What is Financial Malware and How to Protect Yourself

Tuesday, July 18 at 11:00 AM
Category: Personal Finance

What is Financial Malware?

Everywhere you turn today you seem to be bombarded with news coverage concerning the urgency of combating cybercrime, bad actors and hackers. There are many variations of malicious software, or “malware,” but financial malware, as its name implies is written specifically to commit financial fraud.

Cybercriminals use a variety of methods to infect their victims with malware including sending them email messages containing infected attachments or links to infected websites.

Once the victim is infected, the malware monitors the victim’s activity and may steal online banking credentials and other personal information using keystroke logging or screen shots images. 

In some cases, hackers may use the victim’s own web browser to collect sensitive information (e.g., the victim's PIN) by adding extra fields to legitimate online forms or by changing website wording and messaging, or by triggering legitimate-looking pop-up forms in real-time.

Financial malware may redirect the victim to a fake website designed to mimic a legitimate bank website. As the victim enters their credentials, the malware then redirects them into the legitimate site, potentially triggering a SMS or other second-factor authentication code that the Trojan can then capture via the fake website.

How to Protect Yourself
 
Most threats still need user interaction to infect a potential victim’s system. For this reason, becoming aware of these threats and diligently taking extra precautions can significantly reduce the risk of becoming a victim of cybercrime.  
 
  • Keep your operating system, web browser and other software up to date.
     
  • Make sure your computer has both an anti-spyware protection program that detects and removes spyware and an anti-virus program. Keep both programs updated. Scan your computer for viruses and spyware on a regular basis.
     
  • Be very protective of your personal account information. There are criminals who try to trick you by creating sites that look similar to real sites. The best way to know who you are dealing with is to type the address in your browser address bar; don’t click on a link that’s provided to you via email.
     
  • Do not open attachments in email messages if you do not know the sender or weren’t expecting the message. Attachments can contain viruses and spyware.
     
  • Avoid logging into password protected websites, such as online banking or email services from public computers. Instead, use trusted or secured networks.
     
  • Avoid downloading apps to your mobile phone from unofficial stores and pay attention to the permissions requested by apps before their installation.
     
  • Always sign off from sessions and close your browser after using password protected websites. 
     
  • Avoid using unencrypted email to conduct financial transactions or send sensitive information.
     
  • If you suspect your computer may be infected or that your online banking credentials may have been compromised, contact your bank and change your password from a different trusted computer. Contact a computer security professional for assistance in removing malicious software.
     
  • Regularly review your bank account activity and immediately notify your bank if you notice suspicious transactions in your account.
Tags: Consumer Protection, Financial Education, Privacy and Security, Technology
 

Disaster Preparedness Includes Safeguarding Financial Information

Monday, May 01 at 08:30 AM
Category: Personal Finance
April showers may bring May flowers, but unfortunately, spring also can bring severe weather that results in disasters like floods, fires and tornadoes.

And while no one wants to think they will be the victim of such a disaster, it’s best to be prepared. Having access to financial and other documents should be part of that preparation.
 
Below is a list that can serve as a good starting place when it comes to the documents you may need if you’re the victim of a natural disaster.
 
Note: It is imperative to store this information somewhere secure. That could be at home in a fireproof and waterproof box, at a bank in a safe deposit box, or maybe electronically in a secure cloud-based service. If you choose to store these documents at home, be sure to hide it somewhere out of sight of would-be intruders.

Basic identification – These are documents that can help you identify yourself and your family, your relationships and/or your status.
  • Driver’s license, passport, Social Security card, green card
  • Vital records such as birth and marriage certificates, adoption papers, etc.
Financial and legal documents – These can help you request assistance from your insurance provider and/or disaster assistance programs.
  • Mortgage documentation, rental or lease agreement, property deed
  • Checking and/or savings account statements, retirement and investment account statements, tax returns, insurance policies, will or trust, power of attorney
  • Vehicle title and registration, loan documents
Medical information
  • Health and dental insurance cards
  • List of prescriptions and any allergies, pharmacy information, contact information for doctors
  • Living will, medical power of attorney
Emergency contact information
  • Employers/supervisors
  • Schools
  • Home repair services such as utilities, plumber, electrician, roofer, etc.
Again, once you have compiled this information, it is critical to store it securely. Whether that’s at home in a fireproof and waterproof box, at a bank in a safe deposit box, or electronically in a secure cloud-based service, it needs to be in a place that’s accessible only to you and hidden from would-be thieves.
 
