• Video shows how scammers tell you to pay

    August 04, 2020, 3:33 PM

    Scammers make up all kinds of stories to get your money, from telling you that you’ve won a prize, you owe a debt, or your family member is in an emergency. But some things stay the same: scammers want your money, they want it fast, and don’t want you to be able to get it back. They’ll ask you to pay in ways that make it hard to track them down — and once you know what these are, you’ll have one more clue to tell if you’re dealing with a scammer.

    Watch this video to learn how scammers make people pay, and how you can use this information to avoid scams.

    How scammers tell you to pay video

    And next time someone insists you pay using one of these methods, tell the FTC.

    Source: Federal Trade Commission 
  • How Identity Thieves Use Social Engineering

    August 04, 2020, 12:34 PM

    Social engineering is a somewhat misunderstood and often overlooked form of stealing someone’s identity.

    While it still requires a certain amount of finesse and skill, it’s not quite on the same technical level as hacking into a major bank’s computer network and rerouting funds, for example. Instead, social engineering is more like playing detective, letting the bad guy gather clues in order to steal your identity.

    Every bit of information about you—your name, birthdate, phone number, email address, Social Security number, and more—is a piece of your identity puzzle. With enough pieces of the puzzle, a thief can commit a crime; with all of the pieces, a thief can obviously commit bigger, more devastating crimes.

    What can a thief do with just your email address? Depending on your address, it might actually be very easy for someone to figure out what platform you use to host your email. It might be a free host site like Yahoo, Gmail, or Apple’s proprietary platform (me.com), just to name a few, or it might be assigned by your internet service provider, like Att.net, Comcast.net, or Cableone.com. In any case, the last part of your email address, after the @ symbol, tells the thief where to begin. With just your email address, thieves can attempt to login by guessing common passwords or using “roboguessing” software.

    If the thief is lucky and you’ve used a very common password (like 123456 or “password”), then they’ve gained access to your email account. They immediately change your password and lock you out, then begin going to major websites around the internet. All they have to do is click “forgot my password” and enter your email address, then change your password on sites like Amazon, PayPal, Facebook, or Dropbox. After taking control of your accounts, it’s a very simple matter to pretend to be you. They might shop on Amazon, divert funds out of your bank account or credit card account on PayPal, post embarrassing photos and hate-filled text on your social media accounts, or even log into your cloud storage and steal work documents. And it’s all because you didn’t have a strong password on your email account.

    There are other ways to get your information, of course. Perhaps the thief has stolen your smartphone and now has your cell phone number. A simple peek through your old text messages can help them converse with your friends and relatives, easily asking questions that provide the answers to your account security questions. Also, thanks to text message authentication—and the fact that you didn’t passcode protect your phone—they can request text messages containing crucial password reset codes. This step allows them to log into your mobile wallet app, your social media accounts, your online banking, and once again, your email account.

    But breaking into your email or stealing your physical phone are not the only pathways someone can use social engineering to nab your identity.A practice known as “phone hijacking” happens when someone gets enough information about you from a variety of sources, then contacts your cellular provider. Pretending to be you and using a plausible story like a damaged phone, they have your phone number “ported” to their device. Once the transfer is complete, they break into your accounts thanks to text messages containing the necessary codes to change your password.

    So what can you do to protect yourself?

    1. First and foremost, use strong, unique passwords on all of your accounts.

    2. From there, make sure you’re changing those passwords and your security questions frequently.

    3. Next, make sure your devices are passcode-protected in the case of physical theft.

    4. Finally, be aware of what information you’re putting out there, both online and in everyday life.

    Quite often information is gleaned from your Facebook or other social media accounts, such as your hometown or high school you attended. If your mom is one of your Facebook friends, for example, be very careful about posting a “happy birthday, Mom!” message since her maiden name may be in her username. Be smart about what you share, and always think about how someone with harmful intentions can use it against you.

    Source: Identity Theft Resource Center
  • Fake emails about fake money from a fake COVID-19 fund

    July 01, 2020, 1:58 PM

    Because of COVID-19, unemployment rates are high and many people’s cash flows are low. Scammers view these as ripe conditions to strike. They’ll stop at nothing — not even a pandemic — to trick you into sharing your personal or financial information. That includes pretending to be a government official from the Federal Trade Commission to gain your trust. 

    We just heard about an email going around from someone claiming to be from the FTC. This scam email says you’ll get money from a COVID-19 “Global Empowerment Fund.” All you need to do, it says, is respond with your bank account information and they’ll transfer the funds. But that’s a scam. There’s no money and there’s no fund. And it’s not from the FTC. If you get a message like this, don’t respond. Instead, report it to the real FTC at ftc.gov/complaint.

    The FTC will never contact you by phone, email, text message, or social media to ask for your financial information. (Or your Social Security number.) Anyone who does is a scammer, phishing for your information.

    If you’re getting an economic stimulus payment, that money will come from the Internal Revenue Service.

