DocuSign, a reputable firm known for being the industry-leader in online documentation distribution and signing, was recently a victim of a phishing attack. During the week of May 8 and again the week of May 15, DocuSign detected an increase in phishing emails sent to some of its customers and users. The emails “spoofed” the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when clicked, installs malicious software. The emails may come from firstname.lastname@example.org or something similar and Subject Lines may reference a completed wire transfer or complete accounting invoice. The company was able to determine a third party had gained temporary access to their non-core system which allowed them access to email addresses for customers with DocuSign accounts. The good news is no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. The bad news is for those who received the spoofed emails, clicked on the link to open the Word document and allowed the macro to run. Their computers are now infected, limiting access to their information or they may even be asked to pay money to unlock access to their computer files.
This case once again highlights the importance of being wary of opening emails and especially clicking hyperlinks from within emails that you aren’t familiar with or weren’t expecting. Be sure to educate your family and employees about the possible consequences of clicking on the wrong link and encourage them to thoroughly review the email account it comes from, type the url for a link into a browser if possible vs. clicking on a link within an email and not opening attachments from sources they weren’t expecting to receive.
If your business writes checks, you’re at risk for check fraud. Citizen National Bank’s Positive Pay program can help protect you from the potential loss of funds from this growing problem. This online tool is easy to use, requiring just minutes a day to set parameters for checks processing through the business account. Watch this video to see why Larry Webb of Webb Insurance in Lima chose the Positive Pay program and the peace of mind he has knowing safeguards are in place to protect his business.
We recently had a customer who was a victim of a debt consolidation scam. She was contacted by phone from a company (BPT Funding, Inc.) claiming to specialize in debt consolidation and offering to help lower her monthly payments by paying smaller balances off with a cash advance from Discover. A three way conference call was held between the customer, the fraudulent company and Discover where she was approved for the amount needed to pay off the balances. Discover transferred the funds to her checking account. She made a personal check out for that amount to the fraudulent company who offered to take care of paying all her balances off for her. Unfortunately, her bills kept coming and nothing had been paid off.
After attempting to contact them after 90 days, the phone number she’d been given no longer worked, the company had no website and the only address she had for them was a PO Box number. She now owes the original amounts on her credit cards, as well as the additional funds she had taken as a cash advance from Discover, and the fraudster is $11,000 richer.
If you receive a phone call from a company offering services of any kind, be sure to research them well before offering any information. Check out their website, be sure they have a physical location and customer references. Also, check them out on the Better Business Bureau website to see if any complaints have been lodged against them. If possible, consider a local company that offers the same services in order to be assured of access to a physical location and someone you can speak with in person vs. just over the phone.
Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. This is not a new scheme, but it continues to be an effective one. According to Wombat Security, 85% of organizations have suffered phishing attacks and 30% of those emails get opened. According to Verizon, the number one delivery vehicle for malware is email attachments and the simple act of clicking a link in an email can leave your company exposed to dangerous activity on your network.
The easiest solution? Educate your employees to never click on links within emails that they don’t trust or weren’t expecting to receive. Attachments should only be downloaded from reputable sources. If possible type the URL you want to view into a browser rather than clicking the link provided in the email. Anything that requests personal information is most likely a scam. Reputable companies will not ask for sensitive information through insecure channels such as email.
Phishing emails are often written to make you feel threatened or scare you into providing information. Messages such as “Our records indicate that your account was overcharged. You must call us within 7 days to receive a refund,” provide a level of urgency that you feel you must address. It’s important to not take the bait and click on any links or call provided phone numbers that might open you up to providing personal information that can be used against you.
The Federal Trade Commission offers tips for dealing with phishing scams, action steps to take to avoid phishing attacks and how to report phishing emails on its website. Check it out to get better educated and remember always, “Think before you click!”
Information provided by the Federal Trade Commission (www.consumer.ftc.gov)
Tax-related identity theft occurs when an identity thief has used your social security number to get a tax refund or a job. Unfortunately, it may be several months later that you realize it has happened when you are notified by the IRS that you were paid by an employer you don’t know or that more than one tax return was filed using your social security number. It’s important to note that the IRS will never send an email, text or social media message that asks for personal financial information. Notification would always come in the form of a letter. If you do receive an email that claims to be from the IRS, do not reply or click any links. Instead, forward it to email@example.com.
