Welcome to QNB’s Fraud Education Center. This section of our website is dedicated to the ongoing education of our customers on important cyber security and fraud prevention tips.
- Money Mule Scam Infographic
- Don't Be Fooled by Phone Number Spoofing
- Debit Card Safety Recall Letter Scam
- New Social Security Imposter Scam
- Tax Season and Your Refund Options
- IRS Impersonation Scams
- Beware of IRS Tax Scams
- Loan Closing Fraud Scheme
- Can You Hear Me Scam
- Be Alert to Card Skimming
- 14 Red Flags for Elder Financial Abuse
- Spend or Save: 5 Ways to Make Your Refund Count this Tax Season
- 12 Tips for Protecting Your Mobile Devices
- Scam Calls and Emails Using IRS as Bait Persist
- 5 Tips to Stay Safe on Public Wi-Fi
- Social Engineering - Phishing, Vishing and Smishing!!!
- FBI Fraud Alert - Don't Get Scammed!
- Identity Theft -- What Is It and What to Do
- Protect Yourself and Your Computer
- Visit the Business Fraud Education Center
Money Mule Scam Infographic
The American Bankers Association Foundation and the Federal Trade Commission infographic highlights a type of scam in which criminals use their victims to move stolen funds. Money mule scams can take many forms, and commonly involve online dating, work-at-home jobs or prizes. Click here to view this valuable information on money mule scams (PDF).
Don't Be Fooled by Phone Number Spoofing
The bad guys have technology that allows them to “spoof” real phone numbers so they can imitate legitimate businesses or services such as a bank's fraud center. If QNB's Fraud Center contacts you to verify check card activity, they will never ask you for personal information. If you are asked for personal information, such as a social security number, a driver’s license number, etc., there is reason to be suspicious.
QNB's Fraud Center will NEVER:
- Ask for your card's expiration date
- Ask for your card's CVV (3-digit code)
- Ask for your card's PIN
- Ask for your social security number
- Ask for your driver's license number
- Keep you on hold for extended periods as they continue to collect additional personal information.
Look out for these red flags and others, such as a fraudster asking for your account balance to determine how much they can get from you. When in doubt, disconnect the call and call our Customer Service Center at 215-538-5605 or 800-491-9070.
Debit Card Safety Recall Letter Scam
There is a new scam letter in circulation targeting bank account holders that appears to come from a Bank's Debit Card Safety Manager. The bogus letter is titled Important Notice – Debit Card Safety Recall. The letter informs the recipient that their new chip-enabled debit card may catch fire while in a wallet or purse. The letter requests that the individual mail the card back (to the card factory in India) with the bottom of the form completed/submitted. The form at the bottom of the letter asks for name, address and PIN.
New Social Security Imposter Scam
Consumer advocates are raising an alert about a twist to an old impostor phone scam. It's called the "Social Security impostor scam." A blog at the Federal Trade Commission recently wrote: The SSA scam may be the new IRS scam." In the last 12 months, people filed more than 76,000 complaints about Social Security impostors, reporting $19 million in losses. The median reported loss last year was $1,500, the FTC said.
You get a call with a warning that your Social Security number has been suspended because of suspicious activity or because it's been used in a crime. The scammer wants you to confirm your SSN to reactivate it. Sometimes, he’ll say your bank account is about to be seized – but he’ll tell you what to do to keep it safe. (Often, that involves putting your money on gift cards and giving him the codes – which, of course, means that your money is gone.)
The phone call may be a robocaller with a message to "press 1" to speak with a "support representative" from the government to reactivate your Social Security number. The scammers use technology to spoof your Caller ID to make it look like the Social Security Administration is really calling.
What to know:
- Your Social Security number is not about to be suspended. You don’t have to verify your number to anyone who calls out of the blue. And your bank accounts are not about to be seized.
- SSA will never call to threaten your benefits or tell you to wire money, send cash, or put money on gift cards. Anyone who tells you to do those things is a scammer. Every time.
- Don't trust your phone's caller ID. Scammers can make it look as if the Social Security Administration is calling and even use the agency's real number. The real SSA number is 1-800-772-1213.
- Never give any part of your Social Security number to anyone who contacts you, or your bank account or credit card number.
Report government imposter scams to the FTC at ftc.gov/complaint.
Tax Season and Your Refund Options
Information from Federal Deposit Insurance Corporation:
Changes in banking technology make managing your refund safer and easier than ever
Here are a few tips to ensure that your refund arrives as quickly and safely as possible as well as some ideas on how to get the most out of your money when it does.
