facebook, scammers have a way to pull on your heartstrings and your wallet at the same time.
 
Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Recently, these scammers have branched out into offering fake streaming services for nearly any kind of event advertised on Facebook.
 
If you receive a message about someone streaming the funeral of someone you know - confirm, by contacting other people you know who would know the presumed deceased, that this is happening. No reputable funeral service is going to charge the attending mourners for the service, those costs would be billed to the family of the deceased who made the arrangements for the video feed. If you are asked for money to stream the funeral (or another event) of someone…it’s a scam!
Major news events are often used as subjects in phishing emails. Hurricanes and other natural disasters, the recent assassination attempt on Donald Trump, and others will not be exceptions.
 
The phishing emails will take a few common forms. Some may contain links to a “video” of the event which, when clicked, will attempt to load malware on your computer. Others will involve fake donation sites that collect your credit/debit card information and other financial information so they can be used for identity theft.
 
Be very careful when opening this type of email. Don’t click on links to a “video” in the emails. Go to a trusted news source, there will be plenty of video there. Make sure you research the organization behind any donation requests so you know your money will reach where you want it to.
 
Help us protect your money and personal information by being careful and “Think before you click.”
QR codes are popping up in many places. They are being used in emails (and as emails that get converted to SMS messages to your phone), because…no matter the destination of the QR code, the email filter doesn’t block it (unless it’s a very high-end filter and runs the code in a sandbox to test it as part of the filtering). Often these codes are sent in emails that appear to come from banks or government agencies. The sites are often copied from the real site, and thus look very official.  At the very least, if the scammer can get you to provide a username and password at the site, they can test that to see if you’ve re-used the password on other sites.  If they can get you to enter other information like your SSN, credit/debit card number, date of birth, they can use all of that to try and pretend to be you if they call Century Bank (or your credit card company).
 
Any email containing a QR code should be viewed with suspicion. Were you expecting the email? Can you call the sender and confirm they sent it (don’t use a telephone number included in the email with the QR code)? Any destination reached after scanning a QR code should be viewed with suspicion as well, especially if it indicates something needs to be done urgently.
 
Be careful and verify any QR code before scanning.  If you do that, you won’t get quished!
In 2022, scammers stole over $8.8 billion from regular people like you. Think you know the five red flags of phishing in e-mail, calls, and text messages.
 
The American Bankers Association's website Bank Never Ask That provides a document that give great Phishing Scam Tips. Follow the link below to learn more.
 
A common practice among fraudsters is creating a domain name that is slightly misspelled from what could be a legitimate site.  That one letter difference could be the only way to know the site is a fake. The subtle difference between a domain including the word “online” and the misspelled “onlune” might be your only clue if fraudsters have cloned the real website for the target organization.
 
The practice is called typo squatting. Sometimes it’s used to try to get the legitimate organization to pay a premium to take over the domain so that the bad guys don’t use it when someone accidentally mistypes a word in a website name. It can also be used as a target for links sent via email or text message, which people might click on if they don’t carefully read the site name. Most often the purpose of this is to direct the victim to a login page where they enter their credentials (username and password) for the real site, and the thieves capture that information. We will send you a secure access code in addition to your user ID and password. That is only secure if you never give the passcode to anyone who calls you (especially if you receive a secure access code and you haven’t recently tried to login to the site).
 
Remember:
1) Century Bank will not call and ask you for your password or secure access code.
2) Carefully check the name of any site you typed in, or especially if you were sent a link to be sure there is no misspelling.
 
Customer Support and "Fraud Department" calls are often social engineering.
If you receive a call claiming to be from Century Bank’s fraud department or customer support, or from any other company you do business with, and you didn’t create a previous service request - the call, email, or SMS text is most likely a scam.  Often the first things you are asked are to “identify yourself” by providing your Social Security number, account number, date of birth, etc., and it is collecting this information that is the real purpose of the contact.
 
Personal identifying information is currency in the criminal world.  If a scammer can get you to give up information, they can then sell that to a site on the dark web for someone to try to put together with other information.  The more data they have about you personally the more likely they can rip you off. They can pretend to be you over the phone or by email (anywhere that they don’t have to produce official identification).  There’s a reason your driver’s license is hard to fake these days with several built-in security features. A backstop so scammers can’t use a fake to rip you the legitimate owner off.
 
