Protecting Your Private Information
With cybercrime on the rise, Machias Savings Bank has made the move from the traditional .COM web domain to .BANK. This new web domain adds an additional layer of security by offering advanced security features that only verified members of the banking industry can use.
Keeping your assets and information safe is Machias Savings Bank's #1 priority. If you have any questions please contact our Customer Service Department at 1-866-416-9302.
VISA® Account Updater
VISA® Account Updater (VAU) lets you enjoy a seamless transition of your Machias Savings Bank VISA® Debit Card information when your card is replaced due to expiring or experiencing a lost or stolen card. Doing the work for you, when your card number and/or expiration date changes, VAU automatically sends updates to participating merchants with whom you have set up recurring payments using your debit card - securely! That means no more long telephone calls to update card information and avoiding declined payments.
As of October 1, 2017, your debit card will be automatically enrolled in Visa Account Updater; there is nothing needed by you to begin using this service. If you wish to opt out of the Visa Account Updater, you may do one of the following:
Participation in VAU does not relieve you of the obligation to ensure that merchants have correct account information on file; failure to do so may result in a declined payment. In addition, neither VISA nor Machias Savings Bank can guarantee that account updates will be communicated to merchants prior to the next billing date.
1. Offers higher level of encryption
2. Helps to prevent users from being redirected to a fake bank website
3. Reduces the chances of receiving spoofed emails
Knowledge is protection. Machias Savings Bank is committed to helping you combat fraud by raising awareness and sharing best practices. Below you will find summaries of on-going fraud schemes along with tips and recommendations.
Debit Card Fraud Activity
We have a fraud protection system in place that actively reviews card transactions for fraudulent activity. Protecting your information is our #1 goal. If at any time you feel that your information has been compromised, please visit your nearest location or contact our Customer Service Department at 1-866-416-9302.
Card Deactivation Scam
Many people are receiving variations of the following message: Irregular activity has been detected on your ATM/Check Card. For your protection, future authorizations have been suspended, and your card has been deactivated. To re-activate your ATM/Check Card, call the (24 hour) Activation Center: (XXX)XXX-XXXX.
Important note: This Card Deactivation Scam is different from the Machias Savings Bank practice of protecting you from unauthorized use of your ATM/debit card. When we authorize a fraud specialist to contact you after a possible suspicious transaction, they will simply ask you to verify a specific recent purchase.
They will never ask for your PIN number or any other account information. You will not be told your card has been deactivated.
Click the Fraud Prevention tab to learn more.
"Phishing" is the act of sending an e-mail or pop-up advertisement that claims to be from a legitimate business or organization that you deal with. Scam artists recreate pages using information from legitimate web sites in hopes of fooling consumers into providing their personal information. The e-mail or pop-up will ask you to "update" or "validate" your account information, passwords, logins, and will make some form of urgent appeal so that you will respond quickly. The e-mail or pop-up may appear to be from a trusted source and may direct you to a fraudulent web site. Some consumers mistakenly submit financial and personal information and the "phishers" use it to gain access to financial records or accounts, commit identity theft, or engage in other illegal acts.Recognizing "Phishing"
It may not always be easy to recognize fraudulent emails or pop-ups but there are some precautions:
Watch out for e-mails with links, attachments or pop-ups that state an urgent reply is needed or your account may be closed.
Watch out for e-mails or pop-ups that provide a general greeting and don't identify you by name.
Typos and Errors
Fraudulent e-mails or pop-ups may have typographical or grammatical errors. Watch out for poor visual and design quality.
Vishing, a term coined from combining "voice" and "phishing", exploits the public's trust in landline and cellular telephone services.
Similar to phishing, the fraudster sends an e-mail indicating the recipient's bank needs updated information. The e-mail cunningly references phishing and identity theft. The twist comes when "for security purposes" the individual is directed to call "one of our personal bankers" at a provided toll free number. When the individual calls, thinking they are updating information on their accounts, they actually provide their private information directly to the fraudster.
