Information Board

Our New Information Board is a platform for us to share important information with you about recent scams or fraudulent activity that we want you to be aware of.  It is also a place for us to quickly share new information about the bank or other information that you may find interesting.

Information on this page will change from time to time so keep checking back for new facts and information!

KMART INVESTIGATING PAYMENT SECURITY INCIDENT

Kmart officials said Wednesday, (5/31/17), “We recently became aware Kmart was a victim of a security incident involving unauthorized credit card activity after certain customer purchases at some of our stores. …Kmart store payment data systems were infected with a form of malicious code (similar to a computer virus) that was undetectable by current anti-virus systems.”

VISA has notified Upper Peninsula State Bank of this breach and has provided the bank a list of card numbers that have been affected.  As a result, impacted cards have been hot carded and re-issued.

The responsibility of this breach rests solely with the payment systems used by Sears/Kmart. Should you have any concerns about your card, please feel free to contact our Customer Service Representatives.

For more information on this incident, including the press release from Kmart, please see the links below.

References:

• Able, Robert.  “Kmart hit with second POS breach in three years.” SCMagazine. 1 June 2017. Web. https://www.scmagazine.com/kmart-announced-a-pos-breach/article/665827/
• Krebs, Brian.  “Credit Card Breach at Kmart Stores.  Again.” KrebsonSecurity. 31 May 2017. Web.  https://krebsonsecurity.com/2017/05/credit-card-breach-at-kmart-stores-a...

Kmart Breach

Kmart Security Incident FAQ
Krebs on Security
SCMagazine

>> back to top

Arby's acknowledges data breach...

2/9/17 – Arby’s acknowledged to KrebsOnSecurity that it recently remediated a breach involving malicious software installed on payment card systems at hundreds of its restaurant locations nationwide.  The breach involved malware placed on payment systems inside Arby’s corporate stores, and that Arby’s franchised restaurant locations were not impacted.  The breach is estimated to have occurred between October 25, 2016 and January 19, 2017.

“Although there are over 1,000 corporate Arby’s restaurants, not all of the corporate restaurants were affected,” said Christopher Fuller, Arby’s senior vice president of communications.  “But this is the most important point:  That we have fully contained and eradicated the malware that was on our point-of-sale systems.”

Point-of-sale malware has driven most of the major retail industry credit card breaches over the past two years, including intrusions at Target and Home Depot, as well as breaches at a slew of point-of-sale vendors.  Arby’s reminded customers that it is always advisable to closely monitor their payment card account statements for any unauthorized activity.

You can check out more details on this recent news release by clicking on the links below this article.

Always remember to review your bank accounts regularly. If you have not already enrolled in Online Banking or downloaded our Mobile App to your smart phone, you should do so as this is the best and most convenient way to keep tabs on your accounts. If you notice any charges that you didn’t authorize or something looks suspicious, don’t hesitate to call us – we can help you!

References:

• Weise, Elizabeth.  “Arby’s probes possible data breach of credit cards”. USA Today. 9 February 2017. Web.  <http://www.usatoday.com/story/tech/news/2017/02/09/arbys-breach-may-have...
• Krebs, Brian.  “Fast Food Chain Arby’s Acknowledges Breach.” KrebsonSecurity. 9 February 2017. Web. <https://krebsonsecurity.com/2017/02/fast-food-chain-arbys-acknowledges-b...
• Vanian, Jonathan.  “Hackers Stole Credit Card Information From Thousands of Arby’s Customers.” Fortune. 9 February 2017. Web.  < http://fortune.com/2017/02/09/arbys-restaurants-hackers-data-breach />

Arbys Breach

Krebs on Security
USA Today
Fortune

 >> back to top

"Can you hear me"? Scam

1/27/17 - Not to be confused with the Verizon Wireless commercial of a similar name, “Can you hear me?” is something you will hear from a scammer calling your house.  These types of calls are usually done by automated call that provides an introduction and identifies a business or agency.  After the intro, the recording will ask if you can hear clearly.  If you answer yes, the scammer behind the call may have recorded you, could plan to use your affirmation to sign you up for a product or service you never wanted and then demand payment.  If you refuse, the scammer may produce your recorded “yes” response to confirm your purchase agreement.

