INFORMATION SECURITY BULLETINS

277101685_4961451487306528_1253238063263832349_n

March 27, 2022

Have “Amazon” or “PayPal” contacted you to confirm a recent purchase you didn’t make or contact you to inform you that your account has been hacked? We’ve recently seen a spike in customers reporting business impersonation scam where the scammer pretended to be Amazon or PayPal. The victims were either been contacted by someone or the victim found a bad phone number online and reached out to the “company”.

Amazon and PayPal will NEVER ask for access to your computer or phone. They will NEVER ask you to log into your online banking account. They will never offer to refund you money you weren’t expecting.

These scams can look a few different ways:

• In one version, the scammer convinces you to give them access to your phone/computer and online banking account. The scammer offers to “refund” you for an unauthorized purchase but they “accidentally” refund you more than promised. They then ask you to send back the difference. What really happens? The scammer moves your own money from one of your bank accounts to the other (like your Savings to Checking, or vice versa) to make it look like you were refunded. They show you the transaction in your online banking account and then ask that you please return the “overpayment” to them. Any money you send back to “Amazon” was actually your money (not an overpayment) — and as soon as you send it out of your account, it becomes theirs.

• In another version of the scam, you’re told that hackers have gotten access to your account — and the only way to protect it is to buy gift cards and share the gift card numbers and PIN on the back. Once you supply that information to them, they money is gone.

• In a 3rd version, scammers have placed a fake “Amazon Customer Support” phone number online. When you do a simple google search, you may accidentally stumble across this number rather than the legitimate phone number. You tell the “Support Rep”, you have a charge you don’t recognize or a question about your account. The scammer requests access to your phone or computer and begins collecting information about you, possibly installing keylogging software, potentially gaining access to your online banking accounts and requests you move money or send money out.

Here are some ways to avoid an Amazon impersonator scam:

• Never call an unknown number. Use the information on business website’s and not a number listed in an unexpected email or text or in a google search. Navigate directly to Amazon’s website by typing out the website into the URL bar. “www.amazon.com” Do not Google search: “Amazon phone number”.

• Don’t pay for anything with a gift card. Gift cards are for gifts. If anyone asks you to pay with a gift card – or buy gift cards for anything other than a gift, it’s a scam.

• DO NOT give remote access to your phone or computer to anyone. This gives scammers easy access to your personal and financial information—like access to your bank accounts.

If you are contacted by anyone who asks you to click a link or allow access to any of your devices, hang up. It is a scam!

January 3, 2022

Has Amazon contacted you to confirm a recent purchase you didn’t make or to tell you that your account has been hacked? About one in three people who have reported a business impersonator scam say the scammer pretended to be Amazon.

These scams can look a few different ways:

In one version, scammers offer to “refund” you for an unauthorized purchase but “accidentally transfer” more than promised. They then ask you to send back the difference. What really happens? The scammer moves your own money from one of your bank accounts to the other (like your Savings to Checking, or vice versa) to make it look like you were refunded. Any money you send back to “Amazon” is your money (not an overpayment) — and as soon as you send it out of your account, it becomes theirs.
In another version of In another version of the scam, you’re told that hackers have gotten access to your account — and the only way to supposedly protect it is to buy gift cards and share the gift card number and PIN on the back. Once that information is theirs, the money is, too.
In a 3rd version, scammers have placed a fake “Amazon Customer Support” phone number online. When you do a simple google search, you may accidentally stumble across this number rather than the legitimate phone number. You tell the “Support Rep”, you have a charge you don’t recognize or a question about your account. The scammer requests access to your phone or computer and begins collecting information about you, possibly installing keylogging software, potentially gaining access to your online banking accounts and requests you move money or send money out.

Here are some ways to avoid an Amazon impersonator scam:
• Never call an unknown number. Use the information on Amazon’s website and not a number listed in an unexpected email or text or in a google search. Navigate directly to Amazon’s website by typing out the website into the URL bar.
• Don’t pay for anything with a gift card. Gift cards are for gifts. If anyone asks you to pay with a gift card – or buy gift cards for anything other than a gift, it’s a scam.
• Don’t give remote access to anyone. This gives scammers easy access to your personal and financial information—like access to your bank accounts.