IRS Impersonation Scams
Information from U.S. Department of the Treasury Inspector General for Tax Administration (TIGTA):
The IRS WILL NOT contact you by phone with threats for non-payment of tax liability.
The IRS DOES NOT require Green Dot, iTunes, Amazon.com, MoneyPak or any other kind of gift card or credit card for tax payment.
BEWARE of IRS impersonation scams. Just hang up.
Report scams to http://www.tigta.gov
Beware of IRS Tax Scams
Information from the IRS website:
The IRS doesn't initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. Recognize the telltale signs of a scam. The IRS urges taxpayers to watch out for erroneous refunds; beware of fake calls to return money to a collection agency.
Identity thieves who specialize in tax refund fraud have been busy of late hacking online accounts at multiple tax preparation firms, using them to file phony refund requests. Once the Internal Revenue Service processes the return and deposits money into bank accounts of the hacked firms' clients, the crooks contact those clients posing as a collection agency and demand that the money be "returned". They'll call taxpayers who've had fraudulent tax refunds deposited into their bank accounts, claim the refund was deposited in error, and threaten recipients with criminal charges if they fail to forward the money to the collection agency.
If you believe that you are involved in an IRS scam or are a victim of identity theft, the Federal Trade Commission (FTC) recommends these steps:
- File a complaint with the FTC at identitytheft.gov.
- Contact one of the three major credit bureaus to place a ‘fraud alert’ on your credit records:
- Equifax, www.Equifax.com, 800-525-6285
- Experian, www.Experian.com, 888-397-3742
- TransUnion, www.TransUnion.com, 800-680-7289
- Contact your financial institutions, and close any financial or credit accounts opened without your permission or tampered with by identity thieves.
Loan Closing Fraud Scheme
The Federal Trade Commission and the National Association of Realtors® are warning home buyers about an email and money wiring scam. Hackers have been gaining access into some consumers’ and real estate professionals’ or settlement agent’s email accounts to get information about upcoming real estate transactions.
After figuring out the closing dates, the hacker sends an email to the buyer, posing as either the settlement agent or the lender. The bogus email notes that checks (Cashier’s or otherwise) are no longer allowed to be brought to the closing table to facilitate the closing (a wire is required and instructions provided) or that there has been a last-minute change to the wiring instructions previously provided, and tells the buyer to wire the closing costs to a different account. But it’s the scammer’s account and the money is lost.
Can You Hear Me Scam
"Can you hear me?" Police in several states are urging people to avoid answering this simple question from a phone number they do not know.
Authorities say the question is aimed at getting unsuspecting victims to say "yes" -- an answer the fraudster then records as a way to authorize charges on a phone, utility or credit card bill. The scam is a variation of one that began late last year, according to law enforcement.
"You say 'yes,' it gets recorded and they say that you have agreed to something," Susan Grant, director of consumer protection and privacy for the Consumer Federation of America, "I know that people think it's impolite to hang up, but it's a good strategy."
Be Alert to Card Skimming
This type of fraud occurs when thieves target ATMs or point-of-sale terminals that read debit and credit cards with devices that capture the magnetic strip and keypad information. Typically this involves two devices: a card reader inserted in or over the existing one and a camera that captures the key strokes on the machines keypad.
You can protect yourself from card skimming scams by following these three easy steps:
Be Aware of Your Surroundings
When using any ATM or point of sale terminal pay close attention to the card swipe and keyboard. If any parts look loose, discolored or misaligned be suspicious and do not use the machine. Also, if the keypad seems unresponsive it could be an indication of an overlay device designed to capture your keystrokes.
Protect Your Pin
The most common method for stealing your PIN is a well concealed camera located around the machine. When entering your PIN, always stand as close as possible to the machine and cover your hand to make it more difficult to capture the information you are entering on the keypad. Also, never give your PIN number to anyone who does not share your account – not even family members.
Check Your Statements
Pay close attention to your monthly statements and be on the look-out for any unauthorized transactions. If you find anything suspicious on your statement report it immediately to the bank.
14 Red Flags for Elder Financial Abuse
Elder financial abuse is a growing problem. Click here to learn about the 14 red flags to help spot this issue. (PDF)
Spend or Save: 5 Ways to Make Your Refund Count this Tax Season
According to the Internal Revenue Service, the nation’s taxpayers received an average tax refund of nearly $3,000 in 2015. This year, while more than 70 percent of tax payers await their hefty refund, QNB Bank is highlighting five tips to help make the most out of this year’s windfall.
