Fraud Targets Small Businesses: Don't Be a Victim

Wednesday, February 08 at 05:25 AM
Category: Business Banking

While large firms may have sophisticated technology and staff dedicated to thwarting crime, many small businesses don't — and scammers know this. Here are ways to protect yourself:

Be on guard against inside jobs. This includes employee theft or misuse of cash, merchandise or equipment as well as fraud. "Minimize risks through steps such as pre-employment background checks, automated inventory tracking systems, audits, and clearly outlined policies for personal use of computers and other business equipment," said Luke W. Reynolds, chief of the FDIC's Outreach and Program Development Section. "Also, carefully select who handles revenue from customers, pays the bills and reviews account statements. And, ensure that there are procedures in place to detect and deter fraud."

Watch out for fraudulent transactions and bills. Scams can range from consumer payments with a worthless check or a fake credit or debit card to fraudulent returns of merchandise. Be sure you have insurance to protect against risks. Also ignore offers to buy lists of federal grant programs. To learn more about protecting your business, consult your local Small Business Administration District Office*. 
 
Electronic fraud by third parties can be very costly to businesses, so take them seriously. The FDIC has seen an increase in reports of unauthorized electronic transfers made from bank accounts held by small businesses. 
 
"The most common and dangerous scam for small businesses is account takeover," said Michael Benardo, chief of the FDIC's Cyber-Fraud and Financial Crimes Section. "By sending fake emails and using fake websites to deliver malicious software, such as keystroke loggers, fraudsters may be able to obtain the IDs and passwords for online bank accounts and then make withdrawals from accounts."
 
According to federal law enforcement, businesses are increasingly targeted by business email compromise (“BEC”) fraud where perpetrators, posing as business executives or vendor partners, use compromised or spoofed email accounts to request fraudulent wire transfers or make changes in payment instructions for invoices. Federal agencies recommend separately confirming such communications and not relying solely on email to conduct financial transactions.
 
Because businesses are generally not covered by federal consumer protections against unauthorized electronic fund transfers, a bank likely will not be responsible for reimbursing losses associated with the theft from the account if it says that negligence on the part of the business, such as falling for a common scam, was a factor.
 
Also equip your computers with up-to-date anti-virus software and firewalls (to block unwanted access). Make backup copies of critical business data on every computer. Also monitor account balances regularly, perhaps daily, to look for suspicious or unauthorized activity.
 
And, don't click on links in or attachments to an unsolicited email that asks for confidential information, even if it appears to be from a company you do business with or the government. Legitimate organizations won't request that kind of information in an email. When in doubt, go to another source to find the organization's contact information so you can independently confirm the validity of the request.
 
Be proactive about protecting your small business from ill-intentioned people by learning what scams they use and how to not fall victim to those tactics. 

Links marked with * go to a third-party site not operated or endorsed by Arvest Bank, an FDIC-insured institution. 

Tags: Arvest Biz, Business Banking, Fraud Alert, Privacy and Security
 

Beware of Tax Scams

Friday, January 13 at 09:00 AM
Category: Personal Finance
If it sounds too good to be true, it probably is! In recent years, thousands of people have lost millions of dollars and their personal information to tax scams and fake IRS communication. Here’s a look at some of these tax scams and what to do if you spot them.
 
Remember: The IRS doesn't initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. In addition, the IRS does not threaten taxpayers with lawsuits, imprisonment or other enforcement action by email, text messages or social media channels. Being able to recognize these tell-tale signs of a phishing or tax scam could save you from becoming a victim.

IRS-Impersonation Telephone Scams
An aggressive and sophisticated phone scam targeting taxpayers has been making the rounds throughout the country. Callers claim to be employees of the IRS but are not. These con artists can sound convincing when they call. They use fake names and bogus IRS identification badge numbers. They may know a lot about their targets, and they usually alter the caller ID to make it look like the IRS is calling. 
 
Victims are told they owe money to the IRS, and it must be paid promptly through a pre-loaded debit card or wire transfer. If the victim refuses to cooperate, they are threatened with arrest, deportation, or suspension of a business or driver’s license. Or, victims may be told they have a refund due to try to trick them into sharing private information. If the phone isn't answered, the scammers often leave an “urgent” callback request.
 
Note the IRS will never:
  • Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer. Generally, the IRS will first mail you a bill if you owe any taxes.
  • Threaten to immediately bring in local police or other law-enforcement groups to have you arrested for not paying.
  • Demand you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
  • Ask for credit or debit card numbers over the phone.
Surge in Email, Phishing and Malware Schemes
The IRS saw an approximate 400 percent surge in phishing and malware incidents in the 2016 tax season. Scam emails are designed to trick taxpayers into thinking these are official communications from the IRS or others in the tax industry, including tax software companies. Emails can seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information. Variations of these scams can be seen via text messages.

