Information Board
Important Information

"Can you hear me"? Scam

1/27/17 - Not to be confused with the Verizon Wireless commercial of a similar name, “Can you hear me?” is something you will hear from a scammer calling your house.  These types of calls are usually done by automated call that provides an introduction and identifies a business or agency.  After the intro, the recording will ask if you can hear clearly.  If you answer yes, the scammer behind the call may have recorded you, could plan to use your affirmation to sign you up for a product or service you never wanted and then demand payment.  If you refuse, the scammer may produce your recorded “yes” response to confirm your purchase agreement.

These types of calls are happening all across the country, usually from numbers you are not familiar with but with local area codes so they seem more legitimate.  The scam is a variation of one that began late last year, according to law enforcement.  In these calls, scammers are using phrases like, “Are you’re the lady of the house?”, “Do you pay the household telephone bills?”, or “Are you the homeowner?”.

What can you do to protect yourself from these scammer?

• Hang-up on any unsolicited robocall. Most of us have been taught that hanging up on people is considered rude, but in this case, it’s the best thing you can do.  If you are on the federal ‘Do Not Call List’ and a company calls out of the blue to ask questions, it’s likely a scam.
• Avoid responding with “yes”, “sure” or “ok”.
• Report the number to the FTC.  Real-time reported numbers are helpful for the agency in tracking the issue.
• Sign up on the National Do Not Call Registry.

For more information, click on the links below.

• “‘Can you hear me?’ Scam has police urging people to hang up immediately”. Fox News.com. 2 February 2017. Web. http://www.foxnews.com/tech/2017/01/27/can-hear-me-scam-has-police-urgin...
• King-TV, Seattle.  “You’re a victim with one word in ‘Can you hear me?’ phone scam.” USA Today.com. 27 January 2017. Web. http://www.usatoday.com/story/tech/nation-now/2017/01/27/can-you-hear-me...

Can you hear me scam

Fox News
CNBC
National Do Not Call Registry

 

Fedex Email Scam

11/30/16 - It's that time of year again, when the scammers try to outsmart you - hoping your guard will be down with the holiday hustle and bustle.

Please be aware that there is an email circulating from Fedex Tracking with a subject line of "Package Could Not Be Delivered".  While it may look like a legitimate email from Fedex, IT IS NOT. There are links within the email that on the surface "look" to lead to you Fedex's website, but they don't - PLEASE DO NOT CLICK ON THESE. The links are designed to bring you to a different place and can potentially place spyware, malware, or any other kind of virus on your machine.

Always remember - if you didn't order anything recently, you shouldn't be getting an email.

 

2015 Holiday Scams

Information below is an excerpt taken from a recent online article. A link to the online article is listed below.

Here’s a list of 12 scams from the Better Business Bureau and law enforcement agencies to be on the lookout for as you hit the malls or shop online.

• Fake shipping notifications: These can have attachments or links to sites that will download malware on your computer to steal your identity and your passwords. Don’t be fooled by a holiday phishing scam.

• E-cards: Electronic holiday cards can be used to steal your data. Two red flags to watch out for are: the sender’s name is not apparent; you are required to share additional information to get the card.

• Letters from Santa: Several trusted companies offer personalized letters from Santa, but scammers mimic them to get personal information from unsuspecting parents. Check with bbb.org to find out which ones are legitimate.

• Temporary holiday jobs: Retailers and delivery services need extra help at the holidays, but beware of offers that require you to share personal information online or pay for a job lead. Apply in person or go to retailers’ main websites to find out who is hiring.

• Unusual forms of payment: Be wary of anyone who asks you to pay for holiday purchases using prepaid debit cards, gift cards, wire transfers, third parties, etc. These payments cannot be traced and cannot be undone. Use a credit card on a secure website; look for https in the address (the extra “s” is for “secure”) and the lock symbol.

• Social media gift exchange: It sounds like a great deal; buy one gift and get 36 in return. But it’s a variation on a pyramid scheme and it’s illegal, says the BBB.

• Deceptive Advertising — Just like fake websites, fake apps are built at this time of year to target people who prefer shopping from their phones. Be especially wary of phone shopping apps; even those marked with an Amazon or Ebay logo could be fake. And, dangerous links, phony contests on social media, and bogus gift cards allow scammers to steal your personal information, says McAfee.com. Watch out for URLs that use the names of well-known brands along with extra words.