Tax season is a great time for consumers to reassess how they allocate extra cash. It’s wise to take steps toward securing your financial well-being like storing your refund for rainy days or using it to get a jumpstart on saving for retirement.
To help consumers make the most out of their money, QNB Bank has highlighted the following tips:
- Save for emergencies. Open or add to a high-yield savings account that serves as an “emergency fund.” Ideally, it should hold about three-to-six months of living expenses in case of sudden financial hardships like losing your job or having to replace your car.
- Pay off debt. Pay down existing balances either by chipping away at loans with the highest interest rates or eliminating smaller debt first.
- Save for retirement. Open or increase contributions to a tax-deferred savings plan like a 401(k) or an IRA. Where can you get one? Your bank can help set up an IRA, while a 401(k) is employer-sponsored.
- Put it toward a down payment. The biggest challenge that most first-time home buyers face is coming up with enough money for a down payment. If you intend to buy a new home in the near future, putting your tax refund toward the down payment is a smart move.
- Invest in your current home. Use your refund to invest in home improvements that will pay you back in the long run by increasing the value of your home. This can include small, cost-effective upgrades like energy-efficient appliances that will pay off in both the short and long term. If you have more substantial renovations in mind, your bank can help with a home equity line of credit.
12 Tips for Protecting Your Mobile Devices
March 6-12 is National Consumer Protection Week
As consumer use of mobile devices continues to climb; cyber criminals are targeting those gadgets more frequently. According to a report by the Federal Reserve, 52 percent of smartphone users say they have used mobile banking in the past 12 months. In recognition of National Consumer Protection Week March 6 - 12, QNB Bank is highlighting 12 ways consumers can take extra precaution to protect the data on their mobile device.
QNB Bank utilizes safeguards to protect customer information, but it’s also important for users to keep safety measures in place on their end to prevent sensitive data from being compromised. It’s easy to forget that your mobile device can be vulnerable, but any device used to connect to the Internet is at risk.
QNB Bank suggests following these 12 steps to protect your mobile device:
- Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen.
- Log out completely when you finish a mobile banking session.
- Protect your phone from viruses and malicious software, or malware, just like you do for your computer by installing mobile security software.
- Use caution when downloading apps. Apps can contain malicious software, worms, and viruses. Beware of apps that ask for unnecessary “permissions.”
- Download the updates for your phone and mobile apps.
- Avoid storing sensitive information like passwords or a social security number on your mobile device.
- Tell your financial institution immediately if you change your phone number or lose your mobile device.
- Be aware of shoulder surfers. The most basic form of information theft is observation. Be aware of your surroundings especially when you’re punching in sensitive information.
- Wipe your mobile device before you donate, sell or trade it using specialized software or using the manufacturer’s recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen.
- Beware of mobile phishing. Avoid opening links and attachments in emails and texts, especially from senders you don’t know. And be wary of ads (not from your security provider) claiming that your device is infected.
- Watch out for public Wi-Fi. Public connections aren't very secure, so don’t perform banking transactions on a public network. If you need to access your account, try disabling the Wi-Fi and switching to your mobile network.
- Report any suspected fraud to your bank immediately.
Scam Calls and Emails Using IRS as Bait Persist
Scams using the IRS as a lure continue. They take many different forms. The most common scams are phone calls and emails from thieves who pretend to be from the IRS. They use the IRS name, logo or a fake website to try to steal your money. They may try to steal your identity too.
Be wary if you get an out-of-the-blue phone call or automated message from someone who claims to be from the IRS. Sometimes they say you owe money and must pay right away. Other times they say you are owed a refund and ask for your bank account information over the phone. Don’t fall for it. Here are several tips that will help you avoid becoming a scam victim.
The real IRS will NOT:
- Call you to demand immediate payment. The IRS will not call you if you owe taxes without first sending you a bill in the mail.
- Demand tax payment and not allow you to question or appeal the amount you owe.
- Require that you pay your taxes a certain way. For example, demand that you pay with a prepaid debit card.
- Ask for your credit or debit card numbers over the phone.
- Threaten to bring in local police or other agencies to arrest you without paying.
- Threaten you with a lawsuit.
5 Tips to Stay Safe on Public Wi-Fi
Check out this great article by Kim Komando that appeared in USA Today. These are great tips to follow to protect yourself while accessing public Wi-Fi.
