Fraud & Security Library
How To Deal with Mobile Scams
We all make use of mobile devices, but did you know they can become infected with malware too? Find out how to keep your devices safe.
We do everything on our phones! From email to banking, communicating, and sharing. These devices hardly leave our side. Often when we think about our mobile devices, the biggest threat we imagine is if they get stolen. But did you know that your trusty tech companion can also get infected with malware?
Bad guys target mobile devices using phishing or other scams, which encourage you to click on a link or enter your details. By interacting with this content you put your device at risk of being infected by malware. To avoid being a target, beware of messages that create a sense of urgency or excitement. If it sounds too good to be true, it probably is. Be particularly wary of messages stating that you have won money or a competition.
If your phone displays any of these symptoms, it may be infected:
- The battery does not last.
- You get random pop-ups.
- The performance of the device drops.
- You find apps on your device that you didn’t install.
To avoid infection:
- Only download apps from official app stores.
- Don’t click on suspicious links.
- Check your apps frequently and delete unused ones.
If in doubt, reset your device and ensure that you install antivirus software too.
Fraud Prevention Tips:
- Never provide your confidential information, such as Social Security Number or Date of Birth, to someone unless you have initiated the contact.
- If you are contacted by phone or email and asked to confirm your confidential information, do not respond to the caller or the email. Contact the company back using the phone number found on your monthly statement or in the phone book. Do not use the phone number provided in the email correspondence or that the caller provides to you.
- Do not use your confidential information as a Personal Identification Number (PIN) or a password.
- When completing online applications or making purchases, ensure the website is utilizing encryption and the page shows as an “https” page.
- Do not record your Social Security number on a check, traveler's check, gift certificates, etc., unless required by law.
- Don't carry your Social Security card and be cautious of your surroundings. Old fashioned wallet stealing is still profitable and utilized by criminals.
- Be mindful when using online social networking. Use a search engine to see how much information about you is listed online and could be pieced together to commit Identity Theft.
- Order your FREE Annual Credit Report.
- Reduce the amount of mail and paper with your personal information printed on it to reduce the chance of criminals stealing it.
- Sign up for electronic statements and stop receiving paper account statements.
- Sign up for direct deposit with your employer to have your funds put directly in your account without paper checks.
- Pay your bills with online bill payment to reduce the risk of sending your checks in the mail.
- Watch for the signs of identity theft such as receiving bills in the mail for things you didn’t authorize.
- Purchase a shredder and shred bills and statements.
- Anti-spyware and anti-virus protection detects and removes viruses and spyware, which can steal vital information.
- A firewall prevents unauthorized users from gaining access to a computer or monitoring transfers of information to and from the computer.
- Operating system and software updates, sometimes called "patches" or "service packs," should be installed as soon as possible.
- Web browser updates are deployed with your security in mind so keep them current.
- Your smartphone contains a host of personal information about you. Secure access to your application by applying a strong password.
- Change your password regularly and never write it down or share it with anyone.
- Configure your phone to automatically lock and apply the password when your device is not in use.
- Do not allow the device to save your mobile banking passwords. Anyone else who uses your device can easily gain access to your account because the access information would already be stored.
- If your phone is lost or stolen, report it to us immediately.
- Links in emails, tweets, social networking postings and text messages are often ways cybercriminals disperse their malware. If it looks suspicious, even if you know the sender, it’s best to delete it or call the sender to validate the message.
- Be wary of any communications that require you to act immediately or ask for personal information. Remember, Orrstown Bank will never:
- Call, email or text you asking for your online banking password, wire pin or challenge question answers
- Email or text you about a problem with your account
- Consider adding anti-virus software to your smartphone.
- Mobile Banking does send confirmation messages to your device to alert you of transactions taking place. These messages do not contain private information about you or your account. Become familiar with content of these messages and contact us immediately if you receive a message you feel is suspicious.
- Jailbreaking is a method of “self-hacking” your smartphone. This makes your smartphone more susceptible to malware and other malicious programs. If you choose to use your mobile device for online banking we advise you not to jailbreak your smartphone.