Regardless of the means you choose, no one wants to envision a scenario in which they need to access this kind of information due to a natural disaster. Being prepared, however, can provide some measure of comfort. 

Tags: Consumer Protection, Financial Education
 

Q&A with Amber Mascuilli with River Valley Food 4 Kids for 1 Million Meals

Wednesday, April 26 at 06:05 AM
Category: Arvest Community News

For three years River Valley Food 4 Kids* has been helping children in Pope County in Arkansas. It’s a pleasure to partner with them for our seventh annual 1 Million Meals initiative to raise one million meals for the children, elderly and others in need across the 120+ communities we serve. 

To learn more about River Valley Food 4 Kids, we did a Q&A with Russellville High School teacher, Amber Mascuilli. 

What’s your involvement with River Valley Food 4 Kids, and how did you get started?
The Russellville High School has been maintaining a food pantry for our high-need students since the fall of 2012. Originally we were almost completely stocked with Rice Depot food and donations from teachers and students, but once Rice Depot became financially stressed, our program nearly went under. River Valley Food 4 Kids’ involvement in the school food pantry became a pivotal partner in our success. When they discovered the Russellville Schools, and several surrounding schools, were in dire need, River Valley Food 4 Kids jumped in and immediately made us a priority. 

We have seen the number of kids served at the high school grow each year, and this year we are regularly serving 40-44 students each week, not to mention providing snacks in classrooms where many students spend their day. It is a huge undertaking to make sure these kids choose to stay in school to get their diploma which will serve them in their future, rather than dropping out to have enough to eat. River Valley Food 4 Kids positively impacts these kids’ lives far beyond full bellies – they are facilitating their learning.

What’s a compelling experience you’ve had during your time with River Valley Food 4 Kids? 
I had assigned a summary of an article for my students to work on, and they had time over the long Labor Day weekend to complete it. One of my students did poorly on it, and she came up to me after class apologizing for her poor grade. She had apparently had no food in the house over the weekend, and found a bag of sugar in the cabinet. She drank sugar water all weekend. Long weekend, with no food, and the equivalent of nectar to sustain her. Her father had not paid the child support, and her mother was trying desperately to save the house. Through River Valley Food 4 Kids, I was able to load her up with food over the next few days, and keep her in food throughout the year. This organization changes lives. It gives hope. It supports those who want more for themselves than the hand they were dealt.

How can people get involved with River Valley Food 4 Kids? 
Of course donations are greatly appreciated and super simple through River Valley Food 4 Kids’ website*, but because they are very local, you can actually be involved in sorting, packing and delivering food to the schools. During the summer, you can help pack boxes for families who come to pick up food for their kids in our community. This organization thrives on community support, and those who are involved are rewarded with knowing kids aren’t going to bed hungry.

We’d love to have you involved in our 1 Million Meals initiative to help River Valley Food 4 Kids* and our other food partners.  

Four Easy Ways to Donate:
  • Donate via Phone – Customers can make a $1 (or more) donation by calling (866) 952-9523. Funds will be drawn directly from your Arvest account.
  • Donate via Mail – Mail a check to Arvest Bank Operations, ATTN: 1MM, P.O. Box 799, Lowell, AR 72745. Include 1 Million Meals in the memo line of the check.
  • Donate in a Branch – Stop by your local Arvest Bank branch. Cash and check contributions accepted.
  • Donate Arvest Flex Rewards™ – Customers can redeem points for a 1 Million Meals donation. Log in at arvestflexrewards.com, and click on the banner for 1 Million Meals to get started!
We’ll Donate $1 Each Time You:
  • Follow us on Instagram.
  • Like or share our 1 Million Meals Facebook posts.
  • Retweet our 1 Million Meals tweets on Twitter on April 21 and May 10.

Links marked with * go to a third-party site not operated or endorsed by Arvest Bank, an FDIC-insured institution.     