When people click on these email links, they are taken to sites designed to imitate an official-looking website, such as IRS.gov*. The sites ask for Social Security numbers and other personal information, which the scammers could use to help file false tax returns. The sites also may carry malware, which can infect people's computers and allow criminals to access your files or track your keystrokes to gain information from your personal computer.
 
Email Phishing Scam: "Update your IRS e-file"
The IRS is aware of email phishing scams that appear to be from the IRS and include a link to a bogus website intended to mirror the official IRS website. These emails contain the direction “you are to update your IRS e-file immediately.” The emails mention USA.gov and IRSgov (without a dot between "IRS" and "gov"), though notably, not IRS.gov* (with a dot). Don’t get scammed. These emails are not from the IRS.

What do you do if you get these messages?
  • Do not respond to the email or click on the links.
  • Instead, forward the scam emails to the IRS at phishing@irs.gov.
For more information, visit the IRS's Report Phishing* web page.
 
Tax Refund Scam Artists Posing as Taxpayer Advocacy Panel
According to the Taxpayer Advocacy Panel (TAP), taxpayers are receiving emails that appear to be from TAP about a tax refund. These emails are a phishing scam, where unsolicited emails which seem to come from legitimate organizations — but are really from scammers — try to trick unsuspecting victims into providing personal and financial information. Do not respond or click the links in them. If you receive an email that appears to be from TAP regarding your personal tax information, please forward it to phishing@irs.gov and note that it seems to be a scam email phishing for your information.

TAP is a volunteer board that advises the IRS on systemic issues affecting taxpayers. It never requests, and does not have access to, any taxpayer’s personal and financial information such as Social Security numbers, PINs or passwords and similar information for credit cards, banks or other financial institutions.

Don’t Fall Victim and Help Others Not to Fall Victim
Educate yourself on tax telephone scams and various tax email phishing scams including malware schemes to avoid falling victim to a scammer’s tactics. Learn more* about specific tax-related scams.

Check out* the various types of tax-related illegal activities and how to report these activities. You may also report instances of IRS-related phishing attempts and fraud to the Treasury Inspector General for Tax Administration at (800) 366-4484.

Information courtesy of IRS.

Links marked with * go to a third-party site not operated or endorsed by Arvest Bank, an FDIC-insured institution. 

Tags: Consumer Protection, Financial Education, Fraud Alert, Tax
 

Customer Question: “What is a merchant card data breach?”

Thursday, December 29 at 01:30 PM
Category: Personal Finance
Customer Question: “What is a merchant card data breach? Is it safe to use my debit card?”

A merchant data breach is when an unauthorized party accesses a merchant computer network and steals cardholder data. In these types of breaches, the impacted cardholders are those who used their cards at the breached merchant. They typically impact cardholders at multiple banks.

Unfortunately, merchant data breaches are becoming more common with 974 publicly disclosed data breaches in the first half of 2016 alone, according to the Breach Level Index*. 

Arvest, along with other banks in the region, is seeing some fraudulent transactions on less than one-half of one percent of our debit cards as a result of a merchant data breach at one or more merchants. This is NOT an Arvest security breach and includes cards from other banks. 
 
Please know our teams regularly monitor our debit card activity watching for fraudulent transactions. If unusual activity is observed, we will contact you immediately.
 
As a reminder, you should also regularly monitor your accounts for any unauthorized transactions or suspicious activity and report it immediately. If you see suspicious activity on your Arvest account, please contact Customer Service at (866) 952-9523 or visit your local branch.
 
It is important for U.S. Visa consumer debit and credit cardholders to know they are protected against fraudulent purchases with Visa’s Zero Liability Policy*.  
 
Remember to practice good financial security by monitoring your accounts and reporting suspicious activity to your card issuer immediately.
 
Thank you for this question.
 
If you have a question you would like answered, please submit it using the Ask Us Anything tool on the right side of the blog page.  

Links marked with * go to a third-party site not operated or endorsed by Arvest Bank, an FDIC-insured institution. 

Tags: Credit Cards, Customer Question, Debit Cards, Financial Education, Fraud Alert
 

Fraud Alert: Phishing Phone Calls

Friday, November 18 at 02:20 PM
Category: Arvest News

Arvest Bank has become aware of a phone phishing scam, which some customers have experienced. In the scam the customer receives an automated phone call from a number with an 844 area code saying the customer’s card has been blocked. The message prompts the customer to enter their credit/debit card number. These calls are fraudulent and are not generated by Arvest Bank.

If you received a phone call like this and entered your personal information, please contact us immediately at (866) 952-9523, so we can protect your account. 

If you received a phone call like this but did not divulge confidential information, please notify us via email at reportfraud@arvest.com. If possible, please include the phone number the call came from and the type of information asked for (e.g., card number, account number).

