• Latest Consumer Protection Data Spotlight Finds Seniors Sending Thousands in Cash to Scammers Claiming to be their Grandchildren

    December 03, 2018, 3:54 PM

    Older consumers who report losing money to fraud are reporting a disturbing trend: Scammers claiming to be a loved one in trouble are getting people 70 and over to send thousands of dollars in cash.

    In the second Consumer Protection Data Spotlight, the Federal Trade Commission examined complaints about family and friend imposter scams. These scammers often call seniors claiming to be a grandchild. The FTC is seeing an increase in the number of people ages 70 and over who say they sent cash in response to this particular scam – one in four said they mailed cash in 2018, compared to one in fourteen the prior year. In about half of these types of complaints, the scammer said they were in jail or some other legal trouble and in need of money to get out of trouble.

    All age groups reported losing more money over the last 12 months to family and friend imposter scams – a total of $41 million, compared to $26 million the previous year. The most striking concern is individual losses by older Americans. The median loss for this scam was $2,000, but when seniors ages 70 and over said they put cash in the mail, their median loss was $9,000.

    The FTC urges those who might get such a call to not act right away. Instead, the FTC recommends calling the family member or friend using a known number, or checking out the request with someone else in their family or a mutual friend.

    Source: Federal Trade Commission 
  • Preventing and Responding to Identity Theft

    December 03, 2018, 3:51 PM

    Is identity theft just a problem for people who submit information online?

    You can be a victim of identity theft even if you never use a computer. Malicious people may be able to obtain personal information (such as credit card numbers, phone numbers, account numbers, and addresses) by stealing your wallet, overhearing a phone conversation, rummaging through your trash (a practice known as dumpster diving), or picking up a receipt at a restaurant that has your account number on it. If a thief has enough information, he or she may be able to impersonate you to purchase items, open new accounts, or apply for loans.

    The internet has made it easier for thieves to obtain personal and financial data. Most companies and other institutions store information about their clients in databases; if a thief can access that database, he or she can obtain information about many people at once rather than focus on one person at a time. The internet has also made it easier for thieves to sell or trade the information, making it more difficult for law enforcement to identify and apprehend the criminals.

    How are victims of online identity theft chosen?

    Identity theft is usually a crime of opportunity, so you may be victimized simply because your information is available. Thieves may target customers of certain companies for a variety of reasons; for example, a company database is easily accessible, the demographics of the customers are appealing, or there is a market for specific information. If your information is stored in a database that is compromised, you may become a victim of identity theft.

    Are there ways to avoid being a victim?

    Unfortunately, there is no way to guarantee that you will not be a victim of online identity theft. However, there are ways to minimize your risk:

    • Do business with reputable companies – Before providing any personal or financial information, make sure that you are interacting with a reputable, established company. Some attackers may try to trick you by creating malicious web sites that appear to be legitimate, so you should verify the legitimacy before supplying any information. (See Avoiding Social Engineering and Phishing Attacks and Understanding Web Site Certificates for more information.)
    • Take advantage of security features – Passwords and other security features add layers of protection if used appropriately. (See Choosing and Protecting Passwords and Supplementing Passwords for more information.)
    • Check privacy policies – Take precautions when providing information, and make sure to check published privacy policies to see how a company will use or distribute your information. (See Protecting Your Privacy and How Anonymous Are You? for more information.) Many companies allow customers to request that their information not be shared with other companies; you should be able to locate the details in your account literature or by contacting the company directly.
    • Be careful what information you publicize – Attackers may be able to piece together information from a variety of sources. Avoid posting personal data in public forums. (See Guidelines for Publishing Information Online for more information.)
    • Use and maintain anti-virus software and a firewall – Protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave you vulnerable by using anti-virus software and a firewall. (See Understanding Anti-Virus Software and Understanding Firewalls for more information.) Make sure to keep your virus definitions up to date.
    • Be aware of your account activity – Pay attention to your statements, and check your credit report yearly. You are entitled to a free copy of your credit report from each of the main credit reporting companies once every twelve months. (See AnnualCreditReport.com for more information.)