    If you think you gave your financial information to a scammer, go to IdentityTheft.gov for steps you can take to protect yourself.

    To keep up with the latest scams, sign up for the FTC's consumer alerts

    Source: Federal Trade Commission 
  • Scam emails demand Bitcoin, threaten blackmail

    May 06, 2020, 9:44 AM

    The FTC uses the information it gets from people who report scams to keep close watch on trends, so we can alert you to changes. Here’s one: reports of Bitcoin blackmail scams have taken a big jump in the last few weeks. The emails say they hacked into your computer and recorded you visiting adult websites. They threaten to distribute the video to your friends and family within hours, unless you pay into their Bitcoin account. Stop. Don’t pay anything. Delete the message. It’s a scam.

    Based on the timing of this spike, you may get one of these messages because your email was exposed in a recent data breach. The scammers may say they have access to your computer or webcam, or installed clever software to defeat you. That’s all talk. But they may really know one of your old – or recent – passwords, and they include it in the message to prove it. When you see that, you know it’s time to update your password on that account, and consider updating other passwords, too.

    If you, or someone you know, get a message like this, please report it to the FTC at www.FTC.gov/Complaint.

    Source: Federal Trade Commission 
  • Scammers are using COVID-19 messages to scam people

    April 13, 2020, 1:24 PM

    Scammers are experts at shifting tactics and changing their messages to catch you off guard. This is especially true as they take advantage of anxieties related to the Coronavirus. Here’s a quick alert about some current government imposter scams using COVID-19 that are popping up on our radar.

    Medicare scams

    Scammers might call to offer things like a “COVID-19 kit,” “Coronavirus package,” or Medicare benefits related to the virus. But they’ll ask you to verify personal information like your bank account, Social Security, or Medicare numbers. If you get a call from someone who says they’re a Medicare representative and they ask for this information, hang up. It’s a scam, not Medicare calling. Report it to the FTC at ftc.gov/complaint

    Relief payment messages from “government agencies”

    The FTC is getting a lot of reports about fraudulent calls, texts, and emails coming from people pretending to be from the Social Security Administration, IRS, Census, USCIS and the FDIC. These fake government messages might say that you’re approved for money, can get quick relief payments, or get cash grants due to the Coronavirus. Scammers might also promise you small business loans, or send a (phishing) alert that a check is ready to be picked up. These are all scams, and none of those messages come from a government agency.

    If you respond to these calls or messages, they might ask you for money, personal information, or both. Don’t give it. And remember that the surest sign of a scam is anyone who asks you to send cash, pay with a gift card, wire money, or pay with cryptocurrency.

    Stay on top of all types of imposter scams by visiting ftc.gov/imposters, and sign up for the FTC’s Consumer Alerts to get the latest on all kinds of scams.

    Source: Federal Trade Commission 
  • Is that text message about your FedEx package really a scam?

    February 21, 2020, 1:16 PM

    You may be skeptical when someone you don’t know sends you a text message you didn’t expect and it tells you to click on a link. Maybe that little voice in your head starts talking to you. I know mine does. It says, “Hmm, this could be a scam. Maybe someone wants to steal my personal information. Or get me to pay for something.”

    I guess that's why scammers come up with new stories all the time, like a package tracking scam we're hearing about. Here's how it works.

    Scammers send a text message with a fake shipment tracking code and a link to update your delivery preferences. In this case, the message says it’s from FedEx.

    But they might use the name of another well-known shipping company, or the good old U.S. Postal Service.

    Cue that skeptical little voice in your head. Here’s what it might be thinking:

    • “Was I expecting a package delivery?”
    • “Did I send a package to someone?”
    • “Did I ask for text notifications?”

    Tip: If you get an unexpected text message, don’t click on any links. If you think it could be legit, contact the company using a website or phone number you know is real. Don’t use the information in the text message.

    In this version of the scam the link takes you to a fake Amazon website. There, you're invited to take a customer satisfaction survey. And you might just win a free prize. But to get it, you have to give them your credit card number to pay for shipping.

    Hopefully that wise little voice in your head is thinking:

    • “I shouldn't have clicked that link!”
    • “Why would a link to my package delivery preferences take me to an unrelated website?”
    • “You said the prize was free, but now I need to pay. What else am I agreeing to pay for?”
    • “I really shouldn’t have clicked on that link!”

    Tip: Some companies offer so-called “free trials” that come with hidden costs. Here’s what you should consider before you sign up for a free trial offer.

    Scammers may be turning to text messages as a new tactic. But there’s a lot you can do right now to protect yourself. Read How to Recognize and Report Spam Text Messages to learn what to do about spam text messages and how to report them.

    Source: Federal Trade Commission 

If you have received a suspicious email, text, or phone call that appears to have come from City Bank, or appears to be impersonating City Bank, please report it to us immediately by emailing abuse@city.bank.