These types of calls are happening all across the country, usually from numbers you are not familiar with but with local area codes so they seem more legitimate.  The scam is a variation of one that began late last year, according to law enforcement.  In these calls, scammers are using phrases like, “Are you’re the lady of the house?”, “Do you pay the household telephone bills?”, or “Are you the homeowner?”.

What can you do to protect yourself from these scammer?

• Hang-up on any unsolicited robocall. Most of us have been taught that hanging up on people is considered rude, but in this case, it’s the best thing you can do.  If you are on the federal ‘Do Not Call List’ and a company calls out of the blue to ask questions, it’s likely a scam.
• Avoid responding with “yes”, “sure” or “ok”.
• Report the number to the FTC.  Real-time reported numbers are helpful for the agency in tracking the issue.
• Sign up on the National Do Not Call Registry.

For more information, click on the links below.

• “‘Can you hear me?’ Scam has police urging people to hang up immediately”. Fox News.com. 2 February 2017. Web. http://www.foxnews.com/tech/2017/01/27/can-hear-me-scam-has-police-urgin...
• King-TV, Seattle.  “You’re a victim with one word in ‘Can you hear me?’ phone scam.” USA Today.com. 27 January 2017. Web. http://www.usatoday.com/story/tech/nation-now/2017/01/27/can-you-hear-me...

Can you hear me scam

Fox News
CNBC
National Do Not Call Registry

 >> back to top

Fedex Email Scam

11/30/16 - It's that time of year again, when the scammers try to outsmart you - hoping your guard will be down with the holiday hustle and bustle.

Please be aware that there is an email circulating from Fedex Tracking with a subject line of "Package Could Not Be Delivered".  While it may look like a legitimate email from Fedex, IT IS NOT. There are links within the email that on the surface "look" to lead to you Fedex's website, but they don't - PLEASE DO NOT CLICK ON THESE. The links are designed to bring you to a different place and can potentially place spyware, malware, or any other kind of virus on your machine.

Always remember - if you didn't order anything recently, you shouldn't be getting an email.

 >> back to top

1st Graders from Gladstone visit Upper Peninsula State Bank

125 - 1st grade students from Cameron Elementary School in Gladstone came to Upper Peninsula State Bank on Thursday, May 5, 2016 for a tour of the bank and to learn a little about banking. The students were excited to see what happens at a bank. They learn about money in school - how to count it, what you buy with it, etc.

"Where is the money printed?" was a question from one of the students during the tour that created some laughs by the bank staff. "We don't make money here, that's done at the Federal Reserve," replied one of the tour leaders.

Upper Peninsula State Bank enjoys the opportunity to give back to the community. It's a rewarding experience to help educate young students about banking.

 >> back to top

Wendy’s is investigating a possible data breach…

Wendy’s said Wednesday (1/27/16) that it was investigating reports of “unusual activity” on credit cards that were used at some of its locations, the Associated Press reported.

“Reports indicate fraudulent charges may have occurred elsewhere after payment cards were legitimately used at some restaurants,” Wendy’s spokesperson Bob Bertini said.  “Until this investigation is completed, it is difficult to determine with certainty the nature or scope of any potential incident.”

The company advised that customers should keep an eye out for possibly unauthorized charges on debit or credit cards if they’ve visited a Wendy’s location in recent months.

You can check out more details on this recent news release by clicking on the links below this article.

Always remember to review your bank accounts regularly.  If you have not already enrolled in Internet Banking or downloaded our Mobile App to your smart phone, you should do so as this is the best and most convenient way to keep tabs on your accounts.  If you notice any charges that you didn’t authorize or something looks suspicious, don’t hesitate to call us – we can help you!

References:

• Kaplan, Michael.  “Wendy’s Credit Card Breach? How to Know If You’re Affected As Fast Food Chain Investigates ‘Unusual Activity’”. International Business Times. 27 January 2016. Web.
• Krebs, Brian.  “Wendy’s Probes Reports of Credit Card Breach.” KrebsonSecurity. 27 January 2016. Web.  http://krebsonsecurity.com/2016/01/wendys-probes-reports-of-credit-card-...
• Reuters.  “Wendy’s Is Looking Into Reports of a Credit Card Breach.” Fortune. 27 January 2016. Web.  http://fortune.com/2016/01/27/wendys-credit-card-breach/>

Wendys Breach

International Business Times
Krebs on Security
Fortune

>> back to top

What’s the New Technology for 2016??