Vishing is typically used to steal debit and credit card numbers or other information used in identity theft schemes. It is very hard for legal authorities to monitor or trace Vishing.
Note: Do not use telephone numbers provided to you via the e-mail or phone call. Look up the number yourself via an online directory or telephone book.
Smishing is derived from combining SMS (protocol used to transmit text messages via cell phones) and the more familiar scheme "phishing."
Almost identical to the phishing scam which uses e-mail, this new tactic exploits mobile banking. The fraudster, disguised as a financial institution, sends a text message requesting personal information such as account numbers or passwords.
Alternately, some messages warn the consumer that she/he will be charged unless action is taken to cancel a supposed order by going to a specific web site. When visited, the site downloads a "Trojan horse" that then steals credit card numbers and other private information.
Some of the new smishing techniques include mobile spyware that, once downloaded to a phone, can tap into conversations.
Tip: Treat your cell phone with the same level of concern you apply to your computer.
Visa/MasterCard Telephone Scam
As part of this telephone scam, which is currently sweeping the country, fraudsters try to get you to divulge your secure debit or credit card information. The typical scam works like this:
A very professional-sounding individual calls, offers their name and badge number, etc., and claims to be from the security department of your credit card company. They tell you your card has been "flagged for an unusual purchase pattern"; you are asked to verify you made a purchase for "$000.00" at "XYZ" company. When you inform them that you did not make that purchase, they may confide they have been watching this company — but they will take immediate steps to ensure you are credited this amount before your next statement. You may even be given a confirmation number to use when calling to check the status of this fraud claim.
Making it an even more believable scenario, the caller has your address, which you are asked to verify. You are not asked for the number on the front of your card, in fact the crook may read that off to you as well, furthering your belief that you are dealing with a legitimate Visa or MasterCard staff member.
The target data of this fraudulent scheme is the three-digit security code (CVC2 or CVV2 codes) found on the back of your card. After getting their hands on credit card numbers (often through dumpster-diving for discarded receipts or statements), all the identity thieves need to charge purchases to your account via the telephone or Internet is this last piece of information.
This scam is not new — it's been exploited since MasterCard started putting CVC2 security codes on its cards in 1997 (Visa started using CVV2 codes in 2001). Both companies strongly stress they will not ask a cardholder to disclose security codes or provide any information verifying physical possession of a card.
Tips: If you are asked to provide any number information, hang up and call the telephone number on the back or your credit card — or call your banker for assistance.
Important note: This credit card scam is different from Machias Savings Bank's practice of protecting you from unauthorized use of your ATM/debit card. When we authorize a Fraud Specialist to contact you after a possibly suspicious transaction, they will simply ask you to verify a specific recent purchase.
Fraudulent Letter - Fake Check Scam
Claiming to represent the American Bankers Association (ABA), fraudsters are distributing letters instructing people to call a phone number to find out how to collect a prize. When called they trick the individual into revealing personal financial information.
Fraudulent sweepstakes are just one of many scams aimed at stealing personal information. Identity thieves have posed as representatives of banks, Internet service providers, and government agencies to get people to reveal their Social Security Number, mother's maiden name, account numbers, and other identifying information.
Tips: Be cautious about providing personal or financial information to anyone you do not know. Do not give out personal information on the phone, through the mail, or on the Internet unless you have initiated the contact, and are sure you know with whom you are dealing.
Note: Machias Savings Bank will never ask for private information by email or unsecured website.
Many of the fake ABA prize letters also contain fraudulent checks.
Tips: One way to confirm you are dealing with a legitimate organization is to check their website. However, it is important to type the URL in the address line yourself. Do not cut and paste it from a message sent to you, which can be altered to redirect you to an unsafe site.
Fake Check Scams
Millions of consumers are being tricked into accepting genuine-looking checks and money orders and wiring money to fraudsters.
Common fake check scams:
With these scams, the checks or money orders are fake. You're out the money.
Per federal law, financial institutions must give consumers timely access to money from deposited checks or money orders. Although funds are made available, that does not guarantee the deposited check or money order is good. The depositor is liable for repaying the financial institution if checks or money orders cashed or deposited are counterfeit.
