Scams – Page 2 – River City Bank

October 23, 2019

Protecting Yourself from Phishing

Person in front of a laptop holding a mobile phone

As the gift-giving season approaches and shoppers start to plan out their online shopping strategies, cybercriminals begin ramping up their activity. Some of us have learned, the hard way, that the holidays have a way of bringing out individuals who happily profit by preying on others. Thieves are generally after two things: money and things they can turn into money, including gaining access to your private information.

Phishing is a scam that uses email to deceive you into disclosing personal information. Cybercriminals send thousands of emails, hoping to trick individuals into falling for their scams. For example, an email may appear to come from River City Bank, but it does not. It may sound urgent and warn you to update or verify your bank information by clicking on the link contained in the email. These emails are fake and do not come from River City Bank. No bank, including River City Bank, will ever ask you to provide confidential banking information through an email or link.

Phishing Examples and What You Should Do:

The criminal sends an email purportedly from a member of your business or one of your suppliers and requests you to wire funds. Before you react, pick up the phone and obtain verbal verification from your contact using the phone number you have on file, not one that may have been provided by the criminal.

If you get an email that warns you that an account of yours will be shut down unless you reconfirm personal information, or that the bank is “missing” information about your account, do not reply or click on the link in the email. To confirm if a River City Bank email solicitation is legitimate, please call our Customer Service Center at (916) 567-2899.

For additional security tips, how to limit unwanted calls and emails, and recent scam alerts, visit the Federal Trade Commission’s website dedicated to consumer protection at www.consumer.ftc.gov.

Again, keep in mind that River City Bank will never ask for your personal information by email or text. Your personal and financial security is our top priority. Should you have any questions or concerns regarding your account information or communication you have received from River City Bank, please do not hesitate to reach out to a customer service representative at (916) 567-2899 or (800) 564-7144.

July 1, 2019

Customer Alert: Social Security Number Scam

A nice sounding professional calls from the government and reports that your Social Security number has been suspended, and with a little bit of information, they will reactivate it for you. Sounds okay right?

Wrong!

This is a common phone scam that people have been receiving lately. A caller or robocall will pretend to be a government official and state that your Social Security number has been suspended or deactivated due to fraudulent or criminal activity. The fraudster will then ask you to call a phone number to clear up the situation by simply providing some personal information. The fraudsters are trying to trick you into providing information such as your birth date, bank account numbers, social security numbers, and other sensitive information.

While the initial call may sound scary, remember your Social Security number cannot be suspended or deactivated. Below are a few tips to protect you from this phone scam and other variations of this scheme.

Your Social Security number cannot be suspended or deactivated.
The Social Security Administration will never threaten to arrest you.
Never give out or confirm your personal information over the phone, via email, or on a website until you have fully verified who is asking for the information. Contact government agencies directly using phone numbers and website addresses you know to be legitimate.
Remember, the government normally contacts people via postal mail. Unfortunately, mail scams are a common occurrence as well, and the same security precautions should be used with postal mail. Mail should be scrutinized and information validated before calling a phone number or visiting a website listed on the letter.
Do not trust a name, phone number, or email address just because it sounds connected to the government. Fraudsters use sophisticated tools, such as fake caller ID and email addresses, to impersonate government officials.

Should you receive a scam phone call, do not provide any information and hang up immediately. You can report the call to the Federal Trade Commission at www.ftc.gov, so they are aware of current phone scams taking place.

Safeguarding your personal information is not just important, it’s vital to your business and ours. Should you have any questions about phone scams or protecting your financial information, please do not hesitate to reach out to a Customer Service Representative at (916) 567-2899 or (800) 564-7144 or by email at [email protected].

December 20, 2018

Security News – How to Avoid a Vishing Scam

By now you probably know not to click on links that arrive unexpectedly via email (Phishing) or text (Smishing), but how about an old-fashioned telephone scam? As people have become more educated on cybersecurity, criminals are turning to alternative scamming methods, including the telephone scam.

What is Vishing?

Vishing is the telephone-based scam that has even the most tech-savvy consumers falling victim. Vishing scams rely heavily on manipulation and social engineering to get potential victims to give up personal information such as PINs, Social Security numbers, credit card security codes, and passwords. Criminals typically pretend to be from an official organization such as a bank or the government and use “caller ID spoofing” which allows them to make phone calls that appear to be from legitimate organizations. Vishing calls can be from a live person, robot, or both. With so many variables, it’s imperative to stay alert and keep your information protected.

