Home | About Us | Contact Us | Bank Hours | SSB News
Security State Bank of Fergus Falls

What's Happening

FDIC - 10 Scams Targeting Bank Customers

10 Scams Targeting Bank Customers: Plus the basics on how to protect your personal information and your money

The FDIC often hears from bank customers who believe they may be the victims of financial fraud or theft, and our staff members provide information on where and how to report suspicious activity. To help further, FDIC Consumer News includes crime prevention tips in practically every issue. As part of that coverage, we feature here a list of 10 scams that you should be aware of, plus key defenses to remember.

Please click the link below to read more. 

https://www.fdic.gov/consumers/consumer/news/cnsum17/scams.html

By clicking on the links in this message you will be leaving the Security State Bank of Fergus Falls' Website.  We do not make representation as the to completeness or accuracy of the information provided at these websites.

Top of Page

Cybersecurity Tip

From Wipfli CPAs and Consultants

EMV Chip Credit Cards

Whenever possible, use the chip reader instead of the magnetic strip reader at the payment terminal so your credit card information cannot be compromised by a simple magnetic card skimmer or by malware installed on the point-of-sale (PoS) terminal. The chip on your credit card is called an EMV chip. This chip generates a single-use code after authenticating with the payment terminal, instead of a magnetic strip.

The big push for EMV was caused by massive PoS data breaches in which credit card information was stolen from payment terminals, which stored the credit card data unencrypted in memory while processing. This allowed malware on the PoS to steal all credit card accounts that used the payment terminals which were infected.

Much like using a debit card at a payment terminal, you may soon need to enter a personal identification number (PIN) for your chip transactions with your chip-enabled credit cards. This is where the term “chip and PIN” comes from, and it has been rolled out fully in Europe and Canada. This will help reduce the ability of a thief to use your credit card at EMV-enabled terminals without knowledge of your PIN. But for now, most United States card issuers are accepting chip and signature for payment authorization.

Top of Page

From The Ferderal Trade Commission

Fake Emails Could Cost You Thousands

May 16, 2017

by Christina Tusan (Attorney, Western Region, FTC)

Think you got an email from a business you know? Scammers sometimes use emails that look legit to trick you into sending money to them.

The email might say it’s from a real estate professional you’re working with, telling you there’s a last-minute change and you should now wire your closing costs to a different account. Or it could seem to be an email – with an invoice – from your utility company, telling you to wire payment. Whatever the story, if you wire that money, it goes to the scammer – and you may never see your money again.

These scammers might get your information by hacking into a business. Once they know about you, they send an email that seems to come from the business, telling you where to send money.  So, how can you spot these scams? 

  • Never wire money to anyone who emails – or calls – and asks you to. Instead, check it out.
  • Contact the company through a number or email address you know is real. Don’t use phone numbers or links in the email.
  • Don’t open email attachments, even from someone you know, unless you’re expecting it. Opening attachments can put malware on your computer.

If you’ve already sent in money to a scammer, act quickly.    

  • If you wired money through your bank, ask them right away for a wire recall. If you used a money transfer company, like Western Union or MoneyGram, call their complaint lines
  • Report your experience to the FTC and to the FBI’s Internet Crime Complaint Center at gov. Give as much information as you can, including all requested banking information. The sooner you get this report in to ic3, the more likely they can help you.
  • If your bank asks for a police report, give them a copy of your report to ic3.gov.

By clicking on any of the links in this message you will be leaving the Security State Bank of Fergus Falls' Website.  We do not make representation as the to completeness or accuracy of the information provided at these websites.

Top of Page

US-CERT Security Tips

Avoiding Social Engineering and Phishing Attacks

What is a social engineering attack?

In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization's network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.

What is a phishing attack?

Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.

Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as

  • natural disasters (e.g., Hurricane Katrina, Indonesian tsunami)
  • epidemics and health scares (e.g., H1N1)
  • economic concerns (e.g., IRS scams)
  • major political elections
  • holidays

How do you avoid being a victim?

  • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
  • Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information.
  • Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
  • Don't send sensitive information over the Internet before checking a website's security. (See Protecting Your Privacy for more information.)
  • Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
  • If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group.
  • Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic. (See Understanding Firewalls, Understanding Anti-Virus Software, and Reducing Spam for more information.)
  • Take advantage of any anti-phishing features offered by your email client and web browser.

What do you do if you think you are a victim?

  • If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
  • If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
  • Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
  • Watch for other signs of identity theft. (See Preventing and Responding to Identity Theft for more information.)
  • Consider reporting the attack to the police, and file a report with the Federal Trade Commission.

Author US-CERT Publications

By clicking on any of the links in this message you will be leaving the Security State Bank of Fergus Falls' Website.  We do not make representation as the to completeness or accuracy of the information provided at these websites

Top of Page

Travel Cybersecurity Tips

Do you have vacation plans?  Everybody, and their Mother, these days bring either their phones, tablets or computers - if not all of them - with them on vacation. Surveys estimate over 60% of Americans even work on vacation using their technology. If you plan to connect with the office or do personal financial business during your vacation fun, review these cyber security measures to help protect your information.

Top 12 Tips for Cyber Secure Traveling

  1. Leave it behind – do not even take your laptop or smartphone if possible. Consider using temporary devices. Purchase a temporary smartphone or tablet. Use different passwords than on your normal devices. (This is hassel for most people but not a bad idea if you are leaving the country.  It is safer.)
  2. If you really have to connect with the office or personal financial information on your device, have the latest anti-virus software and operating system updates on your device.
  3. Encrypt sensitive data. Leave as much data off your device as you can. Temporary devices for travel only make it easy to load what you need and encrypt the data that you have to take. (Have your IT Professional to assist you with this one. The will know what “encrypt” means and how to do it. Sorry – there will most likely be a cost to this step.)
  4. Do not use public Wi-Fi spots as much a possible. Many hackers use public spots to hack into devices. Consider a Mi-Fi. (Your own personal Hot Spot) Getting a portable personal Wi-Fi gadget and data time from a wireless carrier is possible and most offer a choice of plans. Make sure you know if their covers where you are vacationing.
  5. Don’t use hotel or other public computers. Results of several tests show that these computers frequently have malware on them. You have no idea who used the device before you and it may have added malware.
  6. Use your cell service instead of Wi-Fi if possible. It is safer than Wi-Fi connections. When you are checking the weather or what movie is showing at the closest Theater – Wi-Fi is OK. However, Public Wi-Fi is not a good idea when you are checking your bank account or purchasing something on the internet. Beware.
  7. Don’t leave devices in the hotel when you go to dinner or that movie. Take them with you or lock them in a hotel safe. If a criminal gains access to your hotel room, he can add malware in a minute and leave the device in place.
  8. Turn your Bluetooth device off when not in use (good idea even when you are not traveling). Some devices allow for automatic connection, which allows other Bluetooth devices to connect to your device without you knowing it.
  9. Charge your devices directly with a connection to an outlet. Beware of Charging Stations. Do not risk transferring malware from an unknown charging station or a computer. Be sure to pack those adapters.
  10. Turn off auto location and check-in applications. Do not make it easy for criminals to identify where you are.
  11. Taking pictures is such a fabulous way to remember your fun and experience. However, do not post your pictures until you return home (or to a private site). Help prevent any lurking criminals from easily tracking you.
  12. Change your passwords when you return from your vacation – every time. If someone did access your devices while you were on vacation, reduce the potential for later damage by changing passwords.

Relax and enjoy your time away from the office. Being cyber safe can help reduce your worries.

These tips are from the National Cybersecurity Institute / Carolyn Schrader

 

Top of Page