If you do receive an official notice from the IRS that alerts you to potential identity theft, visit IdentityTheft.gov to report it and begin the recovery process. Contact the IRS immediately if you think someone has used your SSN for a tax refund or a job (toll free 1-800-908-4490). Specialists will work with you to get your tax return filed, get you any refund you are due, and protect your IRS account from identity thieves in the future. After you contact the IRS, it’s important to limit the potential damage from identity theft by putting a fraud alert on your credit reports, ordering your credit reports for review and creating an Identity Theft Report by filing a complaint with the Federal Trade Commission (FTC) and filing a police report.
To learn more about this serious problem and what steps you can take to protect yourself, visit IdentityTheft.gov.
Provided by the Consumer Federal Trade Commission
It’s that time of year — tax time. It’s also a great time to get up to speed on tax-related scams. Here are two ways tax scammers might target you and what you can do about it:
Tax identity theft
This kind of identity theft happens when someone files a fake tax return using your personal information — like your Social Security number — to get a tax refund. Tax identity theft also happens when someone uses your Social Security number to get a job. You find out about it when you get a letter from the IRS saying:
- more than one tax return was filed in your name
- IRS records show wages from an employer you don’t know
IRS imposter scams
This time scammers aren’t pretending to be you — they’re posing as the IRS. They call you up saying you owe taxes, and threaten to arrest you if you don’t pay right away. They might know all or part of your Social Security number, and they can rig caller ID to make it look like the call is coming from Washington, DC – when it could be coming from anywhere. Leaving you no time to think, they tell you to put the money on a prepaid debit card and tell them the card number right away.
The real IRS won’t ask you to pay with prepaid debit cards or wire transfers, and won’t ask for a credit card number over the phone. When the IRS contacts people about unpaid taxes, they usually do it by mail. You can report IRS imposter scams to the Treasury Inspector General for Tax Administration (TIGTA) online or at 800-366-4484, and to the FTC at ftc.gov/complaint.
IdentityTheft.gov is the federal government’s one-stop resource to help you report and recover from identity theft. You can report identity theft, get step-by-step advice, sample letters, and your FTC Identity Theft Affidavit. These resources will help you fix problems caused by the identity theft.
Positive Pay Could Have Prevented Fraud
One of our business customers recently experienced the costly side of check fraud. Two men came into three different branches to cash a check from one of our business clients. The check looked like a business check with the Citizens National Bank logo printed on it. They each had a photo ID from another state. Two of the checks were cashed. A teller at a third CNB location questioned the validity of the check and requested assistance from the branch manager, at which point the two men left the bank, leaving the fraudulent check and ID behind. Unfortunately, the two previous checks were cashed and the money has yet to be recovered.
Had this business client been enrolled in Positive Pay the tellers at each location would have received an alert as these items would have been flagged as possible fraud. With Positive Pay, the business client submits a file of their outstanding checks that is reviewed each time a check is presented for payment. If someone brings in a check to be cashed, and the business has Positive Pay, the bank’s system gives the teller an alert to contact the business for approval before cashing the check.
If your business writes checks, you can benefit from Positive Pay. This automated system reviews every check presented for payment against the file submitted by the business and flags any that do not match by amount, payee, check number, etc… You the business owner make the call whether or not to pay the flagged check. If you’re interested in learning more about preventing check fraud and the potential loss of dollars for your business, contact Treasury Management.
Protect Your Identity
Provided by Jean Chatzky, Today show contributor
According to the Identity Theft Resource Center, there were more than 630 data breaches in the U.S. through August 31 of this year, which puts us on track to beat the 780 breaches recorded in 2015. And according to Bill Hardekopf of LowCards.com another study notes 1 in 3 Americans have been hacked in the past year. Whether you’ve been breached, hacked or neither, it’s time to take this threat seriously.
If you’re an employee whose company has been hit with a data breach, start by using any and all identity theft services the company offers. Then, call one of the three credit reporting companies (Equifax, Experian or TransUnion) and report you’re a victim of identity theft. Ask them to place a fraud alert on your credit file, confirm the company will contact the other two companies and mark your calendar so you can decide whether or not to renew the alert in 90 days. If you’ve been hacked, you can also ask for a fraud alert. But also pull your own credit reports (you can do this for free at AnnualCreditReport.com) to make sure that no one is taking out credit using your personal information.Then monitor your report again every few months. For more on what to do if your identity is stolen, check out this report from identitytheft.gov.
– See more at: www.cnbohio.com/AboutUs/CNBNews/security-bulletin/