Common vishing scams include:

Supposed fraud or suspicious activity on your bank account
Overdue or unpaid taxes to the IRS
Fake computer or IT support
Fake government agency

How to avoid vishing scams:

Never answer a call from an unknown number. Picking up may alert the scammer that the number is active and may lead to more calls down the road. Instead, let the call go to voicemail. If the scammer leaves a message, it will give you time to vet out the caller properly.
If you do answer, never give your personal information. Banks and government institutions will never ask for personal information over the phone. If you are asked for personal information or feel uncertain to the legitimacy of the call, hang up and call back after crossing referencing the number online or on the back of your credit card. It is worth noting that government institutions like the IRS almost exclusively communicate by mail or occasionally email.
Don’t trust Caller ID. As mentioned above, scammers can use “caller ID spoofing” to make calls appear to come from a legitimate source. While the call may be legitimate, keep your guard up and remember never give out personal information over the phone.

December 12, 2018

Online Shopping – Cybersecurity Tips for the Holidays

Woman sitting, surrounded by holiday presents, with laptop on her lap and shopping online

The busy holiday season is here and, for many, that means shopping and spending time with family and friends. It is also a busy time for cybercriminals, with over 40 percent of online scam attempts occurring during the last quarter of the year.

To have a safe and secure holiday season, we recommend the following safety precautions:

Use a Credit Card: It’s nearly impossible to tell how secure an online merchant is, so it’s best to be cautious and shop as though all merchants have been compromised. With that in mind, if you have a choice between using your credit or debit card, shop with your credit card. While you may not be liable for fraudulent charges, the effect of having your debit card compromised can be felt immediately when your checking account has been drained, and checks or recurring charges do not clear.
Review your Statements: Keep a close eye on your bank and credit card statements. Fraudsters are notorious for using the busy holiday season to make unauthorized charges on stolen cards, and the bogus purchases can get buried amid the flurry of legitimate purchases. Review your statements regularly (daily is best) and quickly dispute unauthorized charges.
Don’t Take the Bait: A favorite holiday phishing and malware scam involves spam emails that purport to have been sent by the U.S. Postal Service, FedEx, UPS, or other shipping services. The spam email is usually regarding a wayward package or asks for additional information for delivery. When in doubt, visit the e-commerce site or shipping site directly, and avoid clicking on links or attachments in emails.
Click with Care: Cybercriminals love to use holiday shopping and travel scams to gain access to information and computer systems. Scammers try to lure you to copycat websites of well-known brands or retailers by advertising great deals on hot-ticket items on social media sites or through search engines. Their goal: to deliver malware to your computer, steal your credit card number, or “phish” for personal information.
Connect with Caution: Most public Wi-Fi networks are not secure, so think twice before shopping or banking while on public Wi-Fi. Disable automatic Wi-Fi and Bluetooth before leaving home.

A security tip no longer recommended is the “look for the padlock” test. The presence of a padlock icon next to the website address used to signal a legitimate site versus a phishing trap. Unfortunately, half of all phishing scams are now hosted on a site whose address begins with “https://” and includes a padlock icon. The presence of the padlock icon does not mean the site is legitimate. A website address with an “https://” address or “Secure Sockets Layer (SSL)” simply signifies that data transmitted back and forth between your browser and the site is encrypted and cannot be read by third parties; not that the site is legitimate.

Major web browsers are working with security organizations to index and flag new phishing sites with warning pages; however, not all phishing scams are flagged quickly. With the “look for the padlock” test taken away, it’s paramount that you stay alert and vigilant about reviewing emails, links, and attachments for suspicious content. For more tips on how to keep your information safe during the holiday season, and how to help your family and friends with a cybersecurity checkup, visit krebsonsecurity.com.

At River City Bank, your personal and financial security is our top priority. If you have questions or concerns, please call a customer service representative at (916) 567-2899 or (800) 564-7144 or visit your nearest branch.

October 15, 2018

Security News – Smishing Alert

The use of text message to communicate with the public can be useful and efficient; however, it also opens the door for potential text message scams, also known as Smishing. With the increased use of text messages for communication, we want to remind you of security precautions you should take to keep your personal and bank account information safe.

What is Smishing?

Scammers are now targeting potential victims with text message scams sent via shortcodes and links. Shortcodes are used by legitimate businesses to send messages to customers; examples include airline ticket confirmations, identity verification, and routine account alerts. However, shortcodes and links can also contain malicious malware which can install on your phone. Once installed, the malware app can log your keystrokes, steal your identity, or hold valuable files for ransom. It is imperative to be vigilant when reading and responding to text messages. Following are tips for protecting yourself against the rise of smishing scams.

What you can do to protect yourself?

Government agencies, banks, or other legitimate businesses will never request personal or financial information via text message.
Be skeptical of any text message you receive from unknown senders.
Take your time. Smishing scams work by creating a false sense of urgency by demanding an immediate response.
Never click on links or call phone numbers in unsolicited text messages.
Do not respond to smishing messages. Responding verifies that your phone number is active and encourages scammers to keep trying.
Delete the message from your phone.

To learn more about how to protect your personal information, visit the River City Bank Safety & Security page.