- Review your account transactions regularly and immediately report any suspicious activity.
Criminals “phish” for your personal information. Phishing can take place via phone calls, emails, text messages, visiting your place of business or by directing you to a phony website that claims to be Orrstown Bank.
Stop and ask yourself, if you were to receive an email, text message or phone call from Orrstown Bank stating there was a problem with your account, would you question the validity of the message?
Criminals attempt to trick us in to believing the communication we are seeing or hearing is from someone we trust.
Remember, Orrstown Bank Will Never:
- Call, email or text you asking for your online banking password, wire pin or challenge question answers.
- Direct you to a website that asks you to update your personal account information.
- Email you computer software updates.
- Email or text you about a problem with your account.
- Visit your place of business and request to perform maintenance on your computer.
If you receive a phone call, email, text message or visit to your place of business that you question, please take the time to call and ask us to validate the communication before taking any action requested. Please do not use the contact information provided in the email or text message you receive. Use the number advertised on our website or on the back of your debit card so you know you’re reaching us.
Criminals may send you an email that looks like it has come from Orrstown Bank. These phony emails may contain an infected link or attachment. These emails will either ask you to reply and provide your confidential information or they will direct you to a website that asks you to enter your confidential information. Remember, Orrstown Bank will not ask you to email us your personal information nor will we ask you to enter it online to update our records. Do not take any action requested in the message. Report the message to us.
These messages are usually well-crafted to trick you in to thinking that you must take immediate action. Be on the lookout for messages such as the following:
- Urgent appeals claim that your account may be closed if you fail to confirm, verify or authenticate your personal information.
- Messages about system and security updates claim that the bank needs you to confirm important information and states that you must update your information online.
- Offers that sound too good to be true often are. You may be asked to fill out a short customer service survey in exchange for money being credited to your account, and you are then asked to provide your account number for proper routing of the supposed credit.
- Typos and other errors are often the mark of fraudulent emails. Be on the lookout for typos or grammatical errors.
If you receive a suspicious email, do not click on any links or reply to it. Simply delete it. To report a suspicious email that is abusing Orrstown Bank’s brand, please contact our Customer Service Center at 1.888.677.7869 or locally in the Shippensburg area at 717.530.3530, Monday - Friday, 8:00 AM to 6:00 PM and Saturday, 8:00 AM to Noon
Phone Phishing, called “Vishing” uses Voice over Internet Protocol (VoIP) to generate automated phone calls. The calls are usually an automated recording that states your account has experienced unusual activity. The message instructs you to call a phone number to have the issue corrected.
Rather than return the phone call, contact us and report the incident. We do not utilize automated systems to contact you about your accounts. Please do not use the number in the message. Contact our Customer Service Center at 1.888.677.7869 or locally in the Shippensburg area at 717.530.3530, Monday - Friday, 8:00 AM to 6:00 PM and Saturday, 8:00 AM to Noon
Text message Phishing, called “SMShing” is phishing that happens via SMS text messages. A criminal sends a text message tricking you into providing financial or personal information or clicking on links that will sneak viruses onto your mobile device.
Do not respond to these messages or click the links in the messages. Please contact our Customer Service Center at 1.888.677.7869 or locally in the Shippensburg area at 717.530.3530, Monday - Friday, 8:00 AM to 6:00 PM and Saturday, 8:00 AM to Noon to report the incident.
Malware is a general term for software that is meant to cause harm. Computer viruses, spyware, adware, and Trojan horses are all examples of malware. The purpose of malware can be something as seemingly harmless (yet annoying) as popping up a window to show you unwanted advertising, or as dangerous as capturing the keystrokes as you type your internet banking password or internet banking challenge question answers.
Computers become infected with malware through a number of mechanisms – sharing files on USB thumb drives or DVD’s, opening suspicious e-mail attachments, clicking on links in e-mails or visiting websites that are themselves infected with malware. Malware can also arrive with downloaded files, such as music or videos from peer-to-peer file sharing networks (such as Kazaa or BitTorrent), or simply by visiting a website that has been hacked and infected. No longer is it a matter of staying away from “bad” websites. Unfortunately, any website that is not properly secured can be hacked and infected with malware that could infect your PC and you most likely will not receive any warning that malware is being downloaded on to your computer. In most cases, the website owners themselves do not know their sites have fallen victim to dispersing criminal malware.
