Cybersecurity – Page 2 – River City Bank

December 20, 2018

Security News – How to Avoid a Vishing Scam

By now you probably know not to click on links that arrive unexpectedly via email (Phishing) or text (Smishing), but how about an old-fashioned telephone scam? As people have become more educated on cybersecurity, criminals are turning to alternative scamming methods, including the telephone scam.

What is Vishing?

Vishing is the telephone-based scam that has even the most tech-savvy consumers falling victim. Vishing scams rely heavily on manipulation and social engineering to get potential victims to give up personal information such as PINs, Social Security numbers, credit card security codes, and passwords. Criminals typically pretend to be from an official organization such as a bank or the government and use “caller ID spoofing” which allows them to make phone calls that appear to be from legitimate organizations. Vishing calls can be from a live person, robot, or both. With so many variables, it’s imperative to stay alert and keep your information protected.

Common vishing scams include:

Supposed fraud or suspicious activity on your bank account
Overdue or unpaid taxes to the IRS
Fake computer or IT support
Fake government agency

How to avoid vishing scams:

Never answer a call from an unknown number. Picking up may alert the scammer that the number is active and may lead to more calls down the road. Instead, let the call go to voicemail. If the scammer leaves a message, it will give you time to vet out the caller properly.
If you do answer, never give your personal information. Banks and government institutions will never ask for personal information over the phone. If you are asked for personal information or feel uncertain to the legitimacy of the call, hang up and call back after crossing referencing the number online or on the back of your credit card. It is worth noting that government institutions like the IRS almost exclusively communicate by mail or occasionally email.
Don’t trust Caller ID. As mentioned above, scammers can use “caller ID spoofing” to make calls appear to come from a legitimate source. While the call may be legitimate, keep your guard up and remember never give out personal information over the phone.

Again, keep in mind that River City Bank will never ask for your personal information by email or text. Your personal and financial security is our top priority. Should you have any questions or concerns regarding your account information or communication you have received from River City Bank, please do not hesitate to reach out to a customer service representative at (916) 567-2899 or (800) 564-7144.

December 12, 2018

Online Shopping – Cybersecurity Tips for the Holidays

Woman sitting, surrounded by holiday presents, with laptop on her lap and shopping online

The busy holiday season is here and, for many, that means shopping and spending time with family and friends. It is also a busy time for cybercriminals, with over 40 percent of online scam attempts occurring during the last quarter of the year.

To have a safe and secure holiday season, we recommend the following safety precautions:

Use a Credit Card: It’s nearly impossible to tell how secure an online merchant is, so it’s best to be cautious and shop as though all merchants have been compromised. With that in mind, if you have a choice between using your credit or debit card, shop with your credit card. While you may not be liable for fraudulent charges, the effect of having your debit card compromised can be felt immediately when your checking account has been drained, and checks or recurring charges do not clear.
Review your Statements: Keep a close eye on your bank and credit card statements. Fraudsters are notorious for using the busy holiday season to make unauthorized charges on stolen cards, and the bogus purchases can get buried amid the flurry of legitimate purchases. Review your statements regularly (daily is best) and quickly dispute unauthorized charges.
Don’t Take the Bait: A favorite holiday phishing and malware scam involves spam emails that purport to have been sent by the U.S. Postal Service, FedEx, UPS, or other shipping services. The spam email is usually regarding a wayward package or asks for additional information for delivery. When in doubt, visit the e-commerce site or shipping site directly, and avoid clicking on links or attachments in emails.
Click with Care: Cybercriminals love to use holiday shopping and travel scams to gain access to information and computer systems. Scammers try to lure you to copycat websites of well-known brands or retailers by advertising great deals on hot-ticket items on social media sites or through search engines. Their goal: to deliver malware to your computer, steal your credit card number, or “phish” for personal information.
Connect with Caution: Most public Wi-Fi networks are not secure, so think twice before shopping or banking while on public Wi-Fi. Disable automatic Wi-Fi and Bluetooth before leaving home.

