Security Center

VISA® Account Updater

VISA® Account Updater (VAU) lets you enjoy a seamless transition of your Machias Savings Bank VISA® Debit Card information when your card is replaced due to expiring or experiencing a lost or stolen card. Doing the work for you, when your card number and/or expiration date changes, VAU automatically sends updates to participating merchants with whom you have set up recurring payments using your debit card - securely! That means no more long telephone calls to update card information and avoiding declined payments.

As of October 1, 2017, your debit card will be automatically enrolled in Visa Account Updater; there is nothing needed by you to begin using this service. If you wish to opt out of the Visa Account Updater, you may do one of the following:

• Complete the online VISA Updater Opt-Out Form 
• Call our Customer Service Team: 1-866-416-9302
• Visit or call your local branch

Participation in VAU does not relieve you of the obligation to ensure that merchants have correct account information on file; failure to do so may result in a declined payment. In addition, neither VISA nor Machias Savings Bank can guarantee that account updates will be communicated to merchants prior to the next billing date.

.BANK

1. Offers higher level of encryption

2. Helps to prevent users from being redirected to a fake bank website

3. Reduces the chances of receiving spoofed emails

Security Alerts

Knowledge is protection. Machias Savings Bank is committed to helping you combat fraud by raising awareness and sharing best practices. Below you will find summaries of on-going fraud schemes along with tips and recommendations.

• Debit Card Fraud Activity
• Card Deactivation Scams
• Phishing Scams
• Vishing Scams
• Smishing Scams
• Visa/MasterCard Telephone Scam
• Fraudulent Letter - Fake Check Scam
• Fake Check Scams
• Social Networking and Identity Theft

Debit Card Fraud Activity

We have a fraud protection system in place that actively reviews card transactions for fraudulent activity. Protecting your information is our #1 goal. If at any time you feel that your information has been compromised, please visit your nearest location or contact our Customer Service Department at 1-866-416-9302.

Card Deactivation Scam

Many people are receiving variations of the following message: Irregular activity has been detected on your ATM/Check Card. For your protection, future authorizations have been suspended, and your card has been deactivated. To re-activate your ATM/Check Card, call the (24 hour) Activation Center: (XXX)XXX-XXXX. 

Tips:

• This is a scam. You should delete and ignore the message.
• Do not respond to the message or call the number.

Important note: This Card Deactivation Scam is different from the Machias Savings Bank practice of protecting you from unauthorized use of your ATM/debit card. When we authorize a fraud specialist to contact you after a possible suspicious transaction, they will simply ask you to verify a specific recent purchase.

They will never ask for your PIN number or any other account information. You will not be told your card has been deactivated.

Click the Fraud Prevention tab to learn more.

Back to Top

Phishing Scams

"Phishing" is the act of sending an e-mail or pop-up advertisement that claims to be from a legitimate business or organization that you deal with. Scam artists recreate pages using information from legitimate web sites in hopes of fooling consumers into providing their personal information. The e-mail or pop-up will ask you to "update" or "validate" your account information, passwords, logins, and will make some form of urgent appeal so that you will respond quickly. The e-mail or pop-up may appear to be from a trusted source and may direct you to a fraudulent web site. Some consumers mistakenly submit financial and personal information and the "phishers" use it to gain access to financial records or accounts, commit identity theft, or engage in other illegal acts.

It may not always be easy to recognize fraudulent emails or pop-ups but there are some precautions:

Urgent Emails

Watch out for e-mails with links, attachments or pop-ups that state an urgent reply is needed or your account may be closed.

General Greetings

Watch out for e-mails or pop-ups that provide a general greeting and don't identify you by name.

Typos and Errors

Fraudulent e-mails or pop-ups may have typographical or grammatical errors. Watch out for poor visual and design quality.

Back to Top

Vishing Scams

Vishing, a term coined from combining "voice" and "phishing", exploits the public's trust in landline and cellular telephone services.

Similar to phishing, the fraudster sends an e-mail indicating the recipient's bank needs updated information. The e-mail cunningly references phishing and identity theft. The twist comes when "for security purposes" the individual is directed to call "one of our personal bankers" at a provided toll free number. When the individual calls, thinking they are updating information on their accounts, they actually provide their private information directly to the fraudster.

Vishing is typically used to steal debit and credit card numbers or other information used in identity theft schemes. It is very hard for legal authorities to monitor or trace Vishing.

Tips:

• Be highly suspicious when receiving messages directing you to call and provide card or bank account numbers.
• Contact your bank or credit card company directly to verify the validity of the message.

Note: Do not use telephone numbers provided to you via the e-mail or phone call. Look up the number yourself via an online directory or telephone book.

Back to Top

Smishing Scams

Smishing is derived from combining SMS (protocol used to transmit text messages via cell phones) and the more familiar scheme "phishing."

Almost identical to the phishing scam which uses e-mail, this new tactic exploits mobile banking. The fraudster, disguised as a financial institution, sends a text message requesting personal information such as account numbers or passwords.

Alternately, some messages warn the consumer that she/he will be charged unless action is taken to cancel a supposed order by going to a specific web site. When visited, the site downloads a "Trojan horse" that then steals credit card numbers and other private information.