How do you avoid getting malware? Taking these steps can help limit the chances of infection:
- Install and use well-known, reputable anti-virus software. Configure the software to update the virus definitions daily and to scan files and your system in real-time. Setting up an additional full system scan on a regular basis is a good practice as well. This software can help in providing a layer of protection when you visit a site that has been hacked and infected. Anti-virus is no longer enough though. If the only measure you employ is anti-virus, you don’t have enough layers of protection to protect you from attacks.
- Use a firewall. If you are using Windows XP or Vista, enable the Windows Firewall. If you have a Mac, enable the built-in firewall. If you have the means to install a corporate firewall that protects the PC’s within your network that is most certainly recommended as well.
- Avoid fake anti-malware. Don’t buy anti-malware software advertised in pop-up ads. Legitimate software isn’t sold this way.
- Don’t open suspicious e-mail attachments or click the links within emails. Infected e-mail attachments and html website links are one of the most popular ways to spread malware. Even if you know the sender of the email, it’s better to verify why they sent you the message before clicking the attachment or links. They may not know they’ve sent you the message.
Cyber criminals disguise their emails to look as though they’re from a legitimate business. Often, they employ some type of scare tactic to entice you to open the email and/or provide account information. For example, emails may state they are from:
- UPS claiming there is a “problem with your shipment”
- A Financial Institution claiming there is a “problem with your banking account”
- The Better Business Bureau stating “A compliant has been filed against you.”
- Court system stating that “You have been served with a subpoena.”
Other popular emails are ones that claim to show photos or video of current events like natural disasters and major sporting events.
- Don’t respond to messages that try and scare you in to providing an “Immediate Response”. E-mails stating your account is subject to being closed or stating that you’re required to install new software updates should be reported immediately. If either of these situations were true we would have sent you previous correspondences letting you know of an upcoming change or issue with your account status.
- Patch your computer regularly. Ensure your applying vendor-distributed patches.
- Report suspicious behavior. If you cannot access our online banking site, contact us immediately to determine if the site is down for scheduled maintenance or if a fraudster is deliberately locking you out of viewing your account activity.
- Review your account activity on a regular basis and report suspicious activity.
Money mules are unsuspecting victims who become middlemen for criminals trying to launder stolen funds. Victims are lured by the promise of a new career opportunity making large sums of money for minimal work. Criminals recruit money mules, send them stolen money and then ask the money mules to wire or transfer the money unwittingly to the criminals. Using the money mule masks the criminal's identity.
The money mule may keep a commission for performing the transfer or wire. The victims of these scams may not only have their bank accounts closed and financial reputation ruined, but are often left financially responsible for returning the stolen funds.
Common signs of a money mule scam:
- Overseas companies requesting money transfer agents in the United States.
- Opening new bank accounts to receive money from someone you don't know.
- Accepting large sums of money into your personal bank account for a new job.
- Transferring or wiring funds out of your personal bank account to people you do not know.
Beware of these latest scams:
Cybercriminals are using advanced tactics to disguise dangerous malware as harmless text files. Using a phishing email, the bad guys try to trick you into downloading a file attachment named “ReadMe_knl.txt”. Typically, files ending in .txt are plain text documents that can be opened in any text editing software. But in this case, the cybercriminals use a trick called Right-to-Left Override (RLO) to reverse part of the file name.
The true name of the attached file is “ReadMe_txt.lnk.lnk”. It is not a plain text document, but actually, a command that instructs your computer to download the bad guy’s malware. Once the malware is installed, cybercriminals have complete access to your system. They can access everything from your browser history to your cryptocurrency wallet and they can even take photos using your webcam.
Advanced phishing tactics can be intimidating, but you can stay safe by practicing the tips below:
- Remember that bad guys can disguise anything, even file types.