Spam notification alert email on mobile phone

September 24, 2021

TangleBot malware campaign tries to lure potential victims with Covid-19 lures

Security researchers from Cloudmark have discovered a new piece of mobile strain spread via SMS that cybercriminals are using to target users across the US and Canada with Covid-19 lures.

The malware has been dubbed TangleBot because of its many levels of obfuscation and how it is able to control a multitude of entangled device functions including contacts, SMS and phone capabilities, call logs, internet access, camera and microphone.

As is the case with many phishing campaigns, these messages create a sense of urgency as users may want to know how Covid regulations have changed in their region or they may be interested in a Covid-19 vaccine booster shot to better protect themselves against new variants of the virus.

TangleBot malware
If a user does happen to click on the link contained in one of the campaign’s text messages, a website appears notifying them that Adobe Flash Player is out of date and must be updated. Clicking on the subsequent dialog boxes then installs the TangleBot malware on their Android Phone.

TangleBot is then granted privileges to access and control numerous devices functions as mentioned above. With this access, an attacker can now make and block phone calls, send, obtain and process text messages, record using the device’s camera or microphone as well as record its screen, place overlay screens on the device to cover legitimate apps and implement other device observation capabilities according to a blog post from Cloudmark.

Just like the company’s researchers observed with FluBot, TangleBot can overlay banking or financial apps and directly steal a victim’s account credentials. However, an attacker can also use a victim’s device to message other mobile devices to spread their malware even further. Even if a user discovers TangleBot is installed on their device and removes it, an attacker may not use their stolen information for some time which renders the victim oblivious to the fact that their account credentials have been stolen.

To avoid falling victim to TangleBot, Cloudmark recommends that users be on the lookout for suspicious text messages from unknown senders and avoid clicking on any links these messages may contain. Also users should avoid installing apps from sources besides the Google Play Store or other official app stores.

June 18, 2021

We’re seeing another surge of Illinois Unemployment Benefits fraud. If you’ve received a letter stating you’ve filed for unemployment benefits and you have not, here are the steps you need to take.

Report the fraud to the Illinois Department of Employment Security (IDES).

https://www2.illinois.gov/ides/Pages/Reporting_Unemployment_Insurance_Fraud.aspx

*Please note – the IDES page states to use either the form or phone number. Utilizing both may cause delays in reviewing your case. You may not receive an immediate response because the IDES currently has a 1 – 2 week turn around on phone calls and form submissions. Please exercise patience.

Here are some additional suggested steps to further protect your personal and financial information:

Monitor your credit report. You can check your credit reports with Equifax, Experian and TransUnion by visiting annualcreditreport.com.
Consider requesting a fraud alert by contacting one of the three nationwide credit bureaus. Doing so places a flag on your credit reports for one year, which alerts potential credit grantors that they should request additional identification from someone applying for credit using your name.
Consider placing a freeze on your credit report, which means that potential credit grantors will not be able to see your credit report unless you prove to them that you are yourself and not an identity thief. To obtain a freeze, consumers must contact each of the three credit reporting agencies individuals, and detailed instructions are available on the Attorney General’s website.
Obtain your free credit reports from annualcreditreport.com. Report any unauthorized accounts or other inaccurate information to the credit reporting agencies immediately.
Review all your financial accounts closely for accuracy, and dispute any unauthorized charges/debits immediately.
Consider placing transaction alerts with your bank or financial institution. Doing so ensures you receive a notification from your bank when withdrawals above a pre-set dollar amount are made, allowing you to contact your financial institution to immediately dispute any unauthorized charges. Buena Vista Notifi real-time alerts are a free service to our customers.
Be vigilant for other unusual occurrences, such receiving other debit or credit cards in the mail or changes to your address or password for a financial account.

May 12, 2021

It’s never too late to find love, and lots of dating sites and apps are there to help. But scammers are out to steal your heart, too…and then steal your money. This Older Americans Month, let’s talk about romance scams. These can happen when someone makes a fake profile on dating sites, apps and social media. They then message you to get a relationship going, build your trust, and connect.