Tags: 1 Million Meals, Arkansas, Charitable Giving, Consumer Protection, Fort Smith
 

Tech Support Scams

Monday, April 17 at 09:35 AM
Category: Personal Finance

In a recent twist, scam artists are using the phone to try to break into your computer. They call claiming to be computer techs associated with well-known companies like Microsoft. They say that they’ve detected viruses or other malware on your computer to trick you into giving them remote access or paying for software you don’t need. But the purpose behind their elaborate scheme isn’t to protect your computer – it’s to steal your identity or/and to make money.

How Tech Support Scams Work
Scammers have been peddling bogus security software for years. They set up fake websites, offer free “security” scans*, and send alarming messages to try to convince you your computer is infected. Then, they try to sell you software to fix the problem. At best, the software is worthless or available elsewhere for free. At worst, it could be malware — software designed to give criminals access to your computer and your personal information.
 
The latest version of the scam begins with a phone call. Scammers can get your name and other basic information from public directories. They often try to gain your trust by pretending to be associated with well-known companies or confusing you with a barrage of technical terms. They may ask you to go to your computer and perform a series of complex tasks. Sometimes, they target legitimate computer files and claim they are viruses. Their tactics are designed to scare you into believing they can help fix your “problem.”
 
Once they’ve gained your trust, they may:
  • Ask you to give them remote access to your computer and then make changes to your settings that could leave your computer vulnerable.
  • Try to enroll you in a worthless computer maintenance or warranty program.
  • Ask for credit card information so they can bill you for phony services — or services you could get elsewhere for free.
  • Trick you into installing malware that could steal sensitive data, like user names and passwords.
  • Direct you to websites and ask you to enter your credit card number and other personal information.
Regardless of the tactics they use, their purpose is to steal your identity or/and to make money.

If You Get a Call
If you get a call from someone who claims to be a tech support person, hang up and call the company yourself on a phone number you know to be genuine. A caller who creates a sense of urgency or uses high-pressure tactics is probably a scam artist.
 
Keep these other tips in mind:
  • Don’t give control of your computer to a third party who calls you out of the blue.
  • Do not rely on caller ID alone to authenticate a caller. Criminals spoof caller ID numbers. 
  • If you want tech support, look for a company’s contact information on their software package or on your receipt.
  • Never provide your credit card or financial information to someone who calls and claims to be from tech support.
  • If a caller pressures you to buy a computer security product or says there is a subscription fee associated with the call, hang up. If you’re concerned about your computer, call your security software company directly and ask for help.
  • Never give your password on the phone. No legitimate organization calls you and asks for your password.
  • Put your phone number on the National Do Not Call Registry*, and then report illegal sales calls*.
If You’ve Responded to a Scam
If you think you might have downloaded malware from a scam site or allowed a cybercriminal to access your computer, don’t panic. Instead:
  • Get rid of malware*. Update or download legitimate security software and scan your computer. Delete anything it identifies as a problem. 
  • Change any passwords you gave out. If you use these passwords for other accounts, change those accounts, too.
  • If you paid for bogus services with a credit card, call your credit card provider and ask if they can reverse the charges. Check your statements for any other charges you didn’t make, and ask to reverse those, too.
  • If you believe someone may have accessed your personal or financial information, visit the FTC’s identity theft website*. You can minimize your risk of further damage and repair any problems already in place.
  • File a complaint with the FTC at ftc.gov/complaint*.
How to Spot a Refund Scam
If you paid for tech support services, and you later get a call about a refund, don’t give out any personal information. The call is almost certainly another trick to take your money.
 
The refund scam* works like this: Several months after the purchase, someone might call to ask if you were happy with the service. When you say you weren’t, the scammer offers a refund. Or, the caller may say the company is going out of business and providing refunds for “warranties” and other services.
 
In either case, the scammers eventually ask for a bank or credit card account number. Or they ask you to create a Western Union account. They might even ask for remote access to your computer to help you fill out the necessary forms. But instead of putting money in your account, the scammers withdraw money from your account. If you get a call like this, hang up, and report it at ftc.gov/complaint*.

Conclusion
You don’t need to be a victim of a tech support scam. Learn how these scams work, so you can detect them for what they are and protect yourself.

Information courtesy of Federal Trade Commission Consumer Information.

Links marked with * go to a third-party site not operated or endorsed by Arvest Bank, an FDIC-insured institution.  