Some of the new smishing techniques include mobile spyware that, once downloaded to a phone, can tap into conversations.

Tip: Treat your cell phone with the same level of concern you apply to your computer.

Back to Top

Visa/MasterCard Telephone Scam

As part of this telephone scam, which is currently sweeping the country, fraudsters try to get you to divulge your secure debit or credit card information. The typical scam works like this:

A very professional-sounding individual calls, offers their name and badge number, etc., and claims to be from the security department of your credit card company. They tell you your card has been "flagged for an unusual purchase pattern"; you are asked to verify you made a purchase for "$000.00" at "XYZ" company. When you inform them that you did not make that purchase, they may confide they have been watching this company — but they will take immediate steps to ensure you are credited this amount before your next statement. You may even be given a confirmation number to use when calling to check the status of this fraud claim.

Making it an even more believable scenario, the caller has your address, which you are asked to verify. You are not asked for the number on the front of your card, in fact the crook may read that off to you as well, furthering your belief that you are dealing with a legitimate Visa or MasterCard staff member.

The target data of this fraudulent scheme is the three-digit security code (CVC2 or CVV2 codes) found on the back of your card. After getting their hands on credit card numbers (often through dumpster-diving for discarded receipts or statements), all the identity thieves need to charge purchases to your account via the telephone or Internet is this last piece of information.

This scam is not new — it's been exploited since MasterCard started putting CVC2 security codes on its cards in 1997 (Visa started using CVV2 codes in 2001). Both companies strongly stress they will not ask a cardholder to disclose security codes or provide any information verifying physical possession of a card.

Tips: If you are asked to provide any number information, hang up and call the telephone number on the back or your credit card — or call your banker for assistance.

Important note: This credit card scam is different from Machias Savings Bank's practice of protecting you from unauthorized use of your ATM/debit card. When we authorize a Fraud Specialist to contact you after a possibly suspicious transaction, they will simply ask you to verify a specific recent purchase.

Back to Top

Fraudulent Letter - Fake Check Scam

Claiming to represent the American Bankers Association (ABA), fraudsters are distributing letters instructing people to call a phone number to find out how to collect a prize. When called they trick the individual into revealing personal financial information.

Fraudulent sweepstakes are just one of many scams aimed at stealing personal information. Identity thieves have posed as representatives of banks, Internet service providers, and government agencies to get people to reveal their Social Security Number, mother's maiden name, account numbers, and other identifying information.

Tips: Be cautious about providing personal or financial information to anyone you do not know. Do not give out personal information on the phone, through the mail, or on the Internet unless you have initiated the contact, and are sure you know with whom you are dealing.

Note: Machias Savings Bank will never ask for private information by email or unsecured website.

Many of the fake ABA prize letters also contain fraudulent checks.

Tips: One way to confirm you are dealing with a legitimate organization is to check their website. However, it is important to type the URL in the address line yourself. Do not cut and paste it from a message sent to you, which can be altered to redirect you to an unsafe site.

Back to Top

Fake Check Scams

Millions of consumers are being tricked into accepting genuine-looking checks and money orders and wiring money to fraudsters.

Common fake check scams:

• Sweepstake, lottery and grant fraud: an individual receives a check or money order with instructions to wire a portion to pay taxes or administrative fees.
• "Work-from-home": the "employee" processes payments for a foreign business with instructions to deduct their pay from a check or money order and wire the rest to their "employer."
• Overpayment: the scammer sends a check or money order for more than the amount of something the individual has for sale, with instructions to wire the extra to someone for shipping.

With these scams, the checks or money orders are fake. You're out the money.

Per federal law, financial institutions must give consumers timely access to money from deposited checks or money orders. Although funds are made available, that does not guarantee the deposited check or money order is good. The depositor is liable for repaying the financial institution if checks or money orders cashed or deposited are counterfeit.

Tips:

• No legitimate sweepstakes or lottery would send you a check or money order and ask you to send payment in return. Taxes are always paid directly to the government.
• Do not pay for grants claiming to be from the government or foundations; grants do not charge. Most require an extensive application process and are awarded to organizations, not individuals.
• Never cash checks and send the money somewhere as part of a job working from home. Legitimate employers do not operate that way.
• Never wire money to anyone you have not met in person and trust. Always verify identification.
• If suspicious, consult your state or local consumer protection agency, the Federal Trade Commission, Postal Inspection Service, or other trusted source. Go to www.fakechecks.org to learn more.

Back to Top

Social Networking and Identity Theft

Online social networking can be a great way to exchange ideas, information, photos and games — but remember, putting your personal information online comes with risks.

The more information you provide about yourself online, including posts and live chats on social networking sites, the easier it is for people to use these details to commit fraud against you.

Your best protection: Do not reveal too much information via social networking. Control who can access your online information.

Tips:

• Do not include email addresses or phone numbers in your profiles.
• Keep your address and physical location private. Beware of publishing photos containing street-names, car license plates, or locations you frequent that can be linked to you.
• Read the terms and conditions before you sign up for any social networking sites. Know who can access your information. Check security and privacy settings and keep them up-to-date.
• The best passwords are at least eight to ten characters long and combination a combination upper and lower case letters as well as, numbers and symbols.