If they ask for money – IT’S A SCAM.

Click here to learn more about romance scams.

January 27, 2021

Each year, millions of elderly Americans fall victim to some type of financial fraud or confidence scheme, including romance, lottery, and sweepstakes scams, to name a few. Criminals will gain their targets’ trust and may communicate with them directly via computer, phone, and the mail; or indirectly through the TV and radio. Once successful, scammers are likely to keep a scheme going because of the prospect of significant financial gain.

Seniors are often targeted because they tend to be trusting and polite. They also usually have financial savings, own a home, and have good credit—all of which make them attractive to scammers.

Additionally, seniors may be less inclined to report fraud because they don’t know how, or they may be too ashamed at having been scammed. They might also be concerned that their relatives will lose confidence in their abilities to manage their own financial affairs. And when an elderly victim does report a crime, they may be unable to supply detailed information to investigators.

With the elderly population growing and seniors racking up more than $3 billion in losses annually, elder fraud is likely to be a growing problem.

For more information about common scams, prevention and reporting elder abuse, visit the FBI’s Scams & Safety Page.

December 28, 2020

Amazon Gift Card Scam Delivers Dridex This Holiday Season

Dridex operators launch a social engineering scam that promises victims a $100 gift card but delivers a banking Trojan. The operators behind Dridex have a nefarious trick up their sleeves this holiday season: A widespread phishing scam promises victims a $100 Amazon gift card but instead delivers the prolific banking Trojan to target machines.

Victims receive an email that claims to be delivering a gift from Amazon: “We are delighted to enclose a $100 Amazon gift card as our way of saying Thank You,” a sample message says. The researchers found most emails pretend to come from Amazon, though exact wording may vary. This email prompts its recipient to download a gift card, which leads to Dridex infection. Dridex is a notorious banking Trojan that has been active in different variants since 2012. It’s an evasive malware that steals banking credentials and other sensitive data.

How can you protect yourself from the threat?

• Just use common sense.

• There are no free gifts.

• If someone offers you a free gift, it’s probably that they’re up to no good.

• Simply ignore or delete the email.

December 10, 2020

Gift Card Scams

Did someone tell you to pay with gift cards? It’s a scam!

Maybe someone said you’ve won the lottery, a prize or sweepstakes. Or they claim to be from the government and tell you there’s a problem with your Social Security number. And, to collect your winnings or solve your problem, you have to pay with gift cards. Maybe they are claiming to be a merchant who overpaid your account on a recent return and ask that you return the funds by purchasing gift cards. But here’s the thing: anyone who insists that you pay by gift card is always a scammer.

If you paid a scammer with a gift card, tell the company that issued the card right away. When you contact the company, tell them the gift card was used in a scam. And then report it to the FTC. Remember to keep the gift card itself and the gift card receipt, and, have them available when you contact the company and the FTC.

August 7, 2019

Confidence/Romance Fraud

WHAT IS CONFIDENCE/ROMANCE FRAUD?

Confidence/romance fraud occurs when an actor deceives a victim into believing they have a trust relationship—whether family, friendly, or romantic—and leverages the relationship to persuade the victim to send money, provide personal and financial information, or purchase items of value for the actor. In some cases, the victim is persuaded to launder money on behalf of the actor.

Actors often use online dating sites to pose as U.S. citizens located in a foreign country, U.S. military members deployed overseas, or U.S. business owners seeking assistance with lucrative investments.

THREAT

In 2017, more than 15,000 people filed complaints with the FBI’s Internet Crime Complaint Center (IC3) alleging they were victims of confidence/romance fraud and reporting losses of more than $211 million. In 2018, the number of victims filing these complaints increased to more than 18,000, with more than $362 million in losses—an increase of more than 70 percent over the previous year.

In 2018, confidence/romance fraud was the seventh most commonly reported scam to the IC3 based on the number of complaints received, and the second costliest scam in terms of victim loss.

IC3 receives victim reports from all age, education, and income brackets. However, the elderly, women, and those who have lost a spouse are often targeted.

