Phishing Archives

March 31, 2022

LinkedIn phishing scams increase 232% since February

Phishing attacks impersonating emails from LinkedIn have grown 232% since the start of February. The increase is likely related to more people looking for jobs, switching companies, or recruiting for open positions, thus making people more likely to click on emails from LinkedIn.

We have all received emails from LinkedIn saying things such as “You appeared in 4 searches this week,” “You have 1 new message,” and “Your profile matches this job.” Cybercriminals use email addresses with a LinkedIn display name to send fake emails with the same subject lines. In addition, the emails are branded with the LinkedIn logo, brand colors, and icons. To make the phishing attack more convincing, criminals use other well-known organizations’ names, including American Express and CVS.

The branded email templates lure victims to click on phishing links and enter their credentials into fraudulent websites. The hope is the credentials can be used for other websites that contain sensitive information.

What can you do to protect yourself?

Go directly to the LinkedIn website – To check messages and get updates, type in the full LinkedIn URL in your internet browser.
Slow down and review links – Hover over links to verify they direct you to the correct website.
Turn on two-step verification – Review your LinkedIn profile Settings & Privacy page. Turn on the two-step login verification system.
Report suspicious messages – LinkedIn encourages members to report suspicious messages to their help center. This helps their team identify scams and better secure the platform.

For more information on cyber security and protecting your personal and financial information, visit our Safety and Security page.

September 29, 2021

Security Alert – Phishing URLs

Unfortunately, phishing scams are not going away. The use of business email compromise, smishing or text scams, and ransomware scams are still prevalent. However, the use of Phishing URLs has seen a sharp increase over the past year. Reported cases in April 2021 nearly tripled that of April 2020; 28,000 cases to over 63,000 cases.

Phishing URLs affect both businesses and consumers. This type of scam can generally be attributed to the increase in remote workers and the heavy use of convenient online services such as banking, shopping, and bill pay.

What is a Phishing URL?

A Phishing URL is a website domain or URL that appears to be the official website but has a slight variation. At a glance, the website address seems to be legitimate; however, it takes you to a different website. The scam website can mirror the legitimate website’s homepage, making this type of scam tricky for consumers and highly effective for criminals.

Examples of Phishing URLs:

Legitimate website URL: www.rivercitybank.com
Phishing URLs: www.river-citybank.com; www.rivercitybanking.com; www.river-city-bank.com
Legitimate URL: www.irs.gov
Phishing URLs: www.irs.org; www.irs.com; www.internalrevservice.gov

How Can You Avoid Phishing URLs?

Confirm the URL: Double and triple-check the website address before entering any credentials or clicking on links within the website.
Bookmark Frequently Used Sites: Use the bookmark or favorite’s functions to save frequently visited sites instead of conducting a web search each time. The bookmark will save the legitimate site, thus mitigating the risk of clicking on a Phishing URL.

For more information on cybersecurity, visit the River City Bank Safety and Security page.

December 23, 2020

Holiday Season Phone and Email Scams

The busy holiday season is here, and while this season may look different due to the pandemic, online shopping is at an all-time high. The increase in online shopping means cyber criminals are busier than ever.

There is a popular scam making its way across the country right now where scammers, purportedly from Amazon or Apple, call or email people conning them out of money or their banking credentials. Below are common variations of this scam and ways you can avoid being a victim.

Phone Scam Variations

You receive a call and a recorded message says it’s Amazon. The message says there’s something wrong with your account. It could be a suspicious purchase, a lost package, or an order they can’t fulfill.
In another twist on this scam, you get a recorded message that says there’s been suspicious activity in your Apple iCloud account or your account has been breached.

If you get an unexpected call or message about a problem with any of your accounts, hang up.

Do not press 1 to speak with customer support.
Do not call a phone number they gave you.
Do not give out your personal information.

If you think there may actually be a problem with one of your accounts, contact the company directly using a phone number or website you have verified.

Email Scam

You receive an email that appears to be from Amazon notifying you of a problem with your account. The scammer asks for your Amazon login information with the goal of accessing your account. The scammer will then order items and gain personal information.

If you receive an email asking you to click on a link or enter login information, do not take the bait.

Do not click on links provided in emails. Instead, open a new web browser window to visit a verified site.
Do not enter personal information, including username and password.
Do not call phone numbers given in the email. Look for a phone number on the verified website.

To learn more about cyber security and best practices, visit our Safety & Security page. If you feel you may be a victim of a cyber scam, contact our Customer Service team at (916) 567-2899 or (800) 564-7144 or by email at [email protected].

January 21, 2020

File Your Taxes Before Scammers Do It For You

By Krebs on Security

It’s that time of year, tax-filing season, also known as the season fraudsters start requesting phony tax refunds in the names of identity theft victims. Want to minimize the chances of getting hit by tax refund fraud this year? File your taxes before the bad guys can!