A security tip no longer recommended is the “look for the padlock” test. The presence of a padlock icon next to the website address used to signal a legitimate site versus a phishing trap. Unfortunately, half of all phishing scams are now hosted on a site whose address begins with “https://” and includes a padlock icon. The presence of the padlock icon does not mean the site is legitimate. A website address with an “https://” address or “Secure Sockets Layer (SSL)” simply signifies that data transmitted back and forth between your browser and the site is encrypted and cannot be read by third parties; not that the site is legitimate.

Major web browsers are working with security organizations to index and flag new phishing sites with warning pages; however, not all phishing scams are flagged quickly. With the “look for the padlock” test taken away, it’s paramount that you stay alert and vigilant about reviewing emails, links, and attachments for suspicious content. For more tips on how to keep your information safe during the holiday season, and how to help your family and friends with a cybersecurity checkup, visit krebsonsecurity.com.

At River City Bank, your personal and financial security is our top priority. If you have questions or concerns, please call a customer service representative at (916) 567-2899 or (800) 564-7144 or visit your nearest branch.

October 15, 2018

Security News – Smishing Alert

The use of text message to communicate with the public can be useful and efficient; however, it also opens the door for potential text message scams, also known as Smishing. With the increased use of text messages for communication, we want to remind you of security precautions you should take to keep your personal and bank account information safe.

What is Smishing?

Scammers are now targeting potential victims with text message scams sent via shortcodes and links. Shortcodes are used by legitimate businesses to send messages to customers; examples include airline ticket confirmations, identity verification, and routine account alerts. However, shortcodes and links can also contain malicious malware which can install on your phone. Once installed, the malware app can log your keystrokes, steal your identity, or hold valuable files for ransom. It is imperative to be vigilant when reading and responding to text messages. Following are tips for protecting yourself against the rise of smishing scams.

What you can do to protect yourself?

Government agencies, banks, or other legitimate businesses will never request personal or financial information via text message.
Be skeptical of any text message you receive from unknown senders.
Take your time. Smishing scams work by creating a false sense of urgency by demanding an immediate response.
Never click on links or call phone numbers in unsolicited text messages.
Do not respond to smishing messages. Responding verifies that your phone number is active and encourages scammers to keep trying.
Delete the message from your phone.

To learn more about how to protect your personal information, visit the River City Bank Safety & Security page.

June 1, 2018

Reboot Your Router to Stop Malware

A sophisticated malware system linked to Russia has compromised hundreds of thousands of internet routers. The malware targets routers produced by several manufacturers and is capable of performing multiple functions, including information collection, device exploitation, and blocking network traffic. The FBI recommends the following steps to protect your information from this malware threat.

Reboot Your Router: You should reboot the router by turning it off, and then turning it back on. The simplest way to do this is to unplug the power from the router, wait 10 seconds, and then plug the power back in. Rebooting the router will temporarily disrupt the malware. Note: DO NOT RESET (only reboot) your router – pressing the reset button can erase all settings on the router and cause it to be inoperable.

Upgrade Firmware: You should upgrade the router’s firmware to the latest available version.

New Password: Select a new secure password. Click here for tips on setting up an effective and secure password.

Disable Remote Management Settings: If remote management settings are in place, consider disabling them.

Safeguarding your personal information is not just important, it’s vital to your business and ours. Should you have any questions about this malware or recommended security steps, please do not hesitate to reach out to a Customer Service Representative at (916) 567-2899 or (800) 564-7144 or by email at [email protected].

February 20, 2018

Wires: Tips to Protect Your Money

Wires are inherently risky. Once a wire is sent, including a fraudulent wire, the transfer CANNOT be reversed. When sending a wire, it is extremely important that you personally know who you are sending the funds to. If you do not know the person or company, the request may be fraudulent. Allow us to point out some of the usual fraud schemes and scams we have witnessed involving wires. While this is not an all-inclusive list, it will help you decide if the wire transfer YOU request is legitimate.

Things you should ask yourself before you make a wire transfer request:

1. What is the source of this wire transfer request?

For example, was this request received via e-mail from another account owner, someone you know, or your boss (e.g. CEO or CFO)? If so, you should confirm this request in person or over the phone, using a number you have on file, with that individual to ensure they actually e-mailed the request.

2. Have you been told not to disclose the reason you are wiring funds?

What is the reason for the secrecy? Is it valid?