Don’t give information to anyone who calls, texts, or emails you if you didn’t initiate the exchange.  Get a “case number” from the person contacting you, then look up a valid phone number, call the business back, and ask about the case number you were given.  If the business doesn’t know anything about the “case” (as will most often be true) the care you have taken has just saved you money you might have lost in a future rip-off.
Note Century Bank may send you a text message to confirm (or not) a suspicious transaction. As you can see, our message only asks that you respond Y or N. No other information is requested. It is important that you respond to these messages so we know and can help protect you if thieves are faking your card in purchases.  If you don’t respond to one of these texts, we may have to lock your card until we can contact you.
 
August 29, 2023 | Beware! More Fraudulent Texts & Emails on the Rise. 
When you receive something unexpected by text or email, remember to think before you click and call us directly.
The most recent scam links all have the word “Century” in the site name. They are using domains such as “.online” or “.tech”.
 
These are fraudulent – don’t click and report as JUNK:
  • Usermycentury.tech
  • Help-mycenturyreport.tech
  • Mycenturymember.tech
  • Mycenturyreport.online
Emails are also being used including not only “Century”, but “CenturyBank” as well in the sender’s name. For example:
  • centurybanksupport “@” servicesalert.info
  • mycenturysms “@” servicesalert.info
  • bankalerts “@” mycenturyhelp.tech
Remember, think before you click, and call us at 505.995.1200, to check anything that you don’t trust.
Think Before You Click | Call Us Instead!
 
Someone is sending text messages to a large number of phones in the 505-area code (not just to our customers) with links to various sites, some of which have “century” somewhere in the name, and the link appears to load a login page for our Online Banking. If you enter your credentials, the thieves now have that, they will call you to get the one-time code we send you and then, using the information you have provided, they can set up bill pay or Zelle transfers to accounts they control with your money. Worse still, they can change the cell phone associated with your account and the password, and now they have access to your money, and you don’t.
 
Here are the most important things to remember:
  • We will never send you a text with a link in it.
  • We will never call you and ask for your SAC code (the one-time code when you log in), or debit card or account number, or your personal information (SSN, DOB, address, etc.).
  • For any link, no matter how you receive it, look carefully at it. If you can’t tell exactly where the link is going - DON'T CLICK ON IT (websites can also try to infect machines that just visit them, which is another type of computer crime).
If you have any doubts or questions, think before you click and call us instead (look the number up on our website, so you know you’re getting the correct information). 
We have received reports that some customers have received text messages similar to the item below. Even though the link doesn’t look like anything Century Bank related, it lands on a page that was scraped from our Online Banking main page.
 
If credentials are entered, the attackers will then have your user ID and password.
 
Obviously, if you haven’t made a recent payment, this should be an easy fake to spot but the key is, we would send you a one-time code to confirm a transaction, but we would never send a link for you to tap to verify an action. 
The FBI reports that they are seeing an increase in text messages being used to scam people. 
 
The following is an example of such a scam…the recipient doesn’t have an account with US Eagle (but even if the scammer got lucky, and texted this to someone who did have an account with US Eagle…it’s still a scam). 
 
What are the clues?  There is nothing in the sender name that indicates this sender is associated with US Eagle. US Eagle is not even clearly identified - just Eagle F.C.U., which folks who know US Eagle will infer means that. Look at the link to Restore -useaglefrcuhelp.cc. It’s all designed to look almost legit and hope the panicked recipient won’t bother to look too closely (after all it says their account has been locked).
 
What happens if you click the link?  You probably get sent to a login page that may have been ripped off from the actual US Eagle website, but the username and password you enter will go to the scammers, who will then promptly use it to access the account. They will try to change the password (so you will be locked out), and then they will try to change the phone number where your alert texts are sent to a number they control (so they can capture the one-time security codes needed to complete transferring money out of the account). Until you click on the link, the only thing the scammer has is a phone number, and the off chance that you might bank with a particular institution.  If you respond, you give them the information they need to take your money.
 
It’s your money! It’s important that you look very carefully at any message (text, phone call, email, or postal mail) to make sure it’s really from a company you trust. We make every effort to keep your accounts safe. Don’t get rushed into doing the wrong thing!
The FDIC has warned that emails with the subject “New ZixCorp secured message from the FDIC” are being sent to consumers from a sender shown as fdic.notification@zixmessagecenter.com  The purpose of these emails is to take advantage of recent news involving the FDIC and to use that to try and get victims to enter their email and password, which will then be used by the scammers in attacks against other services in the event that the victim uses the same password for multiple websites.
 