Tags: Consumer Protection, Financial Education, Fraud Alert, Privacy and Security, Technology
 

Beware of Tax Scams

Friday, January 13 at 09:00 AM
Category: Personal Finance
If it sounds too good to be true, it probably is! In recent years, thousands of people have lost millions of dollars and their personal information to tax scams and fake IRS communication. Here’s a look at some of these tax scams and what to do if you spot them.
 
Remember: The IRS doesn't initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. In addition, the IRS does not threaten taxpayers with lawsuits, imprisonment or other enforcement action by email, text messages or social media channels. Being able to recognize these tell-tale signs of a phishing or tax scam could save you from becoming a victim.

IRS-Impersonation Telephone Scams
An aggressive and sophisticated phone scam targeting taxpayers has been making the rounds throughout the country. Callers claim to be employees of the IRS but are not. These con artists can sound convincing when they call. They use fake names and bogus IRS identification badge numbers. They may know a lot about their targets, and they usually alter the caller ID to make it look like the IRS is calling. 
 
Victims are told they owe money to the IRS, and it must be paid promptly through a pre-loaded debit card or wire transfer. If the victim refuses to cooperate, they are threatened with arrest, deportation, or suspension of a business or driver’s license. Or, victims may be told they have a refund due to try to trick them into sharing private information. If the phone isn't answered, the scammers often leave an “urgent” callback request.
 
Note the IRS will never:
  • Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer. Generally, the IRS will first mail you a bill if you owe any taxes.
  • Threaten to immediately bring in local police or other law-enforcement groups to have you arrested for not paying.
  • Demand you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
  • Ask for credit or debit card numbers over the phone.
Surge in Email, Phishing and Malware Schemes
The IRS saw an approximate 400 percent surge in phishing and malware incidents in the 2016 tax season. Scam emails are designed to trick taxpayers into thinking these are official communications from the IRS or others in the tax industry, including tax software companies. Emails can seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information. Variations of these scams can be seen via text messages.

When people click on these email links, they are taken to sites designed to imitate an official-looking website, such as IRS.gov*. The sites ask for Social Security numbers and other personal information, which the scammers could use to help file false tax returns. The sites also may carry malware, which can infect people's computers and allow criminals to access your files or track your keystrokes to gain information from your personal computer.
 
Email Phishing Scam: "Update your IRS e-file"
The IRS is aware of email phishing scams that appear to be from the IRS and include a link to a bogus website intended to mirror the official IRS website. These emails contain the direction “you are to update your IRS e-file immediately.” The emails mention USA.gov and IRSgov (without a dot between "IRS" and "gov"), though notably, not IRS.gov* (with a dot). Don’t get scammed. These emails are not from the IRS.

What do you do if you get these messages?
  • Do not respond to the email or click on the links.
  • Instead, forward the scam emails to the IRS at phishing@irs.gov.
For more information, visit the IRS's Report Phishing* web page.
 
Tax Refund Scam Artists Posing as Taxpayer Advocacy Panel
According to the Taxpayer Advocacy Panel (TAP), taxpayers are receiving emails that appear to be from TAP about a tax refund. These emails are a phishing scam, where unsolicited emails which seem to come from legitimate organizations — but are really from scammers — try to trick unsuspecting victims into providing personal and financial information. Do not respond or click the links in them. If you receive an email that appears to be from TAP regarding your personal tax information, please forward it to phishing@irs.gov and note that it seems to be a scam email phishing for your information.

TAP is a volunteer board that advises the IRS on systemic issues affecting taxpayers. It never requests, and does not have access to, any taxpayer’s personal and financial information such as Social Security numbers, PINs or passwords and similar information for credit cards, banks or other financial institutions.

Don’t Fall Victim and Help Others Not to Fall Victim
Educate yourself on tax telephone scams and various tax email phishing scams including malware schemes to avoid falling victim to a scammer’s tactics. Learn more* about specific tax-related scams.

Check out* the various types of tax-related illegal activities and how to report these activities. You may also report instances of IRS-related phishing attempts and fraud to the Treasury Inspector General for Tax Administration at (800) 366-4484.

Information courtesy of IRS.

Links marked with * go to a third-party site not operated or endorsed by Arvest Bank, an FDIC-insured institution. 

Tags: Consumer Protection, Financial Education, Fraud Alert, Tax

Choose one or more categories to subscribe to:




Cancel