- Never click a link or download an attachment in an email that you were not expecting.
- When in doubt, reach out to the sender by phone to confirm the legitimacy of the email.
While cyber threats continue to advance in new and intimidating ways, classic phishing methods are still a favorite among bad guys. Let’s take a look at a recent Facebook-themed phishing attack and see if you can spot the red flags:
The email appears to come from Facebook and starts with “Hi User”. The body states that there is an issue with your account that you must log in to resolve. The email includes a link to “verify” your account and ends with the line “This link will expires in 72 hours, We appreciate your attention to this matter.” If you click the link, you are taken to a phony look-alike Facebook login page. Any information that you enter on this page is delivered straight to the bad guys.
How many red flags did you see? Remember the following tips:
- Question everything. For example, your name is part of your Facebook profile, so why is the email addressing you as “User”?
- Look for a sense of urgency. In this example, the email gives you 72 hours to verify your account. Remember, the bad guys rely on impulsive clicks.
- Pay close attention to the grammar and capitalization. For example, the words “This link will expires in...” should be “This link will expire in...”. Also in that same line, the word “We” is in the middle of a sentence, so this should be lowercase.
As the name suggests, an influencer is someone whose opinions influence a large social media audience. While influencers usually attract sponsorships from legitimate brands, these accounts can also be used as a tool for cybercriminals.
Instagram influencers often host special giveaways to raise brand awareness. Typically followers are asked to comment on the post for their chance to win. Unfortunately, bad guys then use these comments to target their victims. You may receive a message from someone spoofing the influencer’s account or claiming that they work with the giveaway host. Then, you are told that you won the giveaway, but that you need to pay a shipping fee or provide some personal information. Any information provided goes straight to the cybercriminals. Don’t fall for it!
Here are some tips to stay safe from influencer scams:
- The technique could easily be used on any social media platform. Be skeptical of anyone who contacts you that you don’t know personally.
- This attack exploits your excitement of winning a prize to get you to act impulsively. Don’t let the bad guys play with your emotions.
- Remember that cybercriminals use more than just emails to phish for your information. Always think before you click!
Google recently removed a number of dangerous mobile applications (apps) from the Google Play store. These were disguised as generic VPN and audio control apps that appeared to be safe, but once installed, they tricked victims into allowing downloads from untrusted sources.
If you download a disguised app and fall victim to this scam, a dangerous piece of malicious software (malware) is installed on your device. The malware adds malicious code into your financial apps, giving the bad guys access to your banking and credit card accounts. Over time, cybercriminals use this malware to gain complete control over your device and use it however they please.
This is not the first time that malicious apps were found on Google Play or on the Apple app store—and it won’t be the last. When you download applications, remember these tips:
- Read reviews and ratings for the app. Look for reviews that are critical or reviews with three stars or less, as these are less likely to be fake.
- Avoid apps with few or no reviews and apps that have a low number of downloads.
- Only download apps from trusted publishers. Remember, anyone can publish an app on official app stores—including cybercriminals.
Earlier this month, cybercriminals impersonated the largest brokerage regulation company in the US: the Financial Industry Regulatory Authority (FINRA). Seeing such a vital organization be used as phish bait is chilling. Fortunately, if you know what to look for, this scam is easy to spot!
The phishing email starts with the vaguely-startling subject line “ATTN: FINRA COMPLIANCE AUDIT”. The email is sent from supports[at]finra-online. The email asks you to review an attached document and respond immediately. The short email message closes with, “If you've got more questions regarding this letter don't hesistate to contact us.” Anyone who falls for this scam and downloads the attachment will find that the file is actually a nasty piece of malicious software.
Here’s how you can stay safe from similar attacks:
- By asking for your immediate response regarding an audit, the bad guys create a sense of urgency. These scams rely on impulsive actions, so always think before you click.
- Watch for poor spelling and grammar in supposedly-official messages. Did you catch the spelling error in the example above? The word “hesitate” is misspelled as “hesistate”.