June 1, 2018

Debit Card Safety Tips

With debit cards quickly becoming the most popular form of payment around the globe, it’s no wonder that card fraud is on the rise. Almost everyone who has a debit card may have, at some point, experienced a form of information breach. But, there are things you can do to reduce the chances of becoming a victim:

Be Wary of Independent ATMs – Independent ATMs are not monitored as regularly as bank ATMs.

Avoid using ATMs with unusual signage, especially ones requesting you enter your PIN twice to complete a transaction.
Watch out for ATMs that appear to have been altered. If the front of the machine looks crooked, loose, or damaged; these are tell-tale signs of the existence of a skimming device.
Cover the keypad with your other hand to block anyone, or a camera, from viewing your PIN.

Paying at the Pump – Gas station self-service pumps are easy targets for thieves to place a skimmer and/or pinhole camera. These cameras are sometimes used in conjunction with card skimmers to capture footage of customers entering their PIN.

Pay attention to the card slot. If a card slot looks different from the other card readers at the station, it might be a setup for a card skimmer.
Take the extra step of precaution and pay the gas station attendant instead.

Online Purchases – Debit cards are accepted almost everywhere credit cards are taken. Here are a few tips to help ensure a safe online shopping experience:

Don’t store your debit card information on websites.
Install a personal firewall, plus antivirus and anti-spy software.
Use strong passwords and change them regularly.
Monitor your accounts and check your balances often.

Public WiFi – If you use a free Wi-Fi connection in an airport, café, hotel, or some other public space, you are taking a risk with your debit card information. Public Wi-Fi and shared computers are easy marks for hotspot hackers and a dangerous place to manage your banking and finances online.

Don’t set up your devices to automatically connect to WiFi.
When using public WiFi or a shared computer, avoid transactions that require you to enter your personal information.

Signing Your Card – As a best practice, instead of signing your card, take an indelible marker and write “Ask for identification” in block letters. If you suspect that you have been a victim of fraud or identity theft, please visit www.identitytheft.gov. This is a site run by the Federal Trade Commission that provides a step-by-step recovery plan and assistance in taking action.

Should you have any questions or concerns, please contact our Customer Service Department (916) 567-2899 or (800) 564-7144 or visit your nearest branch.

February 20, 2018

Wires: Tips to Protect Your Money

Wires are inherently risky. Once a wire is sent, including a fraudulent wire, the transfer CANNOT be reversed. When sending a wire, it is extremely important that you personally know who you are sending the funds to. If you do not know the person or company, the request may be fraudulent. Allow us to point out some of the usual fraud schemes and scams we have witnessed involving wires. While this is not an all-inclusive list, it will help you decide if the wire transfer YOU request is legitimate.

Things you should ask yourself before you make a wire transfer request:

1. What is the source of this wire transfer request?

For example, was this request received via e-mail from another account owner, someone you know, or your boss (e.g. CEO or CFO)? If so, you should confirm this request in person or over the phone, using a number you have on file, with that individual to ensure they actually e-mailed the request.

2. Have you been told not to disclose the reason you are wiring funds?

What is the reason for the secrecy? Is it valid?

3. Do you personally know the individual or business you are sending money to?

If not, are you certain the requestor is who they say they are?

Situation #1: You have been instructed to send a wire to someone you do not know. Here are some scenarios that should raise flags:

Wiring funds to an investment firm located outside the United States that contacted you via e-mail, mail, or telephone
Keep in mind that fraudulent requests for wires occur every day. Ensure you are comfortable with who you are sending money to.

Wiring funds to pay for fees or taxes in order to release lottery winnings or an inheritance
The lotteries we are aware of do not require taxes or fees to be paid in advance as a requirement of collecting the winnings.

Wiring funds to cover a loved one’s expenses or bail
If you were you notified by someone you do not personally know, or even by your loved one via email, confirm this request in person or over the phone with your loved one directly.

Unexpectedly contacted by a business or vendor stating their payment information has changed
Contact the business or vendor directly, using a phone number you have on file, to validate the changes are legitimate.

Situation #2: You deposited a check or received an electronic deposit to your account and the sender is requesting you to wire them the full or partial amount of the deposit back. Here are some common deceptions designed to steal YOUR money:

Wiring money to someone due to a canceled purchase for items sold on the internet
You are requested to deposit a check and send a portion back under the pretense that the extra money is commission or overpayment
Wiring funds to someone who hired you to process checks for them or their company
Wiring funds to someone you met on the internet that sent you money

In these situations, if the deposit into your account is fraudulent and you wire out or withdraw the funds, you will be held RESPONSIBLE for the entire amount of the returned deposit. Should any these situations arise, STOP and contact River City Bank at (916) 567-2899 or (800) 564-7144, prior to sending the wire.

