Some Simple Steps to Social Media Privacy

When was the last time you checked your privacy settings on your social media profiles? Being aware of the information you share is a critical step in securing your online identity. This article outlines some of the top social media sites and what you can do today to help keep your personal information safe.

CodePen - Inline popup Click here for more info

You Are leaving the Phenix-Girard Bank Website

By clicking on this link you are leaving our website and entering a third-party website over which we have no control. 

Neither Phenix-Girard Bank Company, nor its subsidiaries or affiliates, is responsible for the content of third party sites hyper-linked from this page, nor do they guarantee or endorse the information, recommendations, products or services offered on third party sites. 

Third party sites may have different Privacy and Security policies than Phenix-Girard Bank. You should review the Privacy and Security policies of any third party website before you provide personal or confidential information.

To return to the Phenix-Girard Web Site, click here.

OR Click here to proceed.

  



Phishing Emails and You

When it comes to email, we’ve all come across a phishing email that appeared to be a legitimate email. Phishers take advantage of the fact that it is difficult to know with absolute certainty with whom you are communicating via email. They use this uncertainty to pose as legitimate businesses, organizations, or individuals, and gain our trust, which they can leverage to convince us to willingly give up information or click on malicious links or attachments.

Be Aware of Phishing Scams

First and foremost you should utilize a spam filter (this service is should be provided by your email provider), keep all of your systems patched and your anti-virus software up to date. The second line of defense against phishing is you. If you are vigilant, and watch for telltale signs of a phishing email, you can minimize your risk of falling for one. Telltale signs of a potential phishing email or message include messages from companies you don’t have accounts with, spelling mistakes, messages from the wrong email address (e.g. info@yourbank.fakewebsite.com instead of info@yourbank.com), generic greetings (e.g. “Dear user” instead of your name), and unexpected messages with a sense of urgency designed to prompt you into responding quickly, without checking the facts. “Resume” and “Unpaid Invoice” are popular attachments used in phishing campaigns. Here are some scenarios you may encounter:

 

·      An email appearing to be from the “fraud department” of a well-known company that asks you to verify your information because they suspect you may be a victim of identity theft.

·      An email that references a current event, such as a major data breach, with a malicious link to setup your “free credit reporting.”

·      An email claiming to be from a state lottery commission requests your banking information to deposit the “winnings” into your account.

·      An email with a link asking you to provide your login credentials to a website from which you receive legitimate services, such as a bank, credit card company, or even your employer.

·      A text message that asks you to call a number to confirm a “suspicious purchase” on your credit card. When you call, the operator will know your name and account information and ask you to confirm your ATM PIN. (This is a form of SMSishing.)  What should you do?

Recommendations

·      Be suspicious of unsolicited emails, text messages, and phone callers. Use discretion when providing information to unsolicited phone callers, and never provide sensitive personal information via email.

·      If you want to verify a suspicious email, contact the organization directly with a known phone number. Do not call the number provided in the email. Or, have the company send you something through the US mail (which scammers won’t do).

·      Only open an email attachment if you are expecting it and know what it contains. Be cautious about container files, such as .zip files, as malicious content could be packed inside.

·      Visit websites by typing the address into the address bar. Do not follow links embedded in an unsolicited email.

·      Use discretion when posting personal information on social media. This information is a treasure-trove to spear phishers who will use it to feign trustworthiness.

·      Keep all of your software patched and up-to-date.  Home users should have the auto update feature enabled.

·      Keep your antivirus software up-to-date to detect and disable malicious programs, such as spyware or backdoor Trojans, which may be included in phishing emails. 

Social engineering refers to the methods attackers use to manipulate people into sharing sensitive information, or taking an action, such as downloading a file. Sometimes social engineers interact with the victim to persuade the victim to share details or perform an action, such as entering information into a login page.

 

 

 

 

 

Avoiding Online Tax Scams

It’s tax season, which means it’s also time for tax scams. Some tax scams occur when fraudulent tax returns are filed in the victim’s name while other variants occur when the malicious actors call the victim and pretend to be Internal Revenue Service (IRS) agents. In addition, there are malicious actors who use the tax season to spread malware and phishing emails.

Tax scams where the malicious actor files the return in the victim’s name include both identity theft and identity fraud, as well as tax fraud. This scenario occurs when the malicious actor finds or receives information about the tax filer, including the filer’s name, address, date of birth, and Social Security Number. The malicious actor then uses this information to file a malicious tax return, citing as many deductions as possible, in order to create as large a tax return as possible.

The other variant of tax scams occur when the malicious actor contacts the victim and tries to convince the victim to do something, such as immediately paying a fine or providing their financial information so a refund can be issued. In these instances the malicious actor uses what they know about the victim, often information gained for a data breach or social networking website, to convince the victim that the caller has access to the victim’s tax information. Frequently during these calls the caller will pretend to be an IRS agent.

In the third type of tax scam, malicious actors use tax related spam, phishing emails, and fraudulent websites to trick victims into providing login names, passwords, or additional information, which can be used in further fraud. Other emails or websites may download malware onto the victim’s computer.

What to Watch Out For

·      Watch for “spoofed” websites that look like the official website but are not.

·      Don’t be fooled by unsolicited calls. The IRS will never call to demand an immediate payment or require you to use a specific payment method such as pre-loaded debit or credit cards, or wire transfers. They will never claim anything is “urgent” or due immediately, nor will they request payment over the phone.

·      The IRS will not be hostile, insulting, or threatening, nor will they threaten to involve law enforcement in order to have you arrested or deported.

·      Sometimes malicious actors change their Caller ID to say they are the IRS. If you’re not sure, ask for the agent’s name, hang up, and call the IRS (or your state tax agency) back using a phone number from their official website.

Recommendations

If you believe you are the victim of identity theft or identity fraud, there are a couple of steps you should take:

1.     File a report with your local law enforcement agency.

2.     File a report with the Federal Trade Commission (FTC) at www.identitytheft.gov.

3.     File a report with the three major credit bureaus and request a “fraud alert” for your account (Equifax – www.equifax.com, Experian – www.experian.com, TransUnion – www.transunion.com)

If you receive spam or a phishing email about your taxes, do not click on the links or open any attachments, instead forward the email to phishing@irs.gov. Other tax scams or frauds can be reported according to the directions on this page: https://www.irs.gov/Individuals/How-Do-You-Report-Suspected-Tax-Fraud-Activity%3F. 

Further Information

·      Tax scam information from the IRS: https://www.irs.gov/uac/Tax-Scams-Consumer-Alerts.

·      Security Awareness for Tax Payers guide by the IRS: https://www.irs.gov/pub/irs-pdf/p4524.pdf .

·      Identity theft information from the FTC: https://www.identitytheft.gov/.