METHODS

After establishing their victims’ trust, scammers try to convince them to send money for airfare to visit, or claim they are in trouble and need money. Victims often send money because they believe they are in a romantic relationship.

For example, an actor claims to be a U.S. citizen living abroad. After a few months of building a relationship with the victim, the actor asks the victim to send gifts or electronics to a foreign address. After a few more months, the actor expresses a desire to return to the U.S. to meet the victim. The actor claims not to have the money to pay for travel and asks the victim to wire funds. In some cases, the actor claims the wired funds did not arrive and asks the victim to resend the money.

Some actors provide a fake travel itinerary. When they don’t arrive as scheduled, they claim they were arrested, and ask for more money to post bail. They may also request more money for travel or to recover assets seized during their “arrest.” Requests for money may continue until the victim is unable—or unwilling—to provide more.

TRENDS

In some situations the victim may be unknowingly recruited as a “money mule”: someone who transfers money illegally on behalf of others. Actors groom their victims over time and convince them to open bank accounts under the guise of sending or receiving funds. Grooming is defined as preparing a victim to conduct fraudulent activity on their behalf through communications intended to develop a trust relationship. These accounts are used to facilitate criminal activities for a short period of time. If the account is flagged by the financial institution, it may be closed and the actor will either direct the victim to open a new account or begin grooming a new victim.

In other situations, the actor claims to be a European citizen or an American living abroad. After a few months of developing trust, the actor will tell the victim about a lucrative business opportunity. The actor will inform the victim there are investors willing to fund the project, but they need a U.S. bank account to receive funds. The victim is asked to open a bank account or register a limited liability company in the victim’s name and then to receive and send money from that account to other accounts controlled by the actor.

TIPS TO PROTECT YOURSELF

Most cyber criminals do not use their own photographs; they use an image from another social media account as their own. A reverse image search can determine if a profile picture is being used elsewhere on the internet, and on which websites it was used. A search sometimes provides information that links the image with other scams or victims.

To perform a reverse image search on profile photos:

Right click on the image and select “Search for image.”
Right click again and select “Save image as” to save the photo to your device.
Using a search engine, choose the small camera icon to upload the saved image into the search engine.

Always use your best judgment. While most dating sites routinely monitor account activity and investigate all complaints of falsified accounts, most dating site administrators do not conduct criminal background checks when an account is registered. Keep in mind it is always possible for people to misrepresent themselves. Do not ignore any facts which seem inconsistent and be aware of the following common techniques used by romance scammers:

Immediate requests to talk or chat on an email or messaging service outside of the dating site.
Claims that your introduction was “destiny” or “fate,” especially early in communication.
Claims to be from the U.S. but is currently living, working, or traveling abroad.
Asks for money, goods, or any similar type of financial assistance, especially if you have never met in person.
Asks for assistance with personal transactions (opening new bank accounts, depositing or transferring funds, shipping merchandise, etc.).
Reports a sudden personal crisis and pressures you to provide financial assistance. Be especially wary if the demands become increasingly aggressive.
Tells inconsistent or grandiose stories.
Gives vague answers to specific questions.
Claims to be recently widowed or claims to be a U.S. service member serving overseas.
Disappears suddenly from the site then reappears under a different name using the same profile information.

The FBI advises:

Never send money to someone you meet online, especially by wire transfer.
Never provide credit card numbers or bank account information without verifying the recipient’s identity.
Never share your Social Security number or other personally identifiable information that can be used to access your accounts with someone who does not need to know this information.

What to Do If You Are a Victim

If you are a victim of a confidence/romance scam, the FBI recommends taking the following actions:

Report the activity to the Internet Crime Complaint Center, your local FBI field office, or both.

Contact your financial institution immediately upon discovering any fraudulent or suspicious activity and direct them to stop or reverse the transactions.

Ask your financial institution to contact the corresponding financial institution where the fraudulent or suspicious transfer was sent.

Report the activity to the website where the contact was first initiated.

Computer hacker stealing information with laptop

June 18, 2019

Employment Scams

Employment scams are nothing new but they are on the rise.

