New Year, New You… Same W-2 Tax Scam

Tax scam warning sign

MS-ISAC provides the following information to help with your security. Tax season is in full swing, which means criminals will go to great lengths to separate you from your money, your identity, or anything of value that is within their reach. They may offer seemingly legitimate “tax services” that are actually designed to steal your identity and your tax refund. Often times, criminals will lure you in with an offer of larger write-offs or refunds. Such scams might include fake websites and tax forms that look like they belong to the Internal Revenue Service (IRS) in order to trick you into providing your personal information.

Due to the rise in data breaches, you should always take steps to minimize your risk of identity theft and other online-related crimes; this is especially important this time of the year. Below are some warning signs to look for and basic precautions you can take to minimize risk and avoid becoming the next victim!

Warning Signs of an Online Tax Scam

  • An email or link requesting personal and/or financial information, such as your name, social security number, bank or credit card account numbers, or any additional security-related information.
  • Emails containing various forms of threats or consequences if no response is received, such as additional taxes or blocking access to your funds.
  • Emails from the IRS or federal agencies. The IRS will not contact you via email.
  • Emails containing exciting offers, tax refunds, incorrect spelling, grammar, or odd phrasing throughout.
  • Emails discussing “changes to tax laws.” These email scams typically include a downloadable document (usually in PDF format) that purports to explain the new tax laws. However, unbeknownst to many, these downloads are almost always populated with malware that, once downloaded, will infect your computer.

How to Avoid Being the Victim

  • Never Send Sensitive Information in an Email: Information sent through email can be intercepted by criminals. Make sure to consistently check your financial account statements and your credit report for any signs of unauthorized activity.
  • Secure Your Computer: Ensure your computer has the latest security updates installed. Check that your anti-virus and anti-spyware software are running properly and receiving automatic updates from the vendor. If you haven’t already done so, install and enable a firewall.
  • Carefully Select the Sites You Visit: Safely searching for tax forms, advice on deductibles, tax preparers, and other similar topics requires great caution. NEVER visit a site by clicking on a link sent in an email, found on someone’s blog, or in an advertisement. The websites you land on might look like legitimate sites, but can also be very well-crafted fakes.
  • Be Wise with Wi-Fi: Wi-Fi hotspots are intended to provide convenient access to the internet, however, this convenience can come at a cost. Public Wi-Fi is not secure and is susceptible to eavesdropping by hackers, therefore, never never use public Wi-Fi to file your taxes!
  • Look for Clear Signs: Common scams will tout tax rebates, offer great deals on tax preparation, or offer a free tax calculator tool. If you did not solicit the information, it’s likely a scam.
  • Be on the Watch for Fake IRS Scams: The IRS will not contact you via email, text messaging, or your social network, nor does it advertise on websites. Additionally, if an email appears to be from your employer or bank claiming there is an issue that requires you to verify personal information, this is most likely a scam as well. Don’t respond to these types of emails; always contact the entity directly.
  • Always Utilize Strong Passwords: Cybercriminals have developed programs that automate the ability to guess your passwords. To best protect yourself, make your passwords difficult to guess. Passwords should have a minimum of nine characters and include uppercase and lowercase letters, numbers, and symbols.

If you receive a tax-related phishing or suspicious email at work, report it according to your organization’s cybersecurity policy. If you receive a similar email on your personal account, the IRS encourages you to forward the original suspicious email (with headers or as an attachment) to its phishing@irs.gov email account, or to call the IRS at 800-908-4490. More information about tax scams is available on the IRS website and in the IRS Dirty Dozen list of tax scams.

For More Information

IRS | Taxpayer Guide to Identity Theft

IRS | Report Phishing

IRS Dirty Dozen

These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.

Avoid Holiday Fraud Schemes

Business, Technology, Internet and network concept. Young busine

Fraud schemes are hardly limited to the holidays, but they tend to spike during this high-spending and stressful time of the year. You can be aware of fraud tactics that will help you avoid becoming a victim.

Be skeptical about calls, texts, and emails:

  • Cornhusker Bank and its fraud partners will not contact you asking for cardholder data, such as card numbers, PINs, CV2 Codes, or Expiration Dates.
  • Do not respond to people who contact you asking for personal or financial information. Do not share your account numbers, Social Security numbers or other sensitive information.
  • Do not open emails, email attachments or click on links in emails that you do not recognize.
  • Do not share your online banking information with anyone.