Tax refund fraud affects hundreds of thousands, if not millions, of U.S. citizens annually. Victims usually first learn of the crime after having their returns rejected because scammers beat them to it. Even those who are not required to file a return can be victims of refund fraud, as can those who are not actually due a refund from the IRS. Read the full Krebs on Security article here, and learn more about how fraudsters file phony tax refunds and what you can do to protect yourself.

Should you have any questions about your bank accounts and services, please contact a River City Bank customer service representative at (916) 567-2899.

October 23, 2019

Protecting Yourself from Phishing

Person in front of a laptop holding a mobile phone

As the gift-giving season approaches and shoppers start to plan out their online shopping strategies, cybercriminals begin ramping up their activity. Some of us have learned, the hard way, that the holidays have a way of bringing out individuals who happily profit by preying on others. Thieves are generally after two things: money and things they can turn into money, including gaining access to your private information.

Phishing is a scam that uses email to deceive you into disclosing personal information. Cybercriminals send thousands of emails, hoping to trick individuals into falling for their scams. For example, an email may appear to come from River City Bank, but it does not. It may sound urgent and warn you to update or verify your bank information by clicking on the link contained in the email. These emails are fake and do not come from River City Bank. No bank, including River City Bank, will ever ask you to provide confidential banking information through an email or link.

Phishing Examples and What You Should Do:

The criminal sends an email purportedly from a member of your business or one of your suppliers and requests you to wire funds. Before you react, pick up the phone and obtain verbal verification from your contact using the phone number you have on file, not one that may have been provided by the criminal.

If you get an email that warns you that an account of yours will be shut down unless you reconfirm personal information, or that the bank is “missing” information about your account, do not reply or click on the link in the email. To confirm if a River City Bank email solicitation is legitimate, please call our Customer Service Center at (916) 567-2899.

For additional security tips, how to limit unwanted calls and emails, and recent scam alerts, visit the Federal Trade Commission’s website dedicated to consumer protection at www.consumer.ftc.gov.

Again, keep in mind that River City Bank will never ask for your personal information by email or text. Your personal and financial security is our top priority. Should you have any questions or concerns regarding your account information or communication you have received from River City Bank, please do not hesitate to reach out to a customer service representative at (916) 567-2899 or (800) 564-7144.

December 12, 2018

Online Shopping – Cybersecurity Tips for the Holidays

Woman sitting, surrounded by holiday presents, with laptop on her lap and shopping online

The busy holiday season is here and, for many, that means shopping and spending time with family and friends. It is also a busy time for cybercriminals, with over 40 percent of online scam attempts occurring during the last quarter of the year.

To have a safe and secure holiday season, we recommend the following safety precautions:

Use a Credit Card: It’s nearly impossible to tell how secure an online merchant is, so it’s best to be cautious and shop as though all merchants have been compromised. With that in mind, if you have a choice between using your credit or debit card, shop with your credit card. While you may not be liable for fraudulent charges, the effect of having your debit card compromised can be felt immediately when your checking account has been drained, and checks or recurring charges do not clear.
Review your Statements: Keep a close eye on your bank and credit card statements. Fraudsters are notorious for using the busy holiday season to make unauthorized charges on stolen cards, and the bogus purchases can get buried amid the flurry of legitimate purchases. Review your statements regularly (daily is best) and quickly dispute unauthorized charges.
Don’t Take the Bait: A favorite holiday phishing and malware scam involves spam emails that purport to have been sent by the U.S. Postal Service, FedEx, UPS, or other shipping services. The spam email is usually regarding a wayward package or asks for additional information for delivery. When in doubt, visit the e-commerce site or shipping site directly, and avoid clicking on links or attachments in emails.
Click with Care: Cybercriminals love to use holiday shopping and travel scams to gain access to information and computer systems. Scammers try to lure you to copycat websites of well-known brands or retailers by advertising great deals on hot-ticket items on social media sites or through search engines. Their goal: to deliver malware to your computer, steal your credit card number, or “phish” for personal information.
Connect with Caution: Most public Wi-Fi networks are not secure, so think twice before shopping or banking while on public Wi-Fi. Disable automatic Wi-Fi and Bluetooth before leaving home.

A security tip no longer recommended is the “look for the padlock” test. The presence of a padlock icon next to the website address used to signal a legitimate site versus a phishing trap. Unfortunately, half of all phishing scams are now hosted on a site whose address begins with “https://” and includes a padlock icon. The presence of the padlock icon does not mean the site is legitimate. A website address with an “https://” address or “Secure Sockets Layer (SSL)” simply signifies that data transmitted back and forth between your browser and the site is encrypted and cannot be read by third parties; not that the site is legitimate.