The 49th Annual CES Technology Show was held in Las Vegas, Nevada, on January 6 - 9, 2016. This show featured 3,600 companies, including 500 startups, displaying new technology – from robotics, 3D printing, and unmanned systems to automotive tech, wearables and beyond.  Click the link below this article to read the CES Press Release.

There is lots of speculation on what technology 2016 will bring. Here is a small listing of what may be coming available this year:

• Virtual Reality becomes “reality” with new head sets for mobile phones
• Wiser Messaging Apps
• Safer, Smarter Drones
• A newly revised USB Port that is capable of two-way power
• Voice-Operated Everything
• Cameras that see more
• Streaming Channels (competition for cable and satellite)
• Wireless Charging Everywhere
• Independent Wearables (that don’t require your phone to be close by)

You can check out more details on these and other new technology by clicking on the links below this article.

As you embrace new technology, always remember to do research on any new products you may be interested in – read the reviews and see what others that have already purchased them are saying about it BEFORE YOU BUY.

Remember your cybersecurity! Make sure you understand where your personal or financial information is going and how it is being used if you choose to enter your personal or financial information into new technology.

For safety tips, check out our Cybersecurity Page.

References:

• Fowler, Geoffrey A. and Joanna Stern. “The Tech That will Change Your Life in 2016.” The Wall Street Journal. 27 December 2015. Web.
• Speed, Barbara.  “The best new technologies (probably) arriving in 2016.” NewStatesman. 1 January 2016. Web. <http://www.newstatesman.com/science-tech/technology/2016/01/best-new-tec...

New Technology for 2016

2016 CES Technology Show Press Release
ABC News: CES 2016-Coolest Technology
CBS News: CES 2016 Tech Gadgets
WSJ - Tech that will change your life
NewStateman - Best new technology for 2016

>> back to top

Online Banking and Mobility

Online banking, mobile banking, mobility in general, – is a big part of your financial future, whether you are ready for it or not.  Just a few years ago, Americans conducted online banking mostly through desktop based personal computers.  Now, banking connectivity comes in many forms.  Today’s household might include one or more of the following:  smartphone, tablet, laptop computer, desktop computer and smartwatch; any one of which can be used to connect to an online account – and with each other in some cases.  This is called interconnectivity.  With increasing numbers of devices having embedded operating systems comes a wealth of new opportunities for the end user AND more security precautions that you need to be aware of to keep you “Cyber Safe”.

One of the best ways to protect yourself is by taking an Integrated Approach to security.  This simply means being aware of where your risks might lie, then addressing each of these risks. 

1. Make an inventory of all your Internet connected devices – phones, tablets, computers, smartwatch, etc.
2. Evaluate how each device is protected from hackers and malware.
3. Can a hacker gain access to any or all of your devices?
4. Purchase and install the appropriate software protections for each device.
5. Important Note: Pay attention to the Wi-Fi router in your home – this is the main way devices connect to the Internet.
   1. Use a strong password (Using Strong Passwords)
   2. Name the device in a way that won’t let people know it’s your house
   3. Keep the router software up to date

Public Wi-Fi and hotspots are very convenient, but not very secure. To be secure, avoid performing banking transactions on a public network. TIP – if you need to access your account, try disabling the Wi-Fi and switching to your mobile network. Keep in mind that “shoulder surfing” is still one of the biggest threats to your online security when you are in public.

References:

BankStuffers – “Online Banking & the Internet of Things”.  www.BankStuffers.com

>> back to top

Hyatt Falls to POS Malware Infection

Just in time for Christmas, Hyatt is notifying customers that their payment card data may have been compromised.  They say in a recent statement they recently “identified malware on computers that operate the payment processing systems for Hyatt-managed locations.”  Click on the link below to read the news release from Hyatt.

The Hyatt is one of four major hotel chains in the last 4 months to warn that it may have suffered a POS malware infection. Some of the others are:

• Trump Hotels (September 29, 2015)
• Starwood Hotels and Resorts (November 20, 2015)
• Hilton (November 24, 2015)

This should serve as a reminder to always keep a close eye on your accounts, especially when using debit or credit cards.  For more tips on keeping “Cyber Safe”, check out our Cyber Security Page. As always, if you have any questions about your account or notice any strange activity on your account, please contact us right away.

References:

Schwartz, Mathew J. “Hyatt Falls to POS Malware Infection.” Bank Info Security. n.p., n.d. Web. 24 December 2015.