The body of the message states:
“New ZixCorp secured message from FDIC. Click here: <link omitted> to Open Message To view the secured message, click on the above link to open message.”
 
The messages may include a comment stating that the message will expire at a certain date and time, to create a sense of urgency.
 
The linked website in the message leads to an unsophisticated page that states “Login to View Your Message” and has two data entry fields labeled “Email Address” and “Enter Your Correct Email Password.”
 
Spoofing phone numbers is easy and cheap, and crooks do it all the time. Often the crooks call from a spoofed Century Bank number. They will say they are from the fraud department and are calling about some recent charges that look suspicious. They are trying to get you to give them information that (if they really were from Century Bank) they would already have. Like your Online Banking Username, or your secret question. Never give anything that is part of your account login (username/password/PIN/secret question), or transaction verification process (SAC code), to anyone who calls you, no matter who they appear to be.
 
Call back to a number you looked up and entered. Don’t click on a link in an email or text message which may not go where the visible text seems to indicate and don’t trust the number showing on your caller ID. 
 
All the pieces involved in the security of your banking accounts are important…your username and password when accessing Online Banking, Secure Access Codes you receive from Online Banking, and the PIN you use as a password when accessing telephone banking. None of these should ever be given to anyone. If you suspect one has been compromised, you should immediately change it and call us at 505.995.1200.
 
Our Online Banking provider has detected a scam where the scammers compromise the victim’s telephone banking PIN (in many cases by asking them for it). The scammer confirms the PIN by making a micro deposit of just a few cents. This is a common first step for a new bill pay being set up. Using the compromised PIN, which they have confirmed with the micro deposit, the scammer then sets up transfers out of the account.
 
We have procedures in place to prevent this (as does our Online Banking provider), but, the more personal information the scammer has, the harder it is for us to be certain it is not really our customer with whom we are dealing.
 
If you see unexpected micro deposits (especially if you are not in the process of setting up a new bill pay or setting up an external transfer arrangement), or if you suspect any of your account access credentials have been compromised, contact Century Bank immediately so we can assist you in continuing to protect your accounts!
Cell phone users in the 505 area code are receiving text messages telling people to call now, your debit card has been locked!
 
The text message does not indicate the name of the bank that issued the “locked” card. They just use your phone number as the “account number". But the scammers are hoping that you will not pay attention to that, because…oh my gosh, your debit card could be locked!
If you call the number the scammers will get as much personally identifiable information as you will give them such as your name, date of birth, Social Security number, real account numbers, and passwords and if you talk, they will keep asking questions. All that information can be used against you in future identity theft efforts.
 
Do not fall for the fake pressure! Don't call the number provided in text messages (or in a pop up on your computer). If you need to contact a company, look up the information at a site you know and trust, and dial the number yourself (do not click a link that may not go where it says).
Scammers are counting on you to not pay close attention and to not pause and think. Do not fall for it!
Customers are reporting the following: You receive an email or text message indicating that you have been charged for a recent purchase on a major name website or store. The message asks you to verify, and if this is incorrect to call the phone number in the message to prevent/reverse the charge. The message may even indicate that it comes from the fraud department. When you call the number, they apologize and offer to refund the purchase to your card or bank account, or they may ask you to use Zelle to send money to yourself. If you provide them with your account information (or they ask for remote control of your PC and you log in to the site), they will then ask for the security code you receive. Using the security code, the fraudster registers their bank account with Zelle using your information. Your payment to “yourself” goes to their account. Remember sending money with Zelle is like handing someone cash…there is little ability to get it back once sent, so…never transfer to anyone you do not know well.
 
In other variations of this scam, they appear to “deposit” much more than the refund amount. The scammer pretends to panic and says they will be fired if you do not get them the extra money back…they tell you to purchase gift cards for the “extra” amount at local stores and then read or photograph the card numbers to them. The scam here is…they never moved any money to your account, but the gift cards you give them the numbers for, are real money out of your account!
 
A few key things: 1) don’t call the number in an email or text message about a purchase you did not make; 2) don’t give anyone you don’t know remote access to your PC (and especially not when you are logged in to your online banking); 3) never give anyone the secure access code you were sent for a transaction (if you do, then it ceases to be secure); and 4) if you are being asked to purchase gift cards…there is a 99.99% probability it’s a scam!
 