Phishing scams come in a variety of forms. While some are similar to this one, others come in the form of emails, customer service surveys or text messages. While it can be difficult to identify spoofed text messages, email messages, websites and automated phone systems, it is not difficult to know if any of these may be related to a fraudulent phishing scam. The key is knowing that legitimate businesses do not send messages or make automated calls to customers prompting them to divulge confidential information. If you receive such a message, or automated phone call, no matter how genuine it may appear, assume it to be fraudulent and please notify the legitimate business immediately.

For more information on phishing scams, identity theft and other helpful information, please visit our consumer protection resource center.
 
Tags: Consumer Protection, Fraud Alert, Privacy and Security
 

Protect Yourself from Card Skimming

Tuesday, October 18 at 09:30 AM
Category: Personal Finance

Become an educated consumer to help protect yourself from ill-intentioned people who may try to skim your debit or credit card. 

What is a Card Skimmer? 
A card skimmer is an electronic method of capturing a victim's personal information to be used by thieves. The skimmer is a small device that scans a credit or debit card and stores the information contained in the card’s magnetic strip. 

Installed Skimmers
Skimmers are often installed where you normally swipe your card – on ATMs, gas pumps and payment machines at merchants. They are difficult to see and could be just a piece of plastic over the normal card slot, but with a tiny computer inside.

Skimmers can quickly read everything they need when you use your card, and they store that information for thieves to use later. Some skimmers send the information wirelessly, which reduces risk for thieves.
 
In many cases, skimmers do not interfere with your transaction, so you don’t know your card number has been stolen. Your card passes right through the skimmer, and everything seems normal.

Handheld Skimmers
Skimmers can also be “mobile” devices, tucked away in a pocket. For example, when you hand your card to a dishonest waiter to pay for dinner, it only takes a second to run your card through a skimmer while walking back to the cash register.

In addition to the card reader, skimming scams often use hidden cameras and other equipment to capture your personal identification number (PIN). Popular camera locations include: in the card reader, mounted at the top of the ATM or in plastic cases holding brochures.
 
Another technique is to alter the keypad (possibly by placing a fake keypad over the original one) with a device that records your PIN. Heat-sensitive cameras on mobile devices can also help with figuring out your PIN.
 
How to Avoid Skimming Scams
  • Know your location: It’s best to swipe your card in secure areas, and avoid insecure areas.  
  • Protect your PIN: When you enter your PIN, no matter where you are, cover your hand (with your other hand). This makes it harder for cameras to record your PIN and prevents anybody from watching what you enter.
  • Check for Tampering: If something looks odd, such as a different color or material, graphics that aren’t aligned correctly, or anything else that does not look right, walk away and use a different machine. Skimmers sometimes stick out an extra half-inch, but many of them are extremely well-designed and difficult to spot. 
  • Don’t accept “help”: If you get offers to help from strangers hanging around the machine, decline the offer and leave. They may say they were having trouble also, and you just need to enter your PIN again.
We regularly monitor for unusual activity on your account and will contact you if we detect suspicious charges. If you suspect your card has been skimmed or see unauthorized charges on it, please contact us at (866) 952-9523. 
By learning tactics thieves can use to skim cards, you can become more alert and help protect yourself and your cards.
 
Tags: Fraud Alert, Privacy and Security
 

Text Message Phishing Scam Alert

Friday, October 23 at 02:30 PM
Category: Personal Finance

Arvest Bank has become aware of a text message phishing scam (also referred to as a smishing scam) directed at individuals in our market areas. Some recipients are Arvest Bank customers, but some are not. As a part of this scam, the perpetrators sent a text message with a web link, crafted to look like it was from Arvest Bank, asking customers to go to a website asking for personal information. 

If you received a text message like this and entered your personal information, please contact us immediately at (866) 931-9743, so we can protect your account.
 
If you received a text message like this but did not divulge confidential information, please notify us via email at reportfraud@arvest.com. If possible, please include the content of the text you suspect is part of the smishing scam.
 
Phishing scams come in a variety of forms. While some are similar to this one, others come in the form of emails, customer service surveys or telephone calls. Please be aware while most phishing scams direct you to fake websites, others may ask you to call a phone number where an automated phone system prompts you to divulge confidential information.
 
While it can be difficult to identify spoofed text messages, email messages, websites and automated phone systems, it is not difficult to know if any of the above may be related to a fraudulent phishing scam. The key is knowing legitimate businesses do not send messages to customers prompting them to divulge confidential information. If you receive such a message, no matter how genuine it may appear, assume it to be fraudulent and please notify the legitimate business immediately.
 
For more information on phishing scams, identity theft and other helpful information, please visit our consumer protection resource center.
 
Tags: Fraud Alert, Privacy and Security

Choose one or more categories to subscribe to:




Cancel