Social Networking and Identity Theft
Online social networking can be a great way to exchange ideas, information, photos and games — but remember, putting your personal information online comes with risks.
The more information you provide about yourself online, including posts and live chats on social networking sites, the easier it is for people to use these details to commit fraud against you.
Your best protection: Do not reveal too much information via social networking. Control who can access your online information.
Social networking sites build themselves on a culture of trust. Do not get caught up in the moment. Always think before you respond. Keep your personal information safe.
We are committed to providing you with information to help protect your business from falling victim to an ever-increasing variety of scams. We continue to be vigilant, and your security is of utmost importance to Machias Savings Bank. Listed below are some known threats to your information and assets. Feel free to contact us for more information or learn what you can do to further protect your business.
ABA Alert: Malware and Money Mule Scheme
The American Bankers Association warns of an increase in fraudulent schemes involving malware attached to victims' computers, along with the recruitment of individuals to receive and transmit unauthorized funds.How the scam works.
The scam attacks two different victims:
Using malware*, the cyber-crook intercepts online banking credentials from the computers of small and mid-size businesses. Having gained unauthorized access to the business' online deposit account, the crook then initiates wire transfers to "money mules" around the country. The criminals target online deposit accounts where business customers can originate electronic funds transfers (EFTs), such as automated clearing house (ACH), and wire transfers over the Internet. *Malware is malicious software or a computer code that is installed on your computer; it collects sensitive information such as passwords or banking details, sending it back to people who use it to carry out fraud.
Individuals are tricked into acting as a "money mule**" for the fraudsters, unknowingly laundering cash stolen from the above victim's business bank account. This second victim is tricked into using deposit accounts to receive the unauthorized (EFTs) and forwarding the funds overseas to criminals. **Money mules are consumers who have been lured into scams that involve them receiving money transfers and forwarding the funds to a fraudster.
Money mule schemes can take many different forms, but most involve receiving unauthorized EFTs into a deposit account and then withdrawing the funds or forwarding them to another party via another EFT. Because EFTs are often made immediately available by the receiving institution, funds may be removed and wire transferred overseas before the fraud is detected.Common scenarios:
Tips: Anyone who is concerned that they have erroneously disclosed their personal financial details or received funds into their account(s) that they think could be a money mule scam should contact their banker immediately.
Commercial Account Scam
One of the greatest risks to our customers in today's banking environment is a fraud loss connected with accepting a counterfeit check as part of a scam. These scams originated years ago, many in Nigeria, and were primarily directed at individuals. They have evolved considerably and are on an increase.
Recently, businesses attempting to conduct sales over the Internet have become targets. We've seen a surge in fraud aimed at businesses that have large dollar equipment for sale over the Internet.
Businesses taking part in e-commerce typically deal with clients whom they have not met face-to-face. Those conducting dealings outside the United States are increasingly susceptible.
Oftentimes, instead of the promised wire, you will receive a check. It may be mailed to the bank for deposit into your account or it may be sent to you directly. This check will typically be for a greater amount than you were expecting. If your "potential client" requests to have the excess amount wired to them, stop! This is where the monetary loss to the customer typically happens.
Always check with Machias Savings Bank to see if the check deposited has cleared and if the funds are available.
The scammer will show interest in your item, indicating they want to buy it with some investigation. This may be a scam. If they offer to wire you the funds so you can pay for their inspector to conduct the inspection, be alerted. If they arrange for the inspector, they should pay for the inspection directly; there is no need to wire you the funds.
Machias Savings Bank Cybersecurity News is ready: October Cybersecurity month is here!
Learn more by visiting October Issue #1 Cyber Safety Basics
Learn more by visiting October Issue #2 Online privacy (podcast) and an interactive phishing example
Learn more by visiting October Issue #4 Cyber crooks' powerful strategy to cost you money;
Lost OR Stolen Card
If you need to report your ATM, debit, or credit card lost or stolen, please contact us as soon as possible so we can take the necessary steps to deactivate your card and prevent losses.