In 2018, employment scams were the riskiest, according to the BBB Scam Tracker Risk Report. As technology changes, so do scammers’ tactics. In this new twist on a long-time scam, con artists use text messages and Google Hangouts to convince people to hand over money in exchange for a job that doesn’t exist.

How the Scam Works
You post a resume or apply to a job online. Before long, you are contacted via text message by someone claiming to have seen your resume. The representative explains that you would be a great fit for their position and may claim to represent a real business with a good reputation. They ask you to contact them for an interview via Google Hangouts or another video chat service.
After talking, you are immediately offered a job with excellent pay. This pattern is a change from the past, when scammers typically emailed targets and made a job offer without an interview.
Your new “job” has some unusual requests, however. The interviewer may send youfunds to deposit into your bank account, which you’ll use to purchase supplies for your new job. Or they require your banking information under the guise of setting up direct deposit. They also may send you surplus funds in a bad check, ask you to deposit it and wire some funds back to the company. Job scams take many forms.
If you question the company’s methods, you’ll likely be met with a defensive response. But don’t give into the pressure and follow the demands. The job isn’t real!

How to Protect Yourself from Employment Scams
•Double check the job posting. If a person claims to represent a reputable company, visit the official website and look for the job posting before agreeing to an interview. If you can’t find it, it’s probably a scam.
•Be wary of unusual procedures. No real company would ask you to pay money to receive a job offer, nor would they send you a check before you’ve completed any work or overpay you for supplies and ask you send back part of the money.
•Look out for generic job offers. Jobs that are very general, for example “customer service representative,” are the most likely to be scams. If you find the same job description for different companies posted on many websites, that could be a red flag, too

February 15, 2019

Tech Support Scams

Some scammers call and claim to be computer techs associated with well-known companies like Microsoft or Apple. Other scammers send pop-up messages that warn about computer problems. They say they’ve detected viruses or other malware on your computer. They claim to be “tech support” and will ask you to give them remote access to your computer. Eventually, they’ll diagnose a non-existent problem and ask you to pay for unnecessary – or even harmful – services.

If you get an unexpected pop-up, call, spam email or other urgent message about problems with your computer, stop. Don’t click on any links, don’t give control of your computer and don’t send any money or gift cards.

How the Scam Works

Scammers may call, place alarming pop-up messages on your computer, offer free “security” scans, or set up fake websites – all to convince you that your computer is infected. The scammers try to get you on the phone, and then work to convince you there’s a problem. Finally, they ask you to pay them to fix that non-existent problem.

To convince you that both the scammers and the problems are real, the scammers may:

pretend to be from a well-known company – like Microsoft or Apple
use lots of technical terms
ask you to get on your computer and open some files – and then tell you those files show a problem (when they don’t)

Then, once they’ve convinced you that your computer has a problem, the scammers might:

ask you to give them remote access to your computer – which lets them change your computer settings so your computer is vulnerable to attack
trick you into installing malware that gives them access to your computer and sensitive data, like user names and passwords
try to sell you software that’s worthless, or that you could get elsewhere for free
try to enroll you in a worthless computer maintenance or warranty program
ask for credit card information so they can bill you for phony services, or services you could get elsewhere for free
direct you to websites and ask you to enter your credit card number and other personal information

These scammers want to get your money, access to your computer, or both. But there are things you can do to stop them.

If You Get a Call or Pop-Up

If you get an unexpected or urgent call from someone who claims to be tech support, hang up. It’s not a real call. And don’t rely on caller ID to prove who a caller is. Criminals can make caller ID seem like they’re calling from a legitimate company or a local number.

If you get a pop-up message that tells you to call tech support, ignore it. There are legitimate pop-ups from your security software to do things like update your operating system. But do not call a number that pops up on your screen in a warning about a computer problem.

If you’re concerned about your computer, call your security software company directly – but don’t use the phone number in the pop-up or on caller ID. Instead, look for the company’s contact information online, or on a software package or your receipt.
Never share passwords or give control of your computer to anyone who contacts you.