    How do you know if your identity has been stolen?

    Companies have different policies for notifying customers when they discover that someone has accessed a customer database. However, you should be aware of changes in your normal account activity. The following are examples of changes that could indicate that someone has accessed your information:

    • unusual or unexplainable charges on your bills
    • phone calls or bills for accounts, products, or services that you do not have
    • failure to receive regular bills or mail
    • new, strange accounts appearing on your credit report
    • unexpected denial of your credit card

    What can you do if you suspect or know that your identity has been stolen?

    Recovering from identity theft can be a long, stressful, and potentially costly process. Many credit card companies have adopted policies that try to minimize the amount of money you are liable for, but the implications can extend beyond your existing accounts. To minimize the extent of the damage, take action as soon as possible:

    • Start by visiting IdentityTheft.gov – This is a trusted, one-stop resource to help you report and recover from identity theft. Information provided here includes checklists, sample letters, and links to other resources.
    • Possible next steps in the process – You may need to contact credit reporting agencies or companies where you have accounts, file police or other official reports, and consider other information that may have been compromised.

    Other sites that offer information and guidance for recovering from identity theft are:


    Source: United States Computer Emergency Readiness Team
  • 10 Online Mobile Security Tips

    November 27, 2018, 11:22 AM

    As your options for purchasing and banking online grow, so does the need to safeguard your security and privacy while using the internet on your mobile device. Online security protects you from fraudulent intrusion as well as the careless release of your sensitive data.

    Sometimes, mobile security is as simple as a frequent review of your bank accounts to ensure that nothing unauthorized has occurred. But there are other things you can do to stay safe in an online environment.

    Here are 10 online mobile security tips to help protect your money and your sensitive data.

    1. Use strong passwords

    A strong password is the first step in mobile security. This is something that can't be easily guessed by either another human or a computer program. The strongest password should have at least eight characters and include letters, numbers, and symbols. Make sure you are using different passwords for your various online accounts.

    2. Avoid vulnerable numbers

    It's never a good idea to use identifying numbers as part of your password, personal identification number (PIN), or user ID. This includes parts of your Social Security number, birth date, age, or those of loved ones. This is information that someone else could find and use to access your account.

    3. Watch for strange emails

    Your bank will never send you emails requesting that you send them back sensitive data such as your account information or login details. If you receive emails like this, you can call the bank to verify their legitimacy.

    4. Be wary of email attachments

    Avoid clicking on email attachments unless you are 100% sure that you know the sender of the message. Attachments can launch virus programs on your mobile device and compromise your sensitive information. Even if a message appears to come from a friend or familiar company, it's always better to use caution with attachments.

    5. Watch your online sharing

    The more information about yourself you disclose online, the more vulnerable you can become to fraud. Identity thieves are looking for accounts that have plenty of data, so it's a good idea to check your social network privacy settings and curtail your sharing.

    6. Pause before you click

    When shopping and banking online, you can avoid scams by only using sites that have strong security in place. Look for websites that have an "https" at the beginning instead of just "http." That extra "s" indicates that they have put extra security measures in place.

    7. Secure your smartphone

    If you shop, access mobile banking, and have any other sensitive data on your smartphone, keep it secure. You can do this by turning on the screen lock function of your phone. After a set period of inactivity, your screen will lock and the phone will ask for a passcode or your fingerprint to be used again.

    8. Don't store sensitive data on your phone

    Certain sensitive data should not be stored on a mobile device. This includes bank account numbers, PINs, Social Security numbers, and credit card numbers. If you use a mobile banking app, your bank will not display this data on the app.

    9. Use caution with apps

    Speaking of apps, it's a good idea to think twice before downloading new ones. Carefully read the app's privacy policy so that you understand what personal data the company can access, use, and even sell to others.

    10. Update your technology

    Mobile devices run on an operating system (generally iOS or Android), and these systems often have security patches in each version. You should not only keep your operating system updated but also consider an additional mobile antivirus program.