Beware of common scams:

  • Avoid online shopping deals that are too good to be true.
  • Always book travel through a business that is familiar to you.
  • Do not make any donations or payments with a gift card or wire transfer.
  • Legitimate charities will not pressure you to make donations immediately.
  • Do not send money by wire to a “relative” who claims to be stuck in a crisis away from home.

Protect your accounts:

  • Enrollment in online/mobile banking provides peace of mind with 24/7 access to balances and transactions.
  • Debit card fraud services alert customers by text or by phone of potential unauthorized transactions.
  • CardValet allows customers control their debit card usage; limits can be set on transaction amounts, merchant types and spending locations, with alerts each time the debit card is used.

Call Cornhusker Bank at 402-434-2265 if you are concerned about any contact or solicitation. The Customer Engagement team will be glad to help!

Protect Yourself from Fraud

Fraud Tip Fall 2019 Header Image2

A scam targeting customers and their banks recently resulted in millions of dollars of losses for financial institutions and the customers they serve.  Fraudsters are performing sophisticated phishing scams where they impersonate bank personnel to get personal identifying information from customers.  Using the information they obtain, fraudsters will then impersonate customers by contacting their bank’s debit card fraud services.  If the fraudster is lucky, they will deceive the bank and gain approval for fraudulent transactions to post to customer accounts.  

Fraudsters have been successful in deceiving banks and customers alike across the United States.  While we take every measure possible to keep your accounts safe and secure, please help us by taking a moment to review the tips below to avoid being a victim.  You can also find more detailed information by visiting our Fraud and Identity Theft webpage: https://www.cornhuskerbank.com/Fraud-Identity-Theft.aspx

• Cornhusker Bank or our 24/7 Fraud Service will never call, e-mail, or text you to ask for personal identifying information. Personal identifying information includes your debit card number, your debit card PIN, your debit card CVV Code, or your online banking password.

• You can control your debit card usage, customize alerts, and manage your spending with card controls within the Cornhusker Bank Mobile Banking App.  Select Manage My Card – Select About Cards – to set up spending alerts, customize your spending limits by location or merchant or temporarily lock your card.

• Ensure the bank always has updated contact information for your account.  Legitimate text messages will be sent to your phone if fraud is suspected for you to confirm or deny fraud attempts.  We won’t, however, ask you for your PIN, debit card number, etc. through text or phone calls.

• If you receive a call from someone claiming to be from “the Bank” asking for sensitive information, please hang up and inform us by calling the Customer Engagement Team immediately at (402) 434-2265.

Payroll Impersonation Fraud

security_awareness_image

What is it?

Fraudsters target individual employees by directing the employees to update or confirm their payroll information via a fake payroll platform that spoofs their employer’s actual payroll platform. In some cases, the fraudster may claim the employee must do one of these: view a confidential email from human resources or the payroll department, view changes to the employees account, or confirm that the account should not be deleted.  In any case, when the employee logs in from a link or attachment in the email, the fraudsters then use the stolen employee credentials to change payment information in the real payroll platform.  

How it’s Done

Step 1 – Fraudster targets an employee by sending a phishing email that impersonates the employee’s human resources or payroll department, as well as the company’s payroll platform. The email directs the employee to log in to confirm or update payroll information, including bank account information.  

Step 2 – Employee clicks the link or opens the attachment within the email and confirms or updates the payroll information.

Step 3 – The fraudster then uses the stolen login credentials to change payment information to an account controlled by the fraudster.

Avoid Being a Victim

Solid internal controls are key to guarding against these scams.

  • Employers should alert employees to watch for phishing attacks and suspicious malware links.
  • Employees should be directed to check the actual sender email address, rather than just looking at the subject line, to verify that the email came from their employer or payroll service provider.
  • Employees should not reply to any suspicious email; instead have them forward the email to a company security contact.
  • Employees should not enter their login credentials when clicking on a link or opening an attachment in an email.
  • Employer self-service platforms should authenticate requests to change payment information using previously known contact information. For example, requiring users to enter a second password that is emailed to an existing email address, or to use a hard token code.
  • Employer self-service platforms also should reauthenticate users accessing the system from unrecognized devices, using previously known contact information.
  • Set up alerts on self-service platforms for administrators so that unusual activity may be caught before money is lost. 
  • Employers should consider validating employees’ new Direct Deposit information by sending ACH prenotification transactions. 

