Scams and Alerts
At Anchor Bank we are committed to protecting your privacy and security. Below are some some resources to help you prevent identity theft and reduce the risk of potential threats.
As Tax Season Kicks Off, IRS Warns of W-2 Phishing Scam
The Internal Revenue Service warned the public of a widespread email phishing scheme that scammers are using to steal sensitive employee information and commit financial crimes, including filing fraudulent tax returns.
The scam typically involves a fraudster sending a spoof email to a payroll or human resources employee that appears to come from the organization’s CEO requesting a list of employees and their W-2 tax forms. Scammers may also follow up with additional “executive” requests to wire money to a specific account, the IRS said.
The IRS noted that this year, scammers are targeting a broader cross-section of organizations, including school districts, tribal casinos, chain restaurants and other corporate and nonprofit entities.
Cybercriminals have become quite savvy in their attempts to lure people in and get you to click on a link or open an attachment.
The email they send can look just like it comes from a financial institution, e-commerce site, government agency or any other service or business.
It often urges you to act quickly, because your account has been compromised, your order cannot be fulfilled or another matter.
If you are unsure whether an email request is legitimate, try to verify it with these steps:
- Contact the company directly.
- Contact the company using information provided on an account statement or back of a credit card.
- Search for the company online – but not with information provided in the email.
Spam is the electronic equivalent of junk mail. The term refers to unsolicited, bulk – and often unwanted – email.
Here are ways to reduce spam:
- Enable filters on your email programs: Most ISPs (Internet Service Providers) and email providers offer spam filters. However, depending on the level you set, you may wind up blocking emails you want. It’s a good idea to occasionally check your junk folder to ensure the filters are working properly.
- Report spam: Most email clients offer ways to mark an email as spam or report instances of spam. Reporting spam will also help to prevent the messages from being directly delivered to your inbox.
- Own your online presence: Consider hiding your email address from online profiles and social networking sites or only allowing certain people to view your personal information.
Phishing attacks use email or malicious websites (clicking on a link) to collect personal and financial information or infect your machine with malware and viruses.
Spear phishing is highly specialized attacks against a specific target or small group of targets to collect information or gain access to systems.
For example, a cybercriminal may launch a spear phishing attack against a business to gain credentials to access a list of customers. From that attack, they may launch a phishing attack against the customers of the business. Since they have gained access to the network, the email they send may look even more authentic and because the recipient is already customer of the business, the email may more easily make it through filters and the recipient maybe more likely to open the email.
The cybercriminal can use even more devious social engineering efforts such as indicating there is an important technical update or new lower pricing to lure people.
Spam & Phishing on Social Networks
Spam, phishing and other scams aren’t limited to just email. They’re also prevalent on social networking sites. The same rules apply on social networks: When in doubt, throw it out. This rule applies to links in online ads, status updates, tweets and other posts.
How Do You Avoid Being a Victim?
- Don’t reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in email.
- Before sending sensitive information over the Internet, check the security of the website.
- Pay attention to the website's URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net).
For more information on Spam & Phishing and other Cyber Awareness visit: StaySafeOnline.org
**Anchor Bank will never call you to verify your account number or credit/debit card numbers. If you receive a message or call like this, do not give out your information and contact your local branch, our customer service at (800) 562-9744 or one of the options below.**
If you think you may have been scammed:
- File a complaint with the Federal Trade Commission. If you are outside the U.S., file a complaint at econsumer.gov.
- Visit ftc.gov/idtheft, where you’ll find out how to minimize your risk of identity theft.
- Report scams to your state Attorney General.
If you get unsolicited email offers or spam, send the messages to firstname.lastname@example.org.
If you get what looks like lottery material from a foreign country through the postal mail, take it to your local postmaster.
- Report any suspected fraud to your bank immediately.
- Avoid online solicitations for easy money.
- Use online banking to protect yourself. Monitor your financial accounts regularly for fraudulent transactions. Sign up for text or e-mail alerts from your bank for certain types of transactions, such as online purchases or transactions of more than $500.
- Beware of phishing scams. Never give out personal financial information in an e-mail or over the phone unless you have initiated the contact.
- Monitor your credit report. Order a free copy of your credit report every four months from one of the three credit reporting agencies at annualcreditreport.com.
- Who: Malicious actors intend to cause harm in cyberspace, such as a hacker stealing personal information. Benign actors accidentally cause harm to a network, system or the Internet, such as an employee who accidentally downloads malware onto their company’s network.
- What: Malicious actors exploit the anonymity and vulnerabilities of the Internet using methods that range in sophistication from botnets to viruses. Benign actors introduce threats through simple actions that can range from clicking on an unknown link to using a USB drive.
- When: It is impossible to predict when a cyber-incident will occur.
- Where: Cyberspace, often interchanged with “the Internet,” is created by and accessible through computer networks that share information and facilitate communication. Unlike the physical world, cyberspace has no boundaries across air, land, sea and space.
- Why: Benign actors unintentionally and often unknowingly cause harm while malicious actors may have a range of motives, including seeking conﬁdential information, money, credit, prestige or revenge.
There are many risks online, some more serious than others. The majority of cybercriminals are indiscriminate; they target vulnerable computer systems regardless of whether they are part of a government agency, Fortune 500 company, a small business or belong to a home user. For more information visit www.dhs.gov/stopthinkconnect.
The bad guys constantly develop new ways to attack your computer, so your security software must be up-to-date to protect against the latest threats. Most security software can update automatically; set yours to do so. You can find free security software from well-known companies. Also, set your operating system and web browser to update automatically.
If you let your operating system, web browser, or security software get out-of-date, criminals could sneak their bad programs – malware – onto your computer and use it to secretly break into other computers, send spam, or spy on your online activities. There are steps you can take to detect and get rid of malware. Go to http://www.consumer.ftc.gov/articles/0011-malware for helpful information on how to avoid, detect and get rid of Malware.
Don’t buy security software in response to unexpected pop-up messages or emails, especially messages that claim to have scanned your computer and found malware. Scammers send messages like these to try to get you to buy worthless software, or worse, to “break and enter” your computer.
Treat Your Personal Information Like Cash
Your Social Security number, credit card numbers, and bank and utility account numbers can be used to steal your money or open new accounts in your name. So every time you are asked for your personal information – whether in a web form, an email, a text, or a phone message – think about whether you can really trust the request. In an effort to steal your information, scammers will do everything they can to appear trustworthy. Learn more about scammers who phish for your information from the Federal Trade Commission. Go to http://ftc.gov/phishing.
Protect Your Passwords
Here are a few principles for creating strong passwords and keeping them safe:
- The longer the password, the tougher it is to crack. Use at least 10 characters; 12 is ideal for most home users.
- Mix letters, numbers, and special characters. Try to be unpredictable – don’t use your name, birthdate, or common words.
- Don’t use the same password for many accounts. If it’s stolen from you – or from one of the companies with which you do business – it can be used to take over all your accounts.
- Don’t share passwords on the phone, in texts or by email. Legitimate companies will not send you messages asking for your password. If you get such a message, it’s probably a scam.
- Keep your passwords in a secure place, out of plain sight.
Law Enforcement are aware of ATM skimmers in Washington State. The photo below shows the minimal change the skimmers can make on an ATM. This photo is just one example of a skimmer being used. If you have any questions or concerns please contact your local branch or call (800) 562-9744.
Several Timberland Bank ATM machines throughout the Northwest were discovered to have had ATM Skimmers attached to them. To read more about the incident click here.
Always be aware of your surroundings when using an ATM and review your statements for discrepancies. If you feel your account or debit card has been compromised contact your local branch or call (800) 562-9744 right away.