    City Bank Cares About Your Personal Information

    By following these mobile security tips, you can help prevent your sensitive information from getting into the wrong hands. If you suspect that your banking data has been compromised, contact us immediately.

    At City Bank, we take your privacy and security seriously. We use a layered approach to help protect your identity and financial accounts. If you have any concerns about mobile security, we're here to answer your questions.

  • IRS warns of “Tax Transcript” email scam; dangers to business networks

    November 20, 2018, 2:20 PM

    The Internal Revenue Service and Security Summit partners today warned the public of a surge of fraudulent emails impersonating the IRS and using tax transcripts as bait to entice users to open documents containing malware.

    The scam is especially problematic for businesses whose employees might open the malware because this malware can spread throughout the network and potentially take months to successfully remove.

    This well-known malware, known as Emotet, generally poses as specific banks and financial institutions in its effort to trick people into opening infected documents. The Summit partnership of the IRS, state tax agencies and the nation’s tax industry remind taxpayers to watch out for this scam.

    However, in the past few weeks, the scam masqueraded as the IRS, pretending to be from “IRS Online.” The scam email carries an attachment labeled “Tax Account Transcript” or something similar, and the subject line uses some variation of the phrase “tax transcript.”
    These clues can change with each version of the malware. Scores of these malicious Emotet emails were forwarded to phishing@irs.gov recently.

    The IRS reminds taxpayers it does not send unsolicited emails to the public, nor would it email a sensitive document such as a tax transcript, which is a summary of a tax return. The IRS urges taxpayers not to open the email or the attachment. If using a personal computer, delete or forward the scam email to phishing@irs.gov. If you see these using an employer’s computer, notify the company’s technology professionals.

    The United States Computer Emergency Readiness Team (US-CERT) issued a warning in July about earlier versions of the Emotet in Alert (TA18-201A) Emotet Malware.

    US-CERT has labeled the Emotet Malware “among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors.”

    Source: IRS
  • Holiday Scams and Malware Campaigns

    November 20, 2018, 2:18 PM

    As the holidays approach, NCCIC reminds users to be aware of seasonal scams and malware campaigns. Users should be cautious of unsolicited emails that contain malicious links or attachments with malware, advertisements infected with malware, and requests for donations from fraudulent charitable organizations, which could result in security breaches, identify theft, or financial loss.

    NCCIC recommends the following actions:

    If you believe you are a victim of a scam or malware campaign, consider the following actions:


    Source: US-CERT
  • Spear phishing scammers want more from you

    November 01, 2018, 8:16 AM

    “I’m calling from [pick any bank]. Someone’s been using your debit card ending in 2345 at [pick any retailer]. I’ll need to verify your Social Security number — which ends in 8190, right? — and full debit card information so we can stop this unauthorized activity...”

    So the caller ID shows the name of your bank. And the caller knows some of your personal details. Does that mean it’s legit? No. It’s a scam — and scammers are counting on the call being so unsettling that you might not stop to check your bank statement.

    We’ve started hearing about phone scams like this, which combine two scammer tricks: spear phishing and caller ID spoofing. In a phishing attempt, scammers may make it look like they’re from a legitimate company. And when they call or email with specific details about you — asking you to verify the information in full (things like your Social Security number or address) — that’s called spear phishing.

    The other nasty wrinkle in this scam is caller ID spoofing. That’s when scammers fake their caller ID to trick you into thinking the call is from someone you trust.

    Here’s how you can avoid these scam tactics:

    • Don’t assume your caller ID is proof of whom you’re dealing with. Scammers can make it look like they’re calling from a company or number you trust.
    • If you get a phone call, email, or text from someone asking for your personal information, don’t respond. Instead, check it out using contact info you know is correct.
    • Don’t trust someone just because they have personal information about you. Scammers have ways of getting that information.
    • If you gave a scammer your information, go to IdentityTheft.gov. You’ll learn what to do if the scammer made charges on your accounts.

    Even if you didn’t give personal information to the scammer, report the scam to the FTC. Your reports help us understand what’s happening and can lead to investigations and legal action to shut scammers down.

    Source: Federal Trade Commission