Source:  NACHA, Protecting against Fraud: How to spot and prevent fraud schemes.  

If you have any questions please contact Treasury Management Officer, Scott Walters, at 402-323-8274 or scott.walters@CornhuskerBank.com.  

Business Email Compromises can happen. Are you ready?

security_awareness_image

With Business Email Compromise, legitimate business email accounts are either compromised or impersonated, and then used to order or request the transfer of funds. The fraudster will often compromise one of the business’ officers and monitor his or her account for patterns, contacts and information. Using information gained from social media or “out of office” messages, the fraudster will often wait until the officer is away on business to use the compromised email account to send payment instructions.

Avoid Being a Victim

Solid internal controls are key to guarding against these scams.

  • Understand these attacks can come via email, phone calls, faxes or letters in the mail. Don’t assume it’s a cybersecurity problem.
  • Educate and train employees to recognize, question, and independently authenticate changes in payment instructions, requests for secrecy, or pressure to take action quickly.
  • Authenticate requests to make payment or change payment information.
  • Review accounts frequently.
  • Initiate payments using dual controls.
  • Never provide password, username, authentication credentials, or account information when contacted.
  • Don’t provide nonpublic business information on social media.
  • Avoid free web-based email accounts for business purposes. A company domain should always be used to establish company personnel emails.
  • To make impersonation harder, consider registering domains that closely resemble the company’s actual domain.
  • Do not use the “reply” option when authenticating emails for payment requests. Instead, use the “forward” option and type in the correct email address or select from a known address book.
  • Don’t share your credentials with coworkers.
  • Ensure your computer has current Anti Virus/Malware software.
  • Best practice is to have a dedicated computer for performing business banking and financial transactions.

Source: NACHA, Protecting against Fraud: How to spot and prevent fraud schemes.

If you have any questions please contact Treasury Management Officer, Scott Walters, at 402-323-8274 or via email: scott.walters@CornhuskerBank.com

 

 

SEVERE SPRING/SUMMER WEATHER ~ Safety and Insurance

Beautiful young woman in raincoat with umbrella checking for rain

The spring and summer months are a time for barbeques, swimming by the pool, and yard work. They also are a time for severe weather…thunderstorms, hail, floods, and tornados. Severe weather can cause a considerable amount of damage to your home, car, and property. So, how can you make sure your belongings are protected in the event of severe weather? The following tips can help!

Before the storm:

Be sure you have adequate coverage and deductibles that are reasonable for your needs by examining your homeowner or renter’s coverage, as well as auto insurance policies.

Tornadoes are considered “wind-storms” and damages caused by them are covered under homeowners insurance policies. If a tornado damages your car, protection is provided under the comprehensive portion of your auto policy.

Compile a detailed written inventory of your home and belongings, and supplement that inventory with a videotape or photographs. Keep the inventory off-premises in a safety deposit box. This will assist in settling claims.

Check on the necessity and availability of flood insurance in your area. Flood insurance is not included in typical homeowner and renter’s insurance policies. Call the National Flood Insurance Program at 1-800-638-6620 to learn about flood insurance in your neighborhood.

Check to see if your policy has “loss of use” or “additional expense” coverage. This will help pay for temporary housing if you can’t stay in your home due to damage caused by a storm. Many policies cover such expenses up to a stated amount.

During the storm:

Create an emergency plan, including places the family will gather in response to emergency weather alerts.

When at home or in a building and threatening weather approaches, go to the basement or interior hall. Stay away from windows.

Keep on hand basic supplies like water, food, flashlights and a battery-operated radio.

If you’re in a car or mobile home when a tornado approaches, leave immediately. Do not try to outrun a tornado. If you cannot locate immediate underground shelter, lie flat in a gully or ditch. Do not get under an overpass or a bridge!

After the storm:

Call your insurance agent as soon as you can.

Try to protect your property and salvage what you can.

Closely inspect property and cars for damage. Note and photograph any damage and losses. This will assist in settling claims.

Be sure your agent knows how to contact you if you can’t stay in your home.

Above all, do not make a hasty settlement. If possible, seek assistance from a third party.

Be sure everything is considered in your claim. Back up claims with written estimates.

Beware of home repair rip-offs. Carefully check the background of contractors and others who promise “cheap” repairs. Don’t pay the entire cost of repairs up-front, and try to only do business with local, established contractors. Before signing any contract, read the entire document, and contact your local Better Business Bureau to see if the company has a good customer service record.