Social networking sites build themselves on a culture of trust. Do not get caught up in the moment. Always think before you respond. Keep your personal information safe.

Back to Top

Business Alerts

We are committed to providing you with information to help protect your business from falling victim to an ever-increasing variety of scams. We continue to be vigilant, and your security is of utmost importance to Machias Savings Bank. Listed below are some known threats to your information and assets. Feel free to contact us for more information or learn what you can do to further protect your business.

• Money Mule Scheme
• Commercial Account Scam

ABA Alert: Malware and Money Mule Scheme

The American Bankers Association warns of an increase in fraudulent schemes involving malware attached to victims' computers, along with the recruitment of individuals to receive and transmit unauthorized funds.

The scam attacks two different victims:

Using malware*, the cyber-crook intercepts online banking credentials from the computers of small and mid-size businesses. Having gained unauthorized access to the business' online deposit account, the crook then initiates wire transfers to "money mules" around the country. The criminals target online deposit accounts where business customers can originate electronic funds transfers (EFTs), such as automated clearing house (ACH), and wire transfers over the Internet. *Malware is malicious software or a computer code that is installed on your computer; it collects sensitive information such as passwords or banking details, sending it back to people who use it to carry out fraud.

Individuals are tricked into acting as a "money mule**" for the fraudsters, unknowingly laundering cash stolen from the above victim's business bank account. This second victim is tricked into using deposit accounts to receive the unauthorized (EFTs) and forwarding the funds overseas to criminals. **Money mules are consumers who have been lured into scams that involve them receiving money transfers and forwarding the funds to a fraudster.

Money mule schemes can take many different forms, but most involve receiving unauthorized EFTs into a deposit account and then withdrawing the funds or forwarding them to another party via another EFT. Because EFTs are often made immediately available by the receiving institution, funds may be removed and wire transferred overseas before the fraud is detected.

• Online job posting sites are often used by criminals to locate and trick individuals seeking flexible hours and work-from-home employment. The "employee" may be asked to process payments for a foreign business, or act as a mystery shopper assessing business' services by completing EFTs.
• Advance fee scams promise monetary rewards for acting as a financial intermediary.
• Fraudsters also use imaginative stories to befriend individuals on social networking sites to receive and forward stolen funds.

• Do not open attachments or click on links in unsolicited emails.
• Be wary of unsolicited offers or opportunities offering easy money — particularly if the company is based overseas. Remember the old adage: if it sounds too good to be true...it probably is! Verify any potential employer — and never give out bank account details to someone you don't know or trust. Watch for red flags in the advertisement/emails, such as grammatical and spelling errors.

Tips: Anyone who is concerned that they have erroneously disclosed their personal financial details or received funds into their account(s) that they think could be a money mule scam should contact their banker immediately.

Back to Top

Commercial Account Scam

One of the greatest risks to our customers in today's banking environment is a fraud loss connected with accepting a counterfeit check as part of a scam. These scams originated years ago, many in Nigeria, and were primarily directed at individuals. They have evolved considerably and are on an increase.

Recently, businesses attempting to conduct sales over the Internet have become targets. We've seen a surge in fraud aimed at businesses that have large dollar equipment for sale over the Internet.

Businesses taking part in e-commerce typically deal with clients whom they have not met face-to-face. Those conducting dealings outside the United States are increasingly susceptible.

Tips:

• Exercise caution when selling over the Internet. Scammers ask for wire instructions so they can wire the money to your bank. This means providing your bank account number. Do not provide your bank account number and routing number until you are certain that the sale is legitimate.
• If you want to give wire instructions, contact your banker. He/she will give you a wire holding number to which the wire can be sent.
• If the person sends you a check, look carefully at the physical check. Is it coming from the company or person that you were corresponding with in your emails? If not, determine on what bank the check is drawn and research a phone number for that bank using a standard or online telephone directory. Do not rely on the telephone number listed on the check. Call the number listed in the telephone directory and ask to verify the check.
• If you are concerned and unable to verify the check, Machias Savings Bank's Security Department may be able to help determine whether or not a check is legitimate.

Oftentimes, instead of the promised wire, you will receive a check. It may be mailed to the bank for deposit into your account or it may be sent to you directly. This check will typically be for a greater amount than you were expecting. If your "potential client"  requests to have the excess amount wired to them, stop! This is where the monetary loss to the customer typically happens.

Always check with Machias Savings Bank to see if the check deposited has cleared and if the funds are available.

The scammer will show interest in your item, indicating they want to buy it with some investigation. This may be a scam. If they offer to wire you the funds so you can pay for their inspector to conduct the inspection, be alerted. If they arrange for the inspector, they should pay for the inspection directly; there is no need to wire you the funds.

Back to Top

Cybersecurity

Lost OR Stolen Card

If you need to report your ATM, debit, or credit card lost or stolen, please contact us as soon as possible so we can take the necessary steps to deactivate your card and prevent losses.