If you receive any communication like what is described above, stop, and do not give the scammer any personal information.  Hang up, then call us at 505.995.1200 and let us know.
A word of caution when using Mobile Payment apps. If they are asking for your Secure Access Code…it’s a scam!
If you are doing a transaction with anyone, and they are asking for the Secure Access Code from your mobile banking app…It’s a scam!
 
Whether you are using the Zelle Peer to-Peer payment option (and that should only be used for persons whom you know well), or any other option in our online banking, if you are being asked by the remote party for the Secure Access Code (SAC), the other party is trying to steal access to your bank account!  We use the combination of the randomly generated and time-limited Secure Access code, which is sent to a device we know belongs to you, and your password to secure your personal accounts. It is called multi-factor authentication. If you re-use passwords across multiple websites (which you shouldn’t) thieves may be able to easily guess or steal your password.  The SAC provides an additional layer of protection for your information and your money.
 
Remember, Century Bank will never ask you for a Secure Access code during a call. If you receive a call that looks like it is from Century Bank (and thieves will spoof our caller ID, it’s not hard to do), and you are asked for your SAC…hang up and contact a Customer Service representative right away. Questions? Call 505.995.1200.
Century Bank has been made aware of third-party app stores that are hosting what appear to be copies of the MyCenturyBank Mobile banking app.  We are working to get these removed, because, it is highly likely that these apps also include other features such as Keyloggers or other malware that could compromise your personal information when entered using them.  Always download apps that access sensitive personal information from either the developing company directly, or from the official Apple or Google Play stores.  Those stores have measures in place to ensure that the apps they host are legitimate products and don’t contain any dangerous “extra” features.
If you have ever used social media, you have probably seen a “quiz” like the one below.
  • Which pet should you get? Answer these questions to find out:
  • Have you ever traveled outside of the country?
  • What town did you grow up in?
  • Who is your favorite fictional character?
 
Now it’s time for your results: You got... a phish!
 
That’s right, the answers to these simple questions could give cybercriminals the data they need to gain access to your sensitive information.
 
How Can Cybercriminals Use This Information?
The questions in a social media quiz may seem trivial, but your answers reveal a lot about you. Let’s look at how cybercriminals could use your answers to the questions above:
 
Have you ever traveled outside of the country?
This question reveals whether you have a passport. Knowing which forms of identification you have could help a cybercriminal steal your identity.
 
What town did you grow up in?
This question reveals a detail that can be used to verify your identity. The town where you grew up could also be where you were born, where you went to high school, or where you met your partner. Cybercriminals could use this information to answer security questions and gain access to an important account.
 
Who is your favorite fictional character?
This question reveals your interests. Knowing what books or movies you enjoy could provide cybercriminals with a hint to crack your password. Cybercriminals could also use this information to target you on social media. Claiming to have a shared interest is an easy way for cybercriminals to appear friendly and trustworthy.
 
Remember These Tips to Stay Safe
Don’t share any information online that you wouldn’t want to make public. No matter how cautious you are, any information posted on social media can still fall into the wrong hands. 
Social media platforms have many security options that can easily be overlooked, such as your tagged photo settings. Review and edit your privacy settings to be sure your information is kept safe. 
The next time you see a friend or family member post a quiz on social media, inform them of the risks involved. They may share sensitive information that you both have in common, such as your hometown. Cybercriminals may realize this connection, so your friend’s post could put you and others at risk.
 
Be cautious with where you go, and what you do when on the internet (both at work and at home) and don’t provide criminals with information that can turn you into a victim.
Did you know that 74% of all U. S. organizations experienced attempted or actual payment fraud in 2020? As partners in your financial safety, your team at Century Bank wants to remind you of the potential scams that could impact your organization. Please be vigilant. It’s not a matter of if, but rather when your organization will be attacked.
 
These schemes can cost your business as little as a thousand dollars or more than a million. Could your business weather a half-million or million-dollar loss? Could you possibly be terminated if your employer experiences an avoidable loss due to payment fraud when you did not follow company policy or the tips listed below?
 
Below we have highlighted a few of the most prevalent fraud schemes from the guide: Protecting Against Cyber Fraud, produced by the National Association of Clearing Houses.
 