• Bogus Charities — The holidays prompt us to donate to charities, but scam artists take advantage of this by sending emails for fake charities or sharing viral promos. Before donating, do your homework. Groups such as the Better Business Bureau,Charity Watch and even the Internal Revenue Service have tips to safely donate to charities.

• Promotional Emails —The International Business Times says to treat all promotional emails that aren’t coming from a trusted retailer as dangerous material. Even if you open the email, do not click on any links inside.

• Gift Card Scams — The popular gifts can be an opportunity for thieves, who copy the numbers off cards in a store, then check online or call the 1-800 number to see if the card is activated. Once a card is active, the thieves spend its contents online, and the rightful card holder has no money, says the Better Business Bureau. And never buy discounted gift cards sold online; scammers will keep your cash, and use the gift cards.

• Use a Credit Card — Using a credit card is safer than swiping your debit card when shopping. Credit cards have more security features than debit cards and credit companies are more willing to replace your stolen money than most banks, according to IBT.

• Package Theft — The internet is full of videos of thieves stealing packages left by delivery services on doorsteps.Police believe the criminals follow delivery trucks into neighborhoods, say Annapolis Police. To thwart thieves, require a signature for all packages. If nobody will be home to accept a delivery, have the package held at the nearest service location for you to pick it up.

Holiday Scams Article Link

12 Holiday Scams to Guard Against Christmas 2015

 

US Postal Service Email Scam

In our part of the country, it is becoming normal for retired folks to travel south for the winter and return in the spring. If you are one of these fortunate few, please be mindful of a recent scam that appears to come from the US Postal Service. Here is how this scam works:

You may receive a notice online advising you that the post office will no longer be distributing the "mail-forwarding cards" but will be accepting changes online, using forms they email to you.  You may be offered a choice to print them and mail them back or email them.  They will also charge a fee of $35 or so for this "new" service.  As legitimate as the notice may sound and look - IT IS A SCAM.  Fraudsters are looking to obtain your credit card information and your place of residency.  Knowing that you will not be there for an extended period of time, fraudsters could have an opportunity to rob your home in addition to taking your money.

Should you ever receive one of these notices, contact your local post office in person or call them to inquire about this notice  - DON'T OPEN ANY ATTACHMENTS.  If you have additional concerns, print out the email and bring it to your local post office or law enforcement agency.

** For additional information from someone who fell victim to this scam, click on the article link below.

USPS Email Scam Article

New York Post - Dear John Column

 

KMART INVESTIGATING PAYMENT SECURITY INCIDENT

Kmart officials said Wednesday, (5/31/17), “We recently became aware Kmart was a victim of a security incident involving unauthorized credit card activity after certain customer purchases at some of our stores. …Kmart store payment data systems were infected with a form of malicious code (similar to a computer virus) that was undetectable by current anti-virus systems.”

VISA has notified Upper Peninsula State Bank of this breach and has provided the bank a list of card numbers that have been affected.  As a result, impacted cards have been hot carded and re-issued.

The responsibility of this breach rests solely with the payment systems used by Sears/Kmart. Should you have any concerns about your card, please feel free to contact our Customer Service Representatives.

For more information on this incident, including the press release from Kmart, please see the links below.

References:

• Able, Robert.  “Kmart hit with second POS breach in three years.” SCMagazine. 1 June 2017. Web. https://www.scmagazine.com/kmart-announced-a-pos-breach/article/665827/
• Krebs, Brian.  “Credit Card Breach at Kmart Stores.  Again.” KrebsonSecurity. 31 May 2017. Web.  https://krebsonsecurity.com/2017/05/credit-card-breach-at-kmart-stores-a...

Kmart Breach

Kmart Security Incident FAQ
Krebs on Security
SCMagazine

 

Arby's acknowledges data breach...

2/9/17 – Arby’s acknowledged to KrebsOnSecurity that it recently remediated a breach involving malicious software installed on payment card systems at hundreds of its restaurant locations nationwide.  The breach involved malware placed on payment systems inside Arby’s corporate stores, and that Arby’s franchised restaurant locations were not impacted.  The breach is estimated to have occurred between October 25, 2016 and January 19, 2017.