If You Were Scammed

Get rid of malware. Update or download legitimate security software and scan your computer. Delete anything the software says is a problem.
Change any passwords that you shared with someone. Change the passwords on every account that uses passwords you shared.
If you paid for bogus services with a credit card, call your credit card company and ask to reverse the charges. Check your statements for any charges you didn’t make, and ask to reverse those, too. Report it to ftc.gov/complaint.

Refund Scams

If you paid for tech support services, and you later get a call about a refund, that call is probably also a scam. Don’t give the person any personal or financial information.

The refund scam works like this: Several months after a purchase, someone calls to ask if you were happy with the service. If you say “No”, the scammer offers a refund. Or, the caller says the company is going out of business and giving refunds. The scammer eventually asks for your bank or credit card account number, or asks for access to your bank account to make a deposit. But instead of putting money in your account, the scammer takes money from your account.

If you get a call like this, hang up, and report it: ftc.gov/complaint.

December 7, 2018

Obituary Scams

Be careful with obituaries – scammers are watching them.

Publicly sharing personal information is risky enough in everyday life. It gets worse in death. It’s never wise to let strangers know your name, address, birth date, birthplace, family members’ names or even hobbies, whether you post the info on social media, take surveys or fill out product registration forms. But obituaries can take the risk to a whole new level. When published in newspapers and websites, they can spoon-feed scammers the precise nuggets they need.

We all want to acknowledge a loved one’s life completed. But be aware that the devil is in the details. The more personal facts you provide in an obit, the greater risk of scams—for the departed and survivors alike.

When it’s time to write the notice, give the deceased’s age but leave out the birth date, middle name, home address, birthplace and mother’s maiden name. Don’t even include the names of family survivors. This last advice will be hard to follow, but otherwise you put family members at risk of scams like these.

Identity Theft

Each day, thousands of dead people fall victim to identity theft—costing their survivors pain and financial loss. Nearly 800,000 people a year are specifically targeted after death, because no one’s checking their credit reports. With details gleaned from an obit, crooks can often purchase or figure out the person’s Social Security number to fraudulently open credit card accounts, apply for loans or even file tax returns to collect refunds. (The first five digits of a Social Security number are linked to a time and place of birth.)

So spare the details in an obit. And quickly send requests to each of the major credit-reporting bureaus—Equifax, Experian and TransUnion—to flag the person’s account as “deceased.” This permanently stops new credit from being issued in the person’s name. You’ll need a certified copy of the death certificate, proof that you are the executor or spouse and other details about the deceased.

You should also notify the Social Security Administration (800-772-1213), the IRS, banks, insurers, brokerages, credit card issuers and mortgage companies, in case scammers approach them. Also, close down accounts on social media sites such as Facebook and Twitter.

Grandparents Scam

Scammers use names published in obits to pose as grandchildren of the deceased, calling grieving survivors with sob stories about being mugged or arrested and needing money. Research shows that with any scam, your vulnerability is highest in the three years after a major stress. Obits are pure gold for scammers, who can target grieving spouses immediately following the death and seem credible by citing names.

In the early days of this now-widespread scam, AARP’s West Virginia chapter discovered its magnitude by interviewing recent scam victims and finding a common thread: All reported having had a recent death in the family, and all had published obituaries listing the names of the grandchildren.

Deceptive Debt Collection

Crooks often call spouses, children or siblings to make a claim that survivors must repay the deceased’s debts. Not true. Unless you cosigned the obligation or are otherwise legally responsible, debts are paid from the estate—not from the pockets of relatives. Anyone saying otherwise is deceiving the grieving for a quick buck.

Fictitious Life Insurance

In another name-dropper, self-described insurance agents and attorneys get in touch with survivors to claim the departed took out a huge (but often “secret”) life insurance policy. But before benefits can be collected, a final premium (or taxes, handling fees, etc.) must be paid. Legit insurance companies don’t request upfront fees by wire transfer or prepaid debit card.