January 19, 2018

Cybersecurity Tips

Cybersecurity best practices constitute an expansive list of things to do. While in-depth security measures need to be implemented and managed by experts, you don’t need to be a cybersecurity pro to employ smart online safety habits that can go a long way in guarding against online crime. Small and simple steps, like the ones listed below, are just as important in helping to protect your data.

Stop. Think. Connect.

Click with care. Cybercriminals love to use holiday shopping and travel scams to gain access to information and computer systems. Scammers try to lure you to copycat websites of well-known brands or retailers by advertising great deals on hot-ticket items on social media sites or through search engines. Their goal: to deliver malware to your computer, steal your credit card number, or “phish” for personal information.
Lock it up! Never leave a device unattended and be sure you have strong passwords.
Search for the “S.” Look for the “https” instead of “http” on the web address of the payment page before you enter a credit card number or other personal information. The “s” stands for a secure connection which reduces the chance of online scams.
Connect with Caution. Most public Wi-Fi networks are not secure, so think twice before shopping or banking while on public Wi-Fi. Disable automatic Wi-Fi and Bluetooth before leaving home.
Download Updates. Installing updates can add new security patches to your apps, operating systems, anti-virus software, and other important programs. Be sure to download updates only from the official app provider.

If you have any questions or concerns, please contact our Customer Service Department at (916) 567-2899 or (800) 564-7144 or visit your nearest branch.

March 9, 2017

Staying Safe from Tax Season Scams

By Thomas F. Duffy,Chair, MS-ISAC | Center for Internet Security.

Extreme close up of a calculator and pencil on top of a paper filled with numbers

Now that W-2’s have arrived, it’s time to consider how to stay safe from tax season scams. Every year, unfortunate taxpayers go to file their returns and are shocked to find that someone else has filed a fraudulent one in their name! Some innocent people also receive fraudulent phone calls from criminals impersonating tax officials. Sadly, tax fraud has only become more widespread and digital communication has opened new ways for it to happen.

While the Internal Revenue Service (IRS) reports on multiple tax-payer related scams and even publishes a “Dirty Dozen” list, three scams variants are worth highlighting: Phishing and Malware Schemes; Identity Theft and Falsely Filed Tax Returns; and Impersonation Scams. Once criminals have your information, they can also continue to commit identity theft well beyond tax season. Here are some details on each of these scams, along with how to identify them and seek help in case of identity theft.

Phishing and Malware Schemes

The first type of scam often leads to identity theft and falsely filed tax returns, but may also result in you downloading malware. This happens when criminals send convincing phishing emails or direct you to convincing websites that appear to be IRS, state government, tax software, or financial institution websites. Their goal is to trick you into entering your login credentials, verifying sensitive personal information, or downloading malware.

Never click on email links; type the organization’s website into your web browser.
If you feel something is suspicious, contact the organization through a known method, like their publicly-posted customer service line.

Do not reply to emails or texts asking for personal or tax information.

Identity Theft and Falsely Filed Tax Returns

Once criminals have your personal information, they can use it to commit identity theft or file a false tax return in your name. In this case, if the criminal files the return before you do, they are getting your refund money and forcing you to go through the arduous process of proving that it was not you who filed the return. Criminals send phishing emails or make phone calls to trick you into providing your information so that they can commit this type of fraud.

Be wary of any contact by phone or email claiming to be from the IRS, as they do not contact taxpayers directly for this type of information.

File your tax return as soon as you get your W-2’s and other tax information. Criminals cannot successfully file a fraudulent return if you have already filed with the IRS!

Impersonation Scams

Our final flavor of scam involves a criminal impersonating the IRS or a tax official, such as a tax advocacy panel or tax preparer. They may say you owe money to the IRS or your state tax department or may represent themselves as a trusted tax authority and request information. This contact can occur through websites, emails, or threatening calls or text messages, that seem official. Sometimes, these scammers request that their victims pay by strange methods like gift cards or prepaid credit cards.

If you do in fact owe tax money to the IRS, you will receive an official bill in the mail first before being contacted by phone or email. For a quick reference, the IRS states that these are four things they will never do:

ask for credit or debit card numbers over the phone;
call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer;
threaten to immediately bring in local police or other law-enforcement groups to have you arrested for not paying;
demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.

Seeking help and reporting scams

The IRS encourages taxpayers to send suspicious emails related to tax fraud to its [email protected] email account. Other forms of tax fraud can be reported by following the instructions here.

If you suspect that you have been a victim of fraud or identity theft, please head to www.identitytheft.gov. This is a site run by the Federal Trade Commission that provides a step-by-step recovery plan and assistance in taking action. It allows you to report if someone filed a return fraudulently in your name if your information was exposed in a major data breach, and in the case of many other types of fraud. If you believe someone has used your social security number to fraudulently submit a tax return, you can also call the IRS at (800) 908-4490.

Keep these common types of fraud in mind, and don’t hesitate to seek assistance if you become a victim.