Business Email Compromise (BEC)
Have you received an email from a vendor or your boss requesting that a wire or ACH be sent immediately or to a new bank account number? Fraudsters have been compromising or impersonating valid business email addresses to make such a request and unfortunately, your most vulnerable department is accounts payable, as these departments were the target of 61% of all BEC fraud attempts in 2020. Avoid being a victim and require that you and your staff take the time to pick up the phone and call the sender to verify the validity of the request. DO NOT use the contact information in the email; use another source because you could be simply interacting with the fraudster if you use details from the email. 
 
Vendor Impersonation Fraud
Vendor impersonation can occur when a business or organization receives an unsolicited request, purportedly from a valid contractor/vendor, to update payment information. The update could be to request a wire or provide a new payment method. Avoid being a victim and take the time to call the supplier to verify the request. Be additionally diligent when the request is from a construction-related contractor. Payments to contractors are a favorite target for fraudsters due to their size. 
 
Payroll Impersonation Fraud
Fraudsters target employees by directing them to fake websites or making a request that may seem legitimate, such as an email from human resources to make a direct deposit change. Help your employees from being a victims by educating them on various scams and having a specific procedure to update direct deposit information.
 
Ransomware Attacks
Ransomware is a type of malware that prevents you from accessing your computer files, system, or networks and demands you pay a ransom, via cryptocurrency, for their return. Ransomware is usually distributed through email by sending a malware-embedded attachment. Avoid being a victim by educating your staff on taking time to review emails for legitimacy and be cautious of websites that they are accessing. A few key giveaways in these emails and websites are bad grammar, misspellings, and if the sender has an odd email address. Also, check with your insurance provider to ensure you have a cyber policy with a rider that will help defray the expenses that come with recovering from a ransomware attack. Not only will you have to pay the attackers, but you will have to pay IT professionals to make sure your systems are restored and all malware is removed.
 
Please take the time to view the guide: Protecting Against Cyber Fraud and share with your staff and friends. As always, feel free to contact us with any concerns or questions you may have about protecting yourself and your businesses from potential fraudsters.
 
Customers are reporting the following:  You receive an email indicating that they were charged for a recent purchase on a major name website.  The email asks you to verify, and if this is incorrect, to call a phone number in the email.  When you call the number, they apologize and offer to refund the purchase to your card or bank account, if you provide them the information (or they ask for remote control of your PC and you log in to the site).  Then, they appear to “deposit” much more than the refund amount.  The scammer pretends to panic, and says they will get fired if you don’t get them the extra money back…they tell you to purchase gift cards for the “extra” amount at local stores and then read or photograph the card numbers to them.
 
The scam here is…they never moved any money to your account, but the gift cards you give them the numbers for, are real money out of your account!
 
A few key things: 1) don’t call the number in an email about a purchase you did not make; 2) don’t give anyone you don’t know remote access to your PC (and especially not when you are logged in to your online banking); and 3) if you are being asked to purchase gift cards…there is a 99.99% probability it’s a scam!
 
If you receive any communication like this, stop, don’t give the scammer any personal information.  Hang up, then call us at 505.995.1200 and let us know.
During these calls, the scammers ask customers for their Debit Card PIN, or their Secure Access code for Online banking, or their user ID and password for online banking.
 
Please note that Century Bank will NEVER call you, and ask for any of these things (we already know all of them except the Secure Access Code).
If you receive a call like this, stop, don’t give the scammer any personal information.  Hang up, then call us at 505.9951200 and let us know.
What are some classic warning signs of possible fraud and scams?
 
There are several signs that indicate you might be dealing with a scammer.
 
They include contact from someone:
  • Calling or emailing you, claiming to be from the government, and asking you to pay money.
  • Asking you to pay money or taxes upfront to receive a prize or gift
  • Asking you to wire them money, send money by courier, or put money on a prepaid card or gift card and send it to them.
  • Asking for access to your money-such as your ATM cards, bank accounts, credit cards, or investment accounts.
    Pressuring you to "act now" or else the deal will go away. Or someone who seems to be trying hard to give you a "great deal" without time to answer your questions.
To report a scam, you can submit a complaint to the Federal Trade Commission. You can also contact your local police or sheriff's office or your state attorney general's office to report the scam. 
 
Visit the National Association of Attorneys General for the contact information of each state attorney general.