Read the article 5 Tips to Stay Safe on Public Wi-Fi.
Social Engineering - Phishing, Vishing and Smishing!!!
Social Engineering is the act of manipulating people into performing actions or divulging confidential information. The term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim.
Types of Social Engineering
“Phishing” is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication or email.
- A criminal will send email messages to a list of email addresses stolen from a financial institution.
- The email messages alert the consumer that their credit card has had fraudulent activity or that their bank account has had unusual activity.
- The email message instructs the victims to call a phone number or click on a link to visit a website where their personal information is requested.
- Once the victim calls the phone number in the text message or visits the website and provides the information requested, the “Phisher” has the information necessary to make fraudulent use of the card or access the account.
“Vishing”is a combination of Voice and phISHING. Vishing is the criminal practice of using social engineering over the public telephone system.
- A criminal will call a list of phone numbers stolen from a financial institution.
- When the victim answers the phone, an automated message is played to alert the consumer that their credit card has had fraudulent activity or that their bank account has had unusual activity.
- The automated message instructs the victim to “call the following phone number immediately”. The same phone number is often shown in the spoofed caller ID and given the same name as the financial company they are pretending to represent.
- When the victim calls the number provided, it is answered by automated instructions to enter their credit card number or bank account number on the key pad.
- Once the victim enters their credit card number or bank account number, the “Visher” has the information necessary to make fraudulent use of the card or to access the account.
“Smishing”is a combination of SMS and phISHING. SMS (Short Message Service) is the technological protocol used for sending and receiving text messages on cell phones. Smishing is the criminal practice of using social engineering over the cellular phone system.
- A criminal will send text messages to a list of cellular phone numbers stolen from a financial institution.
- The text messages alert the consumer that their credit card has had fraudulent activity or that their bank account has had unusual activity.
- The text message instructs the victims to call a phone number or visit a website where their personal information is requested.
- Once the victim calls the phone number in the text message or visits the website and provides the information requested, the “Smisher” has the information necessary to make fraudulent use of the card or access the account.
PROTECT YOURSELF against Social Engineering, malware, viruses, etc…
- Be skeptical of suspicious e-mail, text messages, unfamiliar sites and links and any unprompted requests for personal information.
- Protect your personal information. Keep your user names and passwords secret and be skeptical of any requests for personal information.
- Always look for "https://" in the address of any site where you enter personal information; this indicates a secure connection.
- Do not click on links contained within e-mails. Open a new browser window and type the address yourself.
- Do not reply to phishing, smishing or vishing attempts. Never reply to phone calls, e-mail, or text messages asking for personal or financial information unless you can confirm the requestors identity.
- Keep security software (antivirus, anti-malware) up-to-date and keep firewall settings active.
FBI Fraud Alert - Don't Get Scammed!
Cash Advance Scams Are Increasing. You Could Be Involved In A Fraud Or About To Be Scammed!
- Mystery Shopper Scams: Paying a fee to be a “Mystery Shopper”
- Lottery Winning Scams: Paying Fees or Taxes to receive winnings
- Agent Scams: Paying Commission for facilitating Items
- Inheritance Scams: "A Long Lost Family Member Has Died"
- Have you been instructed to either "Wire", "Send by Western Union", or "Ship" money, as soon as possible, to a foreign country, such as Canada, England, Nigeria or to a different area of the United States?
There are different variations on the types of frauds listed above. Please take the time to ask bank employees for assistance before depositing or cashing any checks that may be suspicious!
You are responsible for any checks you cash or deposit! Amount of items returned will be charged against your account!
Identity Theft -- What Is It and What to Do
Identity theft and account fraud are making big headlines. How can someone steal your identity? Identity theft occurs when someone uses your personal information such as your name, Social Security Number, credit card number, account number, or other identifying information, without your permission to commit fraud or other crimes.
Identity theft is a serious crime. People whose identities have been stolen can spend months or years - and their hard-earned money - cleaning up the mess thieves have made of their good name and credit record. In the meantime, victims may lose job opportunities, be refused loans, education, housing or cars, or even get arrested for crimes they didn't commit.
Your bank works hard every day to ward off these threats. Security is paramount in gathering personal data, as well as tracking transactions. There is a great deal of emphasis and specialization on things like encryption of information and strict authentication practices, but maximum security is possible only with your help.
Educating yourself on how to protect against privacy invasions is critical. Once you understand what information should be protected and what to do in case that information is compromised, you'll feel much more secure.