Major web browsers are working with security organizations to index and flag new phishing sites with warning pages; however, not all phishing scams are flagged quickly. With the “look for the padlock” test taken away, it’s paramount that you stay alert and vigilant about reviewing emails, links, and attachments for suspicious content. For more tips on how to keep your information safe during the holiday season, and how to help your family and friends with a cybersecurity checkup, visit krebsonsecurity.com.

At River City Bank, your personal and financial security is our top priority. If you have questions or concerns, please call a customer service representative at (916) 567-2899 or (800) 564-7144 or visit your nearest branch.

October 15, 2018

Security News – Smishing Alert

The use of text message to communicate with the public can be useful and efficient; however, it also opens the door for potential text message scams, also known as Smishing. With the increased use of text messages for communication, we want to remind you of security precautions you should take to keep your personal and bank account information safe.

What is Smishing?

Scammers are now targeting potential victims with text message scams sent via shortcodes and links. Shortcodes are used by legitimate businesses to send messages to customers; examples include airline ticket confirmations, identity verification, and routine account alerts. However, shortcodes and links can also contain malicious malware which can install on your phone. Once installed, the malware app can log your keystrokes, steal your identity, or hold valuable files for ransom. It is imperative to be vigilant when reading and responding to text messages. Following are tips for protecting yourself against the rise of smishing scams.

What you can do to protect yourself?

Government agencies, banks, or other legitimate businesses will never request personal or financial information via text message.
Be skeptical of any text message you receive from unknown senders.
Take your time. Smishing scams work by creating a false sense of urgency by demanding an immediate response.
Never click on links or call phone numbers in unsolicited text messages.
Do not respond to smishing messages. Responding verifies that your phone number is active and encourages scammers to keep trying.
Delete the message from your phone.

To learn more about how to protect your personal information, visit the River City Bank Safety & Security page.

February 20, 2018

Wires: Tips to Protect Your Money

Wires are inherently risky. Once a wire is sent, including a fraudulent wire, the transfer CANNOT be reversed. When sending a wire, it is extremely important that you personally know who you are sending the funds to. If you do not know the person or company, the request may be fraudulent. Allow us to point out some of the usual fraud schemes and scams we have witnessed involving wires. While this is not an all-inclusive list, it will help you decide if the wire transfer YOU request is legitimate.

Things you should ask yourself before you make a wire transfer request:

1. What is the source of this wire transfer request?

For example, was this request received via e-mail from another account owner, someone you know, or your boss (e.g. CEO or CFO)? If so, you should confirm this request in person or over the phone, using a number you have on file, with that individual to ensure they actually e-mailed the request.

2. Have you been told not to disclose the reason you are wiring funds?

What is the reason for the secrecy? Is it valid?

3. Do you personally know the individual or business you are sending money to?

If not, are you certain the requestor is who they say they are?

Situation #1: You have been instructed to send a wire to someone you do not know. Here are some scenarios that should raise flags:

Wiring funds to an investment firm located outside the United States that contacted you via e-mail, mail, or telephone
Keep in mind that fraudulent requests for wires occur every day. Ensure you are comfortable with who you are sending money to.

Wiring funds to pay for fees or taxes in order to release lottery winnings or an inheritance
The lotteries we are aware of do not require taxes or fees to be paid in advance as a requirement of collecting the winnings.

Wiring funds to cover a loved one’s expenses or bail
If you were you notified by someone you do not personally know, or even by your loved one via email, confirm this request in person or over the phone with your loved one directly.

Unexpectedly contacted by a business or vendor stating their payment information has changed
Contact the business or vendor directly, using a phone number you have on file, to validate the changes are legitimate.

Situation #2: You deposited a check or received an electronic deposit to your account and the sender is requesting you to wire them the full or partial amount of the deposit back. Here are some common deceptions designed to steal YOUR money:

Wiring money to someone due to a canceled purchase for items sold on the internet
You are requested to deposit a check and send a portion back under the pretense that the extra money is commission or overpayment
Wiring funds to someone who hired you to process checks for them or their company
Wiring funds to someone you met on the internet that sent you money

In these situations, if the deposit into your account is fraudulent and you wire out or withdraw the funds, you will be held RESPONSIBLE for the entire amount of the returned deposit. Should any these situations arise, STOP and contact River City Bank at (916) 567-2899 or (800) 564-7144, prior to sending the wire.

January 19, 2018

Cybersecurity Tips

Cybersecurity best practices constitute an expansive list of things to do. While in-depth security measures need to be implemented and managed by experts, you don’t need to be a cybersecurity pro to employ smart online safety habits that can go a long way in guarding against online crime. Small and simple steps, like the ones listed below, are just as important in helping to protect your data.