“Although there are over 1,000 corporate Arby’s restaurants, not all of the corporate restaurants were affected,” said Christopher Fuller, Arby’s senior vice president of communications.  “But this is the most important point:  That we have fully contained and eradicated the malware that was on our point-of-sale systems.”

Point-of-sale malware has driven most of the major retail industry credit card breaches over the past two years, including intrusions at Target and Home Depot, as well as breaches at a slew of point-of-sale vendors.  Arby’s reminded customers that it is always advisable to closely monitor their payment card account statements for any unauthorized activity.

You can check out more details on this recent news release by clicking on the links below this article.

Always remember to review your bank accounts regularly. If you have not already enrolled in Online Banking or downloaded our Mobile App to your smart phone, you should do so as this is the best and most convenient way to keep tabs on your accounts. If you notice any charges that you didn’t authorize or something looks suspicious, don’t hesitate to call us – we can help you!

References:

• Weise, Elizabeth.  “Arby’s probes possible data breach of credit cards”. USA Today. 9 February 2017. Web.  <http://www.usatoday.com/story/tech/news/2017/02/09/arbys-breach-may-have...
• Krebs, Brian.  “Fast Food Chain Arby’s Acknowledges Breach.” KrebsonSecurity. 9 February 2017. Web. <https://krebsonsecurity.com/2017/02/fast-food-chain-arbys-acknowledges-b...
• Vanian, Jonathan.  “Hackers Stole Credit Card Information From Thousands of Arby’s Customers.” Fortune. 9 February 2017. Web.  < http://fortune.com/2017/02/09/arbys-restaurants-hackers-data-breach />

Arbys Breach

Krebs on Security
USA Today
Fortune

 

Wendy’s is investigating a possible data breach…

Wendy’s said Wednesday (1/27/16) that it was investigating reports of “unusual activity” on credit cards that were used at some of its locations, the Associated Press reported.

“Reports indicate fraudulent charges may have occurred elsewhere after payment cards were legitimately used at some restaurants,” Wendy’s spokesperson Bob Bertini said.  “Until this investigation is completed, it is difficult to determine with certainty the nature or scope of any potential incident.”

The company advised that customers should keep an eye out for possibly unauthorized charges on debit or credit cards if they’ve visited a Wendy’s location in recent months.

You can check out more details on this recent news release by clicking on the links below this article.

Always remember to review your bank accounts regularly.  If you have not already enrolled in Internet Banking or downloaded our Mobile App to your smart phone, you should do so as this is the best and most convenient way to keep tabs on your accounts.  If you notice any charges that you didn’t authorize or something looks suspicious, don’t hesitate to call us – we can help you!

References:

• Kaplan, Michael.  “Wendy’s Credit Card Breach? How to Know If You’re Affected As Fast Food Chain Investigates ‘Unusual Activity’”. International Business Times. 27 January 2016. Web.
• Krebs, Brian.  “Wendy’s Probes Reports of Credit Card Breach.” KrebsonSecurity. 27 January 2016. Web.  http://krebsonsecurity.com/2016/01/wendys-probes-reports-of-credit-card-...
• Reuters.  “Wendy’s Is Looking Into Reports of a Credit Card Breach.” Fortune. 27 January 2016. Web.  http://fortune.com/2016/01/27/wendys-credit-card-breach/>

Wendys Breach

International Business Times
Krebs on Security
Fortune

 

Hyatt Falls to POS Malware Infection

Just in time for Christmas, Hyatt is notifying customers that their payment card data may have been compromised.  They say in a recent statement they recently “identified malware on computers that operate the payment processing systems for Hyatt-managed locations.”  Click on the link below to read the news release from Hyatt.

The Hyatt is one of four major hotel chains in the last 4 months to warn that it may have suffered a POS malware infection. Some of the others are:

• Trump Hotels (September 29, 2015)
• Starwood Hotels and Resorts (November 20, 2015)
• Hilton (November 24, 2015)

This should serve as a reminder to always keep a close eye on your accounts, especially when using debit or credit cards.  For more tips on keeping “Cyber Safe”, check out our Cyber Security Page. As always, if you have any questions about your account or notice any strange activity on your account, please contact us right away.

References:

Schwartz, Mathew J. “Hyatt Falls to POS Malware Infection.” Bank Info Security. n.p., n.d. Web. 24 December 2015.

Hyatt Hotel Data Breach Link

Hyatt Hotel Data Breach Link