Burglary

If the deceased’s address and the time of the memorial service are in the obit, burglars know when to strike the unoccupied home, as well as those of neighbors paying respects. Leave the home address out and have a friend or neighbor forgo the funeral to keep watch.

hacker using mobile smartphone calling for victim

October 31, 2018

Spear Phishing Scams

“I’m calling from [pick any bank]. Someone’s been using your debit card ending in 2345 at [pick any retailer]. I’ll need to verify your Social Security number — which ends in 8190, right? — and full debit card information so we can stop this unauthorized activity…”

So the caller ID shows the name of your bank. And the caller knows some of your personal details. Does that mean it’s legit? No. It’s a scam — and scammers are counting on the call being so unsettling that you might not stop to check your bank statement.

We’ve started hearing about phone scams like this, which combine two scammer tricks: spear phishing and caller ID spoofing. In a phishing attempt, scammers may make it look like they’re from a legitimate company. And when they call or email with specific details about you — asking you to verify the information in full (things like your Social Security number or address) — that’s called spear phishing.

The other nasty wrinkle in this scam is caller ID spoofing. That’s when scammers fake their caller ID to trick you into thinking the call is from someone you trust.

Here’s how you can avoid these scam tactics:

Don’t assume your caller ID is proof of whom you’re dealing with. Scammers can make it look like they’re calling from a company or number you trust.
If you get a phone call, email, or text from someone asking for your personal information, don’t respond. Instead, check it out using contact info you know is correct.
Don’t trust someone just because they have personal information about you. Scammers have ways of getting that information.
If you gave a scammer your information, go to gov. You’ll learn what to do if the scammer made charges on your accounts.

Even if you didn’t give personal information to the scammer, r eport the scam to the FTC. Your reports help us understand what’s happening and can lead to investigations and legal action to shut scammers down.

Smiling woman using credit card and smart phone at home

July 5, 2018

The Sneaky Debit Card Activation Scam

How it works: A fraudster obtains a phone number that is slightly different from a valid card activation phone number in hopes the cardholder who is activating a new card will misdial the number. They proceed to tell the caller the voice response system is down and that is why they are speaking to a live person. The fraudster asks the cardholder for personal information, such as card number, expiration date, account number and Social Security number. The fraudster may even attempt to sell the cardholder gift cards.

Just a reminder, when calling the 800 number to activate a debit card, you will NEVER speak to a live person.

A second reminder, when SHAZAM reaches out to a cardholder to verify transactions, they NEVER ask for card number or any personal information.

April 2, 2018

iTunes Gift Card Scams

A string of scams are taking place asking people to make payments over the phone for things such as taxes, hospital bills, bail money, debt collection, and utility bills. The scams are committed using many methods, including gift cards. As the fraudsters are sometimes using iTunes Gift Cards, we want to make sure our customers are aware of these scams.

Regardless of the reason for payment, the scam follows a certain formula: The victim receives a call instilling panic and urgency to make a payment by purchasing iTunes Gift Cards from the nearest retailer (convenience store, electronics retailer, etc.). After the cards have been purchased, the victim is asked to pay by sharing the 16-digit code on the back of the card with the caller over the phone.

It’s important to know that iTunes Gift Cards can be used ONLY to purchase goods and services on the iTunes Store, App Store, iBooks Store, or for an Apple Music membership. If you’re approached to use the cards for payment outside of the iTunes Store, App Store, iBooks Store, or Apple Music, you could very likely be the target of a scam and should immediately report it to your local police department as well as the FTC.

Please do not ever provide the numbers on the back of the card to someone you do not know. Once those numbers are provided to the scammers, the funds on the card will likely be spent before you are able to contact Apple or law enforcement.

Tips to avoid becoming the victim of a scam

If you are NOT purchasing an item from the iTunes Store, App Store, iBooks Store, or an Apple Music membership, do NOT make a payment with iTunes Gift Cards. There’s no other instance in which you’ll be asked to make a payment with an iTunes Gift Card.
Do not provide the numbers on the back of the card to someone you do not know.
Immediately report potential scams to your local police department as well as the FTC (ftccomplaintassistant.gov).