3. Do you personally know the individual or business you are sending money to?

If not, are you certain the requestor is who they say they are?

Situation #1: You have been instructed to send a wire to someone you do not know. Here are some scenarios that should raise flags:

Wiring funds to an investment firm located outside the United States that contacted you via e-mail, mail, or telephone
Keep in mind that fraudulent requests for wires occur every day. Ensure you are comfortable with who you are sending money to.

Wiring funds to pay for fees or taxes in order to release lottery winnings or an inheritance
The lotteries we are aware of do not require taxes or fees to be paid in advance as a requirement of collecting the winnings.

Wiring funds to cover a loved one’s expenses or bail
If you were you notified by someone you do not personally know, or even by your loved one via email, confirm this request in person or over the phone with your loved one directly.

Unexpectedly contacted by a business or vendor stating their payment information has changed
Contact the business or vendor directly, using a phone number you have on file, to validate the changes are legitimate.

Situation #2: You deposited a check or received an electronic deposit to your account and the sender is requesting you to wire them the full or partial amount of the deposit back. Here are some common deceptions designed to steal YOUR money:

Wiring money to someone due to a canceled purchase for items sold on the internet
You are requested to deposit a check and send a portion back under the pretense that the extra money is commission or overpayment
Wiring funds to someone who hired you to process checks for them or their company
Wiring funds to someone you met on the internet that sent you money

In these situations, if the deposit into your account is fraudulent and you wire out or withdraw the funds, you will be held RESPONSIBLE for the entire amount of the returned deposit. Should any these situations arise, STOP and contact River City Bank at (916) 567-2899 or (800) 564-7144, prior to sending the wire.

January 19, 2018

Cybersecurity Tips

Cybersecurity best practices constitute an expansive list of things to do. While in-depth security measures need to be implemented and managed by experts, you don’t need to be a cybersecurity pro to employ smart online safety habits that can go a long way in guarding against online crime. Small and simple steps, like the ones listed below, are just as important in helping to protect your data.

Stop. Think. Connect.

Click with care. Cybercriminals love to use holiday shopping and travel scams to gain access to information and computer systems. Scammers try to lure you to copycat websites of well-known brands or retailers by advertising great deals on hot-ticket items on social media sites or through search engines. Their goal: to deliver malware to your computer, steal your credit card number, or “phish” for personal information.
Lock it up! Never leave a device unattended and be sure you have strong passwords.
Search for the “S.” Look for the “https” instead of “http” on the web address of the payment page before you enter a credit card number or other personal information. The “s” stands for a secure connection which reduces the chance of online scams.
Connect with Caution. Most public Wi-Fi networks are not secure, so think twice before shopping or banking while on public Wi-Fi. Disable automatic Wi-Fi and Bluetooth before leaving home.
Download Updates. Installing updates can add new security patches to your apps, operating systems, anti-virus software, and other important programs. Be sure to download updates only from the official app provider.

If you have any questions or concerns, please contact our Customer Service Department at (916) 567-2899 or (800) 564-7144 or visit your nearest branch.

June 1, 2017

Mitigating Risks and Improving Internal Controls

Close up of person using magnifying glass while highlighting in book

At its latest business seminar, River City Bank broached the subject of internal fraud as it relates to awareness and prevention techniques. Utilizing the expertise of EisnerAmper’s Jolene Fraser and John Barrett, the event provided key insight on the rise of internal fraud and shared stories of past cases. Fraser and Barrett discussed various methods for strengthening internal controls to help mitigate fraud risk. They examined greed, financial pressures, or employee disenfranchisement as possible motives for committing financial fraud.

No matter the size, fraud can plague all types of businesses. For most companies, employees can be its biggest asset as well as its greatest risk. Fraser and Barrett agreed that more often than not, it’s the longtime employee, the one that never complains, that stays late and works weekends, who bears close watching. With the ever-changing business and regulatory environment, and the number and diversity of types of frauds being committed against companies, it is essential that internal controls be reviewed, evaluated, tested, and strengthened regularly.

EisnerAmper LLP is one of the largest accounting firms in the U.S., with nearly 1,300 employees and 180 partners across the country. They provide comprehensive audit, accounting, advisory, consulting, and tax services.