Hyatt Hotel Data Breach Link

Hyatt Hotel Data Breach Link

>> back to top

2015 Holiday Scams

Information below is an excerpt taken from a recent online article. A link to the online article is listed below.

Here’s a list of 12 scams from the Better Business Bureau and law enforcement agencies to be on the lookout for as you hit the malls or shop online.

• Fake shipping notifications: These can have attachments or links to sites that will download malware on your computer to steal your identity and your passwords. Don’t be fooled by a holiday phishing scam.

• E-cards: Electronic holiday cards can be used to steal your data. Two red flags to watch out for are: the sender’s name is not apparent; you are required to share additional information to get the card.

• Letters from Santa: Several trusted companies offer personalized letters from Santa, but scammers mimic them to get personal information from unsuspecting parents. Check with bbb.org to find out which ones are legitimate.

• Temporary holiday jobs: Retailers and delivery services need extra help at the holidays, but beware of offers that require you to share personal information online or pay for a job lead. Apply in person or go to retailers’ main websites to find out who is hiring.

• Unusual forms of payment: Be wary of anyone who asks you to pay for holiday purchases using prepaid debit cards, gift cards, wire transfers, third parties, etc. These payments cannot be traced and cannot be undone. Use a credit card on a secure website; look for https in the address (the extra “s” is for “secure”) and the lock symbol.

• Social media gift exchange: It sounds like a great deal; buy one gift and get 36 in return. But it’s a variation on a pyramid scheme and it’s illegal, says the BBB.

• Deceptive Advertising — Just like fake websites, fake apps are built at this time of year to target people who prefer shopping from their phones. Be especially wary of phone shopping apps; even those marked with an Amazon or Ebay logo could be fake. And, dangerous links, phony contests on social media, and bogus gift cards allow scammers to steal your personal information, says McAfee.com. Watch out for URLs that use the names of well-known brands along with extra words.

• Bogus Charities — The holidays prompt us to donate to charities, but scam artists take advantage of this by sending emails for fake charities or sharing viral promos. Before donating, do your homework. Groups such as the Better Business Bureau,Charity Watch and even the Internal Revenue Service have tips to safely donate to charities.

• Promotional Emails —The International Business Times says to treat all promotional emails that aren’t coming from a trusted retailer as dangerous material. Even if you open the email, do not click on any links inside.

• Gift Card Scams — The popular gifts can be an opportunity for thieves, who copy the numbers off cards in a store, then check online or call the 1-800 number to see if the card is activated. Once a card is active, the thieves spend its contents online, and the rightful card holder has no money, says the Better Business Bureau. And never buy discounted gift cards sold online; scammers will keep your cash, and use the gift cards.

• Use a Credit Card — Using a credit card is safer than swiping your debit card when shopping. Credit cards have more security features than debit cards and credit companies are more willing to replace your stolen money than most banks, according to IBT.

• Package Theft — The internet is full of videos of thieves stealing packages left by delivery services on doorsteps.Police believe the criminals follow delivery trucks into neighborhoods, say Annapolis Police. To thwart thieves, require a signature for all packages. If nobody will be home to accept a delivery, have the package held at the nearest service location for you to pick it up.

Holiday Scams Article Link

12 Holiday Scams to Guard Against Christmas 2015

>> back to top

US Postal Service E-mail Scam

In our part of the country, it is becoming normal for retired folks to travel south for the winter and return in the spring. If you are one of these fortunate few, please be mindful of a recent scam that appears to come from the US Postal Service. Here is how this scam works:

You may receive a notice online advising you that the post office will no longer be distributing the "mail-forwarding cards" but will be accepting changes online, using forms they email to you.  You may be offered a choice to print them and mail them back or email them.  They will also charge a fee of $35 or so for this "new" service.  As legitimate as the notice may sound and look - IT IS A SCAM.  Fraudsters are looking to obtain your credit card information and your place of residency.  Knowing that you will not be there for an extended period of time, fraudsters could have an opportunity to rob your home in addition to taking your money.

Should you ever receive one of these notices, contact your local post office in person or call them to inquire about this notice  - DON'T OPEN ANY ATTACHMENTS.  If you have additional concerns, print out the email and bring it to your local post office or law enforcement agency.

** For additional information from someone who fell victim to this scam, click on the article link below.

USPS Email Scam Article

New York Post - Dear John Column

>> back to top