Here are some things you can do to prevent these crimes from happening and protect your assets and your good name:
- Don't give out financial information such as checking and credit card numbers and especially your Social Security number over the phone unless you initiated the call and know the person or organization you're dealing with.
- Report lost or stolen checks immediately. Also, review new deliveries of checks to make sure none has been lost in transit.
- Do not carry all your credit cards, your Social Security card, passport, etc in your wallet or purse at all times. Carry these only when need them.
- Carefully monitor your monthly bank and credit card statements and order a credit report once a year to check for inaccuracies and fraudulent use of your accounts.
- Guard your ATM Personal Identification Number and the ATM receipts.
- Be very careful when using your credit card on the Internet, or providing other information such as your Social Security number or other personal information.
- Always shred pre-approved credit applications, credit card receipts, bills and other financial information before discarding them in the trash.
- If you applied for a new credit card or your regular bills have not arrived in a timely manner, call the bank or company involved.
- Don't put outgoing mail in or on your mailbox. Drop it into a secure, official Postal Service collection box.
If you think your identity has been stolen, here's what to do now:
- Contact your bank(s) and credit card issuers immediately so that the following can be done: access to your accounts can be protected/restricted; stop payments on missing checks; personal identification numbers (PINS) and online banking passwords changed; and a new account opened if appropriate. Be sure to indicate to the bank or card issuer all of the accounts and/or cards potentially impacted including ATM cards, check (debit) cards and credit cards. Customer service or fraud prevention telephone numbers can generally be found on your monthly statements.
- Contact the fraud departments of any one of the three major credit bureaus (see list below) to place a fraud alert on your credit file. The fraud alert requests creditors to contact you before opening any new accounts or making any changes to your existing accounts. As soon as the credit bureau confirms your fraud alert, the other two credit bureaus will be automatically notified to place fraud alerts, and all three credit reports will be sent to you free of charge.
Credit Bureau Web sites and Phone Numbers
- Close the accounts that you know or believe have been tampered with or opened fraudulently.
- File a police report. Get a copy of the report to submit to your creditors and others that may require proof of the crime.
- File your complaint with the FTC (www.ftc.gov). The FTC maintains a database of identity theft cases used by law enforcement agencies for investigations. Filing a complaint also helps us learn more about identity theft and the problems victims are having so that we can better assist you.
For more in-depth information on recovering from identity theft and help with protecting your personal records, visit www.identitytheft.gov.
Protect Yourself and Your Computer
There are many nasty things that can happen to your computer resulting in loss of data and/or unintended divulgence of personal information. Following are things that could make you and your PC very unhappy and some recommended ways to protect yourself…
A program or piece of computer code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses are capable of replication to other computers. Viruses can compromise computer and network resources and bypass security systems. Some people distinguish between general viruses and worms. A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs.
- Purchase Antivirus (AV) software – AV software detects and removes viruses/worms from your computer (McAfee, Symantec).
- Purchase Firewall software - firewall software protects your computer from anything (or anyone) on the Internet that tries to access or alter files on your PC without your permission (McAfee, Symantec).
- Regularly update the virus definition files associated with the AV software.
- Regularly scan your computer for viruses.
- Do not click on or follow hyperlinks you are not familiar with or do not trust.
- Do not open e-mail attachments sent from a source you are not familiar with or do not trust.
Software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are inadvertently installed when visiting a website or clicking a hyperlink. Once installed, spyware monitors user activity on the Internet and transmits that information covertly to someone else. Spyware can also gather and transmit personal information (e-mail addresses, passwords, credit card numbers, etc…). Spyware can also cause problems with computer resources causing PC's to run slowly or erratically.
- Purchase software that protects your computer from anything (or anyone) on the Internet that tries to access or alter files on your PC without your permission (AdAware, Spybot).
- Minimize unnecessary “surfing” on the Internet
- Do not click on or follow hyperlinks you are not familiar with or do not trust.
- Do not open e-mail attachments sent from a source you are not familiar with or do not trust.
Electronic junk mail or junk newsgroup postings. Some people define spam even more generally as any unsolicited e-mail. E-mail advertising for some product sent to a mailing list or newsgroup.
- Purchase Anti-Spam Software - this software filters your e-mail for SPAM and either deletes it or directs it to a destination of your choosing. There are many companies who offer anti-spam software packaged with AV software (McAfee, Symantec).
- Utilize SPAM filters provided by your email provider.