Contact Apple

If you have additional questions, or if you’ve been a victim of a scam involving iTunes Gift Cards, you can call Apple at 800-275-2273 (U.S.) or contact Apple Support online.

March 12, 2018

Tax Scams

They’re at it again… tax scammers scheming new ways to steal personal information and money. This FTC article explains tax scam scenarios and how you can avoid them.

November 20, 2017

Protecting Yourself From Charity Scams

In Illinois, more than 25,000 charitable organizations are working to help others in unique ways. Under state law, these charitable organizations, along with professional fundraiser are required to register and file annual financial reports with the Attorney General’s office. Potential donors may access this information, to verify its legitimacy, before giving to charity. http://charitableviewer.ilattorneygeneral.net/

If you’re thinking about giving to a charity, do your research to avoid fraudsters who try to take advantage of your generosity. Here are tips to help make sure that your charitable contributions actually go to the cause you support.

Ask how much of your donation will go to the charity and other detailed questions, including whether the organization is registered and how much of your donation will be used to pay fundraising costs. Solicitors must give you this information if you ask.
Pay close attention to the name of the charity. Some fraudulent charities use names that sound or look like those of legitimate organizations to mislead you.
Do not pay in cash. For security and tax record purposes, pay by check, credit card or a format of payment in which you have a record. Be sure to write the full official name of the charity on your check – do not abbreviate.
Request written information. A legitimate charity will provide you with information outlining its mission, how your donation will be distributed and proof that your contribution is tax deductible.
Do not donate if the solicitor uses high-pressure tactics, asks for payment in cash or insists on sending someone to pick up your monetary/financial contribution. These are all hallmarks of a scam.
If you receive an email or text message asking for a donation, confirm that the request is from the charity, and not an impostor, by contacting the charity or visiting its website.
Be cautious of “look-alike” websites. These fraudulent websites will often ask for personal financial information and may download harmful malware onto your computer.
Don’t assume that charity recommendations on Facebook or social media are legitimate and have already been scrutinized. Research the charity yourself.

November 17, 2017
Western Union Remission

On January 19, 2017, Western Union agreed to forfeit $586 million and entered into agreements with the Justice Department and the Federal Trade Commission. In its agreement with the Justice Department, Western Union admitted that it violated U.S. laws—The Bank Secrecy Act and anti-fraud statutes—by processing hundreds of thousands of transactions for Western Union agents and others involved in an international consumer fraud scheme. As part of the scheme, fraudsters contacted victims and falsely posed as family members in need or promised prizes or job opportunities. The fraudsters directed the victims to send money through Western Union to help their relative or claim their prize.

If you believe you were a victim of the fraud described above and you made a wire transfer through Western Union between January 1, 2004 and January 19, 2017, you may be eligible for remission. Please visit http://www.westernunionremission.com/ for more information.

September 9, 2017
Equifax Breach

Recently, Equifax, one of the three national consumer credit reporting agencies, announced a major data breach. This breach affects approximately 143 million Americans. This is what we know according to Equifax: the data breach occurred May – July 2017, and the information stolen includes consumers’ personally identifiable information, including names, Social Security numbers, dates of birth, addresses and, in some cases, driver’s license numbers. Approximately 209,000 credit card numbers and dispute documents with personally identifiable information for approximately 182,000 consumers were also stolen. There is no evidence of unauthorized access to consumers’ credit reporting databases.

To be clear, Buena Vista National Bank was not compromised and your information was not stolen from our bank. However, Buena Vista National Bank takes the security of our customer information very seriously, and we are providing you with the information we know about this massive breach and the steps you can take to protect your personally identifiable information if you so desire. Following this unprecedented breach, we are also asking our customers to be extra vigilant and report any suspicious activity in your Buena Vista National Bank accounts to by calling your local branch.

Informative articles regarding the breach:

The Equifax Data Breach: What to Do

Equifax isn’t calling

Fraud alert or credit freeze – which is right for you?

Click here to add your own text

INFORMATION SECURITY BULLETINS

How the Scam Works

If You Get a Call or Pop-Up

If You Were Scammed

Refund Scams

Quick Links

Join Our Newsletter

PROUD TO BE