Stop. Think. Connect.

Click with care. Cybercriminals love to use holiday shopping and travel scams to gain access to information and computer systems. Scammers try to lure you to copycat websites of well-known brands or retailers by advertising great deals on hot-ticket items on social media sites or through search engines. Their goal: to deliver malware to your computer, steal your credit card number, or “phish” for personal information.
Lock it up! Never leave a device unattended and be sure you have strong passwords.
Search for the “S.” Look for the “https” instead of “http” on the web address of the payment page before you enter a credit card number or other personal information. The “s” stands for a secure connection which reduces the chance of online scams.
Connect with Caution. Most public Wi-Fi networks are not secure, so think twice before shopping or banking while on public Wi-Fi. Disable automatic Wi-Fi and Bluetooth before leaving home.
Download Updates. Installing updates can add new security patches to your apps, operating systems, anti-virus software, and other important programs. Be sure to download updates only from the official app provider.

If you have any questions or concerns, please contact our Customer Service Department at (916) 567-2899 or (800) 564-7144 or visit your nearest branch.

March 9, 2017

Staying Safe from Tax Season Scams

By Thomas F. Duffy,Chair, MS-ISAC | Center for Internet Security.

Extreme close up of a calculator and pencil on top of a paper filled with numbers

Now that W-2’s have arrived, it’s time to consider how to stay safe from tax season scams. Every year, unfortunate taxpayers go to file their returns and are shocked to find that someone else has filed a fraudulent one in their name! Some innocent people also receive fraudulent phone calls from criminals impersonating tax officials. Sadly, tax fraud has only become more widespread and digital communication has opened new ways for it to happen.

While the Internal Revenue Service (IRS) reports on multiple tax-payer related scams and even publishes a “Dirty Dozen” list, three scams variants are worth highlighting: Phishing and Malware Schemes; Identity Theft and Falsely Filed Tax Returns; and Impersonation Scams. Once criminals have your information, they can also continue to commit identity theft well beyond tax season. Here are some details on each of these scams, along with how to identify them and seek help in case of identity theft.

Phishing and Malware Schemes

The first type of scam often leads to identity theft and falsely filed tax returns, but may also result in you downloading malware. This happens when criminals send convincing phishing emails or direct you to convincing websites that appear to be IRS, state government, tax software, or financial institution websites. Their goal is to trick you into entering your login credentials, verifying sensitive personal information, or downloading malware.

Never click on email links; type the organization’s website into your web browser.
If you feel something is suspicious, contact the organization through a known method, like their publicly-posted customer service line.

Do not reply to emails or texts asking for personal or tax information.

Identity Theft and Falsely Filed Tax Returns

Once criminals have your personal information, they can use it to commit identity theft or file a false tax return in your name. In this case, if the criminal files the return before you do, they are getting your refund money and forcing you to go through the arduous process of proving that it was not you who filed the return. Criminals send phishing emails or make phone calls to trick you into providing your information so that they can commit this type of fraud.

Be wary of any contact by phone or email claiming to be from the IRS, as they do not contact taxpayers directly for this type of information.

File your tax return as soon as you get your W-2’s and other tax information. Criminals cannot successfully file a fraudulent return if you have already filed with the IRS!

Impersonation Scams

Our final flavor of scam involves a criminal impersonating the IRS or a tax official, such as a tax advocacy panel or tax preparer. They may say you owe money to the IRS or your state tax department or may represent themselves as a trusted tax authority and request information. This contact can occur through websites, emails, or threatening calls or text messages, that seem official. Sometimes, these scammers request that their victims pay by strange methods like gift cards or prepaid credit cards.

If you do in fact owe tax money to the IRS, you will receive an official bill in the mail first before being contacted by phone or email. For a quick reference, the IRS states that these are four things they will never do:

ask for credit or debit card numbers over the phone;
call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer;
threaten to immediately bring in local police or other law-enforcement groups to have you arrested for not paying;
demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.

Seeking help and reporting scams

The IRS encourages taxpayers to send suspicious emails related to tax fraud to its [email protected] email account. Other forms of tax fraud can be reported by following the instructions here.

If you suspect that you have been a victim of fraud or identity theft, please head to www.identitytheft.gov. This is a site run by the Federal Trade Commission that provides a step-by-step recovery plan and assistance in taking action. It allows you to report if someone filed a return fraudulently in your name if your information was exposed in a major data breach, and in the case of many other types of fraud. If you believe someone has used your social security number to fraudulently submit a tax return, you can also call the IRS at (800) 908-4490.

Keep these common types of fraud in mind, and don’t hesitate to seek assistance if you become a victim.