Archive | Security RSS for this section

Positive Pay – Put Your Business in Control of Check Fraud

If your business writes checks, you’re at risk for check fraud. Citizen National Bank’s Positive Pay program can help protect you from the potential loss of funds from this growing problem. This online tool is easy to use, requiring just minutes a day to set parameters for checks processing through the business account. Watch this video to see why Larry Webb of Webb Insurance in Lima chose the Positive Pay program and the peace of mind he has knowing safeguards are in place to protect his business.

Debt Consolidation Scam Costs Customer $1,000’s

Financial scamWe recently had a customer who was a victim of a debt consolidation scam. She was contacted by phone from a company (BPT Funding, Inc.) claiming to specialize in debt consolidation and offering to help lower her monthly payments by paying smaller balances off with a cash advance from Discover. A three way conference call was held between the customer, the fraudulent company and Discover where she was approved for the amount needed to pay off the balances. Discover transferred the funds to her checking account. She made a personal check out for that amount to the fraudulent company who offered to take care of paying all her balances off for her. Unfortunately, her bills kept coming and nothing had been paid off.

After attempting to contact them after 90 days, the phone number she’d been given no longer worked, the company had no website and the only address she had for them was a PO Box number. She now owes the original amounts on her credit cards, as well as the additional funds she had taken as a cash advance from Discover, and the fraudster is $11,000 richer.

If you receive a phone call from a company offering services of any kind, be sure to research them well before offering any information. Check out their website, be sure they have a physical location and customer references. Also, check them out on the Better Business Bureau website to see if any complaints have been lodged against them. If possible, consider a local company that offers the same services in order to be assured of access to a physical location and someone you can speak with in person vs. just over the phone.

– See more at: https://www.cnbohio.com/AboutUs/CNBNews/security-bulletin/default.aspx

 

Gone Phishing? Fraudsters Use Email Effectively

phishingPhishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. This is not a new scheme, but it continues to be an effective one. According to Wombat Security, 85% of organizations have suffered phishing attacks and 30% of those emails get opened. According to Verizon, the number one delivery vehicle for malware is email attachments and the simple act of clicking a link in an email can leave your company exposed to dangerous activity on your network.

The easiest solution? Educate your employees to never click on links within emails that they don’t trust or weren’t expecting to receive. Attachments should only be downloaded from reputable sources. If possible type the URL you want to view into a browser rather than clicking the link provided in the email. Anything that requests personal information is most likely a scam. Reputable companies will not ask for sensitive information through insecure channels such as email.

Phishing emails are often written to make you feel threatened or scare you into providing information. Messages such as “Our records indicate that your account was overcharged. You must call us within 7 days to receive a refund,” provide a level of urgency that you feel you must address. It’s important to not take the bait and click on any links or call provided phone numbers that might open you up to providing personal information that can be used against you.

The Federal Trade Commission offers tips for dealing with phishing scams, action steps to take to avoid phishing attacks and how to report phishing emails on its website. Check it out to get better educated and remember always, “Think before you click!”

– See more at: https://www.cnbohio.com/AboutUs/CNBNews/security-bulletin/default.aspx

Tax-Related Identity Theft

Computer hacker stealing information with laptopInformation provided by the Federal Trade Commission (www.consumer.ftc.gov)

Tax-related identity theft occurs when an identity thief has used your social security number to get a tax refund or a job. Unfortunately, it may be several months later that you realize it has happened when you are notified by the IRS that you were paid by an employer you don’t know or that more than one tax return was filed using your social security number. It’s important to note that the IRS will never send an email, text or social media message that asks for personal financial information. Notification would always come in the form of a letter. If you do receive an email that claims to be from the IRS, do not reply or click any links. Instead, forward it to phishing@irs.gov.

If you do receive an official notice from the IRS that alerts you to potential identity theft, visit IdentityTheft.gov to report it and begin the recovery process. Contact the IRS immediately if you think someone has used your SSN for a tax refund or a job (toll free 1-800-908-4490). Specialists will work with you to get your tax return filed, get you any refund you are due, and protect your IRS account from identity thieves in the future. After you contact the IRS, it’s important to limit the potential damage from identity theft by putting a fraud alert on your credit reports, ordering your credit reports for review and creating an Identity Theft Report by filing a complaint with the Federal Trade Commission (FTC) and filing a police report.

To learn more about this serious problem and what steps you can take to protect yourself, visit IdentityTheft.gov.

– See more at: https://www.cnbohio.com/AboutUs/CNBNews/ExecutiveNewsletter/Default.aspx

Tax Scammers Might Target You: Here’s What to Do

logoProvided by the Consumer Federal Trade Commission

It’s that time of year — tax time. It’s also a great time to get up to speed on tax-related scams. Here are two ways tax scammers might target you and what you can do about it:

Tax identity theft

This kind of identity theft happens when someone files a fake tax return using your personal information — like your Social Security number — to get a tax refund. Tax identity theft also happens when someone uses your Social Security number to get a job. You find out about it when you get a letter from the IRS saying:

  • more than one tax return was filed in your name
  • IRS records show wages from an employer you don’t know

If you get a letter like this, contact the IRS Identity Protection Specialized Unit at 800-908-4490. You can find more about tax identity theft at ftc.gov/taxidtheft and irs.gov/identitytheft.

