Security Center

CALLBACK PHISHING

In callback phishing scams, cybercriminals send you an email about something urgent, such as a fraudulent charge or a vital software update. What makes this tactic unique is that the email includes a phone number that you are prompted to call. If you call the number in the email, cybercriminals will try to trick you into revealing your sensitive information. They may use an automated voice message that prompts you to enter sensitive information, such as your credit card number or social security number. Cybercriminals can also try to trick you into downloading malware by answering the phone and walking you through the process of downloading malicious files onto your device.

FOLLOW THE tIPS BELOW TO STAY sTAY sAFE FROM CALLBACK PHISHING SCAMS:

• Verify that a phone number is legitimate by navigating to the organization’s official website.
• Before sharing sensitive information over the phone, ask the caller to tell you what information they have on file. If they can't prove they are legitimate, hang up.
• Watch out for a sense of urgency in emails as phishing attacks rely on impulsive actions. Always think twice before you call!

Social Engineering

Social engineering is when someone tries to manipulate you into performing an action or sharing confidential information. Unfortunately, cybercriminals use social engineering to access computer systems, gather information or make money. Most successful social engineering attacks are caused by human error. If you familiarize yourself with common social engineering methods, you can recognize and stay safe from an attempted social engineering attack. 

Social Engineering Tricks

• Malicious Links: Cybercriminals may use malicious links to trick you into downloading dangerous software or opening an unsafe webpage. They may send you a phishing email, which is an email that may try to convince you to share sensitive information, click an unsafe link or download a malicious attachment. For example, you could receive an email that contains a link to access shipping information for an order. Because the email seems legitimate, you may be tempted to click the link. However, clicking the link could download malicious software that allows the cybercriminal to control your computer.
• Fake Web Pages: Cybercriminals may create fake web pages to trick you into logging into the page or entering sensitive information. For example, you could receive a phishing email that contains a link to log in to LinkedIn. Because the email seems legitimate, you may be tempted to click the link and enter your login credentials. Once you’ve entered your login credentials, the cybercriminal can log in to your LinkedIn account, view your personal information and change your password so that you can’t access your account.
• Impersonation: Cybercriminals may impersonate a celebrity or someone you know to trick you into revealing sensitive information, clicking an unsafe link or downloading a malicious attachment. For example, you could receive a phone call from a cybercriminal posing as your internet provider. The cybercriminal could tell you that your monthly payment is overdue and mention your account number and date of birth. Because the call seems legitimate, you may be tempted to provide your payment information. Keep in mind that impersonation attacks can also occur over email, text message or social media.

tIPS FOR sTAYING sAFE FROM sOCIAL eNGINEERING

Now that you’re more familiar with social engineering tricks, here are some tips that you can use to protect yourself from social engineering attacks:

• Before clicking a link, hover your mouse over the link to make sure that the link is secure and matches the website you’re looking for.
• Instead of clicking a link or a button in an email to navigate to a website, navigate directly to the website by entering the URL into your address bar.
• Before sharing sensitive information such as your birth date or your payment information, verify that the source you’re sharing the information with is legitimate.
• If someone you know messages you to ask about your sensitive data or sends you a link, call or text the person directly to make sure the request is legitimate. If a message seems suspicious, it likely is suspicious.
• Simply, never give any personal information over the phone. St. Anne’s will never request this information from you, nor would we ever need it. If you receive a phone call requesting these details from you, just hang up. Still unsure? Call the credit union directly to confirm the legitimacy of the call.
• Monitor your account activity through Online or Mobile Banking and report suspected fraudulent transactions
• Sign up for free SecureAlerts from St. Anne's to set up customized, real-time account notifications to know instantly when something important happens on your account through texts, push notifications emails or Online Banking Messages. Click here to register today.

St. Anne's takes your privacy and security very seriously. If you think you've been a victim of fraud, contact us immediately at 1.877.STANNES.

ReVerse Instant Payment

Reverse instant payment scams occur when cybercriminals trick victims into sending them money through digital payment apps such as Venmo^®, Zelle^® and PayPal^® that allow users to instantly send funds from their bank accounts to other registered users, needing only the other user's phone number or email address. Cybercriminals will send their victims what appear to be automated text messages asking them if they have attempted to make an instant payment. When the victim replies "No" to the text, they then receive a reply saying that their financial institution's fraud specialist will be contacting them shortly. Cybercriminals who sound credible will then call the victim claiming to be fraud specialists, using sophisticated technology to have their caller ID appear to be the victim's financial institution's legitimate toll-free number. The cybercriminal will then tell the victim to secure their digital payment app account by removing their email address as the cybercriminal proceeds to add the email to an account they control so that when they ask the victim to send another instant payment to themselves over the app in order to "reverse" the payment referenced in the original text message, the payment goes to the cybercriminal rather than back to the victim.

Here's how you can spot a potential reverse instant payment scammer:

• You receive unsolicited requests to verify account information
• You are asked to transfer funds between accounts in order to prevent/reverse fraud - legitimate financial institutions like St. Anne's will never ask you to do that
• Unsolicited callers try to establish credibility by providing your personal information such as Social Security Numbers and past addresses - many criminals have gathered such information through large-scale data breaches over the past decade, so don't let this strategy fool you

Call St. Anne's directly at 1.877.STANNES if you receive an unsolicited request to verify account information - do not simply reply to unsolicited text, phone call or email requests.

For more details on reverse instant payment scams, please refer to the Federal Bureau of Investigation's (FBI) Public Service Announcement here.

Protect yourself during online transactions

Technology has brought us easier ways to bank, shop, sell, and manage our day-to-day lives. It’s also brought forth fraudsters who are using sophisticated technology to defraud you.

Protect yourself when shopping online:

• Review your credit card transactions often
• Create transaction alerts
• Avoid public Wi-Fi
• Verify that the websites you are visiting start with “HTTPS"
• Validate social media deals
• Set strong passwords

Beware of purchasing scams when selling items online as well. It is a “red flag” when anyone responds to your posting or ad wanting to pay more for the item. The buyer offers to use a cashier's check, personal check, or corporate check BUT at the last minute, comes up with a reason for writing the check for more than the sales price. They ask you to wire back the difference after you deposit the check. However, when you deposit the check and after you have already wired the funds back, you find out that the check bounced leaving you liable for the entire amount.

protect yourself when selling online:

• Don't accept a check for more than your selling price, no matter how tempting. Ask the buyer to write the check for the correct amount. If the buyer refuses to send the correct amount, return the check. Don't send the merchandise.
• If the buyer insists that you wire back funds, end the transaction immediately. Legitimate buyers don't pressure you to send money by Western Union or a similar company. In addition, you have little recourse if there's a problem with a wire transaction.

Learn tips, tools, and strategies to protect your money and your technology:

Consumer Online Safety - Federal Trade Commission (FTC)

Identity Theft

Identity theft is the fastest growing crime in America today. It happens when fraudsters willfully and wrongfully obtain and use your personal data to defraud you. Learn how to protect yourself from becoming a victim.

• Consumer Protection Information - Federal Trade Commission (FTC)
• Identity Theft - Federal Trade Commission (FTC)
• Identity Theft - Protecting Your Identity and Safeguarding your Financial Information

Business Security

Running a successful business involves identifying and managing all kinds of risk. To help you protect your business from fraud and other security risks, St. Anne’s provides these helpful articles to take care of your business.

Corporate Account Takeover - Mass.gov