- Check who sent the email. In this case, while the email address included the name FINRA, it did not use the official FINRA.org domain.
LinkedIn is a networking site used to connect with colleagues, employers, and other business contacts. Even though LinkedIn is designed for professionals, it is just as vulnerable as any other social media platform.
In a recent scam, cybercriminals use stolen LinkedIn accounts to message the contacts of those accounts. The message includes a link to a “LinkedInSecureMessage”—which is not a service that LinkedIn provides. The link takes you to an official-looking page that includes the LinkedIn logo and a “View Document” button. If you click the button, a phony LinkedIn login page opens. Information entered on this screen will be sent straight to the cybercriminals who will likely sell your account for use in similar social networking scams.
Don’t fall for it! Remember these tips:
- Stay up-to-date on which features your accounts and platforms offer. For example, LinkedIn does not offer a file sharing feature.
- Never trust a link in a message that you were not expecting. If you think the notification could be legitimate, reach out to the sender by phone to be sure.
- Remember that cybercriminals use more than just emails to phish for your information. Always think before you click!
Many of us are used to receiving messages from shipping companies, so cybercriminals use similar emails as phish bait. Let’s take a look at a recent shipping-themed phishing attack and see if you can spot the red flags:
Sent from “Dhl Express”, the email claims that you have something waiting for you at your local post office. The message states “To receive your parcel, Please see and check attached shipping documents.” and it includes a .html file as an attachment. If you open the attachment, a web page displays that looks like a blurred-out Excel spreadsheet. Covering this blurred image is a fake Adobe PDF login window with your email address already populated in the username field. If you enter your password and click “View PDF Document” your email address and password will be sent straight to the bad guys.
How many red flags did you see? Remember the following tips:
- Look for poor grammar and capitalization. For example, the sender name “Dhl” should be “DHL”. Also, in the body of the email, the word “Please” is in the middle of a sentence, so this should be lowercase.
- Check the file type. The email attachment is a .html file, but most legitimate documents are shared as PDFs, spreadsheets, or word documents. HTML files are designed to be opened in a web browser, much like a link to a website.
- Watch out for anything out of the ordinary. An Adobe PDF login window blocking what appears to be a Microsoft Excel file is quite unusual.
Access to the COVID-19 vaccine is limited, which leaves many people anxiously waiting for a way to further protect themselves from the virus. Cybercriminals are taking advantage of this anxiety with vaccine-themed phishing emails.
A recent phishing attack in the UK spoofs the National Health Service (NHS). The phishing email claims that you have the opportunity to get vaccinated and it includes a link to accept the invitation. If you click on the link, a convincing NHS look-alike page opens. The phony site asks for personal information such as your name, address, and phone number, along with your credit card and banking details. Unfortunately, any information that you provide here goes straight to the cybercriminals and you are not in line for vaccination.
Follow these tips to stay safe from similar scams:
- We all want the pandemic to be over and this attack tries to exploit those feelings. Don’t let the bad guys toy with your emotions. Think before you click!
- Don’t trust an email. Visit an official government website or a trusted news source for information on vaccine availability.
- Remember, even if the sender appears to be a legitimate organization, the email address could be spoofed.
A year into the pandemic, bad guys continue to target struggling organizations. A recent example is a phishing email targeting those in the United States. Impersonating a bank, the sender offers loans through the Paycheck Protection Program (PPP). The PPP is a real relief fund that is backed by the United States Small Business Administration (SBA), but the email is nothing short of a scam.
The phishing email directs you to click a link to register for a PPP loan. When clicked, the link takes you to a form with an official-looking header that reads, “World Trade Finance PPP 2021 Data Collection”. The form requests a lot of personal information, such as your organization’s name, your business email, and your social security number. Any of the information submitted on this form goes straight to the cybercriminals.
Here’s how you can stay safe from scams like this:
- Think before you click! Desperate times call for diligent measures.
- If you or your organization need financial help, reach out to legitimate and well-known programs—don’t trust an unexpected email.
- Stay up-to-date on your country’s relief efforts by following local news and other trusted sources.