IRS imposter scams

This time scammers aren’t pretending to be you — they’re posing as the IRS. They call you up saying you owe taxes, and threaten to arrest you if you don’t pay right away. They might know all or part of your Social Security number, and they can rig caller ID to make it look like the call is coming from Washington, DC – when it could be coming from anywhere. Leaving you no time to think, they tell you to put the money on a prepaid debit card and tell them the card number right away.

The real IRS won’t ask you to pay with prepaid debit cards or wire transfers, and won’t ask for a credit card number over the phone. When the IRS contacts people about unpaid taxes, they usually do it by mail. You can report IRS imposter scams to the Treasury Inspector General for Tax Administration (TIGTA) online or at 800-366-4484, and to the FTC at ftc.gov/complaint.

Visit IdentityTheft.gov

IdentityTheft.gov is the federal government’s one-stop resource to help you report and recover from identity theft. You can report identity theft, get step-by-step advice, sample letters, and your FTC Identity Theft Affidavit. These resources will help you fix problems caused by the identity theft.

Be Positively Sure to Avoid Check Fraud

check-fraudPositive Pay Could Have Prevented Fraud

One of our business customers recently experienced the costly side of check fraud. Two men came into three different branches to cash a check from one of our business clients. The check looked like a business check with the Citizens National Bank logo printed on it. They each had a photo ID from another state. Two of the checks were cashed. A teller at a third CNB location questioned the validity of the check and requested assistance from the branch manager, at which point the two men left the bank, leaving the fraudulent check and ID behind. Unfortunately, the two previous checks were cashed and the money has yet to be recovered.

Had this business client been enrolled in Positive Pay the tellers at each location would have received an alert as these items would have been flagged as possible fraud. With Positive Pay, the business client submits a file of their outstanding checks that is reviewed each time a check is presented for payment. If someone brings in a check to be cashed, and the business has Positive Pay, the bank’s system gives the teller an alert to contact the business for approval before cashing the check.

If your business writes checks, you can benefit from Positive Pay. This automated system reviews every check presented for payment against the file submitted by the business and flags any that do not match by amount, payee, check number, etc… You the business owner make the call whether or not to pay the flagged check. If you’re interested in learning more about preventing check fraud and the potential loss of dollars for your business, contact Treasury Management.

Protect Your Identity
Provided by Jean Chatzky, Today show contributor

According to the Identity Theft Resource Center, there were more than 630 data breaches in the U.S. through August 31 of this year, which puts us on track to beat the 780 breaches recorded in 2015. And according to Bill Hardekopf of LowCards.com another study notes 1 in 3 Americans have been hacked in the past year. Whether you’ve been breached, hacked or neither, it’s time to take this threat seriously.

If you’re an employee whose company has been hit with a data breach, start by using any and all identity theft services the company offers. Then, call one of the three credit reporting companies (Equifax, Experian or TransUnion) and report you’re a victim of identity theft. Ask them to place a fraud alert on your credit file, confirm the company will contact the other two companies and mark your calendar so you can decide whether or not to renew the alert in 90 days. If you’ve been hacked, you can also ask for a fraud alert. But also pull your own credit reports (you can do this for free at AnnualCreditReport.com) to make sure that no one is taking out credit using your personal information.Then monitor your report again every few months. For more on what to do if your identity is stolen, check out this report from identitytheft.gov.

– See more at: www.cnbohio.com/AboutUs/CNBNews/security-bulletin/

Check Fraud, Spoofing and a New Type of Attack

hands-laptopCheck Fraud Can Happen To You!

Counterfeit checks are a genuine threat as one of our business customers recently realized. They received a phone call from another bank asking them to verify checks that were being cashed. Fortunately the other bank was aware enough to recognize there was something suspicious about the check. It was written on our customer’s business account and would have meant a loss of thousands of dollars if not caught. One way to prevent such a situation is to use Positive Pay. This service allows a business customer to upload a file of all the checks written which is then compared to payee, check number, check stock and amount before being approved for payment. If any of those don’t match, or the amount is more than the desired preset limits for immediate approval, the business is notified and has the option of approving or denying the check before it hits their account. For more information about this powerful tool, check out our online demo or contact a business banking officer at any of our CNB office locations.

Find Out If Your Email Server Will Let Spoofed Emails Through…
Provided by KnowBe4 – https://www.knowbe4.com/

Ransomware attacks are getting more and more sophisticated. Some strains now grab an email address from your own domain as the “from” address and trick your users into believing the email is from a co-worker or the CEO.

Are you aware that one of the first things hackers try is to see if they can spoof the email address of your CEO? If they are able to commit “CEO Fraud”, penetrating your network is like taking candy from a baby.

Would you like to know if hackers can spoof your domain? KnowBe4 can help you find out if this is the case with our free Domain Spoof Test. It’s quick, easy (just one email from us to you) and often a shocking discovery. Find out now if your email server is configured correctly, many are not!

Get Started Here

New Type of Hybrid Attack: First a phone call, then an email

There’s a new type of spear phishing scam that’s come to light. You may receive a phone call from a vendor. They then say they’ll follow up with an email with more information. That email is then laced with malware. You might be a bit less skeptical of an email that follows a phone call you just had. Don’t let your defenses down! Always hover over a link in an email to look for anything suspicious before you click, or type the url directly into your browser for the company rather than using the link provided. They are targeting system administrators because they have admin credentials and could inadvertently hand over full network access to attackers.

– See more at: www.cnbohio.com/AboutUs/CNBNews/security-bulletin/